wyskakuje mi dymek z napisem " skok napiecia na porcie koncentratore " dalej " urządzenie usb przekroczyło limit zasilania swojego portu koncentratora. Aby uzyskac pomoc kliknij tutaj" tam sa opcje ersetuj i zamknij, robie to co jest tam napisane zeby zrobić ale ten dymek zały czas wysklakuje. Jak to naprawić ??
EDIT:
własnie wyłączyłem portu powodujeace problem, ale czy jest to do naprawienia ??
Skok napięcia na porcie koncentratora
Rozpoczęty przez
systemfyck
, 28 11 2007 23:18
28 odpowiedzi w tym temacie
#2
Tequila
-
-
- 386 postów
Stały użytkownik
Napisano 28 11 2007 - 23:23
Co masz popiete pod USB ?
Nie da sie urządzeń popodłączać pod inne kontrolery USB ?
Opcje pod tytułem "zasilacz nie daje rady" albo "zwarcie w urządzeniu podłaczonym pod USB" też nie sa wykluczone.
Nie da sie urządzeń popodłączać pod inne kontrolery USB ?
Opcje pod tytułem "zasilacz nie daje rady" albo "zwarcie w urządzeniu podłaczonym pod USB" też nie sa wykluczone.
#3
systemfyck
-
-
- 13 postów
Początkujący
Napisano 28 11 2007 - 23:48
mysze podlaczylem ale ten sam blad wyskakuje na kamerce. w sumie zaraz zobacze inny zasilaczu
edit:
to samo :/
edit:
to samo :/
#4
nolakt22
-
-
- 14 postów
Początkujący
Napisano 29 11 2007 - 20:46
mysze podlaczylem ale ten sam blad wyskakuje na kamerce. w sumie zaraz zobacze inny zasilaczu
edit:
to samo :/
WITAM ja mam podobny problem z ta roznica ze uzycie procesora wystepuje non stop bez wgledu na to czy wlaczam jakis proces czy tez nie w menadzerze zadan pokazuje mi proces system uzycie procesora 100 %
![;]](/public/style_emoticons/default/cwaniak.gif)
prosze o pomoc bo nie wiem co mam robic? patrzylem na plyte główna i nie ma zadnych wybrzuszen czy cos tam formatowalem tez caly dysk i tez nic nie pomoglo instalowalem nawet 2 rozne wersje xp. bo myslelalem ze to wina wersji jak posiadam :/ ale nie dalej to samo zalaczam loga prosze o pomoc 
(Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 19:46:08, on 2007-11-29
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Video Add-on\isfmntr.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\WinPCDoctor\strpmon.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Video Add-on\isfmm.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
D:\Program Files\BitComet\BitComet.exe
D:\Program Files\Winamp\winamp.exe
C:\Program Files\Opera\Opera.exe
C:\Documents and Settings\nolakt\Pulpit\HiJackThis_v2.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: (no name) - {23B760D6-C98B-450B-9B32-26C7775CDF83} - C:\Program Files\Video Add-on\isfmdl.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O2 - BHO: MSVPS System - {A4D00A75-F69A-49FD-9058-AB925712CCFF} - C:\WINDOWS\popnetkqw.dll
O2 - BHO: (no name) - {F339968E-935A-4218-9AA7-CB64FBC2703B} - C:\WINDOWS\system32\datim.dll
O3 - Toolbar: IE Custom Tools - {70CC76D5-A4EE-4F25-9931-B109A63E298E} - C:\Program Files\Video Add-on\ictmdl.dll
O3 - Toolbar: The jokwmp - {AB9235F6-DB9F-4FDC-AAFB-A3BAF1849E34} - C:\WINDOWS\jokwmp.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Common Files\WinPCDoctor\strpmon.exe" dm=http://winpcdoctor.com; ad=http://winpcdoctor.com
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "D:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [BitComet] "D:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\Video Add-on\isfmntr.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Trojan Guarder Gold Version.lnk = C:\Program Files\Trojan Guarder Gold Version\Trojan Guarder.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - D:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.topsoftwarefeed.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.topsoftwarefeed.com/redirect.php (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{AFDF6D88-DACE-4AF1-BBDF-786EE20BDEB2}: NameServer = 194.204.152.34,217.98.63.164
O17 - HKLM\System\CCS\Services\Tcpip\..\{E0094969-1C01-4B66-B19C-0CE599204CF4}: NameServer = 194.204.159.1 217.98.63.164
O21 - SSODL: sapnet - {9F00E72D-BC34-4EC3-A7B7-74C4B96A4A4D} - (no file)
O21 - SSODL: rmvgor - {DCDA9FF8-282F-42B6-A29F-E6F480B4D2BA} - C:\WINDOWS\rmvgor.dll
O21 - SSODL: msmhost - {C4E8DAF3-8BF2-43AD-A068-8FFCD2CBCC36} - (no file)
O21 - SSODL: msmdev - {8BA32697-08C2-470D-A88A-939700930503} - (no file)
O22 - SharedTaskScheduler: Moduł wstępnego ładowania interfejsu Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Demon buforu kategorii składników - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: haeckel - {8373a2e0-bdd0-42bd-b4ec-ba5451eb6607} - (no file)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 6226 bytes
#5
Tequila
-
-
- 386 postów
Stały użytkownik
Napisano 29 11 2007 - 22:42
nolakt22 - ściągnij SmitfraudFix, rozpakuj, uruchom system w trybie awaryjnym, uruchom smitfraudfix.cmd i skorzystaj z opcji 2 - Clean.
Dodatkowo zafixuj. Pliki i foldery pogrubione usuń z dysku.
Przed usunięciem tych dwóch folderów co je wskazałem zajrzyj do Dodaj/Usuń programy i sprawdź czy nie będzie sie dało tego badziewia zdeinstalowac jak tak to najpierw odinstaluj a potem usuwaj ewentualne resztki (foldery).
Po robocie bezwzględnie nowy log bo nie wiem czy SmitfraudFix wszystko usunie za jednym podejściem i może trzeba będzie po nim poprawić. Ja też wszystkiego nie wskazałem co jest do usunięcia - tak więc nowy log obowiązkowo.
Dodatkowo zafixuj. Pliki i foldery pogrubione usuń z dysku.
O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Common Files\WinPCDoctor\strpmon.exe" dm=http://winpcdoctor.com; ad=http://winpcdoctor.com
O4 - Global Startup: Trojan Guarder Gold Version.lnk = C:\Program Files\Trojan Guarder Gold Version\Trojan Guarder.exe
O21 - SSODL: sapnet - {9F00E72D-BC34-4EC3-A7B7-74C4B96A4A4D} - (no file)
O21 - SSODL: rmvgor - {DCDA9FF8-282F-42B6-A29F-E6F480B4D2BA} - C:\WINDOWS\rmvgor.dll
O21 - SSODL: msmhost - {C4E8DAF3-8BF2-43AD-A068-8FFCD2CBCC36} - (no file)
O21 - SSODL: msmdev - {8BA32697-08C2-470D-A88A-939700930503} - (no file)
Przed usunięciem tych dwóch folderów co je wskazałem zajrzyj do Dodaj/Usuń programy i sprawdź czy nie będzie sie dało tego badziewia zdeinstalowac jak tak to najpierw odinstaluj a potem usuwaj ewentualne resztki (foldery).
Po robocie bezwzględnie nowy log bo nie wiem czy SmitfraudFix wszystko usunie za jednym podejściem i może trzeba będzie po nim poprawić. Ja też wszystkiego nie wskazałem co jest do usunięcia - tak więc nowy log obowiązkowo.
#6
nolakt22
-
-
- 14 postów
Początkujący
Napisano 29 11 2007 - 23:41
DZIKI serdeczne za podpowiedz juz sie za to zabieram loga dam jutro bo musze wczesnie do roboty wstac :/ jutro dam loga ale i tak dzieki nalezy ci sie Browar
#7
nolakt22
-
-
- 14 postów
Początkujący
Napisano 30 11 2007 - 22:29
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 21:34:34, on 2007-11-30
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\WinPCDoctor\strpmon.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
D:\Program Files\Winamp\winamp.exe
C:\Program Files\Opera\Opera.exe
C:\Documents and Settings\nolakt\Pulpit\HiJackThis_v2.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O2 - BHO: (no name) - {F339968E-935A-4218-9AA7-CB64FBC2703B} - C:\WINDOWS\system32\datim.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Common Files\WinPCDoctor\strpmon.exe" dm=http://winpcdoctor.com; ad=http://winpcdoctor.com
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "D:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [BitComet] "D:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - D:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.topsoftwarefeed.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.topsoftwarefeed.com/redirect.php (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{AFDF6D88-DACE-4AF1-BBDF-786EE20BDEB2}: NameServer = 194.204.152.34,217.98.63.164
O17 - HKLM\System\CCS\Services\Tcpip\..\{E0094969-1C01-4B66-B19C-0CE599204CF4}: NameServer = 194.204.159.1 217.98.63.164
O22 - SharedTaskScheduler: Moduł wstępnego ładowania interfejsu Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Demon buforu kategorii składników - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 5016 bytes
OTO NOWY LOG :/ niestety nic sie nie zmienilo
i dodaje ze nawet na sormatowanym dyskui zainstalowaniu na nim xp juz od poczatku w menadzerze zadan pokazuje proces sysytem SYSTEM - 100 % prosze pomozcie mi juz nie wiem co mam robic a nie stac mnie na wymiane kompa dzieki za ewentualna pomoc
Scan saved at 21:34:34, on 2007-11-30
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\WinPCDoctor\strpmon.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
D:\Program Files\Winamp\winamp.exe
C:\Program Files\Opera\Opera.exe
C:\Documents and Settings\nolakt\Pulpit\HiJackThis_v2.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O2 - BHO: (no name) - {F339968E-935A-4218-9AA7-CB64FBC2703B} - C:\WINDOWS\system32\datim.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Common Files\WinPCDoctor\strpmon.exe" dm=http://winpcdoctor.com; ad=http://winpcdoctor.com
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "D:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [BitComet] "D:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - D:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.topsoftwarefeed.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.topsoftwarefeed.com/redirect.php (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{AFDF6D88-DACE-4AF1-BBDF-786EE20BDEB2}: NameServer = 194.204.152.34,217.98.63.164
O17 - HKLM\System\CCS\Services\Tcpip\..\{E0094969-1C01-4B66-B19C-0CE599204CF4}: NameServer = 194.204.159.1 217.98.63.164
O22 - SharedTaskScheduler: Moduł wstępnego ładowania interfejsu Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Demon buforu kategorii składników - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 5016 bytes
OTO NOWY LOG :/ niestety nic sie nie zmienilo
i dodaje ze nawet na sormatowanym dyskui zainstalowaniu na nim xp juz od poczatku w menadzerze zadan pokazuje proces sysytem SYSTEM - 100 % prosze pomozcie mi juz nie wiem co mam robic a nie stac mnie na wymiane kompa dzieki za ewentualna pomoc
#8
Tequila
-
-
- 386 postów
Stały użytkownik
Napisano 30 11 2007 - 23:23
Wiesz co z tym zrobić
Ściągnij SilentRunners i Combofix - zrób nimi logi i pokaż je.
Edit:
Kurka wodna jeszcze to
O2 - BHO: (no name) - {F339968E-935A-4218-9AA7-CB64FBC2703B} - C:\WINDOWS\system32\datim.dll
Ściągnij SilentRunners i Combofix - zrób nimi logi i pokaż je.
Edit:
Kurka wodna jeszcze to
Jak jest to najpierw z dodaj/usuń programy deinstalacja.O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Common Files\WinPCDoctor\strpmon.exe" dm=http://winpcdoctor.com; ad=http://winpcdoctor.com
#9
nolakt22
-
-
- 14 postów
Początkujący
Napisano 01 12 2007 - 00:16
"Silent Runners.vbs", revision 52, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"Gadu-Gadu" = ""D:\Program Files\Gadu-Gadu\gg.exe" /tray" ["Gadu-Gadu S.A."]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" = ""C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"" ["Nero AG"]
"BitComet" = ""D:\Program Files\BitComet\BitComet.exe" /tray" ["www.BitComet.com"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"avast!" = "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" ["ALWIL Software"]
"SoundMan" = "SOUNDMAN.EXE" ["Avance Logic, Inc."]
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]
"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS]
"NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}\(Default) = "BitComet ClickCapture"
-> {HKLM...CLSID} = "BitComet Helper"
\InProcServer32\(Default) = "D:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll" ["BitComet"]
{F339968E-935A-4218-9AA7-CB64FBC2703B}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\datim.dll" [null data]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
-> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {HKLM...CLSID} = "DesktopContext Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {HKLM...CLSID} = "Desktop Explorer"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
-> {HKLM...CLSID} = "nView Desktop Context Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {HKLM...CLSID} = "NVIDIA CPL Extension"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler"
-> {HKLM...CLSID} = "NeroDigitalIconHandler Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
"{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler"
-> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler"
-> {HKLM...CLSID} = "NeroDigitalColumnHandler Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------
Note: detected settings may not have any effect.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
"LinkResolveIgnoreLinkInfo" = (REG_DWORD) hex:0x00000000
{unrecognized setting}
"NoResolveSearch" = (REG_DWORD) hex:0x00000001
{unrecognized setting}
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\
"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}
"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}
Active Desktop and Wallpaper:
-----------------------------
Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"
Startup items in "nolakt" & "All Users" startup folders:
--------------------------------------------------------
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart
"DSLMON" -> shortcut to: "C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe" [null data]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05
Toolbars, Explorer Bars, Extensions:
------------------------------------
Explorer Bars
HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
HKLM\Software\Classes\CLSID\{E7A829CC-671F-4C3D-B590-8C0AEA72E6B2}\(Default) = "BitComet Button"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "D:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll" ["BitComet"]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{461CC20B-FB6E-4F16-8FE8-C29359DB100E}\
"ButtonText" = "BitComet Search"
{9034A523-D068-4BE8-A284-9DF278BE776E}\
"MenuText" = "IE Anti-Spyware"
"Exec" = "http://www.topsoftwarefeed.com/redirect.php" [file not found]
{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
avast! Antivirus, avast! Antivirus, ""C:\Program Files\Alwil Software\Avast4\ashServ.exe"" ["ALWIL Software"]
avast! iAVS4 Control Service, aswUpdSv, ""C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"" ["ALWIL Software"]
avast! Mail Scanner, avast! Mail Scanner, ""C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service" ["ALWIL Software"]
avast! Web Scanner, avast! Web Scanner, ""C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service" ["ALWIL Software"]
NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]
---------- (launch time: 2007-11-30 23:20:50)
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer "No" at the
first message box and "Yes" at the second message box.
---------- (total run time: 136 seconds, including 6 seconds for message boxes)
to log z silent ale to pewnie wiesz
ComboFix 07-11-19.4C - nolakt 2007-11-30 23:14:38.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.260 [GMT 1:00]
Running from: C:\Documents and Settings\nolakt\Pulpit\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\dat.txt
C:\WINDOWS\rs.txt
C:\WINDOWS\search_res.txt
.
((((((((((((((((((((((((( Files Created from 2007-10-28 to 2007-11-30 )))))))))))))))))))))))))))))))
.
2007-11-29 22:46 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-11-29 22:46 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-11-29 22:46 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-11-29 20:07 <DIR> d-------- C:\MyCaptures
2007-11-26 18:16 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-11-26 17:46 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2007-11-26 17:27 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll
2007-11-26 17:27 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll
2007-11-26 17:27 1,124,720 --a------ C:\WINDOWS\system32\D3DCompiler_34.dll
2007-11-26 17:27 1,123,696 --a------ C:\WINDOWS\system32\D3DCompiler_33.dll
2007-11-26 17:27 443,752 --a------ C:\WINDOWS\system32\d3dx10_34.dll
2007-11-26 17:27 443,752 --a------ C:\WINDOWS\system32\d3dx10_33.dll
2007-11-26 17:27 266,088 --a------ C:\WINDOWS\system32\xactengine2_8.dll
2007-11-26 17:27 261,480 --a------ C:\WINDOWS\system32\xactengine2_7.dll
2007-11-26 17:27 255,848 --a------ C:\WINDOWS\system32\xactengine2_6.dll
2007-11-26 17:27 81,768 --a------ C:\WINDOWS\system32\xinput1_3.dll
2007-11-26 17:27 18,280 --a------ C:\WINDOWS\system32\x3daudio1_2.dll
2007-11-26 17:27 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll
2007-11-24 19:39 19,200 C:\WINDOWS\system32\drivers\smjiswvz.dat
2007-11-24 18:58 <DIR> d-------- C:\Documents and Settings\nolakt\.jpi_cache
2007-11-24 18:58 <DIR> d-------- C:\Documents and Settings\nolakt\.java
2007-11-24 18:58 83,456 --a------ C:\WINDOWS\system32\datim.dll
2007-11-24 10:59 <DIR> d-------- C:\Program Files\Trojan Guarder Gold Version
2007-11-23 10:47 2,560 --a------ C:\WINDOWS\system32\bitcometres.dll
2007-11-19 13:28 <DIR> d-------- C:\Documents and Settings\nolakt\Dane aplikacji\winpcdoctor
2007-11-19 13:22 <DIR> d-------- C:\Program Files\Common Files\WinPCDoctor
2007-11-19 13:22 89,088 --a------ C:\WINDOWS\system32\atl71.dll
2007-11-17 17:02 <DIR> d-------- C:\Documents and Settings\nolakt\Dane aplikacji\Ahead
2007-11-17 17:00 <DIR> d-------- C:\Program Files\Nero
2007-11-17 17:00 <DIR> d-------- C:\Program Files\Common Files\Ahead
2007-11-09 20:36 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\nView_Profiles
2007-11-09 20:34 8 --a------ C:\WINDOWS\system32\nvModes.dat
2007-11-08 23:12 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-10-30 21:10 <DIR> d-------- C:\Documents and Settings\nolakt\Dane aplikacji\SopCast
2007-10-30 11:21 123,602 --a------ C:\WINDOWS\system32\nvapps.nvb
2007-10-30 00:14 <DIR> d-------- C:\Documents and Settings\nolakt\Dane aplikacji\Joost
2007-10-26 19:56 <DIR> d-------- C:\Program Files\DaemonTools_WhenUSave_Installer
2007-10-25 21:20 <DIR> d-------- C:\Program Files\Google
2007-10-25 19:07 <DIR> d-------- C:\Documents and Settings\nolakt\Dane aplikacji\DivX
2007-10-25 16:46 <DIR> d-------- C:\WINDOWS\nview
2007-10-25 16:46 356,352 --a------ C:\WINDOWS\system32\nvudisp.exe
2007-10-25 16:46 127,254 --a------ C:\WINDOWS\system32\nvapps.xml
2007-10-25 16:46 17,463 --a------ C:\WINDOWS\system32\nvdisp.nvu
2007-10-25 16:45 <DIR> d-------- C:\NVIDIA
2007-10-25 16:45 356,352 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2007-10-25 15:21 <DIR> d-------- C:\Documents and Settings\nolakt\Dane aplikacji\Gadu-Gadu
2007-10-25 15:20 <DIR> d-------- C:\Documents and Settings\nolakt\Gadu-Gadu
2007-10-25 15:00 <DIR> d-------- C:\Program Files\SAGEM
2007-10-25 15:00 155,648 --a------ C:\WINDOWS\system32\adadix32.dll
2007-10-25 15:00 127,456 --a------ C:\WINDOWS\system32\IPDETECT.EXE
2007-10-25 15:00 126,976 --a------ C:\WINDOWS\system32\coclassfast.dll
2007-10-25 15:00 46,892 --a------ C:\WINDOWS\system32\ADADIX16.DLL
2007-10-25 15:00 4,981 --a------ C:\WINDOWS\system32\ADADIX2K.DLL
2007-10-25 15:00 33 --a------ C:\WINDOWS\system32\drivers\adidsl.cfg
2007-10-25 14:03 171,776 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2007-10-25 14:03 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2007-10-25 14:03 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2007-10-25 14:03 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2007-10-25 14:03 7,552 --a------ C:\WINDOWS\system32\drivers\MSKSSRV.sys
2007-10-25 14:03 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2007-10-25 14:03 5,376 --a------ C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2007-10-25 14:03 4,992 --a------ C:\WINDOWS\system32\drivers\MSPQM.sys
2007-10-25 14:02 6,807,328 --a------ C:\WINDOWS\system32\drivers\nv4_mini.sys
2007-10-25 14:02 6,807,328 --a--c--- C:\WINDOWS\system32\dllcache\nv4_mini.sys
2007-10-25 14:02 5,690,624 --a------ C:\WINDOWS\system32\nv4_disp.dll
2007-10-25 14:02 145,792 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2007-10-25 14:02 145,792 --a--c--- C:\WINDOWS\system32\dllcache\portcls.sys
2007-10-25 14:02 130,048 --a------ C:\WINDOWS\system32\ksproxy.ax
2007-10-25 14:02 58,624 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2007-10-25 14:02 20,992 --a------ C:\WINDOWS\system32\drivers\RTL8139.sys
2007-10-25 14:02 10,624 --a------ C:\WINDOWS\system32\drivers\gameenum.sys
2007-10-25 14:02 5,504 --a------ C:\WINDOWS\system32\drivers\intelide.sys
2007-10-25 14:02 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2007-10-25 14:02 2,944 --a------ C:\WINDOWS\system32\drivers\msmpu401.sys
2007-10-25 14:00 <DIR> dr------- C:\Program Files
2007-10-25 14:00 1,685,606 --a--c--- C:\WINDOWS\system32\dllcache\sam.spd
2007-10-25 14:00 763,990 --a------ C:\WINDOWS\system32\PerfStringBackup.INI
2007-10-25 14:00 741,376 --a--c--- C:\WINDOWS\system32\dllcache\sapi.dll
2007-10-25 14:00 605,050 --a--c--- C:\WINDOWS\system32\dllcache\r1033tts.lxa
2007-10-25 14:00 155,648 --a--c--- C:\WINDOWS\system32\dllcache\sapi.cpl
2007-10-25 14:00 66,594 --a------ C:\WINDOWS\system32\c_857.nls
2007-10-25 14:00 66,082 --a------ C:\WINDOWS\system32\c_28603.nls
2007-10-25 14:00 66,082 --a------ C:\WINDOWS\system32\c_28599.nls
2007-10-25 14:00 66,082 --a------ C:\WINDOWS\system32\c_10081.nls
2007-10-25 14:00 19,456 --a--c--- C:\WINDOWS\system32\dllcache\agt041f.dll
2007-10-25 14:00 19,456 --a--c--- C:\WINDOWS\system32\dllcache\agt0419.dll
2007-10-25 14:00 6,144 -ra------ C:\WINDOWS\system32\kbdtuq.dll
2007-10-25 14:00 6,144 -ra------ C:\WINDOWS\system32\kbdtuf.dll
2007-10-25 14:00 5,632 -ra------ C:\WINDOWS\system32\kbdazel.dll
2007-10-25 14:00 888 --a--c--- C:\WINDOWS\system32\dllcache\sam.sdf
2007-10-20 01:56 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-10-20 01:56 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-10-20 01:56 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-10-20 01:56 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-10-20 01:56 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb
2007-10-20 01:54 823,296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2007-10-20 01:54 739,840 --a------ C:\WINDOWS\system32\DivX.dll
2007-10-18 10:06 156,992 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-10-18 10:02 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-23 18:13 122,880 ----a-w C:\WINDOWS\nethop.exe
2007-10-26 18:59 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-25 15:45 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-10-25 13:58 --------- d-----w C:\Program Files\neostrada tp
2007-10-25 12:20 682,232 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-10-25 12:19 --------- d-----w C:\Program Files\Opera
2007-10-25 12:17 --------- d-----w C:\Program Files\Winamp
2007-10-25 12:05 --------- d-----w C:\Program Files\Java
2007-10-25 12:00 --------- d-----w C:\Program Files\AvRack
2007-10-25 12:00 --------- d-----w C:\Program Files\Avance Sound Manager
2007-10-25 11:55 --------- d-----w C:\Program Files\Alwil Software
2007-10-25 11:15 --------- d-----w C:\Program Files\microsoft frontpage
2007-10-25 11:12 --------- d-----w C:\Program Files\Usługi online
2007-10-20 00:54 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2007-10-20 00:54 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-10-20 00:54 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2007-10-20 00:54 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2007-10-18 09:03 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2007-10-18 09:03 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2007-10-18 09:03 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2007-10-18 09:03 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2007-10-18 09:03 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2007-10-18 09:03 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2007-10-03 22:36 25,600 ----a-w C:\WINDOWS\system32\WS2Fix.exe
2007-09-05 22:22 289,144 ----a-w C:\WINDOWS\system32\VCCLSID.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F339968E-935A-4218-9AA7-CB64FBC2703B}]
2001-10-26 20:29 83456 --a------ C:\WINDOWS\system32\datim.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:44]
"Gadu-Gadu"="D:\Program Files\Gadu-Gadu\gg.exe" [2007-07-09 08:39]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-10-28 16:25]
"BitComet"="D:\Program Files\BitComet\BitComet.exe" [2007-11-07 16:06]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 16:42]
"SoundMan"="SOUNDMAN.EXE" [2002-02-05 15:05 C:\WINDOWS\SOUNDMAN.EXE]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-04 01:44 C:\WINDOWS\system32\rundll32.exe]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-04 01:44 C:\WINDOWS\system32\rundll32.exe]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 01:44]
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2007-10-25 15:00:50]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
d:\Program Files\DAEMON Tools\daemon.exe -lang 1033
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerStrip]
2007-07-14 10:35 730360 --a------ d:\program files\pstrip.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2007-05-14 23:22 35328 --a------ d:\Program Files\Winamp\winampa.exe
R0 tugoqgun;tugoqgun;C:\WINDOWS\system32\drivers\smjiswvz.dat
R1 ATITool;ATITool Overclocking Utility;C:\WINDOWS\system32\DRIVERS\ATITool.sys
R2 PStrip;PSTRIP;\??\C:\WINDOWS\system32\DRIVERS\PSTRIP.SYS
R3 e4usbaw;USB ADSL2 WAN Adapter;C:\WINDOWS\system32\DRIVERS\e4usbaw.sys
S2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);C:\WINDOWS\system32\Drivers\e4ldr.sys
*Newly Created Service* - CATCHME
.
**************************************************************************
catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-30 23:17:08
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-11-30 23:18:18
.
--- E O F ---
a to ten 2 aha tego wpisu o2.... nie dalo sie zafixowac a tego pliku pc doctor nie dalo sie usunac bo wyskoczylo ze brak dostepu ..... i co pomozesz mi??w sumie i tak dzieki za staranie ![;]](/public/style_emoticons/default/zeby.GIF)
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"Gadu-Gadu" = ""D:\Program Files\Gadu-Gadu\gg.exe" /tray" ["Gadu-Gadu S.A."]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" = ""C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"" ["Nero AG"]
"BitComet" = ""D:\Program Files\BitComet\BitComet.exe" /tray" ["www.BitComet.com"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"avast!" = "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" ["ALWIL Software"]
"SoundMan" = "SOUNDMAN.EXE" ["Avance Logic, Inc."]
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]
"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS]
"NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}\(Default) = "BitComet ClickCapture"
-> {HKLM...CLSID} = "BitComet Helper"
\InProcServer32\(Default) = "D:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll" ["BitComet"]
{F339968E-935A-4218-9AA7-CB64FBC2703B}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\datim.dll" [null data]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
-> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {HKLM...CLSID} = "DesktopContext Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {HKLM...CLSID} = "Desktop Explorer"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
-> {HKLM...CLSID} = "nView Desktop Context Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {HKLM...CLSID} = "NVIDIA CPL Extension"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler"
-> {HKLM...CLSID} = "NeroDigitalIconHandler Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
"{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler"
-> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler"
-> {HKLM...CLSID} = "NeroDigitalColumnHandler Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------
Note: detected settings may not have any effect.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
"LinkResolveIgnoreLinkInfo" = (REG_DWORD) hex:0x00000000
{unrecognized setting}
"NoResolveSearch" = (REG_DWORD) hex:0x00000001
{unrecognized setting}
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\
"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}
"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}
Active Desktop and Wallpaper:
-----------------------------
Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"
Startup items in "nolakt" & "All Users" startup folders:
--------------------------------------------------------
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart
"DSLMON" -> shortcut to: "C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe" [null data]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05
Toolbars, Explorer Bars, Extensions:
------------------------------------
Explorer Bars
HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
HKLM\Software\Classes\CLSID\{E7A829CC-671F-4C3D-B590-8C0AEA72E6B2}\(Default) = "BitComet Button"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "D:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll" ["BitComet"]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{461CC20B-FB6E-4F16-8FE8-C29359DB100E}\
"ButtonText" = "BitComet Search"
{9034A523-D068-4BE8-A284-9DF278BE776E}\
"MenuText" = "IE Anti-Spyware"
"Exec" = "http://www.topsoftwarefeed.com/redirect.php" [file not found]
{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
avast! Antivirus, avast! Antivirus, ""C:\Program Files\Alwil Software\Avast4\ashServ.exe"" ["ALWIL Software"]
avast! iAVS4 Control Service, aswUpdSv, ""C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"" ["ALWIL Software"]
avast! Mail Scanner, avast! Mail Scanner, ""C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service" ["ALWIL Software"]
avast! Web Scanner, avast! Web Scanner, ""C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service" ["ALWIL Software"]
NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]
---------- (launch time: 2007-11-30 23:20:50)
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer "No" at the
first message box and "Yes" at the second message box.
---------- (total run time: 136 seconds, including 6 seconds for message boxes)
to log z silent ale to pewnie wiesz
ComboFix 07-11-19.4C - nolakt 2007-11-30 23:14:38.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.260 [GMT 1:00]
Running from: C:\Documents and Settings\nolakt\Pulpit\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\dat.txt
C:\WINDOWS\rs.txt
C:\WINDOWS\search_res.txt
.
((((((((((((((((((((((((( Files Created from 2007-10-28 to 2007-11-30 )))))))))))))))))))))))))))))))
.
2007-11-29 22:46 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-11-29 22:46 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-11-29 22:46 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-11-29 20:07 <DIR> d-------- C:\MyCaptures
2007-11-26 18:16 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-11-26 17:46 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2007-11-26 17:27 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll
2007-11-26 17:27 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll
2007-11-26 17:27 1,124,720 --a------ C:\WINDOWS\system32\D3DCompiler_34.dll
2007-11-26 17:27 1,123,696 --a------ C:\WINDOWS\system32\D3DCompiler_33.dll
2007-11-26 17:27 443,752 --a------ C:\WINDOWS\system32\d3dx10_34.dll
2007-11-26 17:27 443,752 --a------ C:\WINDOWS\system32\d3dx10_33.dll
2007-11-26 17:27 266,088 --a------ C:\WINDOWS\system32\xactengine2_8.dll
2007-11-26 17:27 261,480 --a------ C:\WINDOWS\system32\xactengine2_7.dll
2007-11-26 17:27 255,848 --a------ C:\WINDOWS\system32\xactengine2_6.dll
2007-11-26 17:27 81,768 --a------ C:\WINDOWS\system32\xinput1_3.dll
2007-11-26 17:27 18,280 --a------ C:\WINDOWS\system32\x3daudio1_2.dll
2007-11-26 17:27 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll
2007-11-24 19:39 19,200 C:\WINDOWS\system32\drivers\smjiswvz.dat
2007-11-24 18:58 <DIR> d-------- C:\Documents and Settings\nolakt\.jpi_cache
2007-11-24 18:58 <DIR> d-------- C:\Documents and Settings\nolakt\.java
2007-11-24 18:58 83,456 --a------ C:\WINDOWS\system32\datim.dll
2007-11-24 10:59 <DIR> d-------- C:\Program Files\Trojan Guarder Gold Version
2007-11-23 10:47 2,560 --a------ C:\WINDOWS\system32\bitcometres.dll
2007-11-19 13:28 <DIR> d-------- C:\Documents and Settings\nolakt\Dane aplikacji\winpcdoctor
2007-11-19 13:22 <DIR> d-------- C:\Program Files\Common Files\WinPCDoctor
2007-11-19 13:22 89,088 --a------ C:\WINDOWS\system32\atl71.dll
2007-11-17 17:02 <DIR> d-------- C:\Documents and Settings\nolakt\Dane aplikacji\Ahead
2007-11-17 17:00 <DIR> d-------- C:\Program Files\Nero
2007-11-17 17:00 <DIR> d-------- C:\Program Files\Common Files\Ahead
2007-11-09 20:36 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\nView_Profiles
2007-11-09 20:34 8 --a------ C:\WINDOWS\system32\nvModes.dat
2007-11-08 23:12 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-10-30 21:10 <DIR> d-------- C:\Documents and Settings\nolakt\Dane aplikacji\SopCast
2007-10-30 11:21 123,602 --a------ C:\WINDOWS\system32\nvapps.nvb
2007-10-30 00:14 <DIR> d-------- C:\Documents and Settings\nolakt\Dane aplikacji\Joost
2007-10-26 19:56 <DIR> d-------- C:\Program Files\DaemonTools_WhenUSave_Installer
2007-10-25 21:20 <DIR> d-------- C:\Program Files\Google
2007-10-25 19:07 <DIR> d-------- C:\Documents and Settings\nolakt\Dane aplikacji\DivX
2007-10-25 16:46 <DIR> d-------- C:\WINDOWS\nview
2007-10-25 16:46 356,352 --a------ C:\WINDOWS\system32\nvudisp.exe
2007-10-25 16:46 127,254 --a------ C:\WINDOWS\system32\nvapps.xml
2007-10-25 16:46 17,463 --a------ C:\WINDOWS\system32\nvdisp.nvu
2007-10-25 16:45 <DIR> d-------- C:\NVIDIA
2007-10-25 16:45 356,352 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2007-10-25 15:21 <DIR> d-------- C:\Documents and Settings\nolakt\Dane aplikacji\Gadu-Gadu
2007-10-25 15:20 <DIR> d-------- C:\Documents and Settings\nolakt\Gadu-Gadu
2007-10-25 15:00 <DIR> d-------- C:\Program Files\SAGEM
2007-10-25 15:00 155,648 --a------ C:\WINDOWS\system32\adadix32.dll
2007-10-25 15:00 127,456 --a------ C:\WINDOWS\system32\IPDETECT.EXE
2007-10-25 15:00 126,976 --a------ C:\WINDOWS\system32\coclassfast.dll
2007-10-25 15:00 46,892 --a------ C:\WINDOWS\system32\ADADIX16.DLL
2007-10-25 15:00 4,981 --a------ C:\WINDOWS\system32\ADADIX2K.DLL
2007-10-25 15:00 33 --a------ C:\WINDOWS\system32\drivers\adidsl.cfg
2007-10-25 14:03 171,776 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2007-10-25 14:03 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2007-10-25 14:03 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2007-10-25 14:03 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2007-10-25 14:03 7,552 --a------ C:\WINDOWS\system32\drivers\MSKSSRV.sys
2007-10-25 14:03 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2007-10-25 14:03 5,376 --a------ C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2007-10-25 14:03 4,992 --a------ C:\WINDOWS\system32\drivers\MSPQM.sys
2007-10-25 14:02 6,807,328 --a------ C:\WINDOWS\system32\drivers\nv4_mini.sys
2007-10-25 14:02 6,807,328 --a--c--- C:\WINDOWS\system32\dllcache\nv4_mini.sys
2007-10-25 14:02 5,690,624 --a------ C:\WINDOWS\system32\nv4_disp.dll
2007-10-25 14:02 145,792 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2007-10-25 14:02 145,792 --a--c--- C:\WINDOWS\system32\dllcache\portcls.sys
2007-10-25 14:02 130,048 --a------ C:\WINDOWS\system32\ksproxy.ax
2007-10-25 14:02 58,624 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2007-10-25 14:02 20,992 --a------ C:\WINDOWS\system32\drivers\RTL8139.sys
2007-10-25 14:02 10,624 --a------ C:\WINDOWS\system32\drivers\gameenum.sys
2007-10-25 14:02 5,504 --a------ C:\WINDOWS\system32\drivers\intelide.sys
2007-10-25 14:02 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2007-10-25 14:02 2,944 --a------ C:\WINDOWS\system32\drivers\msmpu401.sys
2007-10-25 14:00 <DIR> dr------- C:\Program Files
2007-10-25 14:00 1,685,606 --a--c--- C:\WINDOWS\system32\dllcache\sam.spd
2007-10-25 14:00 763,990 --a------ C:\WINDOWS\system32\PerfStringBackup.INI
2007-10-25 14:00 741,376 --a--c--- C:\WINDOWS\system32\dllcache\sapi.dll
2007-10-25 14:00 605,050 --a--c--- C:\WINDOWS\system32\dllcache\r1033tts.lxa
2007-10-25 14:00 155,648 --a--c--- C:\WINDOWS\system32\dllcache\sapi.cpl
2007-10-25 14:00 66,594 --a------ C:\WINDOWS\system32\c_857.nls
2007-10-25 14:00 66,082 --a------ C:\WINDOWS\system32\c_28603.nls
2007-10-25 14:00 66,082 --a------ C:\WINDOWS\system32\c_28599.nls
2007-10-25 14:00 66,082 --a------ C:\WINDOWS\system32\c_10081.nls
2007-10-25 14:00 19,456 --a--c--- C:\WINDOWS\system32\dllcache\agt041f.dll
2007-10-25 14:00 19,456 --a--c--- C:\WINDOWS\system32\dllcache\agt0419.dll
2007-10-25 14:00 6,144 -ra------ C:\WINDOWS\system32\kbdtuq.dll
2007-10-25 14:00 6,144 -ra------ C:\WINDOWS\system32\kbdtuf.dll
2007-10-25 14:00 5,632 -ra------ C:\WINDOWS\system32\kbdazel.dll
2007-10-25 14:00 888 --a--c--- C:\WINDOWS\system32\dllcache\sam.sdf
2007-10-20 01:56 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-10-20 01:56 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-10-20 01:56 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-10-20 01:56 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-10-20 01:56 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb
2007-10-20 01:54 823,296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2007-10-20 01:54 739,840 --a------ C:\WINDOWS\system32\DivX.dll
2007-10-18 10:06 156,992 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-10-18 10:02 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-23 18:13 122,880 ----a-w C:\WINDOWS\nethop.exe
2007-10-26 18:59 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-25 15:45 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-10-25 13:58 --------- d-----w C:\Program Files\neostrada tp
2007-10-25 12:20 682,232 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-10-25 12:19 --------- d-----w C:\Program Files\Opera
2007-10-25 12:17 --------- d-----w C:\Program Files\Winamp
2007-10-25 12:05 --------- d-----w C:\Program Files\Java
2007-10-25 12:00 --------- d-----w C:\Program Files\AvRack
2007-10-25 12:00 --------- d-----w C:\Program Files\Avance Sound Manager
2007-10-25 11:55 --------- d-----w C:\Program Files\Alwil Software
2007-10-25 11:15 --------- d-----w C:\Program Files\microsoft frontpage
2007-10-25 11:12 --------- d-----w C:\Program Files\Usługi online
2007-10-20 00:54 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2007-10-20 00:54 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-10-20 00:54 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2007-10-20 00:54 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2007-10-18 09:03 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2007-10-18 09:03 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2007-10-18 09:03 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2007-10-18 09:03 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2007-10-18 09:03 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2007-10-18 09:03 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2007-10-03 22:36 25,600 ----a-w C:\WINDOWS\system32\WS2Fix.exe
2007-09-05 22:22 289,144 ----a-w C:\WINDOWS\system32\VCCLSID.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F339968E-935A-4218-9AA7-CB64FBC2703B}]
2001-10-26 20:29 83456 --a------ C:\WINDOWS\system32\datim.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:44]
"Gadu-Gadu"="D:\Program Files\Gadu-Gadu\gg.exe" [2007-07-09 08:39]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-10-28 16:25]
"BitComet"="D:\Program Files\BitComet\BitComet.exe" [2007-11-07 16:06]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 16:42]
"SoundMan"="SOUNDMAN.EXE" [2002-02-05 15:05 C:\WINDOWS\SOUNDMAN.EXE]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-04 01:44 C:\WINDOWS\system32\rundll32.exe]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-04 01:44 C:\WINDOWS\system32\rundll32.exe]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 01:44]
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2007-10-25 15:00:50]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
d:\Program Files\DAEMON Tools\daemon.exe -lang 1033
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerStrip]
2007-07-14 10:35 730360 --a------ d:\program files\pstrip.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2007-05-14 23:22 35328 --a------ d:\Program Files\Winamp\winampa.exe
R0 tugoqgun;tugoqgun;C:\WINDOWS\system32\drivers\smjiswvz.dat
R1 ATITool;ATITool Overclocking Utility;C:\WINDOWS\system32\DRIVERS\ATITool.sys
R2 PStrip;PSTRIP;\??\C:\WINDOWS\system32\DRIVERS\PSTRIP.SYS
R3 e4usbaw;USB ADSL2 WAN Adapter;C:\WINDOWS\system32\DRIVERS\e4usbaw.sys
S2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);C:\WINDOWS\system32\Drivers\e4ldr.sys
*Newly Created Service* - CATCHME
.
**************************************************************************
catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-30 23:17:08
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-11-30 23:18:18
.
--- E O F ---
a to ten 2 aha tego wpisu o2.... nie dalo sie zafixowac a tego pliku pc doctor nie dalo sie usunac bo wyskoczylo ze brak dostepu .....
i co pomozesz mi??w sumie i tak dzieki za staranie
#10
Tequila
-
-
- 386 postów
Stały użytkownik
Napisano 01 12 2007 - 01:04
To musi wylecieć:
C:\WINDOWS\system32\datim.dll
C:\Program Files\Trojan Guarder Gold Version
C:\Documents and Settings\nolakt\Dane aplikacji\winpcdoctor
C:\Program Files\Common Files\WinPCDoctor
C:\WINDOWS\nethop.exe
To C:\WINDOWS\system32\drivers\smjiswvz.dat też
Zrób tak. Otwórz notatnik i wklej do niego
Dodatkowo korzystasz z SDFix w trybie awaryjnym - zgodnie z intrukcją.
Po robocie nowy log ComboFixa, Hijacka, SilentRunners i raporcik SDFixa
C:\WINDOWS\system32\datim.dll
C:\Program Files\Trojan Guarder Gold Version
C:\Documents and Settings\nolakt\Dane aplikacji\winpcdoctor
C:\Program Files\Common Files\WinPCDoctor
C:\WINDOWS\nethop.exe
To C:\WINDOWS\system32\drivers\smjiswvz.dat też
Zrób tak. Otwórz notatnik i wklej do niego
File:: C:\WINDOWS\system32\datim.dll C:\WINDOWS\system32\drivers\smjiswvz.dat C:\WINDOWS\nethop.exe Folder:: C:\Program Files\Trojan Guarder Gold Version C:\Documents and Settings\nolakt\Dane aplikacji\winpcdoctor C:\Program Files\Common Files\WinPCDoctorZapisz jako CFScript najlepiej zaraz obok ComboFixa i zrób z plikiem tak jak na obrazku:
Dodatkowo korzystasz z SDFix w trybie awaryjnym - zgodnie z intrukcją.
Po robocie nowy log ComboFixa, Hijacka, SilentRunners i raporcik SDFixa
#11
nolakt22
-
-
- 14 postów
Początkujący
Napisano 01 12 2007 - 14:16
ale do zwyklego notatnika?? probowalem i nie moge tam wkleic plikow z windowsa :/ odmowa dostepu wiem jestem noobem le nie czaje jak mam to zrobic
#12
Tequila
-
-
- 386 postów
Stały użytkownik
Napisano 01 12 2007 - 15:18
Tak do zwykłego notatnika.
Nad sprawą odmowy dostępu będziemy się zastanawiać jak automaty do kasacji nie dadza sobie rady z usunięciem.
Nad sprawą odmowy dostępu będziemy się zastanawiać jak automaty do kasacji nie dadza sobie rady z usunięciem.
#13
nolakt22
-
-
- 14 postów
Początkujący
Napisano 01 12 2007 - 15:46
wiec probowalem zrobic tak jak napisales i skopiowalem do notatnika datimm.dll i nethop exe a WINDOWS\system32\drivers\smjiswvz.dat nie dalo sie skopiowac ani wyciac bo wyskakuje brak dostepu ale mniejsza w to chcialem to zapisac jako cfscript ale nic takiego tam nie ma albo jestem slepy :/ tylko w jakis kodowaniu ansi unicode itp ... kompletnie tego nie czaje ( ja juz nie wiem co mam robic qrde:/
( ja juz nie wiem co mam robic qrde:/
#14
Tequila
-
-
- 386 postów
Stały użytkownik
Napisano 01 12 2007 - 15:51
Nie pliki miałes skopiować a ten tekst co jest w kodzie podany
#15
nolakt22
-
-
- 14 postów
Początkujący
Napisano 01 12 2007 - 17:02
nie no ja nie czaje skopiowalem te wpisy zapisalem jako dokument tekstowy probowalem to wrzucic do combofixa ktory sie zapytal czy chce to zapisac w cfsript i wyskakuje ze WERE YUO TRYING TO RUN CFSCRIPT? THE NAME CFSCRIPT APPEARS TO BE INCORRECTLY SPELT
jaka nazwa zla? nie rozumiem qrde :/
jaka nazwa zla? nie rozumiem qrde :/
#16
Tequila
-
-
- 386 postów
Stały użytkownik
Napisano 01 12 2007 - 17:26
Ściągnij załącznik z mojego postu (prawy klawisz na załączniku -> zapisz element docelowy jako ...), zapisz go obok combofixa i zrób tak jak na tym gifie animowanym wyżej.
Co z SDFix ?
Co z SDFix ?
Załączone pliki
-
CFScript.txt 264 bajtów
260 Ilość pobrań
#17
nolakt22
-
-
- 14 postów
Początkujący
Napisano 02 12 2007 - 13:00
SmitFraudFix v2.256
Scan done at 12:01:30.17, 2007-12-02
Run from C:\Documents and Settings\nolakt\Pulpit\SmitfraudFix
OS: Microsoft Windows XP [Wersja 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!Attention, following keys are not inevitably infected!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
»»»»»»»»»»»»»»»»»»»»»»»» DNS
HKLM\SYSTEM\CCS\Services\Tcpip\..\{AFDF6D88-DACE-4AF1-BBDF-786EE20BDEB2}: NameServer=194.204.152.34,217.98.63.164
HKLM\SYSTEM\CCS\Services\Tcpip\..\{E0094969-1C01-4B66-B19C-0CE599204CF4}: NameServer=194.204.159.1 217.98.63.164
HKLM\SYSTEM\CS1\Services\Tcpip\..\{AFDF6D88-DACE-4AF1-BBDF-786EE20BDEB2}: NameServer=194.204.152.34,217.98.63.164
HKLM\SYSTEM\CS1\Services\Tcpip\..\{E0094969-1C01-4B66-B19C-0CE599204CF4}: NameServer=194.204.159.1 217.98.63.164
HKLM\SYSTEM\CS2\Services\Tcpip\..\{AFDF6D88-DACE-4AF1-BBDF-786EE20BDEB2}: NameServer=194.204.152.34,217.98.63.164
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!Attention, following keys are not inevitably infected!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!Attention, following keys are not inevitably infected!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» End
"Silent Runners.vbs", revision 52, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"Gadu-Gadu" = ""D:\Program Files\Gadu-Gadu\gg.exe" /tray" ["Gadu-Gadu S.A."]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" = ""C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"" ["Nero AG"]
"BitComet" = ""D:\Program Files\BitComet\BitComet.exe" /tray" ["www.BitComet.com"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"avast!" = "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" ["ALWIL Software"]
"SoundMan" = "SOUNDMAN.EXE" ["Avance Logic, Inc."]
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]
"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS]
"NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}\(Default) = "BitComet ClickCapture"
-> {HKLM...CLSID} = "BitComet Helper"
\InProcServer32\(Default) = "D:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll" ["BitComet"]
{F339968E-935A-4218-9AA7-CB64FBC2703B}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\datim.dll" [null data]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
-> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {HKLM...CLSID} = "DesktopContext Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {HKLM...CLSID} = "Desktop Explorer"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
-> {HKLM...CLSID} = "nView Desktop Context Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {HKLM...CLSID} = "NVIDIA CPL Extension"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler"
-> {HKLM...CLSID} = "NeroDigitalIconHandler Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
"{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler"
-> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler"
-> {HKLM...CLSID} = "NeroDigitalColumnHandler Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------
Note: detected settings may not have any effect.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
"LinkResolveIgnoreLinkInfo" = (REG_DWORD) hex:0x00000000
{unrecognized setting}
"NoResolveSearch" = (REG_DWORD) hex:0x00000001
{unrecognized setting}
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\
"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}
"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}
Active Desktop and Wallpaper:
-----------------------------
Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"
Startup items in "nolakt" & "All Users" startup folders:
--------------------------------------------------------
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart
"DSLMON" -> shortcut to: "C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe" [null data]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05
Toolbars, Explorer Bars, Extensions:
------------------------------------
Explorer Bars
HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
HKLM\Software\Classes\CLSID\{E7A829CC-671F-4C3D-B590-8C0AEA72E6B2}\(Default) = "BitComet Button"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "D:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll" ["BitComet"]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{461CC20B-FB6E-4F16-8FE8-C29359DB100E}\
"ButtonText" = "BitComet Search"
{9034A523-D068-4BE8-A284-9DF278BE776E}\
"MenuText" = "IE Anti-Spyware"
"Exec" = "http://www.topsoftwarefeed.com/redirect.php" [file not found]
{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
avast! Antivirus, avast! Antivirus, ""C:\Program Files\Alwil Software\Avast4\ashServ.exe"" ["ALWIL Software"]
avast! iAVS4 Control Service, aswUpdSv, ""C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"" ["ALWIL Software"]
avast! Mail Scanner, avast! Mail Scanner, ""C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service" ["ALWIL Software"]
avast! Web Scanner, avast! Web Scanner, ""C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service" ["ALWIL Software"]
NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]
---------- (launch time: 2007-12-02 12:08:23)
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer "No" at the
first message box and "Yes" at the second message box.
---------- (total run time: 90 seconds, including 9 seconds for message boxes)
zrobilem tak jak mowiles i teraz czekam co dalej proponujesz
Scan done at 12:01:30.17, 2007-12-02
Run from C:\Documents and Settings\nolakt\Pulpit\SmitfraudFix
OS: Microsoft Windows XP [Wersja 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!Attention, following keys are not inevitably infected!SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
»»»»»»»»»»»»»»»»»»»»»»»» DNS
HKLM\SYSTEM\CCS\Services\Tcpip\..\{AFDF6D88-DACE-4AF1-BBDF-786EE20BDEB2}: NameServer=194.204.152.34,217.98.63.164
HKLM\SYSTEM\CCS\Services\Tcpip\..\{E0094969-1C01-4B66-B19C-0CE599204CF4}: NameServer=194.204.159.1 217.98.63.164
HKLM\SYSTEM\CS1\Services\Tcpip\..\{AFDF6D88-DACE-4AF1-BBDF-786EE20BDEB2}: NameServer=194.204.152.34,217.98.63.164
HKLM\SYSTEM\CS1\Services\Tcpip\..\{E0094969-1C01-4B66-B19C-0CE599204CF4}: NameServer=194.204.159.1 217.98.63.164
HKLM\SYSTEM\CS2\Services\Tcpip\..\{AFDF6D88-DACE-4AF1-BBDF-786EE20BDEB2}: NameServer=194.204.152.34,217.98.63.164
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!Attention, following keys are not inevitably infected![HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!Attention, following keys are not inevitably infected!SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» End
"Silent Runners.vbs", revision 52, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"Gadu-Gadu" = ""D:\Program Files\Gadu-Gadu\gg.exe" /tray" ["Gadu-Gadu S.A."]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" = ""C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"" ["Nero AG"]
"BitComet" = ""D:\Program Files\BitComet\BitComet.exe" /tray" ["www.BitComet.com"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"avast!" = "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" ["ALWIL Software"]
"SoundMan" = "SOUNDMAN.EXE" ["Avance Logic, Inc."]
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]
"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS]
"NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}\(Default) = "BitComet ClickCapture"
-> {HKLM...CLSID} = "BitComet Helper"
\InProcServer32\(Default) = "D:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll" ["BitComet"]
{F339968E-935A-4218-9AA7-CB64FBC2703B}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\datim.dll" [null data]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
-> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {HKLM...CLSID} = "DesktopContext Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {HKLM...CLSID} = "Desktop Explorer"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
-> {HKLM...CLSID} = "nView Desktop Context Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {HKLM...CLSID} = "NVIDIA CPL Extension"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler"
-> {HKLM...CLSID} = "NeroDigitalIconHandler Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
"{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler"
-> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler"
-> {HKLM...CLSID} = "NeroDigitalColumnHandler Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------
Note: detected settings may not have any effect.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
"LinkResolveIgnoreLinkInfo" = (REG_DWORD) hex:0x00000000
{unrecognized setting}
"NoResolveSearch" = (REG_DWORD) hex:0x00000001
{unrecognized setting}
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\
"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}
"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}
Active Desktop and Wallpaper:
-----------------------------
Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"
Startup items in "nolakt" & "All Users" startup folders:
--------------------------------------------------------
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart
"DSLMON" -> shortcut to: "C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe" [null data]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05
Toolbars, Explorer Bars, Extensions:
------------------------------------
Explorer Bars
HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
HKLM\Software\Classes\CLSID\{E7A829CC-671F-4C3D-B590-8C0AEA72E6B2}\(Default) = "BitComet Button"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "D:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll" ["BitComet"]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{461CC20B-FB6E-4F16-8FE8-C29359DB100E}\
"ButtonText" = "BitComet Search"
{9034A523-D068-4BE8-A284-9DF278BE776E}\
"MenuText" = "IE Anti-Spyware"
"Exec" = "http://www.topsoftwarefeed.com/redirect.php" [file not found]
{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
avast! Antivirus, avast! Antivirus, ""C:\Program Files\Alwil Software\Avast4\ashServ.exe"" ["ALWIL Software"]
avast! iAVS4 Control Service, aswUpdSv, ""C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"" ["ALWIL Software"]
avast! Mail Scanner, avast! Mail Scanner, ""C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service" ["ALWIL Software"]
avast! Web Scanner, avast! Web Scanner, ""C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service" ["ALWIL Software"]
NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]
---------- (launch time: 2007-12-02 12:08:23)
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer "No" at the
first message box and "Yes" at the second message box.
---------- (total run time: 90 seconds, including 9 seconds for message boxes)
zrobilem tak jak mowiles
i teraz czekam co dalej proponujesz
#19
nolakt22
-
-
- 14 postów
Początkujący
Napisano 02 12 2007 - 16:07
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 15:17, on 2007-12-02
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
D:\Program Files\Winamp\winamp.exe
C:\Documents and Settings\nolakt\Pulpit\HiJackThis_v2.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O2 - BHO: (no name) - {F339968E-935A-4218-9AA7-CB64FBC2703B} - C:\WINDOWS\system32\datim.dll (file missing)
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "D:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [BitComet] "D:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - D:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.topsoftwarefeed.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.topsoftwarefeed.com/redirect.php (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{AFDF6D88-DACE-4AF1-BBDF-786EE20BDEB2}: NameServer = 194.204.152.34,217.98.63.164
O17 - HKLM\System\CCS\Services\Tcpip\..\{E0094969-1C01-4B66-B19C-0CE599204CF4}: NameServer = 194.204.159.1 217.98.63.164
O22 - SharedTaskScheduler: Moduł wstępnego ładowania interfejsu Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Demon buforu kategorii składników - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 4832 bytes
masz loga zrobilem tak jak napisales ale dalej bez zmian
Scan saved at 15:17, on 2007-12-02
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
D:\Program Files\Winamp\winamp.exe
C:\Documents and Settings\nolakt\Pulpit\HiJackThis_v2.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O2 - BHO: (no name) - {F339968E-935A-4218-9AA7-CB64FBC2703B} - C:\WINDOWS\system32\datim.dll (file missing)
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "D:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [BitComet] "D:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - D:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.topsoftwarefeed.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.topsoftwarefeed.com/redirect.php (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{AFDF6D88-DACE-4AF1-BBDF-786EE20BDEB2}: NameServer = 194.204.152.34,217.98.63.164
O17 - HKLM\System\CCS\Services\Tcpip\..\{E0094969-1C01-4B66-B19C-0CE599204CF4}: NameServer = 194.204.159.1 217.98.63.164
O22 - SharedTaskScheduler: Moduł wstępnego ładowania interfejsu Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Demon buforu kategorii składników - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 4832 bytes
masz loga zrobilem tak jak napisales ale dalej bez zmian
#20
Tequila
-
-
- 386 postów
Stały użytkownik
Napisano 02 12 2007 - 16:15
Zafixuj
I pokaż loga ComboFixa
O2 - BHO: (no name) - {F339968E-935A-4218-9AA7-CB64FBC2703B} - C:\WINDOWS\system32\datim.dll (file missing)
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.topsoftwarefeed.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.topsoftwarefeed.com/redirect.php (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683
I pokaż loga ComboFixa
Użytkownicy przeglądający ten temat: 0
0 użytkowników, 0 gości, 0 anonimowych
