problem z pracą komputera

[AmAtoR]

Witam Serdecznie
moj problem polega na tym ze podczas pracy na komputerze następują objawy takie jak przy błędzie procesu "expolrer.exe" różnica polega na tym że przez chwile pojawia sie komunikat : "konfigurowanie ustawień spersonalizowanych" po tym błędzie internet chwile działa następnie potem niby jest połączony ale nie ładuje stron



oto log z Hijacthis :

Kod: Zaznacz wszystko

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:17:57, on 2008-05-03
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\mozilla.org\Mozilla\mozilla.exe
D:\instalki\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [FinePrint Dyspozytor v5] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" /source=HKLM
O4 - HKCU\..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKCU\..\Run: [C:\Program Files\NetMeter\NetMeter.exe] C:\Program Files\NetMeter\NetMeter.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Wyślij do interfejsu &Bluetooth - C:\Program Files\WIDCOMM\Oprogramowanie interfejsu Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Oprogramowanie interfejsu Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Oprogramowanie interfejsu Bluetooth\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - cdweb:/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{963521BB-76CE-4961-8331-569EC3919AC9}: NameServer = 86.63.129.29,194.204.159.1
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Radmin Server V3 (RServer3) - Famatech International Corp. - C:\WINDOWS\system32\rserver30\RServer3.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 5461 bytes


jak można temu zaradzić
pisze bardzo niestarannie ponieważ błąd pojawia sie cyklicznie co jakies poltorej minuty;/

[wojtas]

Wykonaj to co jest podane w tym temacie

Zastosuj SDFix . Po pobraniu uruchom go a rozpakuje się do C:\SDFix. Uruchom komputer w trybie awaryjnym (F8 przy stracie systemu). Będąc w awaryjnym uruchom plik RunThis.bat z folderu SDFixa. Zatwierdź czyszczenie przez Y. Poczekaj aż ukończy i komputer zresetuje

Potem wejdz do folderu C:\SDFix wrzuc zawartość pliku Report.txt + log z combofixa

[AmAtoR]

log z SDfix-a

Kod: Zaznacz wszystko

[b]SDFix: Version 1.178 [/b]
Run by WSOL on 2008-05-03 at 20:32

Microsoft Windows XP [Wersja 5.1.2600]
Running From: C:\sdfix\SDFix

[b]Checking Services [/b]:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting


[b]Checking Files [/b]:

Trojan Files Found:

C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe  - Deleted





Removing Temp Files

[b]ADS Check [/b]:



                                 [b]Final Check [/b]:

catchme 0.3.1353.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-03 20:44:07
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:39,2a,c5,aa,2b,be,02,0c,61,e9,41,18,0e,64,c4,9f,af,b2,88,af,7b,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,3c,74,57,2b,cd,3d,32,ed,9c,17,26,81,20,6e,3a,54,52,..
"khjeh"=hex:35,b4,63,60,00,2d,11,ce,e7,56,a0,41,02,1f,f6,1a,22,4d,db,5e,02,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:23,42,f0,54,f0,3a,bf,fc,08,d1,72,18,2c,74,58,73,09,e1,5d,ec,5d,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:39,2a,c5,aa,2b,be,02,0c,61,e9,41,18,0e,64,c4,9f,af,b2,88,af,7b,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,3c,74,57,2b,cd,3d,32,ed,9c,17,26,81,20,6e,3a,54,52,..
"khjeh"=hex:35,b4,63,60,00,2d,11,ce,e7,56,a0,41,02,1f,f6,1a,22,4d,db,5e,02,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:23,42,f0,54,f0,3a,bf,fc,08,d1,72,18,2c,74,58,73,09,e1,5d,ec,5d,..

scanning hidden registry entries ...

scanning hidden files ...

C:\WINDOWS\pchealth\helpctr\DataColl\CollectedData_14.xml 33806 bytes

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 1


[b]Remaining Services [/b]:




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\WapSter\\AQQ\\AQQ.exe"="C:\\Program Files\\WapSter\\AQQ\\AQQ.exe:*:Enabled:P2P AQQ"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:uTorrent"
"D:\\gry\\q3\\quake3.exe"="D:\\gry\\q3\\quake3.exe:*:Enabled:quake3"
"C:\\Program Files\\Nero\\Nero ControlCenter\\SetupX.exe"="C:\\Program Files\\Nero\\Nero ControlCenter\\SetupX.exe:*:Enabled:Nero ControlCenter"
"C:\\Documents and Settings\\WSOL\\Dane aplikacji\\Thinstall\\APCS3E\\4000005700003i\\mDNSResponder.exe"="C:\\Documents and Settings\\WSOL\\Dane aplikacji\\Thinstall\\APCS3E\\4000005700003i\\mDNSResponder.exe:*:Enabled:mDNSResponder"
"C:\\Program Files\\SopCast\\adv\\SopAdver.exe"="C:\\Program Files\\SopCast\\adv\\SopAdver.exe:*:Enabled:SopCast Adver"
"C:\\Program Files\\SopCast\\SopCast.exe"="C:\\Program Files\\SopCast\\SopCast.exe:*:Enabled:SopCast Main Application"
"C:\\Program Files\\SopCast\\sopvod.exe"="C:\\Program Files\\SopCast\\sopvod.exe:*:Enabled:sopvod"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer"
"C:\\Program Files\\Mozilla Thunderbird\\thunderbird.exe"="C:\\Program Files\\Mozilla Thunderbird\\thunderbird.exe:*:Enabled:Mozilla Thunderbird"
"C:\\Program Files\\EA GAMES\\Battlefield 1942\\BF1942.exe"="C:\\Program Files\\EA GAMES\\Battlefield 1942\\BF1942.exe:*:Enabled:BF1942"
"C:\\Program Files\\ChomikBox\\ChomikBox.exe"="C:\\Program Files\\ChomikBox\\ChomikBox.exe:*:Enabled:ChomikBox"
"C:\\WINDOWS\\system32\\rserver30\\rserver3.exe"="C:\\WINDOWS\\system32\\rserver30\\rserver3.exe:*:Enabled:Radmin Server 3"
"C:\\Program Files\\Windows Media Player\\wmplayer.exe"="C:\\Program Files\\Windows Media Player\\wmplayer.exe:*:Enabled:wmplayer.exe"
"C:\\Program Files\\AIMP2\\AIMP2.exe"="C:\\Program Files\\AIMP2\\AIMP2.exe:*:Enabled:AIMP2.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[b]Remaining Files [/b]:


File Backups: - C:\sdfix\SDFix\backups\backups.zip

[b]Files with Hidden Attributes [/b]:

Wed  4 Aug 2004        93,184 A.SH. --- "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
Wed 13 Oct 2004     1,694,208 ..SH. --- "C:\Program Files\Messenger\msmsgs.exe"
Wed  4 Aug 2004        60,928 A.SH. --- "C:\Program Files\Outlook Express\msimn.exe"
Tue  4 Mar 2008         4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Wed  4 Aug 2004        73,728 A.SH. --- "C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\wmplayer.exe"

[b]Finished![/b]



log z combofixa

Kod: Zaznacz wszystko

ComboFix 08-05-01.3 - WSOL 2008-05-03 20:51:36.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1250.1.1045.18.57 [GMT 2:00]
Running from: C:\Documents and Settings\WSOL\Pulpit\ComboFix.exe
* Created a new restore point

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

(((((((((((((((((((((((((   Files Created from 2008-04-03 to 2008-05-03  )))))))))))))))))))))))))))))))
.

2008-05-03 20:29 . 2008-05-03 20:29   <DIR>   d--------   C:\WINDOWS\ERUNT
2008-05-03 20:25 . 2008-05-03 20:25   <DIR>   d--------   C:\sdfix
2008-05-03 10:53 . 2008-05-03 10:53   204,468   --a------   C:\[u]0[/u]08.jpg
2008-04-29 21:21 . 2008-04-29 21:21   <DIR>   d--------   C:\Program Files\Orban
2008-04-22 19:55 . 2008-04-22 19:55   <DIR>   d--------   C:\Program Files\Stoper
2008-04-22 01:02 . 2008-04-22 01:02   1,219,254   --a------   C:\WINDOWS\Mozilla Wallpaper.bmp
2008-04-21 23:34 . 2008-04-21 23:35   <DIR>   d--------   C:\WINDOWS\system32\rserver30
2008-04-21 23:31 . 2008-04-21 23:31   <DIR>   d--------   C:\Documents and Settings\WSOL\Dane aplikacji\Radmin
2008-04-21 23:29 . 2008-04-22 14:52   <DIR>   d--------   C:\Documents and Settings\WSOL\Dane aplikacji\Hamachi
2008-04-21 23:28 . 2008-04-21 23:28   <DIR>   d--------   C:\Program Files\Radmin Viewer 3
2008-04-21 23:28 . 2008-04-21 23:29   <DIR>   d--------   C:\Program Files\Hamachi
2008-04-21 23:28 . 2008-04-21 23:28   25,280   --a------   C:\WINDOWS\system32\drivers\hamachi.sys
2008-04-21 20:42 . 2008-04-21 20:42   <DIR>   d--hs----   C:\WINDOWS\ftpcache
2008-04-19 18:39 . 2008-04-19 18:39   <DIR>   d--------   C:\WINDOWS\system32\Adobe
2008-04-19 17:41 . 2008-05-02 16:45   <DIR>   d--------   C:\Program Files\Numimax
2008-04-19 11:09 . 2008-04-19 11:09   89,928   --a------   C:\monety.jpg
2008-04-13 12:25 . 2008-04-13 12:25   <DIR>   d--------   C:\Program Files\PITy
2008-04-10 20:40 . 2008-03-05 10:11   323,584   ---------   C:\WINDOWS\system32\fpmon5.dll
2008-04-10 20:40 . 2008-03-10 12:14   167,936   ---------   C:\WINDOWS\system32\fpres532.dll
2008-04-06 22:54 . 2008-04-19 20:35   <DIR>   d--------   C:\Documents and Settings\WSOL\Dane aplikacji\BESTplayer

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-03 18:22   ---------   d-----w   C:\Program Files\AIMP2
2008-05-02 07:36   ---------   d-----w   C:\Documents and Settings\WSOL\Dane aplikacji\uTorrent
2008-05-01 14:36   ---------   d-----w   C:\Documents and Settings\WSOL\Dane aplikacji\U3
2008-04-29 16:20   ---------   d-----w   C:\Documents and Settings\WSOL\Dane aplikacji\OpenOffice.org2
2008-04-22 16:46   ---------   d-----w   C:\Documents and Settings\WSOL\Dane aplikacji\Thinstall
2008-04-22 16:46   ---------   d-----w   C:\Documents and Settings\WSOL\Dane aplikacji\Canon
2008-04-19 16:39   ---------   d-----w   C:\Program Files\Mozilla Thunderbird
2008-04-17 18:00   ---------   d-----w   C:\Program Files\FastStone Image Viewer
2008-03-27 22:16   ---------   d-----w   C:\Program Files\ChomikBox
2008-03-22 18:16   ---------   d--h--w   C:\Program Files\InstallShield Installation Information
2008-03-22 18:08   98,304   ----a-w   C:\WINDOWS\system32\CmdLineExt.dll
2008-03-20 08:09   1,845,504   ----a-w   C:\WINDOWS\system32\win32k.sys
2008-03-14 19:51   ---------   d-----w   C:\Program Files\ATI Technologies
2008-03-09 15:16   ---------   d-----w   C:\Program Files\NetMeter
2008-03-09 14:08   ---------   d-----w   C:\Documents and Settings\WSOL\Dane aplikacji\Thunderbird
2008-03-09 11:33   ---------   d-----w   C:\Program Files\Scribe
2008-03-09 08:58   ---------   d-----w   C:\Program Files\Common Files\InstallShield
2008-03-04 20:45   ---------   d-----w   C:\Program Files\K-Lite Codec Pack
2008-03-04 20:23   ---------   d-----w   C:\Program Files\Real
2008-03-04 20:23   ---------   d-----w   C:\Program Files\Common Files\xing shared
2008-03-04 20:22   ---------   d-----w   C:\Program Files\Common Files\Real
2008-03-04 20:03   ---------   d-----w   C:\Program Files\WMV9_VCM
2008-03-04 19:53   ---------   d-----w   C:\Program Files\SopCast
2008-02-27 22:06   73,216   ----a-w   C:\WINDOWS\ST6UNST.EXE
2008-02-27 22:06   249,856   -c----w   C:\WINDOWS\Setup1.exe
2008-02-24 07:43   98,512   -c--a-w   C:\WINDOWS\GREUninstall.exe
2008-02-20 06:51   282,624   ----a-w   C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:38   45,568   ----a-w   C:\WINDOWS\system32\dnsrslvr.dll
2008-02-16 09:05   662,016   ----a-w   C:\WINDOWS\system32\wininet.dll
2004-08-03 22:44   73,728   -csha-w   C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\wmplayer.exe
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Jet Detection"="C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe" [2001-04-20 15:52 28672]
"C:\Program Files\NetMeter\NetMeter.exe"="C:\Program Files\NetMeter\NetMeter.exe" [2007-08-11 16:50 331264]
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 11:37 2321600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"D-Link AirPlus G"="C:\Program Files\D-Link\AirPlus G\AirGCFG.exe" [2005-11-23 16:04 1544192]
"ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2005-10-19 19:19 49152]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 19:37 79224]
"SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-07-12 12:15 106496]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 21:24 32768]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-03-04 22:22 185896]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-09-12 22:10 335872]
"FinePrint Dyspozytor v5"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" [2008-03-05 10:12 516096]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:44 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 18:35 1294336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ir32"= C:\WINDOWS\system32\ir32_32.dll
"vidc.ir31"= C:\WINDOWS\system32\ir32_32.dll
"VIDC.X264"= x264vfw.dll
"VIDC.YV12"= yv12vfw.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^BTTray.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\BTTray.lnk
backup=C:\WINDOWS\pss\BTTray.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^WSOL^Menu Start^Programy^Autostart^Adobe Gamma.lnk]
path=C:\Documents and Settings\WSOL\Menu Start\Programy\Autostart\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^WSOL^Menu Start^Programy^Autostart^hamachi.lnk]
path=C:\Documents and Settings\WSOL\Menu Start\Programy\Autostart\hamachi.lnk
backup=C:\WINDOWS\pss\hamachi.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-10-10 20:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2007-08-29 17:09 171464 C:\Program Files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
-ra------ 2002-12-17 12:40 49152 C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
--a------ 2003-03-26 09:19 172032 C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HydraVisionDesktopManager]
C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
--a------ 2007-12-10 11:12 695808 C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 02:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
--a--c--- 2000-05-11 02:00 90112 C:\WINDOWS\Updreg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"helpsvc"=2 (0x2)
"SENS"=2 (0x2)
"RasMan"=3 (0x3)
"RasAuto"=3 (0x3)
"btwdins"=2 (0x2)
"Adobe LM Service"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\WapSter\\AQQ\\AQQ.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"D:\\gry\\q3\\quake3.exe"=
"C:\\Program Files\\Nero\\Nero ControlCenter\\SetupX.exe"=
"C:\\Documents and Settings\\WSOL\\Dane aplikacji\\Thinstall\\APCS3E\\4000005700003i\\mDNSResponder.exe"=
"C:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"C:\\Program Files\\SopCast\\SopCast.exe"=
"C:\\Program Files\\SopCast\\sopvod.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\Mozilla Thunderbird\\thunderbird.exe"=
"C:\\Program Files\\ChomikBox\\ChomikBox.exe"=
"C:\\WINDOWS\\system32\\rserver30\\rserver3.exe"=
"C:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"C:\\Program Files\\AIMP2\\AIMP2.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
R1 raddrvv3;raddrvv3;C:\WINDOWS\system32\rserver30\raddrvv3.sys [2007-10-31 15:30]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
R3 emu10kx;Creative EMU10K1/EMU10K2 Audio Driver (WDM);C:\WINDOWS\system32\drivers\e10kx2k.sys [2001-10-02 17:06]
R3 mirrorv3;mirrorv3;C:\WINDOWS\system32\DRIVERS\rminiv3.sys [2006-11-01 05:01]
S3 usbscan;Sterownik skanera USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 23:58]
S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 00:08]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f0c02444-b8c2-11dc-adaf-001b110a1789}]
\Shell\AutoRun\command - H:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f47272b2-d7b3-11dc-99f1-001638c0ae61}]
\Shell\AutoRun\command - H:\LaunchU3.exe

.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-03 20:54:03
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"C:\\Program Files\\NetMeter\\NetMeter.exe"="C:\\Program Files\\NetMeter\\NetMeter.exe"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\Ati2evxx.dll

PROCESS: C:\WINDOWS\explorer.exe
-> ?:\WINDOWS\System32\CSCDLL.dll
.
Completion time: 2008-05-03 20:56:45
ComboFix-quarantined-files.txt  2008-05-03 18:56:39

Pre-Run: 1,463,857,152 bajtów wolnych
Post-Run: 1,570,365,440 bajtów wolnych

171   --- E O F ---   2008-0

4-09 10:39:49


log z hijackthis

Kod: Zaznacz wszystko

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:59:09, on 2008-05-03
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\NetMeter\NetMeter.exe
C:\Program Files\mozilla.org\Mozilla\mozilla.exe
C:\WINDOWS\explorer.exe
D:\instalki\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [FinePrint Dyspozytor v5] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" /source=HKLM
O4 - HKCU\..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKCU\..\Run: [C:\Program Files\NetMeter\NetMeter.exe] C:\Program Files\NetMeter\NetMeter.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Wyślij do interfejsu &Bluetooth - C:\Program Files\WIDCOMM\Oprogramowanie interfejsu Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Oprogramowanie interfejsu Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Oprogramowanie interfejsu Bluetooth\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - cdweb:/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{963521BB-76CE-4961-8331-569EC3919AC9}: NameServer = 86.63.129.29,194.204.159.1
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Radmin Server V3 (RServer3) - Famatech International Corp. - C:\WINDOWS\system32\rserver30\RServer3.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 5834 bytes


co mogłbym pousuwać aby troszkę odciążyć komputer
po zabiegach z SDfix problem jak do tej pory zniknął.

[Magik]

co mogłbym pousuwać aby troszkę odciążyć komputer

Z autostartu moglbys wywalic update Adobe, Real, Jave i ten soft od Soundblastera

D!

[AmAtoR]

ok dzieki za pomoc wojtas Magik wszystko działa jak należy
EOT

[wojtas]

wykonaj jeszcze :

1. Ściągnij OTMoveIt i go włacz i odpal go z opcji CleanUp
2. wykonaj optymalizację windowsa
3.sciagnij ATF_Cleaner
zaznacz
Windows Temp
All users Temp
Temporary internet files
Recycle Bin
i wcisnij EMPTY SELECTED
4.Wyłącz przywracanie systemu ( właściwości mój komputer-zakładka przywracanie - wyłącz przywracanie na wszystkich dyskach). Po chwili włącz je powrotem

[Patryksid]

Log z HiJackThis

Kod: Zaznacz wszystko

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:09:06, on 2008-05-09
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ATK0100\HControl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Mario Forever Toolbar Helper - {A20854FD-DDB5-4931-8F76-D11EA2364D94} - C:\Program Files\Mario Forever Toolbar\v3.2.0.0\MarioForever_Toolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Mario Forever Toolbar - {71B6ACF7-4F0F-4FD8-BB69-6D1A4D271CB7} - C:\Program Files\Mario Forever Toolbar\v3.2.0.0\MarioForever_Toolbar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E53EA77-34F2-474E-9046-B2B0C86F1821} (OggX Control) - http://www.eska.pl/streamplayers/OggX.ocx
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1191852955125
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} - http://67.15.101.3/g_bin/pl/snooker_2_0_0_34.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 6208 bytes


Log z Combofixa

Kod: Zaznacz wszystko

ComboFix 08-05-08.1 - Jedrzej 2008-05-09 15:59:23.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1250.1.1045.18.203 [GMT 2:00]
Running from: C:\Documents and Settings\Jedrzej\Pulpit\ComboFix\ComboFix.exe
* Created a new restore point

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\clofghls.dll

.
(((((((((((((((((((((((((   Files Created from 2008-04-09 to 2008-05-09  )))))))))))))))))))))))))))))))
.

2008-05-09 15:35 . 2008-05-09 15:35   <DIR>   d--------   C:\WINDOWS\ERUNT
2008-05-09 15:31 . 2008-05-09 15:54   <DIR>   d--------   C:\SDFix
2008-05-08 12:12 . 2008-05-09 09:19   221,532   --a------   C:\nzm1.exe
2008-05-07 13:56 . 2008-05-07 13:56   <DIR>   d--------   C:\Program Files\MSXML 6.0
2008-05-07 13:54 . 2008-05-07 13:54   <DIR>   d--------   C:\Program Files\MSXML 4.0
2008-05-07 13:54 . 2004-08-04 00:44   221,184   --a------   C:\WINDOWS\system32\wmpns.dll
2008-05-07 13:54 . 2008-05-07 13:55   1,355   --a------   C:\WINDOWS\imsins.BAK
2008-05-06 20:46 . 2008-03-01 15:02   63,488   -----c---   C:\WINDOWS\system32\dllcache\icardie.dll
2008-05-06 10:26 . 2008-05-06 10:50   254,464   --a------   C:\nzm4.exe
2008-05-05 18:32 . 2008-05-05 18:38   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help
2008-04-12 16:50 . 2008-04-12 16:50   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\Age of Empires 3
2008-04-12 00:18 . 2008-04-12 06:08   686,370,816   ---------   C:\F1Challenge2007.iso

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-04 18:24   ---------   d-----w   C:\Documents and Settings\Jedrzej\Dane aplikacji\Skype
2008-04-28 15:27   ---------   d-----w   C:\Documents and Settings\Jedrzej\Dane aplikacji\uTorrent
2008-04-27 18:27   ---------   d--h--w   C:\Program Files\InstallShield Installation Information
2008-04-05 18:26   ---------   d-----w   C:\Program Files\Outsim
2008-04-03 17:38   ---------   d-----w   C:\Program Files\Gadu-Gadu
2008-03-21 17:05   ---------   d-----w   C:\Program Files\CCleaner
2008-03-21 16:59   25,992   ----a-w   C:\WINDOWS\system32\pgdfgsvc.exe
2008-03-20 21:19   ---------   d-----w   C:\Program Files\Winamp
2008-03-20 15:22   ---------   d-----w   C:\Documents and Settings\Jedrzej\Dane aplikacji\GanymedeNet
2008-03-20 14:54   ---------   d-----w   C:\Program Files\Ganymede
2008-03-01 13:02   826,368   ----a-w   C:\WINDOWS\system32\wininet.dll
2008-02-24 21:36   407,129   ----a-w   C:\WINDOWS\MarioForever_Toolbar_Uninstaller_656.exe
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-05 19:19 68856]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2005-03-07 23:30 77824 C:\WINDOWS\SOUNDMAN.EXE]
"HControl"="C:\WINDOWS\ATK0100\HControl.exe" [2005-07-28 22:29 102400]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2005-10-21 15:28 82009]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-10-21 15:26 761945]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-07-15 15:25 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-07-15 15:24 118784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 10:17 1241088]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoInstrumentation"= 0 (0x0)

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Synchronizer.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\amva]
C:\WINDOWS\system32\amvo.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
--a------ 2007-12-04 15:00 79224 C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 00:44 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu]
--a------ 2007-11-14 12:54 2131392 C:\Program Files\Gadu-Gadu\gg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-02-16 23:11 49152 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 16:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
--a------ 2007-06-18 15:10 271360 C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2004-11-02 21:24 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2006-09-07 16:51 49263 C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-10-05 19:19 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ToolBoxFX]
--a------ 2006-06-15 08:43 49152 C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Gadu-Gadu\\gg.exe"=
"D:\\Patryk\\LimeWire\\LimeWire.exe"=
"D:\\Patryk\\SopCast\\SopCast.exe"=
"C:\\Documents and Settings\\Jedrzej\\Dane aplikacji\\SopCast\\adv\\SopAdver.exe"=
"D:\\Patryk\\totalcmd\\TOTALCMD.EXE"=
"C:\\Program Files\\FlashFXP\\FlashFXP.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"D:\\Patryk\\SopCast\\adv\\SopAdver.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"D:\\Patryk\\Gry\\Age of Empires III\\age3.exe"=
"D:\\Patryk\\Gry\\Age of Empires III\\age3x.exe"=
"D:\\Patryk\\Gry\\Age of Empires III\\age3y.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10135:TCP"= 10135:TCP:BitComet 10135 TCP
"10135:UDP"= 10135:UDP:BitComet 10135 UDP
"12789:TCP"= 12789:TCP:BitComet 12789 TCP
"12789:UDP"= 12789:UDP:BitComet 12789 UDP
"54321:TCP"= 54321:TCP:BitComet 54321 TCP
"54321:UDP"= 54321:UDP:BitComet 54321 UDP

R0 rmedia;Ricoh MediaCard Driver;C:\WINDOWS\system32\DRIVERS\rmedia.sys [2003-10-20 19:09]
S3 HPFXBULK;HPFXBULK;C:\WINDOWS\system32\drivers\hpfxbulk.sys [2006-06-12 12:36]
S3 usbscan;Sterownik skanera USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 00:08]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1d18d54e-c7fc-11dc-bccd-00150001e28a}]
\Shell\AutoRun\command - F:\dosocom.com
\Shell\explore\Command - F:\dosocom.com
\Shell\open\Command - F:\dosocom.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{260fa8f4-7ee9-11dc-bbff-00150001e28a}]
\Shell\AutoRun\command - EXPLORER.EXE
\Shell\explore\Command - EXPLORER.EXE
\Shell\open\Command - EXPLORER.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2e5e4f9a-decd-11db-ba5a-00150001e28a}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5ea9c8df-cb24-11dc-bcd3-00150001e28a}]
\Shell\AutoRun\command - F:\dosocom.com
\Shell\explore\Command - F:\dosocom.com
\Shell\open\Command - F:\dosocom.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6a6bb0de-0e18-11dc-baa9-00150001e28a}]
\Shell\AutoRun\command - EXPLORER.EXE
\Shell\explore\Command - EXPLORER.EXE
\Shell\open\Command - EXPLORER.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6a6bb0df-0e18-11dc-baa9-00150001e28a}]
\Shell\Auto\command - setup.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6a6bb0e2-0e18-11dc-baa9-00150001e28a}]
\Shell\Auto\command - setup.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c81afceb-7b09-11dc-bbeb-00150001e28a}]
\Shell\AutoRun\command - G:\USBNB.exe

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-09 16:01:33
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-05-09 16:02:54
ComboFix-quarantined-files.txt  2008-05-09 14:02:42

Pre-Run: 12,004,237,312 bajtów wolnych
Post-Run: 12,290,510,848 bajtów wolnych

157   --- E O F ---   2008-05-07 12:01:20


Log z SDfixa

Kod: Zaznacz wszystko

[b]SDFix: Version 1.181 [/b]
Run by Jedrzej on 2008-05-09 at 15:39

Microsoft Windows XP [Wersja 5.1.2600]
Running From: C:\SDFix

[b]Checking Services [/b]:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting


[b]Checking Files [/b]:

Trojan Files Found:

C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise.exe  - Deleted





Removing Temp Files

[b]ADS Check [/b]:



                                 [b]Final Check [/b]:

catchme 0.3.1359.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-09 15:49:25
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="D:\Patryk\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:ca,32,39,b6,ea,70,c3,75,dc,af,0b,36,2d,38,07,cb,73,de,0c,21,c5,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,1a,cb,a5,e1,93,46,50,69,fe,da,c3,3b,2a,81,9b,5b,1c,..
"khjeh"=hex:df,81,53,88,b8,8d,95,d3,52,f8,82,c9,a4,fa,16,30,38,ea,21,2a,02,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:b7,dc,d8,7c,e4,5e,35,00,f8,8c,77,db,fe,e7,95,74,c5,a0,4e,75,f1,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:0a,8b,64,f9,82,86,d7,24,f6,83,bc,c0,1f,a1,3d,3f,b6,75,a2,7f,90,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:db,bc,d4,df,18,02,d7,4e,40,ec,3a,dc,43,23,b8,e5,c5,c3,e4,21,11,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s0"=dword:8ce494f2
"s1"=dword:0a7eb3a2
"s2"=dword:51176b21
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="D:\Patryk\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:ca,32,39,b6,ea,70,c3,75,dc,af,0b,36,2d,38,07,cb,73,de,0c,21,c5,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,1a,cb,a5,e1,93,46,50,69,fe,da,c3,3b,2a,81,9b,5b,1c,..
"khjeh"=hex:74,34,27,bc,cd,41,6a,50,20,d0,83,a7,e3,30,88,2a,72,30,58,07,23,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:06,d4,8c,dd,8c,19,22,ee,92,d3,a7,db,1e,6f,0a,12,2b,2d,07,c7,78,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:f2,8d,a0,b6,99,97,8d,c0,12,5b,3e,a6,65,7d,bf,38,a3,23,13,8e,1c,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:db,bc,d4,df,18,02,d7,4e,40,ec,3a,dc,43,23,b8,e5,c5,c3,e4,21,11,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="D:\Patryk\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:ca,32,39,b6,ea,70,c3,75,dc,af,0b,36,2d,38,07,cb,73,de,0c,21,c5,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,1a,cb,a5,e1,93,46,50,69,fe,da,c3,3b,2a,81,9b,5b,1c,..
"khjeh"=hex:74,34,27,bc,cd,41,6a,50,20,d0,83,a7,e3,30,88,2a,72,30,58,07,23,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:06,d4,8c,dd,8c,19,22,ee,92,d3,a7,db,1e,6f,0a,12,2b,2d,07,c7,78,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:f2,8d,a0,b6,99,97,8d,c0,12,5b,3e,a6,65,7d,bf,38,a3,23,13,8e,1c,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:db,bc,d4,df,18,02,d7,4e,40,ec,3a,dc,43,23,b8,e5,c5,c3,e4,21,11,..

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


[b]Remaining Services [/b]:




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Gadu-Gadu\\gg.exe"="C:\\Program Files\\Gadu-Gadu\\gg.exe:*:Enabled:Gadu-Gadu - program gˆ˘wny"
"D:\\Patryk\\LimeWire\\LimeWire.exe"="D:\\Patryk\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"D:\\Patryk\\uTorrent\\utorrent.exe"="D:\\Patryk\\uTorrent\\utorrent.exe:*:Enabled:uTorrent"
"D:\\Patryk\\SopCast\\SopCast.exe"="D:\\Patryk\\SopCast\\SopCast.exe:*:Enabled:SopCast Main Application"
"C:\\Documents and Settings\\Jedrzej\\Dane aplikacji\\SopCast\\adv\\SopAdver.exe"="C:\\Documents and Settings\\Jedrzej\\Dane aplikacji\\SopCast\\adv\\SopAdver.exe:*:Enabled:SopCast Adver"
"D:\\Patryk\\totalcmd\\TOTALCMD.EXE"="D:\\Patryk\\totalcmd\\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"C:\\Program Files\\Microsoft Games\\Rise Of Legends\\legends.exe"="C:\\Program Files\\Microsoft Games\\Rise Of Legends\\legends.exe:*:Enabled:Rise Of Legends"
"D:\\Patryk\\Gry\\rFactor\\rFactor.exe"="D:\\Patryk\\Gry\\rFactor\\rFactor.exe:*:Enabled:rFactor"
"D:\\Patryk\\Gry\\F1 Challenge 2007\\F1Challenge2007.exe"="D:\\Patryk\\Gry\\F1 Challenge 2007\\F1Challenge2007.exe:*:Enabled:F1 Challenge 99-02"
"C:\\Program Files\\EA SPORTS\\FIFA 07\\fifa07.exe"="C:\\Program Files\\EA SPORTS\\FIFA 07\\fifa07.exe:*:Enabled:fifa07"
"D:\\Patryk\\Gry\\Black & White\\runblack.exe"="D:\\Patryk\\Gry\\Black & White\\runblack.exe:*:Enabled:lh"
"C:\\Program Files\\Lionhead Studios Ltd\\Black & White\\runblack.exe"="C:\\Program Files\\Lionhead Studios Ltd\\Black & White\\runblack.exe:*:Enabled:lh"
"D:\\Patryk\\Gry\\MOHAA\\MOHAA.exe"="D:\\Patryk\\Gry\\MOHAA\\MOHAA.exe:*:Enabled:Medal of Honor Allied Assault(tm)"
"C:\\Program Files\\FlashFXP\\FlashFXP.exe"="C:\\Program Files\\FlashFXP\\FlashFXP.exe:*:Enabled:FlashFXP v3"
"D:\\Patryk\\DAEMON Tools\\BitComet\\BitComet.exe"="D:\\Patryk\\DAEMON Tools\\BitComet\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"D:\\Patryk\\BitComet\\BitComet.exe"="D:\\Patryk\\BitComet\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:uTorrent"
"D:\\Patryk\\SopCast\\adv\\SopAdver.exe"="D:\\Patryk\\SopCast\\adv\\SopAdver.exe:*:Enabled:SopCast Adver"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype. Take a deep breath "
"D:\\Patryk\\Gry\\Age of Empires III\\age3.exe"="D:\\Patryk\\Gry\\Age of Empires III\\age3.exe:*:Enabled:Age of Empires III"
"D:\\Patryk\\Gry\\Age of Empires III\\age3x.exe"="D:\\Patryk\\Gry\\Age of Empires III\\age3x.exe:*:Enabled:Age of Empires III - The WarChiefs"
"D:\\Patryk\\Gry\\Age of Empires III\\age3y.exe"="D:\\Patryk\\Gry\\Age of Empires III\\age3y.exe:*:Enabled:Age of Empires III - The Asian Dynasties"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\FlashFXP\\FlashFXP.exe"="C:\\Program Files\\FlashFXP\\FlashFXP.exe:*:Enabled:FlashFXP v3"

[b]Remaining Files [/b]:


File Backups: - C:\SDFix\backups\backups.zip

[b]Files with Hidden Attributes [/b]:

Wed  7 May 2008             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\05030212059e1b9876d47b8cf2fa5e95\BIT7.tmp"
Wed  7 May 2008             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\523d056929e13eacf8392044f602e53e\BIT6.tmp"
Mon  8 Oct 2007     1,123,200 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\93a233c2dff315e0408559775486f5b2\BIT20.tmp"
Wed  7 May 2008             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\afa5528a2269b5106016bdbc1ea3037f\BIT5.tmp"
Sun 13 Jan 2008        35,840 A.SH. --- "C:\Documents and Settings\Jedrzej\Pulpit\Brat\mynka\gp\gmina grudziadz\~WRL0001.tmp"

[b]Finished![/b]



Proszę napiszcie co mam dalej zrobić. Będę bardzo wdzięczny. Pierwszy raz się z czymś takim spotkałem.

[Okocza]

Patryksid

załóż swój temat