explorer.exe kaspersky szaleje

**Posty:** 466 · przez **Kenji** 26 Cze 2008, 15:57

Witam, własnie zainstalowałem Kasperskeygo. Od razu zaczął szaleć.

Pokazywał coś takiego. Robiłem pomiń ale co chwile zmieniał się ten numerek. Dałem, że na wszystkie. Przed chwilą było że coś nie tak z svchost.exe . Możecie coś doradzić? Nie wiem co z tym zrobić.

**Posty:** 7956 · przez **Magik** 26 Cze 2008, 16:00

wklej logi z HJT i combofix'a

http://forum.programosy.pl/jak-generujemy-logi-z-combofixa-oraz-dssa-vt95026.html

http://forum.programosy.pl/hijackthis-amp-silent-runners-gtobsuga-i-umieszczanie-vt9452.html

**Posty:** 466 · przez **Kenji** 26 Cze 2008, 16:20

HJT

Kod: Zaznacz wszystko: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:19:35, on 2008-06-26 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Program Files\Executive Software\DiskeeperLite\DKService.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\system32\lxczcoms.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Program Files\Spyware Doctor\sdhelp.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\UAService7.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wuauclt.exe C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE C:\WINDOWS\system32\LVCOMSX.EXE C:\WINDOWS\system32\rundll32.exe C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe C:\Program Files\Lexmark 1200 Series\lxczbmon.exe C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Skype\Plugins\Plugins\1163D2B46CC742E5A3CC9E4157887751\TalkAndWrite.exe C:\Program Files\VDOTool\TBPanel.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe C:\Program Files\Vista Drive Icon\DrvIcon.exe C:\Program Files\PowerISO\PWRISOVM.EXE C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe C:\PROGRA~1\WapSter\WAPSTE~1\AQQ.exe C:\Program Files\DNA\btdna.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Skype\Phone\Skype.exe C:\PROGRA~1\MyPortal\Speed-X\SpeedX.exe C:\Program Files\Skype\Plugin Manager\SkypePM.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe C:\Program Files\Steam\steamapps\SourceMods\Steam.exe C:\Program Files\WapSter\WapSter AQQ\AQQ.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=61005 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=61005 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [lxczbmgr.exe] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe" O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [TalkAndWrite] C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Skype\Plugins\Plugins\1163D2B46CC742E5A3CC9E4157887751\TalkAndWrite.exe /run O4 - HKLM\..\Run: [Gainward] C:\Program Files\VDOTool\TBPanel.exe /A O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [DrvIcon] C:\Program Files\Vista Drive Icon\DrvIcon.exe O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [c0.exe] "C:\aidualc3\c0.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" O4 - HKCU\..\Run: [UberIcon] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe" O4 - HKCU\..\Run: [AQQ] C:\PROGRA~1\WapSter\WAPSTE~1\AQQ.exe O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe" O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SpeedX] C:\PROGRA~1\MyPortal\Speed-X\SpeedX.exe O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-18\..\Run: [Spyware Doctor] (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Spyware Doctor] (User 'Default user') O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Ściągnij przy pomocy FlashGet'a - C:\PROGRA~1\FlashGet\jc_link.htm O8 - Extra context menu item: &Ściągnij wszystko przy pomocy FlashGet'a - C:\PROGRA~1\FlashGet\jc_all.htm O8 - Extra context menu item: Crawler Search - tbr:iemenu O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Statystyki ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll O15 - Trusted Zone: http://www.mks.com.pl O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packages/GSManager.cab O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.12) - http://www.yougamers.com/systeminfo/MSC3.cab O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2/ocx/15035/CTPID.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: lxcz_device - - C:\WINDOWS\system32\lxczcoms.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe -- End of file - 13310 bytes

Za chwile Combo.

**Posty:** 7956 · przez **Magik** 26 Cze 2008, 16:25

to dajesz na fix'a:

Kod: Zaznacz wszystko: O4 - HKLM\..\Run: [c0.exe] "C:\aidualc3\c0.exe" O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe

Autor postu otrzymał pochwałę

**Posty:** 466 · przez **Kenji** 26 Cze 2008, 16:43

Kod: Zaznacz wszystko: ComboFix 08-06-20.4 - Hubert Ziom 2008-06-26 16:25:49.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1575 [GMT 2:00] Running from: C:\Documents and Settings\Hubert Ziom.HUBI\Pulpit\instalki tym\ComboFix.exe * Created a new restore point [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color] . ((((((((((((((((((((((((( Files Created from 2008-05-26 to 2008-06-26 ))))))))))))))))))))))))))))))) . 2008-06-26 15:37 . 2008-06-26 16:11 96,966 --a------ C:\WINDOWS\system32\drivers\klin.dat 2008-06-26 15:37 . 2008-06-26 16:11 88,774 --a------ C:\WINDOWS\system32\drivers\klick.dat 2008-06-26 15:36 . 2008-06-26 15:45 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Kaspersky Lab 2008-06-26 15:36 . 2008-06-26 16:30 489,248 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat 2008-06-26 15:36 . 2008-06-26 16:30 6,688 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat 2008-06-26 15:36 . 2008-06-26 15:39 1,292 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx 2008-06-26 15:36 . 2008-06-26 15:39 1,148 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx 2008-06-26 15:16 . 2008-06-26 15:16 <DIR> d-------- C:\Program Files\Kaspersky Lab 2008-06-26 15:15 . 2008-06-26 15:15 <DIR> d-------- C:\KAV 2008-06-26 14:15 . 2007-11-20 14:13 1,670 --a------ C:\WINDOWS\system32\drivers\avfwot.inf 2008-06-26 01:38 . 2008-06-26 01:38 <DIR> d-------- C:\Documents and Settings\Hubert Ziom.HUBI\Dane aplikacji\AOL 2008-06-26 01:37 . 2008-06-26 01:37 <DIR> d-------- C:\Program Files\Viewpoint 2008-06-26 01:37 . 2008-06-26 01:37 <DIR> d-------- C:\Program Files\Common Files\Nullsoft 2008-06-26 01:37 . 2008-06-26 01:37 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Viewpoint 2008-06-26 01:37 . 2003-01-10 23:13 33,588 -ra------ C:\WINDOWS\system32\drivers\wanatw4.sys 2008-06-26 01:36 . 2008-06-26 01:37 <DIR> d-------- C:\Program Files\Common Files\aolshare 2008-06-26 01:36 . 2008-06-26 01:58 <DIR> d-------- C:\Program Files\Common Files\aol 2008-06-26 01:36 . 2008-06-26 10:46 <DIR> d-------- C:\Program Files\AOL 9.0 2008-06-26 01:36 . 2008-06-26 01:44 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\AOL 2008-06-26 01:16 . 2008-06-26 01:32 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\AOL Downloads 2008-06-24 14:29 . 2008-06-26 01:59 184,320 --a------ C:\WINDOWS\system32\miccyhook.dll 2008-06-17 17:39 . 1999-12-12 19:01 44,032 --------- C:\WINDOWS\system32\CTSVCCDA.EXE 2008-06-17 17:39 . 1999-11-17 19:00 25,088 --------- C:\WINDOWS\system32\CTSVCCTL.EXE 2008-06-17 17:33 . 2008-06-26 15:54 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-06-17 17:33 . 2008-06-17 17:34 1,409 --a------ C:\WINDOWS\QTFont.for 2008-06-16 23:17 . 2008-06-16 23:17 <DIR> d-------- C:\Program Files\Real 2008-06-16 23:17 . 2008-06-16 23:17 <DIR> d-------- C:\Program Files\Common Files\xing shared 2008-06-16 23:09 . 2008-06-16 23:40 <DIR> d-------- C:\Program Files\TVUPlayer 2008-06-16 23:09 . 2008-06-16 23:09 <DIR> d-------- C:\Program Files\TVAnts 2008-06-16 23:09 . 2008-06-16 23:40 <DIR> d-------- C:\Documents and Settings\Hubert Ziom.HUBI\Dane aplikacji\TVU Networks 2008-06-16 23:08 . 2008-06-17 08:11 <DIR> d-------- C:\Program Files\Satellite TV for PC 2008-06-16 23:00 . 2008-06-25 00:13 2,472 --a------ C:\WINDOWS\system32\drivers\fwdrv.err 2008-06-16 22:43 . 2008-06-16 22:43 <DIR> d-------- C:\Program Files\'Full Speed' Internet Booster + Performance Tests 2008-06-16 22:26 . 2008-06-16 22:26 <DIR> d-------- C:\WINDOWS\'Full Speed' Internet Booster + Performance Tests 2008-06-16 22:25 . 2008-06-16 22:43 <DIR> d-------- C:\aidualc3 2008-06-14 21:48 . 2008-06-14 21:48 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy 2008-06-06 09:43 . 2008-06-06 09:43 <DIR> d-------- C:\Program Files\QuickTime 2008-06-04 18:21 . 2008-06-04 18:21 268 --ah----- C:\sqmdata11.sqm 2008-06-04 18:21 . 2008-06-04 18:21 244 --ah----- C:\sqmnoopt11.sqm 2008-05-31 01:20 . 2008-05-31 01:20 268 --ah----- C:\sqmdata10.sqm 2008-05-31 01:20 . 2008-05-31 01:20 244 --ah----- C:\sqmnoopt10.sqm 2008-05-30 23:23 . 2008-05-30 23:23 <DIR> d-------- C:\Documents and Settings\Mama.HAPY2\Dane aplikacji\skypePM 2008-05-29 23:25 . 2008-05-29 23:27 <DIR> d-------- C:\Program Files\Yahoo! 2008-05-29 23:11 . 2008-05-29 23:11 72 --a------ C:\WINDOWS\WB.ini 2008-05-29 22:59 . 2003-02-26 20:27 36,864 --a------ C:\WINDOWS\system32\wbsys.dll 2008-05-29 22:59 . 2005-01-22 18:05 20,480 --a------ C:\WINDOWS\system32\wbload.dll 2008-05-29 20:41 . 2008-05-29 21:02 <DIR> d-------- C:\Program Files\MTA San Andreas 2008-05-26 22:17 . 2008-05-26 22:17 306,432 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe 2008-05-26 21:32 . 2008-05-26 21:32 <DIR> d-------- C:\Documents and Settings\Hubert Ziom.HUBI\Dane aplikacji\TuneUp Software 2008-05-26 21:16 . 2008-05-26 21:16 <DIR> d-------- C:\Program Files\Frets on Fire 2008-05-26 21:16 . 2008-05-26 21:17 <DIR> d-------- C:\Documents and Settings\Hubert Ziom.HUBI\Dane aplikacji\fretsonfire . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-26 14:30 --------- d-----w C:\Documents and Settings\Hubert Ziom.HUBI\Dane aplikacji\Skype 2008-06-26 14:27 --------- d-----w C:\Documents and Settings\Hubert Ziom.HUBI\Dane aplikacji\DNA 2008-06-26 14:18 --------- d-----w C:\Program Files\Driver Cleaner 2008-06-26 14:11 112,144 ----a-w C:\WINDOWS\system32\drivers\kl1.sys 2008-06-26 14:04 --------- d-----w C:\Documents and Settings\Hubert Ziom.HUBI\Dane aplikacji\skypePM 2008-06-26 12:15 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Avira 2008-06-24 16:18 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll 2008-06-24 16:17 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-06-23 12:17 --------- d-----w C:\Program Files\Ubisoft 2008-06-19 19:29 --------- d-----w C:\Program Files\Hide IP Platinum 2008-06-18 09:05 --------- d-----w C:\Program Files\FlashGet 2008-06-17 21:14 --------- d-----w C:\Program Files\Mozilla Thunderbird 2008-06-17 16:19 --------- d-----w C:\Documents and Settings\Hubert Ziom.HUBI\Dane aplikacji\Creative 2008-06-17 15:46 --------- d-----w C:\Program Files\Audible 2008-06-17 15:43 --------- d-----w C:\Program Files\Creative 2008-06-17 15:42 --------- d--h--w C:\Program Files\Creative Installation Information 2008-06-17 15:42 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Creative 2008-06-16 21:17 --------- d-----w C:\Program Files\Common Files\Real 2008-06-16 20:53 --------- d-----w C:\Program Files\Spyware Doctor 2008-06-16 20:53 --------- d-----w C:\Program Files\PC Tools Firewall Plus 2008-06-14 12:38 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys 2008-06-14 12:38 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe 2008-06-11 17:04 22,328 ----a-w C:\Documents and Settings\Hubert Ziom.HUBI\Dane aplikacji\PnkBstrK.sys 2008-06-11 17:03 674,600 ----a-w C:\WINDOWS\system32\pbsvc.exe 2008-06-11 17:03 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe 2008-06-06 10:09 --------- d-----w C:\Program Files\SystemRequirementsLab 2008-06-06 07:48 --------- d-----w C:\Documents and Settings\Hubert Ziom.HUBI\Dane aplikacji\Apple Computer 2008-06-06 07:43 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Apple Computer 2008-05-30 22:53 --------- d-----w C:\Documents and Settings\Mama.HAPY2\Dane aplikacji\Skype 2008-05-29 20:59 --------- d-----w C:\Program Files\Stardock 2008-05-27 18:38 --------- d-----w C:\Program Files\WapSter 2008-05-27 13:44 --------- d-----w C:\Program Files\Fraps 2008-05-25 19:40 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys 2008-05-25 19:40 15,648 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys 2008-05-25 19:40 12,960 ----a-w C:\WINDOWS\system32\drivers\AWRTPD.sys 2008-05-25 19:38 --------- d-----w C:\Program Files\Lavasoft 2008-05-25 19:38 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Lavasoft 2008-05-25 19:37 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-05-25 18:12 --------- d-----w C:\Program Files\Moleskinsoft Clone Remover 2.9 2008-05-25 17:39 --------- d-----w C:\Program Files\Sunbelt Software 2008-05-22 21:50 --------- d-----w C:\Program Files\VS Online 2008-05-22 09:37 --------- d-----w C:\Program Files\PowerISO 2008-05-22 09:20 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\TrackMania 2008-05-19 19:23 --------- d-----w C:\Program Files\Last.fm 2008-05-19 19:23 --------- d-----w C:\Program Files\Gadu-Gadu 2008-05-19 07:35 --------- d-----w C:\Program Files\danny_kay1710 2008-05-17 10:10 --------- d-----w C:\Program Files\SoftprojectGP 2008-05-16 21:22 --------- d-----w C:\Documents and Settings\Hubert Ziom.HUBI\Dane aplikacji\AdobeUM 2008-05-16 19:57 --------- d-----w C:\Program Files\MyPortal 2008-05-16 09:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe 2008-05-13 21:04 --------- d-----w C:\Program Files\Tlen.pl 2008-05-13 21:04 --------- d-----w C:\Documents and Settings\Hubert Ziom.HUBI\Dane aplikacji\BitTorrent 2008-05-13 21:02 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Spybot - Search & Destroy 2008-05-12 14:31 --------- d-----w C:\Program Files\Vista Drive Icon 2008-05-08 19:34 --------- d-----w C:\Program Files\Real Desktop 2008-05-01 14:37 46,936 ----a-w C:\Documents and Settings\Hubert Ziom.HUBI\Dane aplikacji\GDIPFONTCACHEV1.DAT 2008-04-29 18:09 --------- d-----w C:\Documents and Settings\Hubert Ziom.HUBI\Dane aplikacji\teamspeak2 2008-04-27 13:35 --------- d-----w C:\Program Files\Java 2008-04-26 22:02 --------- d-----w C:\Program Files\UrbanTerror 2008-04-09 16:13 1,700,352 ----a-w C:\WINDOWS\system32\gdiplus.dll 2008-04-01 20:50 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE 2008-04-01 20:50 249,856 ------w C:\WINDOWS\Setup1.exe 2008-04-01 13:45 737,280 -c--a-w C:\WINDOWS\iun6002.exe 2008-03-30 21:24 81,920 ----a-w C:\Documents and Settings\Hubert Ziom.HUBI\Dane aplikacji\ezpinst.exe 2008-03-30 21:24 47,360 ----a-w C:\Documents and Settings\Hubert Ziom.HUBI\Dane aplikacji\pcouffin.sys 2008-03-22 10:25 1 ----a-w C:\Documents and Settings\Hubert Ziom.HUBI\SI.bin 2008-02-24 20:46 32 ----a-w C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\ezsid.dat 2006-02-24 17:22 17,144 ----a-w C:\Documents and Settings\Mama.HAPY2\Dane aplikacji\GDIPFONTCACHEV1.DAT 2001-11-23 04:08 712,704 ----a-w C:\WINDOWS\inf\OTHER\AUDIO3D.DLL . ------- Sigcheck ------- 2007-06-13 15:23 976896 e74ef52c79f3347a0b105b0b92bfed38 C:\WINDOWS\explorer.exe 2007-06-13 15:12 1034752 8db0650b211425b9cdb7d1c4a8f6b482 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe 2004-08-04 00:44 975872 196c130d31317fe53de984220b5e13b9 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe 2007-06-13 15:23 976896 e74ef52c79f3347a0b105b0b92bfed38 C:\WINDOWS\system32\dllcache\explorer.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "UberIcon"="C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe" [2006-05-21 09:43 180224] "AQQ"="C:\PROGRA~1\WapSter\WAPSTE~1\AQQ.exe" [2008-05-12 16:25 1209328] "BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-05-08 08:13 289088] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-06 18:21 21898024] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44 15360] "SpeedX"="C:\PROGRA~1\MyPortal\Speed-X\SpeedX.exe" [2006-06-27 14:11 46718] "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472] "DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 11:39 486856] "CTSyncU.exe"="C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-07-17 11:03 868352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Cmaudio"="cmicnfg.cpl,CMICtrlWnd" [] "DataLayer"="C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE" [2004-08-24 14:30 986624] "PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE" [2004-08-17 17:04 148992] "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-10-08 12:52 221184] "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-10-08 13:31 458752] "BluetoothAuthenticationAgent"="bthprops.cpl,,BluetoothAuthenticationAgent" [] "lxczbmgr.exe"="C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe" [2007-02-09 00:55 74672] "FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2007-02-09 00:56 295856] "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2006-05-16 12:58 213936] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-05-16 12:58 86960] "TalkAndWrite"="C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Skype\Plugins\Plugins\1163D2B46CC742E5A3CC9E4157887751\TalkAndWrite.exe" [2008-02-11 20:45 3042816] "Gainward"="C:\Program Files\VDOTool\TBPanel.exe" [2007-10-02 13:19 2165272] "RTHDCPL"="RTHDCPL.EXE" [2007-10-12 10:33 16384512 C:\WINDOWS\RTHDCPL.exe] "ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-05-16 12:58 213936] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920] "DrvIcon"="C:\Program Files\Vista Drive Icon\DrvIcon.exe" [2008-04-13 14:39 49152] "PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2007-04-09 14:23 200704] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24 286720] "c0.exe"="C:\aidualc3\c0.exe" [2007-04-15 16:07 638976] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-06-16 23:17 185896] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Spyware Doctor"="" [] C:\Documents and Settings\Mama.HAPY2\Menu Start\Programy\Autostart\ Last.fm Helper.lnk - C:\Program Files\Last.fm\LastFMHelper.exe [2007-09-16 16:12:25 106496] C:\Documents and Settings\Hubert Ziom.HUBI\Menu Start\Programy\Autostart\ TransBar.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-06-01 21:41:18 65536] UberIcon.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-05-21 09:43:08 180224] Y'z Shadow.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe [2006-05-21 09:43:14 155648] C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\Autostart\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 11:01:04 83360] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "SynchronousMachineGroupPolicy"= 1 (0x1) "SynchronousUserGroupPolicy"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoStrCmpLogical"= 0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "DisableRegistryTools"= 1 (0x1) "NoSMBalloonTip"= 0 (0x0) "MemCheckBoxInRunDlg"= 0 (0x0) "NoAutoTrayNotify"= 0 (0x0) "NoResolveTrack"= 0 (0x0) "NoResolveSearch"= 0 (0x0) "NoWelcomeScreen"= 0 (0x0) "NoRecentDocsNetHood"= 0 (0x0) "ForceClassicControlPanel"= 0 (0x0) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.yv12"= yv12vfw.dll "VIDC.HFYU"= huffyuv.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Start^Programy^Autostart^PalTalk.lnk] backup=C:\WINDOWS\pss\PalTalk.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Hubert Ziom.HUBI^Menu Start^Programy^Autostart^Last.fm Helper.lnk] backup=C:\WINDOWS\pss\Last.fm Helper.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Hubert Ziom.HUBI^Menu Start^Programy^Autostart^RocketDock.lnk] backup=C:\WINDOWS\pss\RocketDock.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start] --a------ 2007-04-18 08:49 50736 C:\Program Files\AOL 9.0\AOL.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] --a------ 2008-04-01 11:39 486856 C:\Program Files\DAEMON Tools Lite\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager] --a------ 2006-09-26 02:52 50736 C:\Program Files\Common Files\AOL\1214436988\ee\AOLSoftware.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Make A Voozie] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2001-07-09 12:50 155648 C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] --a------ 2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "FirewallOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\Program Files\\Gadu-Gadu\\gg.exe"= "C:\\Program Files\\FlashGet\\flashget.exe"= "C:\\Program Files\\Ares\\Ares.exe"= "C:\\Program Files\\Metin2_UK\\metin2.bin"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\WapSter\\AQQ\\AQQ.exe"= "C:\\PROGRA~1\\WapSter\\AQQ\\AQQ.exe"= "C:\\Program Files\\Steam\\steamapps\\SourceMods\\SteamApps\\maxior3\\counter-strike\\hl.exe"= "C:\\Program Files\\Mozilla Firefox\\firefox.exe"= "C:\\WINDOWS\\system32\\dpvsetup.exe"= "C:\\Program Files\\Last.fm\\LastFM.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= "C:\\WINDOWS\\system32\\lxczcoms.exe"= "C:\\Program Files\\uTorrent\\uTorrent.exe"= "C:\\totalcmd\\TOTALCMD.EXE"= "C:\\Program Files\\Tlen.pl\\tlen.exe"= "C:\\Program Files\\Steam\\steamapps\\SourceMods\\Steam.exe"= "C:\\Program Files\\Xfire\\Xfire.exe"= "C:\\Program Files\\Intuwave\\Shared\\mRouterRuntime\\mRouterRuntime.exe"= "C:\\Program Files\\Steam\\steamapps\\SourceMods\\SteamApps\\maxior3\\day of defeat source\\hl2.exe"= "C:\\Program Files\\SHOUTcast\\sc_serv.exe"= "C:\\Program Files\\Steam\\steamapps\\SourceMods\\SteamApps\\maxior3\\dedicated server\\hlds.exe"= "C:\\Program Files\\Steam\\steamapps\\SourceMods\\SteamApps\\maxior3\\condition zero deleted scenes\\hl.exe"= "C:\\Program Files\\Teamspeak2_RC2\\server_windows.exe"= "C:\\Documents and Settings\\All Users.WINDOWS\\Dane aplikacji\\Skype\\Plugins\\Plugins\\289650C9E52C40FE91D947C6D0EB72DA\\rcviewer.exe"= "C:\\Documents and Settings\\All Users.WINDOWS\\Dane aplikacji\\Skype\\Plugins\\Plugins\\289650C9E52C40FE91D947C6D0EB72DA\\remotex.exe"= "C:\\Program Files\\DNA\\btdna.exe"= "C:\\Program Files\\BitTorrent\\bittorrent.exe"= "C:\\Program Files\\Steam\\steamapps\\SourceMods\\SteamApps\\maxior3\\dark messiah might and magic multi-player\\mm.exe"= "C:\\WINDOWS\\system32\\PnkBstrA.exe"= "C:\\WINDOWS\\system32\\PnkBstrB.exe"= "C:\\Program Files\\Steam\\steamapps\\SourceMods\\SteamApps\\common\\trackmania nations forever\\TmForever.exe"= "C:\\Program Files\\Steam\\steamapps\\SourceMods\\SteamApps\\maxior3\\half-life 2 deathmatch\\hl2.exe"= "C:\\Program Files\\Steam\\steamapps\\SourceMods\\SteamApps\\maxior3\\team fortress 2\\hl2.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Steam\\steamapps\\SourceMods\\SteamApps\\farel12\\counter-strike source\\hl2.exe"= "C:\\Program Files\\Steam\\steamapps\\SourceMods\\SteamApps\\farel12\\counter-strike\\hl.exe"= "D:\\Cod4\\iw3mp.exe"= "C:\\Program Files\\Common Files\\aol\\acs\\AOLDial.exe"= "C:\\Program Files\\Common Files\\aol\\acs\\AOLacsd.exe"= "C:\\Program Files\\Common Files\\aol\\1214436988\\ee\\aolsoftware.exe"= "C:\\Program Files\\AOL 9.0\\waol.exe"= "C:\\Program Files\\Common Files\\aol\\TopSpeed\\3.0\\aoltpsd3.exe"= "C:\\Program Files\\Common Files\\aol\\Loader\\aolload.exe"= "C:\\Program Files\\Common Files\\aol\\System Information\\sinf.exe"= "C:\\Program Files\\WapSter\\WapSter AQQ\\AQQ.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "8461:TCP"= 8461:TCP:GoD High Port "8462:TCP"= 8462:TCP:GoD Low Port R1 VRVD302;VRVD302;C:\WINDOWS\system32\DRIVERS\VRVD302.sys [2008-02-24 21:07] R2 lxcz_device;lxcz_device;C:\WINDOWS\system32\lxczcoms.exe [2007-02-09 00:50] R3 dfmirage;dfmirage;C:\WINDOWS\system32\DRIVERS\dfmirage.sys [2005-11-25 18:43] R3 EuMusDesignVirtualAudioCableWdm_sdh;Sandhills Audio Cable;C:\WINDOWS\system32\DRIVERS\vacsdhkd.sys [2008-02-24 22:40] R3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 00:08] S3 AvFlt;Antivirus Filter Driver;C:\WINDOWS\system32\drivers\av5flt.sys [] S3 Boonty Games;Boonty Games;"C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe" [2006-09-02 13:41] S3 hamachi_oem;PlayLinc Adapter;C:\WINDOWS\system32\DRIVERS\gan_adapter.sys [2006-08-29 00:54] S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-05-26 22:17] S3 usbscan;Sterownik skanera USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58] *Newly Created Service* - CATCHME *Newly Created Service* - KL1 . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-26 16:30:16 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mchInjDrv] "ImagePath"="\??\C:\WINDOWS\TEMP\mc22.tmp" . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\system32\lsass.exe -> C:\WINDOWS\system32\xfire_lsp_9028.dll PROCESS: C:\WINDOWS\explorer.exe -> C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon.dll . Completion time: 2008-06-26 16:32:11 ComboFix-quarantined-files.txt 2008-06-26 14:31:42 Pre-Run: 1,759,727,616 bajtów wolnych Post-Run: 1,999,331,328 bajtów wolnych 317 --- E O F --- 2008-05-20 13:36:05

Combo . Dobra, za chwilę zrobie zabiegi. Pytanko: Dobry antyvirus?

**Posty:** 18165 · przez **wojtas** 26 Cze 2008, 17:20

1. Ściągnij OTMoveIt i go włacz i odpal go z opcji CleanUp

2. wykonaj optymalizację windowsa
3.sciagnij ATF_Cleaner
zaznacz
Windows Temp
All users Temp
Temporary internet files
Recycle Bin
i wcisnij EMPTY SELECTED
4.Wyłącz przywracanie systemu ( właściwości mój komputer-zakładka przywracanie - wyłącz przywracanie na wszystkich dyskach). Po chwili włącz je powrotem

kasper jest dobrym antywirusem

Autor postu otrzymał pochwałę

**Posty:** 466 · przez **Kenji** 26 Cze 2008, 17:36

1. Zrobione, tylko reset.
2. Optymalizację zrobię jeszcze raz. Kiedyś robiłem dokładnie z tego twojego poradnika. Tylko pominę to z 2. Sprawdzanie błędów na twardym dysku: . Kiedyś to zrobiłem, wynik był pozytywny, lecz straciłem 3 godziny mojego życia na oglądaniu tv

3. Wszystko wykonany, sir.
4. Dawno wyłączone

Pamiętam jak ktoś mi kazał to wyłączyć aby odzyskać miejsce na dysku. Sądzę, że nie będę mógł włączyć. Zostało mi 2 GB z 50 na dysku. Koniecznie trzeba to uruchomić...?

Co do tego antyvira - Kasper spoko. Ale po tych alertach... no jakoś mnie odpycha. Jakiś inny poprosiłbym

**Posty:** 18165 · przez **wojtas** 26 Cze 2008, 17:39

to nod32 lub avast ;D

**Posty:** 466 · przez **Kenji** 26 Cze 2008, 17:45

Hahahaha xD Avast <lol>

. Dobra spróbuje noda. Zapomniałem o nim

Przystępuje do optymalizacji. Czekam na sprawdzenie loga z CF.

EDIT.

Czysczę TEMP folder i jeden plik nie chce się skasować. ~DFC7F4.tmp . Co robić?

**Posty:** 18165 · przez **wojtas** 26 Cze 2008, 17:54

combo wydaje sie byc czysty, skasuj w awaryjnym

explorer.exe kaspersky szaleje

Explorer.exe Kaspersky szaleje

Kto jest na forum