-
1. Data: 2009-03-24 07:05:02
Temat: Problem z restartami
Od: "Negatyw" <n...@U...o2.pl.invalid>
Witam
Mój komp ma tendencję do zwiechów i samorestartów. Sytuacja ma miejsce
równiez po wymianie obudowy i zasilacza na 520w. Temperatury chipsetu i
proca są ok - zatem nie jest to wynikiem przegrzania.
Posiadam 2 dyski z feralnej serii Seagate - st3500320as. Jeden z nich,
wymaga upg firmare'u:
http://img257.imageshack.us/img257/9374/seag2www.jpg
Zapewne jednym se składników moich problemów są trojany i wirusy, które się
przedostały na twardziele (nod32 v.4).
Moja patowa sytuacja polega na tym, że podczas prób skanowania twardzieli
różnymi skanerami on-line, następuje restart albo zwiech. Nie mogę więc tej
operacji zakończyć. Korzystałem z różnych samoróbek pod linuchem:
http://www.searchengines.pl/Bootowalne-antywirusowe-
CD-t112329.html
ale nie bardzo zdało to u mnie egzamin.
Odpaliłem live cd Ubuntu - problem w tym, że te skanery chodzą pod IE a nie
pod Firefoxem.
Czy macie jakieś pomysły?
Pozdro
--
----------------------
Negatyw
negatyw001(małpa)o2.pl
----------------------
-
2. Data: 2009-03-24 07:22:05
Temat: Re: Problem z restartami
Od: "Washi" <s...@n...pl>
Użytkownik "Negatyw" <n...@U...o2.pl.invalid> napisał w wiadomości
news:gqa0nc$9a8$1@inews.gazeta.pl...
> Czy macie jakieś pomysły?
>
Moze sprobuj jakis AV portable odpalic z pendrivea?? Np.
ClamWin Portable.
Jesli masz mozliwosc zainstalowac na jakims dysku czysty OS + antywirus
mozesz wtedy podpiac zainfekowane dyski i je przeskanowac.
Washi
--
Porozmawiajmy o wirtualizacji
-> http://www.virtual-it.pl/
http://forum.virtual-it.pl/
-
3. Data: 2009-03-24 07:42:48
Temat: Re: Problem z restartami
Od: "Washi" <s...@n...pl>
Użytkownik "Negatyw" <n...@U...o2.pl.invalid> napisał w wiadomości
news:gqa0nc$9a8$1@inews.gazeta.pl...
> Czy macie jakieś pomysły?
Warto przeskanowac jeszcze dyski jakimis programami do usowania rootkitow,
trojanow np.
HijackThis.
Washi
--
Porozmawiajmy o wirtualizacji
-> http://www.virtual-it.pl/
http://forum.virtual-it.pl/
-
4. Data: 2009-03-24 07:54:43
Temat: Re: Problem z restartami
Od: staszek <s...@g...com>
On 24 Mar, 08:05, "Negatyw" <n...@U...o2.pl.invalid> wrote:
> Witam
> Mój komp ma tendencję do zwiechów i samorestartów. Sytuacja ma miejsce
> równiez po wymianie obudowy i zasilacza na 520w. Temperatury chipsetu i
> proca są ok - zatem nie jest to wynikiem przegrzania.
> Posiadam 2 dyski z feralnej serii Seagate - st3500320as. Jeden z nich,
> wymaga upg firmare'u:http://img257.imageshack.us/img257/9374/se
ag2www.jpg
>
> Zapewne jednym se składników moich problemów są trojany i wirusy, które się
> przedostały na twardziele (nod32 v.4).
>
> Moja patowa sytuacja polega na tym, że podczas prób skanowania twardzieli
> różnymi skanerami on-line, następuje restart albo zwiech. Nie mogę więc tej
> operacji zakończyć. Korzystałem z różnych samoróbek pod
linuchem:http://www.searchengines.pl/Bootowalne-anty
wirusowe-CD-t112329.html
> ale nie bardzo zdało to u mnie egzamin.
> Odpaliłem live cd Ubuntu - problem w tym, że te skanery chodzą pod IE a nie
> pod Firefoxem.
>
> Czy macie jakieś pomysły?
>
> Pozdro
>
> --
> ----------------------
> Negatyw
> negatyw001(małpa)o2.pl
> ----------------------
1.Tryb awaryjny
2. HiJack -odznacz wszystkie swiństwa (które niepotrzebnie się
uruchamiają w systemem) i z fix-uj
3. Restart dalej tryb awaryjny
4. COMBOFIX najnowszy zawsze na instalki.pl
5. Restart
6. Tryb normalny
7. Skan ANTYVIREM
-
5. Data: 2009-03-24 09:08:58
Temat: Re: Problem z restartami
Od: "Negatyw" <n...@U...o2.pl.invalid>
Użytkownik "staszek" <s...@g...com> napisał w wiadomości
news:9f918ff9-e232-4889-806b-5a82306ec94b@33g2000yqm
.googlegroups.com...
> 2. HiJack -odznacz wszystkie swiństwa (które niepotrzebnie się uruchamiają
> w systemem) i z fix-uj
Nie bardzo mówiąc szczerze jarzę, co jest OK a co NIE... No i nie mam
zainstalowanej kontroli odzyskiwania - czym by to nie było.
Tu masz loga z tego:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:47:22, on 2009-03-24
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\totalcmd\TOTALCMD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common
Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) -
{22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program
Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: GetRight IE Download Helper -
{31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: Java(tm) Plug-In SSV Helper -
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program
Files\Java\jre6\bin\ssv.dll
O2 - BHO: Catcher Class - {ADECBED6-0366-4377-A739-E69DFBA04663} -
C:\Program Files\Moyea\FLV Downloader\MoyeaCth.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper -
{DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program
Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -
C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Six Engine] "C:\Program Files\ASUS\Six
Engine\SixEngine.exe" -r
O4 - HKLM\..\Run: [Spamihilator] "C:\Program
Files\Spamihilator\spamihilator.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program
Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Look 'n' Stop] "C:\Program
Files\Soft4Ever\looknstop\looknstop.exe" -auto
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE
C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround
Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive
Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SpIDerNT] C:\PROGRA~1\DrWeb\spiderui.exe /agent
O4 - HKLM\..\Run: [DrWebScheduler] "C:\Program Files\DrWeb\DRWEBSCD.EXE"
O4 - HKLM\..\Run: [SpIDerMail] "C:\Program Files\DrWeb\spiderml.exe"
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan
Remover\Trjscan.exe /boot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User
'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User
'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User
'Default user')
O9 - Extra button: Create Mobile Favorite -
{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} -
C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Utwórz Ulubione dla urządzenia przenośnego... -
{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} -
C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} -
C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -
{e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network
Diagnostic\xpnetdiag.exe
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan
Control) - http://edownload.grisoft.cz/ewidoOnlineScan.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan
Agent 6.6) -
http://ushousecall02.trendmicro.com/housecall/applet
/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus
scanner) -
http://security.symantec.com/sscv6/SharedContent/vc/
bin/AvSniff.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer
Class) - http://acs.pandasoftware.com/activescan/cabs/as2stub
ie.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://update.microsoft.com/windowsupdate/v6/V5Contr
ols/en/x86/client/wuweb_site.cab?1237832290093
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility
Class) -
http://security.symantec.com/sscv6/SharedContent/com
mon/bin/cabsa.cab
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) -
http://www.mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) -
http://ax.emsisoft.com/asquared.cab
O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} (IPSUploader4 Control) -
https://asp.photoprintit.de/microsite/1289/defaults/
activex/ips/IPSUploader4.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software
AutoUpdate Support Package) -
http://www.creative.com/softwareupdate/su2/ocx/15106
/CTPID.cab
O17 -
HKLM\System\CCS\Services\Tcpip\..\{12090D13-3BD7-40E
3-8257-8A5C676B4824}:
NameServer = 78.152.23.66,78.152.23.67
O17 -
HKLM\System\CS1\Services\Tcpip\..\{12090D13-3BD7-40E
3-8257-8A5C676B4824}:
NameServer = 78.152.23.66,78.152.23.67
O17 -
HKLM\System\CS2\Services\Tcpip\..\{12090D13-3BD7-40E
3-8257-8A5C676B4824}:
NameServer = 78.152.23.66,78.152.23.67
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -
C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: efcbCSkj - efcbCSkj.dll (file missing)
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis -
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour
Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program
Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. -
C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd -
C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON
CORPORATION - C:\Documents and Settings\All Users\Dane aplikacji\EPSON\EPW!3
SSRP\E_S40RP7.EXE
O23 - Service: Firebird Guardian - DefaultInstance
(FirebirdGuardianDefaultInstance) - The Firebird Project -
I:\Firebird\Firebird_1_5\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance
(FirebirdServerDefaultInstance) - The Firebird Project -
I:\Firebird\Firebird_1_5\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. -
C:\Program Files\Common Files\Macrovision Shared\FLEXnet
Publisher\FNPLicensingService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun
Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program
Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service
(LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common
Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -
C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown
owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools -
C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools -
C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity
Solution\ServiceLayer.exe
O23 - Service: SpIDer Guard for Windows (SPIDERNT) - Doctor Web, Ltd. -
C:\PROGRA~1\DrWeb\spidernt.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) -
Unknown owner - C:\Program Files\Common
Files\Acronis\Fomatik\TrueImageTryStartService.exe
> 4. COMBOFIX najnowszy zawsze na instalki.pl
> 5. Restart
> 6. Tryb normalny
ComboFix 09-03-22.01 - Administrator 2009-03-24 9:56:32.1 - NTFSx86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.3327.3060 [GMT
1:00]
Uruchomiony z: c:\10\ComboFix.exe
AV: Doctor Web Anti-Virus *On-access scanning disabled* (Updated)
FW: Look 'n' Stop 2.06 (Soft4Ever) *enabled*
UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!
.
(((((((((((((((((((((((((((((((((((((((
Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Darek\Dane aplikacji\inst.exe
c:\windows\system32\micr0st.dll
.
(((((((((((((((((((((((((((((((((((((((
Sterowniki/Usługi )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_ISODRIVE
-------\Service_ISODrive
((((((((((((((((((((((((( Pliki utworzone od 2009-02-24 do
009-03-24 )))))))))))))))))))))))))))))))
.
2009-03-24 09:47 . 2009-03-24 09:47 <DIR> d-------- c:\program files\Trend
Micro
2009-03-24 09:36 . 2009-03-24 09:36 <DIR> d-------- c:\documents and
settings\All Users\Dane aplikacji\Simply Super Software
2009-03-24 09:36 . 2006-05-25 15:52 162,304 --a------
c:\windows\system32\ztvunrar36.dll
2009-03-24 09:36 . 2003-02-02 20:06 153,088 --a------
c:\windows\system32\UNRAR3.dll
2009-03-24 09:36 . 2005-08-26 01:50 77,312 --a------
c:\windows\system32\ztvunace26.dll
2009-03-24 09:36 . 2002-03-06 01:00 75,264 --a------
c:\windows\system32\unacev2.dll
2009-03-24 09:36 . 2006-06-19 13:01 69,632 --a------
c:\windows\system32\ztvcabinet.dll
2009-03-24 09:28 . 2009-03-24 09:33 <DIR> d-------- C:\10
2009-03-24 09:01 . 2009-03-24 09:01 <DIR> d-------- c:\program files\MCS
Studios
2009-03-24 09:01 . 2005-12-14 22:16 237,568 --a------
c:\windows\system32\mcstabs.ocx
2009-03-24 09:01 . 1998-06-18 00:00 89,360 --a------
c:\windows\system32\VB5DB.DLL
2009-03-24 07:45 . 2009-03-24 09:25 <DIR> d-------- c:\program files\DrWeb
2009-03-24 07:45 . 2009-03-24 07:46 77,824 --a----t-
c:\windows\system32\DRWEBSP.DLL
2009-03-23 18:44 . 2009-03-24 10:00 4,958,588 --a------
c:\windows\{00000005-00000000-00000001-00001102-0000
0004-10071102}.BAK
2009-03-23 18:44 . 2009-03-24 09:44 31,056 --a------
c:\windows\system32\BMXStateBkp-{00000005-00000000-0
0000001-00001102-00000004-10071102}.rfx
2009-03-23 18:44 . 2009-03-24 09:44 31,056 --a------
c:\windows\system32\BMXState-{00000005-00000000-0000
0001-00001102-00000004-10071102}.rfx
2009-03-23 18:44 . 2009-03-24 09:44 30,528 --a------
c:\windows\system32\BMXCtrlState-{00000005-00000000-
00000001-00001102-00000004-10071102}.rfx
2009-03-23 18:44 . 2009-03-24 09:44 30,528 --a------
c:\windows\system32\BMXBkpCtrlState-{00000005-000000
00-00000001-00001102-00000004-10071102}.rfx
2009-03-23 18:44 . 2009-03-24 09:44 11,564 --a------
c:\windows\system32\DVCState-{00000005-00000000-0000
0001-00001102-00000004-10071102}.rfx
2009-03-23 18:44 . 2009-03-23 18:44 1,080 --a------
c:\windows\system32\settingsbkup.sfm
2009-03-23 18:44 . 2009-03-23 18:44 1,080 --a------
c:\windows\system32\settings.sfm
2009-03-23 18:41 . 2009-03-24 10:00 4,958,588 --a------
c:\windows\{00000005-00000000-00000001-00001102-0000
0004-10071102}.CDF
2009-03-23 18:37 . 1998-01-08 01:00 1,048,576 ---------
c:\windows\system32\SFMAN.DAT
2009-03-23 18:37 . 1995-01-13 14:10 149,504 ---------
c:\windows\system32\MFCANS32.DLL
2009-03-23 18:37 . 1995-01-13 14:10 108,032 ---------
c:\windows\system32\MFCUIA32.DLL
2009-03-23 18:37 . 2000-05-11 01:00 90,112 --------- c:\windows\Updreg.EXE
2009-03-23 18:37 . 1998-06-05 02:00 84,992 ---------
c:\windows\system32\SFCVRT32.DLL
2009-03-23 18:37 . 1995-08-30 02:02 82,432 ---------
c:\windows\system32\CTWFLT32.DLL
2009-03-23 18:37 . 1998-10-20 16:05 54,784 ---------
c:\windows\system32\INETWH32.DLL
2009-03-23 18:37 . 1994-12-05 03:11 53,552 --------- c:\windows\CTCCW.DLL
2009-03-23 18:37 . 1995-07-13 02:01 26,768 ---------
c:\windows\system32\CTL3D.DLL
2009-03-23 18:37 . 1996-05-23 02:24 24,976 --------- c:\windows\CTRES.DLL
2009-03-23 18:37 . 1999-01-14 14:04 231 --------- c:\windows\AC3API.INI
2009-03-23 18:34 . 2002-02-20 03:00 331,776 ---------
c:\windows\system32\CTMEDENG.DLL
2009-03-23 18:34 . 2001-09-18 03:00 139,264 --a------
c:\windows\system32\Video.skn
2009-03-23 18:34 . 2001-03-30 02:00 62,976 --a------
c:\windows\system32\CTDetres.dll
2009-03-23 18:34 . 2000-04-20 01:00 24,576 --a------
c:\windows\system32\CTMERes.DLL
2009-03-23 18:34 . 1998-09-17 01:52 17,350 --a------
c:\windows\system32\CTDetect.hlp
2009-03-23 18:34 . 1998-09-17 01:52 641 --a------
c:\windows\system32\CTDetect.cnt
2009-03-23 18:34 . 2009-03-23 18:37 136 --a------ c:\windows\SBWIN.INI
2009-03-23 18:32 . 2003-03-05 12:19 15,840 ---------
c:\windows\system32\pfmodnt.sys
2009-03-23 18:25 . 2009-03-24 09:43 2,145,386,496 --a------
c:\windows\MEMORY.DMP
2009-03-23 17:53 . 2005-04-20 20:31 1,712,128 -----c---
c:\windows\system32\dllcache\netshell.dll
2009-03-23 17:53 . 2005-04-20 20:31 474,624 -----c---
c:\windows\system32\dllcache\wzcsvc.dll
2009-03-23 17:53 . 2005-04-20 20:31 381,952 -----c---
c:\windows\system32\dllcache\wzcdlg.dll
2009-03-23 17:53 . 2005-04-20 20:31 52,736 -----c---
c:\windows\system32\dllcache\wzcsapi.dll
2009-03-23 17:53 . 2005-04-20 00:54 14,592 -----c---
c:\windows\system32\dllcache\ndisuio.sys
2009-03-23 17:51 . 2009-03-23 17:51 749 -rah-----
c:\windows\WindowsShell.Manifest
2009-03-23 17:51 . 2009-03-23 17:51 749 -rah-----
c:\windows\system32\wuaucpl.cpl.manifest
2009-03-23 17:51 . 2009-03-23 17:51 749 -rah-----
c:\windows\system32\sapi.cpl.manifest
2009-03-23 17:51 . 2009-03-23 17:51 749 -rah-----
c:\windows\system32\nwc.cpl.manifest
2009-03-23 17:51 . 2009-03-23 17:51 749 -rah-----
c:\windows\system32\ncpa.cpl.manifest
2009-03-23 17:51 . 2009-03-23 17:51 488 -rah-----
c:\windows\system32\logonui.exe.manifest
2009-03-23 17:47 . 2006-09-13 18:18 153,088 --a------
c:\windows\system32\irftp.exe
2009-03-23 17:47 . 2006-09-13 18:18 87,424 --a------
c:\windows\system32\drivers\irda.sys
2009-03-23 17:47 . 2006-09-13 18:19 27,648 --a------
c:\windows\system32\irmon.dll
2009-03-23 17:47 . 2006-09-13 18:18 8,192 --a------
c:\windows\system32\wshirda.dll
2009-03-23 17:38 . 2008-10-07 13:33 201,157 --a------
c:\windows\system32\nvapps.nvb
2009-03-23 17:33 . 2006-09-13 18:17 19,584 --a------
c:\windows\system32\drivers\rasirda.sys
2009-03-23 17:32 . 2001-10-26 19:29 24,661 --a------
c:\windows\system32\spxcoins.dll
2009-03-23 17:32 . 2001-10-26 19:29 13,312 --a------
c:\windows\system32\irclass.dll
2009-03-23 17:31 . 2004-08-04 01:27 1,896,400 --a--c---
c:\windows\system32\dllcache\NT5.CAT
2009-03-23 17:31 . 2004-08-04 01:27 1,086,058 --a--c---
c:\windows\system32\dllcache\NTPRINT.CAT
2009-03-23 17:31 . 2004-08-04 01:27 1,086,058 -ra------ c:\windows\SET95.tmp
2009-03-23 17:31 . 2004-08-04 01:32 1,014,483 -ra------ c:\windows\SET92.tmp
2009-03-23 17:31 . 2004-08-04 01:27 620,500 --a--c---
c:\windows\system32\dllcache\NT5INF.CAT
2009-03-23 17:31 . 2004-08-04 01:28 141,702 --a--c---
c:\windows\system32\dllcache\netfx.cat
2009-03-23 17:31 . 2004-08-04 01:32 102,826 --a--c---
c:\windows\system32\dllcache\tabletpc.cat
2009-03-23 17:31 . 2004-08-04 01:27 31,965 --a--c---
c:\windows\system32\dllcache\mediactr.cat
2009-03-23 17:31 . 2004-08-04 01:27 30,983 --a--c---
c:\windows\system32\dllcache\FP4.CAT
2009-03-23 17:31 . 2004-08-04 01:26 14,043 --a--c---
c:\windows\system32\dllcache\IMS.CAT
2009-03-23 17:31 . 2004-08-04 01:26 14,043 -ra------ c:\windows\SETA1.tmp
2009-03-23 17:31 . 2004-08-04 01:27 7,245 --a--c---
c:\windows\system32\dllcache\MSTSWEB.CAT
2009-03-23 16:38 . 2009-03-23 16:38 <DIR> d-------- c:\documents and
settings\All Users\Dane aplikacji\Kaspersky Lab
2009-03-23 11:00 . 2009-03-23 11:00 <DIR> d-------- c:\program files\Seagate
2009-03-23 08:18 . 2008-06-19 16:24 28,544 --a------
c:\windows\system32\drivers\pavboot.sys
2009-03-23 08:17 . 2009-03-23 08:17 <DIR> d-------- c:\program files\Panda
Security
2009-03-22 11:35 . 2009-03-22 11:35 <DIR> d-------- c:\program files\Common
Files\Wise Installation Wizard
2009-03-20 17:29 . 2009-03-20 17:29 <DIR> d--------
c:\windows\system32\HouseCall 6.6
2009-03-20 17:29 . 2009-03-20 17:29 <DIR> d-------- c:\documents and
settings\Darek\Dane aplikacji\HouseCall 6.6
2009-03-20 15:41 . 2009-03-20 15:41 13,137,952 --a------ C:\cureit.exe
2009-03-19 08:18 . 2009-03-19 08:29 278 --a------ c:\windows\HAFASWIN.INI
2009-03-19 08:18 . 2009-03-19 08:18 21 --a------ c:\windows\progman.ini
2009-03-19 07:21 . 2009-03-19 07:23 31 --a------ c:\windows\bluevoda.ini
2009-03-18 23:04 . 2009-03-18 23:03 737,280 --a------ c:\windows\iun6002.exe
2009-03-18 22:59 . 2009-03-18 22:59 <DIR> d-------- c:\documents and
settings\Darek\Dane aplikacji\GibbHill Properties Ltd
2009-03-18 20:02 . 2009-03-09 20:06 15,688 --a------
c:\windows\system32\lsdelete.exe
2009-03-18 19:37 . 2009-03-23 08:18 78,362 --a------ c:\windows\setupapi.old
2009-03-18 19:37 . 2009-03-09 20:06 64,160 --a------
c:\windows\system32\drivers\Lbd.sys
2009-03-18 19:36 . 2009-03-18 19:36 <DIR> d-------- c:\program
files\Lavasoft
2009-03-18 19:36 . 2009-03-18 19:36 <DIR> d--h-c--- c:\documents and
settings\All Users\Dane aplikacji\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-03-16 00:02 . 2007-04-11 21:52 185,344 --a------
c:\windows\system32\iwpsetup.exe
2009-03-16 00:02 . 1997-01-16 00:00 29,696 --a------
c:\windows\system32\VB5STKIT.DLL
2009-03-16 00:02 . 1997-01-16 13:42 6,114 --a------
c:\windows\system32\SHELLLNK.TLB
2009-03-11 17:48 . 2009-03-19 10:13 <DIR> d-------- C:\7
2009-03-11 17:39 . 2009-03-15 23:38 <DIR> d-------- c:\program
files\Blockstar
2009-03-11 16:58 . 2009-03-11 17:46 <DIR> d-------- c:\documents and
settings\Darek\Dane aplikacji\Cream Software
2009-02-26 09:16 . 2009-03-11 17:06 <DIR> d-------- C:\6
2009-02-24 21:57 . 2009-02-24 21:57 <DIR> d-------- c:\program files\Skype
2009-02-24 21:57 . 2009-02-24 21:57 <DIR> d-------- c:\program files\Common
Files\Skype
2009-02-24 08:50 . 2009-02-24 08:50 <DIR> d-------- C:\5
.
(((((((((((((((((((((((((((((((((((((((( Sekcja
nd3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-24 08:42 --------- d---a-w c:\documents and settings\All Users\Dane
aplikacji\Temp
2009-03-24 08:42 --------- d-----w c:\program files\Trojan Remover
2009-03-24 08:27 --------- d-----w c:\program files\GetRight
2009-03-24 08:18 --------- d-----w c:\documents and settings\Darek\Dane
aplikacji\Spamihilator
2009-03-24 06:45 --------- d--h--w c:\program files\InstallShield
Installation Information
2009-03-23 18:26 360,576 ----a-w c:\windows\system32\drivers\tcpip.sys
2009-03-23 18:24 --------- d-----w c:\documents and settings\Darek\Dane
aplikacji\ZoomBrowser EX
2009-03-23 18:24 --------- d-----w c:\documents and settings\All Users\Dane
aplikacji\ZoomBrowser
2009-03-23 17:53 --------- d-----w c:\program files\Creative
2009-03-21 07:58 --------- d-----w c:\program files\Create-Ringtone
2009-03-20 16:23 --------- d-----w c:\program files\Spybot - Search &
Destroy
2009-03-20 16:23 --------- d-----w c:\documents and settings\All Users\Dane
aplikacji\Spybot - Search & Destroy
2009-03-20 10:12 --------- d-----w c:\program files\SkanerOnline
2009-03-19 19:10 --------- d-----w c:\program files\Spyware Doctor
2009-03-19 09:14 --------- d-----w c:\program files\emule
2009-03-19 06:44 --------- d-----w c:\program files\PeerGuardian2
2009-03-19 06:44 --------- d-----w c:\documents and settings\Darek\Dane
aplikacji\uTorrent
2009-03-17 21:04 --------- d-----w c:\documents and settings\Darek\Dane
aplikacji\Skype
2009-03-17 21:01 --------- d-----w c:\documents and settings\Darek\Dane
aplikacji\skypePM
2009-03-17 06:31 --------- d-----w c:\program files\Microsoft ActiveSync
2009-03-14 15:34 --------- d-----w c:\documents and settings\Darek\Dane
aplikacji\Vso
2009-03-08 10:22 --------- d-----w c:\program files\Soulseek
2009-02-24 20:57 --------- d-----w c:\documents and settings\All Users\Dane
aplikacji\Skype
2009-02-22 23:55 --------- d-----w c:\documents and settings\Darek\Dane
aplikacji\foobar2000
2009-02-22 10:44 --------- d-----w c:\program files\Magic Video Converter
2009-02-18 22:57 --------- d-----w c:\program files\foobar2000
2009-02-18 21:13 --------- d-----w c:\program files\MediaFACE II
2009-02-18 20:59 --------- d-----w c:\program files\ALLPlayer
2009-02-18 20:22 --------- d-----w c:\documents and settings\Darek\Dane
aplikacji\Moyea
2009-02-18 20:18 --------- d-----w c:\program files\Moyea
2009-02-18 20:08 --------- d-----w c:\program files\FLVPlayer
2009-02-18 20:04 --------- d-----w c:\program files\Smallvideosoft
2009-02-10 20:58 --------- d-----w c:\program files\Yahoo!
2009-02-09 14:20 --------- d-----w c:\program files\eSkiMoS R2
2009-02-06 20:23 --------- d-----w c:\documents and settings\All Users\Dane
aplikacji\DVD Shrink
2008-11-30 13:23 47,360 ----a-w c:\documents and settings\Darek\Dane
aplikacji\pcouffin.sys
2007-04-04 20:40 221 ----a-w c:\program files\Common Files\max.kk
2006-06-24 06:48 32,768 ----a-r c:\windows\inf\UpdateUSB.exe
.
------- Sigcheck -------
2008-06-20 12:59 361600 ad978a1b783b5719720cff204b666c8e
c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
2009-03-23 19:26 360576 e7dfcffa380749b8626ad71e8f367dcb
c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe
jestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curren
tVersion\Run]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\Wcescomm.exe"
[2006-11-13 1289000]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curre
ntVersion\Run]
"Six Engine"="c:\program files\ASUS\Six Engine\SixEngine.exe" [2008-05-14
5958656]
"Spamihilator"="c:\program files\Spamihilator\spamihilator.exe" [2008-12-23
1321984]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
[2008-11-10 136600]
"Look 'n' Stop"="c:\program files\Soft4Ever\looknstop\looknstop.exe"
[2008-12-28 512070]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"CTSysVol"="c:\program files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe"
[2002-10-29 49152]
"SBDrvDet"="c:\program files\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-03
45056]
"SpIDerNT"="c:\progra~1\DrWeb\spiderui.exe" [2008-10-23 197896]
"DrWebScheduler"="c:\program files\DrWeb\DRWEBSCD.EXE" [2008-05-06 283888]
"SpIDerMail"="c:\program files\DrWeb\spiderml.exe" [2008-06-10 501080]
"nwiz"="nwiz.exe" [2008-10-07 c:\windows\system32\nwiz.exe]
"CTHelper"="CTHELPER.EXE" [2008-06-27 c:\windows\system32\CtHelper.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Curr
entVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
c:\documents and settings\Darek\Menu Start\Programy\Autostart\
Spyware Doctor Updater.exe [2008-10-30 29228]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= divxa32.acm
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control
\SafeBoot\Minimal\Lavasoft
Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control
\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^Darek^Menu
Start^Programy^Autostart^Express Assist Check.lnk]
path=c:\documents and settings\Darek\Menu Start\Programy\Autostart\Express
Assist Check.lnk
backup=c:\windows\pss\Express Assist Check.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared
tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
HKEY_LOCAL_MACHINE\software\microsoft\shared
tools\msconfig\startupreg\PDVD8LanguageShortcut
HKEY_LOCAL_MACHINE\software\microsoft\shared
tools\msconfig\startupreg\RemoteControl8
[HKEY_LOCAL_MACHINE\software\microsoft\shared
tools\msconfig\startupreg\Acronis Scheduler2 Service]
--a------ 2007-09-14 02:55 140568 c:\program files\Common
Files\Acronis\Schedule2\schedhlp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared
tools\msconfig\startupreg\AcronisTimounterMonitor]
--a------ 2007-09-14 03:02 905056 c:\program
files\Acronis\TrueImageHome\TimounterMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared
tools\msconfig\startupreg\Ad-Watch]
--a------ 2009-03-09 20:06 515416 c:\program
files\Lavasoft\Ad-Aware\AAWTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared
tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 c:\program files\Adobe\Reader
8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared
tools\msconfig\startupreg\ALLUpdate]
--a------ 2008-11-24 20:44 869888 c:\program files\ALLPlayer\ALLUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared
tools\msconfig\startupreg\CTDVDDET]
--a------ 2003-06-18 01:00 45056 c:\program
files\Creative\DVDAudio\CTDVDDET.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared
tools\msconfig\startupreg\EPSON Stylus DX7400 Series]
--a------ 2007-04-12 07:00 182272
c:\windows\system32\spool\drivers\w32x86\3\E_FATICDE
.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared
tools\msconfig\startupreg\LanguageShortcut]
--a------ 2006-04-13 11:09 49152 c:\program
files\CyberLink\PowerDVD\Language\Language.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared
tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 16:40 155648 c:\windows\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared
tools\msconfig\startupreg\Nokia.PCSync]
--a------ 2008-06-17 16:00 1249280 c:\program files\Nokia\Nokia PC Suite
7\PcSync2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared
tools\msconfig\startupreg\NvCplDaemon]
--a------ 2008-10-07 13:33 13574144 c:\windows\system32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared
tools\msconfig\startupreg\NvMediaCenter]
--a------ 2008-10-07 13:33 86016 c:\windows\system32\nvmctray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC
Suite Tray]
--a------ 2008-08-11 08:31 1124352 c:\program files\Nokia\Nokia PC Suite
7\PCSuite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared
tools\msconfig\startupreg\RemoteControl]
--a------ 2005-12-07 22:57 30208 c:\program
files\CyberLink\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared
tools\msconfig\startupreg\TrueImageMonitor.exe]
--a------ 2007-09-14 02:52 2595480 c:\program
files\Acronis\TrueImageHome\TrueImageMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared
tools\msconfig\startupreg\WinampAgent]
--a------ 2001-10-02 00:42 10752 c:\program files\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared
tools\msconfig\startupreg\nwiz]
--a------ 2008-10-07 13:33 1630208 c:\windows\system32\nwiz.exe
[HKLM\~\services\sharedaccess\parameters\firewallpol
icy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpol
icy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Gadu-Gadu\\gg.exe"=
"c:\\Program Files\\Soulseek\\slsk.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program
files\Microsoft
ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Ena
bled:ActiveSync RAPI
Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program
files\Microsoft
ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:En
abled:ActiveSync
Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program
files\Microsoft
ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Ena
bled:ActiveSync
Application
"c:\\Program Files\\Spamihilator\\cdcc.exe"=
"c:\\Program Files\\Spamihilator\\dccproc.exe"=
"c:\\Program Files\\Spamihilator\\spamihilator.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpol
icy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSy
nc Service
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-03-18 64160]
R0 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys [2008-07-22 151592]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.
sys [2009-03-23
28544]
R1 lnsfw1;lnsfw1;c:\windows\system32\drivers\lnsfw1.sys [2008-12-28 77184]
R2 SPIDER;SpIDer Guard File System Monitor;c:\progra~1\DrWeb\spider.sys
[2009-03-24 268040]
R2 SPIDERNT;SpIDer Guard for Windows;c:\progra~1\DrWeb\spidernt.exe
[2009-03-24 197896]
R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\driver
s\COMMONFX.sys
[2008-06-27 99352]
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\
CTAUDFX.sys
[2008-06-27 555032]
R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\
CTSBLFX.sys
[2008-06-27 566296]
R3 L1e;Miniport Driver for Atheros AR8121/AR8113 PCI-E Ethernet
Controller;c:\windows\system32\drivers\l1e51x86.sys [2008-11-04 36864]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMON
FX.sys [2008-06-27
99352]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.
sys [2008-06-27
555032]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\driver
s\CTERFXFX.sys
[2008-06-27 100888]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFX
FX.sys [2008-06-27
100888]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.
sys [2008-06-27
566296]
S3 FirebirdGuardianDefaultInstance;Firebird Guardian -
DefaultInstance;i:\firebird\Firebird_1_5\bin\fbguard
.exe -s -->
i:\firebird\Firebird_1_5\bin\fbguard.exe -s [?]
S3 FirebirdServerDefaultInstance;Firebird Server -
DefaultInstance;i:\firebird\Firebird_1_5\bin\fbserve
r.exe -s -->
i:\firebird\Firebird_1_5\bin\fbserver.exe -s [?]
S3 KS-959;Kingsun KS-959 USB Infrared
Adapter;c:\windows\system32\drivers\ks-959.sys [2005-07-23 19034]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program
files\Lavasoft\Ad-Aware\AAWService.exe [2009-03-09 951632]
S3 nmwcdnsu;Nokia USB Flashing Phone
Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2008-12-24 138112]
S3 nmwcdnsuc;Nokia USB Flashing
Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2008-12-24 8320]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware
Doctor\pctsAuxs.exe [2009-01-23 356920]
S3 V0260VID;Live! Cam Vista IM;c:\windows\system32\drivers\V0260Vid.sys
[2008-11-04 178913]
[HKEY_CURRENT_USER\software\microsoft\windows\curren
tversion\explorer\mountpoints2\{521142a4-c6ba-11dd-9
b11-000000000000}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE
Shell32.DLL,ShellExec_RunDLL explore.exe
[HKEY_CURRENT_USER\software\microsoft\windows\curren
tversion\explorer\mountpoints2\{b08c2893-aa51-11dd-a
53b-806d6172696f}]
\Shell\AutoRun\command - M:\setup.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed
components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Zawartość folderu 'Zaplanowane zadania'
2009-03-23 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 20:06]
2009-03-23 c:\windows\Tasks\Norton Security Scan for Darek.job
- c:\program files\Norton Security Scan\Nss.exe [2008-09-19 04:18]
.
- - - - USUNIĘTO PUSTE WPISY - - - -
Notify-efcbCSkj - efcbCSkj.dll
MSConfigStartUp-SpybotSD TeaTimer - c:\program files\Spybot - Search &
Destroy\TeaTimer.exe
MSConfigStartUp-UVS11 Preload - e:\program files\Ulead Systems\Ulead
VideoStudio 11\uvPL.exe
MSConfigStartUp-Vidalia - c:\program files\Vidalia
Bundle\Vidalia\vidalia.exe
.
------- Skan uzupełniający -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: Download with GetRight Pro - c:\program files\GetRight\GRdownload.htm
IE: E&ksport do programu Microsoft Excel -
c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Open with GetRight Pro Browser - c:\program files\GetRight\GRbrowse.htm
LSP: c:\windows\system32\DRWEBSP.DLL
FF - ProfilePath - c:\documents and settings\Darek\Dane
aplikacji\Mozilla\Firefox\Profiles\zx5x027r.default\
FF - prefs.js: browser.startup.homepage - www.google.pl
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPGetRt.dll
.
****************************************************
**********************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2009-03-24 10:00:22
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
skanowanie ukrytych procesów ...
skanowanie ukrytych wpisów autostartu ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTHelper = CTHELPER.EXE?
skanowanie ukrytych plików ...
skanowanie pomyślnie ukończone
ukryte pliki: 0
****************************************************
**********************
.
--------------------- Pliki DLL ładowane pod uruchomionymi
procesami ---------------------
- - - - - - - > 'lsass.exe'(1204)
c:\windows\system32\relog_ap.dll
c:\windows\system32\DRWEBSP.DLL
.
------------------------ Pozostałe uruchomione
procesy ------------------------
.
c:\windows\system32\savedump.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\InterVideo\DeviceService\DevSvc.exe
c:\documents and settings\Darek\Menu Start\Programy\Autostart\Spyware Doctor
Updater.exe
c:\windows\system32\CTSVCCDA.EXE
c:\documents and settings\All Users\Dane aplikacji\EPSON\EPW!3
SSRP\E_S40RP7.EXE
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\program files\DrWeb\spidernt.exe
c:\program files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\wscntfy.exe
c:\program files\DrWeb\drwebupw.exe
.
****************************************************
**********************
.
Czas ukończenia: 2009-03-24 10:01:55 - komputer został uruchomiony ponownie
[Darek]
ComboFix-quarantined-files.txt 2009-03-24 09:01:52
Przed: 2 921 869 312 bajtów wolnych
Po: 4,011,827,200 bajtów wolnych
Pozdro
--
----------------------
Negatyw
negatyw001(małpa)o2.pl
----------------------
-
6. Data: 2009-03-24 09:43:54
Temat: Re: Problem z restartami
Od: staszek <s...@g...com>
To zostaje w HiJacku:
O4 - HKLM\..\Run: [Six Engine] "C:\Program Files\ASUS\Six
Engine\SixEngine.exe" -r
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative
\SBAudigy2\Surround
Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive
Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE
(User
'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE
(User
'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE
(User
'Default user')
09 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583}
-
C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O17 -
HKLM\System\CCS\Services\Tcpip\..
\{12090D13-3BD7-40E3-8257-8A5C676B4824}:
NameServer = 78.152.23.66,78.152.23.67
O17 -
HKLM\System\CS1\Services\Tcpip\..
\{12090D13-3BD7-40E3-8257-8A5C676B4824}:
NameServer = 78.152.23.66,78.152.23.67
O17 -
HKLM\System\CS2\Services\Tcpip\..
\{12090D13-3BD7-40E3-8257-8A5C676B4824}:
NameServer = 78.152.23.66,78.152.23.67
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -
C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
Reszta zaznacz budki i zfixuj.
budek 023 nie musisz zaznaczać bo usuwa sie je inaczej.
Start>uruchom> wpisz msconfig <enter> zakładka usługi (nadole masz
ukryj wszystkie Microsoft) i tam odznaczasz co nie ma sie uruchamiać
razem z windą
Możesz smiało wywalić
Apple, InterVideo, Firebird, Java, Light Scribe, Cyberlink,Acronis
formatc.
Co do Combofixa konsola czasami jest przydatna to narzędzi M$ coś jak
tryb awaryjny z wiersza poleceń nie koniecznie musisz instalować.
No i po tych operacjach jakis antywirus najlepiej zainstaluj jakis na
nowo bo nie wiadomo czy obecny nie jest zarażony polecam kasperski
chociażby wersje - 30 dniowa. Lub darmowy AVIRA
Pozdrwaiam i powodzenia w czyszczenu.
On 24 Mar, 10:08, "Negatyw" <n...@U...o2.pl.invalid> wrote:
> Użytkownik "staszek" <s...@g...com> napisał w
wiadomościnews:9f918ff9-e232-4889-806b-5a82306ec94b@
33g2000yqm.googlegroups.com...
>
> > 2. HiJack -odznacz wszystkie swiństwa (które niepotrzebnie się uruchamiają
> > w systemem) i z fix-uj
>
> Nie bardzo mówiąc szczerze jarzę, co jest OK a co NIE... No i nie mam
> zainstalowanej kontroli odzyskiwania - czym by to nie było.
> Tu masz loga z tego:
>
> Logfile of Trend Micro HijackThis v2.0.2
> Scan saved at 09:47:22, on 2009-03-24
> Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
> MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
> Boot mode: Safe mode
>
> Running processes:
> C:\WINDOWS\System32\smss.exe
> C:\WINDOWS\system32\winlogon.exe
> C:\WINDOWS\system32\services.exe
> C:\WINDOWS\system32\savedump.exe
> C:\WINDOWS\system32\lsass.exe
> C:\WINDOWS\system32\svchost.exe
> C:\WINDOWS\system32\svchost.exe
> C:\WINDOWS\Explorer.EXE
> C:\Program Files\totalcmd\TOTALCMD.EXE
> C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
>
> R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
> R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
> R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
> R3 - Default URLSearchHook is missing
> O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
> O2 - BHO: Adobe PDF Reader Link Helper -
> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common
> Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
> O2 - BHO: Skype add-on (mastermind) -
> {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program
> Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
> O2 - BHO: GetRight IE Download Helper -
> {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
> O2 - BHO: Java(tm) Plug-In SSV Helper -
> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program
> Files\Java\jre6\bin\ssv.dll
> O2 - BHO: Catcher Class - {ADECBED6-0366-4377-A739-E69DFBA04663} -
> C:\Program Files\Moyea\FLV Downloader\MoyeaCth.dll
> O2 - BHO: Java(tm) Plug-In 2 SSV Helper -
> {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program
> Files\Java\jre6\bin\jp2ssv.dll
> O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -
> C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
> O4 - HKLM\..\Run: [Six Engine] "C:\Program Files\ASUS\Six
> Engine\SixEngine.exe" -r
> O4 - HKLM\..\Run: [Spamihilator] "C:\Program
> Files\Spamihilator\spamihilator.exe"
> O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program
> Files\Java\jre6\bin\jusched.exe"
> O4 - HKLM\..\Run: [Look 'n' Stop] "C:\Program
> Files\Soft4Ever\looknstop\looknstop.exe" -auto
> O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
> C:\WINDOWS\system32\NvCpl.dll,NvStartup
> O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
> O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE
> C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
> O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround
> Mixer\CTSysVol.exe
> O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive
> Det\SBDrvDet.exe /r
> O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
> O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
> O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
> O4 - HKLM\..\Run: [SpIDerNT] C:\PROGRA~1\DrWeb\spiderui.exe /agent
> O4 - HKLM\..\Run: [DrWebScheduler] "C:\Program Files\DrWeb\DRWEBSCD.EXE"
> O4 - HKLM\..\Run: [SpIDerMail] "C:\Program Files\DrWeb\spiderml.exe"
> O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan
> Remover\Trjscan.exe /boot
> O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE
> O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User
> 'USŁUGA SIECIOWA')
> O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User
> 'SYSTEM')
> O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User
> 'Default user')
> O9 - Extra button: Create Mobile Favorite -
> {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
> O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} -
> C:\PROGRA~1\MI3AA1~1\INetRepl.dll
> O9 - Extra 'Tools' menuitem: Utwórz Ulubione dla urządzenia przenośnego... -
> {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
> O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} -
> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
> O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
> C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
> O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} -
> C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
> O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -
> {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network
> Diagnostic\xpnetdiag.exe
> O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan
> Control) -http://edownload.grisoft.cz/ewidoOnlineScan.cab
> O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan
> Agent 6.6) -http://ushousecall02.trendmicro.com/housecall/apple
t/html/native/x86/...
> O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus
> scanner) -http://security.symantec.com/sscv6/SharedContent/vc
/bin/AvSniff.cab
> O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer
> Class) -http://acs.pandasoftware.com/activescan/cabs/as2stu
bie.cab
> O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class)
-http://update.microsoft.com/windowsupdate/v6/V5Cont
rols/en/x86/client...
> O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility
> Class) -http://security.symantec.com/sscv6/SharedContent/co
mmon/bin/cabsa.cab
> O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class)
-http://www.mks.com.pl/skaner/SkanerOnline.cab
> O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner)
-http://ax.emsisoft.com/asquared.cab
> O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} (IPSUploader4 Control)
-https://asp.photoprintit.de/microsite/1289/defaults
/activex/ips/IPSUp...
> O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software
> AutoUpdate Support Package) -http://www.creative.com/softwareupdate/su2/ocx/1510
6/CTPID.cab
> O17 -
> HKLM\System\CCS\Services\Tcpip\..\{12090D13-3BD7-40E
3-8257-8A5C676B4824}:
> NameServer = 78.152.23.66,78.152.23.67
> O17 -
> HKLM\System\CS1\Services\Tcpip\..\{12090D13-3BD7-40E
3-8257-8A5C676B4824}:
> NameServer = 78.152.23.66,78.152.23.67
> O17 -
> HKLM\System\CS2\Services\Tcpip\..\{12090D13-3BD7-40E
3-8257-8A5C676B4824}:
> NameServer = 78.152.23.66,78.152.23.67
> O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -
> C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
> O20 - Winlogon Notify: efcbCSkj - efcbCSkj.dll (file missing)
> O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis -
> C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
> O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour
> Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
> O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program
> Files\Common Files\InterVideo\DeviceService\DevSvc.exe
> O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. -
> C:\Program Files\Canon\CAL\CALMAIN.exe
> O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd -
> C:\WINDOWS\system32\CTsvcCDA.exe
> O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON
> CORPORATION - C:\Documents and Settings\All Users\Dane aplikacji\EPSON\EPW!3
> SSRP\E_S40RP7.EXE
> O23 - Service: Firebird Guardian - DefaultInstance
> (FirebirdGuardianDefaultInstance) - The Firebird Project -
> I:\Firebird\Firebird_1_5\bin\fbguard.exe
> O23 - Service: Firebird Server - DefaultInstance
> (FirebirdServerDefaultInstance) - The Firebird Project -
> I:\Firebird\Firebird_1_5\bin\fbserver.exe
> O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. -
> C:\Program Files\Common Files\Macrovision Shared\FLEXnet
> Publisher\FNPLicensingService.exe
> O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun
> Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
> O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program
> Files\Lavasoft\Ad-Aware\AAWService.exe
> O23 - Service: LightScribeService Direct Disc Labeling Service
> (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common
> Files\LightScribe\LSSrvc.exe
> O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -
> C:\WINDOWS\system32\nvsvc32.exe
> O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown
> owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
> O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools -
> C:\Program Files\Spyware Doctor\pctsAuxs.exe
> O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools -
> C:\Program Files\Spyware Doctor\pctsSvc.exe
> O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity
> Solution\ServiceLayer.exe
> O23 - Service: SpIDer Guard for Windows (SPIDERNT) - Doctor Web, Ltd. -
> C:\PROGRA~1\DrWeb\spidernt.exe
> O23 - Service: Acronis Try And Decide Service (TryAndDecideService) -
> Unknown owner - C:\Program Files\Common
> Files\Acronis\Fomatik\TrueImageTryStartService.exe
>
> > 4. COMBOFIX najnowszy zawsze na instalki.pl
> > 5. Restart
> > 6. Tryb normalny
>
> ComboFix 09-03-22.01 - Administrator 2009-03-24 9:56:32.1 - NTFSx86 MINIMAL
> Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.3327.3060 [GMT
> 1:00]
> Uruchomiony z: c:\10\ComboFix.exe
> AV: Doctor Web Anti-Virus *On-access scanning disabled* (Updated)
> FW: Look 'n' Stop 2.06 (Soft4Ever) *enabled*
>
> UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!
> .
>
> (((((((((((((((((((((((((((((((((((((((
> Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
> .
>
> c:\documents and settings\Darek\Dane aplikacji\inst.exe
> c:\windows\system32\micr0st.dll
>
> .
> (((((((((((((((((((((((((((((((((((((((
> Sterowniki/Usługi )))))))))))))))))))))))))))))))))))))))))))))))))
> .
>
> -------\Legacy_ISODRIVE
> -------\Service_ISODrive
>
> ((((((((((((((((((((((((( Pliki utworzone od 2009-02-24 do
> 009-03-24 )))))))))))))))))))))))))))))))
> .
>
> 2009-03-24 09:47 . 2009-03-24 09:47 <DIR> d-------- c:\program files\Trend
> Micro
> 2009-03-24 09:36 . 2009-03-24 09:36 <DIR> d-------- c:\documents and
> settings\All Users\Dane aplikacji\Simply Super Software
> 2009-03-24 09:36 . 2006-05-25 15:52 162,304 --a------
> c:\windows\system32\ztvunrar36.dll
> 2009-03-24 09:36 . 2003-02-02 20:06 153,088 --a------
> c:\windows\system32\UNRAR3.dll
> 2009-03-24 09:36 . 2005-08-26 01:50 77,312 --a------
> c:\windows\system32\ztvunace26.dll
> 2009-03-24 09:36 . 2002-03-06 01:00 75,264 --a------
> c:\windows\system32\unacev2.dll
> 2009-03-24 09:36 . 2006-06-19 13:01 69,632 --a------
> c:\windows\system32\ztvcabinet.dll
> 2009-03-24 09:28 . 2009-03-24 09:33 <DIR> d-------- C:\10
> 2009-03-24 09:01 . 2009-03-24 09:01 <DIR> d-------- c:\program files\MCS
> Studios
> 2009-03-24 09:01 . 2005-12-14 22:16 237,568 --a------
> c:\windows\system32\mcstabs.ocx
> 2009-03-24 09:01 . 1998-06-18 00:00 89,360 --a------
> c:\windows\system32\VB5DB.DLL
> 2009-03-24 07:45 . 2009-03-24 09:25 <DIR> d-------- c:\program files\DrWeb
> 2009-03-24 07:45 . 2009-03-24 07:46 77,824 --a----t-
> c:\windows\system32\DRWEBSP.DLL
> 2009-03-23 18:44 . 2009-03-24 10:00 4,958,588 --a------
> c:\windows\{00000005-00000000-00000001-00001102-0000
0004-10071102}.BAK
> 2009-03-23 18:44 . 2009-03-24 09:44 31,056 --a------
> c:\windows\system32\BMXStateBkp-{00000005-00000000-0
0000001-00001102-000000 04-10071102}.rfx
> 2009-03-23 18:44 . 2009-03-24 09:44 31,056 --a------
> c:\windows\system32\BMXState-{00000005-00000000-0000
0001-00001102-00000004- 10071102}.rfx
> 2009-03-23 18:44 . 2009-03-24 09:44 30,528 --a------
> c:\windows\system32\BMXCtrlState-{00000005-00000000-
00000001-00001102-00000 004-10071102}.rfx
> 2009-03-23 18:44 . 2009-03-24 09:44 30,528 --a------
> c:\windows\system32\BMXBkpCtrlState-{00000005-000000
00-00000001-00001102-00 000004-10071102}.rfx
> 2009-03-23 18:44 . 2009-03-24 09:44 11,564 --a------
> c:\windows\system32\DVCState-{00000005-00000000-0000
0001-00001102-00000004- 10071102}.rfx
> 2009-03-23 18:44 . 2009-03-23 18:44 1,080 --a------
> c:\windows\system32\settingsbkup.sfm
> 2009-03-23 18:44 . 2009-03-23 18:44 1,080 --a------
> c:\windows\system32\settings.sfm
> 2009-03-23 18:41 . 2009-03-24 10:00 4,958,588 --a------
> c:\windows\{00000005-00000000-00000001-00001102-0000
0004-10071102}.CDF
> 2009-03-23 18:37 . 1998-01-08 01:00 1,048,576 ---------
> c:\windows\system32\SFMAN.DAT
> 2009-03-23 18:37 . 1995-01-13 14:10 149,504 ---------
> c:\windows\system32\MFCANS32.DLL
> 2009-03-23 18:37 . 1995-01-13 14:10 108,032 ---------
> c:\windows\system32\MFCUIA32.DLL
> 2009-03-23 18:37 . 2000-05-11 01:00 90,112 --------- c:\windows\Updreg.EXE
> 2009-03-23 18:37 . 1998-06-05 02:00 84,992 ---------
> c:\windows\system32\SFCVRT32.DLL
> 2009-03-23 18:37 . 1995-08-30 02:02 82,432 ---------
> c:\windows\system32\CTWFLT32.DLL
> 2009-03-23 18:37 . 1998-10-20 16:05 54,784 ---------
> c:\windows\system32\INETWH32.DLL
> 2009-03-23 18:37 . 1994-12-05 03:11 53,552 --------- c:\windows\CTCCW.DLL
> 2009-03-23 18:37 . 1995-07-13 02:01 26,768 ---------
> c:\windows\system32\CTL3D.DLL
> 2009-03-23 18:37 . 1996-05-23 02:24 24,976 --------- c:\windows\CTRES.DLL
> 2009-03-23 18:37 . 1999-01-14 14:04 231 --------- c:\windows\AC3API.INI
> 2009-03-23 18:34 . 2002-02-20 03:00 331,776 ---------
> c:\windows\system32\CTMEDENG.DLL
> 2009-03-23 18:34 . 2001-09-18 03:00 139,264 --a------
> c:\windows\system32\Video.skn
> 2009-03-23 18:34 . 2001-03-30 02:00 62,976 --a------
> c:\windows\system32\CTDetres.dll
> 2009-03-23 18:34 . 2000-04-20 01:00 24,576 --a------
> c:\windows\system32\CTMERes.DLL
> 2009-03-23 18:34 . 1998-09-17 01:52 17,350 --a------
> c:\windows\system32\CTDetect.hlp
> 2009-03-23 18:34 . 1998-09-17 01:52 641 --a------
> c:\windows\system32\CTDetect.cnt
> 2009-03-23 18:34 . 2009-03-23 18:37 136 --a------ c:\windows\SBWIN.INI
> 2009-03-23 18:32 . 2003-03-05 12:19 15,840 ---------
> c:\windows\system32\pfmodnt.sys
> 2009-03-23 18:25 . 2009-03-24 09:43 2,145,386,496 --a------
> c:\windows\MEMORY.DMP
> 2009-03-23 17:53 . 2005-04-20 20:31 1,712,128 -----c---
> c:\windows\system32\dllcache\netshell.dll
> 2009-03-23 17:53 . 2005-04-20 20:31 474,624 -----c---
> c:\windows\system32\dllcache\wzcsvc.dll
> 2009-03-23 17:53 . 2005-04-20 20:31 381,952 -----c---
> c:\windows\system32\dllcache\wzcdlg.dll
> 2009-03-23 17:53 . 2005-04-20 20:31 52,736 -----c---
> c:\windows\system32\dllcache\wzcsapi.dll
> 2009-03-23 17:53 . 2005-04-20 00:54 14,592 -----c---
> c:\windows\system32\dllcache\ndisuio.sys
> 2009-03-23 17:51 . 2009-03-23 17:51 749 -rah-----
> c:\windows\WindowsShell.Manifest
> 2009-03-23 17:51 . 2009-03-23 17:51 749 -rah-----
> c:\windows\system32\wuaucpl.cpl.manifest
> 2009-03-23 17:51 . 2009-03-23 17:51 749 -rah-----
> c:\windows\system32\sapi.cpl.manifest
> 2009-03-23 17:51 . 2009-03-23 17:51 749 -rah-----
> c:\windows\system32\nwc.cpl.manifest
> 2009-03-23 17:51 . 2009-03-23 17:51 749 -rah-----
> c:\windows\system32\ncpa.cpl.manifest
> 2009-03-23 17:51 . 2009-03-23 17:51 488 -rah-----
> c:\windows\system32\logonui.exe.manifest
> 2009-03-23 17:47 . 2006-09-13 18:18 153,088 --a------
> c:\windows\system32\irftp.exe
> 2009-03-23 17:47 . 2006-09-13 18:18 87,424 --a------
> c:\windows\system32\drivers\irda.sys
> 2009-03-23 17:47 . 2006-09-13 18:19 27,648 --a------
> c:\windows\system32\irmon.dll
> 2009-03-23 17:47 . 2006-09-13 18:18 8,192 --a------
> c:\windows\system32\wshirda.dll
> 2009-03-23 17:38 . 2008-10-07 13:33 201,157 --a------
> c:\windows\system32\nvapps.nvb
> 2009-03-23 17:33 . 2006-09-13 18:17 19,584 --a------
> c:\windows\system32\drivers\rasirda.sys
> 2009-03-23 17:32 . 2001-10-26 19:29 24,661 --a------
> c:\windows\system32\spxcoins.dll
> 2009-03-23 17:32 . 2001-10-26 19:29 13,312 --a------
> c:\windows\system32\irclass.dll
> 2009-03-23 17:31 . 2004-08-04 01:27 1,896,400 --a--c---
> c:\windows\system32\dllcache\NT5.CAT
> 2009-03-23 17:31 . 2004-08-04 01:27 1,086,058 --a--c---
> c:\windows\system32\dllcache\NTPRINT.CAT
> 2009-03-23 17:31 . 2004-08-04 01:27 1,086,058 -ra------ c:\windows\SET95.tmp
> 2009-03-23 17:31 . 2004-08-04 01:32 1,014,483 -ra------ c:\windows\SET92.tmp
> 2009-03-23 17:31 . 2004-08-04 01:27 620,500 --a--c---
> c:\windows\system32\dllcache\NT5INF.CAT
> 2009-03-23 17:31 . 2004-08-04 01:28 141,702 --a--c---
> c:\windows\system32\dllcache\netfx.cat
> 2009-03-23 17:31 . 2004-08-04 01:32 102,826 --a--c---
> c:\windows\system32\dllcache\tabletpc.cat
> 2009-03-23 17:31 . 2004-08-04 01:27 31,965 --a--c---
> c:\windows\system32\dllcache\mediactr.cat
> 2009-03-23 17:31 . 2004-08-04 01:27 30,983 --a--c---
> c:\windows\system32\dllcache\FP4.CAT
> 2009-03-23 17:31 . 2004-08-04 01:26 14,043 --a--c---
> c:\windows\system32\dllcache\IMS.CAT
> 2009-03-23 17:31 . 2004-08-04 01:26 14,043 -ra------ c:\windows\SETA1.tmp
> 2009-03-23 17:31 . 2004-08-04 01:27 7,245 --a--c---
> c:\windows\system32\dllcache\MSTSWEB.CAT
> 2009-03-23 16:38 . 2009-03-23 16:38 <DIR> d-------- c:\documents and
> settings\All Users\Dane aplikacji\Kaspersky Lab
> 2009-03-23 11:00 . 2009-03-23 11:00 <DIR> d-------- c:\program files\Seagate
> 2009-03-23 08:18 . 2008-06-19 16:24 28,544 --a------
> c:\windows\system32\drivers\pavboot.sys
> 2009-03-23 08:17 . 2009-03-23 08:17 <DIR> d-------- c:\program files\Panda
> Security
> 2009-03-22 11:35 . 2009-03-22 11:35 <DIR> d-------- c:\program files\Common
> Files\Wise Installation Wizard
> 2009-03-20 17:29 . 2009-03-20 17:29 <DIR> d--------
> c:\windows\system32\HouseCall 6.6
> 2009-03-20 17:29 . 2009-03-20 17:29 <DIR> d-------- c:\documents and
> settings\Darek\Dane aplikacji\HouseCall 6.6
> 2009-03-20 15:41 . 2009-03-20 15:41 13,137,952 --a------ C:\cureit.exe
> 2009-03-19 08:18 . 2009-03-19 08:29 278 --a------ c:\windows\HAFASWIN.INI
> 2009-03-19 08:18 . 2009-03-19 08:18 21 --a------ c:\windows\progman.ini
> 2009-03-19 07:21 . 2009-03-19 07:23 31 --a------ c:\windows\bluevoda.ini
> 2009-03-18 23:04 . 2009-03-18 23:03 737,280 --a------ c:\windows\iun6002.exe
> 2009-03-18 22:59 . 2009-03-18 22:59 <DIR> d-------- c:\documents and
> settings\Darek\Dane aplikacji\GibbHill Properties Ltd
> 2009-03-18 20:02 . 2009-03-09 20:06 15,688 --a------
> c:\windows\system32\lsdelete.exe
> 2009-03-18 19:37 . 2009-03-23 08:18 78,362 --a------ c:\windows\setupapi.old
> 2009-03-18 19:37 . 2009-03-09 20:06 64,160 --a------
> c:\windows\system32\drivers\Lbd.sys
> 2009-03-18 19:36 . 2009-03-18 19:36 <DIR> d-------- c:\program
> files\Lavasoft
> 2009-03-18 19:36 . 2009-03-18 19:36 <DIR> d--h-c--- c:\documents and
> settings\All Users\Dane aplikacji\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
> 2009-03-16 00:02 . 2007-04-11 21:52 185,344 --a------
> c:\windows\system32\iwpsetup.exe
> 2009-03-16 00:02 . 1997-01-16 00:00 29,696 --a------
> c:\windows\system32\VB5STKIT.DLL
> 2009-03-16 00:02 . 1997-01-16 13:42 6,114 --a------
> c:\windows\system32\SHELLLNK.TLB
> 2009-03-11 17:48 . 2009-03-19 10:13 <DIR> d-------- C:\7
> 2009-03-11 17:39 . 2009-03-15 23:38 <DIR> d-------- c:\program
> files\Blockstar
> 2009-03-11 16:58 . 2009-03-11 17:46 <DIR> d-------- c:\documents and
> settings\Darek\Dane aplikacji\Cream Software
> 2009-02-26 09:16 . 2009-03-11 17:06 <DIR> d-------- C:\6
> 2009-02-24 21:57 . 2009-02-24 21:57 <DIR> d-------- c:\program files\Skype
> 2009-02-24 21:57 . 2009-02-24 21:57 <DIR> d-------- c:\program files\Common
> Files\Skype
> 2009-02-24 08:50 . 2009-02-24 08:50 <DIR> d-------- C:\5
>
> .
> (((((((((((((((((((((((((((((((((((((((( Sekcja
> nd3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
> .
> 2009-03-24 08:42 --------- d---a-w c:\documents and settings\All Users\Dane
> aplikacji\Temp
> 2009-03-24 08:42 --------- d-----w c:\program files\Trojan Remover
> 2009-03-24 08:27 --------- d-----w c:\program files\GetRight
> 2009-03-24 08:18 --------- d-----w c:\documents and settings\Darek\Dane
> aplikacji\Spamihilator
> 2009-03-24 06:45 --------- d--h--w c:\program files\InstallShield
> Installation Information
> 2009-03-23 18:26 360,576 ----a-w c:\windows\system32\drivers\tcpip.sys
> 2009-03-23 18:24 --------- d-----w c:\documents and settings\Darek\Dane
> aplikacji\ZoomBrowser EX
> 2009-03-23 18:24 --------- d-----w c:\documents and settings\All Users\Dane
> aplikacji\ZoomBrowser
> 2009-03-23 17:53 --------- d-----w c:\program files\Creative
> 2009-03-21 07:58 --------- d-----w c:\program files\Create-Ringtone
> 2009-03-20 16:23 --------- d-----w c:\program files\Spybot - Search &
> Destroy
> 2009-03-20 16:23 --------- d-----w c:\documents and settings\All Users\Dane
> aplikacji\Spybot - Search & Destroy
> 2009-03-20 10:12 --------- d-----w c:\program files\SkanerOnline
> 2009-03-19 19:10 --------- d-----w c:\program files\Spyware Doctor
> 2009-03-19 09:14 --------- d-----w c:\program files\emule
> 2009-03-19 06:44 --------- d-----w c:\program files\PeerGuardian2
> 2009-03-19 06:44 --------- d-----w c:\documents and settings\Darek\Dane
> aplikacji\uTorrent
> 2009-03-17 21:04 --------- d-----w c:\documents and settings\Darek\Dane
> aplikacji\Skype
> 2009-03-17 21:01 --------- d-----w c:\documents and settings\Darek\Dane
> aplikacji\skypePM
> 2009-03-17 06:31 --------- d-----w c:\program files\Microsoft ActiveSync
> 2009-03-14 15:34 --------- d-----w c:\documents and settings\Darek\Dane
> aplikacji\Vso
> 2009-03-08 10:22 --------- d-----w c:\program files\Soulseek
> 2009-02-24 20:57 --------- d-----w c:\documents and settings\All Users\Dane
> aplikacji\Skype
> 2009-02-22 23:55 --------- d-----w c:\documents and settings\Darek\Dane
> aplikacji\foobar2000
> 2009-02-22 10:44 --------- d-----w c:\program files\Magic Video Converter
> 2009-02-18 22:57 --------- d-----w c:\program files\foobar2000
> 2009-02-18 21:13 --------- d-----w c:\program files\MediaFACE II
> 2009-02-18 20:59 --------- d-----w c:\program files\ALLPlayer
> 2009-02-18 20:22 --------- d-----w c:\documents and settings\Darek\Dane
> aplikacji\Moyea
> 2009-02-18 20:18 --------- d-----w c:\program files\Moyea
> 2009-02-18 20:08 --------- d-----w c:\program files\FLVPlayer
> 2009-02-18 20:04 --------- d-----w c:\program files\Smallvideosoft
> 2009-02-10 20:58 --------- d-----w c:\program files\Yahoo!
> 2009-02-09 14:20 --------- d-----w c:\program files\eSkiMoS R2
> 2009-02-06 20:23 --------- d-----w c:\documents and settings\All Users\Dane
> aplikacji\DVD Shrink
> 2008-11-30 13:23 47,360 ----a-w c:\documents and settings\Darek\Dane
> aplikacji\pcouffin.sys
> 2007-04-04 20:40 221 ----a-w c:\program files\Common Files\max.kk
> 2006-06-24 06:48 32,768 ----a-r c:\windows\inf\UpdateUSB.exe
> .
>
> ------- Sigcheck -------
>
> 2008-06-20 12:59 361600 ad978a1b783b5719720cff204b666c8e
> c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
> 2009-03-23 19:26 360576 e7dfcffa380749b8626ad71e8f367dcb
> c:\windows\system32\drivers\tcpip.sys
> .
> ((((((((((((((((((((((((((((((((((((( Wpisy startowe
> jestru ))))))))))))))))))))))))))))))))))))))))))))))))))
> .
> .
> *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
> REGEDIT4
>
> [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curren
tVersion\Run]
> "H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\Wcescomm.exe"
> [2006-11-13 1289000]
>
> [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curre
ntVersion\Run]
> "Six Engine"="c:\program files\ASUS\Six Engine\SixEngine.exe" [2008-05-14
> 5958656]
> "Spamihilator"="c:\program files\Spamihilator\spamihilator.exe" [2008-12-23
> 1321984]
> "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
> [2008-11-10 136600]
> "Look 'n' Stop"="c:\program files\Soft4Ever\looknstop\looknstop.exe"
> [2008-12-28 512070]
> "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
> "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
> "CTSysVol"="c:\program files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe"
> [2002-10-29 49152]
> "SBDrvDet"="c:\program files\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-03
> 45056]
> "SpIDerNT"="c:\progra~1\DrWeb\spiderui.exe" [2008-10-23 197896]
> "DrWebScheduler"="c:\program files\DrWeb\DRWEBSCD.EXE" [2008-05-06 283888]
> "SpIDerMail"="c:\program files\DrWeb\spiderml.exe" [2008-06-10 501080]
> "nwiz"="nwiz.exe" [2008-10-07 c:\windows\system32\nwiz.exe]
> "CTHelper"="CTHELPER.EXE" [2008-06-27 c:\windows\system32\CtHelper.exe]
>
> [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Curr
entVersion\Run]
> "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
>
> c:\documents and settings\Darek\Menu Start\Programy\Autostart\
> Spyware Doctor Updater.exe [2008-10-30 29228]
>
> [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
> "msacm.divxa32"= divxa32.acm
>
> [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control
\SafeBoot\Minimal\Lavas oft
> Ad-Aware Service]
> @="Service"
>
> [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control
\SafeBoot\Minimal\Wdf01 000.sys]
> @="Driver"
>
> [HKLM\~\startupfolder\C:^Documents and Settings^Darek^Menu
> Start^Programy^Autostart^Express Assist Check.lnk]
> path=c:\documents and settings\Darek\Menu Start\Programy\Autostart\Express
> Assist Check.lnk
> backup=c:\windows\pss\Express Assist Check.lnkStartup
>
> [HKEY_LOCAL_MACHINE\software\microsoft\shared
> tools\msconfig\startupreg\KernelFaultCheck]
> c:\windows\system32\dumprep 0 -k [X]
> HKEY_LOCAL_MACHINE\software\microsoft\shared
> tools\msconfig\startupreg\PDVD8LanguageShortcut
> HKEY_LOCAL_MACHINE\software\microsoft\shared
> tools\msconfig\startupreg\RemoteControl8
>
> [HKEY_LOCAL_MACHINE\software\microsoft\shared
> tools\msconfig\startupreg\Acronis Scheduler2 Service]
> --a------ 2007-09-14 02:55 140568 c:\program files\Common
> Files\Acronis\Schedule2\schedhlp.exe
>
> [HKEY_LOCAL_MACHINE\software\microsoft\shared
> tools\msconfig\startupreg\AcronisTimounterMonitor]
> --a------ 2007-09-14 03:02 905056 c:\program
> files\Acronis\TrueImageHome\TimounterMonitor.exe
>
> [HKEY_LOCAL_MACHINE\software\microsoft\shared
> tools\msconfig\startupreg\Ad-Watch]
> --a------ 2009-03-09 20:06 515416 c:\program
> files\Lavasoft\Ad-Aware\AAWTray.exe
>
> [HKEY_LOCAL_MACHINE\software\microsoft\shared
> tools\msconfig\startupreg\Adobe Reader Speed Launcher]
> --a------ 2008-01-11 22:16 39792 c:\program files\Adobe\Reader
> 8.0\Reader\reader_sl.exe
>
> [HKEY_LOCAL_MACHINE\software\microsoft\shared
> tools\msconfig\startupreg\ALLUpdate]
> --a------ 2008-11-24 20:44 869888 c:\program files\ALLPlayer\ALLUpdate.exe
>
> [HKEY_LOCAL_MACHINE\software\microsoft\shared
> tools\msconfig\startupreg\CTDVDDET]
> --a------ 2003-06-18 01:00 45056 c:\program
> files\Creative\DVDAudio\CTDVDDET.exe
>
> [HKEY_LOCAL_MACHINE\software\microsoft\shared
> tools\msconfig\startupreg\EPSON Stylus DX7400 Series]
> --a------ 2007-04-12 07:00 182272
> c:\windows\system32\spool\drivers\w32x86\3\E_FATICDE
.EXE
>
> [HKEY_LOCAL_MACHINE\software\microsoft\shared
> tools\msconfig\startupreg\LanguageShortcut]
> --a------ 2006-04-13 11:09 49152 c:\program
> files\CyberLink\PowerDVD\Language\Language.exe
>
> [HKEY_LOCAL_MACHINE\software\microsoft\shared
> tools\msconfig\startupreg\NeroFilterCheck]
> --a------ 2006-01-12 16:40 155648 c:\windows\system32\NeroCheck.exe
>
> [HKEY_LOCAL_MACHINE\software\microsoft\shared
> tools\msconfig\startupreg\Nokia.PCSync]
> --a------ 2008-06-17 16:00 1249280 c:\program files\Nokia\Nokia PC Suite
> 7\PcSync2.exe
>
> [HKEY_LOCAL_MACHINE\software\microsoft\shared
> tools\msconfig\startupreg\NvCplDaemon]
> --a------ 2008-10-07 13:33 13574144 c:\windows\system32\nvcpl.dll
>
> [HKEY_LOCAL_MACHINE\software\microsoft\shared
> tools\msconfig\startupreg\NvMediaCenter]
> --a------ 2008-10-07 13:33 86016 c:\windows\system32\nvmctray.dll
>
> [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC
> Suite Tray]
> --a------ 2008-08-11 08:31 1124352 c:\program files\Nokia\Nokia PC Suite
> 7\PCSuite.exe
>
> [HKEY_LOCAL_MACHINE\software\microsoft\shared
> tools\msconfig\startupreg\RemoteControl]
> --a------ 2005-12-07 22:57 30208 c:\program
> files\CyberLink\PowerDVD\PDVDServ.exe
>
> [HKEY_LOCAL_MACHINE\software\microsoft\shared
> tools\msconfig\startupreg\TrueImageMonitor.exe]
> --a------ 2007-09-14 02:52 2595480 c:\program
> files\Acronis\TrueImageHome\TrueImageMonitor.exe
>
> [HKEY_LOCAL_MACHINE\software\microsoft\shared
> tools\msconfig\startupreg\WinampAgent]
> --a------ 2001-10-02 00:42 10752 c:\program files\Winamp\winampa.exe
>
> [HKEY_LOCAL_MACHINE\software\microsoft\shared
> tools\msconfig\startupreg\nwiz]
> --a------ 2008-10-07 13:33 1630208 c:\windows\system32\nwiz.exe
>
> [HKLM\~\services\sharedaccess\parameters\firewallpol
icy\standardprofile]
> "EnableFirewall"= 0 (0x0)
>
> [HKLM\~\services\sharedaccess\parameters\firewallpol
icy\standardprofile\Aut horizedApplications\List]
> "%windir%\\system32\\sessmgr.exe"=
> "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
> "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
> "c:\\Program Files\\uTorrent\\uTorrent.exe"=
> "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
> "c:\\Program Files\\Gadu-Gadu\\gg.exe"=
> "c:\\Program Files\\Soulseek\\slsk.exe"=
> "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program
> files\Microsoft
> ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Ena
bled:ActiveSync RAPI
> Manager
> "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program
> files\Microsoft
> ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:En
abled:ActiveSync
> Connection Manager
> "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program
> files\Microsoft
> ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Ena
bled:ActiveSync
> Application
> "c:\\Program Files\\Spamihilator\\cdcc.exe"=
> "c:\\Program Files\\Spamihilator\\dccproc.exe"=
> "c:\\Program Files\\Spamihilator\\spamihilator.exe"=
> "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
>
> [HKLM\~\services\sharedaccess\parameters\firewallpol
icy\standardprofile\Glo ballyOpenPorts\List]
> "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSy
nc Service
>
> R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-03-18 64160]
> R0 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys [2008-07-22 151592]
> R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.
sys [2009-03-23
> 28544]
> R1 lnsfw1;lnsfw1;c:\windows\system32\drivers\lnsfw1.sys [2008-12-28 77184]
> R2 SPIDER;SpIDer Guard File System Monitor;c:\progra~1\DrWeb\spider.sys
> [2009-03-24 268040]
> R2 SPIDERNT;SpIDer Guard for Windows;c:\progra~1\DrWeb\spidernt.exe
> [2009-03-24 197896]
> R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\driver
s\COMMONFX.sys
> [2008-06-27 99352]
> R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\
CTAUDFX.sys
> [2008-06-27 555032]
> R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\
CTSBLFX.sys
> [2008-06-27 566296]
> R3 L1e;Miniport Driver for Atheros AR8121/AR8113 PCI-E Ethernet
> Controller;c:\windows\system32\drivers\l1e51x86.sys [2008-11-04 36864]
> S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMON
FX.sys [2008-06-27
> 99352]
> S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.
sys [2008-06-27
> 555032]
> S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\driver
s\CTERFXFX.sys
> [2008-06-27 100888]
> S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFX
FX.sys [2008-06-27
> 100888]
> S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.
sys [2008-06-27
> 566296]
> S3 FirebirdGuardianDefaultInstance;Firebird Guardian -
> DefaultInstance;i:\firebird\Firebird_1_5\bin\fbguard
.exe -s -->
> i:\firebird\Firebird_1_5\bin\fbguard.exe -s [?]
> S3 FirebirdServerDefaultInstance;Firebird Server -
> DefaultInstance;i:\firebird\Firebird_1_5\bin\fbserve
r.exe -s -->
> i:\firebird\Firebird_1_5\bin\fbserver.exe -s [?]
> S3 KS-959;Kingsun KS-959 USB Infrared
> Adapter;c:\windows\system32\drivers\ks-959.sys [2005-07-23 19034]
> S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program
> files\Lavasoft\Ad-Aware\AAWService.exe [2009-03-09 951632]
> S3 nmwcdnsu;Nokia USB Flashing Phone
> Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2008-12-24 138112]
> S3 nmwcdnsuc;Nokia USB Flashing
> Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2008-12-24 8320]
> S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware
> Doctor\pctsAuxs.exe [2009-01-23 356920]
> S3 V0260VID;Live! Cam Vista IM;c:\windows\system32\drivers\V0260Vid.sys
> [2008-11-04 178913]
>
> [HKEY_CURRENT_USER\software\microsoft\windows\curren
tversion\explorer\mount points2\{521142a4-c6ba-11dd-9b11-000000000000}]
> \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE
> Shell32.DLL,ShellExec_RunDLL explore.exe
>
> [HKEY_CURRENT_USER\software\microsoft\windows\curren
tversion\explorer\mount points2\{b08c2893-aa51-11dd-a53b-806d6172696f}]
> \Shell\AutoRun\command - M:\setup.exe
>
> [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed
> components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
> "c:\program files\Common Files\LightScribe\LSRunOnce.exe"
> .
> Zawartość folderu 'Zaplanowane zadania'
>
> 2009-03-23 c:\windows\Tasks\Ad-Aware Update (Weekly).job
> - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 20:06]
>
> 2009-03-23 c:\windows\Tasks\Norton Security Scan for Darek.job
> - c:\program files\Norton Security Scan\Nss.exe [2008-09-19 04:18]
> .
> - - - - USUNIĘTO PUSTE WPISY - - - -
>
> Notify-efcbCSkj - efcbCSkj.dll
> MSConfigStartUp-SpybotSD TeaTimer - c:\program files\Spybot - Search &
> Destroy\TeaTimer.exe
> MSConfigStartUp-UVS11 Preload - e:\program files\Ulead Systems\Ulead
> VideoStudio 11\uvPL.exe
> MSConfigStartUp-Vidalia - c:\program files\Vidalia
> Bundle\Vidalia\vidalia.exe
>
> .
> ------- Skan uzupełniający -------
> .
> uStart Page = about:blank
> uInternet Settings,ProxyOverride = *.local
> IE: Download with GetRight Pro - c:\program files\GetRight\GRdownload.htm
> IE: E&ksport do programu Microsoft Excel -
> c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
> IE: Open with GetRight Pro Browser - c:\program files\GetRight\GRbrowse.htm
> LSP: c:\windows\system32\DRWEBSP.DLL
> FF - ProfilePath - c:\documents and settings\Darek\Dane
> aplikacji\Mozilla\Firefox\Profiles\zx5x027r.default\
> FF - prefs.js: browser.startup.homepage -www.google.pl
> FF - plugin: c:\program files\Mozilla Firefox\plugins\NPGetRt.dll
> .
>
> ****************************************************
**********************
>
> catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by
Gmer,http://www.gmer.net
> Rootkit scan 2009-03-24 10:00:22
> Windows 5.1.2600 Dodatek Service Pack 2 NTFS
>
> skanowanie ukrytych procesów ...
>
> skanowanie ukrytych wpisów autostartu ...
>
> HKLM\Software\Microsoft\Windows\CurrentVersion\Run
> CTHelper = CTHELPER.EXE?
>
> skanowanie ukrytych plików ...
>
> skanowanie pomyślnie ukończone
> ukryte pliki: 0
>
> ****************************************************
**********************
> .
> --------------------- Pliki DLL ładowane pod uruchomionymi
> procesami ---------------------
>
> - - - - - - - > 'lsass.exe'(1204)
> c:\windows\system32\relog_ap.dll
> c:\windows\system32\DRWEBSP.DLL
> .
> ------------------------ Pozostałe uruchomione
> procesy ------------------------
> .
> c:\windows\system32\savedump.exe
> c:\windows\system32\rundll32.exe
> c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
> c:\program files\Bonjour\mDNSResponder.exe
> c:\program files\Common Files\InterVideo\DeviceService\DevSvc.exe
> c:\documents and settings\Darek\Menu Start\Programy\Autostart\Spyware Doctor
> Updater.exe
> c:\windows\system32\CTSVCCDA.EXE
> c:\documents and settings\All Users\Dane aplikacji\EPSON\EPW!3
> SSRP\E_S40RP7.EXE
> c:\progra~1\MI3AA1~1\rapimgr.exe
> c:\program files\Java\jre6\bin\jqs.exe
> c:\program files\Common Files\LightScribe\LSSrvc.exe
> c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
> c:\windows\system32\nvsvc32.exe
> c:\program files\CyberLink\Shared files\RichVideo.exe
> c:\program files\DrWeb\spidernt.exe
> c:\program files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
> c:\program files\Canon\CAL\CALMAIN.exe
> c:\windows\system32\wscntfy.exe
> c:\program files\DrWeb\drwebupw.exe
> .
> ****************************************************
**********************
> .
> Czas ukończenia: 2009-03-24 10:01:55 - komputer został uruchomiony ponownie
> [Darek]
> ComboFix-quarantined-files.txt 2009-03-24 09:01:52
>
> Przed: 2 921 869 312 bajtów wolnych
> Po: 4,011,827,200 bajtów wolnych
>
> Pozdro
>
> --
> ----------------------
> Negatyw
> negatyw001(małpa)o2.pl
> ----------------------
-
7. Data: 2009-03-25 22:13:49
Temat: Re: Problem z restartami
Od: "Negatyw" <n...@U...o2.pl.invalid>
Użytkownik "staszek" <s...@g...com> napisał w wiadomości
news:43d72462-4864-4ae8-b4e1-48ebc14f25d4@z9g2000yqi
.googlegroups.com...
To zostaje w HiJacku:
Dzięki za pomoc :)
Wstał, choć sp3 już nie udało mi się zainstalować. Widać xp'ek już jest dość
mocno poszatkowany...
Pozdro
--
----------------------
Negatyw
negatyw001(małpa)o2.pl
----------------------
-
8. Data: 2009-03-26 09:30:31
Temat: Re: Problem z restartami
Od: Chichotek <z...@y...cy>
Był 24 marzec (wtorek) gdy o godz. 8:05 *Negatyw* napisał(a):
> Czy macie jakieś pomysły?
Jeśli masz legalnego windowsa polecam skanowanie Windows Defenderem
--
Pozdrawiam, Chichotek
P5Q Pro, E8400@Scythe Ninja, Szafir HD4870 512MB, 2x2GB A-Data Vitesta 800+,
2x Seagate 250/400GB, Topower P3 450W EZ, Enermax Chakra, 21" Gateway,
Razer DeathAdder+Destructor, Logitech UltraX Flat, Windows XP Pro
-
9. Data: 2009-03-26 20:24:29
Temat: Re: Problem z restartami
Od: "Negatyw" <n...@U...o2.pl.invalid>
Użytkownik "Chichotek" <z...@y...cy> napisał w wiadomości
news:13l8qxsn41tc1.dlg@chichot.truposza.pl...
> Windows Defenderem
Mam problem z zainstalowaniem sp3. Instalator po prostu zamyka okno
podczas instalacji.
Mam ciekawą sytuację:
http://img172.imageshack.us/img172/8540/xp1.jpg - niby więc sp3 jest
A system mówi co innego:
http://img172.imageshack.us/img172/4031/xp2.jpg - twierdzi, że jest sp2
Czy da się to jakoś rozwiązać?
Pozdro
--
----------------------
Negatyw
negatyw001(małpa)o2.pl
----------------------