eGospodarka.pl
eGospodarka.pl poleca

eGospodarka.plGrupypl.comp.pecetProblem z restartami
Ilość wypowiedzi w tym wątku: 9

  • 1. Data: 2009-03-24 07:05:02
    Temat: Problem z restartami
    Od: "Negatyw" <n...@U...o2.pl.invalid>

    Witam
    Mój komp ma tendencję do zwiechów i samorestartów. Sytuacja ma miejsce
    równiez po wymianie obudowy i zasilacza na 520w. Temperatury chipsetu i
    proca są ok - zatem nie jest to wynikiem przegrzania.
    Posiadam 2 dyski z feralnej serii Seagate - st3500320as. Jeden z nich,
    wymaga upg firmare'u:
    http://img257.imageshack.us/img257/9374/seag2www.jpg

    Zapewne jednym se składników moich problemów są trojany i wirusy, które się
    przedostały na twardziele (nod32 v.4).

    Moja patowa sytuacja polega na tym, że podczas prób skanowania twardzieli
    różnymi skanerami on-line, następuje restart albo zwiech. Nie mogę więc tej
    operacji zakończyć. Korzystałem z różnych samoróbek pod linuchem:
    http://www.searchengines.pl/Bootowalne-antywirusowe-
    CD-t112329.html
    ale nie bardzo zdało to u mnie egzamin.
    Odpaliłem live cd Ubuntu - problem w tym, że te skanery chodzą pod IE a nie
    pod Firefoxem.

    Czy macie jakieś pomysły?

    Pozdro

    --
    ----------------------
    Negatyw
    negatyw001(małpa)o2.pl
    ----------------------



  • 2. Data: 2009-03-24 07:22:05
    Temat: Re: Problem z restartami
    Od: "Washi" <s...@n...pl>


    Użytkownik "Negatyw" <n...@U...o2.pl.invalid> napisał w wiadomości
    news:gqa0nc$9a8$1@inews.gazeta.pl...

    > Czy macie jakieś pomysły?
    >

    Moze sprobuj jakis AV portable odpalic z pendrivea?? Np.
    ClamWin Portable.

    Jesli masz mozliwosc zainstalowac na jakims dysku czysty OS + antywirus
    mozesz wtedy podpiac zainfekowane dyski i je przeskanowac.


    Washi
    --
    Porozmawiajmy o wirtualizacji
    -> http://www.virtual-it.pl/
    http://forum.virtual-it.pl/


  • 3. Data: 2009-03-24 07:42:48
    Temat: Re: Problem z restartami
    Od: "Washi" <s...@n...pl>


    Użytkownik "Negatyw" <n...@U...o2.pl.invalid> napisał w wiadomości
    news:gqa0nc$9a8$1@inews.gazeta.pl...

    > Czy macie jakieś pomysły?

    Warto przeskanowac jeszcze dyski jakimis programami do usowania rootkitow,
    trojanow np.
    HijackThis.
    Washi
    --
    Porozmawiajmy o wirtualizacji
    -> http://www.virtual-it.pl/
    http://forum.virtual-it.pl/


  • 4. Data: 2009-03-24 07:54:43
    Temat: Re: Problem z restartami
    Od: staszek <s...@g...com>

    On 24 Mar, 08:05, "Negatyw" <n...@U...o2.pl.invalid> wrote:
    > Witam
    > Mój komp ma tendencję do zwiechów i samorestartów. Sytuacja ma miejsce
    > równiez po wymianie obudowy i zasilacza na 520w. Temperatury chipsetu i
    > proca są ok - zatem nie jest to wynikiem przegrzania.
    > Posiadam 2 dyski z feralnej serii Seagate - st3500320as. Jeden z nich,
    > wymaga upg firmare'u:http://img257.imageshack.us/img257/9374/se
    ag2www.jpg
    >
    > Zapewne jednym se składników moich problemów są trojany i wirusy, które się
    > przedostały na twardziele (nod32 v.4).
    >
    > Moja patowa sytuacja polega na tym, że podczas prób skanowania twardzieli
    > różnymi skanerami on-line, następuje restart albo zwiech. Nie mogę więc tej
    > operacji zakończyć. Korzystałem z różnych samoróbek pod
    linuchem:http://www.searchengines.pl/Bootowalne-anty
    wirusowe-CD-t112329.html
    > ale nie bardzo zdało to u mnie egzamin.
    > Odpaliłem live cd Ubuntu - problem w tym, że te skanery chodzą pod IE a nie
    > pod Firefoxem.
    >
    > Czy macie jakieś pomysły?
    >
    > Pozdro
    >
    > --
    > ----------------------
    > Negatyw
    > negatyw001(małpa)o2.pl
    > ----------------------

    1.Tryb awaryjny
    2. HiJack -odznacz wszystkie swiństwa (które niepotrzebnie się
    uruchamiają w systemem) i z fix-uj
    3. Restart dalej tryb awaryjny
    4. COMBOFIX najnowszy zawsze na instalki.pl
    5. Restart
    6. Tryb normalny
    7. Skan ANTYVIREM


  • 5. Data: 2009-03-24 09:08:58
    Temat: Re: Problem z restartami
    Od: "Negatyw" <n...@U...o2.pl.invalid>


    Użytkownik "staszek" <s...@g...com> napisał w wiadomości
    news:9f918ff9-e232-4889-806b-5a82306ec94b@33g2000yqm
    .googlegroups.com...

    > 2. HiJack -odznacz wszystkie swiństwa (które niepotrzebnie się uruchamiają
    > w systemem) i z fix-uj

    Nie bardzo mówiąc szczerze jarzę, co jest OK a co NIE... No i nie mam
    zainstalowanej kontroli odzyskiwania - czym by to nie było.
    Tu masz loga z tego:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 09:47:22, on 2009-03-24
    Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Safe mode

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\savedump.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\totalcmd\TOTALCMD.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - Default URLSearchHook is missing
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper -
    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common
    Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Skype add-on (mastermind) -
    {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program
    Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: GetRight IE Download Helper -
    {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper -
    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program
    Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Catcher Class - {ADECBED6-0366-4377-A739-E69DFBA04663} -
    C:\Program Files\Moyea\FLV Downloader\MoyeaCth.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper -
    {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program
    Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -
    C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [Six Engine] "C:\Program Files\ASUS\Six
    Engine\SixEngine.exe" -r
    O4 - HKLM\..\Run: [Spamihilator] "C:\Program
    Files\Spamihilator\spamihilator.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program
    Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [Look 'n' Stop] "C:\Program
    Files\Soft4Ever\looknstop\looknstop.exe" -auto
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
    C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE
    C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround
    Mixer\CTSysVol.exe
    O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive
    Det\SBDrvDet.exe /r
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [SpIDerNT] C:\PROGRA~1\DrWeb\spiderui.exe /agent
    O4 - HKLM\..\Run: [DrWebScheduler] "C:\Program Files\DrWeb\DRWEBSCD.EXE"
    O4 - HKLM\..\Run: [SpIDerMail] "C:\Program Files\DrWeb\spiderml.exe"
    O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan
    Remover\Trjscan.exe /boot
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User
    'USŁUGA SIECIOWA')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User
    'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User
    'Default user')
    O9 - Extra button: Create Mobile Favorite -
    {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} -
    C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Utwórz Ulubione dla urządzenia przenośnego... -
    {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} -
    C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
    C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} -
    C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -
    {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network
    Diagnostic\xpnetdiag.exe
    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan
    Control) - http://edownload.grisoft.cz/ewidoOnlineScan.cab
    O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan
    Agent 6.6) -
    http://ushousecall02.trendmicro.com/housecall/applet
    /html/native/x86/win32/activex/hcImpl.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus
    scanner) -
    http://security.symantec.com/sscv6/SharedContent/vc/
    bin/AvSniff.cab
    O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer
    Class) - http://acs.pandasoftware.com/activescan/cabs/as2stub
    ie.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
    http://update.microsoft.com/windowsupdate/v6/V5Contr
    ols/en/x86/client/wuweb_site.cab?1237832290093
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility
    Class) -
    http://security.symantec.com/sscv6/SharedContent/com
    mon/bin/cabsa.cab
    O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) -
    http://www.mks.com.pl/skaner/SkanerOnline.cab
    O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) -
    http://ax.emsisoft.com/asquared.cab
    O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} (IPSUploader4 Control) -
    https://asp.photoprintit.de/microsite/1289/defaults/
    activex/ips/IPSUploader4.cab
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software
    AutoUpdate Support Package) -
    http://www.creative.com/softwareupdate/su2/ocx/15106
    /CTPID.cab
    O17 -
    HKLM\System\CCS\Services\Tcpip\..\{12090D13-3BD7-40E
    3-8257-8A5C676B4824}:
    NameServer = 78.152.23.66,78.152.23.67
    O17 -
    HKLM\System\CS1\Services\Tcpip\..\{12090D13-3BD7-40E
    3-8257-8A5C676B4824}:
    NameServer = 78.152.23.66,78.152.23.67
    O17 -
    HKLM\System\CS2\Services\Tcpip\..\{12090D13-3BD7-40E
    3-8257-8A5C676B4824}:
    NameServer = 78.152.23.66,78.152.23.67
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -
    C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: efcbCSkj - efcbCSkj.dll (file missing)
    O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis -
    C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour
    Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program
    Files\Common Files\InterVideo\DeviceService\DevSvc.exe
    O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. -
    C:\Program Files\Canon\CAL\CALMAIN.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd -
    C:\WINDOWS\system32\CTsvcCDA.exe
    O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON
    CORPORATION - C:\Documents and Settings\All Users\Dane aplikacji\EPSON\EPW!3
    SSRP\E_S40RP7.EXE
    O23 - Service: Firebird Guardian - DefaultInstance
    (FirebirdGuardianDefaultInstance) - The Firebird Project -
    I:\Firebird\Firebird_1_5\bin\fbguard.exe
    O23 - Service: Firebird Server - DefaultInstance
    (FirebirdServerDefaultInstance) - The Firebird Project -
    I:\Firebird\Firebird_1_5\bin\fbserver.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. -
    C:\Program Files\Common Files\Macrovision Shared\FLEXnet
    Publisher\FNPLicensingService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun
    Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program
    Files\Lavasoft\Ad-Aware\AAWService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service
    (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common
    Files\LightScribe\LSSrvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -
    C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown
    owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools -
    C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools -
    C:\Program Files\Spyware Doctor\pctsSvc.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity
    Solution\ServiceLayer.exe
    O23 - Service: SpIDer Guard for Windows (SPIDERNT) - Doctor Web, Ltd. -
    C:\PROGRA~1\DrWeb\spidernt.exe
    O23 - Service: Acronis Try And Decide Service (TryAndDecideService) -
    Unknown owner - C:\Program Files\Common
    Files\Acronis\Fomatik\TrueImageTryStartService.exe

    > 4. COMBOFIX najnowszy zawsze na instalki.pl
    > 5. Restart
    > 6. Tryb normalny

    ComboFix 09-03-22.01 - Administrator 2009-03-24 9:56:32.1 - NTFSx86 MINIMAL
    Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.3327.3060 [GMT
    1:00]
    Uruchomiony z: c:\10\ComboFix.exe
    AV: Doctor Web Anti-Virus *On-access scanning disabled* (Updated)
    FW: Look 'n' Stop 2.06 (Soft4Ever) *enabled*

    UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!
    .

    (((((((((((((((((((((((((((((((((((((((
    Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\Darek\Dane aplikacji\inst.exe
    c:\windows\system32\micr0st.dll

    .
    (((((((((((((((((((((((((((((((((((((((
    Sterowniki/Usługi )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_ISODRIVE
    -------\Service_ISODrive


    ((((((((((((((((((((((((( Pliki utworzone od 2009-02-24 do
    009-03-24 )))))))))))))))))))))))))))))))
    .

    2009-03-24 09:47 . 2009-03-24 09:47 <DIR> d-------- c:\program files\Trend
    Micro
    2009-03-24 09:36 . 2009-03-24 09:36 <DIR> d-------- c:\documents and
    settings\All Users\Dane aplikacji\Simply Super Software
    2009-03-24 09:36 . 2006-05-25 15:52 162,304 --a------
    c:\windows\system32\ztvunrar36.dll
    2009-03-24 09:36 . 2003-02-02 20:06 153,088 --a------
    c:\windows\system32\UNRAR3.dll
    2009-03-24 09:36 . 2005-08-26 01:50 77,312 --a------
    c:\windows\system32\ztvunace26.dll
    2009-03-24 09:36 . 2002-03-06 01:00 75,264 --a------
    c:\windows\system32\unacev2.dll
    2009-03-24 09:36 . 2006-06-19 13:01 69,632 --a------
    c:\windows\system32\ztvcabinet.dll
    2009-03-24 09:28 . 2009-03-24 09:33 <DIR> d-------- C:\10
    2009-03-24 09:01 . 2009-03-24 09:01 <DIR> d-------- c:\program files\MCS
    Studios
    2009-03-24 09:01 . 2005-12-14 22:16 237,568 --a------
    c:\windows\system32\mcstabs.ocx
    2009-03-24 09:01 . 1998-06-18 00:00 89,360 --a------
    c:\windows\system32\VB5DB.DLL
    2009-03-24 07:45 . 2009-03-24 09:25 <DIR> d-------- c:\program files\DrWeb
    2009-03-24 07:45 . 2009-03-24 07:46 77,824 --a----t-
    c:\windows\system32\DRWEBSP.DLL
    2009-03-23 18:44 . 2009-03-24 10:00 4,958,588 --a------
    c:\windows\{00000005-00000000-00000001-00001102-0000
    0004-10071102}.BAK
    2009-03-23 18:44 . 2009-03-24 09:44 31,056 --a------
    c:\windows\system32\BMXStateBkp-{00000005-00000000-0
    0000001-00001102-00000004-10071102}.rfx
    2009-03-23 18:44 . 2009-03-24 09:44 31,056 --a------
    c:\windows\system32\BMXState-{00000005-00000000-0000
    0001-00001102-00000004-10071102}.rfx
    2009-03-23 18:44 . 2009-03-24 09:44 30,528 --a------
    c:\windows\system32\BMXCtrlState-{00000005-00000000-
    00000001-00001102-00000004-10071102}.rfx
    2009-03-23 18:44 . 2009-03-24 09:44 30,528 --a------
    c:\windows\system32\BMXBkpCtrlState-{00000005-000000
    00-00000001-00001102-00000004-10071102}.rfx
    2009-03-23 18:44 . 2009-03-24 09:44 11,564 --a------
    c:\windows\system32\DVCState-{00000005-00000000-0000
    0001-00001102-00000004-10071102}.rfx
    2009-03-23 18:44 . 2009-03-23 18:44 1,080 --a------
    c:\windows\system32\settingsbkup.sfm
    2009-03-23 18:44 . 2009-03-23 18:44 1,080 --a------
    c:\windows\system32\settings.sfm
    2009-03-23 18:41 . 2009-03-24 10:00 4,958,588 --a------
    c:\windows\{00000005-00000000-00000001-00001102-0000
    0004-10071102}.CDF
    2009-03-23 18:37 . 1998-01-08 01:00 1,048,576 ---------
    c:\windows\system32\SFMAN.DAT
    2009-03-23 18:37 . 1995-01-13 14:10 149,504 ---------
    c:\windows\system32\MFCANS32.DLL
    2009-03-23 18:37 . 1995-01-13 14:10 108,032 ---------
    c:\windows\system32\MFCUIA32.DLL
    2009-03-23 18:37 . 2000-05-11 01:00 90,112 --------- c:\windows\Updreg.EXE
    2009-03-23 18:37 . 1998-06-05 02:00 84,992 ---------
    c:\windows\system32\SFCVRT32.DLL
    2009-03-23 18:37 . 1995-08-30 02:02 82,432 ---------
    c:\windows\system32\CTWFLT32.DLL
    2009-03-23 18:37 . 1998-10-20 16:05 54,784 ---------
    c:\windows\system32\INETWH32.DLL
    2009-03-23 18:37 . 1994-12-05 03:11 53,552 --------- c:\windows\CTCCW.DLL
    2009-03-23 18:37 . 1995-07-13 02:01 26,768 ---------
    c:\windows\system32\CTL3D.DLL
    2009-03-23 18:37 . 1996-05-23 02:24 24,976 --------- c:\windows\CTRES.DLL
    2009-03-23 18:37 . 1999-01-14 14:04 231 --------- c:\windows\AC3API.INI
    2009-03-23 18:34 . 2002-02-20 03:00 331,776 ---------
    c:\windows\system32\CTMEDENG.DLL
    2009-03-23 18:34 . 2001-09-18 03:00 139,264 --a------
    c:\windows\system32\Video.skn
    2009-03-23 18:34 . 2001-03-30 02:00 62,976 --a------
    c:\windows\system32\CTDetres.dll
    2009-03-23 18:34 . 2000-04-20 01:00 24,576 --a------
    c:\windows\system32\CTMERes.DLL
    2009-03-23 18:34 . 1998-09-17 01:52 17,350 --a------
    c:\windows\system32\CTDetect.hlp
    2009-03-23 18:34 . 1998-09-17 01:52 641 --a------
    c:\windows\system32\CTDetect.cnt
    2009-03-23 18:34 . 2009-03-23 18:37 136 --a------ c:\windows\SBWIN.INI
    2009-03-23 18:32 . 2003-03-05 12:19 15,840 ---------
    c:\windows\system32\pfmodnt.sys
    2009-03-23 18:25 . 2009-03-24 09:43 2,145,386,496 --a------
    c:\windows\MEMORY.DMP
    2009-03-23 17:53 . 2005-04-20 20:31 1,712,128 -----c---
    c:\windows\system32\dllcache\netshell.dll
    2009-03-23 17:53 . 2005-04-20 20:31 474,624 -----c---
    c:\windows\system32\dllcache\wzcsvc.dll
    2009-03-23 17:53 . 2005-04-20 20:31 381,952 -----c---
    c:\windows\system32\dllcache\wzcdlg.dll
    2009-03-23 17:53 . 2005-04-20 20:31 52,736 -----c---
    c:\windows\system32\dllcache\wzcsapi.dll
    2009-03-23 17:53 . 2005-04-20 00:54 14,592 -----c---
    c:\windows\system32\dllcache\ndisuio.sys
    2009-03-23 17:51 . 2009-03-23 17:51 749 -rah-----
    c:\windows\WindowsShell.Manifest
    2009-03-23 17:51 . 2009-03-23 17:51 749 -rah-----
    c:\windows\system32\wuaucpl.cpl.manifest
    2009-03-23 17:51 . 2009-03-23 17:51 749 -rah-----
    c:\windows\system32\sapi.cpl.manifest
    2009-03-23 17:51 . 2009-03-23 17:51 749 -rah-----
    c:\windows\system32\nwc.cpl.manifest
    2009-03-23 17:51 . 2009-03-23 17:51 749 -rah-----
    c:\windows\system32\ncpa.cpl.manifest
    2009-03-23 17:51 . 2009-03-23 17:51 488 -rah-----
    c:\windows\system32\logonui.exe.manifest
    2009-03-23 17:47 . 2006-09-13 18:18 153,088 --a------
    c:\windows\system32\irftp.exe
    2009-03-23 17:47 . 2006-09-13 18:18 87,424 --a------
    c:\windows\system32\drivers\irda.sys
    2009-03-23 17:47 . 2006-09-13 18:19 27,648 --a------
    c:\windows\system32\irmon.dll
    2009-03-23 17:47 . 2006-09-13 18:18 8,192 --a------
    c:\windows\system32\wshirda.dll
    2009-03-23 17:38 . 2008-10-07 13:33 201,157 --a------
    c:\windows\system32\nvapps.nvb
    2009-03-23 17:33 . 2006-09-13 18:17 19,584 --a------
    c:\windows\system32\drivers\rasirda.sys
    2009-03-23 17:32 . 2001-10-26 19:29 24,661 --a------
    c:\windows\system32\spxcoins.dll
    2009-03-23 17:32 . 2001-10-26 19:29 13,312 --a------
    c:\windows\system32\irclass.dll
    2009-03-23 17:31 . 2004-08-04 01:27 1,896,400 --a--c---
    c:\windows\system32\dllcache\NT5.CAT
    2009-03-23 17:31 . 2004-08-04 01:27 1,086,058 --a--c---
    c:\windows\system32\dllcache\NTPRINT.CAT
    2009-03-23 17:31 . 2004-08-04 01:27 1,086,058 -ra------ c:\windows\SET95.tmp
    2009-03-23 17:31 . 2004-08-04 01:32 1,014,483 -ra------ c:\windows\SET92.tmp
    2009-03-23 17:31 . 2004-08-04 01:27 620,500 --a--c---
    c:\windows\system32\dllcache\NT5INF.CAT
    2009-03-23 17:31 . 2004-08-04 01:28 141,702 --a--c---
    c:\windows\system32\dllcache\netfx.cat
    2009-03-23 17:31 . 2004-08-04 01:32 102,826 --a--c---
    c:\windows\system32\dllcache\tabletpc.cat
    2009-03-23 17:31 . 2004-08-04 01:27 31,965 --a--c---
    c:\windows\system32\dllcache\mediactr.cat
    2009-03-23 17:31 . 2004-08-04 01:27 30,983 --a--c---
    c:\windows\system32\dllcache\FP4.CAT
    2009-03-23 17:31 . 2004-08-04 01:26 14,043 --a--c---
    c:\windows\system32\dllcache\IMS.CAT
    2009-03-23 17:31 . 2004-08-04 01:26 14,043 -ra------ c:\windows\SETA1.tmp
    2009-03-23 17:31 . 2004-08-04 01:27 7,245 --a--c---
    c:\windows\system32\dllcache\MSTSWEB.CAT
    2009-03-23 16:38 . 2009-03-23 16:38 <DIR> d-------- c:\documents and
    settings\All Users\Dane aplikacji\Kaspersky Lab
    2009-03-23 11:00 . 2009-03-23 11:00 <DIR> d-------- c:\program files\Seagate
    2009-03-23 08:18 . 2008-06-19 16:24 28,544 --a------
    c:\windows\system32\drivers\pavboot.sys
    2009-03-23 08:17 . 2009-03-23 08:17 <DIR> d-------- c:\program files\Panda
    Security
    2009-03-22 11:35 . 2009-03-22 11:35 <DIR> d-------- c:\program files\Common
    Files\Wise Installation Wizard
    2009-03-20 17:29 . 2009-03-20 17:29 <DIR> d--------
    c:\windows\system32\HouseCall 6.6
    2009-03-20 17:29 . 2009-03-20 17:29 <DIR> d-------- c:\documents and
    settings\Darek\Dane aplikacji\HouseCall 6.6
    2009-03-20 15:41 . 2009-03-20 15:41 13,137,952 --a------ C:\cureit.exe
    2009-03-19 08:18 . 2009-03-19 08:29 278 --a------ c:\windows\HAFASWIN.INI
    2009-03-19 08:18 . 2009-03-19 08:18 21 --a------ c:\windows\progman.ini
    2009-03-19 07:21 . 2009-03-19 07:23 31 --a------ c:\windows\bluevoda.ini
    2009-03-18 23:04 . 2009-03-18 23:03 737,280 --a------ c:\windows\iun6002.exe
    2009-03-18 22:59 . 2009-03-18 22:59 <DIR> d-------- c:\documents and
    settings\Darek\Dane aplikacji\GibbHill Properties Ltd
    2009-03-18 20:02 . 2009-03-09 20:06 15,688 --a------
    c:\windows\system32\lsdelete.exe
    2009-03-18 19:37 . 2009-03-23 08:18 78,362 --a------ c:\windows\setupapi.old
    2009-03-18 19:37 . 2009-03-09 20:06 64,160 --a------
    c:\windows\system32\drivers\Lbd.sys
    2009-03-18 19:36 . 2009-03-18 19:36 <DIR> d-------- c:\program
    files\Lavasoft
    2009-03-18 19:36 . 2009-03-18 19:36 <DIR> d--h-c--- c:\documents and
    settings\All Users\Dane aplikacji\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
    2009-03-16 00:02 . 2007-04-11 21:52 185,344 --a------
    c:\windows\system32\iwpsetup.exe
    2009-03-16 00:02 . 1997-01-16 00:00 29,696 --a------
    c:\windows\system32\VB5STKIT.DLL
    2009-03-16 00:02 . 1997-01-16 13:42 6,114 --a------
    c:\windows\system32\SHELLLNK.TLB
    2009-03-11 17:48 . 2009-03-19 10:13 <DIR> d-------- C:\7
    2009-03-11 17:39 . 2009-03-15 23:38 <DIR> d-------- c:\program
    files\Blockstar
    2009-03-11 16:58 . 2009-03-11 17:46 <DIR> d-------- c:\documents and
    settings\Darek\Dane aplikacji\Cream Software
    2009-02-26 09:16 . 2009-03-11 17:06 <DIR> d-------- C:\6
    2009-02-24 21:57 . 2009-02-24 21:57 <DIR> d-------- c:\program files\Skype
    2009-02-24 21:57 . 2009-02-24 21:57 <DIR> d-------- c:\program files\Common
    Files\Skype
    2009-02-24 08:50 . 2009-02-24 08:50 <DIR> d-------- C:\5

    .
    (((((((((((((((((((((((((((((((((((((((( Sekcja
    nd3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-03-24 08:42 --------- d---a-w c:\documents and settings\All Users\Dane
    aplikacji\Temp
    2009-03-24 08:42 --------- d-----w c:\program files\Trojan Remover
    2009-03-24 08:27 --------- d-----w c:\program files\GetRight
    2009-03-24 08:18 --------- d-----w c:\documents and settings\Darek\Dane
    aplikacji\Spamihilator
    2009-03-24 06:45 --------- d--h--w c:\program files\InstallShield
    Installation Information
    2009-03-23 18:26 360,576 ----a-w c:\windows\system32\drivers\tcpip.sys
    2009-03-23 18:24 --------- d-----w c:\documents and settings\Darek\Dane
    aplikacji\ZoomBrowser EX
    2009-03-23 18:24 --------- d-----w c:\documents and settings\All Users\Dane
    aplikacji\ZoomBrowser
    2009-03-23 17:53 --------- d-----w c:\program files\Creative
    2009-03-21 07:58 --------- d-----w c:\program files\Create-Ringtone
    2009-03-20 16:23 --------- d-----w c:\program files\Spybot - Search &
    Destroy
    2009-03-20 16:23 --------- d-----w c:\documents and settings\All Users\Dane
    aplikacji\Spybot - Search & Destroy
    2009-03-20 10:12 --------- d-----w c:\program files\SkanerOnline
    2009-03-19 19:10 --------- d-----w c:\program files\Spyware Doctor
    2009-03-19 09:14 --------- d-----w c:\program files\emule
    2009-03-19 06:44 --------- d-----w c:\program files\PeerGuardian2
    2009-03-19 06:44 --------- d-----w c:\documents and settings\Darek\Dane
    aplikacji\uTorrent
    2009-03-17 21:04 --------- d-----w c:\documents and settings\Darek\Dane
    aplikacji\Skype
    2009-03-17 21:01 --------- d-----w c:\documents and settings\Darek\Dane
    aplikacji\skypePM
    2009-03-17 06:31 --------- d-----w c:\program files\Microsoft ActiveSync
    2009-03-14 15:34 --------- d-----w c:\documents and settings\Darek\Dane
    aplikacji\Vso
    2009-03-08 10:22 --------- d-----w c:\program files\Soulseek
    2009-02-24 20:57 --------- d-----w c:\documents and settings\All Users\Dane
    aplikacji\Skype
    2009-02-22 23:55 --------- d-----w c:\documents and settings\Darek\Dane
    aplikacji\foobar2000
    2009-02-22 10:44 --------- d-----w c:\program files\Magic Video Converter
    2009-02-18 22:57 --------- d-----w c:\program files\foobar2000
    2009-02-18 21:13 --------- d-----w c:\program files\MediaFACE II
    2009-02-18 20:59 --------- d-----w c:\program files\ALLPlayer
    2009-02-18 20:22 --------- d-----w c:\documents and settings\Darek\Dane
    aplikacji\Moyea
    2009-02-18 20:18 --------- d-----w c:\program files\Moyea
    2009-02-18 20:08 --------- d-----w c:\program files\FLVPlayer
    2009-02-18 20:04 --------- d-----w c:\program files\Smallvideosoft
    2009-02-10 20:58 --------- d-----w c:\program files\Yahoo!
    2009-02-09 14:20 --------- d-----w c:\program files\eSkiMoS R2
    2009-02-06 20:23 --------- d-----w c:\documents and settings\All Users\Dane
    aplikacji\DVD Shrink
    2008-11-30 13:23 47,360 ----a-w c:\documents and settings\Darek\Dane
    aplikacji\pcouffin.sys
    2007-04-04 20:40 221 ----a-w c:\program files\Common Files\max.kk
    2006-06-24 06:48 32,768 ----a-r c:\windows\inf\UpdateUSB.exe
    .

    ------- Sigcheck -------

    2008-06-20 12:59 361600 ad978a1b783b5719720cff204b666c8e
    c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
    2009-03-23 19:26 360576 e7dfcffa380749b8626ad71e8f367dcb
    c:\windows\system32\drivers\tcpip.sys
    .
    ((((((((((((((((((((((((((((((((((((( Wpisy startowe
    jestru ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curren
    tVersion\Run]
    "H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\Wcescomm.exe"
    [2006-11-13 1289000]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curre
    ntVersion\Run]
    "Six Engine"="c:\program files\ASUS\Six Engine\SixEngine.exe" [2008-05-14
    5958656]
    "Spamihilator"="c:\program files\Spamihilator\spamihilator.exe" [2008-12-23
    1321984]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
    [2008-11-10 136600]
    "Look 'n' Stop"="c:\program files\Soft4Ever\looknstop\looknstop.exe"
    [2008-12-28 512070]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
    "CTSysVol"="c:\program files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe"
    [2002-10-29 49152]
    "SBDrvDet"="c:\program files\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-03
    45056]
    "SpIDerNT"="c:\progra~1\DrWeb\spiderui.exe" [2008-10-23 197896]
    "DrWebScheduler"="c:\program files\DrWeb\DRWEBSCD.EXE" [2008-05-06 283888]
    "SpIDerMail"="c:\program files\DrWeb\spiderml.exe" [2008-06-10 501080]
    "nwiz"="nwiz.exe" [2008-10-07 c:\windows\system32\nwiz.exe]
    "CTHelper"="CTHELPER.EXE" [2008-06-27 c:\windows\system32\CtHelper.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Curr
    entVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

    c:\documents and settings\Darek\Menu Start\Programy\Autostart\
    Spyware Doctor Updater.exe [2008-10-30 29228]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.divxa32"= divxa32.acm

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control
    \SafeBoot\Minimal\Lavasoft
    Ad-Aware Service]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control
    \SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"

    [HKLM\~\startupfolder\C:^Documents and Settings^Darek^Menu
    Start^Programy^Autostart^Express Assist Check.lnk]
    path=c:\documents and settings\Darek\Menu Start\Programy\Autostart\Express
    Assist Check.lnk
    backup=c:\windows\pss\Express Assist Check.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared
    tools\msconfig\startupreg\KernelFaultCheck]
    c:\windows\system32\dumprep 0 -k [X]
    HKEY_LOCAL_MACHINE\software\microsoft\shared
    tools\msconfig\startupreg\PDVD8LanguageShortcut
    HKEY_LOCAL_MACHINE\software\microsoft\shared
    tools\msconfig\startupreg\RemoteControl8

    [HKEY_LOCAL_MACHINE\software\microsoft\shared
    tools\msconfig\startupreg\Acronis Scheduler2 Service]
    --a------ 2007-09-14 02:55 140568 c:\program files\Common
    Files\Acronis\Schedule2\schedhlp.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared
    tools\msconfig\startupreg\AcronisTimounterMonitor]
    --a------ 2007-09-14 03:02 905056 c:\program
    files\Acronis\TrueImageHome\TimounterMonitor.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared
    tools\msconfig\startupreg\Ad-Watch]
    --a------ 2009-03-09 20:06 515416 c:\program
    files\Lavasoft\Ad-Aware\AAWTray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared
    tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    --a------ 2008-01-11 22:16 39792 c:\program files\Adobe\Reader
    8.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared
    tools\msconfig\startupreg\ALLUpdate]
    --a------ 2008-11-24 20:44 869888 c:\program files\ALLPlayer\ALLUpdate.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared
    tools\msconfig\startupreg\CTDVDDET]
    --a------ 2003-06-18 01:00 45056 c:\program
    files\Creative\DVDAudio\CTDVDDET.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared
    tools\msconfig\startupreg\EPSON Stylus DX7400 Series]
    --a------ 2007-04-12 07:00 182272
    c:\windows\system32\spool\drivers\w32x86\3\E_FATICDE
    .EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared
    tools\msconfig\startupreg\LanguageShortcut]
    --a------ 2006-04-13 11:09 49152 c:\program
    files\CyberLink\PowerDVD\Language\Language.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared
    tools\msconfig\startupreg\NeroFilterCheck]
    --a------ 2006-01-12 16:40 155648 c:\windows\system32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared
    tools\msconfig\startupreg\Nokia.PCSync]
    --a------ 2008-06-17 16:00 1249280 c:\program files\Nokia\Nokia PC Suite
    7\PcSync2.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared
    tools\msconfig\startupreg\NvCplDaemon]
    --a------ 2008-10-07 13:33 13574144 c:\windows\system32\nvcpl.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared
    tools\msconfig\startupreg\NvMediaCenter]
    --a------ 2008-10-07 13:33 86016 c:\windows\system32\nvmctray.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC
    Suite Tray]
    --a------ 2008-08-11 08:31 1124352 c:\program files\Nokia\Nokia PC Suite
    7\PCSuite.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared
    tools\msconfig\startupreg\RemoteControl]
    --a------ 2005-12-07 22:57 30208 c:\program
    files\CyberLink\PowerDVD\PDVDServ.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared
    tools\msconfig\startupreg\TrueImageMonitor.exe]
    --a------ 2007-09-14 02:52 2595480 c:\program
    files\Acronis\TrueImageHome\TrueImageMonitor.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared
    tools\msconfig\startupreg\WinampAgent]
    --a------ 2001-10-02 00:42 10752 c:\program files\Winamp\winampa.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared
    tools\msconfig\startupreg\nwiz]
    --a------ 2008-10-07 13:33 1630208 c:\windows\system32\nwiz.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpol
    icy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpol
    icy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\Gadu-Gadu\\gg.exe"=
    "c:\\Program Files\\Soulseek\\slsk.exe"=
    "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program
    files\Microsoft
    ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Ena
    bled:ActiveSync RAPI
    Manager
    "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program
    files\Microsoft
    ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:En
    abled:ActiveSync
    Connection Manager
    "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program
    files\Microsoft
    ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Ena
    bled:ActiveSync
    Application
    "c:\\Program Files\\Spamihilator\\cdcc.exe"=
    "c:\\Program Files\\Spamihilator\\dccproc.exe"=
    "c:\\Program Files\\Spamihilator\\spamihilator.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpol
    icy\standardprofile\GloballyOpenPorts\List]
    "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSy
    nc Service

    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-03-18 64160]
    R0 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys [2008-07-22 151592]
    R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.
    sys [2009-03-23
    28544]
    R1 lnsfw1;lnsfw1;c:\windows\system32\drivers\lnsfw1.sys [2008-12-28 77184]
    R2 SPIDER;SpIDer Guard File System Monitor;c:\progra~1\DrWeb\spider.sys
    [2009-03-24 268040]
    R2 SPIDERNT;SpIDer Guard for Windows;c:\progra~1\DrWeb\spidernt.exe
    [2009-03-24 197896]
    R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\driver
    s\COMMONFX.sys
    [2008-06-27 99352]
    R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\
    CTAUDFX.sys
    [2008-06-27 555032]
    R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\
    CTSBLFX.sys
    [2008-06-27 566296]
    R3 L1e;Miniport Driver for Atheros AR8121/AR8113 PCI-E Ethernet
    Controller;c:\windows\system32\drivers\l1e51x86.sys [2008-11-04 36864]
    S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMON
    FX.sys [2008-06-27
    99352]
    S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.
    sys [2008-06-27
    555032]
    S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\driver
    s\CTERFXFX.sys
    [2008-06-27 100888]
    S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFX
    FX.sys [2008-06-27
    100888]
    S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.
    sys [2008-06-27
    566296]
    S3 FirebirdGuardianDefaultInstance;Firebird Guardian -
    DefaultInstance;i:\firebird\Firebird_1_5\bin\fbguard
    .exe -s -->
    i:\firebird\Firebird_1_5\bin\fbguard.exe -s [?]
    S3 FirebirdServerDefaultInstance;Firebird Server -
    DefaultInstance;i:\firebird\Firebird_1_5\bin\fbserve
    r.exe -s -->
    i:\firebird\Firebird_1_5\bin\fbserver.exe -s [?]
    S3 KS-959;Kingsun KS-959 USB Infrared
    Adapter;c:\windows\system32\drivers\ks-959.sys [2005-07-23 19034]
    S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program
    files\Lavasoft\Ad-Aware\AAWService.exe [2009-03-09 951632]
    S3 nmwcdnsu;Nokia USB Flashing Phone
    Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2008-12-24 138112]
    S3 nmwcdnsuc;Nokia USB Flashing
    Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2008-12-24 8320]
    S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware
    Doctor\pctsAuxs.exe [2009-01-23 356920]
    S3 V0260VID;Live! Cam Vista IM;c:\windows\system32\drivers\V0260Vid.sys
    [2008-11-04 178913]

    [HKEY_CURRENT_USER\software\microsoft\windows\curren
    tversion\explorer\mountpoints2\{521142a4-c6ba-11dd-9
    b11-000000000000}]
    \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE
    Shell32.DLL,ShellExec_RunDLL explore.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\curren
    tversion\explorer\mountpoints2\{b08c2893-aa51-11dd-a
    53b-806d6172696f}]
    \Shell\AutoRun\command - M:\setup.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed
    components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    "c:\program files\Common Files\LightScribe\LSRunOnce.exe"
    .
    Zawartość folderu 'Zaplanowane zadania'

    2009-03-23 c:\windows\Tasks\Ad-Aware Update (Weekly).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 20:06]

    2009-03-23 c:\windows\Tasks\Norton Security Scan for Darek.job
    - c:\program files\Norton Security Scan\Nss.exe [2008-09-19 04:18]
    .
    - - - - USUNIĘTO PUSTE WPISY - - - -

    Notify-efcbCSkj - efcbCSkj.dll
    MSConfigStartUp-SpybotSD TeaTimer - c:\program files\Spybot - Search &
    Destroy\TeaTimer.exe
    MSConfigStartUp-UVS11 Preload - e:\program files\Ulead Systems\Ulead
    VideoStudio 11\uvPL.exe
    MSConfigStartUp-Vidalia - c:\program files\Vidalia
    Bundle\Vidalia\vidalia.exe


    .
    ------- Skan uzupełniający -------
    .
    uStart Page = about:blank
    uInternet Settings,ProxyOverride = *.local
    IE: Download with GetRight Pro - c:\program files\GetRight\GRdownload.htm
    IE: E&ksport do programu Microsoft Excel -
    c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    IE: Open with GetRight Pro Browser - c:\program files\GetRight\GRbrowse.htm
    LSP: c:\windows\system32\DRWEBSP.DLL
    FF - ProfilePath - c:\documents and settings\Darek\Dane
    aplikacji\Mozilla\Firefox\Profiles\zx5x027r.default\
    FF - prefs.js: browser.startup.homepage - www.google.pl
    FF - plugin: c:\program files\Mozilla Firefox\plugins\NPGetRt.dll
    .

    ****************************************************
    **********************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
    http://www.gmer.net
    Rootkit scan 2009-03-24 10:00:22
    Windows 5.1.2600 Dodatek Service Pack 2 NTFS

    skanowanie ukrytych procesów ...

    skanowanie ukrytych wpisów autostartu ...

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    CTHelper = CTHELPER.EXE?

    skanowanie ukrytych plików ...

    skanowanie pomyślnie ukończone
    ukryte pliki: 0

    ****************************************************
    **********************
    .
    --------------------- Pliki DLL ładowane pod uruchomionymi
    procesami ---------------------

    - - - - - - - > 'lsass.exe'(1204)
    c:\windows\system32\relog_ap.dll
    c:\windows\system32\DRWEBSP.DLL
    .
    ------------------------ Pozostałe uruchomione
    procesy ------------------------
    .
    c:\windows\system32\savedump.exe
    c:\windows\system32\rundll32.exe
    c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Common Files\InterVideo\DeviceService\DevSvc.exe
    c:\documents and settings\Darek\Menu Start\Programy\Autostart\Spyware Doctor
    Updater.exe
    c:\windows\system32\CTSVCCDA.EXE
    c:\documents and settings\All Users\Dane aplikacji\EPSON\EPW!3
    SSRP\E_S40RP7.EXE
    c:\progra~1\MI3AA1~1\rapimgr.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Common Files\LightScribe\LSSrvc.exe
    c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    c:\windows\system32\nvsvc32.exe
    c:\program files\CyberLink\Shared files\RichVideo.exe
    c:\program files\DrWeb\spidernt.exe
    c:\program files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
    c:\program files\Canon\CAL\CALMAIN.exe
    c:\windows\system32\wscntfy.exe
    c:\program files\DrWeb\drwebupw.exe
    .
    ****************************************************
    **********************
    .
    Czas ukończenia: 2009-03-24 10:01:55 - komputer został uruchomiony ponownie
    [Darek]
    ComboFix-quarantined-files.txt 2009-03-24 09:01:52

    Przed: 2 921 869 312 bajtów wolnych
    Po: 4,011,827,200 bajtów wolnych


    Pozdro

    --
    ----------------------
    Negatyw
    negatyw001(małpa)o2.pl
    ----------------------


  • 6. Data: 2009-03-24 09:43:54
    Temat: Re: Problem z restartami
    Od: staszek <s...@g...com>


    To zostaje w HiJacku:

    O4 - HKLM\..\Run: [Six Engine] "C:\Program Files\ASUS\Six
    Engine\SixEngine.exe" -r
    O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative
    \SBAudigy2\Surround
    Mixer\CTSysVol.exe
    O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive
    Det\SBDrvDet.exe /r
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE
    (User
    'USŁUGA SIECIOWA')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE
    (User
    'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE
    (User
    'Default user')
    09 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583}
    -
    C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O17 -
    HKLM\System\CCS\Services\Tcpip\..
    \{12090D13-3BD7-40E3-8257-8A5C676B4824}:
    NameServer = 78.152.23.66,78.152.23.67
    O17 -
    HKLM\System\CS1\Services\Tcpip\..
    \{12090D13-3BD7-40E3-8257-8A5C676B4824}:
    NameServer = 78.152.23.66,78.152.23.67
    O17 -
    HKLM\System\CS2\Services\Tcpip\..
    \{12090D13-3BD7-40E3-8257-8A5C676B4824}:
    NameServer = 78.152.23.66,78.152.23.67
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -
    C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL


    Reszta zaznacz budki i zfixuj.

    budek 023 nie musisz zaznaczać bo usuwa sie je inaczej.

    Start>uruchom> wpisz msconfig <enter> zakładka usługi (nadole masz
    ukryj wszystkie Microsoft) i tam odznaczasz co nie ma sie uruchamiać
    razem z windą
    Możesz smiało wywalić

    Apple, InterVideo, Firebird, Java, Light Scribe, Cyberlink,Acronis
    formatc.

    Co do Combofixa konsola czasami jest przydatna to narzędzi M$ coś jak
    tryb awaryjny z wiersza poleceń nie koniecznie musisz instalować.

    No i po tych operacjach jakis antywirus najlepiej zainstaluj jakis na
    nowo bo nie wiadomo czy obecny nie jest zarażony polecam kasperski
    chociażby wersje - 30 dniowa. Lub darmowy AVIRA

    Pozdrwaiam i powodzenia w czyszczenu.



    On 24 Mar, 10:08, "Negatyw" <n...@U...o2.pl.invalid> wrote:
    > Użytkownik "staszek" <s...@g...com> napisał w
    wiadomościnews:9f918ff9-e232-4889-806b-5a82306ec94b@
    33g2000yqm.googlegroups.com...
    >
    > > 2. HiJack -odznacz wszystkie swiństwa (które niepotrzebnie się uruchamiają
    > > w systemem) i z fix-uj
    >
    > Nie bardzo mówiąc szczerze jarzę, co jest OK a co NIE... No i nie mam
    > zainstalowanej kontroli odzyskiwania - czym by to nie było.
    > Tu masz loga z tego:
    >
    > Logfile of Trend Micro HijackThis v2.0.2
    > Scan saved at 09:47:22, on 2009-03-24
    > Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
    > MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    > Boot mode: Safe mode
    >
    > Running processes:
    > C:\WINDOWS\System32\smss.exe
    > C:\WINDOWS\system32\winlogon.exe
    > C:\WINDOWS\system32\services.exe
    > C:\WINDOWS\system32\savedump.exe
    > C:\WINDOWS\system32\lsass.exe
    > C:\WINDOWS\system32\svchost.exe
    > C:\WINDOWS\system32\svchost.exe
    > C:\WINDOWS\Explorer.EXE
    > C:\Program Files\totalcmd\TOTALCMD.EXE
    > C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    >
    > R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    > R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    > R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    > R3 - Default URLSearchHook is missing
    > O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    > O2 - BHO: Adobe PDF Reader Link Helper -
    > {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common
    > Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    > O2 - BHO: Skype add-on (mastermind) -
    > {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program
    > Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    > O2 - BHO: GetRight IE Download Helper -
    > {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
    > O2 - BHO: Java(tm) Plug-In SSV Helper -
    > {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program
    > Files\Java\jre6\bin\ssv.dll
    > O2 - BHO: Catcher Class - {ADECBED6-0366-4377-A739-E69DFBA04663} -
    > C:\Program Files\Moyea\FLV Downloader\MoyeaCth.dll
    > O2 - BHO: Java(tm) Plug-In 2 SSV Helper -
    > {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program
    > Files\Java\jre6\bin\jp2ssv.dll
    > O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -
    > C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    > O4 - HKLM\..\Run: [Six Engine] "C:\Program Files\ASUS\Six
    > Engine\SixEngine.exe" -r
    > O4 - HKLM\..\Run: [Spamihilator] "C:\Program
    > Files\Spamihilator\spamihilator.exe"
    > O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program
    > Files\Java\jre6\bin\jusched.exe"
    > O4 - HKLM\..\Run: [Look 'n' Stop] "C:\Program
    > Files\Soft4Ever\looknstop\looknstop.exe" -auto
    > O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
    > C:\WINDOWS\system32\NvCpl.dll,NvStartup
    > O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    > O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE
    > C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    > O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround
    > Mixer\CTSysVol.exe
    > O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive
    > Det\SBDrvDet.exe /r
    > O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    > O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    > O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    > O4 - HKLM\..\Run: [SpIDerNT] C:\PROGRA~1\DrWeb\spiderui.exe /agent
    > O4 - HKLM\..\Run: [DrWebScheduler] "C:\Program Files\DrWeb\DRWEBSCD.EXE"
    > O4 - HKLM\..\Run: [SpIDerMail] "C:\Program Files\DrWeb\spiderml.exe"
    > O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan
    > Remover\Trjscan.exe /boot
    > O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE
    > O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User
    > 'USŁUGA SIECIOWA')
    > O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User
    > 'SYSTEM')
    > O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User
    > 'Default user')
    > O9 - Extra button: Create Mobile Favorite -
    > {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    > O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} -
    > C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    > O9 - Extra 'Tools' menuitem: Utwórz Ulubione dla urządzenia przenośnego... -
    > {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    > O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} -
    > C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    > O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
    > C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    > O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} -
    > C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    > O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -
    > {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network
    > Diagnostic\xpnetdiag.exe
    > O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan
    > Control) -http://edownload.grisoft.cz/ewidoOnlineScan.cab
    > O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan
    > Agent 6.6) -http://ushousecall02.trendmicro.com/housecall/apple
    t/html/native/x86/...
    > O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus
    > scanner) -http://security.symantec.com/sscv6/SharedContent/vc
    /bin/AvSniff.cab
    > O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer
    > Class) -http://acs.pandasoftware.com/activescan/cabs/as2stu
    bie.cab
    > O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class)
    -http://update.microsoft.com/windowsupdate/v6/V5Cont
    rols/en/x86/client...
    > O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility
    > Class) -http://security.symantec.com/sscv6/SharedContent/co
    mmon/bin/cabsa.cab
    > O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class)
    -http://www.mks.com.pl/skaner/SkanerOnline.cab
    > O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner)
    -http://ax.emsisoft.com/asquared.cab
    > O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} (IPSUploader4 Control)
    -https://asp.photoprintit.de/microsite/1289/defaults
    /activex/ips/IPSUp...
    > O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software
    > AutoUpdate Support Package) -http://www.creative.com/softwareupdate/su2/ocx/1510
    6/CTPID.cab
    > O17 -
    > HKLM\System\CCS\Services\Tcpip\..\{12090D13-3BD7-40E
    3-8257-8A5C676B4824}:
    > NameServer = 78.152.23.66,78.152.23.67
    > O17 -
    > HKLM\System\CS1\Services\Tcpip\..\{12090D13-3BD7-40E
    3-8257-8A5C676B4824}:
    > NameServer = 78.152.23.66,78.152.23.67
    > O17 -
    > HKLM\System\CS2\Services\Tcpip\..\{12090D13-3BD7-40E
    3-8257-8A5C676B4824}:
    > NameServer = 78.152.23.66,78.152.23.67
    > O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -
    > C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    > O20 - Winlogon Notify: efcbCSkj - efcbCSkj.dll (file missing)
    > O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis -
    > C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    > O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour
    > Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    > O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program
    > Files\Common Files\InterVideo\DeviceService\DevSvc.exe
    > O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. -
    > C:\Program Files\Canon\CAL\CALMAIN.exe
    > O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd -
    > C:\WINDOWS\system32\CTsvcCDA.exe
    > O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON
    > CORPORATION - C:\Documents and Settings\All Users\Dane aplikacji\EPSON\EPW!3
    > SSRP\E_S40RP7.EXE
    > O23 - Service: Firebird Guardian - DefaultInstance
    > (FirebirdGuardianDefaultInstance) - The Firebird Project -
    > I:\Firebird\Firebird_1_5\bin\fbguard.exe
    > O23 - Service: Firebird Server - DefaultInstance
    > (FirebirdServerDefaultInstance) - The Firebird Project -
    > I:\Firebird\Firebird_1_5\bin\fbserver.exe
    > O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. -
    > C:\Program Files\Common Files\Macrovision Shared\FLEXnet
    > Publisher\FNPLicensingService.exe
    > O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun
    > Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    > O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program
    > Files\Lavasoft\Ad-Aware\AAWService.exe
    > O23 - Service: LightScribeService Direct Disc Labeling Service
    > (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common
    > Files\LightScribe\LSSrvc.exe
    > O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -
    > C:\WINDOWS\system32\nvsvc32.exe
    > O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown
    > owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
    > O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools -
    > C:\Program Files\Spyware Doctor\pctsAuxs.exe
    > O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools -
    > C:\Program Files\Spyware Doctor\pctsSvc.exe
    > O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity
    > Solution\ServiceLayer.exe
    > O23 - Service: SpIDer Guard for Windows (SPIDERNT) - Doctor Web, Ltd. -
    > C:\PROGRA~1\DrWeb\spidernt.exe
    > O23 - Service: Acronis Try And Decide Service (TryAndDecideService) -
    > Unknown owner - C:\Program Files\Common
    > Files\Acronis\Fomatik\TrueImageTryStartService.exe
    >
    > > 4. COMBOFIX najnowszy zawsze na instalki.pl
    > > 5. Restart
    > > 6. Tryb normalny
    >
    > ComboFix 09-03-22.01 - Administrator 2009-03-24  9:56:32.1 - NTFSx86 MINIMAL
    > Microsoft Windows XP Professional  5.1.2600.2.1250.1.1045.18.3327.3060 [GMT
    > 1:00]
    > Uruchomiony z: c:\10\ComboFix.exe
    > AV: Doctor Web Anti-Virus *On-access scanning disabled* (Updated)
    > FW: Look 'n' Stop 2.06 (Soft4Ever) *enabled*
    >
    > UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!
    > .
    >
    > (((((((((((((((((((((((((((((((((((((((
    > Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
    > .
    >
    > c:\documents and settings\Darek\Dane aplikacji\inst.exe
    > c:\windows\system32\micr0st.dll
    >
    > .
    > (((((((((((((((((((((((((((((((((((((((
    > Sterowniki/Usługi   )))))))))))))))))))))))))))))))))))))))))))))))))
    > .
    >
    > -------\Legacy_ISODRIVE
    > -------\Service_ISODrive
    >
    > (((((((((((((((((((((((((   Pliki utworzone od 2009-02-24 do
    > 009-03-24  )))))))))))))))))))))))))))))))
    > .
    >
    > 2009-03-24 09:47 . 2009-03-24 09:47 <DIR> d-------- c:\program files\Trend
    > Micro
    > 2009-03-24 09:36 . 2009-03-24 09:36 <DIR> d-------- c:\documents and
    > settings\All Users\Dane aplikacji\Simply Super Software
    > 2009-03-24 09:36 . 2006-05-25 15:52 162,304 --a------
    > c:\windows\system32\ztvunrar36.dll
    > 2009-03-24 09:36 . 2003-02-02 20:06 153,088 --a------
    > c:\windows\system32\UNRAR3.dll
    > 2009-03-24 09:36 . 2005-08-26 01:50 77,312 --a------
    > c:\windows\system32\ztvunace26.dll
    > 2009-03-24 09:36 . 2002-03-06 01:00 75,264 --a------
    > c:\windows\system32\unacev2.dll
    > 2009-03-24 09:36 . 2006-06-19 13:01 69,632 --a------
    > c:\windows\system32\ztvcabinet.dll
    > 2009-03-24 09:28 . 2009-03-24 09:33 <DIR> d-------- C:\10
    > 2009-03-24 09:01 . 2009-03-24 09:01 <DIR> d-------- c:\program files\MCS
    > Studios
    > 2009-03-24 09:01 . 2005-12-14 22:16 237,568 --a------
    > c:\windows\system32\mcstabs.ocx
    > 2009-03-24 09:01 . 1998-06-18 00:00 89,360 --a------
    > c:\windows\system32\VB5DB.DLL
    > 2009-03-24 07:45 . 2009-03-24 09:25 <DIR> d-------- c:\program files\DrWeb
    > 2009-03-24 07:45 . 2009-03-24 07:46 77,824 --a----t-
    > c:\windows\system32\DRWEBSP.DLL
    > 2009-03-23 18:44 . 2009-03-24 10:00 4,958,588 --a------
    > c:\windows\{00000005-00000000-00000001-00001102-0000
    0004-10071102}.BAK
    > 2009-03-23 18:44 . 2009-03-24 09:44 31,056 --a------
    > c:\windows\system32\BMXStateBkp-{00000005-00000000-0
    0000001-00001102-000000 04-10071102}.rfx
    > 2009-03-23 18:44 . 2009-03-24 09:44 31,056 --a------
    > c:\windows\system32\BMXState-{00000005-00000000-0000
    0001-00001102-00000004- 10071102}.rfx
    > 2009-03-23 18:44 . 2009-03-24 09:44 30,528 --a------
    > c:\windows\system32\BMXCtrlState-{00000005-00000000-
    00000001-00001102-00000 004-10071102}.rfx
    > 2009-03-23 18:44 . 2009-03-24 09:44 30,528 --a------
    > c:\windows\system32\BMXBkpCtrlState-{00000005-000000
    00-00000001-00001102-00 000004-10071102}.rfx
    > 2009-03-23 18:44 . 2009-03-24 09:44 11,564 --a------
    > c:\windows\system32\DVCState-{00000005-00000000-0000
    0001-00001102-00000004- 10071102}.rfx
    > 2009-03-23 18:44 . 2009-03-23 18:44 1,080 --a------
    > c:\windows\system32\settingsbkup.sfm
    > 2009-03-23 18:44 . 2009-03-23 18:44 1,080 --a------
    > c:\windows\system32\settings.sfm
    > 2009-03-23 18:41 . 2009-03-24 10:00 4,958,588 --a------
    > c:\windows\{00000005-00000000-00000001-00001102-0000
    0004-10071102}.CDF
    > 2009-03-23 18:37 . 1998-01-08 01:00 1,048,576 ---------
    > c:\windows\system32\SFMAN.DAT
    > 2009-03-23 18:37 . 1995-01-13 14:10 149,504 ---------
    > c:\windows\system32\MFCANS32.DLL
    > 2009-03-23 18:37 . 1995-01-13 14:10 108,032 ---------
    > c:\windows\system32\MFCUIA32.DLL
    > 2009-03-23 18:37 . 2000-05-11 01:00 90,112 --------- c:\windows\Updreg.EXE
    > 2009-03-23 18:37 . 1998-06-05 02:00 84,992 ---------
    > c:\windows\system32\SFCVRT32.DLL
    > 2009-03-23 18:37 . 1995-08-30 02:02 82,432 ---------
    > c:\windows\system32\CTWFLT32.DLL
    > 2009-03-23 18:37 . 1998-10-20 16:05 54,784 ---------
    > c:\windows\system32\INETWH32.DLL
    > 2009-03-23 18:37 . 1994-12-05 03:11 53,552 --------- c:\windows\CTCCW.DLL
    > 2009-03-23 18:37 . 1995-07-13 02:01 26,768 ---------
    > c:\windows\system32\CTL3D.DLL
    > 2009-03-23 18:37 . 1996-05-23 02:24 24,976 --------- c:\windows\CTRES.DLL
    > 2009-03-23 18:37 . 1999-01-14 14:04 231 --------- c:\windows\AC3API.INI
    > 2009-03-23 18:34 . 2002-02-20 03:00 331,776 ---------
    > c:\windows\system32\CTMEDENG.DLL
    > 2009-03-23 18:34 . 2001-09-18 03:00 139,264 --a------
    > c:\windows\system32\Video.skn
    > 2009-03-23 18:34 . 2001-03-30 02:00 62,976 --a------
    > c:\windows\system32\CTDetres.dll
    > 2009-03-23 18:34 . 2000-04-20 01:00 24,576 --a------
    > c:\windows\system32\CTMERes.DLL
    > 2009-03-23 18:34 . 1998-09-17 01:52 17,350 --a------
    > c:\windows\system32\CTDetect.hlp
    > 2009-03-23 18:34 . 1998-09-17 01:52 641 --a------
    > c:\windows\system32\CTDetect.cnt
    > 2009-03-23 18:34 . 2009-03-23 18:37 136 --a------ c:\windows\SBWIN.INI
    > 2009-03-23 18:32 . 2003-03-05 12:19 15,840 ---------
    > c:\windows\system32\pfmodnt.sys
    > 2009-03-23 18:25 . 2009-03-24 09:43 2,145,386,496 --a------
    > c:\windows\MEMORY.DMP
    > 2009-03-23 17:53 . 2005-04-20 20:31 1,712,128 -----c---
    > c:\windows\system32\dllcache\netshell.dll
    > 2009-03-23 17:53 . 2005-04-20 20:31 474,624 -----c---
    > c:\windows\system32\dllcache\wzcsvc.dll
    > 2009-03-23 17:53 . 2005-04-20 20:31 381,952 -----c---
    > c:\windows\system32\dllcache\wzcdlg.dll
    > 2009-03-23 17:53 . 2005-04-20 20:31 52,736 -----c---
    > c:\windows\system32\dllcache\wzcsapi.dll
    > 2009-03-23 17:53 . 2005-04-20 00:54 14,592 -----c---
    > c:\windows\system32\dllcache\ndisuio.sys
    > 2009-03-23 17:51 . 2009-03-23 17:51 749 -rah-----
    > c:\windows\WindowsShell.Manifest
    > 2009-03-23 17:51 . 2009-03-23 17:51 749 -rah-----
    > c:\windows\system32\wuaucpl.cpl.manifest
    > 2009-03-23 17:51 . 2009-03-23 17:51 749 -rah-----
    > c:\windows\system32\sapi.cpl.manifest
    > 2009-03-23 17:51 . 2009-03-23 17:51 749 -rah-----
    > c:\windows\system32\nwc.cpl.manifest
    > 2009-03-23 17:51 . 2009-03-23 17:51 749 -rah-----
    > c:\windows\system32\ncpa.cpl.manifest
    > 2009-03-23 17:51 . 2009-03-23 17:51 488 -rah-----
    > c:\windows\system32\logonui.exe.manifest
    > 2009-03-23 17:47 . 2006-09-13 18:18 153,088 --a------
    > c:\windows\system32\irftp.exe
    > 2009-03-23 17:47 . 2006-09-13 18:18 87,424 --a------
    > c:\windows\system32\drivers\irda.sys
    > 2009-03-23 17:47 . 2006-09-13 18:19 27,648 --a------
    > c:\windows\system32\irmon.dll
    > 2009-03-23 17:47 . 2006-09-13 18:18 8,192 --a------
    > c:\windows\system32\wshirda.dll
    > 2009-03-23 17:38 . 2008-10-07 13:33 201,157 --a------
    > c:\windows\system32\nvapps.nvb
    > 2009-03-23 17:33 . 2006-09-13 18:17 19,584 --a------
    > c:\windows\system32\drivers\rasirda.sys
    > 2009-03-23 17:32 . 2001-10-26 19:29 24,661 --a------
    > c:\windows\system32\spxcoins.dll
    > 2009-03-23 17:32 . 2001-10-26 19:29 13,312 --a------
    > c:\windows\system32\irclass.dll
    > 2009-03-23 17:31 . 2004-08-04 01:27 1,896,400 --a--c---
    > c:\windows\system32\dllcache\NT5.CAT
    > 2009-03-23 17:31 . 2004-08-04 01:27 1,086,058 --a--c---
    > c:\windows\system32\dllcache\NTPRINT.CAT
    > 2009-03-23 17:31 . 2004-08-04 01:27 1,086,058 -ra------ c:\windows\SET95.tmp
    > 2009-03-23 17:31 . 2004-08-04 01:32 1,014,483 -ra------ c:\windows\SET92.tmp
    > 2009-03-23 17:31 . 2004-08-04 01:27 620,500 --a--c---
    > c:\windows\system32\dllcache\NT5INF.CAT
    > 2009-03-23 17:31 . 2004-08-04 01:28 141,702 --a--c---
    > c:\windows\system32\dllcache\netfx.cat
    > 2009-03-23 17:31 . 2004-08-04 01:32 102,826 --a--c---
    > c:\windows\system32\dllcache\tabletpc.cat
    > 2009-03-23 17:31 . 2004-08-04 01:27 31,965 --a--c---
    > c:\windows\system32\dllcache\mediactr.cat
    > 2009-03-23 17:31 . 2004-08-04 01:27 30,983 --a--c---
    > c:\windows\system32\dllcache\FP4.CAT
    > 2009-03-23 17:31 . 2004-08-04 01:26 14,043 --a--c---
    > c:\windows\system32\dllcache\IMS.CAT
    > 2009-03-23 17:31 . 2004-08-04 01:26 14,043 -ra------ c:\windows\SETA1.tmp
    > 2009-03-23 17:31 . 2004-08-04 01:27 7,245 --a--c---
    > c:\windows\system32\dllcache\MSTSWEB.CAT
    > 2009-03-23 16:38 . 2009-03-23 16:38 <DIR> d-------- c:\documents and
    > settings\All Users\Dane aplikacji\Kaspersky Lab
    > 2009-03-23 11:00 . 2009-03-23 11:00 <DIR> d-------- c:\program files\Seagate
    > 2009-03-23 08:18 . 2008-06-19 16:24 28,544 --a------
    > c:\windows\system32\drivers\pavboot.sys
    > 2009-03-23 08:17 . 2009-03-23 08:17 <DIR> d-------- c:\program files\Panda
    > Security
    > 2009-03-22 11:35 . 2009-03-22 11:35 <DIR> d-------- c:\program files\Common
    > Files\Wise Installation Wizard
    > 2009-03-20 17:29 . 2009-03-20 17:29 <DIR> d--------
    > c:\windows\system32\HouseCall 6.6
    > 2009-03-20 17:29 . 2009-03-20 17:29 <DIR> d-------- c:\documents and
    > settings\Darek\Dane aplikacji\HouseCall 6.6
    > 2009-03-20 15:41 . 2009-03-20 15:41 13,137,952 --a------ C:\cureit.exe
    > 2009-03-19 08:18 . 2009-03-19 08:29 278 --a------ c:\windows\HAFASWIN.INI
    > 2009-03-19 08:18 . 2009-03-19 08:18 21 --a------ c:\windows\progman.ini
    > 2009-03-19 07:21 . 2009-03-19 07:23 31 --a------ c:\windows\bluevoda.ini
    > 2009-03-18 23:04 . 2009-03-18 23:03 737,280 --a------ c:\windows\iun6002.exe
    > 2009-03-18 22:59 . 2009-03-18 22:59 <DIR> d-------- c:\documents and
    > settings\Darek\Dane aplikacji\GibbHill Properties Ltd
    > 2009-03-18 20:02 . 2009-03-09 20:06 15,688 --a------
    > c:\windows\system32\lsdelete.exe
    > 2009-03-18 19:37 . 2009-03-23 08:18 78,362 --a------ c:\windows\setupapi.old
    > 2009-03-18 19:37 . 2009-03-09 20:06 64,160 --a------
    > c:\windows\system32\drivers\Lbd.sys
    > 2009-03-18 19:36 . 2009-03-18 19:36 <DIR> d-------- c:\program
    > files\Lavasoft
    > 2009-03-18 19:36 . 2009-03-18 19:36 <DIR> d--h-c--- c:\documents and
    > settings\All Users\Dane aplikacji\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
    > 2009-03-16 00:02 . 2007-04-11 21:52 185,344 --a------
    > c:\windows\system32\iwpsetup.exe
    > 2009-03-16 00:02 . 1997-01-16 00:00 29,696 --a------
    > c:\windows\system32\VB5STKIT.DLL
    > 2009-03-16 00:02 . 1997-01-16 13:42 6,114 --a------
    > c:\windows\system32\SHELLLNK.TLB
    > 2009-03-11 17:48 . 2009-03-19 10:13 <DIR> d-------- C:\7
    > 2009-03-11 17:39 . 2009-03-15 23:38 <DIR> d-------- c:\program
    > files\Blockstar
    > 2009-03-11 16:58 . 2009-03-11 17:46 <DIR> d-------- c:\documents and
    > settings\Darek\Dane aplikacji\Cream Software
    > 2009-02-26 09:16 . 2009-03-11 17:06 <DIR> d-------- C:\6
    > 2009-02-24 21:57 . 2009-02-24 21:57 <DIR> d-------- c:\program files\Skype
    > 2009-02-24 21:57 . 2009-02-24 21:57 <DIR> d-------- c:\program files\Common
    > Files\Skype
    > 2009-02-24 08:50 . 2009-02-24 08:50 <DIR> d-------- C:\5
    >
    > .
    > ((((((((((((((((((((((((((((((((((((((((   Sekcja
    > nd3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
    > .
    > 2009-03-24 08:42 --------- d---a-w c:\documents and settings\All Users\Dane
    > aplikacji\Temp
    > 2009-03-24 08:42 --------- d-----w c:\program files\Trojan Remover
    > 2009-03-24 08:27 --------- d-----w c:\program files\GetRight
    > 2009-03-24 08:18 --------- d-----w c:\documents and settings\Darek\Dane
    > aplikacji\Spamihilator
    > 2009-03-24 06:45 --------- d--h--w c:\program files\InstallShield
    > Installation Information
    > 2009-03-23 18:26 360,576 ----a-w c:\windows\system32\drivers\tcpip.sys
    > 2009-03-23 18:24 --------- d-----w c:\documents and settings\Darek\Dane
    > aplikacji\ZoomBrowser EX
    > 2009-03-23 18:24 --------- d-----w c:\documents and settings\All Users\Dane
    > aplikacji\ZoomBrowser
    > 2009-03-23 17:53 --------- d-----w c:\program files\Creative
    > 2009-03-21 07:58 --------- d-----w c:\program files\Create-Ringtone
    > 2009-03-20 16:23 --------- d-----w c:\program files\Spybot - Search &
    > Destroy
    > 2009-03-20 16:23 --------- d-----w c:\documents and settings\All Users\Dane
    > aplikacji\Spybot - Search & Destroy
    > 2009-03-20 10:12 --------- d-----w c:\program files\SkanerOnline
    > 2009-03-19 19:10 --------- d-----w c:\program files\Spyware Doctor
    > 2009-03-19 09:14 --------- d-----w c:\program files\emule
    > 2009-03-19 06:44 --------- d-----w c:\program files\PeerGuardian2
    > 2009-03-19 06:44 --------- d-----w c:\documents and settings\Darek\Dane
    > aplikacji\uTorrent
    > 2009-03-17 21:04 --------- d-----w c:\documents and settings\Darek\Dane
    > aplikacji\Skype
    > 2009-03-17 21:01 --------- d-----w c:\documents and settings\Darek\Dane
    > aplikacji\skypePM
    > 2009-03-17 06:31 --------- d-----w c:\program files\Microsoft ActiveSync
    > 2009-03-14 15:34 --------- d-----w c:\documents and settings\Darek\Dane
    > aplikacji\Vso
    > 2009-03-08 10:22 --------- d-----w c:\program files\Soulseek
    > 2009-02-24 20:57 --------- d-----w c:\documents and settings\All Users\Dane
    > aplikacji\Skype
    > 2009-02-22 23:55 --------- d-----w c:\documents and settings\Darek\Dane
    > aplikacji\foobar2000
    > 2009-02-22 10:44 --------- d-----w c:\program files\Magic Video Converter
    > 2009-02-18 22:57 --------- d-----w c:\program files\foobar2000
    > 2009-02-18 21:13 --------- d-----w c:\program files\MediaFACE II
    > 2009-02-18 20:59 --------- d-----w c:\program files\ALLPlayer
    > 2009-02-18 20:22 --------- d-----w c:\documents and settings\Darek\Dane
    > aplikacji\Moyea
    > 2009-02-18 20:18 --------- d-----w c:\program files\Moyea
    > 2009-02-18 20:08 --------- d-----w c:\program files\FLVPlayer
    > 2009-02-18 20:04 --------- d-----w c:\program files\Smallvideosoft
    > 2009-02-10 20:58 --------- d-----w c:\program files\Yahoo!
    > 2009-02-09 14:20 --------- d-----w c:\program files\eSkiMoS R2
    > 2009-02-06 20:23 --------- d-----w c:\documents and settings\All Users\Dane
    > aplikacji\DVD Shrink
    > 2008-11-30 13:23 47,360 ----a-w c:\documents and settings\Darek\Dane
    > aplikacji\pcouffin.sys
    > 2007-04-04 20:40 221 ----a-w c:\program files\Common Files\max.kk
    > 2006-06-24 06:48 32,768 ----a-r c:\windows\inf\UpdateUSB.exe
    > .
    >
    > ------- Sigcheck -------
    >
    > 2008-06-20 12:59  361600  ad978a1b783b5719720cff204b666c8e
    > c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
    > 2009-03-23 19:26  360576  e7dfcffa380749b8626ad71e8f367dcb
    > c:\windows\system32\drivers\tcpip.sys
    > .
    > (((((((((((((((((((((((((((((((((((((   Wpisy startowe
    > jestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
    > .
    > .
    > *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
    > REGEDIT4
    >
    > [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curren
    tVersion\Run]
    > "H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\Wcescomm.exe"
    > [2006-11-13 1289000]
    >
    > [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curre
    ntVersion\Run]
    > "Six Engine"="c:\program files\ASUS\Six Engine\SixEngine.exe" [2008-05-14
    > 5958656]
    > "Spamihilator"="c:\program files\Spamihilator\spamihilator.exe" [2008-12-23
    > 1321984]
    > "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
    > [2008-11-10 136600]
    > "Look 'n' Stop"="c:\program files\Soft4Ever\looknstop\looknstop.exe"
    > [2008-12-28 512070]
    > "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
    > "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
    > "CTSysVol"="c:\program files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe"
    > [2002-10-29 49152]
    > "SBDrvDet"="c:\program files\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-03
    > 45056]
    > "SpIDerNT"="c:\progra~1\DrWeb\spiderui.exe" [2008-10-23 197896]
    > "DrWebScheduler"="c:\program files\DrWeb\DRWEBSCD.EXE" [2008-05-06 283888]
    > "SpIDerMail"="c:\program files\DrWeb\spiderml.exe" [2008-06-10 501080]
    > "nwiz"="nwiz.exe" [2008-10-07 c:\windows\system32\nwiz.exe]
    > "CTHelper"="CTHELPER.EXE" [2008-06-27 c:\windows\system32\CtHelper.exe]
    >
    > [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Curr
    entVersion\Run]
    > "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
    >
    > c:\documents and settings\Darek\Menu Start\Programy\Autostart\
    > Spyware Doctor Updater.exe [2008-10-30 29228]
    >
    > [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    > "msacm.divxa32"= divxa32.acm
    >
    > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control
    \SafeBoot\Minimal\Lavas oft
    > Ad-Aware Service]
    > @="Service"
    >
    > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control
    \SafeBoot\Minimal\Wdf01 000.sys]
    > @="Driver"
    >
    > [HKLM\~\startupfolder\C:^Documents and Settings^Darek^Menu
    > Start^Programy^Autostart^Express Assist Check.lnk]
    > path=c:\documents and settings\Darek\Menu Start\Programy\Autostart\Express
    > Assist Check.lnk
    > backup=c:\windows\pss\Express Assist Check.lnkStartup
    >
    > [HKEY_LOCAL_MACHINE\software\microsoft\shared
    > tools\msconfig\startupreg\KernelFaultCheck]
    > c:\windows\system32\dumprep 0 -k [X]
    > HKEY_LOCAL_MACHINE\software\microsoft\shared
    > tools\msconfig\startupreg\PDVD8LanguageShortcut
    > HKEY_LOCAL_MACHINE\software\microsoft\shared
    > tools\msconfig\startupreg\RemoteControl8
    >
    > [HKEY_LOCAL_MACHINE\software\microsoft\shared
    > tools\msconfig\startupreg\Acronis Scheduler2 Service]
    > --a------ 2007-09-14 02:55 140568 c:\program files\Common
    > Files\Acronis\Schedule2\schedhlp.exe
    >
    > [HKEY_LOCAL_MACHINE\software\microsoft\shared
    > tools\msconfig\startupreg\AcronisTimounterMonitor]
    > --a------ 2007-09-14 03:02 905056 c:\program
    > files\Acronis\TrueImageHome\TimounterMonitor.exe
    >
    > [HKEY_LOCAL_MACHINE\software\microsoft\shared
    > tools\msconfig\startupreg\Ad-Watch]
    > --a------ 2009-03-09 20:06 515416 c:\program
    > files\Lavasoft\Ad-Aware\AAWTray.exe
    >
    > [HKEY_LOCAL_MACHINE\software\microsoft\shared
    > tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    > --a------ 2008-01-11 22:16 39792 c:\program files\Adobe\Reader
    > 8.0\Reader\reader_sl.exe
    >
    > [HKEY_LOCAL_MACHINE\software\microsoft\shared
    > tools\msconfig\startupreg\ALLUpdate]
    > --a------ 2008-11-24 20:44 869888 c:\program files\ALLPlayer\ALLUpdate.exe
    >
    > [HKEY_LOCAL_MACHINE\software\microsoft\shared
    > tools\msconfig\startupreg\CTDVDDET]
    > --a------ 2003-06-18 01:00 45056 c:\program
    > files\Creative\DVDAudio\CTDVDDET.exe
    >
    > [HKEY_LOCAL_MACHINE\software\microsoft\shared
    > tools\msconfig\startupreg\EPSON Stylus DX7400 Series]
    > --a------ 2007-04-12 07:00 182272
    > c:\windows\system32\spool\drivers\w32x86\3\E_FATICDE
    .EXE
    >
    > [HKEY_LOCAL_MACHINE\software\microsoft\shared
    > tools\msconfig\startupreg\LanguageShortcut]
    > --a------ 2006-04-13 11:09 49152 c:\program
    > files\CyberLink\PowerDVD\Language\Language.exe
    >
    > [HKEY_LOCAL_MACHINE\software\microsoft\shared
    > tools\msconfig\startupreg\NeroFilterCheck]
    > --a------ 2006-01-12 16:40 155648 c:\windows\system32\NeroCheck.exe
    >
    > [HKEY_LOCAL_MACHINE\software\microsoft\shared
    > tools\msconfig\startupreg\Nokia.PCSync]
    > --a------ 2008-06-17 16:00 1249280 c:\program files\Nokia\Nokia PC Suite
    > 7\PcSync2.exe
    >
    > [HKEY_LOCAL_MACHINE\software\microsoft\shared
    > tools\msconfig\startupreg\NvCplDaemon]
    > --a------ 2008-10-07 13:33 13574144 c:\windows\system32\nvcpl.dll
    >
    > [HKEY_LOCAL_MACHINE\software\microsoft\shared
    > tools\msconfig\startupreg\NvMediaCenter]
    > --a------ 2008-10-07 13:33 86016 c:\windows\system32\nvmctray.dll
    >
    > [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC
    > Suite Tray]
    > --a------ 2008-08-11 08:31 1124352 c:\program files\Nokia\Nokia PC Suite
    > 7\PCSuite.exe
    >
    > [HKEY_LOCAL_MACHINE\software\microsoft\shared
    > tools\msconfig\startupreg\RemoteControl]
    > --a------ 2005-12-07 22:57 30208 c:\program
    > files\CyberLink\PowerDVD\PDVDServ.exe
    >
    > [HKEY_LOCAL_MACHINE\software\microsoft\shared
    > tools\msconfig\startupreg\TrueImageMonitor.exe]
    > --a------ 2007-09-14 02:52 2595480 c:\program
    > files\Acronis\TrueImageHome\TrueImageMonitor.exe
    >
    > [HKEY_LOCAL_MACHINE\software\microsoft\shared
    > tools\msconfig\startupreg\WinampAgent]
    > --a------ 2001-10-02 00:42 10752 c:\program files\Winamp\winampa.exe
    >
    > [HKEY_LOCAL_MACHINE\software\microsoft\shared
    > tools\msconfig\startupreg\nwiz]
    > --a------ 2008-10-07 13:33 1630208 c:\windows\system32\nwiz.exe
    >
    > [HKLM\~\services\sharedaccess\parameters\firewallpol
    icy\standardprofile]
    > "EnableFirewall"= 0 (0x0)
    >
    > [HKLM\~\services\sharedaccess\parameters\firewallpol
    icy\standardprofile\Aut horizedApplications\List]
    > "%windir%\\system32\\sessmgr.exe"=
    > "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    > "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
    > "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    > "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    > "c:\\Program Files\\Gadu-Gadu\\gg.exe"=
    > "c:\\Program Files\\Soulseek\\slsk.exe"=
    > "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program
    > files\Microsoft
    > ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Ena
    bled:ActiveSync RAPI
    > Manager
    > "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program
    > files\Microsoft
    > ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:En
    abled:ActiveSync
    > Connection Manager
    > "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program
    > files\Microsoft
    > ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Ena
    bled:ActiveSync
    > Application
    > "c:\\Program Files\\Spamihilator\\cdcc.exe"=
    > "c:\\Program Files\\Spamihilator\\dccproc.exe"=
    > "c:\\Program Files\\Spamihilator\\spamihilator.exe"=
    > "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    >
    > [HKLM\~\services\sharedaccess\parameters\firewallpol
    icy\standardprofile\Glo ballyOpenPorts\List]
    > "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSy
    nc Service
    >
    > R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-03-18 64160]
    > R0 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys [2008-07-22 151592]
    > R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.
    sys [2009-03-23
    > 28544]
    > R1 lnsfw1;lnsfw1;c:\windows\system32\drivers\lnsfw1.sys [2008-12-28 77184]
    > R2 SPIDER;SpIDer Guard File System Monitor;c:\progra~1\DrWeb\spider.sys
    > [2009-03-24 268040]
    > R2 SPIDERNT;SpIDer Guard for Windows;c:\progra~1\DrWeb\spidernt.exe
    > [2009-03-24 197896]
    > R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\driver
    s\COMMONFX.sys
    > [2008-06-27 99352]
    > R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\
    CTAUDFX.sys
    > [2008-06-27 555032]
    > R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\
    CTSBLFX.sys
    > [2008-06-27 566296]
    > R3 L1e;Miniport Driver for Atheros AR8121/AR8113 PCI-E Ethernet
    > Controller;c:\windows\system32\drivers\l1e51x86.sys [2008-11-04 36864]
    > S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMON
    FX.sys [2008-06-27
    > 99352]
    > S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.
    sys [2008-06-27
    > 555032]
    > S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\driver
    s\CTERFXFX.sys
    > [2008-06-27 100888]
    > S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFX
    FX.sys [2008-06-27
    > 100888]
    > S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.
    sys [2008-06-27
    > 566296]
    > S3 FirebirdGuardianDefaultInstance;Firebird Guardian -
    > DefaultInstance;i:\firebird\Firebird_1_5\bin\fbguard
    .exe -s -->
    > i:\firebird\Firebird_1_5\bin\fbguard.exe -s [?]
    > S3 FirebirdServerDefaultInstance;Firebird Server -
    > DefaultInstance;i:\firebird\Firebird_1_5\bin\fbserve
    r.exe -s -->
    > i:\firebird\Firebird_1_5\bin\fbserver.exe -s [?]
    > S3 KS-959;Kingsun KS-959 USB Infrared
    > Adapter;c:\windows\system32\drivers\ks-959.sys [2005-07-23 19034]
    > S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program
    > files\Lavasoft\Ad-Aware\AAWService.exe [2009-03-09 951632]
    > S3 nmwcdnsu;Nokia USB Flashing Phone
    > Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2008-12-24 138112]
    > S3 nmwcdnsuc;Nokia USB Flashing
    > Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2008-12-24 8320]
    > S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware
    > Doctor\pctsAuxs.exe [2009-01-23 356920]
    > S3 V0260VID;Live! Cam Vista IM;c:\windows\system32\drivers\V0260Vid.sys
    > [2008-11-04 178913]
    >
    > [HKEY_CURRENT_USER\software\microsoft\windows\curren
    tversion\explorer\mount points2\{521142a4-c6ba-11dd-9b11-000000000000}]
    > \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE
    > Shell32.DLL,ShellExec_RunDLL explore.exe
    >
    > [HKEY_CURRENT_USER\software\microsoft\windows\curren
    tversion\explorer\mount points2\{b08c2893-aa51-11dd-a53b-806d6172696f}]
    > \Shell\AutoRun\command - M:\setup.exe
    >
    > [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed
    > components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    > "c:\program files\Common Files\LightScribe\LSRunOnce.exe"
    > .
    > Zawartość folderu 'Zaplanowane zadania'
    >
    > 2009-03-23 c:\windows\Tasks\Ad-Aware Update (Weekly).job
    > - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 20:06]
    >
    > 2009-03-23 c:\windows\Tasks\Norton Security Scan for Darek.job
    > - c:\program files\Norton Security Scan\Nss.exe [2008-09-19 04:18]
    > .
    > - - - - USUNIĘTO PUSTE WPISY - - - -
    >
    > Notify-efcbCSkj - efcbCSkj.dll
    > MSConfigStartUp-SpybotSD TeaTimer - c:\program files\Spybot - Search &
    > Destroy\TeaTimer.exe
    > MSConfigStartUp-UVS11 Preload - e:\program files\Ulead Systems\Ulead
    > VideoStudio 11\uvPL.exe
    > MSConfigStartUp-Vidalia - c:\program files\Vidalia
    > Bundle\Vidalia\vidalia.exe
    >
    > .
    > ------- Skan uzupełniający -------
    > .
    > uStart Page = about:blank
    > uInternet Settings,ProxyOverride = *.local
    > IE: Download with GetRight Pro - c:\program files\GetRight\GRdownload.htm
    > IE: E&ksport do programu Microsoft Excel -
    > c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    > IE: Open with GetRight Pro Browser - c:\program files\GetRight\GRbrowse.htm
    > LSP: c:\windows\system32\DRWEBSP.DLL
    > FF - ProfilePath - c:\documents and settings\Darek\Dane
    > aplikacji\Mozilla\Firefox\Profiles\zx5x027r.default\
    > FF - prefs.js: browser.startup.homepage -www.google.pl
    > FF - plugin: c:\program files\Mozilla Firefox\plugins\NPGetRt.dll
    > .
    >
    > ****************************************************
    **********************
    >
    > catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by
    Gmer,http://www.gmer.net
    > Rootkit scan 2009-03-24 10:00:22
    > Windows 5.1.2600 Dodatek Service Pack 2 NTFS
    >
    > skanowanie ukrytych procesów ...
    >
    > skanowanie ukrytych wpisów autostartu ...
    >
    > HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    >   CTHelper = CTHELPER.EXE?
    >
    > skanowanie ukrytych plików ...
    >
    > skanowanie pomyślnie ukończone
    > ukryte pliki: 0
    >
    > ****************************************************
    **********************
    > .
    > --------------------- Pliki DLL ładowane pod uruchomionymi
    > procesami ---------------------
    >
    > - - - - - - - > 'lsass.exe'(1204)
    > c:\windows\system32\relog_ap.dll
    > c:\windows\system32\DRWEBSP.DLL
    > .
    > ------------------------ Pozostałe uruchomione
    > procesy ------------------------
    > .
    > c:\windows\system32\savedump.exe
    > c:\windows\system32\rundll32.exe
    > c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
    > c:\program files\Bonjour\mDNSResponder.exe
    > c:\program files\Common Files\InterVideo\DeviceService\DevSvc.exe
    > c:\documents and settings\Darek\Menu Start\Programy\Autostart\Spyware Doctor
    > Updater.exe
    > c:\windows\system32\CTSVCCDA.EXE
    > c:\documents and settings\All Users\Dane aplikacji\EPSON\EPW!3
    > SSRP\E_S40RP7.EXE
    > c:\progra~1\MI3AA1~1\rapimgr.exe
    > c:\program files\Java\jre6\bin\jqs.exe
    > c:\program files\Common Files\LightScribe\LSSrvc.exe
    > c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    > c:\windows\system32\nvsvc32.exe
    > c:\program files\CyberLink\Shared files\RichVideo.exe
    > c:\program files\DrWeb\spidernt.exe
    > c:\program files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
    > c:\program files\Canon\CAL\CALMAIN.exe
    > c:\windows\system32\wscntfy.exe
    > c:\program files\DrWeb\drwebupw.exe
    > .
    > ****************************************************
    **********************
    > .
    > Czas ukończenia: 2009-03-24 10:01:55 - komputer został uruchomiony ponownie
    > [Darek]
    > ComboFix-quarantined-files.txt  2009-03-24 09:01:52
    >
    > Przed: 2 921 869 312 bajtów wolnych
    > Po: 4,011,827,200 bajtów wolnych
    >
    > Pozdro
    >
    > --
    > ----------------------
    > Negatyw
    > negatyw001(małpa)o2.pl
    > ----------------------


  • 7. Data: 2009-03-25 22:13:49
    Temat: Re: Problem z restartami
    Od: "Negatyw" <n...@U...o2.pl.invalid>


    Użytkownik "staszek" <s...@g...com> napisał w wiadomości
    news:43d72462-4864-4ae8-b4e1-48ebc14f25d4@z9g2000yqi
    .googlegroups.com...

    To zostaje w HiJacku:

    Dzięki za pomoc :)
    Wstał, choć sp3 już nie udało mi się zainstalować. Widać xp'ek już jest dość
    mocno poszatkowany...

    Pozdro

    --
    ----------------------
    Negatyw
    negatyw001(małpa)o2.pl
    ----------------------


  • 8. Data: 2009-03-26 09:30:31
    Temat: Re: Problem z restartami
    Od: Chichotek <z...@y...cy>

    Był 24 marzec (wtorek) gdy o godz. 8:05 *Negatyw* napisał(a):

    > Czy macie jakieś pomysły?

    Jeśli masz legalnego windowsa polecam skanowanie Windows Defenderem

    --
    Pozdrawiam, Chichotek
    P5Q Pro, E8400@Scythe Ninja, Szafir HD4870 512MB, 2x2GB A-Data Vitesta 800+,
    2x Seagate 250/400GB, Topower P3 450W EZ, Enermax Chakra, 21" Gateway,
    Razer DeathAdder+Destructor, Logitech UltraX Flat, Windows XP Pro


  • 9. Data: 2009-03-26 20:24:29
    Temat: Re: Problem z restartami
    Od: "Negatyw" <n...@U...o2.pl.invalid>


    Użytkownik "Chichotek" <z...@y...cy> napisał w wiadomości
    news:13l8qxsn41tc1.dlg@chichot.truposza.pl...

    > Windows Defenderem

    Mam problem z zainstalowaniem sp3. Instalator po prostu zamyka okno
    podczas instalacji.
    Mam ciekawą sytuację:
    http://img172.imageshack.us/img172/8540/xp1.jpg - niby więc sp3 jest

    A system mówi co innego:
    http://img172.imageshack.us/img172/4031/xp2.jpg - twierdzi, że jest sp2

    Czy da się to jakoś rozwiązać?

    Pozdro

    --
    ----------------------
    Negatyw
    negatyw001(małpa)o2.pl
    ----------------------

strony : [ 1 ]


Szukaj w grupach

Szukaj w grupach

Eksperci egospodarka.pl

1 1 1

Wpisz nazwę miasta, dla którego chcesz znaleźć jednostkę ZUS.

Wzory dokumentów

Bezpłatne wzory dokumentów i formularzy.
Wyszukaj i pobierz za darmo: