Wykryto wyłączony javascript

Aktualnie masz wyłączony javascript. Kilka funkcji może nie działać. Włącz ponownie javascript, aby korzystać z pełnej funkcjonalności.

Logi - Blad graficzny czy vir?

Rozpoczęty przez timmy , 02 09 2008 22:50

Temat jest zamknięty

2 odpowiedzi w tym temacie

#1 timmy

Zaawansowany użytkownik

624 postów

Napisano 02 09 2008 - 22:50

witam. wczoraj mialem formata lecz dzis mam nowy problemik...

w Grze Silkroad nie widze Wody ani okien... naprzyklad okna do logowania sie oto logi

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:46:36, on 2008-09-02
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\DialNet\winpppoverethernet.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\cFosSpeed\cFosSpeed.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\MyPortal\Speed-X\SpeedX.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\cFosSpeed\spd.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\DialNet\WrOS.EXE
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url="http://go.microsoft.com/fwlink/?LinkId=69157"]http://go.microsoft.com/fwlink/?LinkId=69157[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896[/url]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url="http://go.microsoft.com/fwlink/?LinkId=69157"]http://go.microsoft.com/fwlink/?LinkId=69157[/url]
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [a-winpoet-service] "C:\Program Files\DialNet\winpppoverethernet.exe"
O4 - HKLM\..\Run: [] "C:\PROGRA~1\DialNet\FPLICE~1.EXE zhimakaimen//WINPOET_QUITTING_EVENT"
O4 - HKLM\..\Run: [z-WrDialer] "C:\Program Files\DialNet\wrdialer.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [cFosSpeed] C:\Program Files\cFosSpeed\cFosSpeed.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ALi5289] C:\Program Files\ULI5289\ALi5289.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [SpeedX] C:\PROGRA~1\MyPortal\Speed-X\SpeedX.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{1CE8342F-2690-48B6-8637-42A452C35213}: NameServer = 217.30.129.149 217.30.137.200
O17 - HKLM\System\CS1\Services\Tcpip\..\{1CE8342F-2690-48B6-8637-42A452C35213}: NameServer = 217.30.129.149 217.30.137.200
O23 - Service: cFosSpeed System Service (cFosSpeedS) - cFos Software GmbH - C:\Program Files\cFosSpeed\spd.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: WinPPPoverEthernet - Fine Point Technologies, Inc. - C:\Program Files\DialNet\WrOS.EXE

--
End of file - 6122 bytes

ComboFix 08-09-01.03 - fritzz 2008-09-02 22:50:35.1 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.3.1250.1.1045.18.686 [GMT 2:00]
Running from: C:\Documents and Settings\fritzz\Pulpit\ComboFix.exe
 * Created a new restore point
 * Resident AV is active


[color="red"][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED [img]http://www.forum.tweaks.pl/public/style_emoticons/default/excl.gif[/img][/b][/color]
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\install.exe

.
(((((((((((((((((((((((((   Files Created from 2008-08-02 to 2008-09-02  )))))))))))))))))))))))))))))))
.

2008-09-02 22:34 . 2008-04-30 17:27	442,368	--a------	C:\WINDOWS\system32\NVUNINST.EXE
2008-09-02 22:33 . 2008-09-02 22:33	<DIR>	d--------	C:\NVIDIA
2008-09-02 21:50 . 2008-09-02 22:12	<DIR>	d--------	C:\Program Files\Silkroad
2008-09-02 19:31 . 2008-09-02 19:31	<DIR>	d--------	C:\Program Files\Windows Installer 4.5 SDK
2008-09-02 18:47 . 2008-09-02 18:47	<DIR>	d--------	C:\Documents and Settings\fritzz\Dane aplikacji\DivX
2008-09-02 18:40 . 2008-09-02 18:40	343,040	--a------	C:\WINDOWS\system32\temp.000
2008-09-02 16:40 . 2008-07-23 18:50	120,056	---------	C:\WINDOWS\system32\pxcpyi64.exe
2008-09-02 16:40 . 2008-07-23 18:50	118,520	---------	C:\WINDOWS\system32\pxinsi64.exe
2008-09-02 16:39 . 2008-09-02 16:40	<DIR>	d--------	C:\Program Files\DivX
2008-09-02 13:51 . 2008-09-02 13:51	<DIR>	d--------	C:\Program Files\Common Files\DFX
2008-09-02 13:51 . 2008-09-02 13:51	<DIR>	d--------	C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\DFX
2008-09-02 13:48 . 2008-09-02 13:50	<DIR>	d--------	C:\Documents and Settings\fritzz\Dane aplikacji\Winamp
2008-09-02 12:32 . 2008-09-02 12:32	<DIR>	d--------	C:\Program Files\DVD-RAM
2008-09-02 12:32 . 2004-08-27 15:37	155,648	--a------	C:\WINDOWS\system32\RAMASST.exe
2008-09-02 12:32 . 2004-11-09 16:22	135,168	--a------	C:\WINDOWS\system32\DVDMenu.dll
2008-09-02 12:32 . 2004-08-27 15:33	110,592	--a------	C:\WINDOWS\system32\DVDRAMSV.exe
2008-09-02 12:32 . 2005-02-25 00:33	102,320	--a------	C:\WINDOWS\system32\drivers\meiudf.sys
2008-09-02 11:53 . 2008-09-02 22:22	69	--a------	C:\WINDOWS\NeroDigital.ini
2008-09-02 11:45 . 2008-09-02 12:35	<DIR>	d--------	C:\Documents and Settings\fritzz\Dane aplikacji\Uniblue
2008-09-02 11:45 . 2008-09-02 12:35	<DIR>	d--------	C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\DriverScanner
2008-09-02 11:39 . 2008-09-02 18:40	286,720	---------	C:\WINDOWS\Setup1.exe
2008-09-02 11:39 . 2008-09-02 18:40	73,216	--a------	C:\WINDOWS\ST6UNST.EXE
2008-09-02 07:34 . 2008-04-14 22:51	221,184	--a------	C:\WINDOWS\system32\wmpns.dll
2008-09-01 23:53 . 2008-06-10 02:32	73,728	--a------	C:\WINDOWS\system32\javacpl.cpl
2008-09-01 23:52 . 2008-09-01 23:52	<DIR>	d--------	C:\Program Files\Pro Imaging Powertoys
2008-09-01 23:52 . 2008-09-01 23:52	<DIR>	d--------	C:\Program Files\Microsoft Calculator Plus
2008-09-01 23:52 . 2008-09-01 23:52	<DIR>	d--------	C:\Program Files\Common Files\Nikon
2008-09-01 23:52 . 2008-09-01 23:52	635,337	--a------	C:\WINDOWS\unins000.exe
2008-09-01 23:52 . 2008-09-01 23:52	934	--a------	C:\WINDOWS\unins000.dat
2008-09-01 23:42 . 2008-06-24 19:13	1,203,184	-----c---	C:\WINDOWS\system32\dllcache\sysmain.sdb
2008-09-01 23:42 . 2008-06-24 19:13	790,846	-----c---	C:\WINDOWS\system32\dllcache\apph_sp.sdb
2008-09-01 23:42 . 2008-09-01 23:42	635,337	--a------	C:\WINDOWS\system32\unins000.exe
2008-09-01 23:42 . 2003-06-25 16:05	266,360	--a------	C:\WINDOWS\system32\TweakUI.exe
2008-09-01 23:42 . 2008-06-24 19:13	238,098	-----c---	C:\WINDOWS\system32\dllcache\apphelp.sdb
2008-09-01 23:42 . 2008-06-24 19:16	85,612	-----c---	C:\WINDOWS\system32\dllcache\apps.chm
2008-09-01 23:42 . 2008-06-24 19:13	9,696	-----c---	C:\WINDOWS\system32\dllcache\drvmain.sdb
2008-09-01 23:42 . 2008-09-01 23:42	1,194	--a------	C:\WINDOWS\system32\unins000.dat
2008-09-01 23:41 . 2008-05-01 16:37	331,776	-----c---	C:\WINDOWS\system32\dllcache\msadce.dll
2008-09-01 23:41 . 2008-07-07 22:29	253,952	-----c---	C:\WINDOWS\system32\dllcache\es.dll
2008-09-01 23:41 . 2008-06-24 18:46	74,240	-----c---	C:\WINDOWS\system32\dllcache\mscms.dll
2008-09-01 23:39 . 2008-05-07 07:12	1,291,776	-----c---	C:\WINDOWS\system32\dllcache\quartz.dll
2008-09-01 23:39 . 2008-06-14 19:36	273,024	-----c---	C:\WINDOWS\system32\dllcache\bthport.sys
2008-09-01 23:39 . 2008-05-08 16:02	203,136	-----c---	C:\WINDOWS\system32\dllcache\rmcast.sys
2008-09-01 23:30 . 2008-07-06 14:06	1,676,288	---------	C:\WINDOWS\system32\xpssvcs.dll
2008-09-01 23:30 . 2008-07-06 14:06	1,676,288	-----c---	C:\WINDOWS\system32\dllcache\xpssvcs.dll
2008-09-01 23:30 . 2008-07-06 12:50	597,504	-----c---	C:\WINDOWS\system32\dllcache\printfilterpipelinesvc.exe
2008-09-01 23:30 . 2008-07-06 14:06	575,488	---------	C:\WINDOWS\system32\xpsshhdr.dll
2008-09-01 23:30 . 2008-07-06 14:06	575,488	-----c---	C:\WINDOWS\system32\dllcache\xpsshhdr.dll
2008-09-01 23:30 . 2008-07-06 14:06	117,760	---------	C:\WINDOWS\system32\prntvpt.dll
2008-09-01 23:30 . 2008-07-06 14:06	89,088	-----c---	C:\WINDOWS\system32\dllcache\filterpipelineprintproc.dll
2008-09-01 23:11 . 2008-09-01 23:11	<DIR>	d--------	C:\WINDOWS\ServicePackFiles
2008-09-01 23:10 . 2008-04-14 22:51	294,912	-----c---	C:\WINDOWS\system32\dllcache\dlimport.exe
2008-09-01 23:06 . 2006-12-29 00:31	19,569	--a------	C:\WINDOWS\[u]0[/u]02536_.tmp
2008-09-01 20:02 . 2008-09-01 20:02	<DIR>	d--h-c---	C:\WINDOWS\ie8
2008-09-01 19:48 . 2008-09-01 20:34	<DIR>	d--------	C:\Program Files\Nero
2008-09-01 19:48 . 2008-09-01 19:48	<DIR>	d--------	C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Nero
2008-09-01 19:42 . 2008-09-01 19:42	<DIR>	d--------	C:\Documents and Settings\fritzz\Dane aplikacji\Nero
2008-09-01 18:19 . 2008-09-01 18:19	<DIR>	d--------	C:\Program Files\SGJ
2008-09-01 17:21 . 2008-06-12 11:27	26,144	--a------	C:\WINDOWS\system32\spupdsvc.exe
2008-09-01 17:18 . 2007-07-30 19:19	43,352	--a------	C:\WINDOWS\system32\wups2.dll
2008-09-01 17:18 . 2007-07-30 19:19	38,232	--a------	C:\WINDOWS\system32\wucltui.dll.mui
2008-09-01 17:18 . 2007-07-30 19:20	30,040	--a------	C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-09-01 17:18 . 2007-07-30 19:20	30,040	--a------	C:\WINDOWS\system32\wuapi.dll.mui
2008-09-01 17:18 . 2007-07-30 19:18	21,336	--a------	C:\WINDOWS\system32\wuaueng.dll.mui
2008-09-01 17:17 . 2008-09-01 17:17	<DIR>	d---s----	C:\Documents and Settings\fritzz\UserData
2008-09-01 14:22 . 2001-08-17 23:59	3,072	--a------	C:\WINDOWS\system32\drivers\audstub.sys
2008-09-01 14:21 . 2008-04-14 21:35	58,880	--a------	C:\WINDOWS\system32\drivers\redbook.sys
2008-09-01 14:21 . 2008-04-14 00:15	10,624	--a------	C:\WINDOWS\system32\drivers\gameenum.sys
2008-09-01 14:20 . 2008-05-03 05:46	6,554,496	--a------	C:\WINDOWS\system32\drivers\nv4_mini.sys
2008-09-01 14:20 . 2008-05-03 05:46	6,554,496	--a--c---	C:\WINDOWS\system32\dllcache\nv4_mini.sys
2008-09-01 14:20 . 2008-05-03 05:46	6,108,160	--a------	C:\WINDOWS\system32\nv4_disp.dll
2008-09-01 14:20 . 2008-05-03 05:46	6,108,160	--a--c---	C:\WINDOWS\system32\dllcache\nv4_disp.dll
2008-09-01 14:20 . 2008-04-14 22:50	77,312	--a------	C:\WINDOWS\system32\usbui.dll
2008-09-01 14:18 . 2008-09-02 22:52	<DIR>	dr-h-----	C:\Documents and Settings\Default User.WINDOWS\Ustawienia lokalne
2008-09-01 14:18 . 2008-09-01 14:18	<DIR>	d--------	C:\Documents and Settings\Default User.WINDOWS\Ulubione
2008-09-01 14:18 . 2008-09-01 12:24	<DIR>	d--h-----	C:\Documents and Settings\Default User.WINDOWS\Szablony
2008-09-01 14:18 . 2008-09-01 14:18	<DIR>	d--------	C:\Documents and Settings\Default User.WINDOWS\Pulpit
2008-09-01 14:18 . 2008-09-01 14:18	<DIR>	d--------	C:\Documents and Settings\Default User.WINDOWS\Moje dokumenty
2008-09-01 14:18 . 2008-09-01 14:18	<DIR>	dr-------	C:\Documents and Settings\Default User.WINDOWS\Menu Start
2008-09-01 14:18 . 2008-09-01 14:18	<DIR>	d--------	C:\Documents and Settings\All Users.WINDOWS\Ulubione
2008-09-01 14:18 . 2008-09-01 14:18	<DIR>	d--h-----	C:\Documents and Settings\All Users.WINDOWS\Szablony
2008-09-01 14:18 . 2008-09-02 17:31	<DIR>	d--------	C:\Documents and Settings\All Users.WINDOWS\Pulpit
2008-09-01 14:18 . 2008-09-01 23:13	<DIR>	dr-------	C:\Documents and Settings\All Users.WINDOWS\Menu Start
2008-09-01 14:18 . 2008-09-01 12:25	<DIR>	dr-------	C:\Documents and Settings\All Users.WINDOWS\Dokumenty
2008-09-01 14:16 . 2008-09-01 14:18	<DIR>	dr-h-----	C:\Documents and Settings\Default User.WINDOWS\Dane aplikacji
2008-09-01 14:16 . 2008-09-02 14:14	<DIR>	dr-h-----	C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji
2008-09-01 14:16 . 2008-09-01 12:27	<DIR>	d--------	C:\Documents and Settings\All Users.WINDOWS
2008-09-01 14:16 . 2006-03-02 14:00	1,014,483	--a--c---	C:\WINDOWS\system32\dllcache\SP2.CAT
2008-09-01 14:16 . 2006-03-02 14:00	808,524	--a--c---	C:\WINDOWS\system32\dllcache\NT5IIS.CAT
2008-09-01 14:16 . 2006-03-02 14:00	399,670	--a--c---	C:\WINDOWS\system32\dllcache\MAPIMIG.CAT
2008-09-01 14:16 . 2006-03-02 14:00	37,509	--a--c---	C:\WINDOWS\system32\dllcache\MW770.CAT
2008-09-01 14:16 . 2006-03-02 14:00	13,497	--a--c---	C:\WINDOWS\system32\dllcache\HPCRDP.CAT
2008-09-01 14:16 . 2006-03-02 14:00	8,599	--a--c---	C:\WINDOWS\system32\dllcache\IASNT4.CAT
2008-09-01 14:16 . 2006-03-02 14:00	7,407	--a--c---	C:\WINDOWS\system32\dllcache\OEMBIOS.CAT
2008-09-01 14:16 . 2006-03-02 14:00	7,334	--a--c---	C:\WINDOWS\system32\dllcache\wmerrenu.cat
2008-09-01 14:15 . 2008-09-01 12:29	<DIR>	d--h-----	C:\Documents and Settings\Default User.WINDOWS
2008-09-01 14:14 . 2008-09-01 12:31	261	--a------	C:\WINDOWS\system32\$winnt$.inf
2008-09-01 13:28 . 2008-09-02 19:48	137,472	--a------	C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-09-01 13:28 . 2008-09-02 19:48	111,928	--a------	C:\WINDOWS\system32\PnkBstrB.exe
2008-09-01 13:28 . 2008-09-01 21:02	66,872	--a------	C:\WINDOWS\system32\PnkBstrA.exe
2008-09-01 13:13 . 2008-09-01 13:13	<DIR>	d--------	C:\Documents and Settings\fritzz\Dane aplikacji\teamspeak2
2008-09-01 13:10 . 2008-09-01 13:10	<DIR>	d--------	C:\Program Files\ALLPlayer
2008-09-01 13:09 . 2008-09-01 13:10	<DIR>	d--------	C:\Documents and Settings\fritzz\Dane aplikacji\Media Player Classic
2008-09-01 13:05 . 2008-09-02 21:14	<DIR>	d--------	C:\Documents and Settings\fritzz\Dane aplikacji\mIRC
2008-09-01 13:05 . 2008-09-01 13:05	1,415,680	--a------	C:\WINDOWS\system32\WMV9VCM.dll
2008-09-01 13:05 . 2008-09-01 13:05	921,600	--a------	C:\WINDOWS\system32\vorbisenc.dll
2008-09-01 13:05 . 2008-09-01 13:05	892,928	--a------	C:\WINDOWS\system32\iconv.dll
2008-09-01 13:05 . 2008-09-01 13:05	675,840	--a------	C:\WINDOWS\system32\ac3filter.ax
2008-09-01 13:05 . 2008-09-01 13:05	237,568	--a------	C:\WINDOWS\system32\OggDS.dll
2008-09-01 13:05 . 2006-10-18 20:05	232,448	--a--c---	C:\WINDOWS\system32\l3codecp.acm
2008-09-01 13:05 . 2008-09-01 13:05	188,416	--a------	C:\WINDOWS\system32\vorbis.dll
2008-09-01 13:05 . 2008-09-01 13:05	45,056	--a------	C:\WINDOWS\system32\ogg.dll
2008-09-01 13:04 . 2008-09-01 13:04	344,394	--a------	C:\WINDOWS\system32\xvid.ax
2008-09-01 13:04 . 2008-09-01 13:04	245,760	--a------	C:\WINDOWS\system32\mplvpx.dll
2008-09-01 13:04 . 2008-09-01 13:04	106,496	--a------	C:\WINDOWS\system32\lmpgspl.ax
2008-09-01 13:04 . 2008-09-01 13:04	94,208	--a------	C:\WINDOWS\system32\lmpgvd.ax
2008-09-01 13:04 . 2008-09-01 13:04	86,528	--a------	C:\WINDOWS\system32\DVDVideo.ax
2008-09-01 13:04 . 2008-09-01 13:04	9,216	--a------	C:\WINDOWS\system32\cpuinf32.dll
2008-09-01 12:58 . 2008-05-30 14:11	3,850,760	--a------	C:\WINDOWS\system32\D3DX9_38.dll
2008-09-01 12:57 . 2007-03-12 16:42	3,495,784	--a------	C:\WINDOWS\system32\d3dx9_33.dll
2008-09-01 12:49 . 2008-09-01 12:49	<DIR>	d--------	C:\Documents and Settings\fritzz\Dane aplikacji\Gadu-Gadu
2008-09-01 12:49 . 2005-05-12 15:12	29,696	-ra------	C:\WINDOWS\system32\drivers\JAHCI.sys
2008-09-01 12:49 . 2005-05-12 15:19	7,680	-ra------	C:\WINDOWS\system32\drivers\JGOGO.sys
2008-09-01 12:48 . 2008-09-02 11:58	<DIR>	d--------	C:\Program Files\ULI5289
2008-09-01 12:48 . 2008-09-01 12:48	<DIR>	d--------	C:\Program Files\AMD

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-02 14:15	---------	d-----w	C:\Program Files\sXe Injected
2008-09-02 11:49	---------	d-----w	C:\Program Files\Winamp
2008-09-02 10:32	---------	d--h--w	C:\Program Files\InstallShield Installation Information
2008-09-01 21:53	---------	d-----w	C:\Program Files\Java
2008-09-01 11:10	---------	d-----w	C:\Program Files\NAPI-PROJEKT
2008-09-01 11:04	755,027	----a-w	C:\WINDOWS\system32\xvidcore.dll
2008-09-01 11:01	---------	d-----w	C:\Program Files\<a href="http://www.download.net.pl/105/K-Lite-Codec-Pack/">K-Lite Codec Pack</a>
2008-08-30 04:19	---------	d-----w	C:\Program Files\Sync Manager
2008-08-30 00:46	---------	d-----w	C:\Documents and Settings\larrie.FRITZZ-372D3EA5\Dane aplikacji\mIRC
2008-08-28 13:23	---------	d-----w	C:\Program Files\Deutsch Translator 2
2008-08-25 18:44	---------	d-----w	C:\Program Files\SpeedFan
2008-08-22 01:08	878,592	----a-w	C:\WINDOWS\system32\SET1F96.tmp
2008-08-22 01:08	43,008	----a-w	C:\WINDOWS\system32\SET1F7E.tmp
2008-08-22 01:08	385,024	----a-w	C:\WINDOWS\system32\SET1F67.tmp
2008-08-22 01:08	236,544	----a-w	C:\WINDOWS\system32\SET1F94.tmp
2008-08-22 01:08	1,415,680	----a-w	C:\WINDOWS\system32\SET1F7A.tmp
2008-08-22 01:08	1,206,784	----a-w	C:\WINDOWS\system32\SET1F92.tmp
2008-08-22 01:05	70,656	----a-w	C:\WINDOWS\system32\SET1F85.tmp
2008-08-22 01:05	48,640	------w	C:\WINDOWS\system32\PrivacIE.dll
2008-08-22 01:05	48,128	----a-w	C:\WINDOWS\system32\SET1F86.tmp
2008-08-22 01:05	45,056	----a-w	C:\WINDOWS\system32\SET1F8B.tmp
2008-08-22 01:05	35,840	----a-w	C:\WINDOWS\system32\SET1F79.tmp
2008-08-22 01:05	346,624	----a-w	C:\WINDOWS\system32\SET1F65.tmp
2008-08-22 01:05	217,088	----a-w	C:\WINDOWS\system32\SET1F66.tmp
2008-08-22 01:05	186,880	----a-w	C:\WINDOWS\system32\SET1F73.tmp
2008-08-19 18:53	---------	d-----w	C:\Documents and Settings\larrie.FRITZZ-372D3EA5\Dane aplikacji\Nowe Gadu-Gadu
2008-08-17 00:56	---------	d-----w	C:\Program Files\NT Registry Optimizer
2008-08-07 15:55	748,818	----a-w	C:\WINDOWS\Help\SET1F3F.tmp
2008-08-07 15:55	13,874	----a-w	C:\WINDOWS\Help\SET1F3E.tmp
2008-08-07 15:55	12,593	----a-w	C:\WINDOWS\Help\SET1F3D.tmp
2008-08-06 13:45	4,122,112	----a-r	C:\WINDOWS\system32\drivers\alcxwdm.sys
2008-07-29 21:10	---------	d-----w	C:\Documents and Settings\larrie.FRITZZ-372D3EA5\Dane aplikacji\Bioshock
2008-07-29 21:09	---------	d--h--r	C:\Documents and Settings\larrie.FRITZZ-372D3EA5\Dane aplikacji\SecuROM
2008-07-29 19:10	73,720	----a-w	C:\WINDOWS\system32\dxva2.dll
2008-07-29 19:10	493,048	----a-w	C:\WINDOWS\system32\evr.dll
2008-07-29 19:10	26,112	----a-w	C:\WINDOWS\system32\TsWpfWrp.exe
2008-07-29 18:35	326,160	----a-w	C:\WINDOWS\system32\PresentationHost.exe
2008-07-29 17:59	781,344	----a-w	C:\WINDOWS\system32\PresentationNative_v0300.dll
2008-07-29 17:59	43,544	----a-w	C:\WINDOWS\system32\PresentationHostProxy.dll
2008-07-29 17:59	161,296	----a-w	C:\WINDOWS\system32\UIAutomationCore.dll
2008-07-29 17:59	105,016	----a-w	C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2008-07-29 17:24	97,800	----a-w	C:\WINDOWS\system32\infocardapi.dll
2008-07-29 17:24	622,080	----a-w	C:\WINDOWS\system32\icardagt.exe
2008-07-29 17:24	11,264	----a-w	C:\WINDOWS\system32\icardres.dll
2008-07-29 15:40	---------	d-----w	C:\Program Files\Real
2008-07-29 15:40	---------	d-----w	C:\Program Files\Common Files\xing shared
2008-07-29 15:40	---------	d-----w	C:\Program Files\Common Files\Real
2008-07-29 13:58	---------	d-----w	C:\Documents and Settings\larrie.FRITZZ-372D3EA5\Dane aplikacji\skypePM
2008-07-27 20:26	---------	d-----w	C:\Documents and Settings\larrie.FRITZZ-372D3EA5\Dane aplikacji\GetRightToGo
2008-07-25 09:16	96,760	----a-w	C:\WINDOWS\system32\dfshim.dll
2008-07-25 09:16	83,968	----a-w	C:\WINDOWS\system32\mscories.dll
2008-07-25 09:16	282,112	----a-w	C:\WINDOWS\system32\mscoree.dll
2008-07-25 09:16	158,720	----a-w	C:\WINDOWS\system32\mscorier.dll
2008-07-25 08:36	524,288	----a-w	C:\WINDOWS\system32\DivXsm.exe
2008-07-25 05:03	---------	d-----w	C:\Documents and Settings\larrie.FRITZZ-372D3EA5\Dane aplikacji\Apple Computer
2008-07-23 21:07	---------	d-----w	C:\Program Files\Reference Assemblies
2008-07-23 16:50	3,596,288	----a-w	C:\WINDOWS\system32\qt-dx331.dll
2008-07-23 16:50	129,784	------w	C:\WINDOWS\system32\pxafs.dll
2008-07-23 16:48	200,704	----a-w	C:\WINDOWS\system32\ssldivx.dll
2008-07-23 16:48	1,044,480	----a-w	C:\WINDOWS\system32\libdivx.dll
2008-07-23 16:46	12,288	----a-w	C:\WINDOWS\system32\DivXWMPExtType.dll
2008-07-23 03:23	---------	d-----w	C:\Program Files\Sony Setup
2008-07-22 19:18	---------	d-----w	C:\Documents and Settings\larrie.FRITZZ-372D3EA5\Dane aplikacji\teamspeak2
2008-07-22 18:57	---------	d-----w	C:\Program Files\mIRC
2008-07-22 17:57	---------	d-----w	C:\Documents and Settings\larrie.FRITZZ-372D3EA5\Dane aplikacji\Malwarebytes
2008-07-22 17:56	---------	d-----w	C:\Program Files\Common Files\Download Manager
2008-07-22 15:46	---------	d-----w	C:\Documents and Settings\larrie.FRITZZ-372D3EA5\Dane aplikacji\DivX
2008-07-21 14:32	---------	d-----w	C:\Program Files\Trend Micro
2008-07-20 13:17	---------	d-----w	C:\Program Files\BY TÜRK MOBILE WORLD-moto
2008-07-19 01:50	---------	d-----w	C:\Program Files\Mplayer
2008-07-18 16:51	---------	d-----w	C:\Program Files\Motorola Phone Tools
2008-07-18 16:51	---------	d-----w	C:\Program Files\Avanquest update
2008-07-18 16:50	24,192	----a-w	C:\Documents and Settings\larrie.FRITZZ-372D3EA5\usbsermptxp.sys
2008-07-18 16:50	22,768	----a-w	C:\Documents and Settings\larrie.FRITZZ-372D3EA5\usbsermpt.sys
2008-07-16 18:51	2,041,363	----a-w	C:\WINDOWS\system32\x264vfw.dll
2008-07-16 11:41	---------	d-----w	C:\Documents and Settings\larrie.FRITZZ-372D3EA5\Dane aplikacji\LEAPS
2008-07-16 11:39	---------	d-----w	C:\Documents and Settings\larrie.FRITZZ-372D3EA5\Dane aplikacji\Pegasys Inc
2008-07-16 11:35	---------	d-----w	C:\Program Files\Pegasys Inc
2008-07-16 11:34	---------	d-----w	C:\Program Files\Common Files\InstallShield
2008-07-16 10:28	---------	d-----w	C:\Program Files\QuickTime
2008-07-16 10:27	---------	d-----w	C:\Program Files\Apple Software Update
2008-07-16 07:11	---------	d-----w	C:\Documents and Settings\larrie.FRITZZ-372D3EA5\Dane aplikacji\Sony
2008-07-16 07:05	---------	d-----w	C:\Documents and Settings\larrie.FRITZZ-372D3EA5\Dane aplikacji\Sony Setup
2008-07-16 06:54	---------	d-----w	C:\Documents and Settings\larrie.FRITZZ-372D3EA5\Dane aplikacji\Publish Providers
2008-07-15 01:57	---------	d-----w	C:\Program Files\Common Files\Java
2008-07-14 15:51	---------	d-----w	C:\Documents and Settings\larrie.FRITZZ-372D3EA5\Dane aplikacji\AdobeUM
2008-07-14 13:40	---------	d-----w	C:\Program Files\Acclaim Entertainment
2008-07-11 18:17	---------	d-----w	C:\Program Files\PDM
2008-07-11 02:21	---------	d-----w	C:\Documents and Settings\larrie.FRITZZ-372D3EA5\Dane aplikacji\Winamp
2008-07-07 20:29	253,952	----a-w	C:\WINDOWS\system32\es.dll
2008-07-06 22:21	---------	d-----w	C:\Program Files\wlsc uploader
2008-07-06 13:51	---------	d-----w	C:\Program Files\FlashGet
2008-07-03 21:22	---------	d-----w	C:\Program Files\Common Files\Kaspersky Lab
2008-06-24 16:46	74,240	----a-w	C:\WINDOWS\system32\mscms.dll
2008-06-20 17:48	246,784	----a-w	C:\WINDOWS\system32\mswsock.dll
2008-06-12 18:36	7,680	----a-w	C:\WINDOWS\system32\ff_vfw.dll
2008-06-12 09:27	474,112	-c--a-w	C:\WINDOWS\system32\SET1F8E.tmp
2008-06-12 09:27	26,112	-c--a-w	C:\WINDOWS\system32\idndl.dll
2008-06-12 09:27	24,576	-c--a-w	C:\WINDOWS\system32\nlsdl.dll
2008-06-12 09:27	23,552	----a-w	C:\WINDOWS\system32\normaliz.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpeedX"="C:\PROGRA~1\MyPortal\Speed-X\SpeedX.exe" [2006-06-27 46718]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"a-winpoet-service"="C:\Program Files\DialNet\winpppoverethernet.exe" [2007-07-06 405504]
"z-WrDialer"="C:\Program Files\DialNet\wrdialer.exe" [2007-07-11 561152]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2008-06-10 1447168]
"cFosSpeed"="C:\Program Files\cFosSpeed\cFosSpeed.exe" [2008-07-18 867544]
"ALi5289"="C:\Program Files\ULI5289\ALi5289.exe" [2005-03-10 405504]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2008-04-28 570664]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352]
"CoolSwitch"="C:\WINDOWS\system32\taskswitch.exe" [2002-03-19 45632]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-03 13529088]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-03 86016]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 C:\WINDOWS\soundman.exe]
"nwiz"="nwiz.exe" [2008-05-03 C:\WINDOWS\system32\nwiz.exe]

C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\Autostart\
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [2008-09-02 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoStrCmpLogical"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 1 (0x1)
"MemCheckBoxInRunDlg"= 0 (0x0)
"NoAutoTrayNotify"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoResolveSearch"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
"NoRecentDocsNetHood"= 1 (0x1)
"NoDesktopCleanupWizard"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R0 JAHCI;JAHCI;C:\WINDOWS\system32\DRIVERS\JAHCI.sys [2005-05-12 29696]
R0 m5289;m5289;C:\WINDOWS\system32\DRIVERS\m5289.sys [2004-12-01 51840]
R0 uliagpkx;ULi AGP Bus Filter Driver;C:\WINDOWS\system32\DRIVERS\agpkx.sys [2005-05-03 45056]
R2 ousbehci;OrangeWare USB Enhanced Host Controller Service;C:\WINDOWS\system32\Drivers\ousbehci.sys [2006-06-23 45440]
R2 TopWinPoETDriver;WinPoET PPPoE Optimized Driver;C:\WINDOWS\system32\DRIVERS\WrKPoET2000.sys [2007-07-04 52214]
R3 FPD;Fine Point Packet Service;C:\WINDOWS\system32\drivers\fpd.sys [2007-07-04 30336]
R3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;C:\WINDOWS\system32\DRIVERS\ousb2hub.sys [2006-06-23 56960]
R3 ULI5261XP;ULi M526X Ethernet NT Driver;C:\WINDOWS\system32\DRIVERS\ULILAN51.SYS [2005-03-22 28672]
R3 WrKPoET2000;WrKPoET2000;C:\Program Files\DialNet\WrKPoET2000.sys [2007-07-04 52214]
R3 WRSWanDD;WinPoET PPPoE Adapter;C:\WINDOWS\system32\DRIVERS\WrKPoETNic2000.sys [2007-07-04 65604]
S2 ALIEHCD;ULi PCI to USB Enhanced Host Controller;C:\WINDOWS\system32\Drivers\ALIEHCI.sys [2005-06-02 84159]
S3 aliroothub;USB 2.0 Root Hub;C:\WINDOWS\system32\DRIVERS\AliRtHub.sys [2005-06-02 5318]
S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\fritzz\Dane aplikacji\Mozilla\Firefox\Profiles\uwua4nso.default\
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\NPBILLARD8.dll
FF -: plugin - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url="http://www.gmer.net"]http://www.gmer.net[/url]
Rootkit scan 2008-09-02 22:52:19
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-09-02 22:54:23
ComboFix-quarantined-files.txt  2008-09-02 20:54:20

Pre-Run: 2,183,225,344 bajtów wolnych
Post-Run: 2,183,471,104 bajtów wolnych

328

aha i jeszcze silent runner

"Silent Runners.vbs", revision 58, [url="http://www.silentrunners.org/"]http://www.silentrunners.org/[/url]
Operating System: Windows XP
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"SpeedX" = "C:\PROGRA~1\MyPortal\Speed-X\SpeedX.exe" ["MyPortal.pl"]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" = ""C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020" ["Nero AG"]
"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"a-winpoet-service" = ""C:\Program Files\DialNet\winpppoverethernet.exe"" ["Fine Point Technologies, Inc."]
"z-WrDialer" = ""C:\Program Files\DialNet\wrdialer.exe"" ["Fine Point Technologies, Inc."]
"egui" = ""C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice" ["ESET"]
"cFosSpeed" = "C:\Program Files\cFosSpeed\cFosSpeed.exe" ["cFos Software GmbH"]
"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]
"ALi5289" = "C:\Program Files\ULI5289\ALi5289.exe" ["ALi Corporation"]
"NeroFilterCheck" = "C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" ["Nero AG"]
"NBKeyScan" = ""C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"" ["Nero AG"]
"CoolSwitch" = "C:\WINDOWS\system32\taskswitch.exe" [null data]
"SunJavaUpdateSched" = ""C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"" ["Sun Microsystems, Inc."]
"Adobe Reader Speed Launcher" = ""C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"" ["Adobe Systems Incorporated"]
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\(Default) = "AcroIEHelperStub"
  -> {HKLM...CLSID} = "Adobe PDF Link Helper"
				   \InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll" ["Adobe Systems Incorporated"]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
  -> {HKLM...CLSID} = "SSVHelper Class"
				   \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll" ["Sun Microsystems, Inc."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
  -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"
				   \InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
  -> {HKLM...CLSID} = "HyperTerminal Icon Ext"
				   \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{EFA24E62-B078-11d0-89E4-00C04FC9E26E}" = "History Band"
  -> {HKLM...CLSID} = "History Band"
				   \InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
  -> {HKLM...CLSID} = "WinRAR"
				   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" ["Alexander Roshal"]
"{B089FE88-FB52-11D3-BDF1-0050DA34150D}" = "Eset Smart Security - Context Menu Shell Extension"
  -> {HKLM...CLSID} = "Eset Smart Security - Context Menu Shell Extension"
				   \InProcServer32\(Default) = "C:\Program Files\ESET\ESET Smart Security\shellExt.dll" ["ESET"]
"{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler"
  -> {HKLM...CLSID} = "NeroDigitalIconHandler Class"
				   \InProcServer32\(Default) = "C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll" ["Nero AG"]
"{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler"
  -> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class"
				   \InProcServer32\(Default) = "C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll" ["Nero AG"]
"{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2}" = "NeroCoverEd Live Icons"
  -> {HKLM...CLSID} = "NeroCoverEdLiveIcons Class"
				   \InProcServer32\(Default) = "C:\Program Files\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll" ["Nero AG"]
"{1530F7EE-5128-43BD-9977-84A4B0FAD7DF}" = "PhotoToys"
  -> {HKCU...CLSID} = (no title provided)
				   \InProcServer32\(Default) = "C:\WINDOWS\system32\phototoys.dll" [MS]
"{709C6E11-538F-4759-86AC-6ACB302AA0DE}" = "Desktop Manager"
  -> {HKCU...CLSID} = "Desktop Manager"
				   \InProcServer32\(Default) = "C:\WINDOWS\system32\msvdm.dll" [null data]
"{efb97cb8-a4a4-4357-a261-002ffaed0267}" = "CD Slideshow Powertoy"
  -> {HKCU...CLSID} = "CD Burn Slideshow Hook"
				   \InProcServer32\(Default) = "C:\WINDOWS\system32\slideshow.dll" [MS]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
  -> {HKLM...CLSID} = "DesktopContext Class"
				   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
  -> {HKLM...CLSID} = "NVIDIA CPL Extension"
				   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
  -> {HKLM...CLSID} = "Desktop Explorer"
				   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
  -> {HKLM...CLSID} = (no title provided)
				   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
  -> {HKLM...CLSID} = "nView Desktop Context Menu"
				   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
"WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
  -> {HKLM...CLSID} = "WPDShServiceObj Class"
				   \InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS]

HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\
<<!>> "BootExecute" = "autocheck autochk *"|"pgdfgsvc C 1" ["Sysinternals - www.sysinternals.com"]

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<<!>> dimsntfy\DLLName = "C:\WINDOWS\System32\dimsntfy.dll" [MS]

HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
{7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler"
  -> {HKLM...CLSID} = "NeroDigitalColumnHandler Class"
				   \InProcServer32\(Default) = "C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll" ["Nero AG"]
{B3AFAE44-F603-4456-808F-C9F8F0C76082}\(Default) = "Microsoft Digital Image Viewer Extension Column Provider"
  -> {HKLM...CLSID} = "CRawViewerExtension Class"
				   \InProcServer32\(Default) = "C:\Program Files\Pro Imaging Powertoys\Microsoft RAW Image Thumbnailer and Viewer for Windows XP\CRawViewerExtension.dll" [MS]
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
  -> {HKLM...CLSID} = "PDF Shell Extension"
				   \InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\
Cover Designer\(Default) = "{73FCA462-9BD5-4065-A73F-A8E5F6904EF7}"
  -> {HKLM...CLSID} = "NeroCoverEdContextMenu Class"
				   \InProcServer32\(Default) = "C:\Program Files\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll" ["Nero AG"]
Eset Smart Security - Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}"
  -> {HKLM...CLSID} = "Eset Smart Security - Context Menu Shell Extension"
				   \InProcServer32\(Default) = "C:\Program Files\ESET\ESET Smart Security\shellExt.dll" ["ESET"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
  -> {HKLM...CLSID} = "WinRAR"
				   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" ["Alexander Roshal"]

HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
  -> {HKLM...CLSID} = "WinRAR"
				   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" ["Alexander Roshal"]

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\
Eset Smart Security - Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}"
  -> {HKLM...CLSID} = "Eset Smart Security - Context Menu Shell Extension"
				   \InProcServer32\(Default) = "C:\Program Files\ESET\ESET Smart Security\shellExt.dll" ["ESET"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
  -> {HKLM...CLSID} = "WinRAR"
				   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" ["Alexander Roshal"]


Default executables:
--------------------

<<!>> HKLM\SOFTWARE\Classes\.com\(Default) = "ComFile"


Group Policies {policy setting}:
--------------------------------

Note: detected settings may not have any effect.

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\

"NoSMBalloonTip" = (REG_DWORD) dword:0x00000001
{unrecognized setting}

"NoRecentDocsHistory" = (REG_DWORD) dword:0x00000001
{unrecognized setting}

"CDRAutoRun" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"NoLowDiskSpaceChecks" = (REG_DWORD) dword:0x00000001
{unrecognized setting}

"MemCheckBoxInRunDlg" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"NoAutoTrayNotify" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"NoResolveTrack" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"NoResolveSearch" = (REG_DWORD) dword:0x00000001
{unrecognized setting}

"LinkResolveIgnoreLinkInfo" = (REG_DWORD) dword:0x00000001
{unrecognized setting}

"NoStartBanner" = (REG_BINARY) hex:01 00 00 00
{Remove "Click here to begin" from Start button}

"NoWelcomeScreen" = (REG_DWORD) dword:0x00000001
{unrecognized setting}

"NoRecentDocsNetHood" = (REG_DWORD) dword:0x00000001
{unrecognized setting}

"NoDesktopCleanupWizard" = (REG_DWORD) dword:0x00000001
{unrecognized setting}

"NoSharedDocuments" = (REG_DWORD) dword:0x00000001
{Remove Shared Documents from My Computer}

"NoCDBurning" = (REG_DWORD) dword:0x00000001
{unrecognized setting}

"NoDrives" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\

"NoRemoteRecursiveEvents" = (REG_DWORD) dword:0x00000001
{unrecognized setting}

"NoStrCmpLogical" = (REG_DWORD) dword:0x00000001
{unrecognized setting}

"NoDrives" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"HideLegacyLogonScripts" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"HideLogoffScripts" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"RunLogonScriptSync" = (REG_DWORD) dword:0x00000001
{unrecognized setting}

"RunStartupScriptSync" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"HideStartupScripts" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions\

"NoUpdateCheck" = (REG_DWORD) dword:0x00000001
{unrecognized setting}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\

"shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001
{Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) dword:0x00000001
{Devices: Allow undock without having to log on}

"RunStartupScriptSync" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"SynchronousMachineGroupPolicy" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"SynchronousUserGroupPolicy" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"DisableRegistryTools" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"HideLegacyLogonScripts" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"HideLogoffScripts" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"RunLogonScriptSync" = (REG_DWORD) dword:0x00000001
{unrecognized setting}

"HideStartupScripts" = (REG_DWORD) dword:0x00000000
{unrecognized setting}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\fritzz\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"


Windows Portable Device AutoPlay Handlers
-----------------------------------------

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\

MSPlayCDAudioOnArrival\
"Provider" = "ALLPlayer"
"InvokeProgID" = "AllPlayerFile"
"InvokeVerb" = "play"
HKLM\SOFTWARE\Classes\AllPlayerFile\shell\play\command\(Default) = ""C:\Program Files\ALLPlayer\ALLPlayer.exe" "%1"" ["ALLPlayer"]

MSWPDShellNamespaceHandler\
"Provider" = "@%SystemRoot%\System32\WPDShextRes.dll,-501"
"CLSID" = "{A55803CC-4D53-404c-8557-FD63DBA95D24}"
"InitCmdLine" = " "
  -> {HKLM...CLSID} = "WPDShextAutoplay"
				   \LocalServer32\(Default) = "C:\WINDOWS\system32\WPDShextAutoplay.exe" [MS]

NeroAutoPlay8AudioToNeroDigital\
"Provider" = "Nero Burning ROM"
"InvokeProgID" = "Nero.AutoPlay8"
"InvokeVerb" = "AudioToNeroDigital_PlayCDAudioOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\AudioToNeroDigital_PlayCDAudioOnArrival\command\(Default) = "C:\Program Files\Nero\Nero8\Nero Burning Rom\nero.exe /Dialog:SaveTracks %L" ["Nero AG"]

NeroAutoPlay8CDAudio\
"Provider" = "Nero Express"
"InvokeProgID" = "Nero.AutoPlay8"
"InvokeVerb" = "CDAudio_HandleCDBurningOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\CDAudio_HandleCDBurningOnArrival\command\(Default) = "C:\Program Files\Nero\Nero8\Nero Burning Rom\nero.exe -w /New:AudioCD" ["Nero AG"]

NeroAutoPlay8CopyCD\
"Provider" = "Nero Burning ROM"
"InvokeProgID" = "Nero.AutoPlay8"
"InvokeVerb" = "CopyCD_PlayMusicFilesOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\CopyCD_PlayMusicFilesOnArrival\command\(Default) = "C:\Program Files\Nero\Nero8\Nero Burning Rom\nero.exe /Dialog:DiscCopy %L" ["Nero AG"]

NeroAutoPlay8DataDisc_CD\
"Provider" = "Nero Express"
"InvokeProgID" = "Nero.AutoPlay8"
"InvokeVerb" = "DataDisc_CD_HandleCDBurningOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\DataDisc_CD_HandleCDBurningOnArrival\command\(Default) = "C:\Program Files\Nero\Nero8\Nero Burning Rom\nero.exe -w /New:ISODisc /Media:CD %L" ["Nero AG"]

NeroAutoPlay8DataDisc_DVD\
"Provider" = "Nero Express"
"InvokeProgID" = "Nero.AutoPlay8"
"InvokeVerb" = "DataDisc_DVD_HandleDVDBurningOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\DataDisc_DVD_HandleDVDBurningOnArrival\command\(Default) = "C:\Program Files\Nero\Nero8\Nero Burning Rom\nero.exe -w /New:ISODisc /Media:DVD %L" ["Nero AG"]

NeroAutoPlay8LaunchNeroStartSmart\
"Provider" = "Nero StartSmart"
"InvokeProgID" = "Nero.AutoPlay8"
"InvokeVerb" = "LaunchNeroStartSmart_HandleDVDBurningOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\LaunchNeroStartSmart_HandleDVDBurningOnArrival\command\(Default) = "C:\Program Files\Nero\Nero8\Nero StartSmart\NeroStartSmart.exe /AutoPlay" ["Nero AG"]

NeroAutoPlay8PlayAudioCD\
"Provider" = "Nero ShowTime"
"InvokeProgID" = "Nero.AutoPlay8"
"InvokeVerb" = "PlayAudioCD_PlayMusicFilesOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\PlayAudioCD_PlayMusicFilesOnArrival\command\(Default) = "C:\Program Files\Nero\Nero8\Nero ShowTime\ShowTime.exe /Play %L" ["Nero AG"]

NeroAutoPlay8PlayDVD\
"Provider" = "Nero ShowTime"
"InvokeProgID" = "Nero.AutoPlay8"
"InvokeVerb" = "PlayDVD_PlayVideoFilesOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\PlayDVD_PlayVideoFilesOnArrival\command\(Default) = "C:\Program Files\Nero\Nero8\Nero ShowTime\ShowTime.exe /Play %L" ["Nero AG"]

NeroAutoPlay8RipCD\
"Provider" = "Nero Burning ROM"
"InvokeProgID" = "Nero.AutoPlay8"
"InvokeVerb" = "RipCD_PlayCDAudioOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\RipCD_PlayCDAudioOnArrival\command\(Default) = "C:\Program Files\Nero\Nero8\Nero Burning Rom\nero.exe /Dialog:SaveTracks %L" ["Nero AG"]

NeroAutoPlay8TranscodeVideo\
"Provider" = "Nero Recode"
"InvokeProgID" = "Nero.AutoPlay8"
"InvokeVerb" = "TranscodeVideo_PlayDVDMovieOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\TranscodeVideo_PlayDVDMovieOnArrival\command\(Default) = "C:\Program Files\Nero\Nero8\Nero Recode\Recode.exe /New:CopyDVDVideo" ["Nero AG"]

NeroAutoPlay8VideoCapture\
"Provider" = "Nero Vision"
"ProgID" = "Shell.HWEventHandlerShellExecute"
"InitCmdLine" = ""C:\Program Files\Nero\Nero8\Nero Vision\NeroVision.exe" /New:VideoCapture"
HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}"
  -> {HKLM...CLSID} = "ShellExecute HW Event Handler"
				   \LocalServer32\(Default) = "rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS]

NeroAutoPlay8ViewPhotos\
"Provider" = "Nero PhotoSnap Viewer"
"InvokeProgID" = "Nero.AutoPlay8"
"InvokeVerb" = "ViewPhotos_ShowPicturesOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\ViewPhotos_ShowPicturesOnArrival\command\(Default) = "C:\Program Files\Nero\Nero8\Nero PhotoSnap\PhotoSnapViewer.exe /" ["Nero AG"]

WinampMTPHandler\
"Provider" = "Winamp"
"ProgID" = "Shell.HWEventHandlerShellExecute"
"InitCmdLine" = "C:\Program Files\Winamp\winamp.exe"
HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}"
  -> {HKLM...CLSID} = "ShellExecute HW Event Handler"
				   \LocalServer32\(Default) = "rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS]

WinampPlayMediaOnArrival\
"Provider" = "Winamp"
"InvokeProgID" = "Winamp.File"
"InvokeVerb" = "Play"
HKLM\SOFTWARE\Classes\Winamp.File\shell\Play\command\(Default) = ""C:\Program Files\Winamp\winamp.exe" "%1"" ["Nullsoft"]
HKLM\SOFTWARE\Classes\Winamp.File\shell\Play\DropTarget\CLSID = "{46986115-84D6-459c-8F95-52DD653E532E}"
  -> {HKLM...CLSID} = (no title provided)
				   \LocalServer32\(Default) = ""C:\Program Files\Winamp\winamp.exe"" ["Nullsoft"]


Startup items in "fritzz" & "All Users" startup folders:
--------------------------------------------------------

C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\Autostart
"RAMASST" -> shortcut to: "C:\WINDOWS\system32\RAMASST.exe" ["Matsushita Electric Industrial Co., Ltd."]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


Toolbars, Explorer Bars, Extensions:
------------------------------------

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC}"
  -> {HKCU...CLSID} = "Java Plug-in 1.6.0_07"
				   \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll" ["Sun Microsystems, Inc."]
  -> {HKLM...CLSID} = "Java Plug-in 1.6.0_07"
				   \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll" ["Sun Microsystems, Inc."]

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]


Miscellaneous IE Hijack Points
------------------------------

HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\
<<H>> "DesktopItemNavigationFailure" = "res://shdoclc.dll/navcancl.htm" [MS]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

cFosSpeed System Service, cFosSpeedS, ""C:\Program Files\cFosSpeed\spd.exe" -service" ["cFos Software GmbH"]
DVD-RAM_Service, DVD-RAM_Service, "C:\WINDOWS\system32\DVDRAMSV.exe" ["Matsushita Electric Industrial Co., Ltd."]
Eset Service, ekrn, ""C:\Program Files\ESET\ESET Smart Security\ekrn.exe"" ["ESET"]
Nero BackItUp Scheduler 3, Nero BackItUp Scheduler 3, "C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe" ["Nero AG"]
NMIndexingService, NMIndexingService, ""C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe"" ["Nero AG"]
NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]
PLFlash DeviceIoControl Service, PLFlash DeviceIoControl Service, "C:\WINDOWS\system32\IoctlSvc.exe" ["Prolific Technology Inc."]
PnkBstrA, PnkBstrA, "C:\WINDOWS\system32\PnkBstrA.exe" [null data]
WinPPPoverEthernet, WinPPPoverEthernet, "C:\Program Files\DialNet\WrOS.EXE" ["Fine Point Technologies, Inc."]


---------- (launch time: 2008-09-02 23:02:03)
<<!>>: Suspicious data at a malware launch point.
<<H>>: Suspicious data at a browser hijack point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
  launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
  took 16 seconds.
---------- (total run time: 45 seconds)

Do góry

#2 wncvirus

Leń !

851 postów

Napisano 03 09 2008 - 03:49

Wklej do notatnika

Files::

C:\WINDOWS\system32\temp.000

Registry::

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"z-WrDialer"=-

>>Plik>>Zapisz jako... >>> CFScript (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe)
Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe (czyli ikonkę CFScript.txt na ikonkę ComboFix.exe)
– podobnie jak na tym obrazku --> Dołączona grafika

(jeśli pojawi się pytanie "1 or 2" - to wpisz 1 i naciśnij ENTER) Ma się rozpocząć usuwanie. (i powstanie log)
Po restarcie usuń ręcznie folder C: \Qoobox.

Po wykonaniu tego daj nowego loga z combofixa

Do góry

#3 timmy

Zaawansowany użytkownik

624 postów

Napisano 03 09 2008 - 07:11

bardzo dziwne nie chce mi rozpoczac usuwania tego co mi napisales :rolleyes:

a robie wszystko tak jak opisales..

te 000.temp usunołem bylo wiecej takich plikow np.001,002.temp w system32 usunołem wszystkie

a to z rejestru to juz nie wiem jak wywalic ;/

ComboFix 08-09-01.04 - fritzz 2008-09-03  7:08:46.4 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.3.1250.1.1045.18.682 [GMT 2:00]
Running from: C:\Documents and Settings\fritzz\Pulpit\ComboFix.exe
 * Resident AV is active


[color="red"][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED [img]http://www.forum.tweaks.pl/public/style_emoticons/default/excl.gif[/img][/b][/color]
.

(((((((((((((((((((((((((   Files Created from 2008-08-03 to 2008-09-03  )))))))))))))))))))))))))))))))
.

2008-09-02 22:34 . 2008-04-30 17:27	442,368	--a------	C:\WINDOWS\system32\NVUNINST.EXE
2008-09-02 22:33 . 2008-09-02 22:33	<DIR>	d--------	C:\NVIDIA
2008-09-02 21:50 . 2008-09-02 22:12	<DIR>	d--------	C:\Program Files\Silkroad
2008-09-02 19:31 . 2008-09-02 19:31	<DIR>	d--------	C:\Program Files\Windows Installer 4.5 SDK
2008-09-02 18:47 . 2008-09-02 18:47	<DIR>	d--------	C:\Documents and Settings\fritzz\Dane aplikacji\DivX
2008-09-02 18:40 . 2008-09-02 18:40	343,040	--a------	C:\WINDOWS\system32\temp.000
2008-09-02 16:40 . 2008-07-23 18:50	120,056	---------	C:\WINDOWS\system32\pxcpyi64.exe
2008-09-02 16:40 . 2008-07-23 18:50	118,520	---------	C:\WINDOWS\system32\pxinsi64.exe
2008-09-02 16:39 . 2008-09-02 16:40	<DIR>	d--------	C:\Program Files\DivX
2008-09-02 13:51 . 2008-09-02 13:51	<DIR>	d--------	C:\Program Files\Common Files\DFX
2008-09-02 13:51 . 2008-09-02 13:51	<DIR>	d--------	C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\DFX
2008-09-02 13:48 . 2008-09-02 13:50	<DIR>	d--------	C:\Documents and Settings\fritzz\Dane aplikacji\Winamp
2008-09-02 12:32 . 2008-09-02 12:32	<DIR>	d--------	C:\Program Files\DVD-RAM
2008-09-02 12:32 . 2004-08-27 15:37	155,648	--a------	C:\WINDOWS\system32\RAMASST.exe
2008-09-02 12:32 . 2004-11-09 16:22	135,168	--a------	C:\WINDOWS\system32\DVDMenu.dll
2008-09-02 12:32 . 2004-08-27 15:33	110,592	--a------	C:\WINDOWS\system32\DVDRAMSV.exe
2008-09-02 12:32 . 2005-02-25 00:33	102,320	--a------	C:\WINDOWS\system32\drivers\meiudf.sys
2008-09-02 11:53 . 2008-09-02 22:22	69	--a------	C:\WINDOWS\NeroDigital.ini
2008-09-02 11:45 . 2008-09-02 12:35	<DIR>	d--------	C:\Documents and Settings\fritzz\Dane aplikacji\Uniblue
2008-09-02 11:45 . 2008-09-02 12:35	<DIR>	d--------	C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\DriverScanner
2008-09-02 11:39 . 2008-09-02 18:40	286,720	---------	C:\WINDOWS\Setup1.exe
2008-09-02 11:39 . 2008-09-02 18:40	73,216	--a------	C:\WINDOWS\ST6UNST.EXE
2008-09-02 07:34 . 2008-04-14 22:51	221,184	--a------	C:\WINDOWS\system32\wmpns.dll
2008-09-01 23:53 . 2008-06-10 02:32	73,728	--a------	C:\WINDOWS\system32\javacpl.cpl
2008-09-01 23:52 . 2008-09-01 23:52	<DIR>	d--------	C:\Program Files\Pro Imaging Powertoys
2008-09-01 23:52 . 2008-09-01 23:52	<DIR>	d--------	C:\Program Files\Microsoft Calculator Plus
2008-09-01 23:52 . 2008-09-01 23:52	<DIR>	d--------	C:\Program Files\Common Files\Nikon
2008-09-01 23:52 . 2008-09-01 23:52	635,337	--a------	C:\WINDOWS\unins000.exe
2008-09-01 23:52 . 2008-09-01 23:52	934	--a------	C:\WINDOWS\unins000.dat
2008-09-01 23:42 . 2008-06-24 19:13	1,203,184	-----c---	C:\WINDOWS\system32\dllcache\sysmain.sdb
2008-09-01 23:42 . 2008-06-24 19:13	790,846	-----c---	C:\WINDOWS\system32\dllcache\apph_sp.sdb
2008-09-01 23:42 . 2008-09-01 23:42	635,337	--a------	C:\WINDOWS\system32\unins000.exe
2008-09-01 23:42 . 2003-06-25 16:05	266,360	--a------	C:\WINDOWS\system32\TweakUI.exe
2008-09-01 23:42 . 2008-06-24 19:13	238,098	-----c---	C:\WINDOWS\system32\dllcache\apphelp.sdb
2008-09-01 23:42 . 2008-06-24 19:16	85,612	-----c---	C:\WINDOWS\system32\dllcache\apps.chm
2008-09-01 23:42 . 2008-06-24 19:13	9,696	-----c---	C:\WINDOWS\system32\dllcache\drvmain.sdb
2008-09-01 23:42 . 2008-09-01 23:42	1,194	--a------	C:\WINDOWS\system32\unins000.dat
2008-09-01 23:41 . 2008-05-01 16:37	331,776	-----c---	C:\WINDOWS\system32\dllcache\msadce.dll
2008-09-01 23:41 . 2008-07-07 22:29	253,952	-----c---	C:\WINDOWS\system32\dllcache\es.dll
2008-09-01 23:41 . 2008-06-24 18:46	74,240	-----c---	C:\WINDOWS\system32\dllcache\mscms.dll
2008-09-01 23:39 . 2008-05-07 07:12	1,291,776	-----c---	C:\WINDOWS\system32\dllcache\quartz.dll
2008-09-01 23:39 . 2008-06-14 19:36	273,024	-----c---	C:\WINDOWS\system32\dllcache\bthport.sys
2008-09-01 23:39 . 2008-05-08 16:02	203,136	-----c---	C:\WINDOWS\system32\dllcache\rmcast.sys
2008-09-01 23:30 . 2008-07-06 14:06	1,676,288	---------	C:\WINDOWS\system32\xpssvcs.dll
2008-09-01 23:30 . 2008-07-06 14:06	1,676,288	-----c---	C:\WINDOWS\system32\dllcache\xpssvcs.dll
2008-09-01 23:30 . 2008-07-06 12:50	597,504	-----c---	C:\WINDOWS\system32\dllcache\printfilterpipelinesvc.exe
2008-09-01 23:30 . 2008-07-06 14:06	575,488	---------	C:\WINDOWS\system32\xpsshhdr.dll
2008-09-01 23:30 . 2008-07-06 14:06	575,488	-----c---	C:\WINDOWS\system32\dllcache\xpsshhdr.dll
2008-09-01 23:30 . 2008-07-06 14:06	117,760	---------	C:\WINDOWS\system32\prntvpt.dll
2008-09-01 23:30 . 2008-07-06 14:06	89,088	-----c---	C:\WINDOWS\system32\dllcache\filterpipelineprintproc.dll
2008-09-01 23:11 . 2008-09-01 23:11	<DIR>	d--------	C:\WINDOWS\ServicePackFiles
2008-09-01 23:10 . 2008-04-14 22:51	294,912	-----c---	C:\WINDOWS\system32\dllcache\dlimport.exe
2008-09-01 23:06 . 2006-12-29 00:31	19,569	--a------	C:\WINDOWS\[u]0[/u]02536_.tmp
2008-09-01 20:02 . 2008-09-01 20:02	<DIR>	d--h-c---	C:\WINDOWS\ie8
2008-09-01 19:48 . 2008-09-01 20:34	<DIR>	d--------	C:\Program Files\Nero
2008-09-01 19:48 . 2008-09-01 19:48	<DIR>	d--------	C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Nero
2008-09-01 19:42 . 2008-09-01 19:42	<DIR>	d--------	C:\Documents and Settings\fritzz\Dane aplikacji\Nero
2008-09-01 18:19 . 2008-09-01 18:19	<DIR>	d--------	C:\Program Files\SGJ
2008-09-01 17:21 . 2008-06-12 11:27	26,144	--a------	C:\WINDOWS\system32\spupdsvc.exe
2008-09-01 17:18 . 2007-07-30 19:19	43,352	--a------	C:\WINDOWS\system32\wups2.dll
2008-09-01 17:18 . 2007-07-30 19:19	38,232	--a------	C:\WINDOWS\system32\wucltui.dll.mui
2008-09-01 17:18 . 2007-07-30 19:20	30,040	--a------	C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-09-01 17:18 . 2007-07-30 19:20	30,040	--a------	C:\WINDOWS\system32\wuapi.dll.mui
2008-09-01 17:18 . 2007-07-30 19:18	21,336	--a------	C:\WINDOWS\system32\wuaueng.dll.mui
2008-09-01 17:17 . 2008-09-01 17:17	<DIR>	d---s----	C:\Documents and Settings\fritzz\UserData
2008-09-01 14:22 . 2001-08-17 23:59	3,072	--a------	C:\WINDOWS\system32\drivers\audstub.sys
2008-09-01 14:21 . 2008-04-14 21:35	58,880	--a------	C:\WINDOWS\system32\drivers\redbook.sys
2008-09-01 14:21 . 2008-04-14 00:15	10,624	--a------	C:\WINDOWS\system32\drivers\gameenum.sys
2008-09-01 14:20 . 2008-05-03 05:46	6,554,496	--a------	C:\WINDOWS\system32\drivers\nv4_mini.sys
2008-09-01 14:20 . 2008-05-03 05:46	6,554,496	--a--c---	C:\WINDOWS\system32\dllcache\nv4_mini.sys
2008-09-01 14:20 . 2008-05-03 05:46	6,108,160	--a------	C:\WINDOWS\system32\nv4_disp.dll
2008-09-01 14:20 . 2008-05-03 05:46	6,108,160	--a--c---	C:\WINDOWS\system32\dllcache\nv4_disp.dll
2008-09-01 14:20 . 2008-04-14 22:50	77,312	--a------	C:\WINDOWS\system32\usbui.dll
2008-09-01 14:18 . 2008-09-03 07:09	<DIR>	dr-h-----	C:\Documents and Settings\Default User.WINDOWS\Ustawienia lokalne
2008-09-01 14:18 . 2008-09-01 14:18	<DIR>	d--------	C:\Documents and Settings\Default User.WINDOWS\Ulubione
2008-09-01 14:18 . 2008-09-01 12:24	<DIR>	d--h-----	C:\Documents and Settings\Default User.WINDOWS\Szablony
2008-09-01 14:18 . 2008-09-01 14:18	<DIR>	d--------	C:\Documents and Settings\Default User.WINDOWS\Pulpit
2008-09-01 14:18 . 2008-09-01 14:18	<DIR>	d--------	C:\Documents and Settings\Default User.WINDOWS\Moje dokumenty
2008-09-01 14:18 . 2008-09-01 14:18	<DIR>	dr-------	C:\Documents and Settings\Default User.WINDOWS\Menu Start
2008-09-01 14:18 . 2008-09-01 14:18	<DIR>	d--------	C:\Documents and Settings\All Users.WINDOWS\Ulubione
2008-09-01 14:18 . 2008-09-01 14:18	<DIR>	d--h-----	C:\Documents and Settings\All Users.WINDOWS\Szablony
2008-09-01 14:18 . 2008-09-02 17:31	<DIR>	d--------	C:\Documents and Settings\All Users.WINDOWS\Pulpit
2008-09-01 14:18 . 2008-09-01 23:13	<DIR>	dr-------	C:\Documents and Settings\All Users.WINDOWS\Menu Start
2008-09-01 14:18 . 2008-09-01 12:25	<DIR>	dr-------	C:\Documents and Settings\All Users.WINDOWS\Dokumenty
2008-09-01 14:16 . 2008-09-01 14:18	<DIR>	dr-h-----	C:\Documents and Settings\Default User.WINDOWS\Dane aplikacji
2008-09-01 14:16 . 2008-09-02 14:14	<DIR>	dr-h-----	C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji
2008-09-01 14:16 . 2008-09-01 12:27	<DIR>	d--------	C:\Documents and Settings\All Users.WINDOWS
2008-09-01 14:16 . 2006-03-02 14:00	1,014,483	--a--c---	C:\WINDOWS\system32\dllcache\SP2.CAT
2008-09-01 14:16 . 2006-03-02 14:00	808,524	--a--c---	C:\WINDOWS\system32\dllcache\NT5IIS.CAT
2008-09-01 14:16 . 2006-03-02 14:00	399,670	--a--c---	C:\WINDOWS\system32\dllcache\MAPIMIG.CAT
2008-09-01 14:16 . 2006-03-02 14:00	37,509	--a--c---	C:\WINDOWS\system32\dllcache\MW770.CAT
2008-09-01 14:16 . 2006-03-02 14:00	13,497	--a--c---	C:\WINDOWS\system32\dllcache\HPCRDP.CAT
2008-09-01 14:16 . 2006-03-02 14:00	8,599	--a--c---	C:\WINDOWS\system32\dllcache\IASNT4.CAT
2008-09-01 14:16 . 2006-03-02 14:00	7,407	--a--c---	C:\WINDOWS\system32\dllcache\OEMBIOS.CAT
2008-09-01 14:16 . 2006-03-02 14:00	7,334	--a--c---	C:\WINDOWS\system32\dllcache\wmerrenu.cat
2008-09-01 14:15 . 2008-09-01 12:29	<DIR>	d--h-----	C:\Documents and Settings\Default User.WINDOWS
2008-09-01 14:14 . 2008-09-01 12:31	261	--a------	C:\WINDOWS\system32\$winnt$.inf
2008-09-01 13:28 . 2008-09-02 19:48	137,472	--a------	C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-09-01 13:28 . 2008-09-02 19:48	111,928	--a------	C:\WINDOWS\system32\PnkBstrB.exe
2008-09-01 13:28 . 2008-09-01 21:02	66,872	--a------	C:\WINDOWS\system32\PnkBstrA.exe
2008-09-01 13:13 . 2008-09-01 13:13	<DIR>	d--------	C:\Documents and Settings\fritzz\Dane aplikacji\teamspeak2
2008-09-01 13:10 . 2008-09-01 13:10	<DIR>	d--------	C:\Program Files\ALLPlayer
2008-09-01 13:09 . 2008-09-01 13:10	<DIR>	d--------	C:\Documents and Settings\fritzz\Dane aplikacji\Media Player Classic
2008-09-01 13:05 . 2008-09-02 21:14	<DIR>	d--------	C:\Documents and Settings\fritzz\Dane aplikacji\mIRC
2008-09-01 13:05 . 2008-09-01 13:05	1,415,680	--a------	C:\WINDOWS\system32\WMV9VCM.dll
2008-09-01 13:05 . 2008-09-01 13:05	921,600	--a------	C:\WINDOWS\system32\vorbisenc.dll
2008-09-01 13:05 . 2008-09-01 13:05	892,928	--a------	C:\WINDOWS\system32\iconv.dll
2008-09-01 13:05 . 2008-09-01 13:05	675,840	--a------	C:\WINDOWS\system32\ac3filter.ax
2008-09-01 13:05 . 2008-09-01 13:05	237,568	--a------	C:\WINDOWS\system32\OggDS.dll
2008-09-01 13:05 . 2006-10-18 20:05	232,448	--a--c---	C:\WINDOWS\system32\l3codecp.acm
2008-09-01 13:05 . 2008-09-01 13:05	188,416	--a------	C:\WINDOWS\system32\vorbis.dll
2008-09-01 13:05 . 2008-09-01 13:05	45,056	--a------	C:\WINDOWS\system32\ogg.dll
2008-09-01 13:04 . 2008-09-01 13:04	344,394	--a------	C:\WINDOWS\system32\xvid.ax
2008-09-01 13:04 . 2008-09-01 13:04	245,760	--a------	C:\WINDOWS\system32\mplvpx.dll
2008-09-01 13:04 . 2008-09-01 13:04	106,496	--a------	C:\WINDOWS\system32\lmpgspl.ax
2008-09-01 13:04 . 2008-09-01 13:04	94,208	--a------	C:\WINDOWS\system32\lmpgvd.ax
2008-09-01 13:04 . 2008-09-01 13:04	86,528	--a------	C:\WINDOWS\system32\DVDVideo.ax
2008-09-01 13:04 . 2008-09-01 13:04	9,216	--a------	C:\WINDOWS\system32\cpuinf32.dll
2008-09-01 12:58 . 2008-05-30 14:11	3,850,760	--a------	C:\WINDOWS\system32\D3DX9_38.dll
2008-09-01 12:57 . 2007-03-12 16:42	3,495,784	--a------	C:\WINDOWS\system32\d3dx9_33.dll
2008-09-01 12:49 . 2008-09-01 12:49	<DIR>	d--------	C:\Documents and Settings\fritzz\Dane aplikacji\Gadu-Gadu
2008-09-01 12:49 . 2005-05-12 15:12	29,696	-ra------	C:\WINDOWS\system32\drivers\JAHCI.sys
2008-09-01 12:49 . 2005-05-12 15:19	7,680	-ra------	C:\WINDOWS\system32\drivers\JGOGO.sys
2008-09-01 12:48 . 2008-09-02 11:58	<DIR>	d--------	C:\Program Files\ULI5289
2008-09-01 12:48 . 2008-09-01 12:48	<DIR>	d--------	C:\Program Files\AMD

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-02 14:15	---------	d-----w	C:\Program Files\sXe Injected
2008-09-02 11:49	---------	d-----w	C:\Program Files\Winamp
2008-09-02 10:32	---------	d--h--w	C:\Program Files\InstallShield Installation Information
2008-09-01 21:53	---------	d-----w	C:\Program Files\Java
2008-09-01 11:10	---------	d-----w	C:\Program Files\NAPI-PROJEKT
2008-09-01 11:04	755,027	----a-w	C:\WINDOWS\system32\xvidcore.dll
2008-09-01 11:01	---------	d-----w	C:\Program Files\K-Lite Codec Pack
2008-08-30 04:19	---------	d-----w	C:\Program Files\Sync Manager
2008-08-30 00:46	---------	d-----w	C:\Documents and Settings\larrie.FRITZZ-372D3EA5\Dane aplikacji\mIRC
2008-08-28 13:23	---------	d-----w	C:\Program Files\Deutsch Translator 2
2008-08-25 18:44	---------	d-----w	C:\Program Files\SpeedFan
2008-08-22 01:08	878,592	----a-w	C:\WINDOWS\system32\SET1F96.tmp
2008-08-22 01:08	43,008	----a-w	C:\WINDOWS\system32\SET1F7E.tmp
2008-08-22 01:08	385,024	----a-w	C:\WINDOWS\system32\SET1F67.tmp
2008-08-22 01:08	236,544	----a-w	C:\WINDOWS\system32\SET1F94.tmp
2008-08-22 01:08	1,415,680	----a-w	C:\WINDOWS\system32\SET1F7A.tmp
2008-08-22 01:08	1,206,784	----a-w	C:\WINDOWS\system32\SET1F92.tmp
2008-08-22 01:05	70,656	----a-w	C:\WINDOWS\system32\SET1F85.tmp
2008-08-22 01:05	48,640	------w	C:\WINDOWS\system32\PrivacIE.dll
2008-08-22 01:05	48,128	----a-w	C:\WINDOWS\system32\SET1F86.tmp
2008-08-22 01:05	45,056	----a-w	C:\WINDOWS\system32\SET1F8B.tmp
2008-08-22 01:05	35,840	----a-w	C:\WINDOWS\system32\SET1F79.tmp
2008-08-22 01:05	346,624	----a-w	C:\WINDOWS\system32\SET1F65.tmp
2008-08-22 01:05	217,088	----a-w	C:\WINDOWS\system32\SET1F66.tmp
2008-08-22 01:05	186,880	----a-w	C:\WINDOWS\system32\SET1F73.tmp
2008-08-19 18:53	---------	d-----w	C:\Documents and Settings\larrie.FRITZZ-372D3EA5\Dane aplikacji\Nowe Gadu-Gadu
2008-08-17 00:56	---------	d-----w	C:\Program Files\NT Registry Optimizer
2008-08-07 15:55	748,818	----a-w	C:\WINDOWS\Help\SET1F3F.tmp
2008-08-07 15:55	13,874	----a-w	C:\WINDOWS\Help\SET1F3E.tmp
2008-08-07 15:55	12,593	----a-w	C:\WINDOWS\Help\SET1F3D.tmp
2008-08-06 13:45	4,122,112	----a-r	C:\WINDOWS\system32\drivers\alcxwdm.sys
2008-08-02 10:48	---------	d-----w	C:\Program Files\MD 40820
2008-07-29 21:10	---------	d-----w	C:\Documents and Settings\larrie.FRITZZ-372D3EA5\Dane aplikacji\Bioshock
2008-07-29 21:09	---------	d--h--r	C:\Documents and Settings\larrie.FRITZZ-372D3EA5\Dane aplikacji\SecuROM
2008-07-29 19:10	73,720	----a-w	C:\WINDOWS\system32\dxva2.dll
2008-07-29 19:10	493,048	----a-w	C:\WINDOWS\system32\evr.dll
2008-07-29 19:10	26,112	----a-w	C:\WINDOWS\system32\TsWpfWrp.exe
2008-07-29 18:35	326,160	----a-w	C:\WINDOWS\system32\PresentationHost.exe
2008-07-29 17:59	781,344	----a-w	C:\WINDOWS\system32\PresentationNative_v0300.dll
2008-07-29 17:59	43,544	----a-w	C:\WINDOWS\system32\PresentationHostProxy.dll
2008-07-29 17:59	161,296	----a-w	C:\WINDOWS\system32\UIAutomationCore.dll
2008-07-29 17:59	105,016	----a-w	C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2008-07-29 17:24	97,800	----a-w	C:\WINDOWS\system32\infocardapi.dll
2008-07-29 17:24	622,080	----a-w	C:\WINDOWS\system32\icardagt.exe
2008-07-29 17:24	11,264	----a-w	C:\WINDOWS\system32\icardres.dll
2008-07-29 15:40	---------	d-----w	C:\Program Files\Real
2008-07-29 15:40	---------	d-----w	C:\Program Files\Common Files\xing shared
2008-07-29 15:40	---------	d-----w	C:\Program Files\Common Files\Real
2008-07-29 13:58	---------	d-----w	C:\Documents and Settings\larrie.FRITZZ-372D3EA5\Dane aplikacji\skypePM
2008-07-27 20:26	---------	d-----w	C:\Documents and Settings\larrie.FRITZZ-372D3EA5\Dane aplikacji\GetRightToGo
2008-07-25 09:16	96,760	----a-w	C:\WINDOWS\system32\dfshim.dll
2008-07-25 09:16	83,968	----a-w	C:\WINDOWS\system32\mscories.dll
2008-07-25 09:16	282,112	----a-w	C:\WINDOWS\system32\mscoree.dll
2008-07-25 09:16	158,720	----a-w	C:\WINDOWS\system32\mscorier.dll
2008-07-25 08:36	524,288	----a-w	C:\WINDOWS\system32\DivXsm.exe
2008-07-25 05:03	---------	d-----w	C:\Documents and Settings\larrie.FRITZZ-372D3EA5\Dane aplikacji\Apple Computer
2008-07-23 21:07	---------	d-----w	C:\Program Files\Reference Assemblies
2008-07-23 16:50	3,596,288	----a-w	C:\WINDOWS\system32\qt-dx331.dll
2008-07-23 16:50	129,784	------w	C:\WINDOWS\system32\pxafs.dll
2008-07-23 16:48	200,704	----a-w	C:\WINDOWS\system32\ssldivx.dll
2008-07-23 16:48	1,044,480	----a-w	C:\WINDOWS\system32\libdivx.dll
2008-07-23 16:46	12,288	----a-w	C:\WINDOWS\system32\DivXWMPExtType.dll
2008-07-23 03:23	---------	d-----w	C:\Program Files\Sony Setup
2008-07-22 19:18	---------	d-----w	C:\Documents and Settings\larrie.FRITZZ-372D3EA5\Dane aplikacji\teamspeak2
2008-07-22 18:57	---------	d-----w	C:\Program Files\mIRC
2008-07-22 17:57	---------	d-----w	C:\Documents and Settings\larrie.FRITZZ-372D3EA5\Dane aplikacji\Malwarebytes
2008-07-22 17:56	---------	d-----w	C:\Program Files\Common Files\Download Manager
2008-07-22 15:46	---------	d-----w	C:\Documents and Settings\larrie.FRITZZ-372D3EA5\Dane aplikacji\DivX
2008-07-21 14:32	---------	d-----w	C:\Program Files\Trend Micro
2008-07-20 13:17	---------	d-----w	C:\Program Files\BY TÜRK MOBILE WORLD-moto
2008-07-19 01:50	---------	d-----w	C:\Program Files\Mplayer
2008-07-18 16:51	---------	d-----w	C:\Program Files\Motorola Phone Tools
2008-07-18 16:51	---------	d-----w	C:\Program Files\Avanquest update
2008-07-18 16:50	24,192	----a-w	C:\Documents and Settings\larrie.FRITZZ-372D3EA5\usbsermptxp.sys
2008-07-18 16:50	22,768	----a-w	C:\Documents and Settings\larrie.FRITZZ-372D3EA5\usbsermpt.sys
2008-07-16 18:51	2,041,363	----a-w	C:\WINDOWS\system32\x264vfw.dll
2008-07-16 11:41	---------	d-----w	C:\Documents and Settings\larrie.FRITZZ-372D3EA5\Dane aplikacji\LEAPS
2008-07-16 11:39	---------	d-----w	C:\Documents and Settings\larrie.FRITZZ-372D3EA5\Dane aplikacji\Pegasys Inc
2008-07-16 11:35	---------	d-----w	C:\Program Files\Pegasys Inc
2008-07-16 11:34	---------	d-----w	C:\Program Files\Common Files\InstallShield
2008-07-16 10:28	---------	d-----w	C:\Program Files\QuickTime
2008-07-16 10:27	---------	d-----w	C:\Program Files\Apple Software Update
2008-07-16 07:11	---------	d-----w	C:\Documents and Settings\larrie.FRITZZ-372D3EA5\Dane aplikacji\Sony
2008-07-16 07:05	---------	d-----w	C:\Documents and Settings\larrie.FRITZZ-372D3EA5\Dane aplikacji\Sony Setup
2008-07-16 06:54	---------	d-----w	C:\Documents and Settings\larrie.FRITZZ-372D3EA5\Dane aplikacji\Publish Providers
2008-07-15 01:57	---------	d-----w	C:\Program Files\Common Files\Java
2008-07-14 15:51	---------	d-----w	C:\Documents and Settings\larrie.FRITZZ-372D3EA5\Dane aplikacji\AdobeUM
2008-07-14 13:40	---------	d-----w	C:\Program Files\Acclaim Entertainment
2008-07-11 18:17	---------	d-----w	C:\Program Files\PDM
2008-07-11 02:21	---------	d-----w	C:\Documents and Settings\larrie.FRITZZ-372D3EA5\Dane aplikacji\Winamp
2008-07-07 20:29	253,952	----a-w	C:\WINDOWS\system32\es.dll
2008-07-06 22:21	---------	d-----w	C:\Program Files\wlsc uploader
2008-07-06 13:51	---------	d-----w	C:\Program Files\FlashGet
2008-07-03 21:22	---------	d-----w	C:\Program Files\Common Files\Kaspersky Lab
2008-06-24 16:46	74,240	----a-w	C:\WINDOWS\system32\mscms.dll
2008-06-20 17:48	246,784	----a-w	C:\WINDOWS\system32\mswsock.dll
2008-06-12 18:36	7,680	----a-w	C:\WINDOWS\system32\ff_vfw.dll
2008-06-12 09:27	474,112	-c--a-w	C:\WINDOWS\system32\SET1F8E.tmp
2008-06-12 09:27	26,112	-c--a-w	C:\WINDOWS\system32\idndl.dll
2008-06-12 09:27	24,576	-c--a-w	C:\WINDOWS\system32\nlsdl.dll
.

(((((((((((((((((((((((((((((   snapshot@2008-09-02_22.54.10.50   )))))))))))))))))))))))))))))))))))))))))
.
- 2008-09-02 20:44:36	71,138	----a-w	C:\WINDOWS\system32\perfc009.dat
+ 2008-09-03 04:53:55	71,138	----a-w	C:\WINDOWS\system32\perfc009.dat
- 2008-09-02 20:44:36	89,036	----a-w	C:\WINDOWS\system32\perfc015.dat
+ 2008-09-03 04:53:55	89,036	----a-w	C:\WINDOWS\system32\perfc015.dat
- 2008-09-02 20:44:36	440,820	----a-w	C:\WINDOWS\system32\perfh009.dat
+ 2008-09-03 04:53:55	440,820	----a-w	C:\WINDOWS\system32\perfh009.dat
- 2008-09-02 20:44:36	499,854	----a-w	C:\WINDOWS\system32\perfh015.dat
+ 2008-09-03 04:53:55	499,854	----a-w	C:\WINDOWS\system32\perfh015.dat
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpeedX"="C:\PROGRA~1\MyPortal\Speed-X\SpeedX.exe" [2006-06-27 46718]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"a-winpoet-service"="C:\Program Files\DialNet\winpppoverethernet.exe" [2007-07-06 405504]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2008-06-10 1447168]
"cFosSpeed"="C:\Program Files\cFosSpeed\cFosSpeed.exe" [2008-07-18 867544]
"ALi5289"="C:\Program Files\ULI5289\ALi5289.exe" [2005-03-10 405504]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2008-04-28 570664]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352]
"CoolSwitch"="C:\WINDOWS\system32\taskswitch.exe" [2002-03-19 45632]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-03 13529088]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-03 86016]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 C:\WINDOWS\soundman.exe]
"nwiz"="nwiz.exe" [2008-05-03 C:\WINDOWS\system32\nwiz.exe]

C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\Autostart\
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [2008-09-02 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoStrCmpLogical"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 1 (0x1)
"MemCheckBoxInRunDlg"= 0 (0x0)
"NoAutoTrayNotify"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoResolveSearch"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
"NoRecentDocsNetHood"= 1 (0x1)
"NoDesktopCleanupWizard"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R0 JAHCI;JAHCI;C:\WINDOWS\system32\DRIVERS\JAHCI.sys [2005-05-12 29696]
R0 m5289;m5289;C:\WINDOWS\system32\DRIVERS\m5289.sys [2004-12-01 51840]
R0 uliagpkx;ULi AGP Bus Filter Driver;C:\WINDOWS\system32\DRIVERS\agpkx.sys [2005-05-03 45056]
R2 ousbehci;OrangeWare USB Enhanced Host Controller Service;C:\WINDOWS\system32\Drivers\ousbehci.sys [2006-06-23 45440]
R2 TopWinPoETDriver;WinPoET PPPoE Optimized Driver;C:\WINDOWS\system32\DRIVERS\WrKPoET2000.sys [2007-07-04 52214]
R3 FPD;Fine Point Packet Service;C:\WINDOWS\system32\drivers\fpd.sys [2007-07-04 30336]
R3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;C:\WINDOWS\system32\DRIVERS\ousb2hub.sys [2006-06-23 56960]
R3 ULI5261XP;ULi M526X Ethernet NT Driver;C:\WINDOWS\system32\DRIVERS\ULILAN51.SYS [2005-03-22 28672]
R3 WrKPoET2000;WrKPoET2000;C:\Program Files\DialNet\WrKPoET2000.sys [2007-07-04 52214]
R3 WRSWanDD;WinPoET PPPoE Adapter;C:\WINDOWS\system32\DRIVERS\WrKPoETNic2000.sys [2007-07-04 65604]
S2 ALIEHCD;ULi PCI to USB Enhanced Host Controller;C:\WINDOWS\system32\Drivers\ALIEHCI.sys [2005-06-02 84159]
S3 aliroothub;USB 2.0 Root Hub;C:\WINDOWS\system32\DRIVERS\AliRtHub.sys [2005-06-02 5318]
S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\fritzz\Dane aplikacji\Mozilla\Firefox\Profiles\uwua4nso.default\
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\NPBILLARD8.dll
FF -: plugin - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url="http://www.gmer.net"]http://www.gmer.net[/url]
Rootkit scan 2008-09-03 07:09:40
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-09-03  7:10:05
ComboFix-quarantined-files.txt  2008-09-03 05:10:03
ComboFix2.txt  2008-09-03 05:05:27
ComboFix3.txt  2008-09-02 20:54:24

Pre-Run: 3,222,241,280 bajtów wolnych
Post-Run: 3,213,803,520 bajtów wolnych

333

Do góry

Wróć do Bezpieczeństwo (wirusy i trojany)

Użytkownicy przeglądający ten temat: 0

0 użytkowników, 0 gości, 0 anonimowych

Logi - Blad graficzny czy vir?

#1 timmy

#2 wncvirus

#3 timmy

Użytkownicy przeglądający ten temat: 0

Zaloguj się