Skok napięcia na porcie koncentratora

ComboFix 07-11-19.4C - nolakt 2007-12-02 18:17:32.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.292 [GMT 1:00]
Running from: C:\Documents and Settings\nolakt\Pulpit\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\nolakt\Dane aplikacji\winpcdoctor\Logs\update.log
C:\WINDOWS\nethop.exe
C:\WINDOWS\system32\datim.dll
C:\WINDOWS\system32\drivers\smjiswvz.dat
.
---- Previous Run -------
.
C:\Documents and Settings\nolakt\Dane aplikacji\winpcdoctor
C:\Documents and Settings\nolakt\Dane aplikacji\winpcdoctor\Logs\update.log
C:\WINDOWS\nethop.exe
C:\WINDOWS\system32\datim.dll

.
((((((((((((((((((((((((( Files Created from 2007-11-02 to 2007-12-02 )))))))))))))))))))))))))))))))
.

2007-12-02 14:29 <DIR> d-------- C:\Program Files\Common Files\NSV
2007-11-29 22:46 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-11-29 20:07 <DIR> d-------- C:\MyCaptures
2007-11-26 18:16 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-11-26 17:27 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll
2007-11-26 17:27 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll
2007-11-26 17:27 1,124,720 --a------ C:\WINDOWS\system32\D3DCompiler_34.dll
2007-11-26 17:27 1,123,696 --a------ C:\WINDOWS\system32\D3DCompiler_33.dll
2007-11-26 17:27 443,752 --a------ C:\WINDOWS\system32\d3dx10_34.dll
2007-11-26 17:27 443,752 --a------ C:\WINDOWS\system32\d3dx10_33.dll
2007-11-26 17:27 266,088 --a------ C:\WINDOWS\system32\xactengine2_8.dll
2007-11-26 17:27 261,480 --a------ C:\WINDOWS\system32\xactengine2_7.dll
2007-11-26 17:27 255,848 --a------ C:\WINDOWS\system32\xactengine2_6.dll
2007-11-26 17:27 81,768 --a------ C:\WINDOWS\system32\xinput1_3.dll
2007-11-26 17:27 18,280 --a------ C:\WINDOWS\system32\x3daudio1_2.dll
2007-11-26 17:27 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll
2007-11-24 18:58 <DIR> d-------- C:\Documents and Settings\nolakt\.jpi_cache
2007-11-24 18:58 <DIR> d-------- C:\Documents and Settings\nolakt\.java
2007-11-23 10:47 2,560 --a------ C:\WINDOWS\system32\bitcometres.dll
2007-11-19 13:22 89,088 --a------ C:\WINDOWS\system32\atl71.dll
2007-11-17 17:02 <DIR> d-------- C:\Documents and Settings\nolakt\Dane aplikacji\Ahead
2007-11-17 17:00 <DIR> d-------- C:\Program Files\Nero
2007-11-17 17:00 <DIR> d-------- C:\Program Files\Common Files\Ahead
2007-11-09 20:36 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\nView_Profiles
2007-11-08 23:12 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-11-02 23:13 221,184 --a------ C:\WINDOWS\system32\wmpns.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-26 17:36 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2007-11-20 09:03 --------- d-----w C:\Program Files\Google
2007-10-30 20:11 --------- d-----w C:\Documents and Settings\nolakt\Dane aplikacji\SopCast
2007-10-29 23:22 --------- d-----w C:\Documents and Settings\nolakt\Dane aplikacji\Joost
2007-10-26 18:59 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-26 18:56 --------- d-----w C:\Program Files\DaemonTools_WhenUSave_Installer
2007-10-25 18:07 --------- d-----w C:\Documents and Settings\nolakt\Dane aplikacji\DivX
2007-10-25 15:45 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-10-25 14:21 --------- d-----w C:\Documents and Settings\nolakt\Dane aplikacji\Gadu-Gadu
2007-10-25 14:00 33 ----a-w C:\WINDOWS\system32\drivers\adidsl.cfg
2007-10-25 14:00 --------- d-----w C:\Program Files\SAGEM
2007-10-25 13:58 --------- d-----w C:\Program Files\neostrada tp
2007-10-25 12:20 682,232 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-10-25 12:19 --------- d-----w C:\Program Files\Opera
2007-10-25 12:17 --------- d-----w C:\Program Files\Winamp
2007-10-25 12:05 --------- d-----w C:\Program Files\Java
2007-10-25 12:00 --------- d-----w C:\Program Files\AvRack
2007-10-25 12:00 --------- d-----w C:\Program Files\Avance Sound Manager
2007-10-25 11:55 --------- d-----w C:\Program Files\Alwil Software
2007-10-25 11:15 --------- d-----w C:\Program Files\microsoft frontpage
2007-10-25 11:12 --------- d-----w C:\Program Files\Usługi online
2007-10-20 00:56 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2007-10-20 00:56 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-10-20 00:56 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-10-20 00:56 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-10-20 00:54 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2007-10-20 00:54 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2007-10-20 00:54 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-10-20 00:54 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2007-10-20 00:54 739,840 ----a-w C:\WINDOWS\system32\DivX.dll
2007-10-20 00:54 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2007-10-18 09:06 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-10-18 09:03 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2007-10-18 09:03 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2007-10-18 09:03 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2007-10-18 09:03 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2007-10-18 09:03 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2007-10-18 09:03 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2007-10-18 09:02 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2007-09-05 22:22 289,144 ----a-w C:\WINDOWS\system32\VCCLSID.exe
.

((((((((((((((((((((((((((((( snapshot@2007-11-30_23.17.18,03 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-12-02 17:20:56 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_508.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:44]
"Gadu-Gadu"="D:\Program Files\Gadu-Gadu\gg.exe" [2007-07-09 08:39]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-10-28 16:25]
"BitComet"="D:\Program Files\BitComet\BitComet.exe" [2007-11-07 16:06]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 16:42]
"SoundMan"="SOUNDMAN.EXE" [2002-02-05 15:05 C:\WINDOWS\SOUNDMAN.EXE]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-04 01:44 C:\WINDOWS\system32\rundll32.exe]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-04 01:44 C:\WINDOWS\system32\rundll32.exe]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 01:44]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2007-10-25 15:00:50]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
d:\Program Files\DAEMON Tools\daemon.exe -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerStrip]
2007-07-14 10:35 730360 --a------ d:\program files\pstrip.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2007-05-14 23:22 35328 --a------ d:\Program Files\Winamp\winampa.exe

R1 ATITool;ATITool Overclocking Utility;C:\WINDOWS\system32\DRIVERS\ATITool.sys
R2 PStrip;PSTRIP;\??\C:\WINDOWS\system32\DRIVERS\PSTRIP.SYS
R3 e4usbaw;USB ADSL2 WAN Adapter;C:\WINDOWS\system32\DRIVERS\e4usbaw.sys
S0 tugoqgun;tugoqgun;C:\WINDOWS\system32\drivers\smjiswvz.dat
S2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);C:\WINDOWS\system32\Drivers\e4ldr.sys

.
**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-02 18:21:42
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-02 18:23:00 - machine was rebooted
C:\ComboFix2.txt ... 2007-12-01 13:33
C:\ComboFix3.txt ... 2007-11-30 23:18
.
--- E O F ---
oto on

Killboxem plik C:\WINDOWS\system32\drivers\smjiswvz.dat usuń - delete on reboot
Kurde wygląda jakby sie skądś odtwarzał ... Bo na początku ComboFix podał że go skasował już ...

Skasuj z dysku folder c:\Qoobox

ok zrobilem to co mowiles skasowalem ten folder ale killbox ni widzi tego drivera w windowsie tak jakby go nie bylo:/ nie czaje

Zobacz czy ComboFix będzie widział. Jak tak to wklej ścieżkę Killboxowi i kaz mu kasować.

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 20:26:30, on 2007-12-02
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
D:\Program Files\BitComet\tools\UPNP.exe
C:\Documents and Settings\nolakt\Pulpit\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "D:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [BitComet] "D:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - D:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{AFDF6D88-DACE-4AF1-BBDF-786EE20BDEB2}: NameServer = 194.204.152.34,217.98.63.164
O22 - SharedTaskScheduler: Moduł wstępnego ładowania interfejsu Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Demon buforu kategorii składników - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 3964 bytes
kolejny log skasowalem tamten plik :/

Hijack nic mądrego juz nie pokaże. Combofix mógłby - jego pokaż

Poprawiło sie po kasacji tamtego pliku czy nie ?

ComboFix 07-11-19.4C - nolakt 2007-12-02 21:27:04.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.281 [GMT 1:00]
Running from: C:\Documents and Settings\nolakt\Pulpit\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2007-11-02 to 2007-12-02 )))))))))))))))))))))))))))))))
.

2007-12-02 14:29 <DIR> d-------- C:\Program Files\Common Files\NSV
2007-11-29 22:46 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-11-29 20:07 <DIR> d-------- C:\MyCaptures
2007-11-26 18:16 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-11-26 17:27 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll
2007-11-26 17:27 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll
2007-11-26 17:27 1,124,720 --a------ C:\WINDOWS\system32\D3DCompiler_34.dll
2007-11-26 17:27 1,123,696 --a------ C:\WINDOWS\system32\D3DCompiler_33.dll
2007-11-26 17:27 443,752 --a------ C:\WINDOWS\system32\d3dx10_34.dll
2007-11-26 17:27 443,752 --a------ C:\WINDOWS\system32\d3dx10_33.dll
2007-11-26 17:27 266,088 --a------ C:\WINDOWS\system32\xactengine2_8.dll
2007-11-26 17:27 261,480 --a------ C:\WINDOWS\system32\xactengine2_7.dll
2007-11-26 17:27 255,848 --a------ C:\WINDOWS\system32\xactengine2_6.dll
2007-11-26 17:27 81,768 --a------ C:\WINDOWS\system32\xinput1_3.dll
2007-11-26 17:27 18,280 --a------ C:\WINDOWS\system32\x3daudio1_2.dll
2007-11-26 17:27 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll
2007-11-24 18:58 <DIR> d-------- C:\Documents and Settings\nolakt\.jpi_cache
2007-11-24 18:58 <DIR> d-------- C:\Documents and Settings\nolakt\.java
2007-11-23 10:47 2,560 --a------ C:\WINDOWS\system32\bitcometres.dll
2007-11-19 13:22 89,088 --a------ C:\WINDOWS\system32\atl71.dll
2007-11-17 17:02 <DIR> d-------- C:\Documents and Settings\nolakt\Dane aplikacji\Ahead
2007-11-17 17:00 <DIR> d-------- C:\Program Files\Nero
2007-11-17 17:00 <DIR> d-------- C:\Program Files\Common Files\Ahead
2007-11-09 20:36 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\nView_Profiles
2007-11-08 23:12 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-11-02 23:13 221,184 --a------ C:\WINDOWS\system32\wmpns.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-26 17:36 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2007-11-20 09:03 --------- d-----w C:\Program Files\Google
2007-10-30 20:11 --------- d-----w C:\Documents and Settings\nolakt\Dane aplikacji\SopCast
2007-10-29 23:22 --------- d-----w C:\Documents and Settings\nolakt\Dane aplikacji\Joost
2007-10-26 18:59 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-26 18:56 --------- d-----w C:\Program Files\DaemonTools_WhenUSave_Installer
2007-10-25 18:07 --------- d-----w C:\Documents and Settings\nolakt\Dane aplikacji\DivX
2007-10-25 15:45 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-10-25 14:21 --------- d-----w C:\Documents and Settings\nolakt\Dane aplikacji\Gadu-Gadu
2007-10-25 14:00 33 ----a-w C:\WINDOWS\system32\drivers\adidsl.cfg
2007-10-25 14:00 --------- d-----w C:\Program Files\SAGEM
2007-10-25 13:58 --------- d-----w C:\Program Files\neostrada tp
2007-10-25 12:20 682,232 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-10-25 12:19 --------- d-----w C:\Program Files\Opera
2007-10-25 12:17 --------- d-----w C:\Program Files\Winamp
2007-10-25 12:05 --------- d-----w C:\Program Files\Java
2007-10-25 12:00 --------- d-----w C:\Program Files\AvRack
2007-10-25 12:00 --------- d-----w C:\Program Files\Avance Sound Manager
2007-10-25 11:55 --------- d-----w C:\Program Files\Alwil Software
2007-10-25 11:15 --------- d-----w C:\Program Files\microsoft frontpage
2007-10-25 11:12 --------- d-----w C:\Program Files\Usługi online
2007-10-20 00:56 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2007-10-20 00:56 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-10-20 00:56 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-10-20 00:56 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-10-20 00:54 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2007-10-20 00:54 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2007-10-20 00:54 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-10-20 00:54 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2007-10-20 00:54 739,840 ----a-w C:\WINDOWS\system32\DivX.dll
2007-10-20 00:54 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2007-10-18 09:06 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-10-18 09:03 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2007-10-18 09:03 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2007-10-18 09:03 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2007-10-18 09:03 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2007-10-18 09:03 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2007-10-18 09:03 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2007-10-18 09:02 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2007-09-05 22:22 289,144 ----a-w C:\WINDOWS\system32\VCCLSID.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:44]
"Gadu-Gadu"="D:\Program Files\Gadu-Gadu\gg.exe" [2007-07-09 08:39]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-10-28 16:25]
"BitComet"="D:\Program Files\BitComet\BitComet.exe" [2007-11-07 16:06]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 16:42]
"SoundMan"="SOUNDMAN.EXE" [2002-02-05 15:05 C:\WINDOWS\SOUNDMAN.EXE]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-04 01:44 C:\WINDOWS\system32\rundll32.exe]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-04 01:44 C:\WINDOWS\system32\rundll32.exe]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 01:44]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2007-10-25 15:00:50]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
d:\Program Files\DAEMON Tools\daemon.exe -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerStrip]
2007-07-14 10:35 730360 --a------ d:\program files\pstrip.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2007-05-14 23:22 35328 --a------ d:\Program Files\Winamp\winampa.exe

R1 ATITool;ATITool Overclocking Utility;C:\WINDOWS\system32\DRIVERS\ATITool.sys
R2 PStrip;PSTRIP;\??\C:\WINDOWS\system32\DRIVERS\PSTRIP.SYS
R3 e4usbaw;USB ADSL2 WAN Adapter;C:\WINDOWS\system32\DRIVERS\e4usbaw.sys
S0 tugoqgun;tugoqgun;C:\WINDOWS\system32\drivers\smjiswvz.dat
S2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);C:\WINDOWS\system32\Drivers\e4ldr.sys

.
**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-02 21:28:33
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-02 21:29:36
C:\ComboFix2.txt ... 2007-12-02 18:23
C:\ComboFix3.txt ... 2007-12-01 13:33
.
--- E O F ---
prosze loga niestety nic sie nie zmienilo jak napisalem na poczatku nawet przy instalacji swiezego xp na sformatowanym dysku mam ten problem

Kurcze cały czas ComboFix widzi

S0 tugoqgun;tugoqgun;C:\WINDOWS\system32\drivers\smjiswvz.dat

Spróbujmy inaczej
Wklej do notatnika tekst

DISABLE tugoqgun
ATTRIB -R-S-H C:\WINDOWS\system32\drivers\smjiswvz.dat
DEL C:\WINDOWS\system32\drivers\smjiswvz.dat
EXIT

Zapisz to w katalogu Windowsa pod jakąś nazą np fix.txt
Uruchom konsole odzyskiwania (jak nie wiesz jak to tu -> http://support.microsoft.com/kb/314058 masz napisane) i tam wydaj polecenie

batch c:\windows\fix.txt

Powinno to wyłączyć gnoja i usunąć plik.

Potem wystartuj do trybu awaryjnego i wyeksportuj klucz HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tugoqgun

Wyeksportowany klucz pokaż na forum razem z nowym logiem ComboFixa.

ok dzieki za pomoc jutro wkleje bo nie moge xp znalezc teraz i musze do roboty wczesnie wstac jutro wkleje ten klucz na forum jeszcze raz dzieki za staranie