Net zamula, wielkie lagi na serwerach

**Posty:** 5 · przez **takise** 10 Sty 2009, 16:31

Kod: Zaznacz wszystko: ComboFix 09-01-08.05 - Dom 2009-01-09 19:09:34.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.639.349 [GMT 1:00] Uruchomiony z: c:\documents and settings\Dom\Pulpit\ComboFix.exe * Utworzono nowy punkt przywracania . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\LocalService\Dane aplikacji\wsnpoem c:\documents and settings\LocalService\Dane aplikacji\wsnpoem\audio.dll c:\documents and settings\NetworkService\Dane aplikacji\wsnpoem c:\documents and settings\NetworkService\Dane aplikacji\wsnpoem\audio.dll c:\program files\FunWebProducts c:\program files\FunWebProducts\ScreenSaver\Images\[u]0[/u]0CB08CF.urr c:\program files\FunWebProducts\Shared\[u]0[/u]0389A72.dat c:\program files\FunWebProducts\Shared\Cache\CursorManiaBtn.html c:\program files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html c:\program files\FunWebProducts\Shared\Cache\WebfettiBtn.html c:\program files\Internet Explorer\msimg32.dll c:\program files\Mozilla Firefox\plugins\NPMyGlSh.dll c:\program files\myglobalsearch c:\program files\myglobalsearch\bar\1.bin\M9FFXTBR.JAR c:\program files\myglobalsearch\bar\1.bin\M9FFXTBR.MANIFEST c:\program files\myglobalsearch\bar\1.bin\M9NTSTBR.JAR c:\program files\myglobalsearch\bar\1.bin\M9NTSTBR.MANIFEST c:\program files\myglobalsearch\bar\1.bin\M9PLUGIN.DLL c:\program files\myglobalsearch\bar\1.bin\MGSBAR.DLL c:\program files\myglobalsearch\bar\1.bin\NPMYGLSH.DLL c:\program files\myglobalsearch\bar\Cache\[u]0[/u]001478A.bin c:\program files\myglobalsearch\bar\Cache\[u]0[/u]0014B23.bin c:\program files\myglobalsearch\bar\Cache\[u]0[/u]0014E77.bin c:\program files\myglobalsearch\bar\Cache\[u]0[/u]0258EB9.bin c:\program files\myglobalsearch\bar\Cache\[u]0[/u]0259035.bin c:\program files\myglobalsearch\bar\Cache\[u]0[/u]0259176.bin c:\program files\myglobalsearch\bar\Cache\[u]0[/u]02C3EB7 c:\program files\myglobalsearch\bar\Cache\files.ini c:\program files\myglobalsearch\bar\History\search c:\program files\myglobalsearch\bar\Settings\prevcfg.htm c:\program files\MyWebSearch c:\program files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL c:\program files\MyWebSearch\bar\1.bin\MWSBAR.DLL c:\program files\MyWebSearch\bar\1.bin\MWSOEMON.EXE c:\program files\MyWebSearch\bar\1.bin\MWSOESTB.DLL c:\program files\MyWebSearch\bar\2.bin\F3BKGERR.JPG c:\program files\MyWebSearch\bar\2.bin\F3CJPEG.DLL c:\program files\MyWebSearch\bar\2.bin\F3DTACTL.DLL c:\program files\MyWebSearch\bar\2.bin\F3HISTSW.DLL c:\program files\MyWebSearch\bar\2.bin\F3HTMLMU.DLL c:\program files\MyWebSearch\bar\2.bin\F3HTTPCT.DLL c:\program files\MyWebSearch\bar\2.bin\F3IMSTUB.DLL c:\program files\MyWebSearch\bar\2.bin\F3POPSWT.DLL c:\program files\MyWebSearch\bar\2.bin\F3PSSAVR.SCR c:\program files\MyWebSearch\bar\2.bin\F3REPROX.DLL c:\program files\MyWebSearch\bar\2.bin\F3RESTUB.DLL c:\program files\MyWebSearch\bar\2.bin\F3SCHMON.EXE c:\program files\MyWebSearch\bar\2.bin\F3SCRCTR.DLL c:\program files\MyWebSearch\bar\2.bin\F3SPACER.WMV c:\program files\MyWebSearch\bar\2.bin\F3WALLPP.DAT c:\program files\MyWebSearch\bar\2.bin\F3WPHOOK.DLL c:\program files\MyWebSearch\bar\2.bin\FWPBUDDY.PNG c:\program files\MyWebSearch\bar\2.bin\M3FFXTBR.JAR c:\program files\MyWebSearch\bar\2.bin\M3FFXTBR.MANIFEST c:\program files\MyWebSearch\bar\2.bin\M3HIGHIN.EXE c:\program files\MyWebSearch\bar\2.bin\M3HTML.DLL c:\program files\MyWebSearch\bar\2.bin\M3IDLE.DLL c:\program files\MyWebSearch\bar\2.bin\M3IMPIPE.EXE c:\program files\MyWebSearch\bar\2.bin\M3MEDINT.EXE c:\program files\MyWebSearch\bar\2.bin\M3MSG.DLL c:\program files\MyWebSearch\bar\2.bin\M3NTSTBR.JAR c:\program files\MyWebSearch\bar\2.bin\M3NTSTBR.MANIFEST c:\program files\MyWebSearch\bar\2.bin\M3OUTLCN.DLL c:\program files\MyWebSearch\bar\2.bin\M3PLUGIN.DLL c:\program files\MyWebSearch\bar\2.bin\M3SKIN.DLL c:\program files\MyWebSearch\bar\2.bin\M3SKPLAY.EXE c:\program files\MyWebSearch\bar\2.bin\M3SLSRCH.EXE c:\program files\MyWebSearch\bar\2.bin\M3SRCHMN.EXE c:\program files\MyWebSearch\bar\2.bin\MWSBAR.DLL c:\program files\MyWebSearch\bar\2.bin\MWSOEMON.EXE c:\program files\MyWebSearch\bar\2.bin\MWSOEPLG.DLL c:\program files\MyWebSearch\bar\2.bin\MWSOESTB.DLL c:\program files\MyWebSearch\bar\2.bin\MWSSVC.EXE c:\program files\MyWebSearch\bar\2.bin\NPMYWEBS.DLL c:\program files\MyWebSearch\bar\Avatar\COMMON.F3S c:\program files\MyWebSearch\bar\Cache\[u]0[/u]00093C0.bin c:\program files\MyWebSearch\bar\Cache\[u]0[/u]0009A8E.bin c:\program files\MyWebSearch\bar\Cache\[u]0[/u]0009C3D.bin c:\program files\MyWebSearch\bar\Cache\[u]0[/u]0027FB5 c:\program files\MyWebSearch\bar\Cache\[u]0[/u]00C3CA1 c:\program files\MyWebSearch\bar\Cache\[u]0[/u]0A15DE8 c:\program files\MyWebSearch\bar\Cache\[u]0[/u]0CB2702.bin c:\program files\MyWebSearch\bar\Cache\[u]0[/u]0CB2900.bin c:\program files\MyWebSearch\bar\Cache\[u]0[/u]0CB2B09.bin c:\program files\MyWebSearch\bar\Cache\[u]0[/u]0CB2CE0.bin c:\program files\MyWebSearch\bar\Cache\[u]0[/u]0EC6F76.bin c:\program files\MyWebSearch\bar\Cache\[u]0[/u]0EC711B.bin c:\program files\MyWebSearch\bar\Cache\files.ini c:\program files\MyWebSearch\bar\Game\CHECKERS.F3S c:\program files\MyWebSearch\bar\Game\CHESS.F3S c:\program files\MyWebSearch\bar\Game\REVERSI.F3S c:\program files\MyWebSearch\bar\History\search3 c:\program files\MyWebSearch\bar\icons\CM.ICO c:\program files\MyWebSearch\bar\icons\MFC.ICO c:\program files\MyWebSearch\bar\icons\PSS.ICO c:\program files\MyWebSearch\bar\icons\SMILEY.ICO c:\program files\MyWebSearch\bar\icons\WB.ICO c:\program files\MyWebSearch\bar\icons\ZWINKY.ICO c:\program files\MyWebSearch\bar\Message\COMMON.F3S c:\program files\MyWebSearch\bar\Notifier\COMMON.F3S c:\program files\MyWebSearch\bar\Notifier\DOG.F3S c:\program files\MyWebSearch\bar\Notifier\FISH.F3S c:\program files\MyWebSearch\bar\Notifier\KUNGFU.F3S c:\program files\MyWebSearch\bar\Notifier\LIFEGARD.F3S c:\program files\MyWebSearch\bar\Notifier\MAID.F3S c:\program files\MyWebSearch\bar\Notifier\MAILBOX.F3S c:\program files\MyWebSearch\bar\Notifier\OPERA.F3S c:\program files\MyWebSearch\bar\Notifier\ROBOT.F3S c:\program files\MyWebSearch\bar\Notifier\SEDUCT.F3S c:\program files\MyWebSearch\bar\Notifier\SURFER.F3S c:\program files\MyWebSearch\bar\Settings\prevcfg2.htm c:\program files\MyWebSearch\bar\Settings\s_pid.dat c:\program files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL c:\program files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL c:\windows\IE4 Error Log.txt c:\windows\system32\f3PSSavr.scr c:\windows\system32\wsnpoem . ((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_FCI -------\Legacy_ICF -------\Legacy_MYWEBSEARCHSERVICE -------\Legacy_POWERMANAGER -------\Service_MyWebSearchService -------\Service_PowerManager ((((((((((((((((((((((((( Pliki utworzone od 2008-12-09 do 2009-01-09 ))))))))))))))))))))))))))))))) . 2009-01-03 16:52 . 2009-01-03 16:52 <DIR> d-------- c:\program files\DAEMON Tools 2009-01-03 16:48 . 2009-01-03 16:48 639,224 --a------ c:\windows\system32\drivers\sptd.sys 2008-12-26 21:55 . 2009-01-09 18:00 <DIR> d-------- c:\program files\Norton Security Scan 2008-12-26 21:55 . 2009-01-09 18:05 <DIR> d-------- c:\program files\Common Files\Symantec Shared 2008-12-26 18:53 . 2008-12-26 18:54 <DIR> d-------- c:\windows\system32\Adobe 2008-12-24 12:00 . 2008-12-24 12:28 <DIR> d-------- C:\Downloads 2008-12-12 22:08 . 2008-12-12 22:08 84 --a------ c:\windows\system32\ikhcore.cfg 2008-12-11 19:26 . 2008-12-11 19:26 <DIR> d---s---- c:\windows\system32\config\systemprofile\UserData 2008-12-11 16:48 . 2008-12-11 16:48 <DIR> dr------- c:\documents and settings\LocalService\Moje dokumenty . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-09 18:13 --------- d---a-w c:\documents and settings\All Users\Dane aplikacji\TEMP 2009-01-09 18:09 --------- d-----w c:\documents and settings\Dom\Dane aplikacji\foobar2000 2009-01-09 17:31 4,000 ----a-w C:\ao.dat 2009-01-07 17:56 --------- d-----w c:\program files\FlashGet 2009-01-05 21:13 --------- d-----w c:\documents and settings\Dom\Dane aplikacji\Skype 2009-01-03 10:32 --------- d-----w c:\documents and settings\Dom\Dane aplikacji\Image Zone Express 2009-01-01 16:28 --------- d-----w c:\program files\Gadu-Gadu 2008-12-13 14:06 14,336 ----a-w c:\windows\system32\svchost.exe 2008-12-12 14:50 --------- d-----w c:\program files\Spyware Doctor 2008-12-10 12:19 135,776 ----a-w c:\windows\system32\drivers\ethcbejj.sys 2008-12-08 18:23 --------- d-----w c:\documents and settings\Dom\Dane aplikacji\HP 2008-11-29 20:24 --------- d-----w c:\program files\Dziobas Rar Player 2008-11-27 13:23 --------- d-----w c:\program files\NAPI-PROJEKT 2008-11-27 13:23 --------- d-----w c:\program files\ALLPlayer 2008-11-22 20:10 --------- d--h--w c:\program files\InstallShield Installation Information 2008-11-22 20:10 --------- d-----w c:\program files\Rockstar Games 2008-11-22 19:53 --------- d-----w c:\program files\Broken Sword II 2008-11-22 19:50 --------- d-----w c:\program files\Common Files\InstallShield 2008-11-15 12:42 --------- d-----w c:\program files\PC Tools Firewall Plus 2008-11-15 12:42 --------- d-----w c:\documents and settings\Dom\Dane aplikacji\PCToolsFirewallPlus 2008-11-15 12:40 --------- d-----w c:\program files\Common Files\PC Tools 2008-11-15 12:36 --------- d-----w c:\documents and settings\Dom\Dane aplikacji\PC Tools 2008-11-10 19:48 --------- d-----w c:\program files\Activision . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360] "Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2008-03-20 2127296] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avast!"="c:\progra~1\Programy\Avast4\ashDisp.exe" [2008-11-26 81000] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 132496] "SiSUSBRG"="c:\windows\SiSUSBrg.exe" [2002-04-26 102400] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "00PCTFW"="c:\program files\PC Tools Firewall Plus\FirewallGUI.exe" [2008-09-26 2652056] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360] c:\documents and settings\All Users\Menu Start\Programy\Autostart\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 288472] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati0npxx.sys] @="Driver" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"= "c:\\Program Files\\Gadu-Gadu\\gg.exe"= "c:\\Program Files\\BearShare\\BearShare.exe"= "c:\\Program Files\\sopcast\\SopCast.exe"= "c:\\Program Files\\sopcast\\adv\\SopAdver.exe"= "c:\\Documents and Settings\\Dom\\Pulpit\\Netsoccer\\Netsoccer\\server.exe"= "c:\\Program Files\\FlashGet\\FlashGet.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-09-27 111184] R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2008-11-15 155880] R3 SiS7012;Service for AC'97 Sample Driver (WDM);c:\windows\system32\drivers\sis7012.sys [2008-09-25 177280] R4 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-09-27 20560] S0 ati0npxx;ati0npxx;c:\windows\system32\Drivers\ati0npxx.sys --> c:\windows\system32\Drivers\ati0npxx.sys [?] S1 ethcbejj;ethcbejj;c:\windows\system32\drivers\ethcbejj.sys [2008-12-08 135776] S3 FWAuth;FWAuth Driver;c:\windows\system32\drivers\FWAuthdriver.sys [2008-11-15 58136] S3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [2008-11-15 95384] S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2008-11-15 356920] . Zawartość folderu 'Zaplanowane zadania' 2009-01-09 c:\windows\Tasks\Norton Security Scan for Dom.job - c:\program files\Norton Security Scan\Nss.exe [2008-09-19 04:18] . - - - - USUNIĘTO PUSTE WPISY - - - - HKLM-Run-MyWebSearch Plugin - c:\progra~1\MYWEBS~1\bar\2.bin\M3PLUGIN.DLL Notify-dczqxlh - dczqxlh.dll . ------- Skan uzupełniający ------- . uStart Page = hxxp://google.bearshare.com/pl IE: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZRfox000 IE: &Ściągnij przy pomocy FlashGet'a - c:\program files\FlashGet\jc_link.htm IE: &Ściągnij wszystko przy pomocy FlashGet'a - c:\program files\FlashGet\jc_all.htm IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Dom\Dane aplikacji\Mozilla\Firefox\Profiles\b0p0qyxy.default\ FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMyGlSh.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMyWebS.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-09 19:13:03 Windows 5.1.2600 Dodatek Service Pack 2 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** . ------------------------ Pozostałe uruchomione procesy ------------------------ . c:\program files\Programy\Avast4\aswUpdSv.exe c:\program files\Programy\Avast4\ashServ.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\PC Tools Firewall Plus\FWService.exe c:\program files\Programy\Avast4\ashMaiSv.exe c:\program files\Programy\Avast4\ashWebSv.exe c:\program files\HP\Digital Imaging\bin\hpqste08.exe c:\windows\system32\wscntfy.exe c:\windows\system32\HPZipm12.exe . ************************************************************************** . Czas ukończenia: 2009-01-09 19:14:51 - komputer został uruchomiony ponownie ComboFix-quarantined-files.txt 2009-01-09 18:14:48 Przed: 1 176 510 464 bajtów wolnych Po: 1,325,920,256 bajtów wolnych WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect 285

Hijackthis

Kod: Zaznacz wszystko: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:00:46, on 2009-01-09 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Programy\Avast4\aswUpdSv.exe C:\Program Files\Programy\Avast4\ashServ.exe C:\PROGRA~1\Programy\Avast4\ashDisp.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\PC Tools Firewall Plus\FWService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Programy\Avast4\ashMaiSv.exe C:\Program Files\Programy\Avast4\ashWebSv.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe C:\Program Files\Last.fm\LastFM.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Dom\Pulpit\Netsoccer\Netsoccer\netsoccer.exe C:\Program Files\Programy\foobar2000\foobar2000.exe C:\Documents and Settings\Dom\Pulpit\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/pl R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Hacked by Godzilla R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ntos.exe, O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Programy\Avast4\ashDisp.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [MyWebSearch Plugin] rundll32 C:\PROGRA~1\MYWEBS~1\bar\2.bin\M3PLUGIN.DLL,UPF O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\2.bin\MWSBAR.DLL,S O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZRfox000 O8 - Extra context menu item: &Ściągnij przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: &Ściągnij wszystko przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: dczqxlh - dczqxlh.dll (file missing) O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Programy\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Programy\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Programy\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Programy\Avast4\ashWebSv.exe O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwssvc.exe O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Program Files\PC Tools Firewall Plus\FWService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Power Manager (PowerManager) - Unknown owner - C:\WINDOWS\svchost.exe (file missing) O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe -- End of file - 7415 bytes

Jeśli jest możliwość to prosiłbym o pomoc.

**Posty:** 18165 · przez **wojtas** 10 Sty 2009, 18:55

skasuj w hijacku:

R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ntos.exe,
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL
O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL
O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [MyWebSearch Plugin] rundll32 C:\PROGRA~1\MYWEBS~1\bar\2.bin\M3PLUGIN.DLL,UPF
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\2.bin\MWSBAR.DLL,S
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
O20 - Winlogon Notify: dczqxlh - dczqxlh.dll (file missing)
O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwssvc.exe
O23 - Service: Power Manager (PowerManager) - Unknown owner - C:\WINDOWS\svchost.exe (file missing)

Otworz notatnik i wklej w nim to:

File::
C:\ao.dat
E:\ao.dat
D:\ao.dat
c:\windows\system32\drivers\ethcbejj.sys
c:\windows\system32\Drivers\ati0npxx.sys

Registry::
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati0npxx.sys]

Driver::
ati0npxx
ethcbejj

>>Plik>>Zapisz jako... >>> CFScript
Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe
-->

Ma się rozpocząć usuwanie. (i powstanie log).Daj ten log, który powstanie w trakcie usuwania

**Posty:** 5 · przez **takise** 12 Sty 2009, 13:34

Kod: Zaznacz wszystko: ComboFix 09-01-08.05 - Dom 2009-01-12 12:29:56.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.639.289 [GMT 1:00] Uruchomiony z: c:\documents and settings\Dom\Pulpit\ComboFix.exe . ((((((((((((((((((((((((( Pliki utworzone od 2008-12-12 do 2009-01-12 ))))))))))))))))))))))))))))))) . 2009-01-03 16:52 . 2009-01-03 16:52 <DIR> d-------- c:\program files\DAEMON Tools 2009-01-03 16:48 . 2009-01-03 16:48 639,224 --a------ c:\windows\system32\drivers\sptd.sys 2008-12-26 21:55 . 2009-01-09 18:00 <DIR> d-------- c:\program files\Norton Security Scan 2008-12-26 21:55 . 2009-01-09 18:05 <DIR> d-------- c:\program files\Common Files\Symantec Shared 2008-12-26 18:53 . 2008-12-26 18:54 <DIR> d-------- c:\windows\system32\Adobe 2008-12-24 12:00 . 2008-12-24 12:28 <DIR> d-------- C:\Downloads 2008-12-12 22:08 . 2008-12-12 22:08 84 --a------ c:\windows\system32\ikhcore.cfg . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-12 10:24 4,000 ----a-w C:\ao.dat 2009-01-12 09:16 --------- d---a-w c:\documents and settings\All Users\Dane aplikacji\TEMP 2009-01-12 00:30 --------- d-----w c:\documents and settings\Dom\Dane aplikacji\foobar2000 2009-01-10 22:02 --------- d-----w c:\program files\Gadu-Gadu 2009-01-10 13:58 --------- d-----w c:\documents and settings\Dom\Dane aplikacji\Skype 2009-01-07 17:56 --------- d-----w c:\program files\FlashGet 2009-01-03 10:32 --------- d-----w c:\documents and settings\Dom\Dane aplikacji\Image Zone Express 2008-12-13 14:06 14,336 ----a-w c:\windows\system32\svchost.exe 2008-12-12 14:50 --------- d-----w c:\program files\Spyware Doctor 2008-12-10 12:19 135,776 ----a-w c:\windows\system32\drivers\ethcbejj.sys 2008-12-08 18:23 --------- d-----w c:\documents and settings\Dom\Dane aplikacji\HP 2008-11-29 20:24 --------- d-----w c:\program files\Dziobas Rar Player 2008-11-27 13:23 --------- d-----w c:\program files\NAPI-PROJEKT 2008-11-27 13:23 --------- d-----w c:\program files\ALLPlayer 2008-11-22 20:10 --------- d--h--w c:\program files\InstallShield Installation Information 2008-11-22 20:10 --------- d-----w c:\program files\Rockstar Games 2008-11-22 19:53 --------- d-----w c:\program files\Broken Sword II 2008-11-22 19:50 --------- d-----w c:\program files\Common Files\InstallShield 2008-11-15 12:42 --------- d-----w c:\program files\PC Tools Firewall Plus 2008-11-15 12:42 --------- d-----w c:\documents and settings\Dom\Dane aplikacji\PCToolsFirewallPlus 2008-11-15 12:40 --------- d-----w c:\program files\Common Files\PC Tools 2008-11-15 12:36 --------- d-----w c:\documents and settings\Dom\Dane aplikacji\PC Tools . ((((((((((((((((((((((((((((( snapshot@2009-01-09_19.14.02.97 ))))))))))))))))))))))))))))))))))))))))) . + 2009-01-12 09:16:36 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_664.dat . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360] "Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2008-03-20 2127296] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avast!"="c:\progra~1\Programy\Avast4\ashDisp.exe" [2008-11-26 81000] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 132496] "SiSUSBRG"="c:\windows\SiSUSBrg.exe" [2002-04-26 102400] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "00PCTFW"="c:\program files\PC Tools Firewall Plus\FirewallGUI.exe" [2008-09-26 2652056] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360] c:\documents and settings\All Users\Menu Start\Programy\Autostart\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 288472] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati0npxx.sys] @="Driver" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"= "c:\\Program Files\\Gadu-Gadu\\gg.exe"= "c:\\Program Files\\BearShare\\BearShare.exe"= "c:\\Program Files\\sopcast\\SopCast.exe"= "c:\\Program Files\\sopcast\\adv\\SopAdver.exe"= "c:\\Documents and Settings\\Dom\\Pulpit\\Netsoccer\\Netsoccer\\server.exe"= "c:\\Program Files\\FlashGet\\FlashGet.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-09-27 111184] R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2008-11-15 155880] R3 SiS7012;Service for AC'97 Sample Driver (WDM);c:\windows\system32\drivers\sis7012.sys [2008-09-25 177280] R4 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-09-27 20560] S0 ati0npxx;ati0npxx;c:\windows\system32\Drivers\ati0npxx.sys --> c:\windows\system32\Drivers\ati0npxx.sys [?] S1 ethcbejj;ethcbejj;c:\windows\system32\drivers\ethcbejj.sys [2008-12-08 135776] S3 FWAuth;FWAuth Driver;c:\windows\system32\drivers\FWAuthdriver.sys [2008-11-15 58136] S3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [2008-11-15 95384] S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2008-11-15 356920] . Zawartość folderu 'Zaplanowane zadania' 2009-01-09 c:\windows\Tasks\Norton Security Scan for Dom.job - c:\program files\Norton Security Scan\Nss.exe [2008-09-19 04:18] . . ------- Skan uzupełniający ------- . uStart Page = hxxp://google.bearshare.com/pl IE: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZRfox000 IE: &Ściągnij przy pomocy FlashGet'a - c:\program files\FlashGet\jc_link.htm IE: &Ściągnij wszystko przy pomocy FlashGet'a - c:\program files\FlashGet\jc_all.htm IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Dom\Dane aplikacji\Mozilla\Firefox\Profiles\b0p0qyxy.default\ FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMyWebS.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-12 12:31:14 Windows 5.1.2600 Dodatek Service Pack 2 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** . Czas ukończenia: 2009-01-12 12:32:30 ComboFix-quarantined-files.txt 2009-01-12 11:32:26 ComboFix2.txt 2009-01-12 11:26:37 ComboFix3.txt 2009-01-09 18:14:53 Przed: 1 376 190 464 bajtów wolnych Po: 1,368,666,112 bajtów wolnych 134

**Posty:** 18165 · przez **wojtas** 12 Sty 2009, 13:45

Otworz notatnik i wklej w nim to:

Driver::
ati0npxx
ethcbejj

>>Plik>>Zapisz jako... >>> CFScript
Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe
-->

Ma się rozpocząć usuwanie. (i powstanie log).Daj ten log, który powstanie w trakcie usuwania.

1. Ściągnij OTMoveIt i go włacz i odpal go z opcji CleanUp

oraz skasuj folder C:\Qoobox
2. wykonaj optymalizację windowsa
3.sciagnij ATF_Cleaner
zaznacz
Windows Temp
All users Temp
Temporary internet files
Recycle Bin
i wcisnij EMPTY SELECTED
4.Wyłącz przywracanie systemu ( właściwości mój komputer-zakładka przywracanie - wyłącz przywracanie na wszystkich dyskach). Po chwili włącz je powrotem
5.Przeskanuj obszar mojego komputera http://www.kaspersky.pl/virusscanner.html (uruchom przez IE) Daj raport z niego na forum.

i tym:

FixIEDef.

**Posty:** 5 · przez **takise** 12 Sty 2009, 17:54

Jako, że się "przemieściłem" z poprzedniego kompa na inny(stały) mam także inny-nowy problem.

Nie mogę stawiać serwerów to raz. a dwa to to, że internet od czasu do czasu zamula/wyłącza się (dostawca twierdzi, że to z mojej winy). więc chciałbym sprawdzić :]

oto logi:

ComboFix

Kod: Zaznacz wszystko: ComboFix 09-01-11.04 - Admin 2009-01-12 16:21:15.1 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1250.1.1045.18.2047.1221 [GMT 1:00] Uruchomiony z: c:\users\Admin\Desktop\ComboFix.exe AV: avast! antivirus 4.8.1229 [VPS 090108-0] *On-access scanning disabled* (Outdated) * Utworzono nowy punkt przywracania . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\recycled\Recycled c:\users\Admin\AppData\Roaming\BITS c:\users\Admin\AppData\Roaming\BITS\BITS.ini c:\users\Admin\AppData\Roaming\BITS\DHTTable.dat c:\users\Admin\AppData\Roaming\BITS\ProxyList.ini c:\users\Admin\AppData\Roaming\BITS\Torrent\20080923114211.torrent c:\users\Admin\AppData\Roaming\BITS\Torrent\20080923114211.torrent.bits c:\users\Admin\AppData\Roaming\BITS\Torrent\20080923114211.torrent.filelist c:\users\Admin\AppData\Roaming\BITS\Torrent\20080923114211.torrent.hybridlist c:\users\Admin\AppData\Roaming\BITS\Torrent\20080923114211.torrent.seeds c:\users\Admin\AppData\Roaming\BITS\Torrent\20080925160933.torrent c:\users\Admin\AppData\Roaming\BITS\Torrent\20080925160933.torrent.bits c:\users\Admin\AppData\Roaming\BITS\Torrent\20080925160933.torrent.filelist c:\users\Admin\AppData\Roaming\BITS\Torrent\20080925160933.torrent.hybridlist c:\users\Admin\AppData\Roaming\BITS\Torrent\20080925160933.torrent.seeds c:\users\Admin\AppData\Roaming\BITS\Torrent\20080925160939.torrent c:\users\Admin\AppData\Roaming\BITS\Torrent\20080925160939.torrent.bits c:\users\Admin\AppData\Roaming\BITS\Torrent\20080925160939.torrent.filelist c:\users\Admin\AppData\Roaming\BITS\Torrent\20080925160939.torrent.hybridlist c:\users\Admin\AppData\Roaming\BITS\Torrent\20080925160939.torrent.seeds c:\users\Admin\AppData\Roaming\BITS\Torrent\20080925161310.torrent c:\users\Admin\AppData\Roaming\BITS\Torrent\20080925161310.torrent.~tmp c:\users\Admin\AppData\Roaming\BITS\Torrent\20080925161310.torrent.bits c:\users\Admin\AppData\Roaming\BITS\Torrent\20080925161310.torrent.filelist c:\users\Admin\AppData\Roaming\BITS\Torrent\20080925161310.torrent.seeds c:\users\Admin\AppData\Roaming\BITS\Torrent\20080925161816.torrent c:\users\Admin\AppData\Roaming\BITS\Torrent\20080925161816.torrent.filelist c:\users\Admin\AppData\Roaming\BITS\Torrent\20080925162026.torrent c:\users\Admin\AppData\Roaming\BITS\Torrent\20080925162026.torrent.filelist c:\users\Admin\AppData\Roaming\BITS\Torrent\20080925162559.torrent c:\users\Admin\AppData\Roaming\BITS\Torrent\20080925162559.torrent.bits c:\users\Admin\AppData\Roaming\BITS\Torrent\20080925162559.torrent.filelist c:\users\Admin\AppData\Roaming\BITS\Torrent\20080925162559.torrent.seeds c:\users\Admin\AppData\Roaming\BITS\Torrent\20080925205437.torrent c:\users\Admin\AppData\Roaming\BITS\Torrent\20080925205437.torrent.bits c:\users\Admin\AppData\Roaming\BITS\Torrent\20080925205437.torrent.filelist c:\users\Admin\AppData\Roaming\BITS\Torrent\20080925205437.torrent.hybridlist c:\users\Admin\AppData\Roaming\BITS\Torrent\20080925205437.torrent.seeds c:\users\Admin\AppData\Roaming\BITS\Torrent\20080925210151.torrent c:\users\Admin\AppData\Roaming\BITS\Torrent\20080925210151.torrent.bits c:\users\Admin\AppData\Roaming\BITS\Torrent\20080925210151.torrent.filelist c:\users\Admin\AppData\Roaming\BITS\Torrent\20080925210151.torrent.seeds c:\users\Admin\AppData\Roaming\BITS\Torrent\20080925210405.torrent c:\users\Admin\AppData\Roaming\BITS\Torrent\20080925210405.torrent.bits c:\users\Admin\AppData\Roaming\BITS\Torrent\20080925210405.torrent.filelist c:\users\Admin\AppData\Roaming\BITS\Torrent\20080925210405.torrent.seeds c:\users\Admin\AppData\Roaming\BITS\Torrent\20080927013451.torrent c:\users\Admin\AppData\Roaming\BITS\Torrent\20080927013451.torrent.~tmp c:\users\Admin\AppData\Roaming\BITS\Torrent\20080927013451.torrent.bits c:\users\Admin\AppData\Roaming\BITS\Torrent\20080927013451.torrent.filelist c:\users\Admin\AppData\Roaming\BITS\Torrent\20080927013451.torrent.hybridlist c:\users\Admin\AppData\Roaming\BITS\Torrent\20080927013451.torrent.seeds c:\users\Admin\AppData\Roaming\BITS\Torrent\20080927013923.torrent c:\users\Admin\AppData\Roaming\BITS\Torrent\20080927013923.torrent.~tmp c:\users\Admin\AppData\Roaming\BITS\Torrent\20080927013923.torrent.bits c:\users\Admin\AppData\Roaming\BITS\Torrent\20080927013923.torrent.filelist c:\users\Admin\AppData\Roaming\BITS\Torrent\20080927013923.torrent.hybridlist c:\users\Admin\AppData\Roaming\BITS\Torrent\20080927013923.torrent.seeds c:\users\Admin\AppData\Roaming\BITS\Torrent\20080927013930.torrent.hybridlist c:\users\Admin\AppData\Roaming\BITS\Torrent\20081006124331.torrent c:\users\Admin\AppData\Roaming\BITS\Torrent\20081006124331.torrent.~tmp c:\users\Admin\AppData\Roaming\BITS\Torrent\20081006124331.torrent.bits c:\users\Admin\AppData\Roaming\BITS\Torrent\20081006124331.torrent.filelist c:\users\Admin\AppData\Roaming\BITS\Torrent\20081006124331.torrent.hybridlist c:\users\Admin\AppData\Roaming\BITS\Torrent\20081006124331.torrent.seeds c:\users\Admin\AppData\Roaming\BITS\Torrent\20081006124407.torrent c:\users\Admin\AppData\Roaming\BITS\Torrent\20081006124407.torrent.bits c:\users\Admin\AppData\Roaming\BITS\Torrent\20081006124407.torrent.filelist c:\users\Admin\AppData\Roaming\BITS\Torrent\20081006124407.torrent.hybridlist c:\users\Admin\AppData\Roaming\BITS\Torrent\20081006124421.torrent.hybridlist c:\users\Admin\AppData\Roaming\BITS\Torrent\20081006124422.torrent c:\users\Admin\AppData\Roaming\BITS\Torrent\20081006124422.torrent.bits c:\users\Admin\AppData\Roaming\BITS\Torrent\20081006124422.torrent.filelist c:\users\Admin\AppData\Roaming\BITS\Torrent\20081006124422.torrent.hybridlist c:\users\Admin\AppData\Roaming\BITS\Torrent\20081006124422.torrent.seeds c:\users\Admin\AppData\Roaming\BITS\Torrent\20081006165742.torrent c:\users\Admin\AppData\Roaming\BITS\Torrent\20081006165742.torrent.~tmp c:\users\Admin\AppData\Roaming\BITS\Torrent\20081006165742.torrent.bits c:\users\Admin\AppData\Roaming\BITS\Torrent\20081006165742.torrent.filelist c:\users\Admin\AppData\Roaming\BITS\Torrent\20081006165742.torrent.seeds c:\users\Admin\AppData\Roaming\BITS\Torrent\20081006165754.torrent c:\users\Admin\AppData\Roaming\BITS\Torrent\20081006165754.torrent.bits c:\users\Admin\AppData\Roaming\BITS\Torrent\20081006165754.torrent.filelist c:\users\Admin\AppData\Roaming\BITS\Torrent\20081006165754.torrent.hybridlist c:\users\Admin\AppData\Roaming\BITS\Torrent\20081006165754.torrent.seeds c:\users\Admin\AppData\Roaming\BITS\Torrent\20081006165800.torrent c:\users\Admin\AppData\Roaming\BITS\Torrent\20081006165800.torrent.~tmp c:\users\Admin\AppData\Roaming\BITS\Torrent\20081006165800.torrent.bits c:\users\Admin\AppData\Roaming\BITS\Torrent\20081006165800.torrent.filelist c:\users\Admin\AppData\Roaming\BITS\Torrent\20081006165800.torrent.hybridlist c:\users\Admin\AppData\Roaming\BITS\Torrent\20081006165800.torrent.seeds c:\users\Admin\AppData\Roaming\BITS\Torrent\20081006165840.torrent c:\users\Admin\AppData\Roaming\BITS\Torrent\20081006165840.torrent.bits c:\users\Admin\AppData\Roaming\BITS\Torrent\20081006165840.torrent.filelist c:\users\Admin\AppData\Roaming\BITS\Torrent\20081006165840.torrent.hybridlist c:\users\Admin\AppData\Roaming\BITS\Torrent\20081006165840.torrent.seeds c:\users\Admin\AppData\Roaming\BITS\Torrent\20081006170222.torrent c:\users\Admin\AppData\Roaming\BITS\Torrent\20081006170222.torrent.~tmp c:\users\Admin\AppData\Roaming\BITS\Torrent\20081006170222.torrent.bits c:\users\Admin\AppData\Roaming\BITS\Torrent\20081006170222.torrent.filelist c:\users\Admin\AppData\Roaming\BITS\Torrent\20081006170222.torrent.seeds c:\users\Admin\AppData\Roaming\BITS\Torrent\20081007094219.torrent c:\users\Admin\AppData\Roaming\BITS\Torrent\20081007094219.torrent.bits c:\users\Admin\AppData\Roaming\BITS\Torrent\20081007094219.torrent.filelist c:\users\Admin\AppData\Roaming\BITS\Torrent\20081007094219.torrent.hybridlist c:\users\Admin\AppData\Roaming\BITS\Torrent\20081007094219.torrent.seeds c:\users\Admin\AppData\Roaming\BITS\Torrent\20081009010325.torrent c:\users\Admin\AppData\Roaming\BITS\Torrent\20081009010325.torrent.bits c:\users\Admin\AppData\Roaming\BITS\Torrent\20081009010325.torrent.filelist c:\users\Admin\AppData\Roaming\BITS\Torrent\20081009010325.torrent.hybridlist c:\users\Admin\AppData\Roaming\BITS\Torrent\20081009010325.torrent.seeds c:\users\Admin\AppData\Roaming\BITS\Torrent\20081009012740.torrent c:\users\Admin\AppData\Roaming\BITS\Torrent\20081009012740.torrent.bits c:\users\Admin\AppData\Roaming\BITS\Torrent\20081009012740.torrent.filelist c:\users\Admin\AppData\Roaming\BITS\Torrent\20081009012740.torrent.hybridlist c:\users\Admin\AppData\Roaming\BITS\Torrent\20081009012740.torrent.seeds c:\users\Admin\AppData\Roaming\BITS\Torrent\20081009012755.torrent c:\users\Admin\AppData\Roaming\BITS\Torrent\20081009012755.torrent.bits c:\users\Admin\AppData\Roaming\BITS\Torrent\20081009012755.torrent.filelist c:\users\Admin\AppData\Roaming\BITS\Torrent\20081009012755.torrent.hybridlist c:\users\Admin\AppData\Roaming\BITS\Torrent\20081013163546.torrent.hybridlist c:\users\Admin\AppData\Roaming\BITS\Torrent\20081014124408.torrent c:\users\Admin\AppData\Roaming\BITS\Torrent\20081014124408.torrent.bits c:\users\Admin\AppData\Roaming\BITS\Torrent\20081014124408.torrent.filelist c:\users\Admin\AppData\Roaming\BITS\Torrent\20081014124408.torrent.hybridlist c:\users\Admin\AppData\Roaming\BITS\Torrent\20081014124408.torrent.seeds c:\users\Admin\AppData\Roaming\BITS\Torrent\20081014124411.torrent c:\users\Admin\AppData\Roaming\BITS\Torrent\20081014124411.torrent.bits c:\users\Admin\AppData\Roaming\BITS\Torrent\20081014124411.torrent.filelist c:\users\Admin\AppData\Roaming\BITS\Torrent\20081014124413.torrent c:\users\Admin\AppData\Roaming\BITS\Torrent\20081014124413.torrent.bits c:\users\Admin\AppData\Roaming\BITS\Torrent\20081014124413.torrent.filelist c:\users\Admin\AppData\Roaming\BITS\Torrent\20081014124413.torrent.hybridlist c:\users\Admin\AppData\Roaming\BITS\Torrent\20081014124413.torrent.seeds c:\users\Admin\AppData\Roaming\BITS\Torrent\20081014141915.torrent c:\users\Admin\AppData\Roaming\BITS\Torrent\20081014141915.torrent.bits c:\users\Admin\AppData\Roaming\BITS\Torrent\20081014141915.torrent.filelist c:\users\Admin\AppData\Roaming\BITS\Torrent\20081014141915.torrent.hybridlist c:\users\Admin\AppData\Roaming\BITS\Torrent\20081014141915.torrent.seeds c:\users\Admin\AppData\Roaming\BITS\Torrent\20081015223418.torrent.hybridlist c:\users\Admin\AppData\Roaming\BITS\Torrent\20081016000959.torrent c:\users\Admin\AppData\Roaming\BITS\Torrent\20081016000959.torrent.bits c:\users\Admin\AppData\Roaming\BITS\Torrent\20081016000959.torrent.filelist c:\users\Admin\AppData\Roaming\BITS\Torrent\20081016000959.torrent.hybridlist c:\users\Admin\AppData\Roaming\BITS\Torrent\20081016000959.torrent.seeds c:\users\Admin\AppData\Roaming\BITS\Torrent\20081020125345.torrent c:\users\Admin\AppData\Roaming\BITS\Torrent\20081020125345.torrent.bits c:\users\Admin\AppData\Roaming\BITS\Torrent\20081020125345.torrent.filelist c:\users\Admin\AppData\Roaming\BITS\Torrent\20081021003642.torrent c:\users\Admin\AppData\Roaming\BITS\Torrent\20081021003642.torrent.bits c:\users\Admin\AppData\Roaming\BITS\Torrent\20081021003642.torrent.filelist c:\users\Admin\AppData\Roaming\BITS\Torrent\20081021003642.torrent.hybridlist c:\users\Admin\AppData\Roaming\BITS\Torrent\20081021003642.torrent.seeds c:\users\Admin\AppData\Roaming\BITS\Torrent\20081021004256.torrent c:\users\Admin\AppData\Roaming\BITS\Torrent\20081021004256.torrent.bits c:\users\Admin\AppData\Roaming\BITS\Torrent\20081021004256.torrent.filelist c:\users\Admin\AppData\Roaming\BITS\Torrent\20081021004256.torrent.seeds c:\users\Admin\AppData\Roaming\BITS\Torrent\20081021152354.torrent c:\users\Admin\AppData\Roaming\BITS\Torrent\20081021152354.torrent.bits c:\users\Admin\AppData\Roaming\BITS\Torrent\20081021152354.torrent.filelist c:\users\Admin\AppData\Roaming\BITS\Torrent\20081021152354.torrent.hybridlist c:\users\Admin\AppData\Roaming\BITS\Torrent\20081021152354.torrent.seeds c:\users\Admin\AppData\Roaming\BITS\Torrent\20081026230917.torrent c:\users\Admin\AppData\Roaming\BITS\Torrent\20081026230917.torrent.bits c:\users\Admin\AppData\Roaming\BITS\Torrent\20081026230917.torrent.filelist c:\users\Admin\AppData\Roaming\BITS\Torrent\20081026230917.torrent.hybridlist c:\users\Admin\AppData\Roaming\BITS\Torrent\20081026230917.torrent.seeds c:\users\Admin\AppData\Roaming\BITS\Torrent\20081026230922.torrent c:\users\Admin\AppData\Roaming\BITS\Torrent\20081026230922.torrent.bits c:\users\Admin\AppData\Roaming\BITS\Torrent\20081026230922.torrent.filelist c:\users\Admin\AppData\Roaming\BITS\Torrent\20081026230922.torrent.hybridlist c:\users\Admin\AppData\Roaming\BITS\Torrent\20081026230922.torrent.seeds c:\users\Admin\AppData\Roaming\BITS\Torrent\20081027150126.torrent c:\users\Admin\AppData\Roaming\BITS\Torrent\20081027150126.torrent.bits c:\users\Admin\AppData\Roaming\BITS\Torrent\20081027150126.torrent.filelist c:\users\Admin\AppData\Roaming\BITS\Torrent\20081027150126.torrent.hybridlist c:\users\Admin\AppData\Roaming\BITS\Torrent\20081027150126.torrent.seeds c:\users\Admin\AppData\Roaming\BITS\Torrent\20081104013806.torrent c:\users\Admin\AppData\Roaming\BITS\Torrent\20081104013806.torrent.bits c:\users\Admin\AppData\Roaming\BITS\Torrent\20081104013806.torrent.filelist c:\users\Admin\AppData\Roaming\BITS\Torrent\20081104013806.torrent.hybridlist c:\users\Admin\AppData\Roaming\BITS\Torrent\20081104013826.torrent c:\users\Admin\AppData\Roaming\BITS\Torrent\20081104013826.torrent.bits c:\users\Admin\AppData\Roaming\BITS\Torrent\20081104013826.torrent.filelist c:\users\Admin\AppData\Roaming\BITS\Torrent\20081104013826.torrent.hybridlist c:\users\Admin\AppData\Roaming\BITS\Torrent\20081104013837.torrent c:\users\Admin\AppData\Roaming\BITS\Torrent\20081104013837.torrent.bits c:\users\Admin\AppData\Roaming\BITS\Torrent\20081104013837.torrent.filelist c:\users\Admin\AppData\Roaming\BITS\Torrent\20081104013837.torrent.hybridlist c:\users\Admin\AppData\Roaming\BITS\Torrent\20081104013837.torrent.seeds c:\users\Admin\AppData\Roaming\BITS\Torrent\20081104013847.torrent c:\users\Admin\AppData\Roaming\BITS\Torrent\20081104013847.torrent.bits c:\users\Admin\AppData\Roaming\BITS\Torrent\20081104013847.torrent.filelist c:\users\Admin\AppData\Roaming\BITS\Torrent\20081104013847.torrent.hybridlist c:\users\Admin\AppData\Roaming\BITS\Torrent\20081107003557.torrent c:\users\Admin\AppData\Roaming\BITS\Torrent\20081107003557.torrent.bits c:\users\Admin\AppData\Roaming\BITS\Torrent\20081107003557.torrent.filelist c:\users\Admin\AppData\Roaming\BITS\Torrent\20081107003557.torrent.hybridlist c:\users\Admin\AppData\Roaming\BITS\Torrent\20081107003557.torrent.seeds c:\users\Admin\AppData\Roaming\BITS\Torrent\20081107003600.torrent c:\users\Admin\AppData\Roaming\BITS\Torrent\20081107003600.torrent.bits c:\users\Admin\AppData\Roaming\BITS\Torrent\20081107003600.torrent.filelist c:\users\Admin\AppData\Roaming\BITS\Torrent\20081107003600.torrent.hybridlist c:\users\Admin\AppData\Roaming\BITS\Torrent\20081107003600.torrent.seeds c:\users\Admin\AppData\Roaming\BITS\Torrent\20081107003602.torrent c:\users\Admin\AppData\Roaming\BITS\Torrent\20081107003602.torrent.bits c:\users\Admin\AppData\Roaming\BITS\Torrent\20081107003602.torrent.filelist c:\users\Admin\AppData\Roaming\BITS\Torrent\20081107003602.torrent.hybridlist c:\users\Admin\AppData\Roaming\BITS\Torrent\20081107003602.torrent.seeds c:\users\Admin\AppData\Roaming\BITS\Torrent\20081107003605.torrent c:\users\Admin\AppData\Roaming\BITS\Torrent\20081107003605.torrent.bits c:\users\Admin\AppData\Roaming\BITS\Torrent\20081107003605.torrent.filelist c:\users\Admin\AppData\Roaming\BITS\Torrent\20081107003605.torrent.hybridlist c:\users\Admin\AppData\Roaming\BITS\Torrent\20081107003605.torrent.seeds c:\users\Admin\AppData\Roaming\BITS\Torrent\20081111155034.torrent c:\users\Admin\AppData\Roaming\BITS\Torrent\20081111155034.torrent.bits c:\users\Admin\AppData\Roaming\BITS\Torrent\20081111155034.torrent.filelist c:\users\Admin\AppData\Roaming\BITS\Torrent\20081111155034.torrent.seeds c:\users\Admin\AppData\Roaming\BITS\Torrent\20081111155038.torrent c:\users\Admin\AppData\Roaming\BITS\Torrent\20081111155038.torrent.bits c:\users\Admin\AppData\Roaming\BITS\Torrent\20081111155038.torrent.filelist c:\users\Admin\AppData\Roaming\BITS\Torrent\20081111155038.torrent.hybridlist c:\users\Admin\AppData\Roaming\BITS\Torrent\20081111155038.torrent.seeds c:\users\Admin\AppData\Roaming\BITS\Torrent\20081111155042.torrent c:\users\Admin\AppData\Roaming\BITS\Torrent\20081111155042.torrent.bits c:\users\Admin\AppData\Roaming\BITS\Torrent\20081111155042.torrent.filelist c:\users\Admin\AppData\Roaming\BITS\Torrent\20081111155042.torrent.hybridlist c:\users\Admin\AppData\Roaming\BITS\Torrent\20081111155042.torrent.seeds c:\users\Admin\AppData\Roaming\BITS\Torrent\20081111155045.torrent c:\users\Admin\AppData\Roaming\BITS\Torrent\20081111155045.torrent.bits c:\users\Admin\AppData\Roaming\BITS\Torrent\20081111155045.torrent.filelist c:\users\Admin\AppData\Roaming\BITS\Torrent\20081111155045.torrent.seeds c:\users\Admin\AppData\Roaming\BITS\Torrent\20081113153923.torrent c:\users\Admin\AppData\Roaming\BITS\Torrent\20081113153923.torrent.bits c:\users\Admin\AppData\Roaming\BITS\Torrent\20081113153923.torrent.filelist c:\users\Admin\AppData\Roaming\BITS\Torrent\20081113153923.torrent.hybridlist c:\users\Admin\AppData\Roaming\BITS\Torrent\20081113153923.torrent.seeds c:\users\Admin\AppData\Roaming\BITS\Torrent\20081114131954.torrent c:\users\Admin\AppData\Roaming\BITS\Torrent\20081114131954.torrent.bits c:\users\Admin\AppData\Roaming\BITS\Torrent\20081114131954.torrent.filelist c:\users\Admin\AppData\Roaming\BITS\Torrent\20081114131954.torrent.hybridlist c:\users\Admin\AppData\Roaming\BITS\Torrent\20081115131530.torrent c:\users\Admin\AppData\Roaming\BITS\Torrent\20081115131530.torrent.bits c:\users\Admin\AppData\Roaming\BITS\Torrent\20081115131530.torrent.filelist c:\users\Admin\AppData\Roaming\BITS\Torrent\20081115131530.torrent.hybridlist c:\users\Admin\AppData\Roaming\BITS\Torrent\20081115131530.torrent.seeds c:\users\Admin\AppData\Roaming\BITS\Torrent\20081115213619.torrent c:\users\Admin\AppData\Roaming\BITS\Torrent\20081115213619.torrent.bits c:\users\Admin\AppData\Roaming\BITS\Torrent\20081115213619.torrent.filelist c:\users\Admin\AppData\Roaming\BITS\Torrent\20081115213619.torrent.hybridlist c:\users\Admin\AppData\Roaming\BITS\Torrent\20081115213619.torrent.seeds c:\users\Admin\AppData\Roaming\BITS\Torrent\20081123115836.torrent.hybridlist c:\users\Admin\AppData\Roaming\BITS\Torrent\20081123115921.torrent c:\users\Admin\AppData\Roaming\BITS\Torrent\20081123115921.torrent.bits c:\users\Admin\AppData\Roaming\BITS\Torrent\20081123115921.torrent.filelist c:\users\Admin\AppData\Roaming\BITS\Torrent\20081123115921.torrent.hybridlist c:\users\Admin\AppData\Roaming\BITS\Torrent\20081123115921.torrent.seeds c:\users\Admin\AppData\Roaming\BITS\Torrent\20081124123347.torrent c:\users\Admin\AppData\Roaming\BITS\Torrent\20081124123347.torrent.bits c:\users\Admin\AppData\Roaming\BITS\Torrent\20081124123347.torrent.filelist c:\users\Admin\AppData\Roaming\BITS\Torrent\20081124123347.torrent.hybridlist c:\users\Admin\AppData\Roaming\BITS\Torrent\20081124123347.torrent.seeds c:\users\Admin\AppData\Roaming\BITS\Torrent\20081124123351.torrent c:\users\Admin\AppData\Roaming\BITS\Torrent\20081124123351.torrent.bits c:\users\Admin\AppData\Roaming\BITS\Torrent\20081124123351.torrent.filelist c:\users\Admin\AppData\Roaming\BITS\Torrent\20081124123351.torrent.hybridlist c:\users\Admin\AppData\Roaming\BITS\Torrent\20081124123351.torrent.seeds c:\users\Admin\AppData\Roaming\BITS\Torrent\20081124123354.torrent c:\users\Admin\AppData\Roaming\BITS\Torrent\20081124123354.torrent.bits c:\users\Admin\AppData\Roaming\BITS\Torrent\20081124123354.torrent.filelist c:\users\Admin\AppData\Roaming\BITS\Torrent\20081124123354.torrent.hybridlist c:\users\Admin\AppData\Roaming\BITS\Torrent\20081124123354.torrent.seeds c:\users\Admin\AppData\Roaming\BITS\Torrent\20081124123357.torrent c:\users\Admin\AppData\Roaming\BITS\Torrent\20081124123357.torrent.bits c:\users\Admin\AppData\Roaming\BITS\Torrent\20081124123357.torrent.filelist c:\users\Admin\AppData\Roaming\BITS\Torrent\20081124123357.torrent.hybridlist c:\users\Admin\AppData\Roaming\BITS\Torrent\20081124123357.torrent.seeds c:\users\Admin\AppData\Roaming\BITS\Torrent\20081124123359.torrent c:\users\Admin\AppData\Roaming\BITS\Torrent\20081124123359.torrent.bits c:\users\Admin\AppData\Roaming\BITS\Torrent\20081124123359.torrent.filelist c:\users\Admin\AppData\Roaming\BITS\Torrent\20081124123359.torrent.hybridlist c:\users\Admin\AppData\Roaming\BITS\Torrent\20081124123359.torrent.seeds c:\users\Admin\AppData\Roaming\BITS\Torrent\20081124123401.torrent c:\users\Admin\AppData\Roaming\BITS\Torrent\20081124123401.torrent.bits c:\users\Admin\AppData\Roaming\BITS\Torrent\20081124123401.torrent.filelist c:\users\Admin\AppData\Roaming\BITS\Torrent\20081124123401.torrent.hybridlist c:\users\Admin\AppData\Roaming\BITS\Torrent\20081124123401.torrent.seeds c:\users\Admin\AppData\Roaming\BITS\Torrent\20081124123414.torrent c:\users\Admin\AppData\Roaming\BITS\Torrent\20081124123414.torrent.bits c:\users\Admin\AppData\Roaming\BITS\Torrent\20081124123414.torrent.filelist c:\users\Admin\AppData\Roaming\BITS\Torrent\20081124123414.torrent.hybridlist c:\users\Admin\AppData\Roaming\BITS\Torrent\20081124123414.torrent.seeds c:\users\Admin\AppData\Roaming\BITS\Torrent\20081124123418.torrent c:\users\Admin\AppData\Roaming\BITS\Torrent\20081124123418.torrent.bits c:\users\Admin\AppData\Roaming\BITS\Torrent\20081124123418.torrent.filelist c:\users\Admin\AppData\Roaming\BITS\Torrent\20081124123418.torrent.hybridlist c:\users\Admin\AppData\Roaming\BITS\Torrent\20081124123418.torrent.seeds c:\users\Admin\AppData\Roaming\BITS\Torrent\20081124131339.torrent c:\users\Admin\AppData\Roaming\BITS\Torrent\20081124131339.torrent.bits c:\users\Admin\AppData\Roaming\BITS\Torrent\20081124131339.torrent.filelist c:\users\Admin\AppData\Roaming\BITS\Torrent\20081124131339.torrent.hybridlist c:\users\Admin\AppData\Roaming\BITS\Torrent\20081124131339.torrent.seeds c:\users\Admin\AppData\Roaming\BITS\Torrent\20081204111422.torrent c:\users\Admin\AppData\Roaming\BITS\Torrent\20081204111422.torrent.bits c:\users\Admin\AppData\Roaming\BITS\Torrent\20081204111422.torrent.filelist c:\users\Admin\AppData\Roaming\BITS\Torrent\20081204111422.torrent.hybridlist c:\users\Admin\AppData\Roaming\BITS\Torrent\20081204111422.torrent.seeds c:\users\Admin\AppData\Roaming\BITS\Torrent\20081204111636.torrent c:\users\Admin\AppData\Roaming\BITS\Torrent\20081204111636.torrent.bits c:\users\Admin\AppData\Roaming\BITS\Torrent\20081204111636.torrent.filelist c:\users\Admin\AppData\Roaming\BITS\Torrent\20081204111636.torrent.hybridlist c:\users\Admin\AppData\Roaming\BITS\Torrent\20081204111636.torrent.seeds c:\users\Admin\AppData\Roaming\BITS\Torrent\20081207104812.torrent c:\users\Admin\AppData\Roaming\BITS\Torrent\20081207104812.torrent.bits c:\users\Admin\AppData\Roaming\BITS\Torrent\20081207104812.torrent.filelist c:\users\Admin\AppData\Roaming\BITS\Torrent\20081207104812.torrent.hybridlist c:\users\Admin\AppData\Roaming\BITS\Torrent\20081207104812.torrent.seeds c:\users\Admin\AppData\Roaming\BITS\Torrent\20081207104959.torrent c:\users\Admin\AppData\Roaming\BITS\Torrent\20081207104959.torrent.bits c:\users\Admin\AppData\Roaming\BITS\Torrent\20081207104959.torrent.filelist c:\users\Admin\AppData\Roaming\BITS\Torrent\20081207104959.torrent.seeds c:\users\Admin\AppData\Roaming\BITS\Torrent\20081209001126.torrent c:\users\Admin\AppData\Roaming\BITS\Torrent\20081209001126.torrent.~tmp c:\users\Admin\AppData\Roaming\BITS\Torrent\20081209001126.torrent.bits c:\users\Admin\AppData\Roaming\BITS\Torrent\20081209001126.torrent.filelist c:\users\Admin\AppData\Roaming\BITS\Torrent\20081209001126.torrent.hybridlist c:\users\Admin\AppData\Roaming\BITS\Torrent\20081209001126.torrent.seeds c:\users\Admin\AppData\Roaming\BITS\Torrent\20081209001204.torrent c:\users\Admin\AppData\Roaming\BITS\Torrent\20081209001204.torrent.bits c:\users\Admin\AppData\Roaming\BITS\Torrent\20081209001204.torrent.filelist c:\users\Admin\AppData\Roaming\BITS\Torrent\20081209001204.torrent.hybridlist c:\users\Admin\AppData\Roaming\BITS\Torrent\20081209001204.torrent.seeds c:\users\Admin\AppData\Roaming\BITS\Torrent\20081209001214.torrent c:\users\Admin\AppData\Roaming\BITS\Torrent\20081209001214.torrent.bits c:\users\Admin\AppData\Roaming\BITS\Torrent\20081209001214.torrent.filelist c:\users\Admin\AppData\Roaming\BITS\Torrent\20081209001214.torrent.hybridlist c:\users\Admin\AppData\Roaming\BITS\Torrent\20081209001214.torrent.seeds c:\users\Admin\AppData\Roaming\BITS\Torrent\20081209001228.torrent c:\users\Admin\AppData\Roaming\BITS\Torrent\20081209001228.torrent.bits c:\users\Admin\AppData\Roaming\BITS\Torrent\20081209001228.torrent.filelist c:\users\Admin\AppData\Roaming\BITS\Torrent\20081209001228.torrent.hybridlist c:\users\Admin\AppData\Roaming\BITS\Torrent\20081209001228.torrent.seeds c:\users\Admin\AppData\Roaming\BITS\Torrent\20090105023544.torrent c:\users\Admin\AppData\Roaming\BITS\Torrent\20090105023544.torrent.bits c:\users\Admin\AppData\Roaming\BITS\Torrent\20090105023544.torrent.filelist c:\users\Admin\AppData\Roaming\BITS\Torrent\20090105023544.torrent.hybridlist c:\users\Admin\AppData\Roaming\BITS\Torrent\20090105023601.torrent c:\users\Admin\AppData\Roaming\BITS\Torrent\20090105023601.torrent.~tmp c:\users\Admin\AppData\Roaming\BITS\Torrent\20090105023601.torrent.bits c:\users\Admin\AppData\Roaming\BITS\Torrent\20090105023601.torrent.filelist c:\users\Admin\AppData\Roaming\BITS\Torrent\20090105023601.torrent.hybridlist c:\users\Admin\AppData\Roaming\BITS\Torrent\20090105023601.torrent.seeds c:\users\Admin\AppData\Roaming\BITS\Torrent\20090105023609.torrent c:\users\Admin\AppData\Roaming\BITS\Torrent\20090105023609.torrent.~tmp c:\users\Admin\AppData\Roaming\BITS\Torrent\20090105023609.torrent.bits c:\users\Admin\AppData\Roaming\BITS\Torrent\20090105023609.torrent.filelist c:\users\Admin\AppData\Roaming\BITS\Torrent\20090105023609.torrent.hybridlist c:\users\Admin\AppData\Roaming\BITS\Torrent\20090105023609.torrent.seeds c:\users\Admin\AppData\Roaming\BITS\Torrent\20090105023620.torrent c:\users\Admin\AppData\Roaming\BITS\Torrent\20090105023620.torrent.~tmp c:\users\Admin\AppData\Roaming\BITS\Torrent\20090105023620.torrent.bits c:\users\Admin\AppData\Roaming\BITS\Torrent\20090105023620.torrent.filelist c:\users\Admin\AppData\Roaming\BITS\Torrent\20090105023620.torrent.seeds c:\users\Admin\AppData\Roaming\BITS\Torrent\20090105130712.torrent c:\users\Admin\AppData\Roaming\BITS\Torrent\20090105130712.torrent.bits c:\users\Admin\AppData\Roaming\BITS\Torrent\20090105130712.torrent.filelist c:\users\Admin\AppData\Roaming\BITS\Torrent\20090105130712.torrent.hybridlist c:\users\Admin\AppData\Roaming\BITS\Torrent\20090105130712.torrent.seeds c:\users\Admin\AppData\Roaming\BITS\Torrent\20090105151243.torrent c:\users\Admin\AppData\Roaming\BITS\Torrent\20090105151243.torrent.bits c:\users\Admin\AppData\Roaming\BITS\Torrent\20090105151243.torrent.filelist c:\users\Admin\AppData\Roaming\BITS\Torrent\20090105151243.torrent.hybridlist c:\users\Admin\AppData\Roaming\BITS\Torrent\20090105151243.torrent.seeds c:\users\Admin\AppData\Roaming\BITS\Torrent\20090105153714.torrent c:\users\Admin\AppData\Roaming\BITS\Torrent\20090105153714.torrent.bits c:\users\Admin\AppData\Roaming\BITS\Torrent\20090105153714.torrent.filelist c:\users\Admin\AppData\Roaming\BITS\Torrent\20090105153714.torrent.hybridlist c:\users\Admin\AppData\Roaming\BITS\Torrent\20090105153714.torrent.seeds c:\users\Admin\AppData\Roaming\BITS\Torrent\20090108185619.torrent c:\users\Admin\AppData\Roaming\BITS\Torrent\20090108185619.torrent.~tmp c:\users\Admin\AppData\Roaming\BITS\Torrent\20090108185619.torrent.bits c:\users\Admin\AppData\Roaming\BITS\Torrent\20090108185619.torrent.filelist c:\users\Admin\AppData\Roaming\BITS\Torrent\20090108185619.torrent.seeds c:\users\Admin\AppData\Roaming\BITS\Torrent\20090108185732.torrent c:\users\Admin\AppData\Roaming\BITS\Torrent\20090108185732.torrent.~tmp c:\users\Admin\AppData\Roaming\BITS\Torrent\20090108185732.torrent.bits c:\users\Admin\AppData\Roaming\BITS\Torrent\20090108185732.torrent.filelist c:\users\Admin\AppData\Roaming\BITS\Torrent\20090108185732.torrent.hybridlist c:\users\Admin\AppData\Roaming\BITS\Torrent\20090108185732.torrent.seeds c:\users\Admin\AppData\Roaming\BITS\Torrent\20090108185846.torrent c:\users\Admin\AppData\Roaming\BITS\Torrent\20090108185846.torrent.~tmp c:\users\Admin\AppData\Roaming\BITS\Torrent\20090108185846.torrent.bits c:\users\Admin\AppData\Roaming\BITS\Torrent\20090108185846.torrent.filelist c:\users\Admin\AppData\Roaming\BITS\Torrent\20090108185846.torrent.seeds c:\users\Admin\Desktop\Nowy folder\Lan Driver Realtek Ver.5.649.0615.2006\lan_realtek_V5.649.0615.2006\_desktop.ini c:\users\Admin\Desktop\Nowy folder\Lan Driver Realtek Ver.5.649.0615.2006\lan_realtek_V5.649.0615.2006\WIN2000\_desktop.ini c:\users\Admin\Desktop\Nowy folder\Lan Driver Realtek Ver.5.649.0615.2006\lan_realtek_V5.649.0615.2006\WIN98SE\_desktop.ini c:\users\Admin\Desktop\Nowy folder\Lan Driver Realtek Ver.5.649.0615.2006\lan_realtek_V5.649.0615.2006\WINME\_desktop.ini c:\users\Admin\Desktop\Nowy folder\Lan Driver Realtek Ver.5.649.0615.2006\lan_realtek_V5.649.0615.2006\WINXP\_desktop.ini c:\windows\system32\acovcnt.exe . ((((((((((((((((((((((((( Pliki utworzone od 2008-12-12 do 2009-01-12 ))))))))))))))))))))))))))))))) . 2008-12-23 11:28 . 2008-12-23 11:28 <DIR> d-------- c:\users\Admin\AppData\Roaming\ProtectDisc 2008-12-23 11:28 . 2008-12-23 11:28 <DIR> d-------- c:\program files\ProtectDisc Driver Installer 2008-12-23 00:56 . 2008-12-23 00:56 <DIR> d-------- c:\program files\SopCast 2008-12-16 14:34 . 2008-12-16 14:34 <DIR> dr-h----- c:\users\Admin\AppData\Roaming\SecuROM 2008-12-16 14:02 . 2008-12-16 14:02 <DIR> d-------- c:\windows\System32\xlive 2008-12-16 14:02 . 2008-12-16 14:33 <DIR> d-------- c:\program files\Microsoft Games for Windows - LIVE 2008-12-16 13:15 . 2008-12-16 13:15 <DIR> d-------- c:\users\All Users\DAEMON Tools Lite 2008-12-16 13:15 . 2008-12-16 13:15 <DIR> d-------- c:\users\Admin\AppData\Roaming\DAEMON Tools Pro 2008-12-16 13:15 . 2008-12-16 13:15 <DIR> d-------- c:\programdata\DAEMON Tools Lite 2008-12-16 13:14 . 2008-12-16 13:15 <DIR> d-------- c:\users\Admin\AppData\Roaming\DAEMON Tools Lite 2008-12-15 20:26 . 2008-12-15 20:28 69 --a------ c:\windows\NeroDigital.ini . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-09 12:13 --------- d-----w c:\users\Admin\AppData\Roaming\foobar2000 2009-01-08 14:30 --------- d-----w c:\users\Admin\AppData\Roaming\Skype 2009-01-08 14:23 --------- d-----w c:\users\Admin\AppData\Roaming\skypePM 2009-01-05 01:41 --------- d-----w c:\program files\DC++ 2008-12-16 12:22 --------- d--h--w c:\program files\InstallShield Installation Information 2008-12-16 12:15 --------- d-----w c:\users\Admin\AppData\Roaming\DAEMON Tools 2008-12-16 12:15 --------- d-----w c:\program files\DAEMON Tools Toolbar 2008-12-16 12:14 --------- d-----w c:\program files\Programy 2008-12-11 02:10 --------- d-----w c:\program files\Windows Mail 2008-12-09 20:37 --------- d-----w c:\programdata\19308 2008-12-09 20:36 --------- d-----w c:\programdata\37108 2008-12-09 12:45 --------- d-----w c:\users\Admin\AppData\Roaming\SuperMemo World 2008-12-08 14:12 --------- d-----w c:\program files\BearShare Applications 2008-12-05 20:40 --------- d-----w c:\program files\Active ISO Burner 2008-12-03 20:32 --------- d-----w c:\users\Admin\AppData\Roaming\Printer Info Cache 2008-12-03 20:32 --------- d-----w c:\users\Admin\AppData\Roaming\Image Zone Express 2008-12-03 20:30 --------- d-----w c:\programdata\Xerox 2008-11-26 09:34 --------- d-----w c:\users\Admin\AppData\Roaming\Dev-Cpp 2008-11-16 10:32 --------- d-----w c:\programdata\HP 2008-11-15 23:28 279,712 ----a-w c:\windows\system32\drivers\atksgt.sys 2008-11-15 23:28 25,888 ----a-w c:\windows\system32\drivers\lirsgt.sys 2008-11-15 20:57 --------- d-----w c:\users\Admin\AppData\Roaming\HP 2008-11-15 20:57 --------- d-----w c:\programdata\WEBREG 2008-11-15 20:55 --------- d-----w c:\programdata\HPSSUPPLY 2008-11-15 20:55 --------- d-----w c:\program files\HP 2008-11-15 20:55 --------- d-----w c:\program files\Common Files\HP 2008-11-15 20:51 --------- d-----w c:\program files\Hewlett-Packard 2008-11-15 20:51 --------- d-----w c:\program files\Common Files\Hewlett-Packard 2008-11-11 00:25 107,888 ----a-w c:\windows\System32\CmdLineExt.dll 2008-11-11 00:11 3,074 ----a-w c:\windows\System32\ealregsnapshot1.reg 2008-11-08 11:50 103,736 ----a-w c:\windows\System32\PnkBstrB.exe 2008-11-01 03:44 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll 2008-11-01 03:44 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll 2008-11-01 03:44 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll 2008-11-01 03:44 28,672 ----a-w c:\windows\System32\Apphlpdm.dll 2008-11-01 03:44 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll 2008-11-01 03:44 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll 2008-11-01 01:21 4,240,384 ----a-w c:\windows\System32\GameUXLegacyGDFs.dll 2008-10-29 06:29 2,927,104 ----a-w c:\windows\explorer.exe 2008-10-28 16:41 14,303,392 ----a-w c:\windows\System32\xlive.dll 2008-10-28 16:41 13,643,936 ----a-w c:\windows\System32\xlivefnt.dll 2008-10-23 21:30 348,160 ----a-w c:\windows\System32\msvcr71.dll 2008-10-22 03:57 241,152 ----a-w c:\windows\System32\PortableDeviceApi.dll 2008-10-22 01:22 2,048 ----a-w c:\windows\System32\tzres.dll 2008-10-21 05:25 296,960 ----a-w c:\windows\System32\gdi32.dll 2008-10-21 05:25 1,645,568 ----a-w c:\windows\System32\connect.dll 2008-10-16 21:13 1,809,944 ----a-w c:\windows\System32\wuaueng.dll 2008-10-16 21:12 561,688 ----a-w c:\windows\System32\wuapi.dll 2008-10-16 21:09 51,224 ----a-w c:\windows\System32\wuauclt.exe 2008-10-16 21:09 43,544 ----a-w c:\windows\System32\wups2.dll 2008-10-16 21:08 34,328 ----a-w c:\windows\System32\wups.dll 2008-10-16 20:56 1,524,736 ----a-w c:\windows\System32\wucltux.dll 2008-10-16 20:55 83,456 ----a-w c:\windows\System32\wudriver.dll 2008-10-16 13:08 162,064 ----a-w c:\windows\System32\wuwebv.dll 2008-10-16 12:56 31,232 ----a-w c:\windows\System32\wuapp.exe 2008-10-16 04:47 827,392 ----a-w c:\windows\System32\wininet.dll 2008-10-03 12:34 56 ---ha-w c:\users\All Users\ezsidmv.dat 2008-10-03 12:34 56 ---ha-w c:\programdata\ezsidmv.dat 2008-01-21 02:43 174 --sha-w c:\program files\desktop.ini . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}] 2008-09-02 15:05 398776 --a------ c:\program files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1] @="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}" [HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}] 2007-06-02 01:08 143360 --a------ c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952] "Gadu-Gadu"="c:\program files\Programy\Gadu-Gadu\gg.exe" [2008-03-20 2127296] "DAEMON Tools Lite"="c:\program files\Programy\DAEMON Tools Lite\daemon.exe" [2008-12-10 216520] "RGSC"="d:\gry\gta4\Rockstar Games Social Club\RGSCLauncher.exe" [2008-12-16 306088] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-09-03 630784] "ASUSTPE"="c:\windows\system32\ASUSTPE.exe" [2007-10-12 106496] "ASUS Camera ScreenSaver"="c:\windows\ASScrProlog.exe" [2008-08-05 37232] "ASUS Screen Saver Protector"="c:\windows\ASScrPro.exe" [2008-08-05 33136] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.l3codecp"= l3codecp.acm "msacm.clmp3enc"= c:\progra~1\CYBERL~1\Power2Go\CLMP3Enc.ACM [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup backupExtension=.CommonStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATKMEDIA] --a------ 2006-11-02 16:27 61440 c:\program files\ASUS\ATK Media\DMedia.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] --a------ 2007-09-20 14:35 202024 c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FlashGet] --a------ 2008-08-19 08:47 1795656 c:\program files\Programy\FlashGet\flashget.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu] --a------ 2008-03-20 11:04 2127296 c:\program files\Programy\Gadu-Gadu\gg.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] --a------ 2006-12-10 21:52 49152 c:\program files\HP\HP Software Update\hpwuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan] --a------ 2007-09-20 08:51 1836328 c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2007-03-01 14:57 153136 c:\program files\Common Files\Nero\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerForPhone] --a------ 2007-08-03 04:52 778240 c:\program files\P4P\P4P.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC] --a------ 2008-01-21 20:17 61440 c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] --a------ 2008-09-23 10:38 171448 c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh] --a------ 2007-12-06 11:12 1029416 c:\program files\Synaptics\SynTP\SynTPEnh.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] --a------ 2008-10-23 22:30 185872 c:\program files\Common Files\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] --------- 2008-09-12 17:45 36352 d:\programy\Winamp\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] --a------ 2008-01-21 03:23 1008184 c:\program files\Windows Defender\MSASCui.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl] --a------ 2008-01-07 09:25 4853760 c:\windows\RtHDVCpl.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{AD2FAAD1-A3DC-43D4-B572-2B958B9F59A1}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{3A0E20EE-0856-4D53-8B9F-5A5E5D82F33E}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "TCP Query User{58D9CAB3-A13D-4DF8-AA1D-A5A1F9D0DC70}c:\\program files\\programy\\gadu-gadu\\gg.exe"= UDP:c:\program files\programy\gadu-gadu\gg.exe:Gadu-Gadu - program główny "UDP Query User{4FC9F3A8-5CCA-49F2-9C65-E501FAC007AB}c:\\program files\\programy\\gadu-gadu\\gg.exe"= TCP:c:\program files\programy\gadu-gadu\gg.exe:Gadu-Gadu - program główny "TCP Query User{B1C2294D-86A5-4C8F-9F05-7170F121ACC4}c:\\program files\\programy\\flashget\\flashget.exe"= UDP:c:\program files\programy\flashget\flashget.exe:flashget "UDP Query User{993990F7-5B7F-4AE0-85DE-BA1732AE3D61}c:\\program files\\programy\\flashget\\flashget.exe"= TCP:c:\program files\programy\flashget\flashget.exe:flashget "TCP Query User{7C82334D-B35A-4F5B-AC4A-2844C937274E}c:\\program files\\programy\\bitcomet\\bitcomet.exe"= UDP:c:\program files\programy\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client "UDP Query User{FDE71529-751E-4ADD-ABB2-F39D74B7FD77}c:\\program files\\programy\\bitcomet\\bitcomet.exe"= TCP:c:\program files\programy\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client "TCP Query User{EB86494A-9B27-4305-AC28-1B36A7DCC105}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "UDP Query User{85691004-4588-40FD-B873-FC8C67B127B5}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "TCP Query User{102A4ECF-82AC-4A78-BD0A-D39D686AAE24}c:\\program files\\programy\\sopcast\\sopcast.exe"= UDP:c:\program files\programy\sopcast\sopcast.exe:SopCast Main Application "UDP Query User{5AB008DF-A51A-4491-8599-14C006B644E6}c:\\program files\\programy\\sopcast\\sopcast.exe"= TCP:c:\program files\programy\sopcast\sopcast.exe:SopCast Main Application "TCP Query User{9F334950-A27D-40DC-98EC-1539595F5780}c:\\program files\\programy\\sopcast\\adv\\sopadver.exe"= UDP:c:\program files\programy\sopcast\adv\sopadver.exe:SopCast Adver "UDP Query User{B29B5E17-E458-434B-9DAD-C9CC46E6813F}c:\\program files\\programy\\sopcast\\adv\\sopadver.exe"= TCP:c:\program files\programy\sopcast\adv\sopadver.exe:SopCast Adver "{AC433F87-96D4-45BE-8FC2-84910B5477CA}"= c:\program files\Skype\Phone\Skype.exe:Skype "TCP Query User{37E4032C-61D6-4CF2-975A-B4145000D402}c:\\program files\\programy\\maxima-5.16.2\\wxmaxima\\wxmaxima.exe"= UDP:c:\program files\programy\maxima-5.16.2\wxmaxima\wxmaxima.exe:wxMaxima "UDP Query User{B82E43F4-9F32-4518-9F4C-D722BF710597}c:\\program files\\programy\\maxima-5.16.2\\wxmaxima\\wxmaxima.exe"= TCP:c:\program files\programy\maxima-5.16.2\wxmaxima\wxmaxima.exe:wxMaxima "TCP Query User{924D890F-4445-4253-AA7D-778621E23632}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox "UDP Query User{65CFFDC9-E9BB-428B-AA0B-108E6FEE5C03}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox "{3A843341-4643-4FFD-8891-32DBCCAF8C0D}"= UDP:d:\gry\COD4\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM) "{5E8F4D49-587D-4DEF-B179-FC672078DC16}"= TCP:d:\gry\COD4\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM) "TCP Query User{FB547EFB-0EB9-4218-B9CB-5E3E559B1008}c:\\program files\\programy\\dc++\\dcplusplus.exe"= UDP:c:\program files\programy\dc++\dcplusplus.exe:DC++ "UDP Query User{64AF174B-10E4-4069-890A-3F21BF7A7F17}c:\\program files\\programy\\dc++\\dcplusplus.exe"= TCP:c:\program files\programy\dc++\dcplusplus.exe:DC++ "TCP Query User{136A35B7-5266-4E97-ADDD-D421BDF0A96F}c:\\users\\admin\\saved games\\netsoccer\\netsoccer\\server.exe"= UDP:c:\users\admin\saved games\netsoccer\netsoccer\server.exe:server.exe "UDP Query User{2D184E40-42A5-4242-9510-501632EB1A98}c:\\users\\admin\\saved games\\netsoccer\\netsoccer\\server.exe"= TCP:c:\users\admin\saved games\netsoccer\netsoccer\server.exe:server.exe "{A1A024F8-C41C-4308-94E5-6E36AC81153D}"= UDP:d:\gry\gta4\Rockstar Games Social Club\RGSCLauncher.exe:Rockstar Games Social Club "{F2584D87-32DF-4719-BE12-3DF980337233}"= TCP:d:\gry\gta4\Rockstar Games Social Club\RGSCLauncher.exe:Rockstar Games Social Club "{D0A1314A-EF76-4FED-9807-95C602E8D497}"= UDP:d:\gry\gta4\gta\Grand Theft Auto IV\LaunchGTAIV.exe:Grand Theft Auto IV "{C5627EE2-8DFB-4DBB-8C52-808D4C626DCF}"= TCP:d:\gry\gta4\gta\Grand Theft Auto IV\LaunchGTAIV.exe:Grand Theft Auto IV [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List] "c:\\Program Files\\Programy\\FlashGet\\FlashGet.exe"= c:\program files\Programy\FlashGet\FlashGet.exe:*:Enabled:Flashget2 "c:\\Program Files\\Programy\\FlashGet\\LiveUpdate.exe"= c:\program files\Programy\FlashGet\LiveUpdate.exe:*:Enabled:FGLiveUpdate "c:\\Program Files\\Programy\\FlashGet\\LiveUpdateEx.exe"= c:\program files\Programy\FlashGet\LiveUpdateEx.exe:*:Enabled:FGLiveUpdateEx R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [2008-11-10 78416] R3 BthAvrcp;Profil AVRCP Bluetooth;c:\windows\System32\drivers\BthAvrcp.sys [2008-08-05 12800] R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\System32\drivers\SiSGB6.sys [2007-06-20 47616] R4 acedrv11;acedrv11;c:\windows\System32\drivers\acedrv11.sys [2008-07-30 277736] R4 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [2008-11-10 20560] R4 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [2008-11-10 51280] --- Inne Uslugi/Sterowniki w Pamieci --- *Deregistered* - sptd [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{033c2b99-895f-11dd-b0d9-0022152b14a3}] \shell\AutoRun\command - G:\setup.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{033c2b9d-895f-11dd-b0d9-0022152b14a3}] \shell\AutoRun\command - H:\Autorun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0de7af97-abe9-11dd-979c-00221513ff84}] \shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe pagefile.sys.vbs [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b38f400a-8edf-11dd-b279-00221513ff84}] \shell\AutoRun\command - I:\yt8a.exe \shell\Explore\Command - I:\yt8a.exe \shell\Open\Command - I:\yt8a.exe [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] "c:\program files\Common Files\LightScribe\LSRunOnce.exe" . Zawartość folderu 'Zaplanowane zadania' 2009-01-12 c:\windows\Tasks\User_Feed_Synchronization-{5798ABEE-F566-46F8-B19C-0A7A85936D9C}.job - c:\windows\system32\msfeedssync.exe [2008-01-21 03:24] . - - - - USUNIĘTO PUSTE WPISY - - - - MSConfigStartUp-EA Core - c:\program files\Electronic Arts\EADM\Core.exe . ------- Skan uzupełniający ------- . uStart Page = hxxp://search.bearshare.com/pl/ uInternet Settings,ProxyOverride = *.local IE: &D&ownload &with BitComet - c:\program files\Programy\BitComet\BitComet.exe/AddLink.htm IE: &D&ownload all video with BitComet - c:\program files\Programy\BitComet\BitComet.exe/AddVideo.htm IE: &D&ownload all with BitComet - c:\program files\Programy\BitComet\BitComet.exe/AddAllLink.htm IE: &Download All by FlashGet - c:\program files\Programy\FlashGet\ComDlls\Bhoall.htm IE: &Download by FlashGet - c:\program files\Programy\FlashGet\ComDlls\Bholink.htm IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 FF - ProfilePath - c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tzdhzi3i.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.pl/ FF - component: c:\program files\DAEMON Tools Toolbar\FirefoxDTT\components\DTToolbarFF.dll FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-12 16:34:32 Windows 6.0.6001 Service Pack 1 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... C:\ADSM_PData_0150 skanowanie pomyślnie ukończone ukryte pliki: 1 ************************************************************************** . Czas ukończenia: 2009-01-12 16:35:51 ComboFix-quarantined-files.txt 2009-01-12 15:35:48 Przed: 53 319 532 544 bajtów wolnych Po: 55,462,195,200 bajtów wolnych 655 --- E O F --- 2009-01-08 23:38:09

Hijackthis

Kod: Zaznacz wszystko: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:15:16, on 2009-01-12 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe C:\Windows\System32\ASUSTPE.exe C:\Windows\ASScrPro.exe C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Programy\Gadu-Gadu\gg.exe C:\Program Files\Programy\DAEMON Tools Lite\daemon.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\ehome\ehmsas.exe C:\Windows\system32\conime.exe C:\Users\Admin\Desktop\HiJackThis.exe C:\Windows\system32\wuauclt.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.bearshare.com/pl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: flashget2 urlcatch - {1F364306-AA45-47B5-9F9D-39A8B94E7EF1} - C:\Program Files\Programy\FlashGet\ComDlls\bhoCATCH.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\Programy\BitComet\tools\BitCometBHO_1.2.6.26.dll O2 - BHO: UrlHelper Class - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe O4 - HKLM\..\Run: [ASUSTPE] C:\Windows\system32\ASUSTPE.exe O4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\Windows\ASScrProlog.exe O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Programy\Gadu-Gadu\gg.exe" /tray O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\Programy\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [RGSC] D:\Gry\gta4\Rockstar Games Social Club\RGSCLauncher.exe /silent O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\Programy\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\Programy\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\Programy\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: &Download All by FlashGet - C:\Program Files\Programy\FlashGet\ComDlls\Bhoall.htm O8 - Extra context menu item: &Download by FlashGet - C:\Program Files\Programy\FlashGet\ComDlls\Bholink.htm O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\Programy\BitComet\tools\BitCometBHO_1.2.6.26.dll/206 (file missing) O13 - Gopher Prefix: O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: ADSM Service (ADSMService) - Unknown owner - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe -- End of file - 7457 bytes

również prosił bym o udzielenie rady.

**Posty:** 18165 · przez **wojtas** 12 Sty 2009, 18:40

skasuj te wpisy:

O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll
O2 - BHO: UrlHelper Class - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll

i pogrubiony folder wywal do kosza...

wklej do notatnika

Windows Registry Editor Version 5.00

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0de7af97-abe9-11dd-979c-00221513ff84}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b38f400a-8edf-11dd-b279-00221513ff84}]

w notatniku u góry>>>plik zapisz jako>>>Zmien rozszerzenie z TXT na Wszystkie pliki *.* >>> Zapisz pod nazwą FIX.REG

Klikasz dwa razy na powstały plik fix i dodajesz go do rejestru....

1. Ściągnij OTMoveIt i go włacz i odpal go z opcji CleanUp

oraz skasuj folder C:\Qoobox
2. wykonaj optymalizację windowsa
3.sciagnij ATF_Cleaner
zaznacz
Windows Temp
All users Temp
Temporary internet files
Recycle Bin
i wcisnij EMPTY SELECTED
4.Wyłącz przywracanie systemu ( właściwości mój komputer-zakładka przywracanie - wyłącz przywracanie na wszystkich dyskach). Po chwili włącz je powrotem
5.Przeskanuj obszar mojego komputera http://www.kaspersky.pl/virusscanner.html (uruchom przez IE) Daj raport z niego na forum.

i tym:

FixIEDef.

**Posty:** 5 · przez **takise** 12 Sty 2009, 19:31

Kaspersky:
nie udało się ściągnąć plików które pozwoliły by przeprowadzić skan;/
ERROR: Nieprawidłowa sygnatura pliku

FixIED:

Kod: Zaznacz wszystko: ******************************************************************************** * * * FixIEDef Log * * Version 1.7.20.7261 * * * ******************************************************************************** Created at 18:18:45 on Monday, January 12, 2009 Time Zone : (GMT+01:00) Sarajewo, Skopie, Warszawa, Zagrzeb Logged On User : Admin Operating System : Microsoft® Windows Vista™ Home Premium Service Pack 1 OS Version : 6.0.6001 System Langauge : Polish Keyboard Layout : Polish Processor : X86 Intel(R) Core(TM)2 Duo CPU T5750 @ 2.00GHz System Drive : C:\ Windows Directory : C:\Windows System Directory : C:\Windows\system32 System Drive Type : Fixed System Drive Status : READY System Drive Label : VistaOS System Drive Size : 119.24 GB System Drive Free : 69.5 GB Total Physical Memory: 2047 MB Free Physical Memory : 1359 MB Total Page File : 2047 MB Free Page File : 3579 MB Total Virtual Memory : 2048 MB Free Virtual Memory : 1946 MB Boot State : Normal boot -------------------------------------------------------------------------------- !!! userinit.exe is Clean !!! -------------------------------------------------------------------------------- !!! Files that have been deleted !!! C:\Windows\system32\actskn45.ocx -------------------------------------------------------------------------------- !!! Directories that have been removed !!! No malicious directories to be removed -------------------------------------------------------------------------------- !!! Registry entries that have been removed !!! No malicious Registry entries found ================================================================================ All Done :) ShadowPuterDude Safe Surfing!!!

**Posty:** 18165 · przez **wojtas** 12 Sty 2009, 19:40

powinno być ok

**Posty:** 5 · przez **takise** 12 Sty 2009, 20:19

w takim razie dzięki;]

z tym, że serwerów nadal stawiać nie mogę...ale liczę się z tym, że to wina nie przestawionych portów w routerze na którego sposobu nie mam..