[log]baaaaaardzo długo się otwiera i długo otwiera strony in

**Posty:** 14 · przez **Yurek-55** 23 Mar 2009, 22:43

Witam wszystkich. Jestem nowy na forum. Mój problem z laptopem to długi okres wyczekiwania na wystartowanie systemu a potem długo otwiera strony. Jeśli do czegoś wymagany jest restart kompa, to mogę spokojnie iść na spacer z psem zanim to nastąpi...

Kod: Zaznacz wszystko

ComboFix 09-03-22.01 - DOM 2009-03-23 20:07:28.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1250.1.1045.18.1014.400 [GMT 1:00]
Uruchomiony z: c:\documents and settings\DOM\Pulpit\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated)
* Utworzono nowy punkt przywracania
UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
c:\windows\system32\45UR612k.exe.a_a
c:\windows\system32\msxml71.dll
c:\windows\system32\x264vfw.dll.
((((((((((((((((((((((((( Pliki utworzone od 2009-02-23 do 2009-03-23 )))))))))))))))))))))))))))))))
2009-03-22 11:43 . 2009-03-22 11:43 <DIR> d-------- c:\program files\SAGEM
2009-03-22 11:33 . 2002-12-09 18:24 49,152 --a------ c:\windows\system32\WooDial2000.dll
2009-03-22 11:33 . 2002-12-09 18:24 48,128 --a------ c:\windows\system32\SMMSCRPT.DLL
2009-03-22 11:33 . 2002-12-09 18:24 5,632 --a------ c:\windows\system32\SMMSETUP.DLL
2009-03-22 11:31 . 2009-03-22 11:43 479 --a------ c:\windows\adiras.ini
2009-03-22 10:26 . 2009-03-22 11:38 <DIR> d-------- c:\program files\Wanadoo
2009-03-22 10:26 . 2003-03-04 10:26 9,728 --a------ c:\windows\system32\rnaph.dll
2009-03-20 11:01 . 2009-03-20 11:01 <DIR> d-------- c:\program files\Common Files\IPSPI
2009-03-19 07:34 . 2009-03-19 07:34 <DIR> d-------- c:\program files\A4Tech
2009-03-18 17:31 . 2009-03-18 17:31 <DIR> d-------- c:\program files\CDex_151
2009-03-17 09:06 . 2009-03-19 14:24 <DIR> d-------- c:\program files\Innovative Solutions
2009-03-16 17:40 . 2007-07-03 16:58 106,792 --a------ c:\windows\system32\drivers\sscdmdm.sys
2009-03-16 17:40 . 2007-07-03 16:54 80,552 --a------ c:\windows\system32\drivers\sscdbus.sys
2009-03-16 17:40 . 2007-07-03 16:57 11,944 --a------ c:\windows\system32\drivers\sscdmdfl.sys
2009-03-16 17:40 . 2007-07-03 17:00 9,256 --a------ c:\windows\system32\drivers\sscdwhnt.sys
2009-03-16 17:40 . 2007-07-03 17:00 9,256 --a------ c:\windows\system32\drivers\sscdwh.sys
2009-03-16 17:40 . 2007-07-03 16:56 9,256 --a------ c:\windows\system32\drivers\sscdcmnt.sys
2009-03-16 17:40 . 2007-07-03 16:56 9,256 --a------ c:\windows\system32\drivers\sscdcm.sys
2009-03-15 10:32 . 2009-03-15 10:32 <DIR> d-------- c:\program files\Qwerty - Nauka Pisania
2009-03-13 20:49 . 2009-03-13 20:49 536,576 --a------ c:\windows\system32\splitter.ax
2009-03-13 20:48 . 2009-03-13 20:48 3,144,192 --a------ c:\windows\system32\ffdshow.ax
2009-03-13 20:48 . 2009-03-13 20:48 246,784 --a------ c:\windows\system32\dxr.dll
2009-03-13 20:46 . 2009-03-13 20:46 1,388,966 --a------ c:\windows\system32\ffmpegmt.dll
2009-03-13 20:45 . 2009-03-13 20:45 557,451 --a------ c:\windows\system32\libmplayer.dll
2009-03-13 20:44 . 2009-03-13 20:44 4,421,889 --a------ c:\windows\system32\libavcodec.dll
2009-03-13 15:30 . 2009-03-15 22:56 <DIR> d-------- c:\program files\Unlocker
2009-03-13 10:34 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll
2009-03-13 10:34 . 2008-10-16 14:06 208,744 --a------ c:\windows\system32\muweb.dll
2009-03-13 10:34 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui
2009-03-12 14:39 . 2009-03-12 16:50 <DIR> d-------- c:\documents and settings\DOM\Tracing
2009-03-12 14:11 . 2009-03-12 14:11 <DIR> d-------- c:\program files\Common Files\Windows Live
2009-03-11 20:44 . 2009-03-11 21:03 <DIR> d-------- c:\program files\MySpace
2009-03-11 20:44 . 2009-03-11 20:44 <DIR> d-------- c:\documents and settings\DOM\Dane aplikacji\MySpace
2009-03-11 11:03 . 2009-03-11 11:03 <DIR> d-------- c:\documents and settings\DOM\Dane aplikacji\Broad Intelligence
2009-03-11 10:53 . 2009-03-11 10:53 <DIR> d-------- c:\documents and settings\DOM\Dane aplikacji\OpenCandy
2009-03-11 10:52 . 2009-03-22 20:10 <DIR> d-------- c:\program files\MediaCoder
2009-03-11 10:06 . 2009-03-18 09:56 <DIR> d-------- c:\program files\Winamp
2009-03-10 11:17 . 2009-03-10 13:55 <DIR> d-------- c:\program files\ALLPlayer
2009-03-10 10:23 . 2009-03-10 10:23 795,648 --a------ c:\windows\system32\xvidcore.dll
2009-03-10 10:23 . 2009-03-10 10:23 487,936 --a------ c:\windows\system32\madFlac.ax
2009-03-10 10:23 . 2009-03-10 10:23 130,048 --a------ c:\windows\system32\xvidvfw.dll
2009-03-10 10:23 . 2009-03-10 10:23 118,784 --a------ c:\windows\system32\ac3acm.acm
2009-03-10 10:22 . 2009-03-10 10:22 901,120 --a------ c:\windows\system32\MpaDecFilter.ax
2009-03-10 10:22 . 2009-03-10 10:22 688,128 --a------ c:\windows\system32\mmamr.ax
2009-03-10 10:22 . 2009-03-10 10:22 348,160 --a------ c:\windows\system32\MpaSplitter.ax
2009-03-10 10:22 . 2009-03-10 10:22 348,160 --a------ c:\windows\system32\CoreVorbis.ax
2009-03-10 10:22 . 2009-03-10 10:22 258,048 --a------ c:\windows\system32\libFLAC.dll
2009-03-10 10:21 . 2009-03-10 10:21 892,928 --a------ c:\windows\system32\iconv.dll
2009-03-10 10:21 . 2009-03-10 10:21 860,160 --a------ c:\windows\system32\lameACM.acm
2009-03-10 10:21 . 2009-03-10 10:21 675,840 --a------ c:\windows\system32\ac3filter.ax
2009-03-10 10:21 . 2009-03-10 10:21 177,152 --a------ c:\windows\system32\MonkeySource.ax
2009-03-10 10:20 . 2009-03-10 10:20 1,291,776 --a------ c:\windows\system32\quartzXP.dll
2009-03-10 10:20 . 2009-03-10 10:20 507,904 --a------ c:\windows\system32\MP4Splitter.ax
2009-03-10 10:20 . 2009-03-10 10:20 319,488 --a------ c:\windows\system32\CoreAAC.ax
2009-03-10 10:20 . 2009-03-13 20:48 163,840 --a------ c:\windows\system32\ts.dll
2009-03-10 10:20 . 2009-03-10 10:20 159,744 --a------ c:\windows\system32\mmfinfo.dll
2009-03-10 10:20 . 2009-03-13 20:48 148,480 --a------ c:\windows\system32\mkx.dll
2009-03-10 10:20 . 2009-03-13 20:48 141,312 --a------ c:\windows\system32\mp4.dll
2009-03-10 10:20 . 2009-03-13 20:48 120,832 --a------ c:\windows\system32\ogm.dll
2009-03-10 10:20 . 2009-03-13 20:48 108,032 --a------ c:\windows\system32\avi.dll
2009-03-10 10:20 . 2009-03-13 20:48 79,360 --a------ c:\windows\system32\mkzlib.dll
2009-03-10 10:20 . 2009-03-10 10:20 75,264 --a------ c:\windows\system32\MACDec.dll
2009-03-10 10:20 . 2009-03-10 10:20 23,552 --a------ c:\windows\system32\mkunicode.dll
2009-03-10 10:19 . 2009-03-13 20:45 145,081 --a------ c:\windows\system32\libmpeg2_ff.dll
2009-03-10 10:19 . 2009-03-13 20:46 547 --a------ c:\windows\system32\ffdshow.ax.manifest
2009-03-10 10:18 . 2009-03-13 20:42 98,304 --a------ c:\windows\system32\ff_wmv9.dll
2009-03-10 10:17 . 2009-03-13 20:42 486,400 --a------ c:\windows\system32\ff_libfaad2.dll
2009-03-10 10:17 . 2009-03-13 20:42 257,024 --a------ c:\windows\system32\ff_libdts.dll
2009-03-10 10:17 . 2009-03-13 20:42 183,296 --a------ c:\windows\system32\ff_samplerate.dll
2009-03-10 10:17 . 2009-03-13 20:42 178,688 --a------ c:\windows\system32\ff_libmad.dll
2009-03-10 10:17 . 2009-03-13 20:42 142,848 --a------ c:\windows\system32\ff_liba52.dll
2009-03-10 10:17 . 2009-03-13 20:42 113,152 --a------ c:\windows\system32\ff_unrar.dll
2009-03-10 10:16 . 2009-03-10 10:16 1,415,680 --a------ c:\windows\system32\WMV9VCM.dll
2009-03-10 10:16 . 2009-03-10 10:16 921,600 --a------ c:\windows\system32\vorbisenc.dll
2009-03-10 10:16 . 2009-03-10 10:16 237,568 --a------ c:\windows\system32\OggDS.dll
2009-03-10 10:16 . 2009-03-10 10:16 188,416 --a------ c:\windows\system32\vorbis.dll
2009-03-10 10:16 . 2009-03-10 10:16 45,056 --a------ c:\windows\system32\ogg.dll
2009-03-10 10:15 . 2009-03-10 10:15 873,888 --a------ c:\windows\system32\CLVSD.ax
2009-03-10 10:15 . 2009-03-10 10:15 729,088 --a------ c:\windows\system32\divxdec.ax
2009-03-10 10:15 . 2009-03-10 10:15 417,792 --a------ c:\windows\system32\FLVSplitter.ax
2009-03-10 10:15 . 2009-03-10 10:15 387,584 --a------ c:\windows\system32\MpegSplitter.ax
2009-03-10 10:15 . 2009-03-10 10:15 245,760 --a------ c:\windows\system32\mplvpx.dll
2009-03-10 10:15 . 2009-03-10 10:15 106,496 --a------ c:\windows\system32\lmpgspl.ax
2009-03-10 10:15 . 2009-03-10 10:15 94,208 --a------ c:\windows\system32\lmpgvd.ax
2009-03-10 10:14 . 2009-03-10 10:14 524,288 --a------ c:\windows\system32\DivXsm.exe
2009-03-10 10:14 . 2009-03-10 10:14 77,824 --a------ c:\windows\system32\xvid.ax
2009-03-10 10:14 . 2009-03-10 10:14 69,632 --a------ c:\windows\system32\divxconfig.exe
2009-03-10 10:14 . 2009-03-10 10:14 4,816 --a------ c:\windows\system32\divxsm.tlb
2009-03-09 12:48 . 2009-03-09 12:48 0 --a------ c:\windows\WinPM.INI
2009-03-09 12:47 . 2009-03-09 12:47 <DIR> d-------- c:\program files\Paragon Software
2009-03-09 12:47 . 2004-09-03 10:53 3,870,720 --a------ c:\windows\system32\qt-mt323.dll
2009-03-09 12:47 . 2003-10-07 18:08 6,656 --a------ c:\windows\system32\WnASPI32.dll
2009-03-09 03:00 . 2009-03-09 03:00 <DIR> d-------- c:\program files\MSXML 4.0
2009-03-07 18:25 . 2009-03-16 18:14 <DIR> d-------- c:\documents and settings\DOM\Dane aplikacji\Samsung
2009-03-07 16:56 . 2006-05-03 22:53 174,592 --a------ c:\windows\system32\framedyn.dll
2009-03-07 16:55 . 2009-03-16 17:57 5,632 --a------ c:\windows\system32\drivers\StarOpen.sys
2009-03-07 16:53 . 2009-03-16 17:40 <DIR> d-------- c:\windows\system32\Samsung_USB_Drivers
2009-03-07 16:53 . 2005-08-28 20:51 766 --a------ c:\windows\system32\Uninstall.ico
2009-03-06 14:57 . 2009-03-06 14:57 <DIR> d-------- c:\program files\Klawiatura
2009-03-06 14:50 . 2009-03-06 15:01 <DIR> d-------- c:\program files\Szybkie Pisanie
2009-03-02 14:44 . 2009-03-02 14:44 37,236 --ah----- c:\windows\system32\mlfcache.dat
2009-03-01 18:19 . 2009-03-23 20:14 2,206 --a------ c:\windows\system32\wpa.dbl.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))).
2009-03-23 19:14 --------- d-----w c:\documents and settings\DOM\Dane aplikacji\uTorrent
2009-03-23 18:59 --------- d-----w c:\documents and settings\DOM\Dane aplikacji\Skype
2009-03-23 18:48 --------- d-----w c:\documents and settings\DOM\Dane aplikacji\gtk-2.0
2009-03-22 22:01 --------- d-----w c:\documents and settings\DOM\Dane aplikacji\Winamp
2009-03-22 19:13 --------- d---a-w c:\documents and settings\All Users\Dane aplikacji\TEMP
2009-03-22 10:54 --------- d-----w c:\program files\Lx_cats
2009-03-22 10:43 22 ----a-w c:\windows\system32\drivers\adidsl.cfg
2009-03-22 10:43 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-21 15:08 --------- d-----w c:\program files\Odkurzacz
2009-03-19 19:31 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Microsoft Help
2009-03-19 13:18 --------- d-----w c:\program files\NAPI-PROJEKT
2009-03-19 12:22 --------- d-----w c:\documents and settings\DOM\Dane aplikacji\Thinstall
2009-03-19 09:20 --------- d-----w c:\program files\Google
2009-03-18 08:19 --------- d-----w c:\documents and settings\DOM\Dane aplikacji\U3
2009-03-16 16:39 --------- d-----w c:\program files\Samsung
2009-03-14 20:38 --------- d-----w c:\documents and settings\DOM\Dane aplikacji\TransEngPol41
2009-03-12 19:32 --------- d-----w c:\documents and settings\DOM\Dane aplikacji\skypePM
2009-03-12 19:02 --------- d-----w c:\program files\eMule
2009-03-12 18:59 --------- d-----w c:\program files\Nokia
2009-03-11 19:16 --------- d-----w c:\program files\uTorrent
2009-03-11 19:09 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Skype
2009-03-11 19:09 --------- d-----r c:\program files\Skype
2009-03-10 10:21 --------- d-----w c:\program files\Real Alternative
2009-03-10 07:32 --------- d-----w c:\documents and settings\DOM\Dane aplikacji\dvdcss
2009-03-03 12:18 --------- d-----w c:\program files\Common Files\Ahead
2009-03-03 12:18 --------- d-----w c:\program files\Ahead
2009-03-03 07:46 --------- d-----w c:\program files\PITy
2009-03-01 18:13 --------- d-----w c:\program files\IrfanView
2009-01-16 12:10 1,213,952 ----a-w c:\program files\BESTplayer.exe
2008-10-29 10:20 4,338,923 ----a-w c:\program files\Klawiatura_wozniak.exe
2008-04-10 13:20 720,482 ----a-w c:\program files\mxClock.exe
2008-04-02 13:19 32 ----a-w c:\documents and settings\All Users\Dane aplikacji\ezsid.dat
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))).
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{41F21158-4211-4D32-9E02-D57B19661561}]
2009-01-14 17:54 444416 --a------ c:\progra~1\ALLPLA~1\REDTUB~1.DLL
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-03-02 65536]
"Paseczek"="c:\program files\Paseczek\Paseczek.exe" [2008-03-07 1616384]
"mxClock"="c:\program files\mxClock.exe" [2008-04-10 720482]
"Odkurzacz-MCD"="c:\program files\Odkurzacz\odk_mcd.exe" [2008-08-16 264704]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\WCESCOMM.EXE" [2004-02-24 401491]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
"IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2008-11-13 243072]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2009-03-01 270128]
"ALLUpdate"="c:\program files\ALLPlayer\ALLUpdate.exe" [2008-11-24 869888]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-03-11 24095528]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-12-03 1205760]
"Magentic"="c:\progra~1\Magentic\bin\Magentic.exe" [2008-08-04 488808]
"DriverMax"="c:\program files\Innovative Solutions\DriverMax\devices.exe" [2009-02-10 5391192]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2003-10-31 192512]
"PadTouch"="c:\program files\TOSHIBA\Touch and Launch\PadExe.exe" [2004-11-17 1077327]
"CeEKEY"="c:\program files\TOSHIBA\E-KEY\CeEKey.exe" [2005-01-21 675840]
"TPNF"="c:\program files\TOSHIBA\TouchPad\TPTray.exe" [2004-11-29 53248]
"TOSHIBA Accessibility"="c:\program files\TOSHIBA\Accessibility\FnKeyHook.exe" [2004-12-07 24576]
"HWSetup"="c:\program files\TOSHIBA\TOSHIBA Applet\HWSetup.exe" [2004-12-23 28672]
"SVPWUTIL"="c:\program files\Toshiba\Windows Utilities\SVPWUTIL.exe" [2005-02-25 65536]
"Tvs"="c:\program files\TOSHIBA\Tvs\TvsTray.exe" [2004-11-12 73728]
"NDSTray.exe"="c:\program files\TOSHIBA\ConfigFree\NDSTray.exe" [2004-12-17 933888]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-01-14 122939]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-02-20 1443072]
"LXCGCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll" [2005-04-27 69632]
"lxcgmon.exe"="c:\program files\Lexmark 2300 Series\lxcgmon.exe" [2005-05-05 200704]
"EzPrint"="c:\program files\Lexmark 2300 Series\ezprint.exe" [2005-06-08 94208]
"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2005-05-03 299008]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2007-10-11 140568]
"CFSServ.exe"="c:\program files\TOSHIBA\ConfigFree\CFSServ.exe" [2004-12-18 548864]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-08-01 98304]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-13 131072]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-01-13 163840]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-01-13 135168]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-03-09 37888]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2007-10-12 2611312]
"TFncKy"="c:\program files\TOSHIBA\TOSHIBA Controls\TFncKy.exe" [2005-03-29 118784]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2007-10-12 905992]
"WheelMouse"="c:\program files\A4Tech\Mouse\Amoumain.exe" [2007-02-10 188416]
"AGRSMMSG"="AGRSMMSG.exe" [2004-10-28 c:\windows\agrsmmsg.exe]
"Zooming"="ZoomingHook.exe" [2004-07-14 c:\windows\system32\ZoomingHook.exe]
"TCtryIOHook"="TCtrlIOHook.exe" [2005-02-16 c:\windows\system32\TCtrlIOHook.exe]
"TPSMain"="TPSMain.exe" [2005-01-21 c:\windows\system32\TPSMain.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\DOM\Menu Start\Programy\Autostart\
Tworzenie wycink˘w ekranu i uruchamianie programu OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]
c:\documents and settings\All Users\Menu Start\Programy\Autostart\
DSLMON.lnk - c:\program files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2009-03-22 962667]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"Msacm.dvacm"= c:\progra~1\COMMON~1\ULEADS~1\vio\dvacm.acm
"msacm.mpegacm"= mpegacm.acm
"msacm.ulmp3acm"= ulmp3acm.acm
"MSACM.CEGSM"= mobilev.acm
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\system32\\lxcgcoms.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\TOSHIBA\\ConfigFree\\CFXFER.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Gadu-Gadu\\gg.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Program Files\\Magentic\\bin\\MgImp.exe"=
"c:\\Program Files\\Magentic\\bin\\Magentic.exe"=
"c:\\Program Files\\Magentic\\bin\\MgApp.exe"=
"c:\\Documents and Settings\\DOM\\Dane aplikacji\\Thinstall\\O&O Defrag Professional\\40000014e00002i\\oodag.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [2008-07-31 20616]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-02-20 33800]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-02-20 472320]
R3 Amps2prt;A4Tech PS/2 Port Mouse Driver;c:\windows\system32\drivers\Amps2prt.sys [2007-02-09 14336]
S2 gupdate1c9a720ddcbb49b;Google Update Service (gupdate1c9a720ddcbb49b);c:\program files\Google\Update\GoogleUpdate.exe [2009-03-17 133104]
S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [2008-12-07 30088]
S3 CrystalSysInfo;CrystalSysInfo;\??\c:\program files\MediaCoder\SysInfo.sys --> c:\program files\MediaCoder\SysInfo.sys [?]
S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [2008-07-02 26248]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5b9d6038-00bc-11dd-96ca-000fb08d59f6}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a.
Zawartość folderu 'Zaplanowane zadania'
2009-03-23 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-17 17:53].
- - - - USUNIĘTO PUSTE WPISY - - - -
HKCU-Run-ALLPasswordManager - c:\program files\MarBit\ALLPassword Manager\ALLPasswordManager.exe
HKLM-Run-SmoothView - c:\program files\TOSHIBA\Program narzędziowy TOSHIBA Zooming Utility\SmoothView.exe.
------- Skan uzupełniający -------
.uStart Page = hxxp://mystart.magentic.com/english/
uInternet Connection Wizard,ShellNext = "c:\program files\Outlook Express\msimn.exe"
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {851C5EFD-4F84-42FF-B075-8DD4C9F39F40} = 194.204.152.34 217.98.63.164
FF - ProfilePath - c:\documents and settings\DOM\Dane aplikacji\Mozilla\Firefox\Profiles\p6n0hpzx.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.pajacyk.pl
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - component: c:\documents and settings\DOM\Dane aplikacji\Mozilla\Firefox\Profiles\p6n0hpzx.default\extensions\trenpl4ff@kompas.info.pl\components\trenpl4ff.dll
FF - component: c:\program files\Google\Google Gears\Firefox\components\gears.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJPI150.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPOJI610.dll
---- FIREFOX - SPOSÓB POSTĘPOWANIA ----
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: content.switch.threshold - 1000000
FF - user.js: nglayout.initialpaint.delay - 600

**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-23 20:14:17
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
skanowanie ukrytych procesów ...
skanowanie ukrytych wpisów autostartu ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCGCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
skanowanie ukrytych plików ...
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

- - - - - - - > 'lsass.exe'(932)
c:\windows\system32\relog_ap.dll
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\program files\TOSHIBA\Program narzc:\program files\TOSHIBA\Tvs\TvsTray.exe
c:\windows\system32\TPSBattM.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\progra~1\Magentic\bin\MgApp.exe
c:\program files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\UTSCSI.EXE
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\windows\system32\lxcgcoms.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
.
**************************************************************************
.
Czas ukończenia: 2009-03-23 20:18:08 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt 2009-03-23 19:17:55

Przed: 20˙201˙148˙416 bajt˘w wolnych
Po: 20,338,282,496 bajt˘w wolnych

WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe

331 --- E O F --- 2009-03-15 08:55:58

Kod: Zaznacz wszystko

**Posty:** 62 · przez **marcinbak10** 23 Mar 2009, 23:49

wstaw logi w tagi code zgodnie z obowiązującą tu regułą

**Posty:** 14 · przez **Yurek-55** 23 Mar 2009, 23:54

Kod: Zaznacz wszystko: ComboFix 09-03-22.01 - DOM 2009-03-23 20:07:28.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1250.1.1045.18.1014.400 [GMT 1:00] Uruchomiony z: c:\documents and settings\DOM\Pulpit\ComboFix.exe AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) * Utworzono nowy punkt przywracania UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !! . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\45UR612k.exe.a_a c:\windows\system32\msxml71.dll c:\windows\system32\x264vfw.dll . ((((((((((((((((((((((((( Pliki utworzone od 2009-02-23 do 2009-03-23 ))))))))))))))))))))))))))))))) . 2009-03-22 11:43 . 2009-03-22 11:43 <DIR> d-------- c:\program files\SAGEM 2009-03-22 11:33 . 2002-12-09 18:24 49,152 --a------ c:\windows\system32\WooDial2000.dll 2009-03-22 11:33 . 2002-12-09 18:24 48,128 --a------ c:\windows\system32\SMMSCRPT.DLL 2009-03-22 11:33 . 2002-12-09 18:24 5,632 --a------ c:\windows\system32\SMMSETUP.DLL 2009-03-22 11:31 . 2009-03-22 11:43 479 --a------ c:\windows\adiras.ini 2009-03-22 10:26 . 2009-03-22 11:38 <DIR> d-------- c:\program files\Wanadoo 2009-03-22 10:26 . 2003-03-04 10:26 9,728 --a------ c:\windows\system32\rnaph.dll 2009-03-20 11:01 . 2009-03-20 11:01 <DIR> d-------- c:\program files\Common Files\IPSPI 2009-03-19 07:34 . 2009-03-19 07:34 <DIR> d-------- c:\program files\A4Tech 2009-03-18 17:31 . 2009-03-18 17:31 <DIR> d-------- c:\program files\CDex_151 2009-03-17 09:06 . 2009-03-19 14:24 <DIR> d-------- c:\program files\Innovative Solutions 2009-03-16 17:40 . 2007-07-03 16:58 106,792 --a------ c:\windows\system32\drivers\sscdmdm.sys 2009-03-16 17:40 . 2007-07-03 16:54 80,552 --a------ c:\windows\system32\drivers\sscdbus.sys 2009-03-16 17:40 . 2007-07-03 16:57 11,944 --a------ c:\windows\system32\drivers\sscdmdfl.sys 2009-03-16 17:40 . 2007-07-03 17:00 9,256 --a------ c:\windows\system32\drivers\sscdwhnt.sys 2009-03-16 17:40 . 2007-07-03 17:00 9,256 --a------ c:\windows\system32\drivers\sscdwh.sys 2009-03-16 17:40 . 2007-07-03 16:56 9,256 --a------ c:\windows\system32\drivers\sscdcmnt.sys 2009-03-16 17:40 . 2007-07-03 16:56 9,256 --a------ c:\windows\system32\drivers\sscdcm.sys 2009-03-15 10:32 . 2009-03-15 10:32 <DIR> d-------- c:\program files\Qwerty - Nauka Pisania 2009-03-13 20:49 . 2009-03-13 20:49 536,576 --a------ c:\windows\system32\splitter.ax 2009-03-13 20:48 . 2009-03-13 20:48 3,144,192 --a------ c:\windows\system32\ffdshow.ax 2009-03-13 20:48 . 2009-03-13 20:48 246,784 --a------ c:\windows\system32\dxr.dll 2009-03-13 20:46 . 2009-03-13 20:46 1,388,966 --a------ c:\windows\system32\ffmpegmt.dll 2009-03-13 20:45 . 2009-03-13 20:45 557,451 --a------ c:\windows\system32\libmplayer.dll 2009-03-13 20:44 . 2009-03-13 20:44 4,421,889 --a------ c:\windows\system32\libavcodec.dll 2009-03-13 15:30 . 2009-03-15 22:56 <DIR> d-------- c:\program files\Unlocker 2009-03-13 10:34 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll 2009-03-13 10:34 . 2008-10-16 14:06 208,744 --a------ c:\windows\system32\muweb.dll 2009-03-13 10:34 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui 2009-03-12 14:39 . 2009-03-12 16:50 <DIR> d-------- c:\documents and settings\DOM\Tracing 2009-03-12 14:11 . 2009-03-12 14:11 <DIR> d-------- c:\program files\Common Files\Windows Live 2009-03-11 20:44 . 2009-03-11 21:03 <DIR> d-------- c:\program files\MySpace 2009-03-11 20:44 . 2009-03-11 20:44 <DIR> d-------- c:\documents and settings\DOM\Dane aplikacji\MySpace 2009-03-11 11:03 . 2009-03-11 11:03 <DIR> d-------- c:\documents and settings\DOM\Dane aplikacji\Broad Intelligence 2009-03-11 10:53 . 2009-03-11 10:53 <DIR> d-------- c:\documents and settings\DOM\Dane aplikacji\OpenCandy 2009-03-11 10:52 . 2009-03-22 20:10 <DIR> d-------- c:\program files\MediaCoder 2009-03-11 10:06 . 2009-03-18 09:56 <DIR> d-------- c:\program files\Winamp 2009-03-10 11:17 . 2009-03-10 13:55 <DIR> d-------- c:\program files\ALLPlayer 2009-03-10 10:23 . 2009-03-10 10:23 795,648 --a------ c:\windows\system32\xvidcore.dll 2009-03-10 10:23 . 2009-03-10 10:23 487,936 --a------ c:\windows\system32\madFlac.ax 2009-03-10 10:23 . 2009-03-10 10:23 130,048 --a------ c:\windows\system32\xvidvfw.dll 2009-03-10 10:23 . 2009-03-10 10:23 118,784 --a------ c:\windows\system32\ac3acm.acm 2009-03-10 10:22 . 2009-03-10 10:22 901,120 --a------ c:\windows\system32\MpaDecFilter.ax 2009-03-10 10:22 . 2009-03-10 10:22 688,128 --a------ c:\windows\system32\mmamr.ax 2009-03-10 10:22 . 2009-03-10 10:22 348,160 --a------ c:\windows\system32\MpaSplitter.ax 2009-03-10 10:22 . 2009-03-10 10:22 348,160 --a------ c:\windows\system32\CoreVorbis.ax 2009-03-10 10:22 . 2009-03-10 10:22 258,048 --a------ c:\windows\system32\libFLAC.dll 2009-03-10 10:21 . 2009-03-10 10:21 892,928 --a------ c:\windows\system32\iconv.dll 2009-03-10 10:21 . 2009-03-10 10:21 860,160 --a------ c:\windows\system32\lameACM.acm 2009-03-10 10:21 . 2009-03-10 10:21 675,840 --a------ c:\windows\system32\ac3filter.ax 2009-03-10 10:21 . 2009-03-10 10:21 177,152 --a------ c:\windows\system32\MonkeySource.ax 2009-03-10 10:20 . 2009-03-10 10:20 1,291,776 --a------ c:\windows\system32\quartzXP.dll 2009-03-10 10:20 . 2009-03-10 10:20 507,904 --a------ c:\windows\system32\MP4Splitter.ax 2009-03-10 10:20 . 2009-03-10 10:20 319,488 --a------ c:\windows\system32\CoreAAC.ax 2009-03-10 10:20 . 2009-03-13 20:48 163,840 --a------ c:\windows\system32\ts.dll 2009-03-10 10:20 . 2009-03-10 10:20 159,744 --a------ c:\windows\system32\mmfinfo.dll 2009-03-10 10:20 . 2009-03-13 20:48 148,480 --a------ c:\windows\system32\mkx.dll 2009-03-10 10:20 . 2009-03-13 20:48 141,312 --a------ c:\windows\system32\mp4.dll 2009-03-10 10:20 . 2009-03-13 20:48 120,832 --a------ c:\windows\system32\ogm.dll 2009-03-10 10:20 . 2009-03-13 20:48 108,032 --a------ c:\windows\system32\avi.dll 2009-03-10 10:20 . 2009-03-13 20:48 79,360 --a------ c:\windows\system32\mkzlib.dll 2009-03-10 10:20 . 2009-03-10 10:20 75,264 --a------ c:\windows\system32\MACDec.dll 2009-03-10 10:20 . 2009-03-10 10:20 23,552 --a------ c:\windows\system32\mkunicode.dll 2009-03-10 10:19 . 2009-03-13 20:45 145,081 --a------ c:\windows\system32\libmpeg2_ff.dll 2009-03-10 10:19 . 2009-03-13 20:46 547 --a------ c:\windows\system32\ffdshow.ax.manifest 2009-03-10 10:18 . 2009-03-13 20:42 98,304 --a------ c:\windows\system32\ff_wmv9.dll 2009-03-10 10:17 . 2009-03-13 20:42 486,400 --a------ c:\windows\system32\ff_libfaad2.dll 2009-03-10 10:17 . 2009-03-13 20:42 257,024 --a------ c:\windows\system32\ff_libdts.dll 2009-03-10 10:17 . 2009-03-13 20:42 183,296 --a------ c:\windows\system32\ff_samplerate.dll 2009-03-10 10:17 . 2009-03-13 20:42 178,688 --a------ c:\windows\system32\ff_libmad.dll 2009-03-10 10:17 . 2009-03-13 20:42 142,848 --a------ c:\windows\system32\ff_liba52.dll 2009-03-10 10:17 . 2009-03-13 20:42 113,152 --a------ c:\windows\system32\ff_unrar.dll 2009-03-10 10:16 . 2009-03-10 10:16 1,415,680 --a------ c:\windows\system32\WMV9VCM.dll 2009-03-10 10:16 . 2009-03-10 10:16 921,600 --a------ c:\windows\system32\vorbisenc.dll 2009-03-10 10:16 . 2009-03-10 10:16 237,568 --a------ c:\windows\system32\OggDS.dll 2009-03-10 10:16 . 2009-03-10 10:16 188,416 --a------ c:\windows\system32\vorbis.dll 2009-03-10 10:16 . 2009-03-10 10:16 45,056 --a------ c:\windows\system32\ogg.dll 2009-03-10 10:15 . 2009-03-10 10:15 873,888 --a------ c:\windows\system32\CLVSD.ax 2009-03-10 10:15 . 2009-03-10 10:15 729,088 --a------ c:\windows\system32\divxdec.ax 2009-03-10 10:15 . 2009-03-10 10:15 417,792 --a------ c:\windows\system32\FLVSplitter.ax 2009-03-10 10:15 . 2009-03-10 10:15 387,584 --a------ c:\windows\system32\MpegSplitter.ax 2009-03-10 10:15 . 2009-03-10 10:15 245,760 --a------ c:\windows\system32\mplvpx.dll 2009-03-10 10:15 . 2009-03-10 10:15 106,496 --a------ c:\windows\system32\lmpgspl.ax 2009-03-10 10:15 . 2009-03-10 10:15 94,208 --a------ c:\windows\system32\lmpgvd.ax 2009-03-10 10:14 . 2009-03-10 10:14 524,288 --a------ c:\windows\system32\DivXsm.exe 2009-03-10 10:14 . 2009-03-10 10:14 77,824 --a------ c:\windows\system32\xvid.ax 2009-03-10 10:14 . 2009-03-10 10:14 69,632 --a------ c:\windows\system32\divxconfig.exe 2009-03-10 10:14 . 2009-03-10 10:14 4,816 --a------ c:\windows\system32\divxsm.tlb 2009-03-09 12:48 . 2009-03-09 12:48 0 --a------ c:\windows\WinPM.INI 2009-03-09 12:47 . 2009-03-09 12:47 <DIR> d-------- c:\program files\Paragon Software 2009-03-09 12:47 . 2004-09-03 10:53 3,870,720 --a------ c:\windows\system32\qt-mt323.dll 2009-03-09 12:47 . 2003-10-07 18:08 6,656 --a------ c:\windows\system32\WnASPI32.dll 2009-03-09 03:00 . 2009-03-09 03:00 <DIR> d-------- c:\program files\MSXML 4.0 2009-03-07 18:25 . 2009-03-16 18:14 <DIR> d-------- c:\documents and settings\DOM\Dane aplikacji\Samsung 2009-03-07 16:56 . 2006-05-03 22:53 174,592 --a------ c:\windows\system32\framedyn.dll 2009-03-07 16:55 . 2009-03-16 17:57 5,632 --a------ c:\windows\system32\drivers\StarOpen.sys 2009-03-07 16:53 . 2009-03-16 17:40 <DIR> d-------- c:\windows\system32\Samsung_USB_Drivers 2009-03-07 16:53 . 2005-08-28 20:51 766 --a------ c:\windows\system32\Uninstall.ico 2009-03-06 14:57 . 2009-03-06 14:57 <DIR> d-------- c:\program files\Klawiatura 2009-03-06 14:50 . 2009-03-06 15:01 <DIR> d-------- c:\program files\Szybkie Pisanie 2009-03-02 14:44 . 2009-03-02 14:44 37,236 --ah----- c:\windows\system32\mlfcache.dat 2009-03-01 18:19 . 2009-03-23 20:14 2,206 --a------ c:\windows\system32\wpa.dbl . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-03-23 19:14 --------- d-----w c:\documents and settings\DOM\Dane aplikacji\uTorrent 2009-03-23 18:59 --------- d-----w c:\documents and settings\DOM\Dane aplikacji\Skype 2009-03-23 18:48 --------- d-----w c:\documents and settings\DOM\Dane aplikacji\gtk-2.0 2009-03-22 22:01 --------- d-----w c:\documents and settings\DOM\Dane aplikacji\Winamp 2009-03-22 19:13 --------- d---a-w c:\documents and settings\All Users\Dane aplikacji\TEMP 2009-03-22 10:54 --------- d-----w c:\program files\Lx_cats 2009-03-22 10:43 22 ----a-w c:\windows\system32\drivers\adidsl.cfg 2009-03-22 10:43 --------- d--h--w c:\program files\InstallShield Installation Information 2009-03-21 15:08 --------- d-----w c:\program files\Odkurzacz 2009-03-19 19:31 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Microsoft Help 2009-03-19 13:18 --------- d-----w c:\program files\NAPI-PROJEKT 2009-03-19 12:22 --------- d-----w c:\documents and settings\DOM\Dane aplikacji\Thinstall 2009-03-19 09:20 --------- d-----w c:\program files\Google 2009-03-18 08:19 --------- d-----w c:\documents and settings\DOM\Dane aplikacji\U3 2009-03-16 16:39 --------- d-----w c:\program files\Samsung 2009-03-14 20:38 --------- d-----w c:\documents and settings\DOM\Dane aplikacji\TransEngPol41 2009-03-12 19:32 --------- d-----w c:\documents and settings\DOM\Dane aplikacji\skypePM 2009-03-12 19:02 --------- d-----w c:\program files\eMule 2009-03-12 18:59 --------- d-----w c:\program files\Nokia 2009-03-11 19:16 --------- d-----w c:\program files\uTorrent 2009-03-11 19:09 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Skype 2009-03-11 19:09 --------- d-----r c:\program files\Skype 2009-03-10 10:21 --------- d-----w c:\program files\Real Alternative 2009-03-10 07:32 --------- d-----w c:\documents and settings\DOM\Dane aplikacji\dvdcss 2009-03-03 12:18 --------- d-----w c:\program files\Common Files\Ahead 2009-03-03 12:18 --------- d-----w c:\program files\Ahead 2009-03-03 07:46 --------- d-----w c:\program files\PITy 2009-03-01 18:13 --------- d-----w c:\program files\IrfanView 2009-01-16 12:10 1,213,952 ----a-w c:\program files\BESTplayer.exe 2008-10-29 10:20 4,338,923 ----a-w c:\program files\Klawiatura_wozniak.exe 2008-04-10 13:20 720,482 ----a-w c:\program files\mxClock.exe 2008-04-02 13:19 32 ----a-w c:\documents and settings\All Users\Dane aplikacji\ezsid.dat . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{41F21158-4211-4D32-9E02-D57B19661561}] 2009-01-14 17:54 444416 --a------ c:\progra~1\ALLPLA~1\REDTUB~1.DLL [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-03-02 65536] "Paseczek"="c:\program files\Paseczek\Paseczek.exe" [2008-03-07 1616384] "mxClock"="c:\program files\mxClock.exe" [2008-04-10 720482] "Odkurzacz-MCD"="c:\program files\Odkurzacz\odk_mcd.exe" [2008-08-16 264704] "H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\WCESCOMM.EXE" [2004-02-24 401491] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296] "IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2008-11-13 243072] "uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2009-03-01 270128] "ALLUpdate"="c:\program files\ALLPlayer\ALLUpdate.exe" [2008-11-24 869888] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-03-11 24095528] "PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-12-03 1205760] "Magentic"="c:\progra~1\Magentic\bin\Magentic.exe" [2008-08-04 488808] "DriverMax"="c:\program files\Innovative Solutions\DriverMax\devices.exe" [2009-02-10 5391192] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X] "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2003-10-31 192512] "PadTouch"="c:\program files\TOSHIBA\Touch and Launch\PadExe.exe" [2004-11-17 1077327] "CeEKEY"="c:\program files\TOSHIBA\E-KEY\CeEKey.exe" [2005-01-21 675840] "TPNF"="c:\program files\TOSHIBA\TouchPad\TPTray.exe" [2004-11-29 53248] "TOSHIBA Accessibility"="c:\program files\TOSHIBA\Accessibility\FnKeyHook.exe" [2004-12-07 24576] "HWSetup"="c:\program files\TOSHIBA\TOSHIBA Applet\HWSetup.exe" [2004-12-23 28672] "SVPWUTIL"="c:\program files\Toshiba\Windows Utilities\SVPWUTIL.exe" [2005-02-25 65536] "Tvs"="c:\program files\TOSHIBA\Tvs\TvsTray.exe" [2004-11-12 73728] "NDSTray.exe"="c:\program files\TOSHIBA\ConfigFree\NDSTray.exe" [2004-12-17 933888] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-01-14 122939] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-02-20 1443072] "LXCGCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll" [2005-04-27 69632] "lxcgmon.exe"="c:\program files\Lexmark 2300 Series\lxcgmon.exe" [2005-05-05 200704] "EzPrint"="c:\program files\Lexmark 2300 Series\ezprint.exe" [2005-06-08 94208] "FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2005-05-03 299008] "Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2007-10-11 140568] "CFSServ.exe"="c:\program files\TOSHIBA\ConfigFree\CFSServ.exe" [2004-12-18 548864] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-08-01 98304] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-13 131072] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-01-13 163840] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-01-13 135168] "UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-03-09 37888] "TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2007-10-12 2611312] "TFncKy"="c:\program files\TOSHIBA\TOSHIBA Controls\TFncKy.exe" [2005-03-29 118784] "AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2007-10-12 905992] "WheelMouse"="c:\program files\A4Tech\Mouse\Amoumain.exe" [2007-02-10 188416] "AGRSMMSG"="AGRSMMSG.exe" [2004-10-28 c:\windows\agrsmmsg.exe] "Zooming"="ZoomingHook.exe" [2004-07-14 c:\windows\system32\ZoomingHook.exe] "TCtryIOHook"="TCtrlIOHook.exe" [2005-02-16 c:\windows\system32\TCtrlIOHook.exe] "TPSMain"="TPSMain.exe" [2005-01-21 c:\windows\system32\TPSMain.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\DOM\Menu Start\Programy\Autostart\ Tworzenie wycink˘w ekranu i uruchamianie programu OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440] c:\documents and settings\All Users\Menu Start\Programy\Autostart\ DSLMON.lnk - c:\program files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2009-03-22 962667] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "Msacm.dvacm"= c:\progra~1\COMMON~1\ULEADS~1\vio\dvacm.acm "msacm.mpegacm"= mpegacm.acm "msacm.ulmp3acm"= ulmp3acm.acm "MSACM.CEGSM"= mobilev.acm [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\WINDOWS\\system32\\lxcgcoms.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\eMule\\emule.exe"= "c:\\Program Files\\TOSHIBA\\ConfigFree\\CFXFER.exe"= "c:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"= "c:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Gadu-Gadu\\gg.exe"= "c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"= "c:\\Program Files\\IncrediMail\\bin\\ImApp.exe"= "c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"= "c:\\Program Files\\Magentic\\bin\\MgImp.exe"= "c:\\Program Files\\Magentic\\bin\\Magentic.exe"= "c:\\Program Files\\Magentic\\bin\\MgApp.exe"= "c:\\Documents and Settings\\DOM\\Dane aplikacji\\Thinstall\\O&O Defrag Professional\\40000014e00002i\\oodag.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [2008-07-31 20616] R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-02-20 33800] R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-02-20 472320] R3 Amps2prt;A4Tech PS/2 Port Mouse Driver;c:\windows\system32\drivers\Amps2prt.sys [2007-02-09 14336] S2 gupdate1c9a720ddcbb49b;Google Update Service (gupdate1c9a720ddcbb49b);c:\program files\Google\Update\GoogleUpdate.exe [2009-03-17 133104] S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [2008-12-07 30088] S3 CrystalSysInfo;CrystalSysInfo;\??\c:\program files\MediaCoder\SysInfo.sys --> c:\program files\MediaCoder\SysInfo.sys [?] S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [2008-07-02 26248] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5b9d6038-00bc-11dd-96ca-000fb08d59f6}] \Shell\AutoRun\command - F:\LaunchU3.exe -a . Zawartość folderu 'Zaplanowane zadania' 2009-03-23 c:\windows\Tasks\GoogleUpdateTaskMachine.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-03-17 17:53] . - - - - USUNIĘTO PUSTE WPISY - - - - HKCU-Run-ALLPasswordManager - c:\program files\MarBit\ALLPassword Manager\ALLPasswordManager.exe HKLM-Run-SmoothView - c:\program files\TOSHIBA\Program narzędziowy TOSHIBA Zooming Utility\SmoothView.exe . ------- Skan uzupełniający ------- . uStart Page = hxxp://mystart.magentic.com/english/ uInternet Connection Wizard,ShellNext = "c:\program files\Outlook Express\msimn.exe" IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: {851C5EFD-4F84-42FF-B075-8DD4C9F39F40} = 194.204.152.34 217.98.63.164 FF - ProfilePath - c:\documents and settings\DOM\Dane aplikacji\Mozilla\Firefox\Profiles\p6n0hpzx.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - www.pajacyk.pl FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q= FF - component: c:\documents and settings\DOM\Dane aplikacji\Mozilla\Firefox\Profiles\p6n0hpzx.default\extensions\trenpl4ff@kompas.info.pl\components\trenpl4ff.dll FF - component: c:\program files\Google\Google Gears\Firefox\components\gears.dll FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll FF - plugin: c:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dll FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava11.dll FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava12.dll FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava13.dll FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava14.dll FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava32.dll FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJPI150.dll FF - plugin: c:\program files\Java\jre1.5.0\bin\NPOJI610.dll ---- FIREFOX - SPOSÓB POSTĘPOWANIA ---- FF - user.js: network.http.max-connections-per-server - 8 FF - user.js: network.http.max-persistent-connections-per-server - 4 FF - user.js: content.max.tokenizing.time - 1800000 FF - user.js: content.notify.interval - 600000 FF - user.js: content.switch.threshold - 1000000 FF - user.js: nglayout.initialpaint.delay - 600 . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-03-23 20:14:17 Windows 5.1.2600 Dodatek Service Pack 3 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run LXCGCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- - - - - - - - > 'lsass.exe'(932) c:\windows\system32\relog_ap.dll . ------------------------ Pozostałe uruchomione procesy ------------------------ . c:\program files\TOSHIBA\Program narzc:\program files\TOSHIBA\Tvs\TvsTray.exe c:\windows\system32\TPSBattM.exe c:\program files\Common Files\Acronis\Schedule2\schedul2.exe c:\windows\system32\agrsmsvc.exe c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe c:\progra~1\Magentic\bin\MgApp.exe c:\program files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe c:\windows\system32\wdfmgr.exe c:\windows\system32\UTSCSI.EXE c:\program files\PC Connectivity Solution\ServiceLayer.exe c:\windows\system32\lxcgcoms.exe c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe . ************************************************************************** . Czas ukończenia: 2009-03-23 20:18:08 - komputer został uruchomiony ponownie ComboFix-quarantined-files.txt 2009-03-23 19:17:55 Przed: 20˙201˙148˙416 bajt˘w wolnych Po: 20,338,282,496 bajt˘w wolnych WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe 331 --- E O F --- 2009-03-15 08:55:58

**Posty:** 8001 · przez **Okocza** 24 Mar 2009, 16:42

Wykonaj to co jest podane w tym temacie

Zastosuj SDFix . Po pobraniu uruchom go a rozpakuje się do C:\SDFix. Uruchom komputer w trybie awaryjnym (F8 przy stracie systemu). Będąc w awaryjnym uruchom plik RunThis.bat z folderu SDFixa. Zatwierdź czyszczenie przez Y. Poczekaj aż ukończy i komputer zresetuje

Potem wejdz do folderu C:\SDFix wrzuc zawartość pliku Report.txt + log z combofixa oraz daj loga z hijacka

Autor postu otrzymał pochwałę

**Posty:** 14 · przez **Yurek-55** 25 Mar 2009, 10:34

Wydaje mi się, że dokładnie wykonałem wszystkie polecenia. Mam nadzieję, że logi z tych trzech programów wykażą, że jest wszystko w porządku. Podziękowania dla Okoczy i czekam na info, czy to już wszystko

Kod: Zaznacz wszystko: [b]SDFix: Version 1.240 [/b] Run by DOM on 2009-03-25 at 08:29 Microsoft Windows XP [Wersja 5.1.2600] Running From: C:\SDFix [b]Checking Services [/b]: Restoring Default Security Values Restoring Default Hosts File Rebooting [b]Checking Files [/b]: No Trojan Files Found Removing Temp Files [b]ADS Check [/b]: [b]Final Check [/b]: catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-03-25 08:38:04 Windows 5.1.2600 Dodatek Service Pack 3 NTFS scanning hidden processes ... scanning hidden services & system hive ... scanning hidden registry entries ... [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher] "TracesProcessed"=dword:00000148 [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Twain] "y\1r?ó?d?B\1o? ?d?o?m?y?[\1l?n?e?"="C:\WINDOWS\Twain_32\Lexmark\2300 Series\lxcgtwds.ds" scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 [b]Remaining Services [/b]: Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote" "C:\\WINDOWS\\system32\\lxcgcoms.exe"="C:\\WINDOWS\\system32\\lxcgcoms.exe:*:Enabled:2300 Series" "C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent" "C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule" "C:\\Program Files\\TOSHIBA\\ConfigFree\\CFXFER.exe"="C:\\Program Files\\TOSHIBA\\ConfigFree\\CFXFER.exe:*:Enabled:ConfigFree SUMMIT Engine" "C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:*:Enabled:ActiveSync Connection Manager" "C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:*:Enabled:ActiveSync Application" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\Gadu-Gadu\\gg.exe"="C:\\Program Files\\Gadu-Gadu\\gg.exe:*:Enabled:Gadu-Gadu - program główny" "C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"="C:\\Program Files\\IncrediMail\\bin\\IncMail.exe:*:Enabled:IncrediMail" "C:\\Program Files\\IncrediMail\\bin\\ImApp.exe"="C:\\Program Files\\IncrediMail\\bin\\ImApp.exe:*:Enabled:IncrediMail" "C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"="C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe:*:Enabled:IncrediMail" "C:\\Program Files\\Magentic\\bin\\MgImp.exe"="C:\\Program Files\\Magentic\\bin\\MgImp.exe:*:Enabled:Magentic" "C:\\Program Files\\Magentic\\bin\\Magentic.exe"="C:\\Program Files\\Magentic\\bin\\Magentic.exe:*:Enabled:Magentic" "C:\\Program Files\\Magentic\\bin\\MgApp.exe"="C:\\Program Files\\Magentic\\bin\\MgApp.exe:*:Enabled:Magentic" "C:\\Documents and Settings\\DOM\\Dane aplikacji\\Thinstall\\O&O Defrag Professional\\40000014e00002i\\oodag.exe"="C:\\Documents and Settings\\DOM\\Dane aplikacji\\Thinstall\\O&O Defrag Professional\\40000014e00002i\\oodag.exe:*:Enabled:oodag" "C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test" "C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" [b]Remaining Files [/b]: [b]Files with Hidden Attributes [/b]: Thu 19 Mar 2009 9,934,392 A..H. --- "C:\Program Files\Google\Picasa3\setup.exe" Tue 23 Oct 2007 3,350,528 A..H. --- "C:\Documents and Settings\DOM\Dane aplikacji\U3\temp\Launchpad Removal.exe" [b]Finished![/b]

Kod: Zaznacz wszystko: ComboFix 09-03-23.01 - DOM 2009-03-25 8:50:47.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1250.1.1045.18.1014.461 [GMT 1:00] Uruchomiony z: c:\program files\ComboFix.exe AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) * Utworzono nowy punkt przywracania ((((((((((((((((((((((((( Pliki utworzone od 2009-02-25 do 2009-03-25 ))))))))))))))))))))))))))))))) 2009-03-25 08:28 . 2009-03-25 08:28 580,096 --a--c--- c:\windows\system32\dllcache\user32.dll 2009-03-25 08:25 . 2009-03-25 08:26 <DIR> d-------- c:\windows\ERUNT 2009-03-25 08:20 . 2009-03-25 08:40 <DIR> d-------- C:\SDFix 2009-03-24 10:48 . 2009-03-24 10:48 50,688 --a------ c:\program files\ATF-Cleaner.exe 2009-03-24 08:46 . 2009-03-24 08:58 <DIR> d-------- c:\program files\Wise Registry Cleaner 2009-03-23 19:55 . 2009-03-25 08:48 2,934,667 -ra------ c:\program files\ComboFix.exe 2009-03-22 19:40 . 2009-03-22 19:41 610,304 --a------ c:\program files\TCPOptimizer.exe 2009-03-22 11:43 . 2009-03-22 11:43 <DIR> d-------- c:\program files\SAGEM 2009-03-22 11:33 . 2002-12-09 18:24 49,152 --a------ c:\windows\system32\WooDial2000.dll 2009-03-22 11:33 . 2002-12-09 18:24 48,128 --a------ c:\windows\system32\SMMSCRPT.DLL 2009-03-22 11:33 . 2002-12-09 18:24 5,632 --a------ c:\windows\system32\SMMSETUP.DLL 2009-03-22 11:31 . 2009-03-22 11:43 479 --a------ c:\windows\adiras.ini 2009-03-22 10:26 . 2009-03-22 11:38 <DIR> d-------- c:\program files\Wanadoo 2009-03-22 10:26 . 2003-03-04 10:26 9,728 --a------ c:\windows\system32\rnaph.dll 2009-03-20 11:01 . 2009-03-20 11:01 <DIR> d-------- c:\program files\Common Files\IPSPI 2009-03-19 07:34 . 2009-03-19 07:34 <DIR> d-------- c:\program files\A4Tech 2009-03-18 17:31 . 2009-03-18 17:31 <DIR> d-------- c:\program files\CDex_151 2009-03-17 09:06 . 2009-03-19 14:24 <DIR> d-------- c:\program files\Innovative Solutions 2009-03-16 17:40 . 2007-07-03 16:58 106,792 --a------ c:\windows\system32\drivers\sscdmdm.sys 2009-03-16 17:40 . 2007-07-03 16:54 80,552 --a------ c:\windows\system32\drivers\sscdbus.sys 2009-03-16 17:40 . 2007-07-03 16:57 11,944 --a------ c:\windows\system32\drivers\sscdmdfl.sys 2009-03-16 17:40 . 2007-07-03 17:00 9,256 --a------ c:\windows\system32\drivers\sscdwhnt.sys 2009-03-16 17:40 . 2007-07-03 17:00 9,256 --a------ c:\windows\system32\drivers\sscdwh.sys 2009-03-16 17:40 . 2007-07-03 16:56 9,256 --a------ c:\windows\system32\drivers\sscdcmnt.sys 2009-03-16 17:40 . 2007-07-03 16:56 9,256 --a------ c:\windows\system32\drivers\sscdcm.sys 2009-03-15 10:32 . 2009-03-15 10:32 <DIR> d-------- c:\program files\Qwerty - Nauka Pisania 2009-03-13 20:49 . 2009-03-13 20:49 536,576 --a------ c:\windows\system32\splitter.ax 2009-03-13 20:48 . 2009-03-13 20:48 3,144,192 --a------ c:\windows\system32\ffdshow.ax 2009-03-13 20:48 . 2009-03-13 20:48 246,784 --a------ c:\windows\system32\dxr.dll 2009-03-13 20:46 . 2009-03-13 20:46 1,388,966 --a------ c:\windows\system32\ffmpegmt.dll 2009-03-13 20:45 . 2009-03-13 20:45 557,451 --a------ c:\windows\system32\libmplayer.dll 2009-03-13 20:44 . 2009-03-13 20:44 4,421,889 --a------ c:\windows\system32\libavcodec.dll 2009-03-13 15:30 . 2009-03-15 22:56 <DIR> d-------- c:\program files\Unlocker 2009-03-13 10:34 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll 2009-03-13 10:34 . 2008-10-16 14:06 208,744 --a------ c:\windows\system32\muweb.dll 2009-03-13 10:34 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui 2009-03-12 14:39 . 2009-03-12 16:50 <DIR> d-------- c:\documents and settings\DOM\Tracing 2009-03-12 14:11 . 2009-03-12 14:11 <DIR> d-------- c:\program files\Common Files\Windows Live 2009-03-11 20:44 . 2009-03-11 21:03 <DIR> d-------- c:\program files\MySpace 2009-03-11 20:44 . 2009-03-11 20:44 <DIR> d-------- c:\documents and settings\DOM\Dane aplikacji\MySpace 2009-03-11 11:03 . 2009-03-11 11:03 <DIR> d-------- c:\documents and settings\DOM\Dane aplikacji\Broad Intelligence 2009-03-11 10:53 . 2009-03-11 10:53 <DIR> d-------- c:\documents and settings\DOM\Dane aplikacji\OpenCandy 2009-03-11 10:52 . 2009-03-22 20:10 <DIR> d-------- c:\program files\MediaCoder 2009-03-11 10:06 . 2009-03-18 09:56 <DIR> d-------- c:\program files\Winamp 2009-03-10 11:17 . 2009-03-10 13:55 <DIR> d-------- c:\program files\ALLPlayer 2009-03-10 10:23 . 2009-03-10 10:23 795,648 --a------ c:\windows\system32\xvidcore.dll 2009-03-10 10:23 . 2009-03-10 10:23 487,936 --a------ c:\windows\system32\madFlac.ax 2009-03-10 10:23 . 2009-03-10 10:23 130,048 --a------ c:\windows\system32\xvidvfw.dll 2009-03-10 10:23 . 2009-03-10 10:23 118,784 --a------ c:\windows\system32\ac3acm.acm 2009-03-10 10:22 . 2009-03-10 10:22 901,120 --a------ c:\windows\system32\MpaDecFilter.ax 2009-03-10 10:22 . 2009-03-10 10:22 688,128 --a------ c:\windows\system32\mmamr.ax 2009-03-10 10:22 . 2009-03-10 10:22 348,160 --a------ c:\windows\system32\MpaSplitter.ax 2009-03-10 10:22 . 2009-03-10 10:22 348,160 --a------ c:\windows\system32\CoreVorbis.ax 2009-03-10 10:22 . 2009-03-10 10:22 258,048 --a------ c:\windows\system32\libFLAC.dll 2009-03-10 10:21 . 2009-03-10 10:21 892,928 --a------ c:\windows\system32\iconv.dll 2009-03-10 10:21 . 2009-03-10 10:21 860,160 --a------ c:\windows\system32\lameACM.acm 2009-03-10 10:21 . 2009-03-10 10:21 675,840 --a------ c:\windows\system32\ac3filter.ax 2009-03-10 10:21 . 2009-03-10 10:21 177,152 --a------ c:\windows\system32\MonkeySource.ax 2009-03-10 10:20 . 2009-03-10 10:20 1,291,776 --a------ c:\windows\system32\quartzXP.dll 2009-03-10 10:20 . 2009-03-10 10:20 507,904 --a------ c:\windows\system32\MP4Splitter.ax 2009-03-10 10:20 . 2009-03-10 10:20 319,488 --a------ c:\windows\system32\CoreAAC.ax 2009-03-10 10:20 . 2009-03-13 20:48 163,840 --a------ c:\windows\system32\ts.dll 2009-03-10 10:20 . 2009-03-10 10:20 159,744 --a------ c:\windows\system32\mmfinfo.dll 2009-03-10 10:20 . 2009-03-13 20:48 148,480 --a------ c:\windows\system32\mkx.dll 2009-03-10 10:20 . 2009-03-13 20:48 141,312 --a------ c:\windows\system32\mp4.dll 2009-03-10 10:20 . 2009-03-13 20:48 120,832 --a------ c:\windows\system32\ogm.dll 2009-03-10 10:20 . 2009-03-13 20:48 108,032 --a------ c:\windows\system32\avi.dll 2009-03-10 10:20 . 2009-03-13 20:48 79,360 --a------ c:\windows\system32\mkzlib.dll 2009-03-10 10:20 . 2009-03-10 10:20 75,264 --a------ c:\windows\system32\MACDec.dll 2009-03-10 10:20 . 2009-03-10 10:20 23,552 --a------ c:\windows\system32\mkunicode.dll 2009-03-10 10:19 . 2009-03-13 20:45 145,081 --a------ c:\windows\system32\libmpeg2_ff.dll 2009-03-10 10:19 . 2009-03-13 20:46 547 --a------ c:\windows\system32\ffdshow.ax.manifest 2009-03-10 10:18 . 2009-03-13 20:42 98,304 --a------ c:\windows\system32\ff_wmv9.dll 2009-03-10 10:17 . 2009-03-13 20:42 486,400 --a------ c:\windows\system32\ff_libfaad2.dll 2009-03-10 10:17 . 2009-03-13 20:42 257,024 --a------ c:\windows\system32\ff_libdts.dll 2009-03-10 10:17 . 2009-03-13 20:42 183,296 --a------ c:\windows\system32\ff_samplerate.dll 2009-03-10 10:17 . 2009-03-13 20:42 178,688 --a------ c:\windows\system32\ff_libmad.dll 2009-03-10 10:17 . 2009-03-13 20:42 142,848 --a------ c:\windows\system32\ff_liba52.dll 2009-03-10 10:17 . 2009-03-13 20:42 113,152 --a------ c:\windows\system32\ff_unrar.dll 2009-03-10 10:16 . 2009-03-10 10:16 1,415,680 --a------ c:\windows\system32\WMV9VCM.dll 2009-03-10 10:16 . 2009-03-10 10:16 921,600 --a------ c:\windows\system32\vorbisenc.dll 2009-03-10 10:16 . 2009-03-10 10:16 237,568 --a------ c:\windows\system32\OggDS.dll 2009-03-10 10:16 . 2009-03-10 10:16 188,416 --a------ c:\windows\system32\vorbis.dll 2009-03-10 10:16 . 2009-03-10 10:16 45,056 --a------ c:\windows\system32\ogg.dll 2009-03-10 10:15 . 2009-03-10 10:15 873,888 --a------ c:\windows\system32\CLVSD.ax 2009-03-10 10:15 . 2009-03-10 10:15 729,088 --a------ c:\windows\system32\divxdec.ax 2009-03-10 10:15 . 2009-03-10 10:15 417,792 --a------ c:\windows\system32\FLVSplitter.ax 2009-03-10 10:15 . 2009-03-10 10:15 387,584 --a------ c:\windows\system32\MpegSplitter.ax 2009-03-10 10:15 . 2009-03-10 10:15 245,760 --a------ c:\windows\system32\mplvpx.dll 2009-03-10 10:15 . 2009-03-10 10:15 106,496 --a------ c:\windows\system32\lmpgspl.ax 2009-03-10 10:15 . 2009-03-10 10:15 94,208 --a------ c:\windows\system32\lmpgvd.ax 2009-03-10 10:14 . 2009-03-10 10:14 524,288 --a------ c:\windows\system32\DivXsm.exe 2009-03-10 10:14 . 2009-03-10 10:14 77,824 --a------ c:\windows\system32\xvid.ax 2009-03-10 10:14 . 2009-03-10 10:14 69,632 --a------ c:\windows\system32\divxconfig.exe 2009-03-10 10:14 . 2009-03-10 10:14 4,816 --a------ c:\windows\system32\divxsm.tlb 2009-03-09 12:48 . 2009-03-09 12:48 0 --a------ c:\windows\WinPM.INI 2009-03-09 12:47 . 2009-03-09 12:47 <DIR> d-------- c:\program files\Paragon Software 2009-03-09 12:47 . 2004-09-03 10:53 3,870,720 --a------ c:\windows\system32\qt-mt323.dll 2009-03-09 12:47 . 2003-10-07 18:08 6,656 --a------ c:\windows\system32\WnASPI32.dll 2009-03-09 03:00 . 2009-03-09 03:00 <DIR> d-------- c:\program files\MSXML 4.0 2009-03-07 18:25 . 2009-03-16 18:14 <DIR> d-------- c:\documents and settings\DOM\Dane aplikacji\Samsung 2009-03-07 16:56 . 2006-05-03 22:53 174,592 --a------ c:\windows\system32\framedyn.dll 2009-03-07 16:55 . 2009-03-16 17:57 5,632 --a------ c:\windows\system32\drivers\StarOpen.sys 2009-03-07 16:53 . 2009-03-16 17:40 <DIR> d-------- c:\windows\system32\Samsung_USB_Drivers 2009-03-07 16:53 . 2005-08-28 20:51 766 --a------ c:\windows\system32\Uninstall.ico 2009-03-06 14:57 . 2009-03-06 14:57 <DIR> d-------- c:\program files\Klawiatura 2009-03-06 14:50 . 2009-03-06 15:01 <DIR> d-------- c:\program files\Szybkie Pisanie 2009-03-02 14:44 . 2009-03-02 14:44 37,236 --ah----- c:\windows\system32\mlfcache.dat 2009-03-01 18:19 . 2009-03-25 08:54 2,206 --a------ c:\windows\system32\wpa.dbl. (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))). 2009-03-25 07:54 --------- d-----w c:\documents and settings\DOM\Dane aplikacji\uTorrent 2009-03-25 07:54 --------- d-----w c:\documents and settings\DOM\Dane aplikacji\Skype 2009-03-24 14:17 --------- d-----w c:\documents and settings\DOM\Dane aplikacji\gtk-2.0 2009-03-24 10:20 --------- d-----w c:\documents and settings\DOM\Dane aplikacji\Winamp 2009-03-23 21:58 --------- d---a-w c:\documents and settings\All Users\Dane aplikacji\TEMP 2009-03-23 21:58 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Spybot - Search & Destroy 2009-03-22 10:54 --------- d-----w c:\program files\Lx_cats 2009-03-22 10:43 22 ----a-w c:\windows\system32\drivers\adidsl.cfg 2009-03-22 10:43 --------- d--h--w c:\program files\InstallShield Installation Information 2009-03-21 15:08 --------- d-----w c:\program files\Odkurzacz 2009-03-19 19:31 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Microsoft Help 2009-03-19 13:18 --------- d-----w c:\program files\NAPI-PROJEKT 2009-03-19 12:22 --------- d-----w c:\documents and settings\DOM\Dane aplikacji\Thinstall 2009-03-19 09:20 --------- d-----w c:\program files\Google 2009-03-18 08:19 --------- d-----w c:\documents and settings\DOM\Dane aplikacji\U3 2009-03-16 16:39 --------- d-----w c:\program files\Samsung 2009-03-14 20:38 --------- d-----w c:\documents and settings\DOM\Dane aplikacji\TransEngPol41 2009-03-12 19:32 --------- d-----w c:\documents and settings\DOM\Dane aplikacji\skypePM 2009-03-12 19:02 --------- d-----w c:\program files\eMule 2009-03-12 18:59 --------- d-----w c:\program files\Nokia 2009-03-11 19:16 --------- d-----w c:\program files\uTorrent 2009-03-11 19:09 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Skype 2009-03-11 19:09 --------- d-----r c:\program files\Skype 2009-03-10 10:21 --------- d-----w c:\program files\Real Alternative 2009-03-10 07:32 --------- d-----w c:\documents and settings\DOM\Dane aplikacji\dvdcss 2009-03-03 12:18 --------- d-----w c:\program files\Common Files\Ahead 2009-03-03 12:18 --------- d-----w c:\program files\Ahead 2009-03-03 07:46 --------- d-----w c:\program files\PITy 2009-03-01 18:13 --------- d-----w c:\program files\IrfanView 2009-01-16 12:10 1,213,952 ----a-w c:\program files\BESTplayer.exe 2008-10-29 10:20 4,338,923 ----a-w c:\program files\Klawiatura_wozniak.exe 2008-04-10 13:20 720,482 ----a-w c:\program files\mxClock.exe 2008-04-02 13:19 32 ----a-w c:\documents and settings\All Users\Dane aplikacji\ezsid.dat. ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) .*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{41F21158-4211-4D32-9E02-D57B19661561}] 2009-01-14 17:54 444416 --a------ c:\progra~1\ALLPLA~1\REDTUB~1.DLL [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "Paseczek"="c:\program files\Paseczek\Paseczek.exe" [2008-03-07 1616384] "mxClock"="c:\program files\mxClock.exe" [2008-04-10 720482] "uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2009-03-01 270128] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-03-11 24095528] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PadTouch"="c:\program files\TOSHIBA\Touch and Launch\PadExe.exe" [2004-11-17 1077327] "Tvs"="c:\program files\TOSHIBA\Tvs\TvsTray.exe" [2004-11-12 73728] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-02-20 1443072] "LXCGCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll" [2005-04-27 69632] "Zooming"="ZoomingHook.exe" [2004-07-14 c:\windows\system32\ZoomingHook.exe] "TCtryIOHook"="TCtrlIOHook.exe" [2005-02-16 c:\windows\system32\TCtrlIOHook.exe] "TPSMain"="TPSMain.exe" [2005-01-21 c:\windows\system32\TPSMain.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\All Users\Menu Start\Programy\Autostart\ DSLMON.lnk - c:\program files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2009-03-22 962667] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "Msacm.dvacm"= c:\progra~1\COMMON~1\ULEADS~1\vio\dvacm.acm "msacm.mpegacm"= mpegacm.acm "msacm.ulmp3acm"= ulmp3acm.acm "MSACM.CEGSM"= mobilev.acm [HKLM\~\startupfolder\C:^Documents and Settings^DOM^Menu Start^Programy^Autostart^Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk] backup=c:\windows\pss\Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck] c:\windows\system32\dumprep 0 -u [X] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service] --a------ 2007-10-11 17:20 140568 c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor] --a------ 2007-10-12 10:03 905992 c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2008-01-11 21:16 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ALLUpdate] --a------ 2008-11-24 20:44 869888 c:\program files\ALLPlayer\ALLUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint] --a------ 2003-10-31 00:46 192512 c:\program files\Apoint2K\Apoint.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CeEKEY] --a------ 2005-01-21 21:48 675840 c:\program files\TOSHIBA\E-KEY\CeEKey.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CFSServ.exe] --a------ 2004-12-18 00:47 548864 c:\program files\TOSHIBA\ConfigFree\CFSServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla] --a------ 2005-01-14 01:05 122939 c:\windows\system32\dla\tfswctrl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverMax] --a------ 2009-02-10 13:42 5391192 c:\program files\Innovative Solutions\DriverMax\devices.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint] --a------ 2005-06-08 17:19 94208 c:\program files\Lexmark 2300 Series\ezprint.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer] --a------ 2005-05-03 19:20 299008 c:\program files\Lexmark Fax Solutions\fm3032.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent] --a------ 2004-02-24 14:33 401491 c:\program files\Microsoft ActiveSync\wcescomm.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] --a------ 2007-01-13 08:47 163840 c:\windows\system32\hkcmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HWSetup] --a------ 2004-12-23 18:07 28672 c:\program files\TOSHIBA\TOSHIBA Applet\HWSetup.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] --a------ 2007-01-13 08:47 131072 c:\windows\system32\igfxtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IncrediMail] --a------ 2008-11-13 11:59 243072 c:\program files\IncrediMail\bin\IncMail.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxcgmon.exe] --a------ 2005-05-05 00:25 200704 c:\program files\Lexmark 2300 Series\lxcgmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Magentic] --a------ 2008-08-04 09:51 488808 c:\progra~1\Magentic\bin\Magentic.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NDSTray.exe] --a------ 2004-12-17 04:09 933888 c:\program files\TOSHIBA\ConfigFree\NDSTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Odkurzacz-MCD] --a------ 2008-08-16 15:01 264704 c:\program files\Odkurzacz\odk_mcd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray] --a------ 2008-12-03 12:47 1205760 c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence] --a------ 2007-01-13 08:46 135168 c:\windows\system32\igfxpers.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-08-01 17:57 98304 c:\program files\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SVPWUTIL] --a------ 2005-02-25 15:59 65536 c:\program files\TOSHIBA\Windows Utilities\SVPWUTIL.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TFncKy] --a------ 2005-03-29 16:06 118784 c:\program files\TOSHIBA\TOSHIBA Controls\TFncKy.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TOSCDSPD] --a------ 2005-03-02 12:15 65536 c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TOSHIBA Accessibility] --a------ 2004-12-07 21:24 24576 c:\program files\TOSHIBA\Accessibility\FnKeyHook.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPNF] --a------ 2004-11-29 21:06 53248 c:\program files\TOSHIBA\TouchPad\TPTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe] --a------ 2007-10-12 09:57 2611312 c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant] --a------ 2008-05-02 05:15 15872 c:\program files\Unlocker\UnlockerAssistant.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WheelMouse] --a------ 2007-02-10 16:33 188416 c:\program files\A4Tech\Mouse\Amoumain.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] --a------ 2009-03-09 16:49 37888 c:\program files\Winamp\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG] --a------ 2004-10-28 22:37 88363 c:\windows\agrsmmsg.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\WINDOWS\\system32\\lxcgcoms.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\eMule\\emule.exe"= "c:\\Program Files\\TOSHIBA\\ConfigFree\\CFXFER.exe"= "c:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"= "c:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Gadu-Gadu\\gg.exe"= "c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"= "c:\\Program Files\\IncrediMail\\bin\\ImApp.exe"= "c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"= "c:\\Program Files\\Magentic\\bin\\MgImp.exe"= "c:\\Program Files\\Magentic\\bin\\Magentic.exe"= "c:\\Program Files\\Magentic\\bin\\MgApp.exe"= "c:\\Documents and Settings\\DOM\\Dane aplikacji\\Thinstall\\O&O Defrag Professional\\40000014e00002i\\oodag.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundEchoRequest"= 1 (0x1) R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [2008-07-31 20616] R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-02-20 33800] R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-02-20 472320] R3 Amps2prt;A4Tech PS/2 Port Mouse Driver;c:\windows\system32\drivers\Amps2prt.sys [2007-02-09 14336] S2 gupdate1c9a720ddcbb49b;Google Update Service (gupdate1c9a720ddcbb49b);c:\program files\Google\Update\GoogleUpdate.exe [2009-03-17 133104] S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [2008-12-07 30088] S3 CrystalSysInfo;CrystalSysInfo;\??\c:\program files\MediaCoder\SysInfo.sys --> c:\program files\MediaCoder\SysInfo.sys [?] S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [2008-07-02 26248] .Zawartość folderu 'Zaplanowane zadania' 2009-03-25 c:\windows\Tasks\GoogleUpdateTaskMachine.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-03-17 17:53] .------- Skan uzupełniający ------- uStart Page = hxxp://mystart.magentic.com/english/ uInternet Connection Wizard,ShellNext = "c:\program files\Outlook Express\msimn.exe" IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\DOM\Dane aplikacji\Mozilla\Firefox\Profiles\p6n0hpzx.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - www.pajacyk.pl FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q= FF - component: c:\documents and settings\DOM\Dane aplikacji\Mozilla\Firefox\Profiles\p6n0hpzx.default\extensions\trenpl4ff@kompas.info.pl\components\trenpl4ff.dll FF - component: c:\program files\Google\Google Gears\Firefox\components\gears.dll FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll FF - plugin: c:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dll FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava11.dll FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava12.dll FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava13.dll FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava14.dll FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava32.dll FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJPI150.dll FF - plugin: c:\program files\Java\jre1.5.0\bin\NPOJI610.dll ---- FIREFOX - SPOSÓB POSTĘPOWANIA ---- FF - user.js: network.http.max-connections-per-server - 8 FF - user.js: network.http.max-persistent-connections-per-server - 4 FF - user.js: content.max.tokenizing.time - 1800000 FF - user.js: content.notify.interval - 600000 FF - user.js: content.switch.threshold - 1000000 FF - user.js: nglayout.initialpaint.delay - 600 ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-03-25 08:54:39 Windows 5.1.2600 Dodatek Service Pack 3 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run LXCGCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 **************************************************************************. --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- - - - - - - - > 'lsass.exe'(1120) c:\windows\system32\relog_ap.dll. ------------------------ Pozostałe uruchomione procesy ------------------------. c:\windows\system32\TPSBattM.exe c:\program files\Common Files\Acronis\Schedule2\schedul2.exe c:\windows\system32\agrsmsvc.exe c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe c:\program files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe c:\windows\system32\wdfmgr.exe c:\windows\system32\UTSCSI.EXE. ************************************************************************** .Czas ukończenia: 2009-03-25 8:58:30 - komputer został uruchomiony ponownie ComboFix-quarantined-files.txt 2009-03-25 07:58:22 ComboFix2.txt 2009-03-24 08:22:11 ComboFix3.txt 2009-03-23 19:18:09 Przed: 20 172 935 168 bajtów wolnych Po: 20,162,445,312 bajtów wolnych 356 --- E O F --- 2009-03-15 08:55:58

Kod: Zaznacz wszystko: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 09:02:53, on 2009-03-25 Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Google\Update\GoogleUpdate.exe C:\WINDOWS\system32\ZoomingHook.exe C:\WINDOWS\system32\TCtrlIOHook.exe C:\Program Files\TOSHIBA\Tvs\TvsTray.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Paseczek\Paseczek.exe C:\Program Files\mxClock.exe C:\Program Files\uTorrent\uTorrent.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe C:\WINDOWS\system32\TPSBattM.exe C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe C:\WINDOWS\system32\agrsmsvc.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\WINDOWS\system32\UTSCSI.EXE C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Toshiba\TOSHIBA Controls\TFncKy.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.magentic.com/english/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe" R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: RedTube To ALLPlayer - {41F21158-4211-4D32-9E02-D57B19661561} - C:\PROGRA~1\ALLPLA~1\REDTUB~1.DLL O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: YouTube To ALLPlayer - {61DB16C5-B733-43F4-872E-B20DC9E72740} - C:\PROGRA~1\ALLPLA~1\YOUTUB~1.DLL O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.4.2\gears.dll O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe O4 - HKLM\..\Run: [Zooming] ZoomingHook.exe O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe O4 - HKLM\..\Run: [TPSMain] TPSMain.exe O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16 O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Paseczek] C:\Program Files\Paseczek\Paseczek.exe O4 - HKCU\..\Run: [mxClock] C:\Program Files\mxClock.exe O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.4.2\gears.dll O9 - Extra 'Tools' menuitem: Ustawienia wtyczki &Gears - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.4.2\gears.dll O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Utwórz Ulubione dla urządzenia przenośnego - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra 'Tools' menuitem: Utwórz Ulubione dla urządzenia przenośnego... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Opcje tłumaczenia angielsko-polskie (Kompas wersja 4) - {4F1DF60B-1BFF-4566-924B-9F24A974C910} - C:\Program Files\TransEnPl41\trenpl4ie_opcje.htm (HKCU) O9 - Extra 'Tools' menuitem: Opcje tłumaczenia angielsko-polskie (Kompas wersja 4) - {4F1DF60B-1BFF-4566-924B-9F24A974C910} - C:\Program Files\TransEnPl41\trenpl4ie_opcje.htm (HKCU) O9 - Extra button: Tłumacz angielski->polski (Kompas wersja 4) - {50C285B9-12A7-427B-B1B4-3BD810513848} - C:\Program Files\TransEnPl41\trenpl4ie_tlumaczenpl.htm (HKCU) O9 - Extra 'Tools' menuitem: Tłumacz angielski->polski (Kompas wersja 4) - {50C285B9-12A7-427B-B1B4-3BD810513848} - C:\Program Files\TransEnPl41\trenpl4ie_tlumaczenpl.htm (HKCU) O9 - Extra button: Tłumacz polski->angielski (Kompas wersja 4) - {860D2F9E-9D14-4D7C-A3C9-1B1B40C758F6} - C:\Program Files\TransEnPl41\trenpl4ie_tlumaczplen.htm (HKCU) O9 - Extra 'Tools' menuitem: Tłumacz polski->angielski (Kompas wersja 4) - {860D2F9E-9D14-4D7C-A3C9-1B1B40C758F6} - C:\Program Files\TransEnPl41\trenpl4ie_tlumaczplen.htm (HKCU) O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: Google Update Service (gupdate1c9a720ddcbb49b) (gupdate1c9a720ddcbb49b) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: lxcg_device - Unknown owner - C:\WINDOWS\system32\lxcgcoms.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: CLCV0 (UTSCSI) - Unknown owner - C:\WINDOWS\system32\UTSCSI.EXE -- End of file - 8846 bytes

**Posty:** 18165 · przez **wojtas** 25 Mar 2009, 19:21

1. Ściągnij OTMoveIt i go włacz i odpal go z opcji CleanUp

oraz skasuj folder C:\Qoobox
2. wykonaj optymalizację windowsa
3.sciagnij ATF_Cleaner
zaznacz
Windows Temp
All users Temp
Temporary internet files
Recycle Bin
i wcisnij EMPTY SELECTED
4.Wyłącz przywracanie systemu ( właściwości mój komputer-zakładka przywracanie - wyłącz przywracanie na wszystkich dyskach). Po chwili włącz je powrotem
5. Wykonaj skan Dr. Web CureIt
6. Przeskanuj obszar mojego komputera http://www.kaspersky.pl/virusscanner.html (uruchom przez IE) Daj raport z niego na forum.

i tym:

FixIEDef.

**Posty:** 14 · przez **Yurek-55** 26 Mar 2009, 13:19

zrobiłem te wszystkie rzeczy które mi tu poradzono i teraz pokazuje się raport o błędach explorer.exe i zamyka oczywiście exploratora windows. Raporty mają taką postać:

Kod: Zaznacz wszystko: szAppName : iexplore.exe szAppVer : 6.0.2900.5512 szModName : hungapp szModVer : 0.0.0.0 offset : 00000000

albo taki:

Kod: Zaznacz wszystko: AppName: explorer.exe AppVer: 6.0.2900.5512 ModName: fun_avcodec.dll ModVer: 0.0.0.0 Offset: 0000301a

Co teraz radzicie?
PS. Załączam log combofixa jakby to mogło pomóc

Kod: Zaznacz wszystko: ComboFix 09-03-25.03 - DOM 2009-03-26 11:53:05.4 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1250.1.1045.18.1014.500 [GMT 1:00] Uruchomiony z: c:\program files\ComboFix.exe AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated) * Utworzono nowy punkt przywracania * Resident AV is active . ((((((((((((((((((((((((( Pliki utworzone od 2009-02-26 do 2009-03-26 ))))))))))))))))))))))))))))))) . 2009-03-26 11:09 . 2009-03-26 11:09 <DIR> d-------- C:\ERDNT 2009-03-26 09:28 . 2009-03-26 09:27 410,984 --a------ c:\windows\system32\deploytk.dll 2009-03-26 09:28 . 2009-03-26 09:27 73,728 --a------ c:\windows\system32\javacpl.cpl 2009-03-26 09:14 . 2009-03-26 09:14 <DIR> d-------- c:\documents and settings\DOM\DoctorWeb 2009-03-25 09:01 . 2009-03-25 09:01 <DIR> d-------- c:\program files\Trend Micro 2009-03-25 08:28 . 2009-03-25 08:28 580,096 --a--c--- c:\windows\system32\dllcache\user32.dll 2009-03-25 08:25 . 2009-03-26 11:09 <DIR> d-------- c:\windows\ERUNT 2009-03-25 08:12 . 2006-10-11 23:44 55,296 --a------ c:\program files\Seconfig XP.exe 2009-03-25 08:03 . 2009-03-25 08:03 51,232 --a------ c:\program files\wwdc.exe 2009-03-24 10:48 . 2009-03-24 10:48 50,688 --a------ c:\program files\ATF-Cleaner.exe 2009-03-24 08:46 . 2009-03-24 08:58 <DIR> d-------- c:\program files\Wise Registry Cleaner 2009-03-23 19:55 . 2009-03-26 11:48 2,934,692 -ra------ c:\program files\ComboFix.exe 2009-03-22 19:40 . 2009-03-22 19:41 610,304 --a------ c:\program files\TCPOptimizer.exe 2009-03-22 11:43 . 2009-03-22 11:43 <DIR> d-------- c:\program files\SAGEM 2009-03-22 11:33 . 2002-12-09 18:24 49,152 --a------ c:\windows\system32\WooDial2000.dll 2009-03-22 11:33 . 2002-12-09 18:24 48,128 --a------ c:\windows\system32\SMMSCRPT.DLL 2009-03-22 11:33 . 2002-12-09 18:24 5,632 --a------ c:\windows\system32\SMMSETUP.DLL 2009-03-22 11:31 . 2009-03-22 11:43 479 --a------ c:\windows\adiras.ini 2009-03-22 10:26 . 2009-03-22 11:38 <DIR> d-------- c:\program files\Wanadoo 2009-03-22 10:26 . 2003-03-04 10:26 9,728 --a------ c:\windows\system32\rnaph.dll 2009-03-20 11:01 . 2009-03-20 11:01 <DIR> d-------- c:\program files\Common Files\IPSPI 2009-03-19 07:34 . 2009-03-19 07:34 <DIR> d-------- c:\program files\A4Tech 2009-03-18 17:31 . 2009-03-18 17:31 <DIR> d-------- c:\program files\CDex_151 2009-03-17 09:06 . 2009-03-19 14:24 <DIR> d-------- c:\program files\Innovative Solutions 2009-03-16 17:40 . 2007-07-03 16:58 106,792 --a------ c:\windows\system32\drivers\sscdmdm.sys 2009-03-16 17:40 . 2007-07-03 16:54 80,552 --a------ c:\windows\system32\drivers\sscdbus.sys 2009-03-16 17:40 . 2007-07-03 16:57 11,944 --a------ c:\windows\system32\drivers\sscdmdfl.sys 2009-03-16 17:40 . 2007-07-03 17:00 9,256 --a------ c:\windows\system32\drivers\sscdwhnt.sys 2009-03-16 17:40 . 2007-07-03 17:00 9,256 --a------ c:\windows\system32\drivers\sscdwh.sys 2009-03-16 17:40 . 2007-07-03 16:56 9,256 --a------ c:\windows\system32\drivers\sscdcmnt.sys 2009-03-16 17:40 . 2007-07-03 16:56 9,256 --a------ c:\windows\system32\drivers\sscdcm.sys 2009-03-15 10:32 . 2009-03-15 10:32 <DIR> d-------- c:\program files\Qwerty - Nauka Pisania 2009-03-13 20:49 . 2009-03-13 20:49 536,576 --a------ c:\windows\system32\splitter.ax 2009-03-13 20:48 . 2009-03-13 20:48 3,144,192 --a------ c:\windows\system32\ffdshow.ax 2009-03-13 20:48 . 2009-03-13 20:48 246,784 --a------ c:\windows\system32\dxr.dll 2009-03-13 20:46 . 2009-03-13 20:46 1,388,966 --a------ c:\windows\system32\ffmpegmt.dll 2009-03-13 20:45 . 2009-03-13 20:45 557,451 --a------ c:\windows\system32\libmplayer.dll 2009-03-13 20:44 . 2009-03-13 20:44 4,421,889 --a------ c:\windows\system32\libavcodec.dll 2009-03-13 15:30 . 2009-03-15 22:56 <DIR> d-------- c:\program files\Unlocker 2009-03-13 10:34 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll 2009-03-13 10:34 . 2008-10-16 14:06 208,744 --a------ c:\windows\system32\muweb.dll 2009-03-13 10:34 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui 2009-03-12 14:39 . 2009-03-12 16:50 <DIR> d-------- c:\documents and settings\DOM\Tracing 2009-03-12 14:11 . 2009-03-12 14:11 <DIR> d-------- c:\program files\Common Files\Windows Live 2009-03-11 20:44 . 2009-03-11 21:03 <DIR> d-------- c:\program files\MySpace 2009-03-11 20:44 . 2009-03-11 20:44 <DIR> d-------- c:\documents and settings\DOM\Dane aplikacji\MySpace 2009-03-11 11:03 . 2009-03-11 11:03 <DIR> d-------- c:\documents and settings\DOM\Dane aplikacji\Broad Intelligence 2009-03-11 10:53 . 2009-03-11 10:53 <DIR> d-------- c:\documents and settings\DOM\Dane aplikacji\OpenCandy 2009-03-11 10:52 . 2009-03-22 20:10 <DIR> d-------- c:\program files\MediaCoder 2009-03-11 10:06 . 2009-03-18 09:56 <DIR> d-------- c:\program files\Winamp 2009-03-10 11:17 . 2009-03-10 13:55 <DIR> d-------- c:\program files\ALLPlayer 2009-03-10 10:23 . 2009-03-10 10:23 795,648 --a------ c:\windows\system32\xvidcore.dll 2009-03-10 10:23 . 2009-03-10 10:23 487,936 --a------ c:\windows\system32\madFlac.ax 2009-03-10 10:23 . 2009-03-10 10:23 130,048 --a------ c:\windows\system32\xvidvfw.dll 2009-03-10 10:23 . 2009-03-10 10:23 118,784 --a------ c:\windows\system32\ac3acm.acm 2009-03-10 10:22 . 2009-03-10 10:22 901,120 --a------ c:\windows\system32\MpaDecFilter.ax 2009-03-10 10:22 . 2009-03-10 10:22 688,128 --a------ c:\windows\system32\mmamr.ax 2009-03-10 10:22 . 2009-03-10 10:22 348,160 --a------ c:\windows\system32\MpaSplitter.ax 2009-03-10 10:22 . 2009-03-10 10:22 348,160 --a------ c:\windows\system32\CoreVorbis.ax 2009-03-10 10:22 . 2009-03-10 10:22 258,048 --a------ c:\windows\system32\libFLAC.dll 2009-03-10 10:21 . 2009-03-10 10:21 892,928 --a------ c:\windows\system32\iconv.dll 2009-03-10 10:21 . 2009-03-10 10:21 860,160 --a------ c:\windows\system32\lameACM.acm 2009-03-10 10:21 . 2009-03-10 10:21 675,840 --a------ c:\windows\system32\ac3filter.ax 2009-03-10 10:21 . 2009-03-10 10:21 177,152 --a------ c:\windows\system32\MonkeySource.ax 2009-03-10 10:20 . 2009-03-10 10:20 1,291,776 --a------ c:\windows\system32\quartzXP.dll 2009-03-10 10:20 . 2009-03-10 10:20 507,904 --a------ c:\windows\system32\MP4Splitter.ax 2009-03-10 10:20 . 2009-03-10 10:20 319,488 --a------ c:\windows\system32\CoreAAC.ax 2009-03-10 10:20 . 2009-03-13 20:48 163,840 --a------ c:\windows\system32\ts.dll 2009-03-10 10:20 . 2009-03-10 10:20 159,744 --a------ c:\windows\system32\mmfinfo.dll 2009-03-10 10:20 . 2009-03-13 20:48 148,480 --a------ c:\windows\system32\mkx.dll 2009-03-10 10:20 . 2009-03-13 20:48 141,312 --a------ c:\windows\system32\mp4.dll 2009-03-10 10:20 . 2009-03-13 20:48 120,832 --a------ c:\windows\system32\ogm.dll 2009-03-10 10:20 . 2009-03-13 20:48 108,032 --a------ c:\windows\system32\avi.dll 2009-03-10 10:20 . 2009-03-13 20:48 79,360 --a------ c:\windows\system32\mkzlib.dll 2009-03-10 10:20 . 2009-03-10 10:20 75,264 --a------ c:\windows\system32\MACDec.dll 2009-03-10 10:20 . 2009-03-10 10:20 23,552 --a------ c:\windows\system32\mkunicode.dll 2009-03-10 10:19 . 2009-03-13 20:45 145,081 --a------ c:\windows\system32\libmpeg2_ff.dll 2009-03-10 10:19 . 2009-03-13 20:46 547 --a------ c:\windows\system32\ffdshow.ax.manifest 2009-03-10 10:18 . 2009-03-13 20:42 98,304 --a------ c:\windows\system32\ff_wmv9.dll 2009-03-10 10:17 . 2009-03-13 20:42 486,400 --a------ c:\windows\system32\ff_libfaad2.dll 2009-03-10 10:17 . 2009-03-13 20:42 257,024 --a------ c:\windows\system32\ff_libdts.dll 2009-03-10 10:17 . 2009-03-13 20:42 183,296 --a------ c:\windows\system32\ff_samplerate.dll 2009-03-10 10:17 . 2009-03-13 20:42 178,688 --a------ c:\windows\system32\ff_libmad.dll 2009-03-10 10:17 . 2009-03-13 20:42 142,848 --a------ c:\windows\system32\ff_liba52.dll 2009-03-10 10:17 . 2009-03-13 20:42 113,152 --a------ c:\windows\system32\ff_unrar.dll 2009-03-10 10:16 . 2009-03-10 10:16 1,415,680 --a------ c:\windows\system32\WMV9VCM.dll 2009-03-10 10:16 . 2009-03-10 10:16 921,600 --a------ c:\windows\system32\vorbisenc.dll 2009-03-10 10:16 . 2009-03-10 10:16 237,568 --a------ c:\windows\system32\OggDS.dll 2009-03-10 10:16 . 2009-03-10 10:16 188,416 --a------ c:\windows\system32\vorbis.dll 2009-03-10 10:16 . 2009-03-10 10:16 45,056 --a------ c:\windows\system32\ogg.dll 2009-03-10 10:15 . 2009-03-10 10:15 873,888 --a------ c:\windows\system32\CLVSD.ax 2009-03-10 10:15 . 2009-03-10 10:15 729,088 --a------ c:\windows\system32\divxdec.ax 2009-03-10 10:15 . 2009-03-10 10:15 417,792 --a------ c:\windows\system32\FLVSplitter.ax 2009-03-10 10:15 . 2009-03-10 10:15 387,584 --a------ c:\windows\system32\MpegSplitter.ax 2009-03-10 10:15 . 2009-03-10 10:15 245,760 --a------ c:\windows\system32\mplvpx.dll 2009-03-10 10:15 . 2009-03-10 10:15 106,496 --a------ c:\windows\system32\lmpgspl.ax 2009-03-10 10:15 . 2009-03-10 10:15 94,208 --a------ c:\windows\system32\lmpgvd.ax 2009-03-10 10:14 . 2009-03-10 10:14 524,288 --a------ c:\windows\system32\DivXsm.exe 2009-03-10 10:14 . 2009-03-10 10:14 77,824 --a------ c:\windows\system32\xvid.ax 2009-03-10 10:14 . 2009-03-10 10:14 69,632 --a------ c:\windows\system32\divxconfig.exe 2009-03-10 10:14 . 2009-03-10 10:14 4,816 --a------ c:\windows\system32\divxsm.tlb 2009-03-09 12:48 . 2009-03-09 12:48 0 --a------ c:\windows\WinPM.INI 2009-03-09 12:47 . 2009-03-09 12:47 <DIR> d-------- c:\program files\Paragon Software 2009-03-09 12:47 . 2004-09-03 10:53 3,870,720 --a------ c:\windows\system32\qt-mt323.dll 2009-03-09 12:47 . 2003-10-07 18:08 6,656 --a------ c:\windows\system32\WnASPI32.dll 2009-03-09 03:00 . 2009-03-09 03:00 <DIR> d-------- c:\program files\MSXML 4.0 2009-03-07 18:25 . 2009-03-16 18:14 <DIR> d-------- c:\documents and settings\DOM\Dane aplikacji\Samsung 2009-03-07 16:56 . 2006-05-03 22:53 174,592 --a------ c:\windows\system32\framedyn.dll 2009-03-07 16:55 . 2009-03-16 17:57 5,632 --a------ c:\windows\system32\drivers\StarOpen.sys 2009-03-07 16:53 . 2009-03-16 17:40 <DIR> d-------- c:\windows\system32\Samsung_USB_Drivers 2009-03-06 14:57 . 2009-03-06 14:57 <DIR> d-------- c:\program files\Klawiatura 2009-03-06 14:50 . 2009-03-06 15:01 <DIR> d-------- c:\program files\Szybkie Pisanie 2009-03-02 14:44 . 2009-03-02 14:44 37,236 --ah----- c:\windows\system32\mlfcache.dat 2009-03-01 18:19 . 2009-03-26 12:07 2,206 --a------ c:\windows\system32\wpa.dbl . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-03-26 11:07 --------- d-----w c:\documents and settings\DOM\Dane aplikacji\uTorrent 2009-03-26 10:34 --------- d-----w c:\documents and settings\DOM\Dane aplikacji\Skype 2009-03-26 08:27 --------- d-----w c:\program files\Java 2009-03-25 10:48 --------- d-----w c:\program files\Google 2009-03-24 14:17 --------- d-----w c:\documents and settings\DOM\Dane aplikacji\gtk-2.0 2009-03-24 10:20 --------- d-----w c:\documents and settings\DOM\Dane aplikacji\Winamp 2009-03-23 21:58 --------- d---a-w c:\documents and settings\All Users\Dane aplikacji\TEMP 2009-03-23 21:58 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Spybot - Search & Destroy 2009-03-22 10:54 --------- d-----w c:\program files\Lx_cats 2009-03-22 10:43 22 ----a-w c:\windows\system32\drivers\adidsl.cfg 2009-03-22 10:43 --------- d--h--w c:\program files\InstallShield Installation Information 2009-03-21 15:08 --------- d-----w c:\program files\Odkurzacz 2009-03-19 19:31 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Microsoft Help 2009-03-19 13:18 --------- d-----w c:\program files\NAPI-PROJEKT 2009-03-19 12:22 --------- d-----w c:\documents and settings\DOM\Dane aplikacji\Thinstall 2009-03-18 08:19 --------- d-----w c:\documents and settings\DOM\Dane aplikacji\U3 2009-03-16 16:39 --------- d-----w c:\program files\Samsung 2009-03-14 20:38 --------- d-----w c:\documents and settings\DOM\Dane aplikacji\TransEngPol41 2009-03-12 19:32 --------- d-----w c:\documents and settings\DOM\Dane aplikacji\skypePM 2009-03-12 19:02 --------- d-----w c:\program files\eMule 2009-03-12 18:59 --------- d-----w c:\program files\Nokia 2009-03-11 19:16 --------- d-----w c:\program files\uTorrent 2009-03-11 19:09 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Skype 2009-03-11 19:09 --------- d-----r c:\program files\Skype 2009-03-10 10:21 --------- d-----w c:\program files\Real Alternative 2009-03-10 07:32 --------- d-----w c:\documents and settings\DOM\Dane aplikacji\dvdcss 2009-03-03 12:18 --------- d-----w c:\program files\Common Files\Ahead 2009-03-03 12:18 --------- d-----w c:\program files\Ahead 2009-03-03 07:46 --------- d-----w c:\program files\PITy 2009-03-01 18:13 --------- d-----w c:\program files\IrfanView 2009-01-16 12:10 1,213,952 ----a-w c:\program files\BESTplayer.exe 2008-10-29 10:20 4,338,923 ----a-w c:\program files\Klawiatura_wozniak.exe 2008-04-10 13:20 720,482 ----a-w c:\program files\mxClock.exe 2008-04-02 13:19 32 ----a-w c:\documents and settings\All Users\Dane aplikacji\ezsid.dat . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{41F21158-4211-4D32-9E02-D57B19661561}] 2009-01-14 17:54 444416 --a------ c:\progra~1\ALLPLA~1\REDTUB~1.DLL [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "Paseczek"="c:\program files\Paseczek\Paseczek.exe" [2008-03-07 1616384] "mxClock"="c:\program files\mxClock.exe" [2008-04-10 720482] "uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2009-03-01 270128] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-03-11 24095528] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PadTouch"="c:\program files\TOSHIBA\Touch and Launch\PadExe.exe" [2004-11-17 1077327] "Tvs"="c:\program files\TOSHIBA\Tvs\TvsTray.exe" [2004-11-12 73728] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-02-20 1443072] "Zooming"="ZoomingHook.exe" [2004-07-14 c:\windows\system32\ZoomingHook.exe] "TCtryIOHook"="TCtrlIOHook.exe" [2005-02-16 c:\windows\system32\TCtrlIOHook.exe] "TPSMain"="TPSMain.exe" [2005-01-21 c:\windows\system32\TPSMain.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\All Users\Menu Start\Programy\Autostart\ DSLMON.lnk - c:\program files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2009-03-22 962667] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "Msacm.dvacm"= c:\progra~1\COMMON~1\ULEADS~1\vio\dvacm.acm "msacm.mpegacm"= mpegacm.acm "msacm.ulmp3acm"= ulmp3acm.acm "MSACM.CEGSM"= mobilev.acm [HKLM\~\startupfolder\C:^Documents and Settings^DOM^Menu Start^Programy^Autostart^Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk] backup=c:\windows\pss\Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck] c:\windows\system32\dumprep 0 -u [X] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service] --a------ 2007-10-11 17:20 140568 c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor] --a------ 2007-10-12 10:03 905992 c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2008-01-11 21:16 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ALLUpdate] --a------ 2008-11-24 20:44 869888 c:\program files\ALLPlayer\ALLUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint] --a------ 2003-10-31 00:46 192512 c:\program files\Apoint2K\Apoint.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CeEKEY] --a------ 2005-01-21 21:48 675840 c:\program files\TOSHIBA\E-KEY\CeEKey.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CFSServ.exe] --a------ 2004-12-18 00:47 548864 c:\program files\TOSHIBA\ConfigFree\CFSServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla] --a------ 2005-01-14 01:05 122939 c:\windows\system32\dla\tfswctrl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverMax] --a------ 2009-02-10 13:42 5391192 c:\program files\Innovative Solutions\DriverMax\devices.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint] --a------ 2005-06-08 17:19 94208 c:\program files\Lexmark 2300 Series\ezprint.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer] --a------ 2005-05-03 19:20 299008 c:\program files\Lexmark Fax Solutions\fm3032.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent] --a------ 2004-02-24 14:33 401491 c:\program files\Microsoft ActiveSync\wcescomm.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] --a------ 2007-01-13 08:47 163840 c:\windows\system32\hkcmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HWSetup] --a------ 2004-12-23 18:07 28672 c:\program files\TOSHIBA\TOSHIBA Applet\HWSetup.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] --a------ 2007-01-13 08:47 131072 c:\windows\system32\igfxtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IncrediMail] --a------ 2008-11-13 11:59 243072 c:\program files\IncrediMail\bin\IncMail.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxcgmon.exe] --a------ 2005-05-05 00:25 200704 c:\program files\Lexmark 2300 Series\lxcgmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Magentic] --a------ 2008-08-04 09:51 488808 c:\progra~1\Magentic\bin\Magentic.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NDSTray.exe] --a------ 2004-12-17 04:09 933888 c:\program files\TOSHIBA\ConfigFree\NDSTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Odkurzacz-MCD] --a------ 2008-08-16 15:01 264704 c:\program files\Odkurzacz\odk_mcd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray] --a------ 2008-12-03 12:47 1205760 c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence] --a------ 2007-01-13 08:46 135168 c:\windows\system32\igfxpers.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-08-01 17:57 98304 c:\program files\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SVPWUTIL] --a------ 2005-02-25 15:59 65536 c:\program files\TOSHIBA\Windows Utilities\SVPWUTIL.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TFncKy] --a------ 2005-03-29 16:06 118784 c:\program files\TOSHIBA\TOSHIBA Controls\TFncKy.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TOSCDSPD] --a------ 2005-03-02 12:15 65536 c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TOSHIBA Accessibility] --a------ 2004-12-07 21:24 24576 c:\program files\TOSHIBA\Accessibility\FnKeyHook.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPNF] --a------ 2004-11-29 21:06 53248 c:\program files\TOSHIBA\TouchPad\TPTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe] --a------ 2007-10-12 09:57 2611312 c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant] --a------ 2008-05-02 05:15 15872 c:\program files\Unlocker\UnlockerAssistant.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WheelMouse] --a------ 2007-02-10 16:33 188416 c:\program files\A4Tech\Mouse\Amoumain.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] --a------ 2009-03-09 16:49 37888 c:\program files\Winamp\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG] --a------ 2004-10-28 22:37 88363 c:\windows\agrsmmsg.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" "LXCGCATS"=rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\WINDOWS\\system32\\lxcgcoms.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\eMule\\emule.exe"= "c:\\Program Files\\TOSHIBA\\ConfigFree\\CFXFER.exe"= "c:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"= "c:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Gadu-Gadu\\gg.exe"= "c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"= "c:\\Program Files\\IncrediMail\\bin\\ImApp.exe"= "c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"= "c:\\Program Files\\Magentic\\bin\\MgImp.exe"= "c:\\Program Files\\Magentic\\bin\\Magentic.exe"= "c:\\Program Files\\Magentic\\bin\\MgApp.exe"= "c:\\Documents and Settings\\DOM\\Dane aplikacji\\Thinstall\\O&O Defrag Professional\\40000014e00002i\\oodag.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundEchoRequest"= 1 (0x1) R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [2008-07-31 20616] R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-02-20 33800] R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-02-20 472320] R3 Amps2prt;A4Tech PS/2 Port Mouse Driver;c:\windows\system32\drivers\Amps2prt.sys [2007-02-09 14336] S2 gupdate1c9a720ddcbb49b;Google Update Service (gupdate1c9a720ddcbb49b);c:\program files\Google\Update\GoogleUpdate.exe [2009-03-17 133104] S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [2008-12-07 30088] S3 CrystalSysInfo;CrystalSysInfo;\??\c:\program files\MediaCoder\SysInfo.sys --> c:\program files\MediaCoder\SysInfo.sys [?] S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [2008-07-02 26248] . Zawartość folderu 'Zaplanowane zadania' 2009-03-26 c:\windows\Tasks\GoogleUpdateTaskMachine.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-03-17 17:53] . . ------- Skan uzupełniający ------- . uStart Page = hxxp://mystart.magentic.com/english/ uInternet Connection Wizard,ShellNext = "c:\program files\Outlook Express\msimn.exe" IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\DOM\Dane aplikacji\Mozilla\Firefox\Profiles\p6n0hpzx.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - www.pajacyk.pl FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q= FF - component: c:\documents and settings\DOM\Dane aplikacji\Mozilla\Firefox\Profiles\p6n0hpzx.default\extensions\trenpl4ff@kompas.info.pl\components\trenpl4ff.dll FF - component: c:\program files\Google\Google Gears\Firefox\components\gears.dll FF - plugin: c:\program files\Google\Google Earth Plugin\npgeplugin.dll FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll FF - plugin: c:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dll ---- FIREFOX - SPOSÓB POSTĘPOWANIA ---- FF - user.js: network.http.max-connections-per-server - 8 FF - user.js: network.http.max-persistent-connections-per-server - 4 FF - user.js: content.max.tokenizing.time - 1800000 FF - user.js: content.notify.interval - 600000 FF - user.js: content.switch.threshold - 1000000 FF - user.js: nglayout.initialpaint.delay - 600 . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-03-26 12:07:10 Windows 5.1.2600 Dodatek Service Pack 3 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- - - - - - - - > 'lsass.exe'(1084) c:\windows\system32\relog_ap.dll . ------------------------ Pozostałe uruchomione procesy ------------------------ . c:\windows\system32\TPSBattM.exe c:\program files\Common Files\Acronis\Schedule2\schedul2.exe c:\windows\system32\agrsmsvc.exe c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe c:\windows\system32\wdfmgr.exe c:\windows\system32\UTSCSI.EXE c:\windows\system32\wbem\wmiapsrv.exe . ************************************************************************** . Czas ukończenia: 2009-03-26 12:12:21 - komputer został uruchomiony ponownie ComboFix-quarantined-files.txt 2009-03-26 11:12:11 Przed: 19 256 041 472 bajtów wolnych Po: 19,318,673,408 bajtów wolnych 357 --- E O F --- 2009-03-15 08:55:58

i jeszcze log fixIDEef

Kod: Zaznacz wszystko: AppName: explorer.exe AppVer: 6.0.2900.5512 ModName: fun_avcodec.dll ModVer: 0.0.0.0 Offset: 0000301a

**Posty:** 18165 · przez **wojtas** 26 Mar 2009, 19:24

poczytaj to

**Posty:** 14 · przez **Yurek-55** 27 Mar 2009, 09:28

wojtas napisał(a):poczytaj to

Co ma piernik do wiatraka? Przedtem było wszystko dobrze i allplayer się z samsungiem pc studio nie gryzł. Ja tylko porządkowałem rejestry zgodnie z podpowiedziami i wtedy to się zrobiło.

**Posty:** 18165 · przez **wojtas** 27 Mar 2009, 19:34

a to że wywołuje ten blad ten plik: fun_avcodec.dll