częste restarty komputera

[rozmyty]

Witam mam problem z komputerem,samoistnie się wyłącza(nie wyskakuję żadne błędy)i nie zalezy to od tego co na nim robię.

HijackThis

Logfile of HijackThis v1.99.1
Scan saved at 09:10:04, on 2007-03-24
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\WINDOWS\System32\nvsvc32.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\PROGRA~1\MyPortal\Speed-X\SpeedX.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
D:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\Program Files\Alwil Software\Avast4\ashSimpl.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Documents and Settings\okio\Pulpit\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://szukaj.wp.pl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredimail.com/english
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - D:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
O2 - BHO: (no name) - {140BD8E3-C167-11D4-B4A3-080000180323} - (no file)
O2 - BHO: Flashget Catch Url Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll (file missing)
O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - D:\Program Files\Desktop Sidebar\sbhelp.dll
O2 - BHO: MEGAUPLOADTOOLBAR - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - D:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\OFFICE~2\Office12\GRA8E1~1.DLL
O2 - BHO: (no name) - {A6984C00-C6EB-11D4-B4A4-080000180323} - D:\PROGRA~1\Rapidown\rapi310.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll (file missing)
O3 - Toolbar: MEGAUPLOADTOOLBAR - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - D:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll (file missing)
O3 - Toolbar: &Tłumaczenie - {0D704FAD-66E9-4F0A-BFED-4F665770DDB3} - D:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [SpeedX] D:\PROGRA~1\MyPortal\Speed-X\SpeedX.exe
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Komunikator] D:\Program Files\Tlen.pl\tlen.exe
O4 - Startup: Rapidown.lnk = D:\Program Files\Rapidown\rapidown.exe
O4 - Startup: Stardock ObjectDock.lnk = D:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
O4 - Startup: Y'z ToolBar.lnk = D:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
O8 - Extra context menu item: &Ściągnij przy pomocy FlashGet'a - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: &Ściągnij wszystko przy pomocy FlashGet'a - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: Baixar com o Rapidown... - D:\Program Files\Rapidown\rapidownGet.htm
O8 - Extra context menu item: Baixar tudo com o Rapidown... - D:\Program Files\Rapidown\rapidownGetAll.htm
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\OFFICE~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - D:\Program Files\Desktop Sidebar\sbhelp.dll
O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - D:\Program Files\Desktop Sidebar\sbhelp.dll
O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\OFFICE~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\OFFICE~2\Office12\ONBttnIE.dll
O9 - Extra button: Rapidown - {57E91B47-F40A-11D1-B792-444553540011} - D:\Program Files\Rapidown\rapidown.exe
O9 - Extra 'Tools' menuitem: Rapidown - {57E91B47-F40A-11D1-B792-444553540011} - D:\Program Files\Rapidown\rapidown.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\OFFICE~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {B46B0919-62BA-4D99-A5C4-916B57A6805C} - D:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll
O9 - Extra 'Tools' menuitem: @D:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll,-103 - {B46B0919-62BA-4D99-A5C4-916B57A6805C} - D:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1169748136406
O17 - HKLM\System\CCS\Services\Tcpip\..\{27694A5D-F4F4-40CE-98C8-0669C4FA5371}: NameServer = 194.204.159.1 217.98.63.164
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\OFFICE~2\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - D:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - D:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe

Silent Runners

"Silent Runners.vbs", revision R50, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"SpeedX" = "D:\PROGRA~1\MyPortal\Speed-X\SpeedX.exe" ["MyPortal.pl"]
"ctfmon.exe" = "D:\WINDOWS\system32\ctfmon.exe" [MS]
"Komunikator" = "D:\Program Files\Tlen.pl\tlen.exe" ["o2.pl Sp. z o.o."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"NvCplDaemon" = "RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup" [MS]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"avast!" = "D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [null data]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Flashget Catch Url Class"
\InProcServer32\(Default) = "C:\PROGRA~1\FlashGet\jccatch.dll" [file not found]
{45AD732C-2CE2-4666-B366-B2214AD57A49}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Idea2 SidebarBrowserMonitor Class"
\InProcServer32\(Default) = "D:\Program Files\Desktop Sidebar\sbhelp.dll" ["Idea2"]
{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}\(Default) = (no title provided)
-> {HKLM...CLSID} = "MEGAUPLOADTOOLBAR"
\InProcServer32\(Default) = "D:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL" ["MegaUpload"]
{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Groove GFS Browser Helper"
\InProcServer32\(Default) = "C:\OFFICE~2\Office12\GRA8E1~1.DLL" [MS]
{A6984C00-C6EB-11D4-B4A4-080000180323}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "D:\PROGRA~1\Rapidown\rapi310.dll" [null data]
{F156768E-81EF-470C-9057-481BA8380DBA}\(Default) = (no title provided)
-> {HKLM...CLSID} = "FlashGet GetFlash Class"
\InProcServer32\(Default) = "C:\Program Files\FlashGet\getflash.dll" [file not found]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
-> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "D:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {HKLM...CLSID} = "DesktopContext Class"
\InProcServer32\(Default) = "D:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {HKLM...CLSID} = "NVIDIA CPL Extension"
\InProcServer32\(Default) = "D:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {HKLM...CLSID} = "Desktop Explorer"
\InProcServer32\(Default) = "D:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "D:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
-> {HKLM...CLSID} = "nView Desktop Context Menu"
\InProcServer32\(Default) = "D:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "D:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data]
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}" = "Groove GFS Browser Helper"
-> {HKLM...CLSID} = "Groove GFS Browser Helper"
\InProcServer32\(Default) = "C:\OFFICE~2\Office12\GRA8E1~1.DLL" [MS]
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}" = "Groove GFS Explorer Bar"
-> {HKLM...CLSID} = "Groove Folder Synchronization"
\InProcServer32\(Default) = "C:\OFFICE~2\Office12\GRA8E1~1.DLL" [MS]
"{A449600E-1DC6-4232-B948-9BD794D62056}" = "Groove GFS Stub Icon Handler"
-> {HKLM...CLSID} = "Groove GFS Stub Icon Handler"
\InProcServer32\(Default) = "C:\OFFICE~2\Office12\GRA8E1~1.DLL" [MS]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" = "Groove GFS Stub Execution Hook"
-> {HKLM...CLSID} = "Groove GFS Stub Execution Hook"
\InProcServer32\(Default) = "C:\OFFICE~2\Office12\GRA8E1~1.DLL" [MS]
"{6C467336-8281-4E60-8204-430CED96822D}" = "Groove GFS Context Menu Handler"
-> {HKLM...CLSID} = "Groove GFS Context Menu Handler"
\InProcServer32\(Default) = "C:\OFFICE~2\Office12\GRA8E1~1.DLL" [MS]
"{387E725D-DC16-4D76-B310-2C93ED4752A0}" = "Groove XML Icon Handler"
-> {HKLM...CLSID} = "Groove XML Icon Handler"
\InProcServer32\(Default) = "C:\OFFICE~2\Office12\GRA8E1~1.DLL" [MS]
"{16F3DD56-1AF5-4347-846D-7C10C4192619}" = "Groove Explorer Icon Overlay 3 (GFS Folder)"
-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 3 (GFS Folder)"
\InProcServer32\(Default) = "C:\OFFICE~2\Office12\GRA8E1~1.DLL" [MS]
"{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}" = "Groove Explorer Icon Overlay 2 (GFS Stub)"
-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 2 (GFS Stub)"
\InProcServer32\(Default) = "C:\OFFICE~2\Office12\GRA8E1~1.DLL" [MS]
"{2916C86E-86A6-43FE-8112-43ABE6BF8DCC}" = "Groove Explorer Icon Overlay 4 (GFS Unread Mark)"
-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 4 (GFS Unread Mark)"
\InProcServer32\(Default) = "C:\OFFICE~2\Office12\GRA8E1~1.DLL" [MS]
"{99FD978C-D287-4F50-827F-B2C658EDA8E7}" = "Groove Explorer Icon Overlay 1 (GFS Unread Stub)"
-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 1 (GFS Unread Stub)"
\InProcServer32\(Default) = "C:\OFFICE~2\Office12\GRA8E1~1.DLL" [MS]
"{920E6DB1-9907-4370-B3A0-BAFC03D81399}" = "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)"
-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)"
\InProcServer32\(Default) = "C:\OFFICE~2\Office12\GRA8E1~1.DLL" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Outlook File Icon Extension"
\InProcServer32\(Default) = "C:\OFFICE~2\Office12\OLKFSTUB.DLL" [MS]
"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
-> {HKLM...CLSID} = "Microsoft Office Outlook"
\InProcServer32\(Default) = "C:\OFFICE~2\Office12\MLSHEXT.DLL" [MS]
"{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C}" = "Microsoft Office OneNote Namespace Extension for Windows Desktop Search"
-> {HKLM...CLSID} = "Microsoft Office OneNote Namespace Extension for Windows Desktop Search"
\InProcServer32\(Default) = "C:\OFFICE~2\Office12\ONFILTER.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\OFFICE PL\Office12\msohevi.dll" [MS]
"{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}" = "Microsoft Office Metadata Handler"
-> {HKLM...CLSID} = "Microsoft Office Metadata Handler"
\InProcServer32\(Default) = "D:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS]
"{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}" = "Microsoft Office Thumbnail Handler"
-> {HKLM...CLSID} = "Microsoft Office Thumbnail Handler"
\InProcServer32\(Default) = "D:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS]
"{ABC70703-32AF-11d4-90C4-D483A70F4825}" = "CMenuExtender"
-> {HKLM...CLSID} = "CMenuExtender"
\InProcServer32\(Default) = "D:\WINDOWS\BricoPacks\Vista Inspirat\iColorFolder\CMExt.dll" ["Revenger inc."]
"{F2185E5D-720E-4956-90D9-75F6AC141575}" = "Idea2 SidebarIconHandler Class"
-> {HKLM...CLSID} = "SidebarIconHandler Class"
\InProcServer32\(Default) = "D:\Program Files\Desktop Sidebar\sbhelp.dll" ["Idea2"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
<<!>> "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" = "Groove GFS Stub Execution Hook"
-> {HKLM...CLSID} = "Groove GFS Stub Execution Hook"
\InProcServer32\(Default) = "C:\OFFICE~2\Office12\GRA8E1~1.DLL" [MS]

HKLM\Software\Classes\PROTOCOLS\Filter\
<<!>> text/xml\CLSID = "{807563E5-5146-11D5-A672-00B0D022E945}"
-> {HKLM...CLSID} = "Microsoft Office InfoPath XML Mime Filter"
\InProcServer32\(Default) = "D:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL" [MS]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "D:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
MkS_Vir\(Default) = "{E64226E0-9DA1-479E-8265-8D65BA327BD4}"
-> {HKLM...CLSID} = "MkS_Vir Shell Extension"
\InProcServer32\(Default) = "/u\mksshell.dll" [file not found]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data]
XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}"
-> {HKLM...CLSID} = "Groove GFS Context Menu Handler"
\InProcServer32\(Default) = "C:\OFFICE~2\Office12\GRA8E1~1.DLL" [MS]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
CMenuExtender\(Default) = "{ABC70703-32AF-11d4-90C4-D483A70F4825}"
-> {HKLM...CLSID} = "CMenuExtender"
\InProcServer32\(Default) = "D:\WINDOWS\BricoPacks\Vista Inspirat\iColorFolder\CMExt.dll" ["Revenger inc."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data]
XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}"
-> {HKLM...CLSID} = "Groove GFS Context Menu Handler"
\InProcServer32\(Default) = "C:\OFFICE~2\Office12\GRA8E1~1.DLL" [MS]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "D:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
MkS_Vir\(Default) = "{E64226E0-9DA1-479E-8265-8D65BA327BD4}"
-> {HKLM...CLSID} = "MkS_Vir Shell Extension"
\InProcServer32\(Default) = "/u\mksshell.dll" [file not found]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data]
XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}"
-> {HKLM...CLSID} = "Groove GFS Context Menu Handler"
\InProcServer32\(Default) = "C:\OFFICE~2\Office12\GRA8E1~1.DLL" [MS]

HKLM\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\
XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}"
-> {HKLM...CLSID} = "Groove GFS Context Menu Handler"
\InProcServer32\(Default) = "C:\OFFICE~2\Office12\GRA8E1~1.DLL" [MS]


Group Policies {policy setting}:
--------------------------------

Note: detected settings may not have any effect.

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Devices: Allow undock without having to log on}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "D:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Magentic\Runtime\Magentic Wallpaper.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "D:\Documents and Settings\okio\Dane aplikacji\Mozilla\Firefox\Tapeta pulpitu.bmp"


Startup items in "okio" & "All Users" startup folders:
------------------------------------------------------

D:\Documents and Settings\okio\Menu Start\Programy\Autostart
"Rapidown" -> shortcut to: "D:\Program Files\Rapidown\rapidown.exe rapstart.startup" [null data]
"Stardock ObjectDock" -> shortcut to: "D:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe" ["Stardock"]
"Y'z ToolBar" -> shortcut to: "D:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe" ["Y'z@Home"]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}"
-> {HKLM...CLSID} = "MEGAUPLOADTOOLBAR"
\InProcServer32\(Default) = "D:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL" ["MegaUpload"]

HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}" = (no title provided)
-> {HKLM...CLSID} = "MEGAUPLOADTOOLBAR"
\InProcServer32\(Default) = "D:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL" ["MegaUpload"]
"{E0E899AB-F487-11D5-8D29-0050BA6940E3}" = "FlashGet"
-> {HKLM...CLSID} = "FlashGet"
\InProcServer32\(Default) = "C:\Program Files\FlashGet\fgiebar.dll" [file not found]
"{0D704FAD-66E9-4F0A-BFED-4F665770DDB3}" = (no title provided)
-> {HKLM...CLSID} = "&Tłumaczenie"
\InProcServer32\(Default) = "D:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll" ["Techland"]

Explorer Bars

HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\

HKLM\Software\Classes\CLSID\{01002DB2-8170-4D9B-A8B1-DDC9DD114E03}\(Default) = "Volet Wanadoo"
Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar]
InProcServer32\(Default) = "D:\PROGRA~1\NEOSTR~1\audience\audience.dll" [empty string]

HKLM\Software\Classes\CLSID\{175556B1-4D91-4E9A-9C4B-D6888D5DEE6C}\(Default) = "&Ramka Tłumaczenia"
Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar]
InProcServer32\(Default) = "D:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll" ["Techland"]

HKLM\Software\Classes\CLSID\{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}\(Default) = "Groove Folder Synchronization"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\OFFICE~2\Office12\GRA8E1~1.DLL" [MS]

HKLM\Software\Classes\CLSID\{3BAF4A27-C764-4E1A-A6F4-62F7A7E5E51C}\(Default) = "ToolBand Class"
Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar]
InProcServer32\(Default) = "D:\PROGRA~1\NEOSTR~1\audience\audience.dll" [empty string]

HKLM\Software\Classes\CLSID\{5BF498C0-931E-4A4F-B33F-456D07137EAA}\(Default) = "Volet Wanadoo"
Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar]
InProcServer32\(Default) = "D:\PROGRA~1\NEOSTR~1\audience\audience.dll" [empty string]

HKLM\Software\Classes\CLSID\{D553F157-2AB0-4B46-98D2-7BA7CA418491}\(Default) = "&Słownik Podręczny"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "D:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll" ["Techland"]

HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Poszukaj"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\OFFICE~2\Office12\REFIEBAR.DLL" [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{09FE188B-6E85-479E-9411-51FB2220DF80}\
"ButtonText" = "Subscribe in Desktop Sidebar"
"MenuText" = "Subscribe in Desktop Sidebar"
"CLSIDExtension" = "{45AD732C-2CE2-4666-B366-B2214AD57A49}"
-> {HKLM...CLSID} = "Idea2 SidebarBrowserMonitor Class"
\InProcServer32\(Default) = "D:\Program Files\Desktop Sidebar\sbhelp.dll" ["Idea2"]

{2670000A-7350-4F3C-8081-5663EE0C6C49}\
"ButtonText" = "Wyślij do programu OneNote"
"MenuText" = "Wyślij &do programu OneNote"
"CLSIDExtension" = "{48E73304-E1D6-4330-914C-F5F514E3486C}"
-> {HKLM...CLSID} = "Send to OneNote from Internet Explorer button"
\InProcServer32\(Default) = "C:\OFFICE~2\Office12\ONBttnIE.dll" [MS]

{57E91B47-F40A-11D1-B792-444553540011}\
"ButtonText" = "Rapidown"
"MenuText" = "Rapidown"
"Exec" = "D:\Program Files\Rapidown\rapidown.exe" [null data]

{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
"ButtonText" = "Research"

{B46B0919-62BA-4D99-A5C4-916B57A6805C}\
"MenuText" = "@D:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll,-103"
"CLSIDExtension" = "{B46B0919-62BA-4D99-A5C4-916B57A6805C}"
-> {HKLM...CLSID} = "InternetTranslatorProperties Class"
\InProcServer32\(Default) = "D:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll" ["Techland"]

{D6E814A0-E0C5-11D4-8D29-0050BA6940E3}\
"ButtonText" = "FlashGet"
"MenuText" = "FlashGet"
"Exec" = "C:\PROGRA~1\FlashGet\flashget.exe" [file not found]

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "D:\Program Files\Messenger\msmsgs.exe" [MS]


Miscellaneous IE Hijack Points
------------------------------

HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\
<<H>> "{08C06D61-F1F3-4799-86F8-BE1A89362C85}" = (no title provided)
-> {HKLM...CLSID} = "Search Class"
\InProcServer32\(Default) = "D:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL" [empty string]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

avast! Antivirus, avast! Antivirus, ""D:\Program Files\Alwil Software\Avast4\ashServ.exe"" [null data]
avast! iAVS4 Control Service, aswUpdSv, ""D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"" [null data]
avast! Mail Scanner, avast! Mail Scanner, ""D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service" ["ALWIL Software"]
avast! Web Scanner, avast! Web Scanner, ""D:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service" ["ALWIL Software"]
NVIDIA Display Driver Service, NVSvc, "D:\WINDOWS\System32\nvsvc32.exe" ["NVIDIA Corporation"]


----------
<<!>>: Suspicious data at a malware launch point.
<<H>>: Suspicious data at a browser hijack point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 176 seconds.
---------- (total run time: 242 seconds)

[MISTEJK]

:arrow: Wklej dwa logi z Gmer'a wykonane przy ustawieniach:
1. Zakładka Rootkit >>> zaznaczone wszystko oprócz Pokazuj wszystko >>> kliknij Szukaj >>> czekaj cierpliwie aż skończy >>> Kopiuj >>> wklej do posta
2. Zakładka Rootkit >>> zaznaczone tylko Usługi i Pokazuj wszystko >>> kliknij Szukaj >>> czekaj cierpliwie aż skończy >>> Kopiuj >>> wklej do posta

Wklej log z ComboScan`a
Opis: http://www.pcboard.pl/viewtopic.php?t=13

Autor postu otrzymał pochwałę

[rozmyty]

przy pierwszym logu z gmera wystempuje błąd:



2 log z gmera

GMER 1.0.12.12086 - http://www.gmer.net
Rootkit scan 2007-03-24 10:33:42
Windows 5.1.2600 Dodatek Service Pack 2


---- Services - GMER 1.0.12 ----

Service [SYSTEM] Aavmker4
Service [DISABLED] Abiosdsk
Service [DISABLED] abp480n5
Service D:\WINDOWS\System32\DRIVERS\ACPI.sys [BOOT] ACPI
Service [DISABLED] ACPIEC
Service [DISABLED] adpu160m
Service D:\WINDOWS\system32\drivers\aeaudio.sys [MANUAL] aeaudio
Service D:\WINDOWS\system32\drivers\aec.sys [MANUAL] aec
Service D:\WINDOWS\System32\drivers\afd.sys [SYSTEM] AFD
Service [DISABLED] Aha154x
Service [DISABLED] aic78u2
Service [DISABLED] aic78xx
Service D:\WINDOWS\System32\DRIVERS\alcan5wn.sys [MANUAL] alcan5wn
Service D:\WINDOWS\System32\DRIVERS\alcaudsl.sys [MANUAL] alcaudsl
Service D:\WINDOWS\System32\svchost.exe [DISABLED] Alerter
Service D:\WINDOWS\System32\alg.exe [MANUAL] ALG
Service [DISABLED] AliIde
Service [DISABLED] amsint
Service D:\WINDOWS\system32\svchost.exe [MANUAL] AppMgmt
Service [DISABLED] asc
Service [DISABLED] asc3350p
Service [DISABLED] asc3550
Service [AUTO] aswMon2
Service [MANUAL] aswRdr
Service [SYSTEM] aswTdi
Service D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [AUTO] aswUpdSv
Service D:\WINDOWS\System32\DRIVERS\asyncmac.sys [MANUAL] AsyncMac
Service D:\WINDOWS\System32\DRIVERS\atapi.sys [BOOT] atapi
Service [DISABLED] Atdisk
Service D:\WINDOWS\System32\DRIVERS\atmarpc.sys [MANUAL] Atmarpc
Service D:\WINDOWS\System32\svchost.exe [AUTO] AudioSrv
Service D:\WINDOWS\System32\DRIVERS\audstub.sys [MANUAL] audstub
Service D:\Program Files\Alwil Software\Avast4\ashServ.exe [AUTO] avast! Antivirus
Service D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [MANUAL] avast! Mail Scanner
Service D:\Program Files\Alwil Software\Avast4\ashWebSv.exe [MANUAL] avast! Web Scanner
Service D:\WINDOWS\System32\DRIVERS\HSF_BSC2.sys [MANUAL] basic2
Service BattC
Service [SYSTEM] Beep
Service D:\WINDOWS\System32\svchost.exe [MANUAL] BITS
Service D:\WINDOWS\System32\svchost.exe [AUTO] Browser
Service [DISABLED] cbidf2k
Service [DISABLED] cd20xrnt
Service [SYSTEM] Cdaudio
Service [DISABLED] Cdfs
Service D:\WINDOWS\System32\DRIVERS\cdrom.sys [SYSTEM] Cdrom
Service cFosSpeed
Service [SYSTEM] Changer
Service D:\WINDOWS\system32\cisvc.exe [MANUAL] CiSvc
Service D:\WINDOWS\system32\clipsrv.exe [DISABLED] ClipSrv
Service [DISABLED] CmdIde
Service D:\WINDOWS\System32\dllhost.exe [MANUAL] COMSysApp
Service ContentFilter
Service ContentIndex
Service [DISABLED] Cpqarray
Service D:\WINDOWS\system32\svchost.exe [AUTO] CryptSvc
Service [DISABLED] dac2w2k
Service [DISABLED] dac960nt
Service D:\WINDOWS\system32\svchost.exe [AUTO] DcomLaunch
Service D:\WINDOWS\System32\svchost.exe [AUTO] Dhcp
Service D:\WINDOWS\System32\DRIVERS\disk.sys [BOOT] Disk
Service D:\WINDOWS\System32\dmadmin.exe [MANUAL] dmadmin
Service D:\WINDOWS\System32\drivers\dmboot.sys [DISABLED] dmboot
Service D:\WINDOWS\System32\drivers\dmio.sys [DISABLED] dmio
Service D:\WINDOWS\System32\drivers\dmload.sys [DISABLED] dmload
Service D:\WINDOWS\System32\svchost.exe [MANUAL] dmserver
Service D:\WINDOWS\system32\drivers\DMusic.sys [MANUAL] DMusic
Service D:\WINDOWS\System32\svchost.exe [AUTO] Dnscache
Service [DISABLED] dpti2o
Service D:\WINDOWS\system32\drivers\drmkaud.sys [MANUAL] drmkaud
Service D:\WINDOWS\System32\Drivers\ElbyCDFL.sys [MANUAL] ElbyCDFL
Service D:\WINDOWS\System32\Drivers\ElbyCDIO.sys [AUTO] ElbyCDIO
Service D:\WINDOWS\System32\svchost.exe [AUTO] ERSvc
Service D:\WINDOWS\system32\services.exe [AUTO] Eventlog
Service D:\WINDOWS\System32\svchost.exe [MANUAL] EventSystem
Service D:\WINDOWS\System32\DRIVERS\HSF_FALL.sys [AUTO] Fallback
Service [DISABLED] Fastfat
Service D:\WINDOWS\System32\svchost.exe [MANUAL] FastUserSwitchingCompatibility
Service D:\WINDOWS\System32\DRIVERS\fdc.sys [MANUAL] Fdc
Service D:\WINDOWS\System32\DRIVERS\fetnd5.sys [MANUAL] FETNDIS
Service [SYSTEM] Fips
Service D:\WINDOWS\System32\DRIVERS\flpydisk.sys [MANUAL] Flpydisk
Service D:\WINDOWS\system32\drivers\fltmgr.sys [BOOT] FltMgr
Service D:\WINDOWS\System32\DRIVERS\HSF_FSKS.sys [AUTO] Fsks
Service [SYSTEM] Fs_Rec
Service D:\WINDOWS\System32\DRIVERS\ftdisk.sys [BOOT] Ftdisk
Service D:\WINDOWS\System32\DRIVERS\gmer.sys [MANUAL] gmer
Service D:\WINDOWS\System32\DRIVERS\msgpc.sys [MANUAL] Gpc
Service D:\WINDOWS\System32\svchost.exe [AUTO] helpsvc
Service D:\WINDOWS\System32\svchost.exe [DISABLED] HidServ
Service D:\WINDOWS\System32\DRIVERS\hidusb.sys [MANUAL] HidUsb
Service [DISABLED] hpn
Service D:\WINDOWS\System32\DRIVERS\HSFBS2S2.sys [MANUAL] HSFHWBS2
Service D:\WINDOWS\System32\DRIVERS\HSFDPSP2.sys [MANUAL] HSF_DP
Service D:\WINDOWS\System32\DRIVERS\HSF_MSFT.sys [MANUAL] hsf_msft
Service D:\WINDOWS\System32\Drivers\HTTP.sys [MANUAL] HTTP
Service D:\WINDOWS\System32\svchost.exe [MANUAL] HTTPFilter
Service [SYSTEM] i2omgmt
Service [DISABLED] i2omp
Service D:\WINDOWS\System32\DRIVERS\i8042prt.sys [SYSTEM] i8042prt
Service D:\WINDOWS\System32\DRIVERS\imapi.sys [SYSTEM] Imapi
Service D:\WINDOWS\System32\imapi.exe [MANUAL] ImapiService
Service inetaccs
Service [DISABLED] ini910u
Service Inport
Service [DISABLED] IntelIde
Service D:\WINDOWS\System32\DRIVERS\intelppm.sys [SYSTEM] intelppm
Service D:\WINDOWS\system32\drivers\ip6fw.sys [MANUAL] ip6fw
Service D:\WINDOWS\System32\DRIVERS\ipfltdrv.sys [MANUAL] IpFilterDriver
Service D:\WINDOWS\System32\DRIVERS\ipinip.sys [MANUAL] IpInIp
Service D:\WINDOWS\System32\DRIVERS\ipnat.sys [MANUAL] IpNat
Service D:\WINDOWS\System32\DRIVERS\ipsec.sys [SYSTEM] IPSec
Service D:\WINDOWS\System32\DRIVERS\irenum.sys [MANUAL] IRENUM
Service ISAPISearch
Service D:\WINDOWS\System32\DRIVERS\isapnp.sys [BOOT] isapnp
Service D:\WINDOWS\System32\DRIVERS\HSF_K56K.sys [AUTO] K56
Service D:\WINDOWS\System32\DRIVERS\kbdclass.sys [SYSTEM] Kbdclass
Service D:\WINDOWS\system32\drivers\kmixer.sys [MANUAL] kmixer
Service [BOOT] KSecDD
Service D:\WINDOWS\System32\svchost.exe [AUTO] lanmanserver
Service D:\WINDOWS\System32\svchost.exe [AUTO] lanmanworkstation
Service [SYSTEM] lbrtfdc
Service ldap
Service LicenseService
Service D:\WINDOWS\System32\svchost.exe [AUTO] LmHosts
Service D:\WINDOWS\System32\DRIVERS\mdmxsdk.sys [AUTO] mdmxsdk
Service D:\WINDOWS\System32\svchost.exe [DISABLED] Messenger
Service C:\OFFICE PL\Office12\GrooveAuditService.exe [MANUAL] Microsoft Office Groove Audit Service
Service [SYSTEM] mnmdd
Service D:\WINDOWS\System32\mnmsrvc.exe [MANUAL] mnmsrvc
Service [MANUAL] Modem
Service D:\WINDOWS\System32\DRIVERS\mouclass.sys [SYSTEM] Mouclass
Service [BOOT] MountMgr
Service [DISABLED] mraid35x
Service D:\WINDOWS\System32\DRIVERS\mrxdav.sys [MANUAL] MRxDAV
Service D:\WINDOWS\System32\DRIVERS\mrxsmb.sys [SYSTEM] MRxSmb
Service D:\WINDOWS\System32\msdtc.exe [MANUAL] MSDTC
Service [SYSTEM] Msfs
Service D:\WINDOWS\system32\msiexec.exe [MANUAL] MSIServer
Service D:\WINDOWS\system32\drivers\MSKSSRV.sys [MANUAL] MSKSSRV
Service D:\WINDOWS\system32\drivers\MSPCLOCK.sys [MANUAL] MSPCLOCK
Service D:\WINDOWS\system32\drivers\MSPQM.sys [MANUAL] MSPQM
Service D:\WINDOWS\System32\DRIVERS\mssmbios.sys [MANUAL] mssmbios
Service [BOOT] Mup
Service [BOOT] NDIS
Service D:\WINDOWS\System32\DRIVERS\ndistapi.sys [MANUAL] NdisTapi
Service D:\WINDOWS\System32\DRIVERS\ndisuio.sys [MANUAL] Ndisuio
Service D:\WINDOWS\System32\DRIVERS\ndiswan.sys [MANUAL] NdisWan
Service [MANUAL] NDProxy
Service D:\WINDOWS\System32\DRIVERS\netbios.sys [SYSTEM] NetBIOS
Service D:\WINDOWS\System32\DRIVERS\netbt.sys [SYSTEM] NetBT
Service D:\WINDOWS\system32\netdde.exe [DISABLED] NetDDE
Service D:\WINDOWS\system32\netdde.exe [DISABLED] NetDDEdsdm
Service D:\WINDOWS\System32\lsass.exe [MANUAL] Netlogon
Service D:\WINDOWS\System32\svchost.exe [MANUAL] Netman
Service D:\WINDOWS\System32\svchost.exe [MANUAL] Nla
Service [SYSTEM] Npfs
Service [DISABLED] Ntfs
Service D:\WINDOWS\System32\lsass.exe [MANUAL] NtLmSsp
Service D:\WINDOWS\system32\svchost.exe [MANUAL] NtmsSvc
Service [SYSTEM] Null
Service D:\WINDOWS\System32\DRIVERS\nv4_mini.sys [MANUAL] nv
Service D:\WINDOWS\System32\nvsvc32.exe [AUTO] NVSvc
Service D:\WINDOWS\System32\DRIVERS\nwlnkflt.sys [MANUAL] NwlnkFlt
Service D:\WINDOWS\System32\DRIVERS\nwlnkfwd.sys [MANUAL] NwlnkFwd
Service D:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [MANUAL] odserv
Service D:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [MANUAL] ose
Service Outlook
Service D:\WINDOWS\System32\DRIVERS\parport.sys [MANUAL] Parport
Service [BOOT] PartMgr
Service [AUTO] ParVdm
Service D:\WINDOWS\System32\DRIVERS\pci.sys [BOOT] PCI
Service [SYSTEM] PCIDump
Service [DISABLED] PCIIde
Service [DISABLED] Pcmcia
Service [MANUAL] PDCOMP
Service [MANUAL] PDFRAME
Service [MANUAL] PDRELI
Service [MANUAL] PDRFRAME
Service [DISABLED] perc2
Service [DISABLED] perc2hib
Service PerfDisk
Service PerfNet
Service PerfOS
Service PerfProc
Service D:\WINDOWS\system32\services.exe [AUTO] PlugPlay
Service D:\WINDOWS\System32\lsass.exe [AUTO] PolicyAgent
Service D:\WINDOWS\System32\DRIVERS\raspptp.sys [MANUAL] PptpMiniport
Service D:\WINDOWS\System32\DRIVERS\processr.sys [SYSTEM] Processor
Service D:\WINDOWS\system32\lsass.exe [AUTO] ProtectedStorage
Service D:\WINDOWS\System32\DRIVERS\psched.sys [MANUAL] PSched
Service D:\WINDOWS\System32\DRIVERS\ptilink.sys [MANUAL] Ptilink
Service [DISABLED] ql1080
Service [DISABLED] Ql10wnt
Service [DISABLED] ql12160
Service [DISABLED] ql1240
Service [DISABLED] ql1280
Service D:\WINDOWS\System32\DRIVERS\rasacd.sys [SYSTEM] RasAcd
Service D:\WINDOWS\System32\svchost.exe [MANUAL] RasAuto
Service D:\WINDOWS\System32\DRIVERS\rasl2tp.sys [MANUAL] Rasl2tp
Service D:\WINDOWS\System32\svchost.exe [MANUAL] RasMan
Service D:\WINDOWS\System32\DRIVERS\raspppoe.sys [MANUAL] RasPppoe
Service D:\WINDOWS\System32\DRIVERS\raspti.sys [MANUAL] Raspti
Service D:\WINDOWS\System32\DRIVERS\rdbss.sys [SYSTEM] Rdbss
Service D:\WINDOWS\System32\DRIVERS\RDPCDD.sys [SYSTEM] RDPCDD
Service RDPDD
Service RDPNP
Service [MANUAL] RDPWD
Service D:\WINDOWS\system32\sessmgr.exe [MANUAL] RDSessMgr
Service D:\WINDOWS\System32\DRIVERS\redbook.sys [SYSTEM] redbook
Service D:\WINDOWS\System32\svchost.exe [DISABLED] RemoteAccess
Service D:\WINDOWS\System32\DRIVERS\HSF_SAMP.sys [MANUAL] Rksample
Service D:\WINDOWS\System32\locator.exe [MANUAL] RpcLocator
Service D:\WINDOWS\system32\svchost.exe [AUTO] RpcSs
Service D:\WINDOWS\System32\rsvp.exe [MANUAL] RSVP
Service D:\WINDOWS\system32\lsass.exe [AUTO] SamSs
Service D:\WINDOWS\System32\SCardSvr.exe [MANUAL] SCardSvr
Service D:\WINDOWS\System32\svchost.exe [AUTO] Schedule
Service ScsiPort
Service D:\WINDOWS\System32\DRIVERS\secdrv.sys [MANUAL] Secdrv
Service D:\WINDOWS\System32\svchost.exe [AUTO] seclogon
Service D:\WINDOWS\system32\svchost.exe [AUTO] SENS
Service D:\WINDOWS\System32\DRIVERS\serenum.sys [MANUAL] serenum
Service D:\WINDOWS\System32\DRIVERS\serial.sys [SYSTEM] Serial
Service [SYSTEM] Sfloppy
Service D:\WINDOWS\System32\svchost.exe [AUTO] SharedAccess
Service D:\WINDOWS\System32\svchost.exe [AUTO] ShellHWDetection
Service [DISABLED] Simbad
Service D:\WINDOWS\system32\drivers\smwdm.sys [MANUAL] smwdm
Service D:\WINDOWS\System32\DRIVERS\HSF_FAXX.sys [AUTO] SoftFax
Service [DISABLED] Sparrow
Service D:\WINDOWS\system32\drivers\splitter.sys [MANUAL] splitter
Service D:\WINDOWS\system32\spoolsv.exe [AUTO] Spooler
Service D:\WINDOWS\System32\Drivers\sptd.sys [BOOT] sptd
Service D:\WINDOWS\System32\DRIVERS\sr.sys [BOOT] sr
Service D:\WINDOWS\System32\svchost.exe [AUTO] srservice
Service D:\WINDOWS\System32\DRIVERS\srv.sys [MANUAL] Srv
Service D:\WINDOWS\System32\svchost.exe [MANUAL] SSDPSRV
Service D:\WINDOWS\System32\svchost.exe [MANUAL] stisvc
Service D:\WINDOWS\System32\DRIVERS\swenum.sys [MANUAL] swenum
Service D:\WINDOWS\system32\drivers\swmidi.sys [MANUAL] swmidi
Service D:\WINDOWS\System32\dllhost.exe [MANUAL] SwPrv
Service swwd
Service [DISABLED] symc810
Service [DISABLED] symc8xx
Service [DISABLED] sym_hi
Service [DISABLED] sym_u3
Service D:\WINDOWS\system32\drivers\sysaudio.sys [MANUAL] sysaudio
Service D:\WINDOWS\system32\smlogsvc.exe [MANUAL] SysmonLog
Service D:\WINDOWS\System32\svchost.exe [MANUAL] TapiSrv
Service D:\WINDOWS\System32\DRIVERS\tcpip.sys [SYSTEM] Tcpip
Service [MANUAL] TDPIPE
Service [MANUAL] TDTCP
Service D:\WINDOWS\System32\DRIVERS\termdd.sys [SYSTEM] TermDD
Service D:\WINDOWS\System32\svchost.exe [MANUAL] TermService
Service D:\WINDOWS\System32\svchost.exe [AUTO] Themes
Service D:\WINDOWS\System32\DRIVERS\HSF_TONE.sys [AUTO] Tones
Service [DISABLED] TosIde
Service D:\WINDOWS\system32\svchost.exe [AUTO] TrkWks
Service TSDDD
Service D:\WINDOWS\System32\DRIVERS\uagp35.sys [BOOT] uagp35
Service [DISABLED] Udfs
Service [DISABLED] ultra
Service D:\WINDOWS\System32\DRIVERS\update.sys [MANUAL] Update
Service D:\WINDOWS\System32\svchost.exe [MANUAL] upnphost
Service D:\WINDOWS\System32\ups.exe [MANUAL] UPS
Service D:\WINDOWS\System32\DRIVERS\usbehci.sys [MANUAL] usbehci
Service D:\WINDOWS\System32\DRIVERS\usbhub.sys [MANUAL] usbhub
Service D:\WINDOWS\System32\DRIVERS\usbuhci.sys [MANUAL] usbuhci
Service D:\WINDOWS\System32\DRIVERS\HSF_V124.sys [AUTO] V124
Service D:\WINDOWS\System32\drivers\vga.sys [SYSTEM] VgaSave
Service D:\WINDOWS\System32\DRIVERS\viaide.sys [BOOT] ViaIde
Service [BOOT] VolSnap
Service D:\WINDOWS\System32\vssvc.exe [MANUAL] VSS
Service D:\WINDOWS\System32\svchost.exe [DISABLED] W32Time
Service W3SVC
Service D:\WINDOWS\System32\DRIVERS\wanarp.sys [MANUAL] Wanarp
Service [MANUAL] WDICA
Service D:\WINDOWS\system32\drivers\wdmaud.sys [MANUAL] wdmaud
Service D:\WINDOWS\System32\svchost.exe [AUTO] WebClient
Service D:\WINDOWS\System32\DRIVERS\HSFCXTS2.sys [MANUAL] winachsf
Service D:\WINDOWS\system32\svchost.exe [AUTO] winmgmt
Service [MANUAL] Winsock
Service WinSock2
Service WinTrust
Service D:\WINDOWS\System32\svchost.exe [MANUAL] WmdmPmSN
Service Wmi
Service WmiApRpl
Service D:\WINDOWS\System32\wbem\wmiapsrv.exe [MANUAL] WmiApSrv
Service D:\WINDOWS\System32\svchost.exe [AUTO] wscsvc
Service D:\WINDOWS\system32\svchost.exe [AUTO] wuauserv
Service D:\WINDOWS\System32\svchost.exe [AUTO] WZCSVC
Service D:\WINDOWS\System32\svchost.exe [MANUAL] xmlprov
Service ZoomoutScope
Service {D7B7368A-BCBC-401D-BA82-2B8606228D17}
Service [MANUAL] anz2aps3

---- EOF - GMER 1.0.12 ----

Comboscan 1

ComboScan v20070306.20 run by okio on 2007-03-24 at 10:28:52
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created ComboScan Restore Point.


-- Last 5 Restore Point(s) --
11: 2007-03-24 09:28:59 UTC - RP61 - ComboScan Restore Point
10: 2007-03-23 15:46:07 UTC - RP60 - Punkt kontrolny systemu
9: 2007-03-22 15:03:10 UTC - RP59 - Zainstalowane English Translator XT
8: 2007-03-22 07:11:51 UTC - RP58 - Punkt kontrolny systemu
7: 2007-03-20 22:01:48 UTC - RP57 - Punkt kontrolny systemu


-- First Restore Point --
1: 2007-03-16 15:42:06 UTC - RP51 - Punkt kontrolny systemu


Performed disk cleanup.


-- HijackThis (run as okio.exe) ------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 10:29:27, on 2007-03-24
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\WINDOWS\System32\nvsvc32.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\PROGRA~1\MyPortal\Speed-X\SpeedX.exe
D:\WINDOWS\system32\ctfmon.exe
D:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
D:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
D:\Documents and Settings\okio\Pulpit\comboscan.exe
D:\DOCUME~1\okio\Pulpit\okio.exe
D:\WINDOWS\system32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://szukaj.wp.pl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredimail.com/english
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - D:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
O2 - BHO: (no name) - {140BD8E3-C167-11D4-B4A3-080000180323} - (no file)
O2 - BHO: Flashget Catch Url Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll (file missing)
O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - D:\Program Files\Desktop Sidebar\sbhelp.dll
O2 - BHO: MEGAUPLOADTOOLBAR - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - D:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\OFFICE~2\Office12\GRA8E1~1.DLL
O2 - BHO: (no name) - {A6984C00-C6EB-11D4-B4A4-080000180323} - D:\PROGRA~1\Rapidown\rapi310.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll (file missing)
O3 - Toolbar: MEGAUPLOADTOOLBAR - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - D:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll (file missing)
O3 - Toolbar: &Tłumaczenie - {0D704FAD-66E9-4F0A-BFED-4F665770DDB3} - D:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [SpeedX] D:\PROGRA~1\MyPortal\Speed-X\SpeedX.exe
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Komunikator] D:\Program Files\Tlen.pl\tlen.exe
O4 - Startup: Rapidown.lnk = D:\Program Files\Rapidown\rapidown.exe
O4 - Startup: Stardock ObjectDock.lnk = D:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
O4 - Startup: Y'z ToolBar.lnk = D:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
O8 - Extra context menu item: &Ściągnij przy pomocy FlashGet'a - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: &Ściągnij wszystko przy pomocy FlashGet'a - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: Baixar com o Rapidown... - D:\Program Files\Rapidown\rapidownGet.htm
O8 - Extra context menu item: Baixar tudo com o Rapidown... - D:\Program Files\Rapidown\rapidownGetAll.htm
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\OFFICE~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - D:\Program Files\Desktop Sidebar\sbhelp.dll
O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - D:\Program Files\Desktop Sidebar\sbhelp.dll
O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\OFFICE~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\OFFICE~2\Office12\ONBttnIE.dll
O9 - Extra button: Rapidown - {57E91B47-F40A-11D1-B792-444553540011} - D:\Program Files\Rapidown\rapidown.exe
O9 - Extra 'Tools' menuitem: Rapidown - {57E91B47-F40A-11D1-B792-444553540011} - D:\Program Files\Rapidown\rapidown.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\OFFICE~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {B46B0919-62BA-4D99-A5C4-916B57A6805C} - D:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll
O9 - Extra 'Tools' menuitem: @D:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll,-103 - {B46B0919-62BA-4D99-A5C4-916B57A6805C} - D:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1169748136406
O17 - HKLM\System\CCS\Services\Tcpip\..\{27694A5D-F4F4-40CE-98C8-0669C4FA5371}: NameServer = 194.204.159.1 217.98.63.164
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\OFFICE~2\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - D:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - D:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe


-- File Associations -----------------------------------------------------------

.bat - batfile - "%1" %*
.chm - chm.file - "D:\WINDOWS\hh.exe" %1
.cmd - cmdfile - "%1" %*
.com - comfile - "%1" %*
.exe - exefile - "%1" %*
.hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1
.inf - inffile - %SystemRoot%\System32\NOTEPAD.EXE %1
.ini - inifile - %SystemRoot%\System32\NOTEPAD.EXE %1
.js - JSFile - %SystemRoot%\System32\WScript.exe "%1" %*
.lnk - lnkfile - {00021401-0000-0000-C000-000000000046}
.pif - piffile - "%1" %*
.reg - regfile - regedit.exe "%1"
.scr - scrfile - "%1" /S
.txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1
.vbs - VBSFile - %SystemRoot%\System32\WScript.exe "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

1R Aavmker4 (avast! Asynchronous Virus Monitor) - D:\WINDOWS\system32\drivers\aavmker4.sys
3R aeaudio - D:\WINDOWS\system32\drivers\aeaudio.sys
3R alcan5wn (SpeedTouch USB ADSL PPP Networking Driver (NDISWAN)) - D:\WINDOWS\system32\drivers\alcan5wn.sys
3R alcaudsl (SpeedTouch ADSL Modem ATM Transport) - D:\WINDOWS\system32\drivers\alcaudsl.sys
2R aswMon2 (avast! Standard Shield Support) - D:\WINDOWS\system32\drivers\aswmon2.sys
3R aswRdr - D:\WINDOWS\system32\drivers\aswRdr.sys
1R aswTdi (avast! Network Shield Support) - D:\WINDOWS\system32\drivers\aswTdi.sys
3S basic2 - D:\WINDOWS\system32\drivers\HSF_BSC2.sys
3R ElbyCDFL - D:\WINDOWS\system32\drivers\ElbyCDFL.sys
2R ElbyCDIO (ElbyCDIO Driver) - D:\WINDOWS\system32\drivers\ElbyCDIO.sys
2R Fallback - D:\WINDOWS\system32\drivers\HSF_FALL.sys
3R FETNDIS (Sterownik NT karty VIA PCI 10/100Mb Fast Ethernet) - D:\WINDOWS\system32\drivers\fetnd5.sys
2R Fsks - D:\WINDOWS\system32\drivers\HSF_FSKS.sys
3R gmer - D:\WINDOWS\system32\drivers\gmer.sys
3S HidUsb (Sterownik Microsoft klasy HID) - D:\WINDOWS\system32\drivers\hidusb.sys
3R HSFHWBS2 - D:\WINDOWS\system32\drivers\hsfbs2s2.sys
3R HSF_DP - D:\WINDOWS\system32\drivers\hsfdpsp2.sys
3S hsf_msft - D:\WINDOWS\system32\drivers\HSF_MSFT.sys
1R intelppm (Sterownik procesora Intel) - D:\WINDOWS\system32\drivers\intelppm.sys
2R K56 - D:\WINDOWS\system32\drivers\HSF_K56K.sys
2R mdmxsdk - D:\WINDOWS\system32\drivers\mdmxsdk.sys
3R nv - D:\WINDOWS\system32\drivers\nv4_mini.sys
3S Rksample - D:\WINDOWS\system32\drivers\HSF_SAMP.sys
3R smwdm - D:\WINDOWS\system32\drivers\smwdm.sys
2R SoftFax - D:\WINDOWS\system32\drivers\HSF_FAXX.sys
0R sptd - D:\WINDOWS\system32\drivers\sptd.sys
2R Tones - D:\WINDOWS\system32\drivers\HSF_TONE.sys
0R uagp35 (Filtr AGPv3.5 firmy Microsoft) - D:\WINDOWS\system32\drivers\uagp35.sys
3R usbehci (Sterownik Miniport rozszerzonego kontrolera hosta USB 2.0 Microsoft) - D:\WINDOWS\system32\drivers\usbehci.sys
2R V124 - D:\WINDOWS\system32\drivers\HSF_V124.sys
3R winachsf - D:\WINDOWS\system32\drivers\hsfcxts2.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

2R aswUpdSv (avast! iAVS4 Control Service) - "D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"
2R avast! Antivirus - "D:\Program Files\Alwil Software\Avast4\ashServ.exe"
3R avast! Mail Scanner - "D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service
3R avast! Web Scanner - "D:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service
3S Microsoft Office Groove Audit Service - "C:\OFFICE PL\Office12\GrooveAuditService.exe"
2R NVSvc (NVIDIA Display Driver Service) - D:\WINDOWS\System32\nvsvc32.exe
3S odserv (Microsoft Office Diagnostics Service) - "D:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE"
3S ose (Office Source Engine) - "D:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"


-- Files created between 2007-02-24 and 2007-03-24 -----------------------------

2007-03-24 09:57:19 80 --a------ D:\WINDOWS\gmer_uninstall.cmd<GMER_U~1.CMD>
2007-03-22 16:10:46 0 d-------- D:\Program Files\Techland
2007-03-20 16:57:20 0 d-------- D:\MAX PAYNE 1<MAXPAY~1>
2007-03-18 08:07:11 0 d-------- D:\Program Files\AC3Filter<AC3FIL~1>
2007-03-17 18:03:48 0 d-------- D:\Program Files\cFosSpeed<CFOSSP~1>
2007-03-17 13:41:09 491595 --a------ D:\WINDOWS\system32\Magentic Screensaver.scr<MAGENT~1.SCR>
2007-03-17 13:41:05 0 d-------- D:\Program Files\Magentic
2007-03-17 13:33:42 0 d-------- D:\Program Files\IncrediMail<INCRED~1>
2007-03-15 20:14:50 0 d-------- D:\My Downloads<MYDOWN~1>
2007-03-15 19:45:40 0 d-------- D:\Program Files\VS Online<VSONLI~1>
2007-03-15 16:21:19 0 d--hs---- D:\$RECYCLE.BIN
2007-03-15 15:30:16 0 d------c- D:\WINDOWS\system32\DRVSTORE
2007-03-15 15:28:24 0 d-------- D:\Program Files\DaemonTools_WhenUSave_Installer<DAEMON~2>
2007-03-13 17:42:40 0 d-------- D:\Program Files\SubEdit-Player<SUBEDI~1>
2007-03-10 17:34:01 80 --ah----- D:\WINDOWS\mapcontacts.reg<MAPCON~1.REG>
2007-03-10 17:33:56 0 d-------- D:\Program Files\MapContacts<MAPCON~1>
2007-03-10 17:33:56 0 d-------- D:\Program Files\ACT
2007-03-10 17:33:40 0 d-------- D:\WINDOWS\Downloaded Installations<DOWNLO~2>
2007-03-10 17:33:02 0 d-------- D:\Program Files\Google
2007-03-10 14:36:26 0 d-------- D:\Program Files\Last.fm


-- Find3M Report ---------------------------------------------------------------

2007-03-24 09:02:50 0 d-------- D:\Documents and Settings\okio\Dane aplikacji\uTorrent
2007-03-23 19:58:42 0 d-------- D:\Program Files\Mozilla Firefox<MOZILL~1>
2007-03-23 17:49:32 0 d-------- D:\Program Files\NAPI-PROJEKT<NAPI-P~1>
2007-03-23 15:53:32 0 d-------- D:\Documents and Settings\okio\Dane aplikacji\Skype
2007-03-22 16:12:37 0 d--h----- D:\Program Files\InstallShield Installation Information<INSTAL~1>
2007-03-22 16:12:17 0 d---s---- D:\Documents and Settings\okio\Dane aplikacji\Microsoft<MICROS~1>
2007-03-22 16:02:52 0 d-------- D:\Program Files\Common Files\InstallShield<INSTAL~1>
2007-03-20 22:39:48 0 d-------- D:\Documents and Settings\okio\Dane aplikacji\Tlen.pl
2007-03-17 13:36:34 0 d-------- D:\Documents and Settings\okio\Dane aplikacji\Real
2007-03-15 20:15:20 0 d-------- D:\Program Files\BearShare<BEARSH~1>
2007-03-10 17:33:32 0 d-------- D:\Documents and Settings\okio\Dane aplikacji\Google
2007-03-10 12:35:31 0 d-------- D:\Program Files\Neostrada TP<NEOSTR~1>
2007-02-11 12:09:00 0 d-------- D:\Program Files\Ultra RM Converter<ULTRAR~1>
2007-02-11 10:29:47 0 d-------- D:\Program Files\MyPortal
2007-02-10 19:30:45 0 d-------- D:\Program Files\Deluxe Ski Jump 3<DELUXE~1>
2007-02-10 17:57:30 0 d-------- D:\Program Files\Foxit Software<FOXITS~1>
2007-02-09 15:56:37 0 d-------- D:\Program Files\Rapidown
2007-02-05 18:29:04 0 d-------- D:\Documents and Settings\okio\Dane aplikacji\Desktop Sidebar<DESKTO~1>
2007-02-05 18:25:32 0 d-------- D:\Program Files\Desktop Sidebar<DESKTO~1>
2007-02-05 18:04:00 0 d-------- D:\Program Files\uTorrent
2007-02-05 17:26:40 47927 --a------ D:\WINDOWS\BricoPackUninst.cmd<BRICOP~2.CMD>
2007-02-05 17:26:40 2145 --a------ D:\WINDOWS\BricoPackFoldersDelete.cmd<BRICOP~1.CMD>
2007-02-05 17:26:39 219648 --a------ D:\WINDOWS\system32\uxtheme.dll
2007-02-04 10:06:05 0 d-------- D:\Program Files\The All-Seeing Eye<THEALL~1>
2007-02-03 13:49:20 0 d-------- D:\Program Files\Common Files\Ahead
2007-02-01 16:34:16 0 d-------- D:\Program Files\Skype
2007-02-01 16:34:15 0 d-------- D:\Program Files\Common Files\Skype
2007-01-29 18:34:26 359856 --a------ D:\WINDOWS\system32\perfh015.dat
2007-01-29 18:34:25 51304 --a------ D:\WINDOWS\system32\perfc015.dat
2007-01-29 18:29:18 0 d-------- D:\Program Files\Microsoft Works<MICROS~3>
2007-01-29 18:28:59 0 d-------- D:\Program Files\MSBuild
2007-01-27 22:06:04 0 d-------- D:\Program Files\tosearch
2007-01-27 18:55:43 0 d-------- D:\Program Files\Alwil Software<ALWILS~1>
2007-01-27 18:02:15 0 d-------- D:\Documents and Settings\okio\Dane aplikacji\MksVir2007<MKSVIR~1>
2007-01-27 17:42:57 0 d-------- D:\Program Files\Samurize
2007-01-27 11:28:45 0 d-------- D:\Program Files\Tlen.pl
2007-01-26 19:21:01 0 d-------- D:\Program Files\Naprawiacz<NAPRAW~1>
2007-01-26 18:56:54 0 d-------- D:\Documents and Settings\okio\Dane aplikacji\vlc
2007-01-26 18:55:44 0 d-------- D:\Program Files\VideoLAN
2007-01-26 18:26:07 0 d-------- D:\Program Files\Real Alternative<REALAL~1>
2007-01-26 18:26:04 0 d-------- D:\Program Files\Media Player Classic<MEDIAP~1>
2007-01-26 14:26:47 5 --ahs---- D:\WINDOWS\system32\bffeaeef_s.dll<BFFEAE~1.DLL>
2007-01-26 12:54:09 0 d-------- D:\Program Files\Lavalys
2007-01-25 20:48:56 0 d-------- D:\Program Files\Messenger<MESSEN~1>
2007-01-25 20:48:32 0 d-------- D:\Program Files\Movie Maker<MOVIEM~1>
2007-01-25 20:45:04 0 d-------- D:\Program Files\Windows NT<WINDOW~1>
2007-01-25 19:24:38 50688 --a------ D:\WINDOWS\system32\wbhelp2.dll
2007-01-23 14:44:55 44 --a------ D:\WINDOWS\system32\msssc.dll
2007-01-18 16:43:56 1604 --a------ D:\WINDOWS\pcwKoe.BAT
2007-01-15 18:32:07 689280 --a------ D:\WINDOWS\system32\aswBoot.exe
2007-01-14 20:27:52 1168 --a------ D:\WINDOWS\mozver.dat
2007-01-14 19:32:41 0 --a------ D:\WINDOWS\nsreg.dat
2007-01-14 19:02:54 21856 --a------ D:\WINDOWS\system32\emptyregdb.dat<EMPTYR~1.DAT>
2007-01-14 18:54:54 62 --ahs---- D:\Documents and Settings\okio\Dane aplikacji\desktop.ini
2007-01-12 12:18:55 90112 --a------ D:\WINDOWS\system32\AVASTSS.scr


-- Registry Dump ---------------------------------------------------------------


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"SpeedX"="D:\\PROGRA~1\\MyPortal\\Speed-X\\SpeedX.exe"
"ctfmon.exe"="D:\\WINDOWS\\system32\\ctfmon.exe"
"Komunikator"="D:\\Program Files\\Tlen.pl\\tlen.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="RUNDLL32.EXE D:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"avast!"="D:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^okio^Menu Start^Programy^Autostart^Client Default.lnk]
"path"="D:\\Documents and Settings\\okio\\Menu Start\\Programy\\Autostart\\Client Default.lnk"
"backup"="D:\\WINDOWS\\pss\\Client Default.lnkStartup"
"location"="Startup"
"command"="D:\\Program Files\\Samurize\\Client.exe i=Default"
"item"="Client Default"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^okio^Menu Start^Programy^Autostart^Microsoft Office Groove.lnk]
"path"="D:\\Documents and Settings\\okio\\Menu Start\\Programy\\Autostart\\Microsoft Office Groove.lnk"
"backup"="D:\\WINDOWS\\pss\\Microsoft Office Groove.lnkStartup"
"location"="Startup"
"command"="C:\\OFFICE~2\\Office12\\GROOVE.EXE -background"
"item"="Microsoft Office Groove"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^okio^Menu Start^Programy^Autostart^Rapidown.lnk]
"path"="D:\\Documents and Settings\\okio\\Menu Start\\Programy\\Autostart\\Rapidown.lnk"
"backup"="D:\\WINDOWS\\pss\\Rapidown.lnkStartup"
"location"="Startup"
"command"="D:\\PROGRA~1\\Rapidown\\rapidown.exe rapstart.startup"
"item"="Rapidown"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CloneCDTray"
"hkey"="HKLM"
"command"="\"C:\\Nowy folder\\CloneCD\\CloneCDTray.exe\" /s"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ctfmon"
"hkey"="HKCU"
"command"="D:\\WINDOWS\\system32\\ctfmon.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="daemon"
"hkey"="HKLM"
"command"="\"D:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GrooveMonitor"
"hkey"="HKLM"
"command"="\"C:\\OFFICE PL\\Office12\\GrooveMonitor.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IncrediMail]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="IncMail"
"hkey"="HKCU"
"command"="D:\\Program Files\\IncrediMail\\bin\\IncMail.exe /c"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Komunikator]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="tlen"
"hkey"="HKCU"
"command"="D:\\Program Files\\Tlen.pl\\tlen.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Magentic]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Magentic"
"hkey"="HKCU"
"command"="D:\\PROGRA~1\\Magentic\\bin\\Magentic.exe /c"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"D:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="D:\\WINDOWS\\system32\\NeroCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NvMcTray"
"hkey"="HKLM"
"command"="RUNDLL32.EXE D:\\WINDOWS\\System32\\NvMcTray.dll,NvTaskbarInit"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Skype"
"hkey"="HKCU"
"command"="\"D:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedTouch USB Diagnostics]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Dragdiag"
"hkey"="HKLM"
"command"="\"D:\\Program Files\\Thomson\\SpeedTouch USB\\Dragdiag.exe\" /icon"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"W32Time"=dword:00000002


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"="Groove GFS Stub Execution Hook"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="D:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="D:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0



-- End of ComboScan: finished at 2007-03-24 at 10:29:55 ------------------------

comboscan 2

ComboScan v20070306.20 run by okio on 2007-03-24 at 10:28:52
Supplementary logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: Polish

CPU 0: Intel(R) Pentium(R) 4 CPU 2.00GHz
Percentage of Memory in Use: 37%
Physical Memory (total/avail): 509.33 MiB / 319.55 MiB
Pagefile Memory (total/avail): 1245.98 MiB / 1057.27 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1973.03 MiB

C: is Fixed (NTFS) - 27.35 GiB total, 1.66 GiB free.
D: is Fixed (NTFS) - 9.91 GiB total, 1.53 GiB free.
E: is CDROM (No Media)
F: is CDROM (No Media)
G: is CDROM (CDFS)


-- Security Center -------------------------------------------------------------

Windows Internal Firewall is enabled.


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=D:\Documents and Settings\All Users
APPDATA=D:\Documents and Settings\okio\Dane aplikacji
CLIENTNAME=Console
CommonProgramFiles=D:\Program Files\Common Files
COMPUTERNAME=67Y8HJ-8ISK8XEQ
ComSpec=D:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=D:
HOMEPATH=\Documents and Settings\okio
LOGONSERVER=\\67Y8HJ-8ISK8XEQ
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=D:\WINDOWS\system32;D:\WINDOWS;D:\WINDOWS\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 4, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0204
ProgramFiles=D:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=D:
SystemRoot=D:\WINDOWS
TEMP=D:\DOCUME~1\okio\USTAWI~1\Temp
TMP=D:\DOCUME~1\okio\USTAWI~1\Temp
USERDOMAIN=67Y8HJ-8ISK8XEQ
USERNAME=okio
USERPROFILE=D:\Documents and Settings\okio
windir=D:\WINDOWS


-- User Profiles ---------------------------------------------------------------

okio (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{8C14DD20-08C7-11D6-9214-005004BFABB8}\Setup.exe" -uninst
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 D:\WINDOWS\INF\PCHealth.inf
AC3Filter (remove only) --> D:\Program Files\AC3Filter\uninstall.exe
Adobe Flash Player 9 ActiveX --> D:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
ALLPlayer V2.4 --> "D:\Program Files\MarBit\ALLPlayer\unins001.exe"
Archiwizator WinRAR --> D:\Program Files\WinRAR\uninstall.exe
µTorrent --> "D:\Program Files\uTorrent\uninstall.exe"
avast! Antivirus --> rundll32 D:\PROGRA~1\ALWILS~1\Avast4\Setup\setiface.dll,RunSetup
BearShare --> D:\PROGRA~1\BEARSH~1\UNWISE.EXE D:\PROGRA~1\BEARSH~1\INSTALL.LOG
CloneCD --> "C:\Nowy folder\CloneCD\ccd-uninst.exe" /D="C:\Nowy folder\CloneCD"
Deluxe Ski Jump 3 v1.5.0 --> "C:\Deluxe Ski Jump 3\Uninstall\unins000.exe"
Desktop Sidebar --> MsiExec.exe /I{A92D7264-1A13-45BE-B769-88445DD04FD6}
English Translator XT --> D:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{6F89200D-9C19-42F7-A056-640C9D4C158C}
EVEREST Home Edition v2.20 --> "D:\Program Files\Lavalys\EVEREST Home Edition\unins000.exe"
FlashGet(Jetcar) 1.81 --> C:\PROGRA~1\FlashGet\_UNWISE.EXE
Foxit Reader --> D:\Program Files\Foxit Software\Foxit Reader\Uninstall.exe
GameSpy Arcade --> C:\GAMESP~1\UNWISE.EXE C:\GAMESP~1\INSTALL.LOG
HijackThis 1.99.1 --> D:\Documents and Settings\okio\Ustawienia lokalne\Temp\Katalog tymczasowy 1 dla hijackthis_199.zip\HijackThis.exe /uninstall
IncrediMail JunkFilter Plus --> D:\PROGRA~1\INCRED~1\bin\imsetup.exe /remove /addon:JunkFilterPlus
IncrediMail Xe --> D:\PROGRA~1\INCRED~1\bin\imsetup.exe /remove /addon:IncrediMail /log:IncMail.log
Java 2 Runtime Environment, SE v1.4.0_03 --> RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{AC1E4C93-C1E7-11D6-9D10-00010240CE95}\Setup.exe" Anytext
KoktajlBar --> RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{8C14DD20-08C7-11D6-9214-005004BFABB8}\Setup.exe"
Last.fm 1.1.3.0 --> "D:\Program Files\Last.fm\unins000.exe"
Magentic --> D:\PROGRA~1\Magentic\bin\mgsetup.exe /remove /addon:Magentic
MapContacts 2.5 --> MsiExec.exe /I{F4C0B7EE-8DE2-4BD3-B193-F3C3D4FA5231}
Max Payne 2 --> RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{EFE1AB94-5466-4B6E-BE31-FF4C115FD25D}\setup.exe" -l0x9
Microsoft Office Access MUI (Polish) 2007 --> MsiExec.exe /X{90120000-0015-0415-0000-0000000FF1CE}
Microsoft Office Enterprise 2007 --> "D:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (Polish) 2007 --> MsiExec.exe /X{90120000-0016-0415-0000-0000000FF1CE}
Microsoft Office Groove MUI (Polish) 2007 --> MsiExec.exe /X{90120000-00BA-0415-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (Polish) 2007 --> MsiExec.exe /X{90120000-0044-0415-0000-0000000FF1CE}
Microsoft Office OneNote MUI (Polish) 2007 --> MsiExec.exe /X{90120000-00A1-0415-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Polish) 2007 --> MsiExec.exe /X{90120000-001A-0415-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Polish) 2007 --> MsiExec.exe /X{90120000-0018-0415-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007 --> MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Polish) 2007 --> MsiExec.exe /X{90120000-001F-0415-0000-0000000FF1CE}
Microsoft Office Proofing (Polish) 2007 --> MsiExec.exe /X{90120000-002C-0415-0000-0000000FF1CE}
Microsoft Office Publisher MUI (Polish) 2007 --> MsiExec.exe /X{90120000-0019-0415-0000-0000000FF1CE}
Microsoft Office Shared MUI (Polish) 2007 --> MsiExec.exe /X{90120000-006E-0415-0000-0000000FF1CE}
Microsoft Office Word MUI (Polish) 2007 --> MsiExec.exe /X{90120000-001B-0415-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Mozilla Firefox (2.0.0.2) --> d:\progra~1\Mozilla Firefox\uninstall\helper.exe
Mozilla Firefox (2.0.0.3) --> D:\Program Files\Mozilla Firefox\uninstall\helper.exe
NAPIPROJEKT 1.0.4.3 --> "D:\Program Files\NAPI-PROJEKT\unins000.exe"
Naprawiacz 1.31 --> "D:\Program Files\Naprawiacz\unins000.exe"
Neostrada TP --> D:\PROGRA~1\NEOSTR~1\SondageDesinstallation.exe
Nero 6 Enterprise Edition --> C:\nero\nero\uninstall\UNNERO.exe /UNINSTALL
NVIDIA Drivers --> D:\WINDOWS\System32\nvudisp.exe UninstallGUI
Opera 9.10 --> MsiExec.exe /X{750B9AD1-4C63-4143-94C5-6FB304199BAD}
Pack Vista Inspirat 1.1 --> D:\WINDOWS\BricoPacks\Vista Inspirat\Remove.exe
Rapidown 5.9 SE - http://www.rapidown.com.br --> D:\Program Files\Rapidown\rapidown.exe rapcmd.uninstall
Real Alternative 1.51 --> "D:\Program Files\Real Alternative\unins000.exe"
Skin Creator --> D:\PROGRA~1\INCRED~1\UNWISE.EXE D:\PROGRA~1\INCRED~1\SkinCreator.LOG
Skype 3.0 --> "D:\Program Files\Skype\Phone\unins000.exe"
Skype Plugin Manager --> MsiExec.exe /I{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03}
Speed-X (uninstall) --> "D:\Program Files\MyPortal\Speed-X\uninstall.exe"
SpeedTouch USB Software --> RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{D41FAAA9-8048-4906-86B2-9AADEA1FA0B7}\setup.exe" /l0009 -Control_Panel
SubEdit-Player --> "D:\Program Files\SubEdit-Player\unins000.exe"
Tlen.pl --> "D:\Program Files\Tlen.pl\uninstall.exe"
ToSearch 1.0 --> "D:\Program Files\ToSearch\unins000.exe"
Ultra RM Converter 2.1.8 --> "D:\Program Files\Ultra RM Converter\unins000.exe"
VideoLAN VLC media player 0.8.6a --> D:\Program Files\VideoLAN\VLC\uninstall.exe


-- End of ComboScan: finished at 2007-03-24 at 10:29:55 ------------------------

[wojtas]

do kasacji w trybie awaryjnym z wylaczonym przywracaniem systemu:

D:\Program Files\DaemonTools_WhenUSave_Installer

ten na dole przsekanuj

http://virusscan.jotti.org/

D:\WINDOWS\system32\bffeaeef_s.dll

i daj rowniez raport

[rozmyty]

D:\WINDOWS\system32\bffeaeef_s.dll

Kod: Zaznacz wszystko

Scan taken on 24 Mar 2007 18:41:35 (GMT)
AntiVir    
Found nothing
ArcaVir    
Found nothing
Avast    
Found nothing
AVG Antivirus    
Found nothing
BitDefender    
Found nothing
ClamAV    
Found nothing
Dr.Web    
Found nothing
F-Prot Antivirus    
Found nothing
F-Secure Anti-Virus    
Found nothing
Fortinet    
Found nothing
Kaspersky Anti-Virus    
Found nothing
NOD32    
Found nothing
Norman Virus Control    
Found nothing
Panda Antivirus    
Found nothing
VirusBuster    
Found nothing
VBA32    
Found nothing

czyli plik czysty

[wojtas]

w logu nic nie widac jak tam temperatury??

[rozmyty]

sorry że tak długo

Właściwości czujnika:
Typ czujnika Winbond W83627THF (ISA 290h)
Nazwa płyty głównej Asus P4V800-X / P4V8X-X

Temperatury:
Płyta główna 36 °C (97 °F)
Procesor 40 °C (104 °F)
WDC WD400LB-55DNA0 38 °C (100 °F)

Wentylatory:
Procesor 2872 RPM

Wartości napięć:
Napięcie rdzenia procesora 1.54 V
+3.3 V 3.25 V
+5 V 5.03 V
+12 V 11.86 V
+5 V podczas wstrzymania pracy 5.00 V
Debug Info F FF EB FF
Debug Info T 36 40 208
Debug Info V 60 C3 CB BB FF FD F9 (03)

[wojtas]

tak samo sadze ze jest ok

Autor postu otrzymał pochwałę

[rozmyty]

tak samo sadze ze jest ok

ale nadal się wyłącza(dzisiaj jak narazie tylko raz)

[ Dodano: Dzisiaj o 19:12 ]
okej dzieki za wszelką pomoc ale poradziłem sobie sam.