proszę o sprawdzenie loga

przez **nasty79** » 31 Lip 2008, 21:48

proszę o sprawdzenie loga

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:43:02, on 2008-07-31
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\OEM02Mon.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PcSync2.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Tlen.pl\tlen.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Mozilla Firefox 3 Beta 5\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://partnerpage.google.com/smallbiz. ... bd=1080130
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1177075266-1977644230-1520862680-1001\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'TheONE')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 7907 bytes
[quote][/quote]

przez **huber2t** » 31 Lip 2008, 22:12

fix w hijackhis

O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)

poza tym ok

przez **nasty79** » 31 Lip 2008, 22:13

O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe

a co to takiego??
na forum jak szukałem to pisali że to można usuwać??to prawda?

przez **huber2t** » 31 Lip 2008, 22:16

Tego właśnie niebyłem pewnien

Pobierz ComboFix, ale nie uruchamiaj
Wklej do notatnika:

Kod: Zaznacz wszystko: Driver:: AESTFilters

Plik

zapisz jako

CFScript.txt (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe)
Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe tak jak tu

Rozpocznie się usuwanie i powstanie log, daj ten log na forum.

Logi dajesz na http://www.wklej.eu/ a w poście dajesz tylko link

przez **nasty79** » 31 Lip 2008, 22:31

nie wiem czy to ważne ale podczas pracy combo pojawił mi się komunikat błędu krytycznego
http://www.wklejto.pl/7062

przez **huber2t** » 31 Lip 2008, 22:34

Pobierz ComboFix, ale nie uruchamiaj
Otwórz notatnik i wklej do niego:

Kod: Zaznacz wszystko: File:: C:\Windows\System32\tmp17BC.tmp Registry:: [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4adf4c34-eddc-11dc-9344-001d09b1fa88}]

Plik

zapisz jako

CFScript.txt.
Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe tak jak tu

Rozpocznie się usuwanie i powstanie log, który dasz na forum.

Logi dajesz na http://www.wklej.eu/ lub na http://wklej.org a w poście dajesz tylko link

przez **nasty79** » 01 Sie 2008, 11:07

coś już może wiadomo na temat combo??pomocy:)dzięki

przez **huber2t** » 01 Sie 2008, 11:26

Daj log z usuwania z combofix

przez **nasty79** » 01 Sie 2008, 11:29

ComboFix 08-07-31.01 - nasty79 2008-07-31 22:17:56.1 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1250.1.1033.18.1191 [GMT 2:00]
Running from: C:\\torent\\ComboFix.exe
Command switches used :: C:\\torent\\CFScript.txt.txt
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\\Recycled\\Recycled
C:\\Recycled\\Recycled\\ctfmon.exe
C:\\Windows\\system32\\drivers\\npf.sys
C:\\Windows\\system32\\ilyiitsr.ini
C:\\Windows\\system32\\packet.dll
C:\\Windows\\System32\\RXaaIRqr.ini
C:\\Windows\\System32\\RXaaIRqr.ini2
C:\\Windows\\system32\\wpcap.dll
C:\\Windows\\System32\\YHjPYHQr.ini
C:\\Windows\\System32\\YHjPYHQr.ini2

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\\Service_AESTFilters
-------\\Service_NPF

((((((((((((((((((((((((( Files Created from 2008-06-28 to 2008-07-31 )))))))))))))))))))))))))))))))
.

2008-07-31 12:46 . 2008-07-31 13:40 <DIR> d-------- C:\\Program Files\\Trojan Remover
2008-07-31 12:41 . 2008-07-31 13:41 <DIR> d-------- C:\\Program Files\\TrojanHunter 4.7
2008-07-29 00:25 . 2008-07-29 00:25 <DIR> d-------- C:\\Program Files\\PC Connectivity Solution
2008-07-29 00:25 . 2008-07-29 00:25 <DIR> d-------- C:\\Program Files\\Common Files\\PCSuite
2008-07-28 23:25 . 2008-07-28 23:25 0 --ah----- C:\\Windows\\System32\\drivers\\Msft_Kernel_ccdcmb_01005.Wdf
2008-07-09 10:54 . 2008-06-26 03:45 12,240,896 --a------ C:\\Windows\\System32\\NlsLexicons0007.dll
2008-07-09 10:54 . 2008-06-26 03:45 2,644,480 --a------ C:\\Windows\\System32\\NlsLexicons0009.dll
2008-07-09 10:54 . 2008-06-26 05:29 801,280 --a------ C:\\Windows\\System32\\NaturalLanguage6.dll
2008-07-06 22:36 . 2008-07-06 23:25 <DIR> d-------- C:\\Users\\nasty79\\AppData\\Roaming\\GanymedeNet
2008-07-06 22:35 . 2008-07-06 23:39 <DIR> d-------- C:\\Program Files\\Ganymede
2008-07-04 11:30 . 2008-07-31 22:21 293,913 --a------ C:\\Users\\All Users\\nvModes.dat
2008-07-04 11:30 . 2008-07-31 22:21 293,913 --a------ C:\\ProgramData\\nvModes.dat
2008-07-04 11:27 . 2008-06-09 07:23 13,543,968 --a------ C:\\Windows\\System32\\nvcpl.dll
2008-07-04 08:39 . 2008-07-31 13:40 <DIR> d-------- C:\\Program Files\\RivaTuner v2.09
2008-07-03 00:40 . 2008-07-03 00:40 <DIR> d-------- C:\\Windows\\System32\\Futuremark
2008-07-03 00:40 . 2004-10-25 20:02 21,664 --a------ C:\\Windows\\System32\\drivers\\Entech.sys
2008-07-03 00:40 . 1999-11-02 10:01 6,173 --a------ C:\\Windows\\System32\\drivers\\Entech.vxd
2008-07-03 00:40 . 2004-06-22 15:44 5,632 --a------ C:\\Windows\\System32\\drivers\\Entech64.sys
2008-07-03 00:40 . 2001-11-19 19:05 3,972 --a------ C:\\Windows\\System32\\drivers\\PciBus.sys
2008-07-03 00:39 . 2008-07-03 00:39 <DIR> d-------- C:\\Program Files\\Futuremark
2008-07-02 22:58 . 2007-02-07 06:20 356,352 --a------ C:\\Windows\\System32\\nvuxc2.exe
2008-07-02 14:38 . 2008-06-07 12:29 446,464 --a------ C:\\Windows\\System32\\nvuninst.exe
2008-07-02 08:32 . 2008-07-02 08:32 <DIR> d-------- C:\\Users\\TheONE\\AppData\\Roaming\\PC Suite
2008-07-01 21:54 . 2008-07-01 21:54 <DIR> d-------- C:\\Users\\All Users\\Codemasters
2008-07-01 21:54 . 2008-07-01 21:54 <DIR> d-------- C:\\ProgramData\\Codemasters
2008-07-01 21:53 . 2008-07-01 21:53 <DIR> d-------- C:\\Program Files\\OpenAL
2008-07-01 21:53 . 2008-04-28 16:53 805,400 -ra------ C:\\Windows\\System32\\tmp17BC.tmp
2008-07-01 21:53 . 2008-07-01 21:53 444,952 --a------ C:\\Windows\\System32\\wrap_oal.dll
2008-07-01 21:53 . 2008-07-03 00:40 86,016 --a------ C:\\Windows\\System32\\OpenAL32.dll
2008-07-01 21:52 . 2008-05-30 14:11 3,850,760 --a------ C:\\Windows\\System32\\D3DX9_38.dll
2008-07-01 21:52 . 2008-05-30 14:11 1,491,992 --a------ C:\\Windows\\System32\\D3DCompiler_38.dll
2008-07-01 21:52 . 2008-05-30 14:19 507,400 --a------ C:\\Windows\\System32\\XAudio2_1.dll
2008-07-01 21:52 . 2008-05-30 14:11 467,984 --a------ C:\\Windows\\System32\\d3dx10_38.dll
2008-07-01 21:52 . 2008-05-30 14:18 238,088 --a------ C:\\Windows\\System32\\xactengine3_1.dll
2008-07-01 21:52 . 2008-05-30 14:17 65,032 --a------ C:\\Windows\\System32\\XAPOFX1_0.dll
2008-07-01 21:52 . 2008-05-30 14:17 25,608 --a------ C:\\Windows\\System32\\X3DAudio1_4.dll
2008-07-01 21:28 . 2008-04-28 16:53 805,400 -ra------ C:\\Windows\\System32\\tmp17BB.tmp
2008-07-01 16:19 . 2007-11-12 23:37 795,104 --a------ C:\\Windows\\System32\\dpinst.exe
2008-06-27 21:55 . 2007-09-13 14:45 4,947,968 --a------ C:\\Windows\\System32\\stacgui.cpl
2008-06-27 21:55 . 2007-04-10 17:02 1,601,536 --a------ C:\\Windows\\System32\\stlang.dll
2008-06-27 21:55 . 2007-09-20 14:31 647,168 --a------ C:\\Windows\\System32\\aestecap.dll
2008-06-27 21:55 . 2007-09-20 14:31 131,072 --a------ C:\\Windows\\System32\\aestacap.dll
2008-06-27 21:55 . 2007-09-13 14:45 102,400 --a------ C:\\Windows\\System32\\stacsv.exe
2008-06-27 21:55 . 2007-09-20 14:31 73,728 --a------ C:\\Windows\\System32\\AEstSrv.exe
2008-06-27 21:55 . 2007-09-20 14:31 53,248 --a------ C:\\Windows\\System32\\aestaren.dll
2008-06-27 21:54 . 2007-09-13 14:45 595,456 --a------ C:\\Windows\\System32\\stapo.dll
2008-06-27 21:54 . 2007-09-13 14:46 330,240 --a------ C:\\Windows\\System32\\drivers\\stwrt.sys
2008-06-27 21:54 . 2007-09-13 14:45 328,704 --a------ C:\\Windows\\System32\\stcplx.dll
2008-06-27 21:54 . 2007-09-13 14:44 299,520 --a------ C:\\Windows\\System32\\stapi32.dll
2008-06-27 21:54 . 2007-09-13 14:45 146,944 --a------ C:\\Windows\\System32\\st325614.dll
2008-06-15 17:17 . 2008-06-15 17:17 8,464 --a------ C:\\Windows\\System32\\sporder.dll
2008-06-06 09:24 . 2008-06-06 09:24 8,064 --a------ C:\\Windows\\System32\\drivers\\usbser_lowerflt.sys
2008-06-05 19:25 . 2008-06-10 20:31 <DIR> d-------- C:\\Program Files\\RivChat2

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-31 19:30 --------- d-----w C:\\Program Files\\Mozilla Firefox 3 Beta 5
2008-07-31 11:40 --------- d-----w C:\\Program Files\\SpeedFan
2008-07-31 10:57 --------- d---a-w C:\\ProgramData\\TEMP
2008-07-31 09:07 --------- d-----w C:\\Users\\nasty79\\AppData\\Roaming\\Tlen.pl
2008-07-30 21:12 --------- d-----w C:\\Users\\nasty79\\AppData\\Roaming\\Skype
2008-07-30 20:43 --------- d-----w C:\\Users\\nasty79\\AppData\\Roaming\\skypePM
2008-07-28 22:53 --------- d-----w C:\\Users\\nasty79\\AppData\\Roaming\\Nokia
2008-07-28 22:25 --------- d-----w C:\\ProgramData\\Installations
2008-07-28 22:25 --------- d-----w C:\\Program Files\\Nokia
2008-07-28 22:25 --------- d-----w C:\\Program Files\\Common Files\\Nokia
2008-07-09 08:56 --------- d-----w C:\\Program Files\\Windows Mail
2008-07-04 09:30 --------- d-----w C:\\ProgramData\\NVIDIA
2008-07-03 07:14 279,641 ----a-w C:\\Users\\nasty79\\AppData\\Roaming\\nvModes.dat
2008-07-02 22:39 --------- d--h--w C:\\Program Files\\InstallShield Installation Information
2008-06-17 14:25 --------- d-----w C:\\Program Files\\NAPI-PROJEKT
2008-06-07 06:28 --------- d-----w C:\\Program Files\\Tlen.pl
2008-06-02 20:30 22,328 ----a-w C:\\Windows\\system32\\drivers\\PnkBstrK.sys
2008-06-02 20:30 107,832 ----a-w C:\\Windows\\System32\\PnkBstrB.exe
2008-05-27 05:21 1,582,592 ----a-w C:\\Windows\\System32\\tquery.dll
2008-05-27 05:21 1,418,240 ----a-w C:\\Windows\\System32\\mssrch.dll
2008-05-27 05:17 87,552 ----a-w C:\\Windows\\System32\\SearchFilterHost.exe
2008-05-27 05:17 87,552 ----a-w C:\\Windows\\System32\\mssitlb.dll
2008-05-27 05:17 754,176 ----a-w C:\\Windows\\System32\\propsys.dll
2008-05-27 05:17 60,416 ----a-w C:\\Windows\\System32\\msscntrs.dll
2008-05-27 05:17 6,103,040 ----a-w C:\\Windows\\System32\\chtbrkr.dll
2008-05-27 05:17 34,816 ----a-w C:\\Windows\\System32\\msscb.dll
2008-05-27 05:17 32,768 ----a-w C:\\Windows\\System32\\mssprxy.dll
2008-05-27 05:17 313,344 ----a-w C:\\Windows\\System32\\thawbrkr.dll
2008-05-27 05:17 301,568 ----a-w C:\\Windows\\System32\\srchadmin.dll
2008-05-27 05:17 194,560 ----a-w C:\\Windows\\System32\\offfilt.dll
2008-05-27 05:17 143,872 ----a-w C:\\Windows\\System32\\korwbrkr.dll
2008-05-27 05:17 11,776 ----a-w C:\\Windows\\System32\\msshooks.dll
2008-05-27 05:17 1,671,680 ----a-w C:\\Windows\\System32\\chsbrkr.dll
2008-05-27 04:59 18,904 ----a-w C:\\Windows\\System32\\StructuredQuerySchemaTrivial.bin
2008-05-27 04:59 106,605 ----a-w C:\\Windows\\System32\\StructuredQuerySchema.bin
2008-05-20 08:32 831,048 ----a-w C:\\Windows\\System32\\WudfUpdate_01005.dll
2008-05-10 03:35 885,248 ----a-w C:\\Windows\\System32\\RacEngn.dll
2008-05-10 03:35 564,736 ----a-w C:\\Windows\\System32\\emdmgmt.dll
2008-05-08 21:59 90,112 ----a-w C:\\Windows\\System32\\wshext.dll
2008-05-08 21:59 430,080 ----a-w C:\\Windows\\System32\\vbscript.dll
2008-05-08 21:59 180,224 ----a-w C:\\Windows\\System32\\scrobj.dll
2008-05-08 21:59 172,032 ----a-w C:\\Windows\\System32\\scrrun.dll
2008-05-08 21:59 155,648 ----a-w C:\\Windows\\System32\\wscript.exe
2008-05-08 21:58 135,168 ----a-w C:\\Windows\\System32\\cscript.exe
2008-05-07 05:39 1,419,232 ----a-w C:\\Windows\\System32\\wdfcoinstaller01005.dll
2008-05-07 05:38 90,624 ----a-w C:\\Windows\\System32\\nmwcdcls.dll
2008-05-07 05:38 659,968 ----a-w C:\\Windows\\System32\\nmwcdcocls.dll
2008-05-01 16:33 737,280 ----a-w C:\\Windows\\iun6002.exe
2008-04-29 03:54 181,760 ----a-w C:\\Windows\\System32\\fsquirt.exe
2008-04-28 11:38 53,352 ----a-w C:\\Users\\nasty79\\AppData\\Roaming\\GDIPFONTCACHEV1.DAT
2008-04-26 08:25 3,600,952 ----a-w C:\\Windows\\System32\\ntkrnlpa.exe
2008-04-26 08:25 3,549,240 ----a-w C:\\Windows\\System32\\ntoskrnl.exe
2008-04-26 08:08 1,314,816 ----a-w C:\\Windows\\System32\\quartz.dll
2008-04-25 04:35 826,880 ----a-w C:\\Windows\\System32\\wininet.dll
2008-04-19 08:40 66,872 ----a-w C:\\Windows\\System32\\PnkBstrA.exe
2008-04-12 03:32 784,896 ----a-w C:\\Windows\\System32\\rpcrt4.dll
2008-04-11 19:54 77,824 ----atw C:\\Windows\\System32\\DRWEBSP.DLL
2008-04-09 08:39 2,560 ----a-w C:\\Windows\\System32\\bitcometres.dll
2008-04-05 03:34 15,360 ----a-w C:\\Windows\\System32\\pacerprf.dll
2008-03-01 18:17 174 --sha-w C:\\Program Files\\desktop.ini
2008-02-25 18:35 32 ----a-w C:\\Users\\All Users\\ezsid.dat
2008-02-25 18:35 32 ----a-w C:\\ProgramData\\ezsid.dat
2008-01-29 20:46 76 --sh--r C:\\Windows\\CT4CET.bin
2008-03-19 07:56 16,384 --sha-w C:\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\index.dat
2008-03-19 07:56 32,768 --sha-w C:\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\index.dat
2008-03-19 07:56 16,384 --sha-w C:\\Windows\\ServiceProfiles\\LocalService\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\index.dat
.

Kod: Zaznacz wszystko: <pre> ----a-w 33,923,072 2007-10-15 08:30:44 C:\\Program Files\\Ubisoft\\Tom Clancy\'s Rainbow Six Vegas\\Binaries\\R6Vegas_Game .exe </pre>

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run]
\"AlcoholAutomount\"=\"C:\\Program Files\\Alcohol Soft\\Alcohol 120\\axcmd.exe\" [2008-03-10 11:19 4608]
\"SpybotSD TeaTimer\"=\"C:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe\" [2008-01-28 12:43 2097488]
\"PC Suite Tray\"=\"C:\\Program Files\\Nokia\\Nokia PC Suite 7\\PCSuite.exe\" [2008-06-18 14:31 1122816]
\"Nokia.PCSync\"=\"C:\\Program Files\\Nokia\\Nokia PC Suite 7\\PCSync2.exe\" [2008-06-17 16:00 1249280]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run]
\"SynTPEnh\"=\"C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe\" [2007-06-04 07:21 857648]
\"OEM02Mon.exe\"=\"C:\\Windows\\OEM02Mon.exe\" [2007-12-03 07:58 36864]
\"DELL Webcam Manager\"=\"C:\\Program Files\\Dell\\Dell Webcam Manager\\DellWMgr.exe\" [2007-07-28 00:43 118784]
\"Broadcom Wireless Manager UI\"=\"C:\\Windows\\system32\\WLTRAY.exe\" [2007-03-21 21:33 1548288]
\"DellSupportCenter\"=\"C:\\Program Files\\Dell Support Center\\bin\\sprtcmd.exe\" [2007-10-10 02:56 202544]
\"NvCplDaemon\"=\"C:\\Windows\\system32\\NvCpl.dll\" [2008-06-09 07:23 13543968]
\"NvMediaCenter\"=\"C:\\Windows\\system32\\NvMcTray.dll\" [2008-06-09 07:23 92704]
\"NVHotkey\"=\"C:\\Windows\\system32\\nvHotkey.dll\" [2008-06-09 07:23 96800]

[HKEY_USERS\\.DEFAULT\\Software\\Microsoft\\Windows\\CurrentVersion\\Run]
\"Nokia.PCSync\"=\"C:\\Program Files\\Nokia\\Nokia PC Suite 6\\PcSync2.exe\" [N/A]

C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\
Bluetooth.lnk - C:\\Program Files\\WIDCOMM\\Bluetooth Software\\BTTray.exe [2006-11-04 01:55:50 703280]
Digital Line Detect.lnk - C:\\Program Files\\Digital Line Detect\\DLG.exe [2008-01-29 22:48:36 50688]
QuickSet.lnk - C:\\Program Files\\Dell\\QuickSet\\quickset.exe [2008-02-22 17:01:38 1193240]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\windows\\currentversion\\policies\\system]
\"EnableLUA\"= 0 (0x0)
\"EnableUIADesktopToggle\"= 0 (0x0)

[HKEY_CURRENT_USER\\software\\microsoft\\windows\\currentversion\\policies\\system]
\"LogonHoursAction\"= 2 (0x2)
\"DontDisplayLogonHoursWarnings\"= 1 (0x1)

[HKEY_LOCAL_MACHINE\\software\\microsoft\\windows nt\\currentversion\\drivers32]
\"msacm.divxa32\"= divxa32.acm
\"VIDC.YV12\"= yv12vfw.dll

[HKLM\\~\\startupfolder\\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Microsoft Office.lnk
backup=C:\\Windows\\pss\\Microsoft Office.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\\~\\startupfolder\\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
backup=C:\\Windows\\pss\\WinZip Quick Pick.lnk.CommonStartup
backupExtension=.CommonStartup
path=C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\WinZip Quick Pick.lnk

[HKLM\\~\\startupfolder\\C:^Users^nasty79^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Last.fm Helper.lnk]
backup=C:\\Windows\\pss\\Last.fm Helper.lnk.Startup
backupExtension=.Startup
path=C:\\Users\\nasty79\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Last.fm Helper.lnk

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\Adobe Reader Speed Launcher]
--a------ 2008-01-11 23:16 39792 C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\reader_sl.exe

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\avast!]
C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe [N/A]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2007-06-01 11:21 153136 C:\\Program Files\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\DAEMON Tools Lite]
C:\\Program Files\\DAEMON Tools Lite\\daemon.exe [N/A]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\dscactivate]
--a------ 2007-10-10 02:57 16384 C:\\Program Files\\Dell Support Center\\gs_agent\\custom\\dsca.exe

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\Komunikator]
--a------ 2008-01-15 17:09 6290944 C:\\Program Files\\Tlen.pl\\tlen.exe

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\NeroFilterCheck]
--a------ 2007-03-01 16:57 153136 C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\PC Suite Tray]
C:\\Program Files\\Nokia\\Nokia PC Suite 6\\PCSuite.exe [N/A]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\PCMService]
C:\\Program Files\\Dell\\MediaDirect\\PCMService.exe [N/A]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\shared tools\\msconfig\\startupreg\\WinampAgent]
C:\\Program Files\\Winamp\\winampa.exe [N/A]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\security center\\Svc\\S-1-5-21-1177075266-1977644230-1520862680-1000]
\"EnableNotificationsRef\"=dword:00000003

[HKLM\\~\\services\\sharedaccess\\parameters\\firewallpolicy\\FirewallRules]
\"TCP Query User{4B4373AB-E833-4443-A98C-1B34BF2881A1}C:\\\\program files\\\\tlen.pl\\\\tlen.exe\"= UDP:C:\\program files\\tlen.pl\\tlen.exe:Komunikator Tlen.pl
\"UDP Query User{3C480EEB-70D1-442E-A6C2-1C7EF75ED889}C:\\\\program files\\\\tlen.pl\\\\tlen.exe\"= TCP:C:\\program files\\tlen.pl\\tlen.exe:Komunikator Tlen.pl
\"TCP Query User{36D0D566-ECA4-403D-A944-9FBCA3943B14}C:\\\\program files\\\\bitcomet\\\\bitcomet.exe\"= UDP:C:\\program files\\bitcomet\\bitcomet.exe:BitComet - a BitTorrent Client
\"UDP Query User{CF81B314-3335-4481-8F41-A43301B28642}C:\\\\program files\\\\bitcomet\\\\bitcomet.exe\"= TCP:C:\\program files\\bitcomet\\bitcomet.exe:BitComet - a BitTorrent Client
\"{03E13A0B-60C5-48DA-B731-AA84164B3312}\"= UDP:14764:BitComet 14764 TCP
\"{EEAE414E-7613-4926-ACF8-11797427552B}\"= TCP:14764:BitComet 14764 UDP
\"TCP Query User{8FD452C8-792A-4933-8D29-0F8B99FDED8F}C:\\\\program files\\\\emule\\\\emule.exe\"= UDP:C:\\program files\\emule\\emule.exe:eMule
\"UDP Query User{C5CD721C-C8BB-46D1-93B1-A5BAE2619452}C:\\\\program files\\\\emule\\\\emule.exe\"= TCP:C:\\program files\\emule\\emule.exe:eMule
\"{CAEAF1D1-ADD1-4286-B895-E70D88E168D9}\"= UDP:C:\\Program Files\\Ubisoft\\Tom Clancy\'s Rainbow Six Vegas\\Binaries\\R6Vegas_Game.exe:Rainbow Six Vegas
\"{97A32938-ACE9-4F34-9280-561B439137DF}\"= TCP:C:\\Program Files\\Ubisoft\\Tom Clancy\'s Rainbow Six Vegas\\Binaries\\R6Vegas_Game.exe:Rainbow Six Vegas
\"{4441C8D9-4FF3-43D9-8A0B-5DB2AF883CD1}\"= UDP:C:\\Program Files\\Ubisoft\\Tom Clancy\'s Rainbow Six Vegas\\Binaries\\R6Vegas_Launcher.exe:Rainbow Six Vegas Updater
\"{5784805E-6854-448F-AA53-41CA3C4AEBD4}\"= TCP:C:\\Program Files\\Ubisoft\\Tom Clancy\'s Rainbow Six Vegas\\Binaries\\R6Vegas_Launcher.exe:Rainbow Six Vegas Updater
\"TCP Query User{D0300E81-8EF6-4C5B-BA04-A85FB8F2CFE0}C:\\\\program files\\\\real\\\\realplayer\\\\recordingmanager.exe\"= UDP:C:\\program files\\real\\realplayer\\recordingmanager.exe:RealNetworks Download and Record Manager
\"UDP Query User{3761B5AB-DAF8-426F-9EC3-9601A10D4580}C:\\\\program files\\\\real\\\\realplayer\\\\recordingmanager.exe\"= TCP:C:\\program files\\real\\realplayer\\recordingmanager.exe:RealNetworks Download and Record Manager
\"TCP Query User{EC7AC90F-8524-4AF6-8F40-CAA193300920}C:\\\\program files\\\\nokia\\\\nokia software updater\\\\nsu_ui_client.exe\"= UDP:C:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe:Nokia Software Updater
\"UDP Query User{7C8D127C-CA71-441D-8DD2-3575A2378E7B}C:\\\\program files\\\\nokia\\\\nokia software updater\\\\nsu_ui_client.exe\"= TCP:C:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe:Nokia Software Updater
\"TCP Query User{8D119122-EBD1-428F-B0E1-23122287A454}C:\\\\program files\\\\common files\\\\nokia\\\\service layer\\\\a\\\\nsl_host_process.exe\"= UDP:C:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe:Nokia Service Layer Host Process
\"UDP Query User{59272F46-8656-44A4-81B9-36E2CA06292D}C:\\\\program files\\\\common files\\\\nokia\\\\service layer\\\\a\\\\nsl_host_process.exe\"= TCP:C:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe:Nokia Service Layer Host Process
\"{E0C505FB-0D16-4E03-9890-6B05831456CD}\"= UDP:C:\\Program Files\\Winamp Remote\\bin\\Orb.exe:Orb
\"{BFCE071C-933F-47FE-9081-724A23A0977B}\"= TCP:C:\\Program Files\\Winamp Remote\\bin\\Orb.exe:Orb
\"{EAEC7D6E-EDEC-47C9-9C21-4F9E3BDE057A}\"= UDP:C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe:OrbTray
\"{65C1DCCC-9119-49B4-A52C-6626E2970D2E}\"= TCP:C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe:OrbTray
\"{913DFB65-1BEA-4C49-832E-A4EC37C22F65}\"= UDP:C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe:Orb Stream Client
\"{CEB5AB83-BD2C-414D-8E9F-18DD3D2C209D}\"= TCP:C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe:Orb Stream Client
\"TCP Query User{B952DC5A-878C-4B82-AE1C-9A3B98CED488}C:\\\\program files\\\\mozilla firefox 3 beta 5\\\\firefox.exe\"= UDP:C:\\program files\\mozilla firefox 3 beta 5\\firefox.exe:Firefox
\"UDP Query User{2CEBAD40-2996-4DD6-A37E-8E9964098A57}C:\\\\program files\\\\mozilla firefox 3 beta 5\\\\firefox.exe\"= TCP:C:\\program files\\mozilla firefox 3 beta 5\\firefox.exe:Firefox
\"TCP Query User{65429315-3EC5-4CE4-8304-93484E2B6A65}C:\\\\program files\\\\sierra\\\\fear\\\\fpupdate.exe\"= UDP:C:\\program files\\sierra\\fear\\fpupdate.exe:fpupdate
\"UDP Query User{26CFA5D0-5038-4178-A453-4C30DF9DC5AE}C:\\\\program files\\\\sierra\\\\fear\\\\fpupdate.exe\"= TCP:C:\\program files\\sierra\\fear\\fpupdate.exe:fpupdate
\"{0DEB258A-348D-4749-9263-0DCAA564378E}\"= UDP:C:\\Program Files\\Sierra\\FEAR\\FEAR.exe:FEAR
\"{ACB1159E-900E-4835-B0C1-8BCBA67733F1}\"= TCP:C:\\Program Files\\Sierra\\FEAR\\FEAR.exe:FEAR
\"TCP Query User{9C16B615-E3D0-43A2-85E7-CB54F0E37FCA}C:\\\\torent\\\\rainbow six vegas 2\\\\binaries\\\\r6vegas2_game.exe\"= UDP:C:\\torent\\rainbow six vegas 2\\binaries\\r6vegas2_game.exe:R6Vegas2_Game
\"UDP Query User{222851E7-74D4-4C8D-85D4-B7807EF5735D}C:\\\\torent\\\\rainbow six vegas 2\\\\binaries\\\\r6vegas2_game.exe\"= TCP:C:\\torent\\rainbow six vegas 2\\binaries\\r6vegas2_game.exe:R6Vegas2_Game
\"{B0AE81BC-22B7-4058-8A0D-6DE477F781F5}\"= TCP:12350:BitCometBeta 12350 UDP
\"{9DD5DAB2-10C7-45C3-B1E7-FFFDDFEA431B}\"= UDP:12355:bitcomet
\"{61CCD770-8426-4738-A73F-7C4B0C29EC91}\"= UDP:15001:BitCometBeta 15001 TCP
\"{0D9BDADE-DA50-47FE-8CAC-E148862023E1}\"= TCP:15001:BitCometBeta 15001 UDP
\"{DACFEC12-68B3-494E-9D80-856DBA2935EF}\"= UDP:33301:192.168.1.2:Wojtek
\"TCP Query User{181A7EF0-67F9-4A89-843E-4CDA446F4C29}C:\\\\program files\\\\rivchat2\\\\rivchat.exe\"= UDP:C:\\program files\\rivchat2\\rivchat.exe:RivChat
\"UDP Query User{DAB52F7F-4E8B-4026-ACD0-5ADA9B81FABF}C:\\\\program files\\\\rivchat2\\\\rivchat.exe\"= TCP:C:\\program files\\rivchat2\\rivchat.exe:RivChat
\"TCP Query User{B31BC403-73DE-49F6-A80B-08A43A46D60F}C:\\\\program files\\\\tlen.pl\\\\tlen.exe\"= UDP:C:\\program files\\tlen.pl\\tlen.exe:Komunikator Tlen.pl
\"UDP Query User{3E675D4B-9645-4459-99F2-840ADFB21BFA}C:\\\\program files\\\\tlen.pl\\\\tlen.exe\"= TCP:C:\\program files\\tlen.pl\\tlen.exe:Komunikator Tlen.pl
\"TCP Query User{2E98757B-EC87-4638-B041-BAEC6435AE04}C:\\\\program files\\\\skype\\\\phone\\\\skype.exe\"= Disabled:UDP:C:\\program files\\skype\\phone\\skype.exe:Skype. Take a deep breath
\"UDP Query User{AEE9DB90-ECFF-4398-864B-7C8475EFFB44}C:\\\\program files\\\\skype\\\\phone\\\\skype.exe\"= Disabled:TCP:C:\\program files\\skype\\phone\\skype.exe:Skype. Take a deep breath

R2 SBSDWSCService;SBSD Security Center Service;C:\\Program Files\\Spybot - Search & Destroy\\SDWinSec.exe [2008-01-28 12:43]
R3 btwaudio;Bluetooth Audio Device Service;C:\\Windows\\system32\\drivers\\btwaudio.sys [2006-11-07 03:37]
R3 btwavdt;Bluetooth AVDT;C:\\Windows\\system32\\drivers\\btwavdt.sys [2006-11-07 01:13]
R3 btwrchid;btwrchid;C:\\Windows\\system32\\DRIVERS\\btwrchid.sys [2006-11-07 01:13]
R3 OEM02Dev;Creative Camera OEM002 Driver;C:\\Windows\\system32\\DRIVERS\\OEM02Dev.sys [2007-12-03 07:58]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;C:\\Windows\\system32\\DRIVERS\\OEM02Vfx.sys [2007-12-03 07:59]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;C:\\Windows\\system32\\drivers\\nmwcdnsu.sys [2008-02-01 16:17]
S3 nmwcdnsuc;Nokia USB Flashing Generic;C:\\Windows\\system32\\drivers\\nmwcdnsuc.sys [2008-02-01 16:17]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\windows nt\\currentversion\\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ

[HKEY_CURRENT_USER\\software\\microsoft\\windows\\currentversion\\explorer\\mountpoints2\\{4adf4c34-eddc-11dc-9344-001d09b1fa88}]
\\shell\\AutoRun\\command - F:\\launcher.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-31 22:22:01
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\\Users\\nasty79\\AppData\\Local\\SupportSoft\\DellSupportCenter\\nasty79\\state\\databags\\gs_agent.minibcont.History.xml 92 bytes

scan completed successfully
hidden files: 1

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\\Windows\\System32\\nvvsvc.exe
C:\\Windows\\System32\\audiodg.exe
C:\\Windows\\System32\\WLTRYSVC.EXE
C:\\Windows\\System32\\BCMWLTRY.EXE
C:\\Windows\\System32\\PnkBstrA.exe
C:\\Program Files\\Dell Support Center\\bin\\sprtsvc.exe
C:\\Windows\\System32\\stacsv.exe
C:\\Program Files\\Alcohol Soft\\Alcohol 120\\StarWind\\StarWindServiceAE.exe
C:\\Windows\\System32\\rundll32.exe
C:\\Windows\\System32\\drivers\\XAudio.exe
C:\\Windows\\System32\\iashost.exe
C:\\Program Files\\Sigmatel\\C-Major Audio\\WDM\\sttray.exe
C:\\Windows\\System32\\rundll32.exe
C:\\Windows\\System32\\rundll32.exe
C:\\Windows\\System32\\wbem\\unsecapp.exe
C:\\Program Files\\WIDCOMM\\Bluetooth Software\\BTStackServer.exe
C:\\Program Files\\PC Connectivity Solution\\ServiceLayer.exe
C:\\Program Files\\PC Connectivity Solution\\Transports\\NclUSBSrv.exe
C:\\Program Files\\PC Connectivity Solution\\Transports\\NclRSSrv.exe
C:\\Program Files\\PC Connectivity Solution\\Transports\\NclMSBTSrv.exe
C:\\Program Files\\Common Files\\Nokia\\MPAPI\\MPAPI3s.exe
.
**************************************************************************
.
Completion time: 2008-07-31 22:26:00 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-31 20:25:41

Pre-Run: 36,626,456,576 bytes free
Post-Run: 36,415,336,448 bytes free

318 --- E O F --- 2008-07-29 20:12:19

przez **huber2t** » 01 Sie 2008, 11:33

Log wyglada na czysty

usuń ręcznie folder C: \Qoobox , usuń instalkę Combofix z dysku.

Przeczyść komputer Ccleanerem

Wykonaj optymalizację autostartu

Wyłącz i włącz przywracanie systemu na wszystkich dyskach. Instrukcja

Przeskanuj obszar mojego komputera http://www.kaspersky.pl/virusscanner.html (uruchom przez IE) Daj raport z niego na forum

lub

Dr.WEB CureIt!

przez **nasty79** » 01 Sie 2008, 12:03

właśnie skanuje Kasperskim ale wcześniejsze czyszczenia i sprawdzenia nie przyniosły skutku ponieważ nadal przy np.defragmentacji wywala mi się komp:(
dziękuje za chęci i za pomoc

przez **nasty79** » 05 Sie 2008, 15:09

i tu również program się zawiesił:(

przez **huber2t** » 05 Sie 2008, 15:29

To juz niejest wina syfu, a wirków raczej nie ma ale spróbuj przeskanowąć dr webem

proszę o sprawdzenie loga

proszę o sprawdzenie loga

log

Kto jest na forum