open(0) - dysk d

[Okocza]

wstaw na forum w odopowednie tagi bo ciezko jest tam go sprawdzic...

[fenek73]

ComboFix 08-04-24.1 - fenek73 2008-04-26 16:56:45.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.286 [GMT 2:00]
Running from: D:\fenek73\Programy\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-03-26 to 2008-04-26 )))))))))))))))))))))))))))))))
.

2008-04-26 16:36 . 2008-04-26 16:40 <DIR> d-------- C:\Program Files\RegCleaner
2008-04-26 15:45 . 2008-04-26 15:45 <DIR> d-------- C:\Documents and Settings\fenek73\Dane aplikacji\Ahead
2008-04-26 15:43 . 2008-04-26 15:43 <DIR> d-------- C:\Program Files\Common Files\Ahead
2008-04-26 15:43 . 2008-04-26 15:43 <DIR> d-------- C:\Program Files\Ahead
2008-04-26 15:43 . 2001-07-06 14:41 569,344 -ra------ C:\WINDOWS\system32\imagr5.dll
2008-04-26 15:43 . 2001-07-06 12:44 544,768 -ra------ C:\WINDOWS\system32\imagx5.dll
2008-04-26 15:43 . 2001-07-06 18:24 283,920 -ra------ C:\WINDOWS\system32\ImagXpr5.dll
2008-04-26 15:43 . 2001-07-09 11:50 155,648 -ra------ C:\WINDOWS\system32\NeroCheck.exe
2008-04-26 15:43 . 2001-06-26 08:15 38,912 -ra------ C:\WINDOWS\system32\picn20.dll
2008-04-26 14:57 . 2001-04-04 14:00 245,760 --------- C:\WINDOWS\system32\DECO_32.DLL
2008-04-26 14:56 . 2008-04-26 16:36 <DIR> d-------- C:\Program Files\WSPWNOUP2006
2008-04-26 14:56 . 1998-11-13 14:10 307,200 --a------ C:\WINDOWS\IsUn0415.exe
2008-04-26 14:54 . 2008-04-26 15:28 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2008-04-26 14:50 . 2008-04-26 14:50 <DIR> d-------- C:\Documents and Settings\fenek73\Dane aplikacji\DAEMON Tools
2008-04-26 14:50 . 2008-04-26 14:50 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-04-26 14:21 . 2008-04-26 14:21 <DIR> dr-hs---- C:\Recycled
2008-04-26 13:57 . 2008-04-26 13:57 <DIR> d-------- C:\Deckard
2008-04-26 13:18 . 2008-04-26 13:18 <DIR> d-------- C:\Documents and Settings\fenek73\Dane aplikacji\Media Player Classic
2008-04-26 13:01 . 2008-03-01 15:02 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-04-26 13:01 . 2007-04-17 11:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-04-26 13:01 . 2007-03-08 07:11 1,036,288 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-04-26 13:01 . 2008-03-01 15:02 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-04-26 13:01 . 2008-03-01 15:02 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-04-26 13:01 . 2008-03-01 15:02 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-04-26 13:01 . 2008-03-01 15:02 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-04-26 13:01 . 2008-03-01 15:02 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-04-26 13:01 . 2008-02-22 12:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-26 13:00 . 2008-04-26 13:02 <DIR> d-------- C:\WINDOWS\system32\pl-pl
2008-04-26 12:39 . 2008-04-26 12:39 <DIR> d-------- C:\Documents and Settings\fenek73\Dane aplikacji\Gadu-Gadu
2008-04-26 12:37 . 2008-04-26 12:37 <DIR> d-------- C:\Program Files\Gadu-Gadu
2008-04-26 12:37 . 2008-04-26 12:40 <DIR> d-------- C:\Documents and Settings\fenek73\Gadu-Gadu
2008-04-26 12:15 . 2008-04-26 12:15 <DIR> d-------- C:\Program Files\XP Codec Pack
2008-04-26 12:15 . 2007-08-18 08:54 380,928 --a------ C:\WINDOWS\system32\ac3filter.acm
2008-04-26 12:12 . 2008-04-26 12:16 <DIR> d-------- C:\Program Files\Winamp
2008-04-26 12:12 . 2008-04-26 12:12 <DIR> d-------- C:\Documents and Settings\fenek73\Dane aplikacji\Winamp
2008-04-26 12:10 . 2008-04-26 12:10 1,169 --a------ C:\WINDOWS\mozver.dat
2008-04-26 12:01 . 2008-04-26 12:01 0 --a------ C:\WINDOWS\nsreg.dat
2008-04-26 11:52 . 2008-04-26 11:52 <DIR> d-------- C:\Documents and Settings\fenek73\Dane aplikacji\ATI
2008-04-26 11:48 . 2008-04-26 11:48 <DIR> d-------- C:\Program Files\SiS7012
2008-04-26 11:47 . 2008-04-26 11:47 <DIR> d-------- C:\Program Files\sisagp
2008-04-26 11:40 . 2008-04-26 12:08 <DIR> d-------- C:\Program Files\MarPlayer
2008-04-26 11:39 . 2008-04-26 13:25 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-04-26 11:39 . 2006-09-06 17:43 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-04-26 11:38 . 2008-04-26 11:47 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2008-04-26 11:38 . 2008-04-26 11:40 <DIR> d-------- C:\Program Files\ATI Technologies
2008-04-26 11:38 . 2006-05-03 11:57 520,192 --------- C:\WINDOWS\system32\ati2sgag.exe
2008-04-26 11:23 . 2008-04-26 11:46 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2008-04-26 11:22 . 2008-04-26 11:22 <DIR> d-------- C:\ATI
2008-04-26 11:05 . 2008-04-26 11:05 <DIR> d-------- C:\Program Files\Windows Defender
2008-04-26 10:43 . 2008-04-26 10:43 13,646 --a------ C:\WINDOWS\system32\wpa.bak
2008-04-25 23:02 . 2006-06-14 11:00 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2008-04-25 23:02 . 2006-06-14 10:47 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2008-04-25 23:02 . 2004-08-04 00:58 4,992 --a------ C:\WINDOWS\system32\drivers\MSPQM.sys
2008-04-25 23:02 . 2004-08-04 01:07 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2008-04-25 23:01 . 2006-06-14 10:47 172,416 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2008-04-25 23:01 . 2006-02-15 02:22 142,464 --a------ C:\WINDOWS\system32\drivers\aec.sys
2008-04-25 23:01 . 2004-08-04 01:15 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2008-04-25 23:01 . 2004-08-04 02:35 58,624 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2008-04-25 23:01 . 2001-08-18 00:00 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2008-04-25 23:01 . 2004-08-04 01:07 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
2008-04-25 23:01 . 2004-08-04 00:58 7,552 --a------ C:\WINDOWS\system32\drivers\MSKSSRV.sys
2008-04-25 23:01 . 2004-08-04 00:58 5,376 --a------ C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2008-04-25 23:01 . 2001-08-17 23:59 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-26 09:47 267,136 ----a-w C:\WINDOWS\system32\drivers\sis7012.sys
2008-04-26 09:47 115,864 ----a-w C:\WINDOWS\system32\a3d.dll
2008-04-26 09:46 36,992 ----a-w C:\WINDOWS\system32\drivers\SISAGPX.SYS
2008-04-25 19:19 --------- d-----w C:\Program Files\microsoft frontpage
2008-04-25 19:16 --------- d-----w C:\Program Files\Usługi online
2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-06 14:29 962,560 ----a-w C:\WINDOWS\system32\VSFilter.dll
2008-03-01 13:02 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:38 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360]
"Steam"="d:\fenek73\steam\steam.exe" [2008-04-26 13:52 1271032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 16:41 45056]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= ffdshow.ax
"msacm.ac3filter"= ac3filter.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R3 SiS7012;Service for AC'97 Sample Driver (WDM);C:\WINDOWS\system32\drivers\sis7012.sys [2008-04-26 11:47]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\Recycled\ctfmon.exe
\Shell\Open(&O)\command - C:\Recycled\Recycled\ctfmon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
\Shell\Open(&0)\command - D:\Recycled\ctfmon.exe

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-04-26 13:35:49 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-26 16:57:42
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-26 16:59:44
ComboFix-quarantined-files.txt 2008-04-26 14:59:21
ComboFix2.txt 2008-04-26 14:11:24

Pre-Run: 3,351,871,488 bajtów wolnych
Post-Run: 3,344,773,120 bajtów wolnych

139 --- E O F --- 2008-04-26 11:27:17

[wojtas]

wklej do notatnika

Windows Registry Editor Version 5.00

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]

w notatniku u góry>>>plik zapisz jako>>>Zmien rozszerzenie z TXT na Wszystkie pliki *.* >>> Zapisz pod nazwą FIX.REG

Klikasz dwa razy na powstały plik fix i dodajesz go do rejestru....

[fenek73]

No zrobilem, ale Wyszukaj, Otworz, Otworz, Eksploruj jest nadal

[wojtas]

daj nowy log z combo

[fenek73]

ComboFix 08-04-24.1 - fenek73 2008-04-27 10:20:24.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.280 [GMT 2:00]
Running from: D:\fenek73\Programy\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-03-27 to 2008-04-27 )))))))))))))))))))))))))))))))
.

2008-04-26 19:06 . 2008-04-27 10:05 <DIR> d-------- C:\Documents and Settings\fenek73\Dane aplikacji\skypePM
2008-04-26 19:06 . 2008-04-26 19:06 32 --a------ C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat
2008-04-26 19:03 . 2008-04-27 10:06 <DIR> d-------- C:\Documents and Settings\fenek73\Dane aplikacji\Skype
2008-04-26 18:51 . 2008-04-26 18:51 <DIR> d-------- C:\Program Files\Skype
2008-04-26 18:51 . 2008-04-26 18:51 <DIR> d-------- C:\Program Files\Google
2008-04-26 18:51 . 2008-04-26 18:51 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-04-26 18:51 . 2008-04-26 18:51 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Skype
2008-04-26 18:21 . 2008-04-26 18:22 <DIR> d-------- C:\Program Files\Unlocker
2008-04-26 17:52 . 2008-04-26 17:52 <DIR> d-------- C:\Program Files\Alex Buturuga
2008-04-26 16:36 . 2008-04-26 16:40 <DIR> d-------- C:\Program Files\RegCleaner
2008-04-26 15:45 . 2008-04-26 15:45 <DIR> d-------- C:\Documents and Settings\fenek73\Dane aplikacji\Ahead
2008-04-26 15:43 . 2008-04-26 15:43 <DIR> d-------- C:\Program Files\Common Files\Ahead
2008-04-26 15:43 . 2008-04-26 15:43 <DIR> d-------- C:\Program Files\Ahead
2008-04-26 15:43 . 2001-07-06 14:41 569,344 -ra------ C:\WINDOWS\system32\imagr5.dll
2008-04-26 15:43 . 2001-07-06 12:44 544,768 -ra------ C:\WINDOWS\system32\imagx5.dll
2008-04-26 15:43 . 2001-07-06 18:24 283,920 -ra------ C:\WINDOWS\system32\ImagXpr5.dll
2008-04-26 15:43 . 2001-07-09 11:50 155,648 -ra------ C:\WINDOWS\system32\NeroCheck.exe
2008-04-26 15:43 . 2001-06-26 08:15 38,912 -ra------ C:\WINDOWS\system32\picn20.dll
2008-04-26 14:57 . 2001-04-04 14:00 245,760 --------- C:\WINDOWS\system32\DECO_32.DLL
2008-04-26 14:56 . 2008-04-26 16:36 <DIR> d-------- C:\Program Files\WSPWNOUP2006
2008-04-26 14:56 . 1998-11-13 14:10 307,200 --a------ C:\WINDOWS\IsUn0415.exe
2008-04-26 14:54 . 2008-04-26 15:28 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2008-04-26 14:50 . 2008-04-26 14:50 <DIR> d-------- C:\Documents and Settings\fenek73\Dane aplikacji\DAEMON Tools
2008-04-26 14:50 . 2008-04-26 14:50 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-04-26 14:21 . 2008-04-26 14:21 <DIR> dr-hs---- C:\Recycled
2008-04-26 13:57 . 2008-04-26 13:57 <DIR> d-------- C:\Deckard
2008-04-26 13:18 . 2008-04-26 13:18 <DIR> d-------- C:\Documents and Settings\fenek73\Dane aplikacji\Media Player Classic
2008-04-26 13:01 . 2008-03-01 15:02 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-04-26 13:01 . 2007-04-17 11:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-04-26 13:01 . 2007-03-08 07:11 1,036,288 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-04-26 13:01 . 2008-03-01 15:02 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-04-26 13:01 . 2008-03-01 15:02 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-04-26 13:01 . 2008-03-01 15:02 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-04-26 13:01 . 2008-03-01 15:02 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-04-26 13:01 . 2008-03-01 15:02 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-04-26 13:01 . 2008-02-22 12:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-26 13:00 . 2008-04-26 13:02 <DIR> d-------- C:\WINDOWS\system32\pl-pl
2008-04-26 12:39 . 2008-04-26 12:39 <DIR> d-------- C:\Documents and Settings\fenek73\Dane aplikacji\Gadu-Gadu
2008-04-26 12:37 . 2008-04-26 12:37 <DIR> d-------- C:\Program Files\Gadu-Gadu
2008-04-26 12:37 . 2008-04-26 18:43 <DIR> d-------- C:\Documents and Settings\fenek73\Gadu-Gadu
2008-04-26 12:15 . 2008-04-26 12:15 <DIR> d-------- C:\Program Files\XP Codec Pack
2008-04-26 12:15 . 2007-08-18 08:54 380,928 --a------ C:\WINDOWS\system32\ac3filter.acm
2008-04-26 12:12 . 2008-04-26 12:16 <DIR> d-------- C:\Program Files\Winamp
2008-04-26 12:12 . 2008-04-26 17:46 <DIR> d-------- C:\Documents and Settings\fenek73\Dane aplikacji\Winamp
2008-04-26 12:10 . 2008-04-26 12:10 1,169 --a------ C:\WINDOWS\mozver.dat
2008-04-26 12:01 . 2008-04-26 12:01 0 --a------ C:\WINDOWS\nsreg.dat
2008-04-26 11:52 . 2008-04-26 11:52 <DIR> d-------- C:\Documents and Settings\fenek73\Dane aplikacji\ATI
2008-04-26 11:48 . 2008-04-26 11:48 <DIR> d-------- C:\Program Files\SiS7012
2008-04-26 11:47 . 2008-04-26 11:47 <DIR> d-------- C:\Program Files\sisagp
2008-04-26 11:40 . 2008-04-26 12:08 <DIR> d-------- C:\Program Files\MarPlayer
2008-04-26 11:39 . 2008-04-26 13:25 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-04-26 11:39 . 2006-09-06 17:43 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-04-26 11:38 . 2008-04-26 11:47 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2008-04-26 11:38 . 2008-04-26 11:40 <DIR> d-------- C:\Program Files\ATI Technologies
2008-04-26 11:38 . 2006-05-03 11:57 520,192 --------- C:\WINDOWS\system32\ati2sgag.exe
2008-04-26 11:23 . 2008-04-26 11:46 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2008-04-26 11:22 . 2008-04-26 11:22 <DIR> d-------- C:\ATI
2008-04-26 11:05 . 2008-04-26 11:05 <DIR> d-------- C:\Program Files\Windows Defender
2008-04-26 10:43 . 2008-04-26 10:43 13,646 --a------ C:\WINDOWS\system32\wpa.bak
2008-04-25 23:02 . 2006-06-14 11:00 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2008-04-25 23:02 . 2006-06-14 10:47 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2008-04-25 23:02 . 2004-08-04 00:58 4,992 --a------ C:\WINDOWS\system32\drivers\MSPQM.sys
2008-04-25 23:02 . 2004-08-04 01:07 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2008-04-25 23:01 . 2006-06-14 10:47 172,416 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2008-04-25 23:01 . 2006-02-15 02:22 142,464 --a------ C:\WINDOWS\system32\drivers\aec.sys
2008-04-25 23:01 . 2004-08-04 01:15 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2008-04-25 23:01 . 2004-08-04 02:35 58,624 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2008-04-25 23:01 . 2001-08-18 00:00 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2008-04-25 23:01 . 2004-08-04 01:07 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
2008-04-25 23:01 . 2004-08-04 00:58 7,552 --a------ C:\WINDOWS\system32\drivers\MSKSSRV.sys
2008-04-25 23:01 . 2004-08-04 00:58 5,376 --a------ C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2008-04-25 23:01 . 2001-08-17 23:59 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-26 09:47 267,136 ----a-w C:\WINDOWS\system32\drivers\sis7012.sys
2008-04-26 09:47 115,864 ----a-w C:\WINDOWS\system32\a3d.dll
2008-04-26 09:46 36,992 ----a-w C:\WINDOWS\system32\drivers\SISAGPX.SYS
2008-04-25 19:19 --------- d-----w C:\Program Files\microsoft frontpage
2008-04-25 19:16 --------- d-----w C:\Program Files\Usługi online
2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-06 14:29 962,560 ----a-w C:\WINDOWS\system32\VSFilter.dll
2008-03-01 13:02 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:38 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360]
"Steam"="d:\fenek73\steam\steam.exe" [2008-04-26 13:52 1271032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 16:41 45056]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= ffdshow.ax
"msacm.ac3filter"= ac3filter.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"D:\\fenek73\\Steam\\steamapps\\fenek73\\counter-strike\\hl.exe"=

R3 SiS7012;Service for AC'97 Sample Driver (WDM);C:\WINDOWS\system32\drivers\sis7012.sys [2008-04-26 11:47]

.
Contents of the 'Scheduled Tasks' folder
"2008-04-27 08:06:49 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-27 10:22:09
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-27 10:23:39
ComboFix-quarantined-files.txt 2008-04-27 08:23:28
ComboFix2.txt 2008-04-26 14:59:44

Pre-Run: 3,253,092,352 bajtów wolnych
Post-Run: 3,249,094,656 bajtów wolnych

145 --- E O F --- 2008-04-26 11:27:17

[wojtas]

wklej do notatnika:

Folder::
C:\Recycled
D:\Recycled

Plik >>> zapisz jako CFScript.txt .Plik przeciągnij i upuść na ikonę ComboFixa (tak jak tu ) . odczekaj az wygeneruje sie nowy log i go daj na forum

[fenek73]

ComboFix 08-04-24.1 - fenek73 2008-04-27 10:49:48.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.321 [GMT 2:00]
Running from: D:\fenek73\Programy\ComboFix.exe
Command switches used :: D:\fenek73\Programy\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Recycled
C:\Recycled\desktop.ini
C:\Recycled\INFO2
C:\Recycled\Recycled\ctfmon.exe
D:\Autorun.inf
D:\Recycled
D:\Recycled\ctfmon.exe
D:\Recycled\desktop.ini
D:\Recycled\INFO2

.
((((((((((((((((((((((((( Files Created from 2008-03-27 to 2008-04-27 )))))))))))))))))))))))))))))))
.

2008-04-27 10:51 . 2008-04-27 10:51 <DIR> dr-hs---- C:\Recycled
2008-04-26 19:06 . 2008-04-27 10:05 <DIR> d-------- C:\Documents and Settings\fenek73\Dane aplikacji\skypePM
2008-04-26 19:06 . 2008-04-26 19:06 32 --a------ C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat
2008-04-26 19:03 . 2008-04-27 10:06 <DIR> d-------- C:\Documents and Settings\fenek73\Dane aplikacji\Skype
2008-04-26 18:51 . 2008-04-26 18:51 <DIR> d-------- C:\Program Files\Skype
2008-04-26 18:51 . 2008-04-26 18:51 <DIR> d-------- C:\Program Files\Google
2008-04-26 18:51 . 2008-04-26 18:51 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-04-26 18:51 . 2008-04-26 18:51 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Skype
2008-04-26 18:21 . 2008-04-26 18:22 <DIR> d-------- C:\Program Files\Unlocker
2008-04-26 17:52 . 2008-04-26 17:52 <DIR> d-------- C:\Program Files\Alex Buturuga
2008-04-26 16:36 . 2008-04-26 16:40 <DIR> d-------- C:\Program Files\RegCleaner
2008-04-26 15:45 . 2008-04-26 15:45 <DIR> d-------- C:\Documents and Settings\fenek73\Dane aplikacji\Ahead
2008-04-26 15:43 . 2008-04-26 15:43 <DIR> d-------- C:\Program Files\Common Files\Ahead
2008-04-26 15:43 . 2008-04-26 15:43 <DIR> d-------- C:\Program Files\Ahead
2008-04-26 15:43 . 2001-07-06 14:41 569,344 -ra------ C:\WINDOWS\system32\imagr5.dll
2008-04-26 15:43 . 2001-07-06 12:44 544,768 -ra------ C:\WINDOWS\system32\imagx5.dll
2008-04-26 15:43 . 2001-07-06 18:24 283,920 -ra------ C:\WINDOWS\system32\ImagXpr5.dll
2008-04-26 15:43 . 2001-07-09 11:50 155,648 -ra------ C:\WINDOWS\system32\NeroCheck.exe
2008-04-26 15:43 . 2001-06-26 08:15 38,912 -ra------ C:\WINDOWS\system32\picn20.dll
2008-04-26 14:57 . 2001-04-04 14:00 245,760 --------- C:\WINDOWS\system32\DECO_32.DLL
2008-04-26 14:56 . 2008-04-26 16:36 <DIR> d-------- C:\Program Files\WSPWNOUP2006
2008-04-26 14:56 . 1998-11-13 14:10 307,200 --a------ C:\WINDOWS\IsUn0415.exe
2008-04-26 14:54 . 2008-04-26 15:28 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2008-04-26 14:50 . 2008-04-26 14:50 <DIR> d-------- C:\Documents and Settings\fenek73\Dane aplikacji\DAEMON Tools
2008-04-26 14:50 . 2008-04-26 14:50 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-04-26 13:57 . 2008-04-26 13:57 <DIR> d-------- C:\Deckard
2008-04-26 13:18 . 2008-04-26 13:18 <DIR> d-------- C:\Documents and Settings\fenek73\Dane aplikacji\Media Player Classic
2008-04-26 13:01 . 2008-03-01 15:02 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-04-26 13:01 . 2007-04-17 11:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-04-26 13:01 . 2007-03-08 07:11 1,036,288 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-04-26 13:01 . 2008-03-01 15:02 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-04-26 13:01 . 2008-03-01 15:02 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-04-26 13:01 . 2008-03-01 15:02 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-04-26 13:01 . 2008-03-01 15:02 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-04-26 13:01 . 2008-03-01 15:02 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-04-26 13:01 . 2008-02-22 12:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-26 13:00 . 2008-04-26 13:02 <DIR> d-------- C:\WINDOWS\system32\pl-pl
2008-04-26 12:39 . 2008-04-26 12:39 <DIR> d-------- C:\Documents and Settings\fenek73\Dane aplikacji\Gadu-Gadu
2008-04-26 12:37 . 2008-04-26 12:37 <DIR> d-------- C:\Program Files\Gadu-Gadu
2008-04-26 12:37 . 2008-04-26 18:43 <DIR> d-------- C:\Documents and Settings\fenek73\Gadu-Gadu
2008-04-26 12:15 . 2008-04-26 12:15 <DIR> d-------- C:\Program Files\XP Codec Pack
2008-04-26 12:15 . 2007-08-18 08:54 380,928 --a------ C:\WINDOWS\system32\ac3filter.acm
2008-04-26 12:12 . 2008-04-26 12:16 <DIR> d-------- C:\Program Files\Winamp
2008-04-26 12:12 . 2008-04-26 17:46 <DIR> d-------- C:\Documents and Settings\fenek73\Dane aplikacji\Winamp
2008-04-26 12:10 . 2008-04-26 12:10 1,169 --a------ C:\WINDOWS\mozver.dat
2008-04-26 12:01 . 2008-04-26 12:01 0 --a------ C:\WINDOWS\nsreg.dat
2008-04-26 11:52 . 2008-04-26 11:52 <DIR> d-------- C:\Documents and Settings\fenek73\Dane aplikacji\ATI
2008-04-26 11:48 . 2008-04-26 11:48 <DIR> d-------- C:\Program Files\SiS7012
2008-04-26 11:47 . 2008-04-26 11:47 <DIR> d-------- C:\Program Files\sisagp
2008-04-26 11:40 . 2008-04-26 12:08 <DIR> d-------- C:\Program Files\MarPlayer
2008-04-26 11:39 . 2008-04-26 13:25 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-04-26 11:39 . 2006-09-06 17:43 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-04-26 11:38 . 2008-04-26 11:47 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2008-04-26 11:38 . 2008-04-26 11:40 <DIR> d-------- C:\Program Files\ATI Technologies
2008-04-26 11:38 . 2006-05-03 11:57 520,192 --------- C:\WINDOWS\system32\ati2sgag.exe
2008-04-26 11:23 . 2008-04-26 11:46 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2008-04-26 11:22 . 2008-04-26 11:22 <DIR> d-------- C:\ATI
2008-04-26 11:05 . 2008-04-26 11:05 <DIR> d-------- C:\Program Files\Windows Defender
2008-04-26 10:43 . 2008-04-26 10:43 13,646 --a------ C:\WINDOWS\system32\wpa.bak
2008-04-25 23:02 . 2006-06-14 11:00 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2008-04-25 23:02 . 2006-06-14 10:47 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2008-04-25 23:02 . 2004-08-04 00:58 4,992 --a------ C:\WINDOWS\system32\drivers\MSPQM.sys
2008-04-25 23:02 . 2004-08-04 01:07 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2008-04-25 23:01 . 2006-06-14 10:47 172,416 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2008-04-25 23:01 . 2006-02-15 02:22 142,464 --a------ C:\WINDOWS\system32\drivers\aec.sys
2008-04-25 23:01 . 2004-08-04 01:15 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2008-04-25 23:01 . 2004-08-04 02:35 58,624 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2008-04-25 23:01 . 2001-08-18 00:00 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2008-04-25 23:01 . 2004-08-04 01:07 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
2008-04-25 23:01 . 2004-08-04 00:58 7,552 --a------ C:\WINDOWS\system32\drivers\MSKSSRV.sys
2008-04-25 23:01 . 2004-08-04 00:58 5,376 --a------ C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2008-04-25 23:01 . 2001-08-17 23:59 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-26 09:47 267,136 ----a-w C:\WINDOWS\system32\drivers\sis7012.sys
2008-04-26 09:47 115,864 ----a-w C:\WINDOWS\system32\a3d.dll
2008-04-26 09:46 36,992 ----a-w C:\WINDOWS\system32\drivers\SISAGPX.SYS
2008-04-25 19:19 --------- d-----w C:\Program Files\microsoft frontpage
2008-04-25 19:16 --------- d-----w C:\Program Files\Usługi online
2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-06 14:29 962,560 ----a-w C:\WINDOWS\system32\VSFilter.dll
2008-03-01 13:02 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:38 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360]
"Steam"="d:\fenek73\steam\steam.exe" [2008-04-26 13:52 1271032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 16:41 45056]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= ffdshow.ax
"msacm.ac3filter"= ac3filter.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"D:\\fenek73\\Steam\\steamapps\\fenek73\\counter-strike\\hl.exe"=

R3 SiS7012;Service for AC'97 Sample Driver (WDM);C:\WINDOWS\system32\drivers\sis7012.sys [2008-04-26 11:47]

.
Contents of the 'Scheduled Tasks' folder
"2008-04-27 08:06:49 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-27 10:51:38
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-27 10:53:31
ComboFix-quarantined-files.txt 2008-04-27 08:53:10
ComboFix2.txt 2008-04-27 08:23:39
ComboFix3.txt 2008-04-26 14:59:44

Pre-Run: 3,237,838,848 bajtów wolnych
Post-Run: 3,233,202,176 bajtów wolnych

155 --- E O F --- 2008-04-26 11:27:17

[wojtas]

sciagnij i zainstaluj"

http://www.programosy.pl/program,kerio-personal-firewall.html

wklej do notatnika:

Folder::
C:\Recycled
D:\Recycled

Plik >>> zapisz jako CFScript.txt .Plik przeciągnij i upuść na ikonę ComboFixa (tak jak tu ) . odczekaj az wygeneruje sie nowy log i go daj na forum oraz loga z dss'a oraz loga z silent runners (jesli sie nie zmieszczą to wrzuć na jakis serwer)

[fenek73]

ComboFix 08-04-24.1 - fenek73 2008-04-27 20:08:17.5 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.272 [GMT 2:00]
Running from: D:\Programy\ComboFix.exe
Command switches used :: D:\Programy\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Recycled
C:\Recycled\INFO2
C:\Recycled\Recycled\ctfmon.exe
D:\Autorun.inf
D:\Recycled
D:\Recycled\ctfmon.exe
D:\Recycled\desktop.ini
D:\Recycled\INFO2

.
((((((((((((((((((((((((( Files Created from 2008-03-27 to 2008-04-27 )))))))))))))))))))))))))))))))
.

2008-04-27 19:41 . 2008-04-27 20:06 <DIR> d-------- C:\Program Files\Personal Firewall
2008-04-27 19:24 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-04-27 16:46 . 2008-04-27 16:46 <DIR> d-------- C:\Program Files\Teamspeak2_RC2
2008-04-27 16:46 . 2008-04-27 16:50 <DIR> d-------- C:\Documents and Settings\fenek73\Dane aplikacji\teamspeak2
2008-04-27 16:46 . 2008-04-27 16:46 34,064 --a------ C:\WINDOWS\system32\lhacm.acm
2008-04-27 15:02 . 2008-04-27 15:02 <DIR> d-------- C:\WINDOWS\ERUNT
2008-04-27 15:00 . 2008-04-27 15:15 <DIR> d-------- C:\SDFix
2008-04-27 12:02 . 2008-04-27 13:50 <DIR> d-------- C:\Program Files\ArcaMicroScan
2008-04-26 19:06 . 2008-04-27 10:05 <DIR> d-------- C:\Documents and Settings\fenek73\Dane aplikacji\skypePM
2008-04-26 19:06 . 2008-04-26 19:06 32 --a------ C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat
2008-04-26 19:03 . 2008-04-27 10:06 <DIR> d-------- C:\Documents and Settings\fenek73\Dane aplikacji\Skype
2008-04-26 18:51 . 2008-04-26 18:51 <DIR> d-------- C:\Program Files\Skype
2008-04-26 18:51 . 2008-04-27 11:14 <DIR> d-------- C:\Program Files\Google
2008-04-26 18:51 . 2008-04-26 18:51 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-04-26 18:51 . 2008-04-26 18:51 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Skype
2008-04-26 18:21 . 2008-04-26 18:22 <DIR> d-------- C:\Program Files\Unlocker
2008-04-26 17:52 . 2008-04-26 17:52 <DIR> d-------- C:\Program Files\Alex Buturuga
2008-04-26 16:36 . 2008-04-26 16:40 <DIR> d-------- C:\Program Files\RegCleaner
2008-04-26 15:45 . 2008-04-26 15:45 <DIR> d-------- C:\Documents and Settings\fenek73\Dane aplikacji\Ahead
2008-04-26 15:43 . 2008-04-26 15:43 <DIR> d-------- C:\Program Files\Common Files\Ahead
2008-04-26 15:43 . 2008-04-26 15:43 <DIR> d-------- C:\Program Files\Ahead
2008-04-26 15:43 . 2001-07-06 14:41 569,344 -ra------ C:\WINDOWS\system32\imagr5.dll
2008-04-26 15:43 . 2001-07-06 12:44 544,768 -ra------ C:\WINDOWS\system32\imagx5.dll
2008-04-26 15:43 . 2001-07-06 18:24 283,920 -ra------ C:\WINDOWS\system32\ImagXpr5.dll
2008-04-26 15:43 . 2001-07-09 11:50 155,648 -ra------ C:\WINDOWS\system32\NeroCheck.exe
2008-04-26 15:43 . 2001-06-26 08:15 38,912 -ra------ C:\WINDOWS\system32\picn20.dll
2008-04-26 14:57 . 2001-04-04 14:00 245,760 --------- C:\WINDOWS\system32\DECO_32.DLL
2008-04-26 14:56 . 2008-04-26 16:36 <DIR> d-------- C:\Program Files\WSPWNOUP2006
2008-04-26 14:56 . 1998-11-13 14:10 307,200 --a------ C:\WINDOWS\IsUn0415.exe
2008-04-26 14:54 . 2008-04-26 15:28 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2008-04-26 14:50 . 2008-04-26 14:50 <DIR> d-------- C:\Documents and Settings\fenek73\Dane aplikacji\DAEMON Tools
2008-04-26 14:50 . 2008-04-26 14:50 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-04-26 13:57 . 2008-04-26 13:57 <DIR> d-------- C:\Deckard
2008-04-26 13:18 . 2008-04-26 13:18 <DIR> d-------- C:\Documents and Settings\fenek73\Dane aplikacji\Media Player Classic
2008-04-26 13:01 . 2008-03-01 15:02 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-04-26 13:01 . 2007-04-17 11:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-04-26 13:01 . 2007-03-08 07:11 1,036,288 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-04-26 13:01 . 2008-03-01 15:02 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-04-26 13:01 . 2008-03-01 15:02 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-04-26 13:01 . 2008-03-01 15:02 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-04-26 13:01 . 2008-03-01 15:02 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-04-26 13:01 . 2008-03-01 15:02 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-04-26 13:01 . 2008-02-22 12:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-26 13:00 . 2008-04-26 13:02 <DIR> d-------- C:\WINDOWS\system32\pl-pl
2008-04-26 12:39 . 2008-04-26 12:39 <DIR> d-------- C:\Documents and Settings\fenek73\Dane aplikacji\Gadu-Gadu
2008-04-26 12:37 . 2008-04-26 12:37 <DIR> d-------- C:\Program Files\Gadu-Gadu
2008-04-26 12:37 . 2008-04-26 18:43 <DIR> d-------- C:\Documents and Settings\fenek73\Gadu-Gadu
2008-04-26 12:15 . 2008-04-26 12:15 <DIR> d-------- C:\Program Files\XP Codec Pack
2008-04-26 12:15 . 2007-08-18 08:54 380,928 --a------ C:\WINDOWS\system32\ac3filter.acm
2008-04-26 12:12 . 2008-04-26 12:16 <DIR> d-------- C:\Program Files\Winamp
2008-04-26 12:12 . 2008-04-26 17:46 <DIR> d-------- C:\Documents and Settings\fenek73\Dane aplikacji\Winamp
2008-04-26 12:10 . 2008-04-26 12:10 1,169 --a------ C:\WINDOWS\mozver.dat
2008-04-26 12:01 . 2008-04-26 12:01 0 --a------ C:\WINDOWS\nsreg.dat
2008-04-26 11:52 . 2008-04-26 11:52 <DIR> d-------- C:\Documents and Settings\fenek73\Dane aplikacji\ATI
2008-04-26 11:48 . 2008-04-26 11:48 <DIR> d-------- C:\Program Files\SiS7012
2008-04-26 11:47 . 2008-04-26 11:47 <DIR> d-------- C:\Program Files\sisagp
2008-04-26 11:40 . 2008-04-26 12:08 <DIR> d-------- C:\Program Files\MarPlayer
2008-04-26 11:39 . 2008-04-26 13:25 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-04-26 11:39 . 2006-09-06 17:43 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-04-26 11:38 . 2008-04-26 11:47 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2008-04-26 11:38 . 2008-04-26 11:40 <DIR> d-------- C:\Program Files\ATI Technologies
2008-04-26 11:38 . 2006-05-03 11:57 520,192 --------- C:\WINDOWS\system32\ati2sgag.exe
2008-04-26 11:23 . 2008-04-26 11:46 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2008-04-26 11:22 . 2008-04-26 11:22 <DIR> d-------- C:\ATI
2008-04-26 11:05 . 2008-04-26 11:05 <DIR> d-------- C:\Program Files\Windows Defender
2008-04-26 10:43 . 2008-04-26 10:43 13,646 --a------ C:\WINDOWS\system32\wpa.bak
2008-04-25 23:02 . 2006-06-14 11:00 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2008-04-25 23:02 . 2006-06-14 10:47 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2008-04-25 23:02 . 2004-08-04 00:58 4,992 --a------ C:\WINDOWS\system32\drivers\MSPQM.sys
2008-04-25 23:02 . 2004-08-04 01:07 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2008-04-25 23:01 . 2006-06-14 10:47 172,416 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2008-04-25 23:01 . 2006-02-15 02:22 142,464 --a------ C:\WINDOWS\system32\drivers\aec.sys
2008-04-25 23:01 . 2004-08-04 01:15 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2008-04-25 23:01 . 2004-08-04 02:35 58,624 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2008-04-25 23:01 . 2001-08-18 00:00 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2008-04-25 23:01 . 2004-08-04 01:07 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
2008-04-25 23:01 . 2004-08-04 00:58 7,552 --a------ C:\WINDOWS\system32\drivers\MSKSSRV.sys
2008-04-25 23:01 . 2004-08-04 00:58 5,376 --a------ C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2008-04-25 23:01 . 2001-08-17 23:59 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-26 09:47 267,136 ----a-w C:\WINDOWS\system32\drivers\sis7012.sys
2008-04-26 09:47 115,864 ----a-w C:\WINDOWS\system32\a3d.dll
2008-04-26 09:46 36,992 ----a-w C:\WINDOWS\system32\drivers\SISAGPX.SYS
2008-04-25 19:19 --------- d-----w C:\Program Files\microsoft frontpage
2008-04-25 19:16 --------- d-----w C:\Program Files\Usługi online
2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-06 14:29 962,560 ----a-w C:\WINDOWS\system32\VSFilter.dll
2008-03-01 13:02 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:38 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
.

((((((((((((((((((((((((((((( snapshot@2008-04-27_10.23.16,14 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-27 08:03:40 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-27 18:05:42 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2006-07-11 07:41:36 345,656 ----a-w C:\WINDOWS\Downloaded Program Files\ewidoOnlineScan.dll
+ 2008-04-26 03:39:35 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2008-04-27 13:02:45 1,581,056 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
+ 2008-04-27 13:02:45 32,768 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2008-04-26 03:39:35 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-04-27 13:02:41 1,581,056 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\NTUSER.DAT
+ 2008-04-27 13:02:41 32,768 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
+ 2008-04-27 17:41:47 18,718 ----a-r C:\WINDOWS\Installer\{BFD080F6-3BF0-40E1-9507-9CA969C35870}\ARPPRODUCTICON.exe
+ 2008-04-27 17:41:47 18,718 ----a-r C:\WINDOWS\Installer\{BFD080F6-3BF0-40E1-9507-9CA969C35870}\NewShortcut1_E659E0EE10E649B7869660F38D0EB174.exe
+ 2008-04-27 17:41:47 18,718 ----a-r C:\WINDOWS\Installer\{BFD080F6-3BF0-40E1-9507-9CA969C35870}\NewShortcut2_8315396A5EA1419DBEC4978284BDF556.exe
+ 2007-07-20 10:01:52 767,280 ----a-w C:\WINDOWS\system32\ArcaMicroScanUpdater.exe
+ 2007-07-20 08:34:38 847,872 ----a-w C:\WINDOWS\system32\ArcaOnline.dll
+ 2005-03-04 12:01:24 139,264 ----a-w C:\WINDOWS\system32\ArcaOnlineUninstall.exe
+ 2007-04-26 08:21:30 302,000 ----a-w C:\WINDOWS\system32\drivers\fwdrv.sys
+ 2007-04-26 08:21:34 72,624 ----a-w C:\WINDOWS\system32\drivers\khips.sys
+ 2004-08-03 21:08:48 26,496 ----a-w C:\WINDOWS\system32\drivers\USBSTOR.SYS
+ 2003-03-18 19:20:00 1,060,864 ----a-w C:\WINDOWS\system32\mfc71.dll
+ 2003-03-18 19:12:12 1,047,552 ----a-w C:\WINDOWS\system32\mfc71u.dll
+ 2003-03-18 18:14:52 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 16:41 45056]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= ffdshow.ax
"msacm.ac3filter"= ac3filter.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"D:\\fenek73\\Steam\\steamapps\\fenek73\\counter-strike\\hl.exe"=

R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2007-04-26 10:21]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2007-04-26 10:21]
R2 SPF4;Sunbelt Personal Firewall 4;"C:\Program Files\Personal Firewall\kpf4ss.exe" [2007-04-26 10:21]
R3 SiS7012;Service for AC'97 Sample Driver (WDM);C:\WINDOWS\system32\drivers\sis7012.sys [2008-04-26 11:47]
S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]

*Newly Created Service* - FWDRV
*Newly Created Service* - KHIPS
*Newly Created Service* - SPF4
.
Contents of the 'Scheduled Tasks' folder
"2008-04-27 18:08:55 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-27 20:12:37
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-27 20:15:05
ComboFix-quarantined-files.txt 2008-04-27 18:14:59
ComboFix2.txt 2008-04-27 08:53:32
ComboFix3.txt 2008-04-27 08:23:39
ComboFix4.txt 2008-04-26 14:59:44

Pre-Run: 3,026,223,104 bajtów wolnych
Post-Run: 3,046,162,432 bajtów wolnych

194 --- E O F --- 2008-04-26 11:27:17

[wojtas]

Czysto, wykonaj:

1. Ściągnij OTMoveIt i go włacz i odpal go z opcji CleanUp
2. wykonaj optymalizację windowsa
3.sciagnij ATF_Cleaner
zaznacz
Windows Temp
All users Temp
Temporary internet files
Recycle Bin
i wcisnij EMPTY SELECTED
4.Wyłącz przywracanie systemu ( właściwości mój komputer-zakładka przywracanie - wyłącz przywracanie na wszystkich dyskach). Po chwili włącz je powrotem

[fenek73]

Jeśli nie wiesz jakie wpisy odznaczyć zapytaj sie na forum

No wiec sie pytam :

[Okocza]

możesz wyłączyć nero i winampa, ctfmon

[fenek73]

Czysto, wykonaj:

1. Ściągnij OTMoveIt i go włacz i odpal go z opcji CleanUp
2. wykonaj optymalizację windowsa
3.sciagnij ATF_Cleaner
zaznacz
Windows Temp
All users Temp
Temporary internet files
Recycle Bin
i wcisnij EMPTY SELECTED
4.Wyłącz przywracanie systemu ( właściwości mój komputer-zakładka przywracanie - wyłącz przywracanie na wszystkich dyskach). Po chwili włącz je powrotem

Wykonane

[Okocza]

żeby komp nie zamulał

możesz wyłączyć nero i winampa, ctfmon

[fenek73]

To co panowie ? Nie da rady naprawic tego ?

[Magik]

Kod: Zaznacz wszystko

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\Directory]
@="Folder plików"
"AlwaysShowExt"=""
"EditFlags"=dword:000001d2
"InfoTip"="prop:DocComments"
"BrowserFlags"=dword:00000008

[HKEY_CLASSES_ROOT\Directory\DefaultIcon]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,68,00,\
65,00,6c,00,6c,00,33,00,32,00,2e,00,64,00,6c,00,6c,00,2c,00,33,00,00,00

[HKEY_CLASSES_ROOT\Directory\shell]
@="none"

[HKEY_CLASSES_ROOT\Directory\shell\Wyszukaj]
"SuppressionPolicy"=dword:00000080

[HKEY_CLASSES_ROOT\Directory\shell\Wyszukaj\command]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
00,5c,00,45,00,78,00,70,00,6c,00,6f,00,72,00,65,00,72,00,2e,00,65,00,78,00,\
65,00,00,00

[HKEY_CLASSES_ROOT\Directory\shell\Wyszukaj\ddeexec]
@="[FindFolder(\"%l\", %I)]"
"NoActivateHandler"=""

[HKEY_CLASSES_ROOT\Directory\shell\Wyszukaj\ddeexec\application]
@="Folders"

[HKEY_CLASSES_ROOT\Directory\shell\Wyszukaj\ddeexec\topic]
@="AppProperties"

[HKEY_CLASSES_ROOT\Folder]
@="Folder"
"EditFlags"=dword:000003d2
"TileInfo"="prop:Size"
"BrowserFlags"=dword:00000008

[HKEY_CLASSES_ROOT\Folder\DefaultIcon]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,68,00,\
65,00,6c,00,6c,00,33,00,32,00,2e,00,64,00,6c,00,6c,00,2c,00,33,00,00,00

[HKEY_CLASSES_ROOT\Folder\shell]
@="Otwórz"

[HKEY_CLASSES_ROOT\Folder\shell\Eksploruj]
"BrowserFlags"=dword:00000022
"ExplorerFlags"=dword:00000021

[HKEY_CLASSES_ROOT\Folder\shell\Eksploruj\command]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
00,5c,00,45,00,78,00,70,00,6c,00,6f,00,72,00,65,00,72,00,2e,00,65,00,78,00,\
65,00,20,00,2f,00,65,00,2c,00,2f,00,69,00,64,00,6c,00,69,00,73,00,74,00,2c,\
00,25,00,49,00,2c,00,25,00,4c,00,00,00

[HKEY_CLASSES_ROOT\Folder\shell\Eksploruj\ddeexec]
@="[ExploreFolder(\"%l\", %I, %S)]"
"NoActivateHandler"=""

[HKEY_CLASSES_ROOT\Folder\shell\Eksploruj\ddeexec\application]
@="Folders"

[HKEY_CLASSES_ROOT\Folder\shell\Eksploruj\ddeexec\ifexec]
@="[]"

[HKEY_CLASSES_ROOT\Folder\shell\Eksploruj\ddeexec\topic]
@="AppProperties"

[HKEY_CLASSES_ROOT\Folder\shell\Otwórz]
"BrowserFlags"=dword:00000010
"ExplorerFlags"=dword:00000012

[HKEY_CLASSES_ROOT\Folder\shell\Otwórz\command]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
00,5c,00,45,00,78,00,70,00,6c,00,6f,00,72,00,65,00,72,00,2e,00,65,00,78,00,\
65,00,20,00,2f,00,69,00,64,00,6c,00,69,00,73,00,74,00,2c,00,25,00,49,00,2c,\
00,25,00,4c,00,00,00

[HKEY_CLASSES_ROOT\Folder\shell\Otwórz\ddeexec]
@="[ViewFolder(\"%l\", %I, %S)]"
"NoActivateHandler"=""

[HKEY_CLASSES_ROOT\Folder\shell\Otwórz\ddeexec\application]
@="Folders"

[HKEY_CLASSES_ROOT\Folder\shell\Otwórz\ddeexec\ifexec]
@="[]"

[HKEY_CLASSES_ROOT\Folder\shell\Otwórz\ddeexec\topic]
@="AppProperties"

zapisz jako .reg, odpal i nastepnie restart

Możesz także spróbować usunąć plik autorun.inf.......

[fenek73]

Nadal zle :

Wyszukaj, Otworz, Eksploruj, Eksploruj, Otworz

[Magik]

To sprobuj jeszcze tak

Kod: Zaznacz wszystko

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive]
@="Dysk"
"EditFlags"=dword:000001d2
"BrowserFlags"=dword:00000008

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\DefaultIcon]
@=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,32,5c,73,\
  68,65,6c,6c,33,32,2e,64,6c,6c,2c,38,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shell]
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shell\find]
"SuppressionPolicy"=dword:00000080

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shell\find\command]
@=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,45,78,70,6c,6f,72,65,72,2e,65,\
  78,65,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shell\find\ddeexec]
@="[FindFolder(\"%l\", %I)]"
"NoActivateHandler"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shell\find\ddeexec\application]
@="Folders"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shell\find\ddeexec\topic]
@="AppProperties"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers\Offline Files]
@="{750fdf0e-2a26-11d1-a3ea-080036587f03}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers\Sharing]
@="{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers\{59099400-57FF-11CE-BD94-0020AF85B590}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers\{fbeb8a05-beee-4442-804e-409d6c4515e9}]
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\FolderExtensions]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}]
@=""
"DriveMask"=dword:00000020

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\PropertySheetHandlers]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\PropertySheetHandlers\Sharing]
@="{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\PropertySheetHandlers\{1F2E5C40-9550-11CE-99D2-00AA006E086C}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\PropertySheetHandlers\{596AB062-B4D2-4215-9F74-E9109B0A8153}]
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\PropertySheetHandlers\{7988B573-EC89-11cf-9C00-00AA00A14F56}]
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\PropertySheetHandlers\{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\PropertySheetHandlers\{fbeb8a05-beee-4442-804e-409d6c4515e9}]
@=""

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\Drive]
@="Dysk"
"EditFlags"=hex:d2,01,00,00

[HKEY_CLASSES_ROOT\Drive\DefaultIcon]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,68,00,\
65,00,6c,00,6c,00,33,00,32,00,2e,00,64,00,6c,00,6c,00,2c,00,38,00,00,00

[HKEY_CLASSES_ROOT\Drive\shell]
@="none"

[HKEY_CLASSES_ROOT\Drive\shell\find]
"SuppressionPolicy"=dword:00000080

[HKEY_CLASSES_ROOT\Drive\shell\find\command]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
00,5c,00,45,00,78,00,70,00,6c,00,6f,00,72,00,65,00,72,00,2e,00,65,00,78,00,\
65,00,00,00

[HKEY_CLASSES_ROOT\Drive\shell\find\ddeexec]
@="[FindFolder(\"%l\", %I)]"
"NoActivateHandler"=""

[HKEY_CLASSES_ROOT\Drive\shell\find\ddeexec\application]
@="Folders"

[HKEY_CLASSES_ROOT\Drive\shell\find\ddeexec\topic]
@="AppProperties"



standardowo dodaj do rejestru

[Dzi@dek]

zapisz jako .reg,

Zapisałeś ten plik w notatniku jako FIX.REG