nie jest prawidłową aplikacją systemu win32

[poczta125]

Witam! Chciałem zainstalować antywirusa pojawia mi się komunikat: "****nie jest prawidłową aplikacją systemu win32". Próbowałem instalować różne antywirusy. Ten komunikat występuje w programach głównie dotyczących bezpieczeństwa. Wcześniej wszystko działało ok tylko od jakiegoś czas(3 dni) pojawia się problem. Przeskanowałem kompa w trybie awaryjnym programem Kaspersky Virus Removal Tool, to co znalazł usunąłem. Log z HiJackThis(wersja w formacie .com bo przy normalnej .exe pojawiał się komunikat jw) :

Kod: Zaznacz wszystko

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:02:14, on 2008-04-08
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\WINDOWS\SMINST\Scheduler.exe
C:\Program Files\Hewlett-Packard\IAM\bin\asghost.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\AccelerometerSt.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\NEOSTR~1\CnxMon.exe
C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\PDF Complete\pdfsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\AutoConnect\AutoConnect.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Opera\Opera.exe
C:\Documents and Settings\Administrator\Pulpit\hijackthis.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\AccelerometerSt.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Wyślij do urządzenia &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O15 - Trusted Zone: http://*.mks.com.pl
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F34E1C17-5658-477B-B8BC-D45EB20B5EDD}: NameServer = 194.204.159.1 217.98.63.164
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: APSHook.dll
O20 - Winlogon Notify: OneCard - C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

--
End of file - 7819 bytes


[wojtas]

Ściągnij i zainstaluj UnHookExec.inf (po ściągnięciu prawym na plik, wybierasz opcję "zainstaluj")
http://securityresponse.symantec.com/avcenter/UnHookExec.inf
(PPM > zapisz jako)

daj loga z combofixa

[poczta125]

log z combofixa:

Kod: Zaznacz wszystko

ComboFix 08-04-07.5 - Administrator 2008-04-08 18:19:56.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1250.1.1045.18.548 [GMT 2:00]
Running from: C:\Documents and Settings\Administrator\Pulpit\ComboFix.exe

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
TimedOut: progfile.dat

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\ActivationManager
C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
C:\Program Files\myglobalsearch
C:\Program Files\myglobalsearch\bar\History\search
C:\WINDOWS\system32\ban_list.txt
C:\WINDOWS\system32\x64

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SROSA
-------\Legacy_ASBroker
-------\ASBroker


(((((((((((((((((((((((((   Files Created from 2008-03-08 to 2008-04-08  )))))))))))))))))))))))))))))))
.

2008-04-08 15:40 . 2008-04-08 16:15   <DIR>   d--------   C:\Program Files\SUPERAntiSpyware
2008-04-08 15:40 . 2008-04-08 15:40   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\SUPERAntiSpyware.com
2008-04-08 15:40 . 2008-04-08 16:16   <DIR>   d--------   C:\Documents and Settings\Administrator\Dane aplikacji\SUPERAntiSpyware.com
2008-04-08 12:55 . 2008-04-08 12:55   7,168   --a------   C:\Windows\system32\drivers\uti3ntyx.sys
2008-04-08 12:44 . 2008-04-08 12:51   57,376   --ahs----   C:\Windows\system32\drivers\fidbox.dat
2008-04-08 12:44 . 2008-04-08 12:51   1,748   --ahs----   C:\Windows\system32\drivers\fidbox.idx
2008-04-07 20:42 . 2008-04-07 20:42   <DIR>   d--------   C:\Documents and Settings\Administrator\Dane aplikacji\Apple Computer
2008-04-07 17:55 . 2008-04-07 17:57   <DIR>   d--------   C:\Windows\system32\NtmsData
2008-04-06 19:33 . 2008-04-06 19:33   <DIR>   d--------   C:\Program Files\Alwil Software
2008-04-06 16:29 . 2008-04-06 18:19   <DIR>   d--------   C:\Windows\BDOSCAN8
2008-04-06 16:05 . 2008-04-07 20:20   78,415   --a------   C:\Windows\system32\drivers\klif.cab
2008-04-06 15:28 . 2008-04-06 15:28   <DIR>   d--------   C:\Program Files\jv16 PowerTools
2008-04-05 20:36 . 2008-04-07 20:41   54,156   --ah-----   C:\Windows\QTFont.qfn
2008-04-05 20:36 . 2008-04-05 20:36   1,409   --a------   C:\Windows\QTFont.for
2008-04-05 20:35 . 2008-04-05 20:35   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\Apple Computer
2008-04-05 20:34 . 2008-04-05 20:34   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\Apple
2008-04-04 17:22 . 2008-04-06 17:26   <DIR>   d--------   C:\Program Files\HTV
2008-04-04 16:48 . 2008-04-07 23:24   <DIR>   d--------   C:\Windows\system32\drivers\downld
2008-04-04 15:57 . 2008-04-04 15:58   <DIR>   d--------   C:\Dev-C++
2008-04-04 15:56 . 2008-04-04 15:56   <DIR>   d--------   C:\Documents and Settings\Administrator\WINDOWS
2008-04-04 15:56 . 1996-07-18 13:06   297,472   --a------   C:\Windows\uninst.exe
2008-04-03 17:09 . 2008-04-03 17:10   <DIR>   d--------   C:\Program Files\HyCam2
2008-03-30 14:15 . 2008-03-30 14:38   <DIR>   d--------   C:\Documents and Settings\Administrator\Dane aplikacji\TeamViewer
2008-03-28 23:37 . 2008-03-28 23:37   90,112   --a------   C:\Windows\system32\QuickTimeVR.qtx
2008-03-28 23:37 . 2008-03-28 23:37   57,344   --a------   C:\Windows\system32\QuickTime.qts
2008-03-26 20:00 . 2008-03-26 20:00   <DIR>   d--------   C:\Documents and Settings\Administrator\Dane aplikacji\skypePM
2008-03-26 19:59 . 2008-03-26 19:59   <DIR>   d--------   C:\Program Files\Common Files\Skype
2008-03-26 19:59 . 2008-03-26 19:59   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\Skype
2008-03-26 19:59 . 2008-03-26 20:03   <DIR>   d--------   C:\Documents and Settings\Administrator\Dane aplikacji\Skype
2008-03-22 17:33 . 2008-03-22 17:33   <DIR>   d--------   C:\Program Files\SetEditOctagon
2008-03-15 23:02 . 2008-03-29 11:29   69   --a------   C:\Windows\NeroDigital.ini
2008-03-15 19:33 . 2008-03-15 19:33   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\LightScribe
2008-03-15 19:33 . 2008-03-15 19:33   <DIR>   d--------   C:\Documents and Settings\Administrator\Dane aplikacji\Nero
2008-03-15 19:30 . 2008-03-15 19:32   <DIR>   d--------   C:\Program Files\Nero
2008-03-15 19:30 . 2008-03-15 19:31   <DIR>   d--------   C:\Program Files\Common Files\Nero
2008-03-15 19:30 . 2008-03-15 19:34   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\Nero
2008-03-15 19:30 . 2006-03-17 12:45   1,757,184   --a------   C:\Windows\system32\imagX7.dll
2008-03-15 19:30 . 2006-03-17 12:45   802,816   --a------   C:\Windows\system32\imagXRA7.dll
2008-03-15 19:30 . 2006-03-17 12:45   497,296   --a------   C:\Windows\system32\imagXpr7.dll
2008-03-15 19:30 . 2006-03-17 15:49   368,640   --a------   C:\Windows\system32\TwnLib4.dll
2008-03-15 19:30 . 2006-03-17 12:45   258,048   --a------   C:\Windows\system32\imagXR7.dll
2008-03-15 14:37 . 2008-03-15 14:37   <DIR>   d--------   C:\Program Files\Common Files\DirectX
2008-03-15 14:03 . 2004-08-04 00:01   25,856   --a------   C:\Windows\system32\drivers\usbprint.sys
2008-03-15 14:03 . 2004-08-04 00:01   25,856   --a------   C:\Windows\system32\dllcache\usbprint.sys
2008-03-15 10:27 . 2008-03-15 10:28   38   --a------   C:\Windows\avisplitter.INI
2008-03-14 20:25 . 2008-03-14 20:29   <DIR>   d--------   C:\Documents and Settings\Administrator\Dane aplikacji\COWON
2008-03-14 20:13 . 2008-03-14 20:23   <DIR>   d--------   C:\Documents and Settings\Administrator\Dane aplikacji\Winamp
2008-03-14 09:22 . 2008-04-01 13:47   0   --a------   C:\Documents and Settings\Administrator\iphist.dat
2008-03-13 20:30 . 2008-04-01 11:10   <DIR>   d--------   C:\Windows\system32\wdrivers
2008-03-12 22:25 . 2008-03-12 22:25   <DIR>   d--------   C:\Program Files\Common Files\i4j_jres
2008-03-12 22:12 . 2008-03-12 22:12   <DIR>   d--------   C:\Documents and Settings\Administrator\sio_pliki_jednostki
2008-03-10 08:57 . 2006-08-21 11:14   128,896   ---------   C:\Windows\system32\dllcache\fltmgr.sys
2008-03-10 08:57 . 2006-08-21 11:14   23,040   ---------   C:\Windows\system32\dllcache\fltmc.exe
2008-03-10 08:57 . 2006-08-21 14:28   16,896   ---------   C:\Windows\system32\dllcache\fltlib.dll
2008-03-09 11:11 . 2007-07-09 15:11   584,192   ---------   C:\Windows\system32\dllcache\rpcrt4.dll
2008-03-09 11:00 . 2006-10-16 18:16   123,392   ---------   C:\Windows\system32\dllcache\oledlg.dll
2008-03-08 16:17 . 2008-03-08 16:17   <DIR>   d--------   C:\Windows\Sun
2008-03-08 14:42 . 2008-03-08 14:42   <DIR>   d--------   C:\Documents and Settings\Administrator\Dane aplikacji\vlc
2008-03-08 14:39 . 2008-03-08 14:39   <DIR>   d--------   C:\Documents and Settings\Administrator\Dane aplikacji\Media Player Classic
2008-03-08 10:42 . 2008-04-06 13:05   191   --a------   C:\Windows\usdthank.ini
2008-03-08 10:42 . 2008-03-08 10:42   31   --a------   C:\Windows\idc.ini

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-08 14:51   ---------   d-----w   C:\Program Files\AutoConnect
2008-04-08 14:08   ---------   d-----w   C:\Program Files\Opera
2008-04-06 14:01   ---------   d-----w   C:\Documents and Settings\All Users\Dane aplikacji\Symantec
2008-04-06 12:59   805   ----a-w   C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-04-06 12:59   10,740   ----a-w   C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-04-06 07:59   ---------   d-----w   C:\Program Files\Google
2008-04-05 18:35   ---------   d-----w   C:\Program Files\QuickTime
2008-04-04 18:38   ---------   d-----w   C:\Program Files\eMule
2008-04-03 15:08   ---------   d---a-w   C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2008-03-26 15:03   ---------   d-----w   C:\Program Files\Neostrada TP
2008-03-15 17:05   ---------   d-----w   C:\Program Files\Ahead
2008-03-15 14:55   ---------   d-----w   C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help
2008-03-15 13:34   ---------   d-----w   C:\Program Files\NAPI-PROJEKT
2008-03-14 18:29   ---------   d--h--w   C:\Program Files\InstallShield Installation Information
2008-03-14 18:12   ---------   d-----w   C:\Program Files\Winamp
2008-03-12 20:25   ---------   d-----w   C:\Program Files\SIO
2008-03-12 20:19   ---------   d-----w   C:\Program Files\Java
2008-03-09 21:49   ---------   d-----w   C:\Program Files\Adobe Photoshop CS2
2008-03-08 12:35   ---------   d-----w   C:\Program Files\K-Lite Codec Pack
2008-03-07 19:40   ---------   d-----w   C:\Program Files\Common Files\Adobe
2008-03-07 19:38   ---------   d-----w   C:\Program Files\Common Files\Adobe Systems Shared
2008-03-07 19:38   ---------   d-----w   C:\Documents and Settings\All Users\Dane aplikacji\Adobe Systems
2008-03-07 17:22   ---------   d-----w   C:\Documents and Settings\Administrator\Dane aplikacji\Gadu-Gadu
2008-03-07 17:21   ---------   d-----w   C:\Program Files\Gadu-Gadu
2008-03-07 14:12   ---------   d-----w   C:\Program Files\Thomson
2008-03-07 13:55   ---------   d--h--w   C:\Documents and Settings\All Users\Dane aplikacji\~0
2008-03-07 13:48   ---------   d-----w   C:\Program Files\Skróty programów
2008-03-07 13:33   ---------   d-----w   C:\Program Files\Windows Media Connect 2
2008-03-07 13:27   ---------   d-----w   C:\Program Files\WIDCOMM
2008-03-07 13:26   ---------   d-----w   C:\Program Files\Hewlett-Packard
2008-03-07 13:25   ---------   d-----w   C:\Program Files\Macrovision Corp
2008-03-07 13:25   ---------   d-----w   C:\Program Files\Common Files\InstallShield
2008-03-07 13:25   ---------   d-----w   C:\Documents and Settings\All Users\Dane aplikacji\InstallShield
2008-03-07 13:24   ---------   d-----w   C:\Program Files\InterVideo
2008-03-07 13:24   ---------   d-----w   C:\Program Files\Common Files\InterVideo
2008-03-07 13:23   1,828   --sha-r   C:\WINDOWS\system32\drivers\103C_HP_NTBK_HP Compaq 6710b (GC038ES#AKD)_YN_0U_QCNU7201TFJ_E434586241_46_I30C0_SHP_VKBC Version 71.26_B68DDU Ver. F.06_T070414_WXP2_L415_M1016_J80_7Intel_8Core2 Duo T7100_91.8_#080307_N14E41693_(GC038ES#AKD).MRK
2008-03-07 12:35   ---------   d-----w   C:\Program Files\Usługi online
2008-03-07 12:35   ---------   d-----w   C:\Program Files\Synaptics
2008-03-07 12:34   ---------   d-----w   C:\Program Files\Roxio
2008-03-07 12:34   ---------   d-----w   C:\Program Files\PDF Complete
2008-03-07 12:34   ---------   d-----w   C:\Program Files\Microsoft Works
2008-03-07 12:32   ---------   d-----w   C:\Program Files\Microsoft.NET
2008-03-07 12:32   ---------   d-----w   C:\Program Files\microsoft frontpage
2008-03-07 12:32   ---------   d-----w   C:\Program Files\Intel
2008-03-07 12:32   ---------   d-----w   C:\Program Files\HP
2008-03-07 12:01   ---------   d-----w   C:\Program Files\HPQ
2008-03-07 11:52   ---------   d-----w   C:\Program Files\Fingerprint Sensor
2008-03-07 11:51   ---------   d-----w   C:\Program Files\Common Files\SureThing Shared
2008-03-07 11:51   ---------   d-----w   C:\Program Files\Common Files\Sonic Shared
2008-03-07 11:50   ---------   d-----w   C:\Program Files\Common Files\Roxio Shared
2008-03-07 11:50   ---------   d-----w   C:\Program Files\Common Files\LightScribe
2008-03-07 11:50   ---------   d-----w   C:\Program Files\Common Files\Java
2008-03-07 11:50   ---------   d-----w   C:\Program Files\Analog Devices
2008-03-07 11:47   ---------   d-----w   C:\Documents and Settings\All Users\Dane aplikacji\Roxio
2008-03-07 11:47   ---------   d-----w   C:\Documents and Settings\All Users\Dane aplikacji\{623D32E9-0C62-4453-AD44-98B31F52A5E1}
2008-03-07 11:46   ---------   d-----w   C:\WINDOWS\system32\config\systemprofile\Dane aplikacji\InstallShield
2008-03-07 11:46   ---------   d-----w   C:\WINDOWS\system32\config\systemprofile\Dane aplikacji\hpqLog
2008-03-07 11:46   ---------   d-----w   C:\Documents and Settings\Administrator\Dane aplikacji\InstallShield
2008-03-07 11:46   ---------   d-----w   C:\Documents and Settings\Administrator\Dane aplikacji\hpqLog
2008-03-06 19:47   1,312,941   ----a-w   C:\Documents and Settings\Pulpit\SDFix.exe
2008-03-04 08:36   ---------   d-----w   C:\Program Files\USDownloader CANCER®
2008-03-04 08:21   ---------   d-----w   C:\Program Files\Crazy Machines II
2008-02-28 18:59   ---------   d-----w   C:\Program Files\IrfanView
2008-02-27 20:11   ---------   d-----w   C:\Program Files\OpenAL
2008-02-27 20:11   ---------   d-----w   C:\Program Files\AGEIA Technologies
2008-02-26 18:43   ---------   d-----w   C:\Program Files\Lonely Cat Games
2008-02-24 16:25   ---------   d-----w   C:\Program Files\Intuwave
2008-02-22 17:48   ---------   d-----w   C:\Program Files\DIFX
2008-02-22 17:37   ---------   d-----w   C:\Program Files\ABBYY FineReader 9.0
2008-02-20 20:33   ---------   d-----w   C:\Program Files\Apple Software Update
2008-02-17 17:28   ---------   d-----w   C:\Program Files\Nsasoft
2008-02-17 17:14   ---------   d-----w   C:\Program Files\Nmap
2008-02-17 09:43   ---------   d-----w   C:\Program Files\EA Sports
2008-02-13 20:42   ---------   d-----w   C:\Program Files\Fotosizer
2008-02-11 16:18   ---------   d-----w   C:\Program Files\Nokia
2008-02-11 16:17   139,010,245   ----a-w   C:\Documents and Settings\Pulpit\Carbide_ui_Theme_3_1_1_Setup.exe
2008-02-08 18:53   196,732   ----a-w   C:\Documents and Settings\Pulpit\gg_pion.exe
2008-01-09 13:01   53,248   ----a-w   C:\WINDOWS\bdoscandel.exe
2007-11-25 17:41   32,768   ----a-w   C:\Documents and Settings\UserData\index.dat
2007-11-23 15:09   32   ----a-w   C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat
2007-07-04 11:30   219,360   ----a-w   C:\Documents and Settings\temp\DynGate_Setup.exe
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 10:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2006-07-13 07:12 729088]
"PTHOSTTR"="C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.exe" [2007-01-09 15:52 145184]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-12 15:36 827392]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-01-10 15:13 472776]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-03-05 15:54 159744]
"Scheduler"="C:\WINDOWS\SMINST\Scheduler.exe" [2006-10-09 11:23 697976]
"HP Software Update"="c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152]
"Cpqset"="C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe" [2007-01-02 16:46 40960]
"AccelerometerSysTrayApplet"="C:\WINDOWS\system32\AccelerometerSt.exe" [2007-01-24 15:28 124928]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 12:38 866816]
"WooCnxMon"="C:\PROGRA~1\NEOSTR~1\CnxMon.exe" [2003-10-16 19:07 24576]
"WOOWATCH"="C:\PROGRA~1\NEOSTR~1\Watch.exe" [2003-10-16 19:07 20480]
"WOOTASKBARICON"="C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe" [2003-10-16 19:07 53248]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 10:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=APSHook.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
"msacm.ac3acm"= ac3acm.acm
"msacm.lameacm"= lameACM.acm

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Menu Start^Programy^Autostart^Adobe Gamma.lnk]
path=C:\Documents and Settings\Administrator\Menu Start\Programy\Autostart\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^DVD Check.lnk]
backup=C:\WINDOWS\pss\DVD Check.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2007-02-26 12:34 155648 C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2007-02-26 12:34 131072 C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsmqIntCert]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
--a------ 2007-02-26 12:33 131072 C:\WINDOWS\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
--a------ 2005-12-20 16:51 1187840 C:\WINDOWS\Sminst\Recguard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
--a------ 2006-03-09 17:38 806912 C:\WINDOWS\Creator\Remind_XP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WatchDog]
--a------ 2006-09-05 20:02 184320 C:\Program Files\InterVideo\DVD Check\DVDCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"stllssvr"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\mqsvc.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\WINDOWS\\SMINST\\Scheduler.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Gadu-Gadu\\gg.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 ASChannel;Local Communication Channel;C:\WINDOWS\System32\svchost.exe [2004-08-04 10:00]
R2 pdfcDispatcher;PDF Document Manager;C:\Program Files\PDF Complete\pdfsvc.exe [2007-02-20 14:48]
R3 IFXTPM;IFXTPM;C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS [2006-09-19 18:58]
S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 00:08]
S3 uti3ntyx;AVZ Kernel Driver;C:\WINDOWS\system32\Drivers\uti3ntyx.sys [2008-04-08 12:55]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12   REG_MULTI_SZ      Pml Driver HPZ12 Net Driver HPZ12
Cognizance   REG_MULTI_SZ      ASBroker ASChannel

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1e3121d8-ece9-11dc-bc1e-0017a4e3aad6}]
\Shell\AutoRun\command - F:\nideiect.com
\Shell\explore\Command - F:\nideiect.com
\Shell\open\Command - F:\nideiect.com

.
Contents of the 'Scheduled Tasks' folder
"2008-04-08 14:43:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-08 18:25:25
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  Cpqset = C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe??????????????@? ???(N????????@???????@

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
Binary file raw_enum.dat matches
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\msdtc.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-04-08 18:28:41 - machine was rebooted
ComboFix-quarantined-files.txt  2008-04-08 16:28:38
Pre-Run: 25,715,363,840 bajtów wolnych
Post-Run: 25,610,313,728 bajt˘w wolnych
.
2008-03-13 13:35:15   --- E O F --- 


[wojtas]

sciagnij ATF_Cleaner
zaznacz
Windows Temp
All users Temp
Temporary internet files
Recycle Bin
i wcisnij EMPTY SELECTED


ten plik:

C:\WINDOWS\system32\Drivers\uti3ntyx.sys

przesaknuj tu

http://virusscan.jotti.org/
http://www.virustotal.com/

i zapisz sobie raproty ze skanow



Otworz notatnik i wklej w nim to:

Folder::
C:\Windows\system32\wdrivers

File::
C:\Documents and Settings\Administrator\iphist.dat

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1e3121d8-ece9-11dc-bc1e-0017a4e3aad6}]

Plik >>> zapisz jako CFScript.txt .Plik przeciągnij i upuść na ikonę ComboFixa (tak jak tu ) . odczekaj az wygeneruje sie nowy log i go daj na forum oraz raporty

[poczta125]

wyczyściłem ATF_Cleanerem, skanery nic nie znalazły więc nie daje raportów, log z combofixa:

Kod: Zaznacz wszystko

ComboFix 08-04-08.4 - Administrator 2008-04-08 20:51:03.2 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1250.1.1045.18.477 [GMT 2:00]
Running from: C:\Documents and Settings\Administrator\Pulpit\ComboFix.exe
Command switches used :: C:\Documents and Settings\Administrator\Pulpit\CFScript.txt
* Created a new restore point
* Resident AV is active


[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]

FILE ::
C:\Documents and Settings\Administrator\iphist.dat
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Administrator\iphist.dat
C:\Windows\system32\wdrivers
C:\Windows\system32\wdrivers\20080317 103208.sys
C:\Windows\system32\wdrivers\20080317 164146.sys
C:\Windows\system32\wdrivers\20080328 063112.sys
C:\Windows\system32\wdrivers\20080401 110952.sys
C:\Windows\system32\wdrivers\w2keyxp.dll
C:\Windows\system32\wdrivers\w2schxp.dll

.
(((((((((((((((((((((((((   Files Created from 2008-03-08 to 2008-04-08  )))))))))))))))))))))))))))))))
.

2008-04-08 19:32 . 2008-04-08 19:41   91,700   --a------   C:\Windows\system32\drivers\klin.dat
2008-04-08 19:32 . 2008-04-08 19:41   85,860   --a------   C:\Windows\system32\drivers\klick.dat
2008-04-08 19:31 . 2008-04-08 19:31   <DIR>   d--------   C:\Program Files\Kaspersky Lab
2008-04-08 19:31 . 2008-04-08 19:45   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab
2008-04-08 19:31 . 2008-04-08 20:57   7,200   --ahs----   C:\Windows\system32\drivers\fidbox2.dat
2008-04-08 19:31 . 2008-04-08 19:42   1,316   --ahs----   C:\Windows\system32\drivers\fidbox2.idx
2008-04-08 15:40 . 2008-04-08 16:15   <DIR>   d--------   C:\Program Files\SUPERAntiSpyware
2008-04-08 15:40 . 2008-04-08 15:40   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\SUPERAntiSpyware.com
2008-04-08 15:40 . 2008-04-08 16:16   <DIR>   d--------   C:\Documents and Settings\Administrator\Dane aplikacji\SUPERAntiSpyware.com
2008-04-08 12:55 . 2008-04-08 12:55   7,168   --a------   C:\Windows\system32\drivers\uti3ntyx.sys
2008-04-08 12:44 . 2008-04-08 20:57   335,136   --ahs----   C:\Windows\system32\drivers\fidbox.dat
2008-04-08 12:44 . 2008-04-08 19:42   2,972   --ahs----   C:\Windows\system32\drivers\fidbox.idx
2008-04-07 20:42 . 2008-04-07 20:42   <DIR>   d--------   C:\Documents and Settings\Administrator\Dane aplikacji\Apple Computer
2008-04-07 17:55 . 2008-04-07 17:57   <DIR>   d--------   C:\Windows\system32\NtmsData
2008-04-06 19:33 . 2008-04-06 19:33   <DIR>   d--------   C:\Program Files\Alwil Software
2008-04-06 16:29 . 2008-04-06 18:19   <DIR>   d--------   C:\Windows\BDOSCAN8
2008-04-06 15:28 . 2008-04-06 15:28   <DIR>   d--------   C:\Program Files\jv16 PowerTools
2008-04-05 20:36 . 2008-04-07 20:41   54,156   --ah-----   C:\Windows\QTFont.qfn
2008-04-05 20:36 . 2008-04-05 20:36   1,409   --a------   C:\Windows\QTFont.for
2008-04-05 20:35 . 2008-04-05 20:35   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\Apple Computer
2008-04-05 20:34 . 2008-04-05 20:34   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\Apple
2008-04-04 17:22 . 2008-04-06 17:26   <DIR>   d--------   C:\Program Files\HTV
2008-04-04 16:48 . 2008-04-07 23:24   <DIR>   d--------   C:\Windows\system32\drivers\downld
2008-04-04 15:56 . 2008-04-04 15:56   <DIR>   d--------   C:\Documents and Settings\Administrator\WINDOWS
2008-04-04 15:56 . 1996-07-18 13:06   297,472   --a------   C:\Windows\uninst.exe
2008-04-03 17:09 . 2008-04-03 17:10   <DIR>   d--------   C:\Program Files\HyCam2
2008-03-30 14:15 . 2008-03-30 14:38   <DIR>   d--------   C:\Documents and Settings\Administrator\Dane aplikacji\TeamViewer
2008-03-28 23:37 . 2008-03-28 23:37   90,112   --a------   C:\Windows\system32\QuickTimeVR.qtx
2008-03-28 23:37 . 2008-03-28 23:37   57,344   --a------   C:\Windows\system32\QuickTime.qts
2008-03-26 20:00 . 2008-03-26 20:00   <DIR>   d--------   C:\Documents and Settings\Administrator\Dane aplikacji\skypePM
2008-03-26 19:59 . 2008-03-26 19:59   <DIR>   d--------   C:\Program Files\Common Files\Skype
2008-03-26 19:59 . 2008-03-26 19:59   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\Skype
2008-03-26 19:59 . 2008-03-26 20:03   <DIR>   d--------   C:\Documents and Settings\Administrator\Dane aplikacji\Skype
2008-03-22 17:33 . 2008-03-22 17:33   <DIR>   d--------   C:\Program Files\SetEditOctagon
2008-03-15 23:02 . 2008-03-29 11:29   69   --a------   C:\Windows\NeroDigital.ini
2008-03-15 19:33 . 2008-03-15 19:33   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\LightScribe
2008-03-15 19:33 . 2008-03-15 19:33   <DIR>   d--------   C:\Documents and Settings\Administrator\Dane aplikacji\Nero
2008-03-15 19:30 . 2008-03-15 19:32   <DIR>   d--------   C:\Program Files\Nero
2008-03-15 19:30 . 2008-03-15 19:31   <DIR>   d--------   C:\Program Files\Common Files\Nero
2008-03-15 19:30 . 2008-03-15 19:34   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\Nero
2008-03-15 19:30 . 2006-03-17 12:45   1,757,184   --a------   C:\Windows\system32\imagX7.dll
2008-03-15 19:30 . 2006-03-17 12:45   802,816   --a------   C:\Windows\system32\imagXRA7.dll
2008-03-15 19:30 . 2006-03-17 12:45   497,296   --a------   C:\Windows\system32\imagXpr7.dll
2008-03-15 19:30 . 2006-03-17 15:49   368,640   --a------   C:\Windows\system32\TwnLib4.dll
2008-03-15 19:30 . 2006-03-17 12:45   258,048   --a------   C:\Windows\system32\imagXR7.dll
2008-03-15 14:37 . 2008-03-15 14:37   <DIR>   d--------   C:\Program Files\Common Files\DirectX
2008-03-15 14:03 . 2004-08-04 00:01   25,856   --a------   C:\Windows\system32\drivers\usbprint.sys
2008-03-15 14:03 . 2004-08-04 00:01   25,856   --a------   C:\Windows\system32\dllcache\usbprint.sys
2008-03-15 10:27 . 2008-03-15 10:28   38   --a------   C:\Windows\avisplitter.INI
2008-03-14 20:25 . 2008-03-14 20:29   <DIR>   d--------   C:\Documents and Settings\Administrator\Dane aplikacji\COWON
2008-03-14 20:13 . 2008-03-14 20:23   <DIR>   d--------   C:\Documents and Settings\Administrator\Dane aplikacji\Winamp
2008-03-12 22:25 . 2008-03-12 22:25   <DIR>   d--------   C:\Program Files\Common Files\i4j_jres
2008-03-12 22:12 . 2008-03-12 22:12   <DIR>   d--------   C:\Documents and Settings\Administrator\sio_pliki_jednostki
2008-03-10 08:57 . 2006-08-21 11:14   128,896   ---------   C:\Windows\system32\dllcache\fltmgr.sys
2008-03-10 08:57 . 2006-08-21 11:14   23,040   ---------   C:\Windows\system32\dllcache\fltmc.exe
2008-03-10 08:57 . 2006-08-21 14:28   16,896   ---------   C:\Windows\system32\dllcache\fltlib.dll
2008-03-09 11:11 . 2007-07-09 15:11   584,192   ---------   C:\Windows\system32\dllcache\rpcrt4.dll
2008-03-09 11:00 . 2006-10-16 18:16   123,392   ---------   C:\Windows\system32\dllcache\oledlg.dll
2008-03-08 16:17 . 2008-03-08 16:17   <DIR>   d--------   C:\Windows\Sun
2008-03-08 14:42 . 2008-03-08 14:42   <DIR>   d--------   C:\Documents and Settings\Administrator\Dane aplikacji\vlc
2008-03-08 14:39 . 2008-03-08 14:39   <DIR>   d--------   C:\Documents and Settings\Administrator\Dane aplikacji\Media Player Classic
2008-03-08 10:42 . 2008-04-06 13:05   191   --a------   C:\Windows\usdthank.ini
2008-03-08 10:42 . 2008-03-08 10:42   31   --a------   C:\Windows\idc.ini

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-08 18:29   ---------   d-----w   C:\Program Files\AutoConnect
2008-04-08 14:08   ---------   d-----w   C:\Program Files\Opera
2008-04-06 14:01   ---------   d-----w   C:\Documents and Settings\All Users\Dane aplikacji\Symantec
2008-04-06 12:59   805   ----a-w   C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-04-06 12:59   10,740   ----a-w   C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-04-06 07:59   ---------   d-----w   C:\Program Files\Google
2008-04-05 18:35   ---------   d-----w   C:\Program Files\QuickTime
2008-04-04 18:38   ---------   d-----w   C:\Program Files\eMule
2008-04-03 15:08   ---------   d---a-w   C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2008-03-26 15:03   ---------   d-----w   C:\Program Files\Neostrada TP
2008-03-15 17:05   ---------   d-----w   C:\Program Files\Ahead
2008-03-15 14:55   ---------   d-----w   C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help
2008-03-15 13:34   ---------   d-----w   C:\Program Files\NAPI-PROJEKT
2008-03-14 18:29   ---------   d--h--w   C:\Program Files\InstallShield Installation Information
2008-03-14 18:12   ---------   d-----w   C:\Program Files\Winamp
2008-03-12 20:25   ---------   d-----w   C:\Program Files\SIO
2008-03-12 20:19   ---------   d-----w   C:\Program Files\Java
2008-03-09 21:49   ---------   d-----w   C:\Program Files\Adobe Photoshop CS2
2008-03-08 12:35   ---------   d-----w   C:\Program Files\K-Lite Codec Pack
2008-03-07 19:40   ---------   d-----w   C:\Program Files\Common Files\Adobe
2008-03-07 19:38   ---------   d-----w   C:\Program Files\Common Files\Adobe Systems Shared
2008-03-07 19:38   ---------   d-----w   C:\Documents and Settings\All Users\Dane aplikacji\Adobe Systems
2008-03-07 17:22   ---------   d-----w   C:\Documents and Settings\Administrator\Dane aplikacji\Gadu-Gadu
2008-03-07 17:21   ---------   d-----w   C:\Program Files\Gadu-Gadu
2008-03-07 14:12   ---------   d-----w   C:\Program Files\Thomson
2008-03-07 13:55   ---------   d--h--w   C:\Documents and Settings\All Users\Dane aplikacji\~0
2008-03-07 13:48   ---------   d-----w   C:\Program Files\Skróty programów
2008-03-07 13:33   ---------   d-----w   C:\Program Files\Windows Media Connect 2
2008-03-07 13:27   ---------   d-----w   C:\Program Files\WIDCOMM
2008-03-07 13:26   ---------   d-----w   C:\Program Files\Hewlett-Packard
2008-03-07 13:25   ---------   d-----w   C:\Program Files\Macrovision Corp
2008-03-07 13:25   ---------   d-----w   C:\Program Files\Common Files\InstallShield
2008-03-07 13:25   ---------   d-----w   C:\Documents and Settings\All Users\Dane aplikacji\InstallShield
2008-03-07 13:24   ---------   d-----w   C:\Program Files\InterVideo
2008-03-07 13:24   ---------   d-----w   C:\Program Files\Common Files\InterVideo
2008-03-07 13:23   1,828   --sha-r   C:\WINDOWS\system32\drivers\103C_HP_NTBK_HP Compaq 6710b (GC038ES#AKD)_YN_0U_QCNU7201TFJ_E434586241_46_I30C0_SHP_VKBC Version 71.26_B68DDU Ver. F.06_T070414_WXP2_L415_M1016_J80_7Intel_8Core2 Duo T7100_91.8_#080307_N14E41693_(GC038ES#AKD).MRK
2008-03-07 12:35   ---------   d-----w   C:\Program Files\Usługi online
2008-03-07 12:35   ---------   d-----w   C:\Program Files\Synaptics
2008-03-07 12:34   ---------   d-----w   C:\Program Files\Roxio
2008-03-07 12:34   ---------   d-----w   C:\Program Files\PDF Complete
2008-03-07 12:34   ---------   d-----w   C:\Program Files\Microsoft Works
2008-03-07 12:32   ---------   d-----w   C:\Program Files\Microsoft.NET
2008-03-07 12:32   ---------   d-----w   C:\Program Files\microsoft frontpage
2008-03-07 12:32   ---------   d-----w   C:\Program Files\Intel
2008-03-07 12:32   ---------   d-----w   C:\Program Files\HP
2008-03-07 12:01   ---------   d-----w   C:\Program Files\HPQ
2008-03-07 11:52   ---------   d-----w   C:\Program Files\Fingerprint Sensor
2008-03-07 11:51   ---------   d-----w   C:\Program Files\Common Files\SureThing Shared
2008-03-07 11:51   ---------   d-----w   C:\Program Files\Common Files\Sonic Shared
2008-03-07 11:50   ---------   d-----w   C:\Program Files\Common Files\Roxio Shared
2008-03-07 11:50   ---------   d-----w   C:\Program Files\Common Files\LightScribe
2008-03-07 11:50   ---------   d-----w   C:\Program Files\Common Files\Java
2008-03-07 11:50   ---------   d-----w   C:\Program Files\Analog Devices
2008-03-07 11:47   ---------   d-----w   C:\Documents and Settings\All Users\Dane aplikacji\Roxio
2008-03-07 11:47   ---------   d-----w   C:\Documents and Settings\All Users\Dane aplikacji\{623D32E9-0C62-4453-AD44-98B31F52A5E1}
2008-03-07 11:46   ---------   d-----w   C:\Documents and Settings\Administrator\Dane aplikacji\InstallShield
2008-03-07 11:46   ---------   d-----w   C:\Documents and Settings\Administrator\Dane aplikacji\hpqLog
2008-03-06 19:47   1,312,941   ----a-w   C:\Documents and Settings\Pulpit\SDFix.exe
2008-03-04 08:36   ---------   d-----w   C:\Program Files\USDownloader CANCER®
2008-03-04 08:21   ---------   d-----w   C:\Program Files\Crazy Machines II
2008-02-28 18:59   ---------   d-----w   C:\Program Files\IrfanView
2008-02-27 20:11   ---------   d-----w   C:\Program Files\OpenAL
2008-02-27 20:11   ---------   d-----w   C:\Program Files\AGEIA Technologies
2008-02-26 18:43   ---------   d-----w   C:\Program Files\Lonely Cat Games
2008-02-24 16:25   ---------   d-----w   C:\Program Files\Intuwave
2008-02-22 17:48   ---------   d-----w   C:\Program Files\DIFX
2008-02-22 17:37   ---------   d-----w   C:\Program Files\ABBYY FineReader 9.0
2008-02-20 20:33   ---------   d-----w   C:\Program Files\Apple Software Update
2008-02-17 17:28   ---------   d-----w   C:\Program Files\Nsasoft
2008-02-17 17:14   ---------   d-----w   C:\Program Files\Nmap
2008-02-17 09:43   ---------   d-----w   C:\Program Files\EA Sports
2008-02-13 20:42   ---------   d-----w   C:\Program Files\Fotosizer
2008-02-11 16:18   ---------   d-----w   C:\Program Files\Nokia
2008-02-11 16:17   139,010,245   ----a-w   C:\Documents and Settings\Pulpit\Carbide_ui_Theme_3_1_1_Setup.exe
2008-02-08 18:53   196,732   ----a-w   C:\Documents and Settings\Pulpit\gg_pion.exe
2008-01-14 12:52   81,920   ----a-w   C:\WINDOWS\system32\frapsvid.dll
2008-01-11 05:41   44,544   ------w   C:\WINDOWS\system32\dllcache\pngfilt.dll
2008-01-10 12:16   159,839   ----a-w   C:\WINDOWS\system32\xvidvfw.dll
2008-01-10 12:15   755,027   ----a-w   C:\WINDOWS\system32\xvidcore.dll
2008-01-09 13:01   53,248   ----a-w   C:\WINDOWS\bdoscandel.exe
2007-11-25 17:41   32,768   ----a-w   C:\Documents and Settings\UserData\index.dat
2007-11-23 15:09   32   ----a-w   C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat
2007-07-04 11:30   219,360   ----a-w   C:\Documents and Settings\temp\DynGate_Setup.exe
.

(((((((((((((((((((((((((((((   snapshot@2008-04-08_18.28.31.42   )))))))))))))))))))))))))))))))))))))))))
.
- 2008-03-07 13:20:33   16,384   ----a-w   C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-04-08 17:36:12   16,384   ----a-w   C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-03-07 13:20:33   32,768   ----a-w   C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\index.dat
+ 2008-04-08 17:36:12   32,768   ----a-w   C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\index.dat
- 2008-03-07 13:20:33   32,768   ----a-w   C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat
+ 2008-04-08 17:36:12   32,768   ----a-w   C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat
+ 2007-04-28 14:51:02   110,360   ----a-w   C:\WINDOWS\system32\drivers\kl1.sys
+ 2008-04-08 17:41:50   194,320   ----a-w   C:\WINDOWS\system32\drivers\klif.sys
+ 2007-04-04 12:58:26   24,344   ----a-w   C:\WINDOWS\system32\drivers\klim5.sys
+ 2007-06-28 10:50:52   22,457   ----a-w   C:\WINDOWS\system32\drivers\klop.dat
+ 2007-06-28 10:51:48   206,088   ----a-w   C:\WINDOWS\system32\klogon.dll
- 2008-04-08 14:52:59   66,480   ----a-w   C:\WINDOWS\system32\perfc009.dat
+ 2008-04-08 17:49:59   66,480   ----a-w   C:\WINDOWS\system32\perfc009.dat
- 2008-04-08 14:52:59   84,298   ----a-w   C:\WINDOWS\system32\perfc015.dat
+ 2008-04-08 17:49:59   84,298   ----a-w   C:\WINDOWS\system32\perfc015.dat
- 2008-04-08 14:52:59   415,022   ----a-w   C:\WINDOWS\system32\perfh009.dat
+ 2008-04-08 17:49:59   415,022   ----a-w   C:\WINDOWS\system32\perfh009.dat
- 2008-04-08 14:52:59   473,110   ----a-w   C:\WINDOWS\system32\perfh015.dat
+ 2008-04-08 17:49:59   473,110   ----a-w   C:\WINDOWS\system32\perfh015.dat
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 10:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2006-07-13 07:12 729088]
"PTHOSTTR"="C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.exe" [2007-01-09 15:52 145184]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-12 15:36 827392]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-01-10 15:13 472776]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-03-05 15:54 159744]
"Scheduler"="C:\WINDOWS\SMINST\Scheduler.exe" [2006-10-09 11:23 697976]
"HP Software Update"="c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152]
"Cpqset"="C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe" [2007-01-02 16:46 40960]
"AccelerometerSysTrayApplet"="C:\WINDOWS\system32\AccelerometerSt.exe" [2007-01-24 15:28 124928]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 12:38 866816]
"WooCnxMon"="C:\PROGRA~1\NEOSTR~1\CnxMon.exe" [2003-10-16 19:07 24576]
"WOOWATCH"="C:\PROGRA~1\NEOSTR~1\Watch.exe" [2003-10-16 19:07 20480]
"WOOTASKBARICON"="C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe" [2003-10-16 19:07 53248]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2007-06-28 12:51 218376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 10:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=APSHook.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
"msacm.ac3acm"= ac3acm.acm
"msacm.lameacm"= lameACM.acm

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Menu Start^Programy^Autostart^Adobe Gamma.lnk]
path=C:\Documents and Settings\Administrator\Menu Start\Programy\Autostart\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^DVD Check.lnk]
backup=C:\WINDOWS\pss\DVD Check.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2007-02-26 12:34 155648 C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2007-02-26 12:34 131072 C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsmqIntCert]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
--a------ 2007-02-26 12:33 131072 C:\WINDOWS\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
--a------ 2005-12-20 16:51 1187840 C:\WINDOWS\Sminst\Recguard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
--a------ 2006-03-09 17:38 806912 C:\WINDOWS\Creator\Remind_XP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WatchDog]
--a------ 2006-09-05 20:02 184320 C:\Program Files\InterVideo\DVD Check\DVDCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"stllssvr"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\mqsvc.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\WINDOWS\\SMINST\\Scheduler.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Gadu-Gadu\\gg.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 ASChannel;Local Communication Channel;C:\WINDOWS\System32\svchost.exe [2004-08-04 10:00]
R2 pdfcDispatcher;PDF Document Manager;C:\Program Files\PDF Complete\pdfsvc.exe [2007-02-20 14:48]
R3 IFXTPM;IFXTPM;C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS [2006-09-19 18:58]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 14:58]
S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 00:08]
S3 uti3ntyx;AVZ Kernel Driver;C:\WINDOWS\system32\Drivers\uti3ntyx.sys [2008-04-08 12:55]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12   REG_MULTI_SZ      Pml Driver HPZ12 Net Driver HPZ12
Cognizance   REG_MULTI_SZ      ASBroker ASChannel

.
Contents of the 'Scheduled Tasks' folder
"2008-04-08 14:43:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-08 20:57:33
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  Cpqset = C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe??????????????@? ???(N????????@???????@

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
Binary file raw_enum.dat matches
.
Completion time: 2008-04-08 20:58:18
ComboFix-quarantined-files.txt  2008-04-08 18:58:14
ComboFix2.txt  2008-04-08 16:28:42
Pre-Run: 40,225,783,808 bajtów wolnych
Post-Run: 40,244,707,328 bajtów wolnych
.
2008-03-13 13:35:15   --- E O F --- 


chyba już czysto bo zauważyłem poprawę

[wojtas]

wklej do notatnika:

Folder::
C:\Windows\system32\drivers\downld

Plik >>> zapisz jako CFScript.txt .Plik przeciągnij i upuść na ikonę ComboFixa (tak jak tu ) i bedzie czysto...

wykonaj:

1. Ściągnij OTMoveIt i go włacz i odpal go z opcji CleanUp
2. wykonaj optymalizację windowsa
3.sciagnij ATF_Cleaner
zaznacz
Windows Temp
All users Temp
Temporary internet files
Recycle Bin
i wcisnij EMPTY SELECTED
4.Wyłącz przywracanie systemu ( właściwości mój komputer-zakładka przywracanie - wyłącz przywracanie na wszystkich dyskach). Po chwili włącz je powrotem

[poczta125]

wszystko zrobiłem tak jak pisałeś tylko jest jeszcze jeden mały problem, po włączeniu systemu, widze pulpit, część programów się ładuje, następuje jakby zwiecha(nic się nie dzieje, zero zużycia procka, dioda od dysku się nie świeci, moge ruszać kursorem i klikać), dopiero po ok 2 minutach reszta programów z autostartu się uruchamia, uruchamiają się programy, które wcześniej włączyłem

[wojtas]

daj jeszcze loga raz od kiedy sie tak dzieje? po tej optymalizacji? to moze wroc ręcznie do poprzedniego stanu

[poczta125]

przed optymalizacją też tak było
combofix:

Kod: Zaznacz wszystko

ComboFix 08-04-08.10 - Administrator 2008-04-09 16:20:14.4 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1250.1.1045.18.631 [GMT 2:00]
Running from: C:\Documents and Settings\Administrator\Pulpit\ComboFix.exe

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
TimedOut: progfile.dat

(((((((((((((((((((((((((   Files Created from 2008-03-09 to 2008-04-09  )))))))))))))))))))))))))))))))
.

2008-04-09 16:16 . 2008-04-09 16:16   <DIR>   d--------   C:\Windows\LastGood
2008-04-08 19:32 . 2008-04-08 19:41   91,700   --a------   C:\Windows\system32\drivers\klin.dat
2008-04-08 19:32 . 2008-04-08 19:41   85,860   --a------   C:\Windows\system32\drivers\klick.dat
2008-04-08 19:31 . 2008-04-08 19:31   <DIR>   d--------   C:\Program Files\Kaspersky Lab
2008-04-08 19:31 . 2008-04-09 16:12   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab
2008-04-08 19:31 . 2008-04-09 16:23   17,952   --ahs----   C:\Windows\system32\drivers\fidbox2.dat
2008-04-08 19:31 . 2008-04-08 22:21   2,300   --ahs----   C:\Windows\system32\drivers\fidbox2.idx
2008-04-08 15:40 . 2008-04-08 16:15   <DIR>   d--------   C:\Program Files\SUPERAntiSpyware
2008-04-08 15:40 . 2008-04-08 15:40   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\SUPERAntiSpyware.com
2008-04-08 15:40 . 2008-04-08 16:16   <DIR>   d--------   C:\Documents and Settings\Administrator\Dane aplikacji\SUPERAntiSpyware.com
2008-04-08 12:55 . 2008-04-08 12:55   7,168   --a------   C:\Windows\system32\drivers\uti3ntyx.sys
2008-04-08 12:44 . 2008-04-09 16:23   655,904   --ahs----   C:\Windows\system32\drivers\fidbox.dat
2008-04-08 12:44 . 2008-04-08 22:21   10,160   --ahs----   C:\Windows\system32\drivers\fidbox.idx
2008-04-07 20:42 . 2008-04-07 20:42   <DIR>   d--------   C:\Documents and Settings\Administrator\Dane aplikacji\Apple Computer
2008-04-07 17:55 . 2008-04-07 17:57   <DIR>   d--------   C:\Windows\system32\NtmsData
2008-04-06 19:33 . 2008-04-06 19:33   <DIR>   d--------   C:\Program Files\Alwil Software
2008-04-06 16:29 . 2008-04-06 18:19   <DIR>   d--------   C:\Windows\BDOSCAN8
2008-04-06 15:28 . 2008-04-06 15:28   <DIR>   d--------   C:\Program Files\jv16 PowerTools
2008-04-05 20:36 . 2008-04-07 20:41   54,156   --ah-----   C:\Windows\QTFont.qfn
2008-04-05 20:36 . 2008-04-05 20:36   1,409   --a------   C:\Windows\QTFont.for
2008-04-05 20:35 . 2008-04-05 20:35   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\Apple Computer
2008-04-05 20:34 . 2008-04-05 20:34   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\Apple
2008-04-04 17:22 . 2008-04-06 17:26   <DIR>   d--------   C:\Program Files\HTV
2008-04-04 15:56 . 2008-04-04 15:56   <DIR>   d--------   C:\Documents and Settings\Administrator\WINDOWS
2008-04-04 15:56 . 1996-07-18 13:06   297,472   --a------   C:\Windows\uninst.exe
2008-04-03 17:09 . 2008-04-03 17:10   <DIR>   d--------   C:\Program Files\HyCam2
2008-03-30 14:15 . 2008-03-30 14:38   <DIR>   d--------   C:\Documents and Settings\Administrator\Dane aplikacji\TeamViewer
2008-03-28 23:37 . 2008-03-28 23:37   90,112   --a------   C:\Windows\system32\QuickTimeVR.qtx
2008-03-28 23:37 . 2008-03-28 23:37   57,344   --a------   C:\Windows\system32\QuickTime.qts
2008-03-26 20:00 . 2008-03-26 20:00   <DIR>   d--------   C:\Documents and Settings\Administrator\Dane aplikacji\skypePM
2008-03-26 19:59 . 2008-03-26 19:59   <DIR>   d--------   C:\Program Files\Common Files\Skype
2008-03-26 19:59 . 2008-03-26 19:59   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\Skype
2008-03-26 19:59 . 2008-03-26 20:03   <DIR>   d--------   C:\Documents and Settings\Administrator\Dane aplikacji\Skype
2008-03-22 17:33 . 2008-03-22 17:33   <DIR>   d--------   C:\Program Files\SetEditOctagon
2008-03-15 23:02 . 2008-03-29 11:29   69   --a------   C:\Windows\NeroDigital.ini
2008-03-15 19:33 . 2008-03-15 19:33   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\LightScribe
2008-03-15 19:33 . 2008-03-15 19:33   <DIR>   d--------   C:\Documents and Settings\Administrator\Dane aplikacji\Nero
2008-03-15 19:30 . 2008-03-15 19:32   <DIR>   d--------   C:\Program Files\Nero
2008-03-15 19:30 . 2008-03-15 19:31   <DIR>   d--------   C:\Program Files\Common Files\Nero
2008-03-15 19:30 . 2008-03-15 19:34   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\Nero
2008-03-15 19:30 . 2006-03-17 12:45   1,757,184   --a------   C:\Windows\system32\imagX7.dll
2008-03-15 19:30 . 2006-03-17 12:45   802,816   --a------   C:\Windows\system32\imagXRA7.dll
2008-03-15 19:30 . 2006-03-17 12:45   497,296   --a------   C:\Windows\system32\imagXpr7.dll
2008-03-15 19:30 . 2006-03-17 15:49   368,640   --a------   C:\Windows\system32\TwnLib4.dll
2008-03-15 19:30 . 2006-03-17 12:45   258,048   --a------   C:\Windows\system32\imagXR7.dll
2008-03-15 14:37 . 2008-03-15 14:37   <DIR>   d--------   C:\Program Files\Common Files\DirectX
2008-03-15 14:03 . 2004-08-04 00:01   25,856   --a------   C:\Windows\system32\drivers\usbprint.sys
2008-03-15 14:03 . 2004-08-04 00:01   25,856   --a------   C:\Windows\system32\dllcache\usbprint.sys
2008-03-15 10:27 . 2008-03-15 10:28   38   --a------   C:\Windows\avisplitter.INI
2008-03-14 20:25 . 2008-03-14 20:29   <DIR>   d--------   C:\Documents and Settings\Administrator\Dane aplikacji\COWON
2008-03-14 20:13 . 2008-03-14 20:23   <DIR>   d--------   C:\Documents and Settings\Administrator\Dane aplikacji\Winamp
2008-03-12 22:25 . 2008-03-12 22:25   <DIR>   d--------   C:\Program Files\Common Files\i4j_jres
2008-03-12 22:12 . 2008-03-12 22:12   <DIR>   d--------   C:\Documents and Settings\Administrator\sio_pliki_jednostki
2008-03-10 08:57 . 2006-08-21 11:14   128,896   ---------   C:\Windows\system32\dllcache\fltmgr.sys
2008-03-10 08:57 . 2006-08-21 11:14   23,040   ---------   C:\Windows\system32\dllcache\fltmc.exe
2008-03-10 08:57 . 2006-08-21 14:28   16,896   ---------   C:\Windows\system32\dllcache\fltlib.dll
2008-03-09 11:11 . 2007-07-09 15:11   584,192   ---------   C:\Windows\system32\dllcache\rpcrt4.dll
2008-03-09 11:00 . 2006-10-16 18:16   123,392   ---------   C:\Windows\system32\dllcache\oledlg.dll

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-09 14:10   ---------   d-----w   C:\Program Files\AutoConnect
2008-04-08 14:08   ---------   d-----w   C:\Program Files\Opera
2008-04-06 14:01   ---------   d-----w   C:\Documents and Settings\All Users\Dane aplikacji\Symantec
2008-04-06 12:59   805   ----a-w   C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-04-06 12:59   10,740   ----a-w   C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-04-06 07:59   ---------   d-----w   C:\Program Files\Google
2008-04-05 18:35   ---------   d-----w   C:\Program Files\QuickTime
2008-04-04 18:38   ---------   d-----w   C:\Program Files\eMule
2008-04-03 15:08   ---------   d---a-w   C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2008-03-26 15:03   ---------   d-----w   C:\Program Files\Neostrada TP
2008-03-15 17:05   ---------   d-----w   C:\Program Files\Ahead
2008-03-15 14:55   ---------   d-----w   C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help
2008-03-15 13:34   ---------   d-----w   C:\Program Files\NAPI-PROJEKT
2008-03-14 18:29   ---------   d--h--w   C:\Program Files\InstallShield Installation Information
2008-03-14 18:12   ---------   d-----w   C:\Program Files\Winamp
2008-03-12 20:25   ---------   d-----w   C:\Program Files\SIO
2008-03-12 20:19   ---------   d-----w   C:\Program Files\Java
2008-03-09 21:49   ---------   d-----w   C:\Program Files\Adobe Photoshop CS2
2008-03-08 12:42   ---------   d-----w   C:\Documents and Settings\Administrator\Dane aplikacji\vlc
2008-03-08 12:39   ---------   d-----w   C:\Documents and Settings\Administrator\Dane aplikacji\Media Player Classic
2008-03-08 12:35   ---------   d-----w   C:\Program Files\K-Lite Codec Pack
2008-03-07 19:40   ---------   d-----w   C:\Program Files\Common Files\Adobe
2008-03-07 19:38   ---------   d-----w   C:\Program Files\Common Files\Adobe Systems Shared
2008-03-07 19:38   ---------   d-----w   C:\Documents and Settings\All Users\Dane aplikacji\Adobe Systems
2008-03-07 17:22   ---------   d-----w   C:\Documents and Settings\Administrator\Dane aplikacji\Gadu-Gadu
2008-03-07 17:21   ---------   d-----w   C:\Program Files\Gadu-Gadu
2008-03-07 14:12   ---------   d-----w   C:\Program Files\Thomson
2008-03-07 13:55   ---------   d--h--w   C:\Documents and Settings\All Users\Dane aplikacji\~0
2008-03-07 13:48   ---------   d-----w   C:\Program Files\Skróty programów
2008-03-07 13:33   ---------   d-----w   C:\Program Files\Windows Media Connect 2
2008-03-07 13:27   ---------   d-----w   C:\Program Files\WIDCOMM
2008-03-07 13:26   ---------   d-----w   C:\Program Files\Hewlett-Packard
2008-03-07 13:25   ---------   d-----w   C:\Program Files\Macrovision Corp
2008-03-07 13:25   ---------   d-----w   C:\Program Files\Common Files\InstallShield
2008-03-07 13:25   ---------   d-----w   C:\Documents and Settings\All Users\Dane aplikacji\InstallShield
2008-03-07 13:24   ---------   d-----w   C:\Program Files\InterVideo
2008-03-07 13:24   ---------   d-----w   C:\Program Files\Common Files\InterVideo
2008-03-07 13:23   1,828   --sha-r   C:\WINDOWS\system32\drivers\103C_HP_NTBK_HP Compaq 6710b (GC038ES#AKD)_YN_0U_QCNU7201TFJ_E434586241_46_I30C0_SHP_VKBC Version 71.26_B68DDU Ver. F.06_T070414_WXP2_L415_M1016_J80_7Intel_8Core2 Duo T7100_91.8_#080307_N14E41693_(GC038ES#AKD).MRK
2008-03-07 12:35   ---------   d-----w   C:\Program Files\Usługi online
2008-03-07 12:35   ---------   d-----w   C:\Program Files\Synaptics
2008-03-07 12:34   ---------   d-----w   C:\Program Files\Roxio
2008-03-07 12:34   ---------   d-----w   C:\Program Files\PDF Complete
2008-03-07 12:34   ---------   d-----w   C:\Program Files\Microsoft Works
2008-03-07 12:32   ---------   d-----w   C:\Program Files\Microsoft.NET
2008-03-07 12:32   ---------   d-----w   C:\Program Files\microsoft frontpage
2008-03-07 12:32   ---------   d-----w   C:\Program Files\Intel
2008-03-07 12:32   ---------   d-----w   C:\Program Files\HP
2008-03-07 12:01   ---------   d-----w   C:\Program Files\HPQ
2008-03-07 11:52   ---------   d-----w   C:\Program Files\Fingerprint Sensor
2008-03-07 11:51   ---------   d-----w   C:\Program Files\Common Files\SureThing Shared
2008-03-07 11:51   ---------   d-----w   C:\Program Files\Common Files\Sonic Shared
2008-03-07 11:50   ---------   d-----w   C:\Program Files\Common Files\Roxio Shared
2008-03-07 11:50   ---------   d-----w   C:\Program Files\Common Files\LightScribe
2008-03-07 11:50   ---------   d-----w   C:\Program Files\Common Files\Java
2008-03-07 11:50   ---------   d-----w   C:\Program Files\Analog Devices
2008-03-07 11:47   ---------   d-----w   C:\Documents and Settings\All Users\Dane aplikacji\Roxio
2008-03-07 11:47   ---------   d-----w   C:\Documents and Settings\All Users\Dane aplikacji\{623D32E9-0C62-4453-AD44-98B31F52A5E1}
2008-03-07 11:46   ---------   d-----w   C:\Documents and Settings\Administrator\Dane aplikacji\InstallShield
2008-03-07 11:46   ---------   d-----w   C:\Documents and Settings\Administrator\Dane aplikacji\hpqLog
2008-03-06 19:47   1,312,941   ----a-w   C:\Documents and Settings\Pulpit\SDFix.exe
2008-03-04 08:36   ---------   d-----w   C:\Program Files\USDownloader CANCER®
2008-03-04 08:21   ---------   d-----w   C:\Program Files\Crazy Machines II
2008-02-28 18:59   ---------   d-----w   C:\Program Files\IrfanView
2008-02-27 20:11   ---------   d-----w   C:\Program Files\OpenAL
2008-02-27 20:11   ---------   d-----w   C:\Program Files\AGEIA Technologies
2008-02-26 18:43   ---------   d-----w   C:\Program Files\Lonely Cat Games
2008-02-24 16:25   ---------   d-----w   C:\Program Files\Intuwave
2008-02-22 17:48   ---------   d-----w   C:\Program Files\DIFX
2008-02-22 17:37   ---------   d-----w   C:\Program Files\ABBYY FineReader 9.0
2008-02-20 20:33   ---------   d-----w   C:\Program Files\Apple Software Update
2008-02-17 17:28   ---------   d-----w   C:\Program Files\Nsasoft
2008-02-17 17:14   ---------   d-----w   C:\Program Files\Nmap
2008-02-17 09:43   ---------   d-----w   C:\Program Files\EA Sports
2008-02-13 20:42   ---------   d-----w   C:\Program Files\Fotosizer
2008-02-11 16:18   ---------   d-----w   C:\Program Files\Nokia
2008-02-11 16:17   139,010,245   ----a-w   C:\Documents and Settings\Pulpit\Carbide_ui_Theme_3_1_1_Setup.exe
2008-02-08 18:53   196,732   ----a-w   C:\Documents and Settings\Pulpit\gg_pion.exe
2008-01-14 12:52   81,920   ----a-w   C:\WINDOWS\system32\frapsvid.dll
2008-01-11 05:41   44,544   ------w   C:\WINDOWS\system32\dllcache\pngfilt.dll
2008-01-10 12:16   159,839   ----a-w   C:\WINDOWS\system32\xvidvfw.dll
2008-01-10 12:15   755,027   ----a-w   C:\WINDOWS\system32\xvidcore.dll
2008-01-09 13:01   53,248   ----a-w   C:\WINDOWS\bdoscandel.exe
2007-11-25 17:41   32,768   ----a-w   C:\Documents and Settings\UserData\index.dat
2007-11-23 15:09   32   ----a-w   C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat
2007-07-04 11:30   219,360   ----a-w   C:\Documents and Settings\temp\DynGate_Setup.exe
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 10:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2006-07-13 07:12 729088]
"PTHOSTTR"="C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.exe" [2007-01-09 15:52 145184]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-12 15:36 827392]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-01-10 15:13 472776]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-03-05 15:54 159744]
"Scheduler"="C:\WINDOWS\SMINST\Scheduler.exe" [2006-10-09 11:23 697976]
"HP Software Update"="c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152]
"Cpqset"="C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe" [2007-01-02 16:46 40960]
"AccelerometerSysTrayApplet"="C:\WINDOWS\system32\AccelerometerSt.exe" [2007-01-24 15:28 124928]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 12:38 866816]
"WooCnxMon"="C:\PROGRA~1\NEOSTR~1\CnxMon.exe" [2003-10-16 19:07 24576]
"WOOWATCH"="C:\PROGRA~1\NEOSTR~1\Watch.exe" [2003-10-16 19:07 20480]
"WOOTASKBARICON"="C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe" [2003-10-16 19:07 53248]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2007-06-28 12:51 218376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 10:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=APSHook.dll

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Menu Start^Programy^Autostart^Adobe Gamma.lnk]
path=C:\Documents and Settings\Administrator\Menu Start\Programy\Autostart\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^DVD Check.lnk]
backup=C:\WINDOWS\pss\DVD Check.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2007-02-26 12:34 155648 C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2007-02-26 12:34 131072 C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsmqIntCert]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
--a------ 2007-02-26 12:33 131072 C:\WINDOWS\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
--a------ 2005-12-20 16:51 1187840 C:\WINDOWS\Sminst\Recguard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
--a------ 2006-03-09 17:38 806912 C:\WINDOWS\Creator\Remind_XP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WatchDog]
--a------ 2006-09-05 20:02 184320 C:\Program Files\InterVideo\DVD Check\DVDCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"stllssvr"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\mqsvc.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\WINDOWS\\SMINST\\Scheduler.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Gadu-Gadu\\gg.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 ASChannel;Local Communication Channel;C:\WINDOWS\System32\svchost.exe [2004-08-04 10:00]
R2 pdfcDispatcher;PDF Document Manager;C:\Program Files\PDF Complete\pdfsvc.exe [2007-02-20 14:48]
R3 IFXTPM;IFXTPM;C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS [2006-09-19 18:58]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 14:58]
S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 00:08]
S3 uti3ntyx;AVZ Kernel Driver;C:\WINDOWS\system32\Drivers\uti3ntyx.sys [2008-04-08 12:55]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12   REG_MULTI_SZ      Pml Driver HPZ12 Net Driver HPZ12
Cognizance   REG_MULTI_SZ      ASBroker ASChannel

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-04-08 14:43:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-09 16:23:35
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  Cpqset = C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe??????????????@? ???pS????????@???????@

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
Binary file raw_enum.dat matches
.
Completion time: 2008-04-09 16:24:19
ComboFix-quarantined-files.txt  2008-04-09 14:24:14
Pre-Run: 40,248,430,592 bajtów wolnych
Post-Run: 40,236,380,160 bajtów wolnych
.
2008-03-13 13:35:15   --- E O F --- 


hijackthis:

Kod: Zaznacz wszystko

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:19:37, on 2008-04-09
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\WINDOWS\SMINST\Scheduler.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\AccelerometerSt.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\NEOSTR~1\CnxMon.exe
C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\PDF Complete\pdfsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Administrator\Pulpit\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\AccelerometerSt.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Wyślij do urządzenia &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O15 - Trusted Zone: http://*.mks.com.pl
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: APSHook.dll
O20 - Winlogon Notify: OneCard - C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

--
End of file - 7890 bytes


[wojtas]

juz jest czysto nie wiem gdzie szukac przyczyny..

Autor postu otrzymał pochwałę

[poczta125]

wielkie dzięki

[LuisFuture]

There are different stages, be it a Magento stage or a Shopify administration, made for organizations to fabricate online stores and quit falling behind close by considering the issues with no great incomes raising a ruckus around town recently.

Picking both of the stages referenced above, finding an Internet business developer is fundamental. The organization ought not be deterred by the prospect of making the Internet business improvement division, with the strong Magento designer recruit, or Shopify mastery, particularly when there is no physical and monetary chance present at the given second>> freelance ecommerce developer