Wyskakujące okienka z błędami - jaka jest przyczyna?
Witam.
Od niedawna w Windowsie pojawia mi się kilka błędów. Gdy zamykam te błedy to Windows tak jakby mi się zacinał Pomóżcie.... już myślałem nad formatowaniem.y Szukałem już na forach, lecz nie znalazłem żadnych odpowiedzi na ten temat.
pozdrawiam
Łukasz
[quote]Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:02:48, on 2007-12-21
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe
D:\ArcaBit 2007\ArcaVir\AVMenu.exe
D:\ArcaBit 2007\ArcaVir\ABregmon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
D:\AutoConnect\AutoConnect.exe
D:\BLUETOOTH PC\BTTray.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
D:\ArcaBit 2007\Common\ArcaBit.Core.Configurator2.exe
D:\ArcaBit 2007\ArcaUpdate\update.exe
D:\BLUETOOTH PC\bin\btwdins.exe
D:\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
D:\Alcohol 120%\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
D:\ArcaBit 2007\ArcaVir\FileMonSV.exe
D:\ArcaBit 2007\ArcaVir\NetMonSV.exe
D:\ArcaBit 2007\Common\TaskScheduler.exe
D:\Gadu-Gadu\gg.exe
C:\WINDOWS\system32\wuauclt.exe
D:\ArcaBit 2007\Common\ArcaBit.Core.LoggingService.exe
D:\Firefox 2.0\firefox.exe
D:\hittisk\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\FlashGet\jccatch.dll
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\yqrviazq.dll
O2 - BHO: {c3b2d10a-3b33-d01a-2ab4-001387e02c7c} - {c7c20e78-3100-4ba2-a10d-33b3a01d2b3c} - C:\WINDOWS\system32\pssyvopo.dll (file missing)
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - D:\FlashGet\getflash.dll
O4 - HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe
O4 - HKLM\..\Run: [AvMenu] D:\ArcaBit 2007\ArcaVir\AVMenu.exe
O4 - HKLM\..\Run: [ABREGMON] D:\ArcaBit 2007\ArcaVir\ABregmon.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Gadwin PrintScreen] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
O4 - HKCU\..\Run: [AutoConnect] D:\AutoConnect\AutoConnect.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: &Ściągnij przy pomocy FlashGet'a - D:\FlashGet\jc_link.htm
O8 - Extra context menu item: &Ściągnij wszystko przy pomocy FlashGet'a - D:\FlashGet\jc_all.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://D:\MSOFFI~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Pobierz z &BitSpirit - D:\BitSpirit\bsurl.htm
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\BLUETOOTH PC\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\BLUETOOTH PC\btsendto_ie.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\FlashGet\FlashGet.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{BF79B6FD-25BB-4A46-833D-CF804CBFF829}: NameServer = 194.204.159.1 217.98.63.164
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: TS_LogonListener - C:\WINDOWS\SYSTEM32\TS_LogonListener.dll
O20 - Winlogon Notify: yqrviazq - C:\WINDOWS\SYSTEM32\yqrviazq.dll
O23 - Service: ArcaBit FileMonitor (ABFileMon) - ArcaBit - D:\ArcaBit 2007\ArcaVir\FileMonSV.exe
O23 - Service: ArcaBit NetMonitor (ABNetMon) - ArcaBit - D:\ArcaBit 2007\ArcaVir\NetMonSV.exe
O23 - Service: ArcaBit.Core.Configurator - ArcaBit - D:\ArcaBit 2007\Common\ArcaBit.Core.Configurator2.exe
O23 - Service: ArcaBit.Core.LoggingService - ArcaBit - D:\ArcaBit 2007\Common\ArcaBit.Core.LoggingService.exe
O23 - Service: ArcaBit.TaskScheduler - ArcaBit sp. z o.o. - D:\ArcaBit 2007\Common\TaskScheduler.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - D:\Ares\chatServer.exe
O23 - Service: ArcaBit Update Service (AVUpdate) - ArcaBit - D:\ArcaBit 2007\ArcaUpdate\update.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - D:\BLUETOOTH PC\bin\btwdins.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Microsoft cache control (MSControlService) - Unknown owner - C:\WINDOWS\system32\windows
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Unknown owner - C:\WINDOWS
--
End of file - 6340 bytes[/quote]
[quote]ComboFix 07-12-21.4 - Lukasz 2007-12-21 15:53:52.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.536 [GMT 1:00]
Running from: F:\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\mljgdbc.dll
C:\WINDOWS\system32\nqstv.bak1
C:\WINDOWS\system32\nqstv.bak2
C:\WINDOWS\system32\nqstv.ini
C:\WINDOWS\system32\vtsqn.dll
C:\WINDOWS\system32\winjgf32.dll
C:\WINDOWS\system32\yqrviazq.dllbox
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_DOMAINSERVICE
-------\DomainService
((((((((((((((((((((((((( Files Created from 2007-11-21 to 2007-12-21 )))))))))))))))))))))))))))))))
.
2007-12-21 15:38 . 2007-12-21 15:39 14,033 --a------ C:\posE01.tmp
2007-12-21 14:17 . 2007-12-21 14:17 14,033 --a------ C:\posDAA.tmp
2007-12-21 14:05 . 2007-12-21 14:05 14,033 --a------ C:\pos1CF3.tmp
2007-12-21 12:51 . 2007-12-21 12:51 14,033 --a------ C:\posBB8.tmp
2007-12-21 12:31 . 2007-12-21 12:31 d-------- C:\WINDOWS\nview
2007-12-21 12:31 . 2007-10-04 17:14 356,352 --a------ C:\WINDOWS\system32\nvudisp.exe
2007-12-21 12:31 . 2007-12-21 12:51 140,158 --a------ C:\WINDOWS\system32\nvapps.xml
2007-12-21 12:31 . 2007-10-04 17:14 17,525 --a------ C:\WINDOWS\system32\nvdisp.nvu
2007-12-21 12:28 . 2007-12-21 12:29 14,033 --a------ C:\pos88D.tmp
2007-12-21 11:17 . 2007-12-21 11:17 14,033 --a------ C:\pos1AF4.tmp
2007-12-20 18:58 . 2007-12-20 18:58 14,033 --a------ C:\pos7B3.tmp
2007-12-20 18:27 . 2007-12-21 12:48 7,168 --a------ C:\WINDOWS\system32\windows
2007-12-20 16:31 . 2007-12-20 16:31 14,033 --a------ C:\pos5D9.tmp
2007-12-20 16:09 . 2007-12-20 16:09 14,033 --a------ C:\pos3E3.tmp
2007-12-20 15:04 . 2007-12-20 15:04 14,033 --a------ C:\posF8.tmp
2007-12-20 14:38 . 2007-12-20 14:38 14,033 --a------ C:\pos171E.tmp
2007-12-20 13:10 . 2007-12-20 13:10 165,472 --a------ C:\WINDOWS\system32\yqrviazq.dll
2007-12-19 18:12 . 2007-12-20 17:26 d-------- C:\NVIDIA
2007-12-18 15:08 . 2007-12-18 15:08 d-------- C:\WINDOWS\system32\xlive
2007-12-18 14:48 . 2007-12-18 14:48 d-------- C:\Program Files\OpenAL
2007-12-18 14:48 . 2007-12-18 14:48 413,696 --a------ C:\WINDOWS\system32\wrap_oal.dll
2007-12-18 14:48 . 2007-12-18 14:48 110,592 --a------ C:\WINDOWS\system32\OpenAL32.dll
2007-12-12 17:38 . 2007-12-12 17:38 641,021 --a------ C:\WINDOWS\unins001.exe
2007-12-12 17:38 . 2007-12-12 17:38 2,585 --a------ C:\WINDOWS\unins001.dat
2007-12-12 13:31 . 2007-07-19 18:14 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll
2007-12-12 13:31 . 2007-07-19 18:14 1,358,192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll
2007-12-12 13:31 . 2007-07-19 18:14 444,776 --a------ C:\WINDOWS\system32\d3dx10_35.dll
2007-12-12 13:31 . 2007-07-20 00:57 267,112 --a------ C:\WINDOWS\system32\xactengine2_9.dll
2007-12-11 16:48 . 2007-12-11 16:48 d--h----- C:\WINDOWS\system32\GroupPolicy
2007-12-09 17:05 . 2007-12-09 17:05 d-------- C:\Documents and Settings\Lukasz\Dane aplikacji\BitSpirit
2007-12-09 12:59 . 2007-12-09 13:00 468 --a------ C:\WINDOWS\system32\CoreAAC.ax
2007-12-08 16:25 . 2001-01-12 19:47 122,884 --a------ C:\WINDOWS\UnGins.exe
2007-12-08 16:13 . 2004-08-18 09:34 442,368 -ra------ C:\WINDOWS\system32\vp6vfw.dll
2007-12-08 15:29 . 2007-12-08 15:29 d-------- C:\Program Files\uTorrent
2007-12-08 15:29 . 2007-12-19 17:23 d-------- C:\Documents and Settings\Lukasz\Dane aplikacji\uTorrent
2007-12-08 13:59 . 2007-12-08 15:29 d-------- C:\Documents and Settings\Lukasz\Dane aplikacji\Azureus
2007-12-08 13:59 . 2007-12-08 13:59 d-------- C:\Documents and Settings\All Users\Dane aplikacji\Azureus
2007-12-07 15:38 . 2007-12-14 20:59 d-------- C:\Program Files\DivX
2007-12-06 16:47 . 2007-12-06 16:47 d-------- C:\Documents and Settings\Lukasz\Dane aplikacji\Corel
2007-12-06 16:47 . 2007-12-06 16:58 56 -r-hs---- C:\WINDOWS\system32\7EDA65C1DA.sys
2007-12-06 16:46 . 2007-12-06 16:46 d-------- C:\Documents and Settings\All Users\Dane aplikacji\InstallShield
2007-12-06 16:41 . 2007-12-06 16:58 3,350 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-12-01 15:11 . 2007-05-16 16:45 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll
2007-12-01 15:11 . 2007-05-16 16:45 1,124,720 --a------ C:\WINDOWS\system32\D3DCompiler_34.dll
2007-12-01 15:11 . 2007-05-16 16:45 443,752 --a------ C:\WINDOWS\system32\d3dx10_34.dll
2007-12-01 15:11 . 2007-06-20 20:46 266,088 --a------ C:\WINDOWS\system32\xactengine2_8.dll
2007-12-01 15:11 . 2007-07-20 00:54 18,280 --a------ C:\WINDOWS\system32\x3daudio1_2.dll
2007-12-01 14:58 . 2007-12-01 14:58 d-------- C:\Documents and Settings\Lukasz\Dane aplikacji\InstallShield
2007-11-28 13:13 . 2007-11-28 13:13 d--hs---- C:\found.000
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-20 13:46 17,144 ----a-w C:\Documents and Settings\Lukasz\Dane aplikacji\GDIPFONTCACHEV1.DAT
2007-12-20 12:10 165,472 ----a-w C:\WINDOWS\system32\cwagdypo.dll
2007-12-18 17:17 --------- d-----w C:\Documents and Settings\Lukasz\Dane aplikacji\Skype
2007-12-17 09:57 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\ArcaBit
2007-12-09 11:57 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-09 10:07 359,040 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2007-12-08 11:52 --------- d-----w C:\Program Files\Neostrada TP
2007-12-06 15:45 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-12-04 12:18 --------- d-----w C:\Documents and Settings\Lukasz\Dane aplikacji\Hamachi
2007-11-10 19:40 --------- d-----w C:\Program Files\Gadwin Systems
2007-11-10 19:17 --------- d-----w C:\Documents and Settings\Lukasz\Dane aplikacji\FastStone
2007-11-04 13:15 --------- d-----w C:\Documents and Settings\Lukasz\Dane aplikacji\Image Zone Express
2007-11-04 12:11 --------- d-----w C:\Documents and Settings\Lukasz\Dane aplikacji\HP
2007-10-29 17:20 --------- d-----w C:\Program Files\Windows Media Components
2007-10-27 12:36 --------- d-----w C:\Program Files\A4Tech
2007-10-25 12:54 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-10-25 12:54 --------- d-----w C:\Program Files\AGEIA Technologies
2007-10-22 17:53 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-10-22 17:53 --------- d--h--r C:\Documents and Settings\Lukasz\Dane aplikacji\SecuROM
2007-10-20 00:56 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-10-20 00:56 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-10-12 22:19 13,653,824 ----a-w C:\WINDOWS\system32\xlivefnt.dll
2007-10-12 22:19 10,155,840 ----a-w C:\WINDOWS\system32\xlive.dll
2007-10-04 16:14 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll
2007-10-04 16:14 81,920 ----a-w C:\WINDOWS\system32\nvmctray.dll
2007-10-04 16:14 8,491,008 ----a-w C:\WINDOWS\system32\nvcpl.dll
2007-10-04 16:14 753,664 ----a-w C:\WINDOWS\system32\nvcplui.exe
2007-10-04 16:14 6,750,208 ----a-w C:\WINDOWS\system32\nvoglnt.dll
2007-10-04 16:14 6,344,704 ----a-w C:\WINDOWS\system32\nvdisps.dll
2007-10-04 16:14 5,783,424 ----a-w C:\WINDOWS\system32\nv4_disp.dll
2007-10-04 16:14 5,509,120 ----a-w C:\WINDOWS\system32\nvdispsr.dll
2007-10-04 16:14 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll
2007-10-04 16:14 458,752 ----a-w C:\WINDOWS\system32\nvmccssr.dll
2007-10-04 16:14 45,056 ----a-w C:\WINDOWS\system32\nvmccsrs.dll
2007-10-04 16:14 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe
2007-10-04 16:14 425,984 ----a-w C:\WINDOWS\system32\keystone.exe
2007-10-04 16:14 364,544 ----a-w C:\WINDOWS\system32\nvapi.dll
2007-10-04 16:14 36,864 ----a-w C:\WINDOWS\system32\nvcodins.dll
2007-10-04 16:14 36,864 ----a-w C:\WINDOWS\system32\nvcod.dll
2007-10-04 16:14 335,872 ----a-w C:\WINDOWS\system32\nvwrses.dll
2007-10-04 16:14 335,872 ----a-w C:\WINDOWS\system32\nvwrsel.dll
2007-10-04 16:14 327,680 ----a-w C:\WINDOWS\system32\nvwrsfr.dll
2007-10-04 16:14 327,680 ----a-w C:\WINDOWS\system32\nvwrsesm.dll
2007-10-04 16:14 327,680 ----a-w C:\WINDOWS\system32\nvrshe.dll
2007-10-04 16:14 327,680 ----a-w C:\WINDOWS\system32\nvrsar.dll
2007-10-04 16:14 323,584 ----a-w C:\WINDOWS\system32\nvwrspt.dll
2007-10-04 16:14 323,584 ----a-w C:\WINDOWS\system32\nvwrsit.dll
2007-10-04 16:14 319,488 ----a-w C:\WINDOWS\system32\nvwrsptb.dll
2007-10-04 16:14 319,488 ----a-w C:\WINDOWS\system32\nvwrsnl.dll
2007-10-04 16:14 315,392 ----a-w C:\WINDOWS\system32\nvwrsru.dll
2007-10-04 16:14 315,392 ----a-w C:\WINDOWS\system32\nvwrshu.dll
2007-10-04 16:14 311,296 ----a-w C:\WINDOWS\system32\nvwrsde.dll
2007-10-04 16:14 307,200 ----a-w C:\WINDOWS\system32\nvexpbar.dll
2007-10-04 16:14 303,104 ----a-w C:\WINDOWS\system32\nvwrstr.dll
2007-10-04 16:14 303,104 ----a-w C:\WINDOWS\system32\nvwrssl.dll
2007-10-04 16:14 303,104 ----a-w C:\WINDOWS\system32\nvwrsfi.dll
2007-10-04 16:14 3,629,056 ----a-w C:\WINDOWS\system32\nvvitvsr.dll
2007-10-04 16:14 3,551,232 ----a-w C:\WINDOWS\system32\nvvitvs.dll
2007-10-04 16:14 3,334,144 ----a-w C:\WINDOWS\system32\nvgames.dll
2007-10-04 16:14 3,166,208 ----a-w C:\WINDOWS\system32\nvgamesr.dll
2007-10-04 16:14 299,008 ----a-w C:\WINDOWS\system32\nvwrssk.dll
2007-10-04 16:14 299,008 ----a-w C:\WINDOWS\system32\nvwrsno.dll
2007-10-04 16:14 294,912 ----a-w C:\WINDOWS\system32\nvwrssv.dll
2007-10-04 16:14 294,912 ----a-w C:\WINDOWS\system32\nvwrspl.dll
2007-10-04 16:14 294,912 ----a-w C:\WINDOWS\system32\nvwrsda.dll
2007-10-04 16:14 290,816 ----a-w C:\WINDOWS\system32\nvwrsth.dll
2007-10-04 16:14 286,720 ----a-w C:\WINDOWS\system32\nvwrseng.dll
2007-10-04 16:14 286,720 ----a-w C:\WINDOWS\system32\nvwrscs.dll
2007-10-04 16:14 286,720 ----a-w C:\WINDOWS\system32\nvnt4cpl.dll
2007-10-04 16:14 282,624 ----a-w C:\WINDOWS\system32\nvwrsar.dll
2007-10-04 16:14 282,624 ----a-w C:\WINDOWS\system32\nvrsfr.dll
2007-10-04 16:14 282,624 ----a-w C:\WINDOWS\system32\nvrses.dll
2007-10-04 16:14 282,624 ----a-w C:\WINDOWS\system32\nvrsel.dll
2007-10-04 16:14 278,528 ----a-w C:\WINDOWS\system32\nvwrshe.dll
2007-10-04 16:14 278,528 ----a-w C:\WINDOWS\system32\nvrsit.dll
2007-10-04 16:14 278,528 ----a-w C:\WINDOWS\system32\nvrsde.dll
2007-10-04 16:14 274,432 ----a-w C:\WINDOWS\system32\nvrspt.dll
2007-10-04 16:14 274,432 ----a-w C:\WINDOWS\system32\nvrsnl.dll
2007-10-04 16:14 274,432 ----a-w C:\WINDOWS\system32\nvrsesm.dll
2007-10-04 16:14 270,336 ----a-w C:\WINDOWS\system32\nvrsru.dll
2007-10-04 16:14 266,240 ----a-w C:\WINDOWS\system32\nvrsptb.dll
2007-10-04 16:14 266,240 ----a-w C:\WINDOWS\system32\nvrsja.dll
2007-10-04 16:14 258,048 ----a-w C:\WINDOWS\system32\nvrstr.dll
2007-10-04 16:14 258,048 ----a-w C:\WINDOWS\system32\nvrssl.dll
2007-10-04 16:14 258,048 ----a-w C:\WINDOWS\system32\nvrssk.dll
2007-10-04 16:14 258,048 ----a-w C:\WINDOWS\system32\nvrsko.dll
2007-10-04 16:14 258,048 ----a-w C:\WINDOWS\system32\nvrshu.dll
2007-10-04 16:14 253,952 ----a-w C:\WINDOWS\system32\nvrsth.dll
2007-10-04 16:14 253,952 ----a-w C:\WINDOWS\system32\nvrssv.dll
2007-10-04 16:14 253,952 ----a-w C:\WINDOWS\system32\nvrspl.dll
2007-10-04 16:14 253,952 ----a-w C:\WINDOWS\system32\nvrsno.dll
2007-10-04 16:14 253,952 ----a-w C:\WINDOWS\system32\nvrsda.dll
2007-10-04 16:14 249,856 ----a-w C:\WINDOWS\system32\nvrsfi.dll
2007-10-04 16:14 249,856 ----a-w C:\WINDOWS\system32\nvrscs.dll
2007-10-04 16:14 245,760 ----a-w C:\WINDOWS\system32\nvrseng.dll
2007-10-04 16:14 229,376 ----a-w C:\WINDOWS\system32\nvmccs.dll
2007-10-04 16:14 225,280 ----a-w C:\WINDOWS\system32\nvrszhc.dll
2007-10-04 16:14 212,992 ----a-w C:\WINDOWS\system32\nvwrsja.dll
2007-10-04 16:14 2,854,912 ----a-w C:\WINDOWS\system32\nvmoblsr.dll
2007-10-04 16:14 2,441,216 ----a-w C:\WINDOWS\system32\nvwssr.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
2007-12-20 13:10 165472 --a------ C:\WINDOWS\system32\yqrviazq.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c7c20e78-3100-4ba2-a10d-33b3a01d2b3c}]
C:\WINDOWS\system32\pssyvopo.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadwin PrintScreen"="C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2007-08-20 09:42]
"AutoConnect"="D:\AutoConnect\AutoConnect.exe" [2004-08-28 19:27]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iKeyWorks"="C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe" [2005-04-14 04:35]
"AvMenu"="D:\ArcaBit 2007\ArcaVir\AVMenu.exe" [2007-12-05 10:24]
"ABREGMON"="D:\ArcaBit 2007\ArcaVir\ABregmon.exe" [2007-07-12 09:40]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-03 23:44 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2007-10-04 17:14 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-03 23:44 C:\WINDOWS\system32\rundll32.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:44]
C:\Documents and Settings\All Users\Menu Start\Programy\AutostartBTTray.lnk - D:\BLUETOOTH PC\BTTray.exe [2005-10-09 00:16:54]
DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2007-10-09 19:20:38]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\TS_LogonListener]
TS_LogonListener.dll 2007-01-12 15:41 101376 C:\WINDOWS\system32\TS_LogonListener.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\yqrviazq]
yqrviazq.dll 2007-12-20 13:10 165472 C:\WINDOWS\system32\yqrviazq.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ABRegmon]
2007-07-12 09:40 303104 --a------ D:\ArcaBit 2007\ArcaVir\ABregmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
ALCMTR.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcaCheck]
D:\ArcaBit 2007\ArcaVir\ArcaCheck.exe /startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
D:\demon\daemon.exe -lang 1033
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DataLayer]
2005-09-06 13:45 820736 --a------ C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\himem]
c:\windows\himem.exe 3fff 8ffff
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2005-05-11 22:12 49152 --a------ D:\HP 1410\HP Software Update\HPWuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe -start
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
2001-07-09 10:50 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
D:\Nokia PC Suite\Nokia PC Suite 6\LaunchApplication.exe -onlytray
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
RTHDCPL.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
SkyTel.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WooCnxMon]
2003-10-16 18:07 24576 --a------ C:\PROGRA~1\NEOSTR~1\CnxMon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOTASKBARICON]
2003-10-16 18:07 53248 --------- C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOWATCH]
2003-10-16 18:07 20480 --------- C:\PROGRA~1\NEOSTR~1\Watch.exe
R0 m5288;m5288;C:\WINDOWS\system32\DRIVERS\m5288.sys [2005-12-23 21:54]
R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);C:\WINDOWS\system32\drivers\sfsync03.sys [2005-10-13 14:46]
R1 ABTDI;ABTDI;D:\ArcaBit 2007\ArcaVir\ABTDI.sys [2007-05-08 13:45]
R2 ABFileMon;ArcaBit FileMonitor;"D:\ArcaBit 2007\ArcaVir\FileMonSV.exe" [2007-10-09 11:10]
R2 ArcaBit.TaskScheduler;ArcaBit.TaskScheduler;"D:\ArcaBit 2007\Common\TaskScheduler.exe" [2007-01-12 15:42]
R2 AVUpdate;ArcaBit Update Service;D:\ArcaBit 2007\ArcaUpdate\update.exe [2007-02-26 15:04]
R3 ABFLT;ArcaBit File Monitor Driver;D:\ARCABI~1\ArcaVir\ABFLT.sys [2007-09-12 13:37]
R3 ArcaBit.Core.Configurator;ArcaBit.Core.Configurator;"D:\ArcaBit 2007\Common\ArcaBit.Core.Configurator2.exe" [2007-01-11 15:01]
R3 ULI5261XP;ULi M526X Ethernet NT Driver;C:\WINDOWS\system32\DRIVERS\ULILAN51.SYS [2005-03-22 13:36]
S3 Amps2prt;A4Tech PS/2 Port Mouse Driver;C:\WINDOWS\system32\DRIVERS\Amps2prt.sys [2004-03-31 18:03]
S3 ArcaBit.Core.LoggingService;ArcaBit.Core.LoggingService;"D:\ArcaBit 2007\Common\ArcaBit.Core.LoggingService.exe" [2007-01-11 15:03]
S3 MSControlService;Microsoft cache control;C:\WINDOWS\system32\windows [2007-12-21 12:48]
S3 ps_drv;ps_drv;C:\Documents and Settings\Lukasz\ps_drv.sys []
S3 usbscan;Sterownik skanera USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 21:58]
S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 22:08]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8990f4f8-95f2-11dc-8c08-0016179032ea}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
\Shell\Open(&0)\command - Recycled\ctfmon.exe
.
**************************************************************************
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-21 15:57:59
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
C:\WINDOWS\system32\yqrviazq.dllbox 210 bytes
scan completed successfully
hidden files: 1
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\yqrviazq.dll
PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.2180]
-> C:\WINDOWS\system32\yqrviazq.dll
.
Completion time: 2007-12-21 15:58:48 - machine was rebooted
[/quote]
Odpowiedzi: 10
dziękuję Wam, a w szczególności Tobie "morda"
czyszczenie EasyCleaner pomogło, już nie ma tych plików
jeszcze raz dzięki wielkie, już myślałem że mnie czeka formatowanie ;/
pozdrawiam :)
Właśnie te pliki mnie trochę niepokoją. Zmieniają się ich nazwy, ale daty modyfikacji są cały czas te same.
Nie wiem, co je tworzy.
Ponieważ to są pliki [b]*,tmp[/b], to może użyj jakiegoś "czyściciela", który je wszystkie usunie.
Może być np. "Easy Cleaner" lub coś podobnego.
.
oki już to zrobiłem
log:
[quote]ComboFix 07-12-21.4 - Lukasz 2007-12-22 14:54:36.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.751 [GMT 1:00]
Running from: F:\ComboFix.exe
Command switches used :: F:\CFScript.txt
* Created a new restore point
FILE
C:\pos153F.tmp
C:\pos1710.tmp
C:\pos190F.tmp
C:\pos1AEE.tmp
C:\pos1CF0.tmp
C:\pos1D17.tmp
C:\pos1D2F.tmp
C:\pos1F39.tmp
C:\pos212A.tmp
C:\pos3D0.tmp
C:\pos5D8.tmp
C:\pos7AB.tmp
C:\pos881.tmp
C:\posB65.tmp
C:\posD8.tmp
C:\posDA2.tmp
C:\posDF5.tmp
C:\posFFB.tmp
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\pos153F.tmp
C:\pos1710.tmp
C:\pos190F.tmp
C:\pos1AEE.tmp
C:\pos1CF0.tmp
C:\pos1D17.tmp
C:\pos1D2F.tmp
C:\pos1F39.tmp
C:\pos212A.tmp
C:\pos3D0.tmp
C:\pos5D8.tmp
C:\pos7AB.tmp
C:\pos881.tmp
C:\posB65.tmp
C:\posD8.tmp
C:\posDA2.tmp
C:\posDF5.tmp
C:\posFFB.tmp
.
((((((((((((((((((((((((( Files Created from 2007-11-22 to 2007-12-22 )))))))))))))))))))))))))))))))
.
2007-12-22 11:01 . 2007-12-22 11:59 14,033 --a------ C:\pos2127.tmp
2007-12-22 10:45 . 2007-12-22 10:50 14,033 --a------ C:\pos1F37.tmp
2007-12-21 18:11 . 2007-12-21 18:11 14,033 --a------ C:\pos1D27.tmp
2007-12-21 18:10 . 2007-12-21 18:11 14,033 --a------ C:\pos1D0F.tmp
2007-12-21 16:58 . 2007-12-21 16:58 14,033 --a------ C:\posFEB.tmp
2007-12-21 15:38 . 2007-12-21 15:39 14,033 --a------ C:\posDF0.tmp
2007-12-21 14:17 . 2007-12-21 14:17 14,033 --a------ C:\posD86.tmp
2007-12-21 14:05 . 2007-12-21 14:05 14,033 --a------ C:\pos1CEB.tmp
2007-12-21 12:51 . 2007-12-21 12:51 14,033 --a------ C:\posB61.tmp
2007-12-21 12:31 . 2007-12-21 12:31 d-------- C:\WINDOWS\nview
2007-12-21 12:31 . 2007-10-04 17:14 356,352 --a------ C:\WINDOWS\system32\nvudisp.exe
2007-12-21 12:31 . 2007-12-21 12:51 140,158 --a------ C:\WINDOWS\system32\nvapps.xml
2007-12-21 12:31 . 2007-10-04 17:14 17,525 --a------ C:\WINDOWS\system32\nvdisp.nvu
2007-12-21 12:28 . 2007-12-21 12:29 14,033 --a------ C:\pos873.tmp
2007-12-21 11:17 . 2007-12-21 11:17 14,033 --a------ C:\pos1AEA.tmp
2007-12-20 18:58 . 2007-12-20 18:58 14,033 --a------ C:\pos79B.tmp
2007-12-20 18:07 . 2007-12-20 18:07 14,033 --a------ C:\pos190A.tmp
2007-12-20 16:31 . 2007-12-20 16:31 14,033 --a------ C:\pos5C1.tmp
2007-12-20 16:09 . 2007-12-20 16:09 14,033 --a------ C:\pos3BF.tmp
2007-12-20 15:04 . 2007-12-20 15:04 14,033 --a------ C:\posC9.tmp
2007-12-20 14:38 . 2007-12-20 14:38 14,033 --a------ C:\pos170F.tmp
2007-12-20 13:10 . 2007-12-20 13:11 14,033 --a------ C:\pos1537.tmp
2007-12-19 18:12 . 2007-12-20 17:26 d-------- C:\NVIDIA
2007-12-18 15:08 . 2007-12-18 15:08 d-------- C:\WINDOWS\system32\xlive
2007-12-18 14:48 . 2007-12-18 14:48 d-------- C:\Program Files\OpenAL
2007-12-18 14:48 . 2007-12-18 14:48 413,696 --a------ C:\WINDOWS\system32\wrap_oal.dll
2007-12-18 14:48 . 2007-12-18 14:48 110,592 --a------ C:\WINDOWS\system32\OpenAL32.dll
2007-12-12 17:38 . 2007-12-12 17:38 641,021 --a------ C:\WINDOWS\unins001.exe
2007-12-12 17:38 . 2007-12-12 17:38 2,585 --a------ C:\WINDOWS\unins001.dat
2007-12-12 13:31 . 2007-07-19 18:14 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll
2007-12-12 13:31 . 2007-07-19 18:14 1,358,192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll
2007-12-12 13:31 . 2007-07-19 18:14 444,776 --a------ C:\WINDOWS\system32\d3dx10_35.dll
2007-12-12 13:31 . 2007-07-20 00:57 267,112 --a------ C:\WINDOWS\system32\xactengine2_9.dll
2007-12-11 16:48 . 2007-12-11 16:48 d--h----- C:\WINDOWS\system32\GroupPolicy
2007-12-09 17:05 . 2007-12-09 17:05 d-------- C:\Documents and Settings\Lukasz\Dane aplikacji\BitSpirit
2007-12-09 12:59 . 2007-12-09 13:00 468 --a------ C:\WINDOWS\system32\CoreAAC.ax
2007-12-08 16:25 . 2001-01-12 19:47 122,884 --a------ C:\WINDOWS\UnGins.exe
2007-12-08 16:13 . 2004-08-18 09:34 442,368 -ra------ C:\WINDOWS\system32\vp6vfw.dll
2007-12-08 15:29 . 2007-12-08 15:29 d-------- C:\Program Files\uTorrent
2007-12-08 15:29 . 2007-12-19 17:23 d-------- C:\Documents and Settings\Lukasz\Dane aplikacji\uTorrent
2007-12-08 13:59 . 2007-12-08 15:29 d-------- C:\Documents and Settings\Lukasz\Dane aplikacji\Azureus
2007-12-08 13:59 . 2007-12-08 13:59 d-------- C:\Documents and Settings\All Users\Dane aplikacji\Azureus
2007-12-07 15:38 . 2007-12-14 20:59 d-------- C:\Program Files\DivX
2007-12-06 16:47 . 2007-12-06 16:47 d-------- C:\Documents and Settings\Lukasz\Dane aplikacji\Corel
2007-12-06 16:47 . 2007-12-06 16:58 56 -r-hs---- C:\WINDOWS\system32\7EDA65C1DA.sys
2007-12-06 16:46 . 2007-12-06 16:46 d-------- C:\Documents and Settings\All Users\Dane aplikacji\InstallShield
2007-12-06 16:41 . 2007-12-06 16:58 3,350 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-12-01 15:11 . 2007-05-16 16:45 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll
2007-12-01 15:11 . 2007-05-16 16:45 1,124,720 --a------ C:\WINDOWS\system32\D3DCompiler_34.dll
2007-12-01 15:11 . 2007-05-16 16:45 443,752 --a------ C:\WINDOWS\system32\d3dx10_34.dll
2007-12-01 15:11 . 2007-06-20 20:46 266,088 --a------ C:\WINDOWS\system32\xactengine2_8.dll
2007-12-01 15:11 . 2007-07-20 00:54 18,280 --a------ C:\WINDOWS\system32\x3daudio1_2.dll
2007-12-01 14:58 . 2007-12-01 14:58 d-------- C:\Documents and Settings\Lukasz\Dane aplikacji\InstallShield
2007-11-28 13:13 . 2007-11-28 13:13 d--hs---- C:\found.000
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-20 13:46 17,144 ----a-w C:\Documents and Settings\Lukasz\Dane aplikacji\GDIPFONTCACHEV1.DAT
2007-12-18 17:17 --------- d-----w C:\Documents and Settings\Lukasz\Dane aplikacji\Skype
2007-12-17 09:57 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\ArcaBit
2007-12-09 11:57 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-09 10:07 359,040 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2007-12-08 11:52 --------- d-----w C:\Program Files\Neostrada TP
2007-12-06 15:45 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-12-04 12:18 --------- d-----w C:\Documents and Settings\Lukasz\Dane aplikacji\Hamachi
2007-11-10 19:40 --------- d-----w C:\Program Files\Gadwin Systems
2007-11-10 19:17 --------- d-----w C:\Documents and Settings\Lukasz\Dane aplikacji\FastStone
2007-11-04 13:15 --------- d-----w C:\Documents and Settings\Lukasz\Dane aplikacji\Image Zone Express
2007-11-04 12:11 --------- d-----w C:\Documents and Settings\Lukasz\Dane aplikacji\HP
2007-10-29 17:20 --------- d-----w C:\Program Files\Windows Media Components
2007-10-27 12:36 --------- d-----w C:\Program Files\A4Tech
2007-10-25 12:54 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-10-25 12:54 --------- d-----w C:\Program Files\AGEIA Technologies
2007-10-22 17:53 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-10-22 17:53 --------- d--h--r C:\Documents and Settings\Lukasz\Dane aplikacji\SecuROM
2007-10-20 00:56 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-10-20 00:56 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-10-12 22:19 13,653,824 ----a-w C:\WINDOWS\system32\xlivefnt.dll
2007-10-12 22:19 10,155,840 ----a-w C:\WINDOWS\system32\xlive.dll
2007-10-04 16:14 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll
2007-10-04 16:14 81,920 ----a-w C:\WINDOWS\system32\nvmctray.dll
2007-10-04 16:14 8,491,008 ----a-w C:\WINDOWS\system32\nvcpl.dll
2007-10-04 16:14 753,664 ----a-w C:\WINDOWS\system32\nvcplui.exe
2007-10-04 16:14 6,750,208 ----a-w C:\WINDOWS\system32\nvoglnt.dll
2007-10-04 16:14 6,344,704 ----a-w C:\WINDOWS\system32\nvdisps.dll
2007-10-04 16:14 5,783,424 ----a-w C:\WINDOWS\system32\nv4_disp.dll
2007-10-04 16:14 5,509,120 ----a-w C:\WINDOWS\system32\nvdispsr.dll
2007-10-04 16:14 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll
2007-10-04 16:14 458,752 ----a-w C:\WINDOWS\system32\nvmccssr.dll
2007-10-04 16:14 45,056 ----a-w C:\WINDOWS\system32\nvmccsrs.dll
2007-10-04 16:14 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe
2007-10-04 16:14 425,984 ----a-w C:\WINDOWS\system32\keystone.exe
2007-10-04 16:14 364,544 ----a-w C:\WINDOWS\system32\nvapi.dll
2007-10-04 16:14 36,864 ----a-w C:\WINDOWS\system32\nvcodins.dll
2007-10-04 16:14 36,864 ----a-w C:\WINDOWS\system32\nvcod.dll
2007-10-04 16:14 335,872 ----a-w C:\WINDOWS\system32\nvwrses.dll
2007-10-04 16:14 335,872 ----a-w C:\WINDOWS\system32\nvwrsel.dll
2007-10-04 16:14 327,680 ----a-w C:\WINDOWS\system32\nvwrsfr.dll
2007-10-04 16:14 327,680 ----a-w C:\WINDOWS\system32\nvwrsesm.dll
2007-10-04 16:14 327,680 ----a-w C:\WINDOWS\system32\nvrshe.dll
2007-10-04 16:14 327,680 ----a-w C:\WINDOWS\system32\nvrsar.dll
2007-10-04 16:14 323,584 ----a-w C:\WINDOWS\system32\nvwrspt.dll
2007-10-04 16:14 323,584 ----a-w C:\WINDOWS\system32\nvwrsit.dll
2007-10-04 16:14 319,488 ----a-w C:\WINDOWS\system32\nvwrsptb.dll
2007-10-04 16:14 319,488 ----a-w C:\WINDOWS\system32\nvwrsnl.dll
2007-10-04 16:14 315,392 ----a-w C:\WINDOWS\system32\nvwrsru.dll
2007-10-04 16:14 315,392 ----a-w C:\WINDOWS\system32\nvwrshu.dll
2007-10-04 16:14 311,296 ----a-w C:\WINDOWS\system32\nvwrsde.dll
2007-10-04 16:14 307,200 ----a-w C:\WINDOWS\system32\nvexpbar.dll
2007-10-04 16:14 303,104 ----a-w C:\WINDOWS\system32\nvwrstr.dll
2007-10-04 16:14 303,104 ----a-w C:\WINDOWS\system32\nvwrssl.dll
2007-10-04 16:14 303,104 ----a-w C:\WINDOWS\system32\nvwrsfi.dll
2007-10-04 16:14 3,629,056 ----a-w C:\WINDOWS\system32\nvvitvsr.dll
2007-10-04 16:14 3,551,232 ----a-w C:\WINDOWS\system32\nvvitvs.dll
2007-10-04 16:14 3,334,144 ----a-w C:\WINDOWS\system32\nvgames.dll
2007-10-04 16:14 3,166,208 ----a-w C:\WINDOWS\system32\nvgamesr.dll
2007-10-04 16:14 299,008 ----a-w C:\WINDOWS\system32\nvwrssk.dll
2007-10-04 16:14 299,008 ----a-w C:\WINDOWS\system32\nvwrsno.dll
2007-10-04 16:14 294,912 ----a-w C:\WINDOWS\system32\nvwrssv.dll
2007-10-04 16:14 294,912 ----a-w C:\WINDOWS\system32\nvwrspl.dll
2007-10-04 16:14 294,912 ----a-w C:\WINDOWS\system32\nvwrsda.dll
2007-10-04 16:14 290,816 ----a-w C:\WINDOWS\system32\nvwrsth.dll
2007-10-04 16:14 286,720 ----a-w C:\WINDOWS\system32\nvwrseng.dll
2007-10-04 16:14 286,720 ----a-w C:\WINDOWS\system32\nvwrscs.dll
2007-10-04 16:14 286,720 ----a-w C:\WINDOWS\system32\nvnt4cpl.dll
2007-10-04 16:14 282,624 ----a-w C:\WINDOWS\system32\nvwrsar.dll
2007-10-04 16:14 282,624 ----a-w C:\WINDOWS\system32\nvrsfr.dll
2007-10-04 16:14 282,624 ----a-w C:\WINDOWS\system32\nvrses.dll
2007-10-04 16:14 282,624 ----a-w C:\WINDOWS\system32\nvrsel.dll
2007-10-04 16:14 278,528 ----a-w C:\WINDOWS\system32\nvwrshe.dll
2007-10-04 16:14 278,528 ----a-w C:\WINDOWS\system32\nvrsit.dll
2007-10-04 16:14 278,528 ----a-w C:\WINDOWS\system32\nvrsde.dll
2007-10-04 16:14 274,432 ----a-w C:\WINDOWS\system32\nvrspt.dll
2007-10-04 16:14 274,432 ----a-w C:\WINDOWS\system32\nvrsnl.dll
2007-10-04 16:14 274,432 ----a-w C:\WINDOWS\system32\nvrsesm.dll
2007-10-04 16:14 270,336 ----a-w C:\WINDOWS\system32\nvrsru.dll
2007-10-04 16:14 266,240 ----a-w C:\WINDOWS\system32\nvrsptb.dll
2007-10-04 16:14 266,240 ----a-w C:\WINDOWS\system32\nvrsja.dll
2007-10-04 16:14 258,048 ----a-w C:\WINDOWS\system32\nvrstr.dll
2007-10-04 16:14 258,048 ----a-w C:\WINDOWS\system32\nvrssl.dll
2007-10-04 16:14 258,048 ----a-w C:\WINDOWS\system32\nvrssk.dll
2007-10-04 16:14 258,048 ----a-w C:\WINDOWS\system32\nvrsko.dll
2007-10-04 16:14 258,048 ----a-w C:\WINDOWS\system32\nvrshu.dll
2007-10-04 16:14 253,952 ----a-w C:\WINDOWS\system32\nvrsth.dll
2007-10-04 16:14 253,952 ----a-w C:\WINDOWS\system32\nvrssv.dll
2007-10-04 16:14 253,952 ----a-w C:\WINDOWS\system32\nvrspl.dll
2007-10-04 16:14 253,952 ----a-w C:\WINDOWS\system32\nvrsno.dll
2007-10-04 16:14 253,952 ----a-w C:\WINDOWS\system32\nvrsda.dll
2007-10-04 16:14 249,856 ----a-w C:\WINDOWS\system32\nvrsfi.dll
2007-10-04 16:14 249,856 ----a-w C:\WINDOWS\system32\nvrscs.dll
2007-10-04 16:14 245,760 ----a-w C:\WINDOWS\system32\nvrseng.dll
2007-10-04 16:14 229,376 ----a-w C:\WINDOWS\system32\nvmccs.dll
2007-10-04 16:14 225,280 ----a-w C:\WINDOWS\system32\nvrszhc.dll
2007-10-04 16:14 212,992 ----a-w C:\WINDOWS\system32\nvwrsja.dll
2007-10-04 16:14 2,854,912 ----a-w C:\WINDOWS\system32\nvmoblsr.dll
2007-10-04 16:14 2,441,216 ----a-w C:\WINDOWS\system32\nvwssr.dll
2007-10-04 16:14 2,371,584 ----a-w C:\WINDOWS\system32\nvwss.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadwin PrintScreen"="C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2007-08-20 09:42]
"AutoConnect"="D:\AutoConnect\AutoConnect.exe" [2004-08-28 19:27]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iKeyWorks"="C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe" [2005-04-14 04:35]
"AvMenu"="D:\ArcaBit 2007\ArcaVir\AVMenu.exe" [2007-12-05 10:24]
"ABREGMON"="D:\ArcaBit 2007\ArcaVir\ABregmon.exe" [2007-07-12 09:40]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-03 23:44 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2007-10-04 17:14 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-03 23:44 C:\WINDOWS\system32\rundll32.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:44]
C:\Documents and Settings\All Users\Menu Start\Programy\AutostartBTTray.lnk - D:\BLUETOOTH PC\BTTray.exe [2005-10-09 00:16:54]
DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2007-10-09 19:20:38]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\TS_LogonListener]
TS_LogonListener.dll 2007-01-12 15:41 101376 C:\WINDOWS\system32\TS_LogonListener.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ABRegmon]
2007-07-12 09:40 303104 --a------ D:\ArcaBit 2007\ArcaVir\ABregmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
ALCMTR.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcaCheck]
D:\ArcaBit 2007\ArcaVir\ArcaCheck.exe /startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
D:\demon\daemon.exe -lang 1033
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DataLayer]
2005-09-06 13:45 820736 --a------ C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\himem]
c:\windows\himem.exe 3fff 8ffff
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2005-05-11 22:12 49152 --a------ D:\HP 1410\HP Software Update\HPWuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe -start
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
2001-07-09 10:50 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
D:\Nokia PC Suite\Nokia PC Suite 6\LaunchApplication.exe -onlytray
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
RTHDCPL.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
SkyTel.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WooCnxMon]
2003-10-16 18:07 24576 --a------ C:\PROGRA~1\NEOSTR~1\CnxMon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOTASKBARICON]
2003-10-16 18:07 53248 --------- C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOWATCH]
2003-10-16 18:07 20480 --------- C:\PROGRA~1\NEOSTR~1\Watch.exe
R0 m5288;m5288;C:\WINDOWS\system32\DRIVERS\m5288.sys [2005-12-23 21:54]
R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);C:\WINDOWS\system32\drivers\sfsync03.sys [2005-10-13 14:46]
R1 ABTDI;ABTDI;D:\ArcaBit 2007\ArcaVir\ABTDI.sys [2007-05-08 13:45]
R2 ABFileMon;ArcaBit FileMonitor;"D:\ArcaBit 2007\ArcaVir\FileMonSV.exe" [2007-10-09 11:10]
R2 ArcaBit.TaskScheduler;ArcaBit.TaskScheduler;"D:\ArcaBit 2007\Common\TaskScheduler.exe" [2007-01-12 15:42]
R2 AVUpdate;ArcaBit Update Service;D:\ArcaBit 2007\ArcaUpdate\update.exe [2007-02-26 15:04]
R3 ABFLT;ArcaBit File Monitor Driver;D:\ARCABI~1\ArcaVir\ABFLT.sys [2007-09-12 13:37]
R3 ArcaBit.Core.Configurator;ArcaBit.Core.Configurator;"D:\ArcaBit 2007\Common\ArcaBit.Core.Configurator2.exe" [2007-01-11 15:01]
R3 ArcaBit.Core.LoggingService;ArcaBit.Core.LoggingService;"D:\ArcaBit 2007\Common\ArcaBit.Core.LoggingService.exe" [2007-01-11 15:03]
R3 ULI5261XP;ULi M526X Ethernet NT Driver;C:\WINDOWS\system32\DRIVERS\ULILAN51.SYS [2005-03-22 13:36]
S3 Amps2prt;A4Tech PS/2 Port Mouse Driver;C:\WINDOWS\system32\DRIVERS\Amps2prt.sys [2004-03-31 18:03]
S3 usbscan;Sterownik skanera USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 21:58]
S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 22:08]
.
**************************************************************************
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-22 14:56:28
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-12-22 14:56:50[/quote]
już nie mam tych błedów, i jak to zrobiłem to wyskoczyło mi z 3 okienka z adware chyba programu antyvirusowego ArcaVir 2007
a i jeszcze jedno: na dysku C mam dużo plików o nazwie: pos1, pos1A, pos 1A00 i tak dalej, tych plików jest 8971 ,a rozmiar jednego pliku to ok. 12 kb. wcześniej tych plików nie miałem no i teraz nie chcę mieć bo mi zaśmiecają dysk C a i tak mam tam mało miejsca wolnego:/
Wklej do [b]Notatnika[/b]:
[CODE]
File::
C:\pos212A.tmp
C:\pos1F39.tmp
C:\pos1D2F.tmp
C:\pos1D17.tmp
C:\posFFB.tmp
C:\posDF5.tmp
C:\posDA2.tmp
C:\pos1CF0.tmp
C:\posB65.tmp
C:\pos881.tmp
C:\pos1AEE.tmp
C:\pos7AB.tmp
C:\pos190F.tmp
C:\pos5D8.tmp
C:\pos3D0.tmp
C:\posD8.tmp
C:\pos1710.tmp
C:\pos153F.tmp
[/code]
[b]>>Plik>>Zapisz jako... >>> [color=red]CFScript[/color][/b]
Przeciągnij i upuść plik [color=red][b]CFScript.txt[/b][/color] na plik [b]ComboFix.exe[/b]
– podobnie jak na tym obrazku [b][color=blue]-->[/color][/b][img]http://img.wklej.org/images/88953CFScript-createdbyMiekiemoes.gif[/img]
Ma się rozpocząć usuwanie. (i powstanie log).
[b]Po restarcie[/b] usuń ręcznie folder [b]C: \[color=red]Qoobox[/color][/b].
Daj ten log, który powstanie w trakcie usuwania.
.
juz zrobilem te czyszczenie ,, mordy ,,, pozdrawiam i dziękuję :) zobaczymy czy pomogło jak narazie błedow nie miałem
daje log:
[quote]ComboFix 07-12-21.4 - Lukasz 2007-12-22 12:37:51.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.532 [GMT 1:00]
Running from: F:\ComboFix.exe
Command switches used :: F:\CFScript.txt
* Created a new restore point
FILE
C:\pos171E.tmp
C:\pos1AF4.tmp
C:\pos1CF3.tmp
C:\pos3E3.tmp
C:\pos5D9.tmp
C:\pos7B3.tmp
C:\pos88D.tmp
C:\posBB8.tmp
C:\posDAA.tmp
C:\posE01.tmp
C:\posF8.tmp
C:\WINDOWS\system32\cwagdypo.dll
C:\WINDOWS\system32\yqrviazq.dll
C:\WINDOWS\system32\yqrviazq.dllbox
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\pos171E.tmp
C:\pos1AF4.tmp
C:\pos1CF3.tmp
C:\pos3E3.tmp
C:\pos5D9.tmp
C:\pos7B3.tmp
C:\pos88D.tmp
C:\posBB8.tmp
C:\posDAA.tmp
C:\posE01.tmp
C:\posF8.tmp
C:\WINDOWS\system32\cwagdypo.dll
C:\WINDOWS\system32\yqrviazq.dll
C:\WINDOWS\system32\yqrviazq.dllbox
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\ps_drv
((((((((((((((((((((((((( Files Created from 2007-11-22 to 2007-12-22 )))))))))))))))))))))))))))))))
.
2007-12-22 11:01 . 2007-12-22 11:59 14,033 --a------ C:\pos212A.tmp
2007-12-22 10:45 . 2007-12-22 10:50 14,033 --a------ C:\pos1F39.tmp
2007-12-21 18:11 . 2007-12-21 18:11 14,033 --a------ C:\pos1D2F.tmp
2007-12-21 18:10 . 2007-12-21 18:11 14,033 --a------ C:\pos1D17.tmp
2007-12-21 16:58 . 2007-12-21 16:58 14,033 --a------ C:\posFFB.tmp
2007-12-21 15:38 . 2007-12-21 15:39 14,033 --a------ C:\posDF5.tmp
2007-12-21 14:17 . 2007-12-21 14:17 14,033 --a------ C:\posDA2.tmp
2007-12-21 14:05 . 2007-12-21 14:05 14,033 --a------ C:\pos1CF0.tmp
2007-12-21 12:51 . 2007-12-21 12:51 14,033 --a------ C:\posB65.tmp
2007-12-21 12:31 . 2007-12-21 12:31 d-------- C:\WINDOWS\nview
2007-12-21 12:31 . 2007-10-04 17:14 356,352 --a------ C:\WINDOWS\system32\nvudisp.exe
2007-12-21 12:31 . 2007-12-21 12:51 140,158 --a------ C:\WINDOWS\system32\nvapps.xml
2007-12-21 12:31 . 2007-10-04 17:14 17,525 --a------ C:\WINDOWS\system32\nvdisp.nvu
2007-12-21 12:28 . 2007-12-21 12:29 14,033 --a------ C:\pos881.tmp
2007-12-21 11:17 . 2007-12-21 11:17 14,033 --a------ C:\pos1AEE.tmp
2007-12-20 18:58 . 2007-12-20 18:58 14,033 --a------ C:\pos7AB.tmp
2007-12-20 18:07 . 2007-12-20 18:07 14,033 --a------ C:\pos190F.tmp
2007-12-20 16:31 . 2007-12-20 16:31 14,033 --a------ C:\pos5D8.tmp
2007-12-20 16:09 . 2007-12-20 16:09 14,033 --a------ C:\pos3D0.tmp
2007-12-20 15:04 . 2007-12-20 15:04 14,033 --a------ C:\posD8.tmp
2007-12-20 14:38 . 2007-12-20 14:38 14,033 --a------ C:\pos1710.tmp
2007-12-20 13:10 . 2007-12-20 13:11 14,033 --a------ C:\pos153F.tmp
2007-12-19 18:12 . 2007-12-20 17:26 d-------- C:\NVIDIA
2007-12-18 15:08 . 2007-12-18 15:08 d-------- C:\WINDOWS\system32\xlive
2007-12-18 14:48 . 2007-12-18 14:48 d-------- C:\Program Files\OpenAL
2007-12-18 14:48 . 2007-12-18 14:48 413,696 --a------ C:\WINDOWS\system32\wrap_oal.dll
2007-12-18 14:48 . 2007-12-18 14:48 110,592 --a------ C:\WINDOWS\system32\OpenAL32.dll
2007-12-12 17:38 . 2007-12-12 17:38 641,021 --a------ C:\WINDOWS\unins001.exe
2007-12-12 17:38 . 2007-12-12 17:38 2,585 --a------ C:\WINDOWS\unins001.dat
2007-12-12 13:31 . 2007-07-19 18:14 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll
2007-12-12 13:31 . 2007-07-19 18:14 1,358,192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll
2007-12-12 13:31 . 2007-07-19 18:14 444,776 --a------ C:\WINDOWS\system32\d3dx10_35.dll
2007-12-12 13:31 . 2007-07-20 00:57 267,112 --a------ C:\WINDOWS\system32\xactengine2_9.dll
2007-12-11 16:48 . 2007-12-11 16:48 d--h----- C:\WINDOWS\system32\GroupPolicy
2007-12-09 17:05 . 2007-12-09 17:05 d-------- C:\Documents and Settings\Lukasz\Dane aplikacji\BitSpirit
2007-12-09 12:59 . 2007-12-09 13:00 468 --a------ C:\WINDOWS\system32\CoreAAC.ax
2007-12-08 16:25 . 2001-01-12 19:47 122,884 --a------ C:\WINDOWS\UnGins.exe
2007-12-08 16:13 . 2004-08-18 09:34 442,368 -ra------ C:\WINDOWS\system32\vp6vfw.dll
2007-12-08 15:29 . 2007-12-08 15:29 d-------- C:\Program Files\uTorrent
2007-12-08 15:29 . 2007-12-19 17:23 d-------- C:\Documents and Settings\Lukasz\Dane aplikacji\uTorrent
2007-12-08 13:59 . 2007-12-08 15:29 d-------- C:\Documents and Settings\Lukasz\Dane aplikacji\Azureus
2007-12-08 13:59 . 2007-12-08 13:59 d-------- C:\Documents and Settings\All Users\Dane aplikacji\Azureus
2007-12-07 15:38 . 2007-12-14 20:59 d-------- C:\Program Files\DivX
2007-12-06 16:47 . 2007-12-06 16:47 d-------- C:\Documents and Settings\Lukasz\Dane aplikacji\Corel
2007-12-06 16:47 . 2007-12-06 16:58 56 -r-hs---- C:\WINDOWS\system32\7EDA65C1DA.sys
2007-12-06 16:46 . 2007-12-06 16:46 d-------- C:\Documents and Settings\All Users\Dane aplikacji\InstallShield
2007-12-06 16:41 . 2007-12-06 16:58 3,350 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-12-01 15:11 . 2007-05-16 16:45 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll
2007-12-01 15:11 . 2007-05-16 16:45 1,124,720 --a------ C:\WINDOWS\system32\D3DCompiler_34.dll
2007-12-01 15:11 . 2007-05-16 16:45 443,752 --a------ C:\WINDOWS\system32\d3dx10_34.dll
2007-12-01 15:11 . 2007-06-20 20:46 266,088 --a------ C:\WINDOWS\system32\xactengine2_8.dll
2007-12-01 15:11 . 2007-07-20 00:54 18,280 --a------ C:\WINDOWS\system32\x3daudio1_2.dll
2007-12-01 14:58 . 2007-12-01 14:58 d-------- C:\Documents and Settings\Lukasz\Dane aplikacji\InstallShield
2007-11-28 13:13 . 2007-11-28 13:13 d--hs---- C:\found.000
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-20 13:46 17,144 ----a-w C:\Documents and Settings\Lukasz\Dane aplikacji\GDIPFONTCACHEV1.DAT
2007-12-18 17:17 --------- d-----w C:\Documents and Settings\Lukasz\Dane aplikacji\Skype
2007-12-17 09:57 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\ArcaBit
2007-12-09 11:57 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-09 10:07 359,040 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2007-12-08 11:52 --------- d-----w C:\Program Files\Neostrada TP
2007-12-06 15:45 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-12-04 12:18 --------- d-----w C:\Documents and Settings\Lukasz\Dane aplikacji\Hamachi
2007-11-10 19:40 --------- d-----w C:\Program Files\Gadwin Systems
2007-11-10 19:17 --------- d-----w C:\Documents and Settings\Lukasz\Dane aplikacji\FastStone
2007-11-04 13:15 --------- d-----w C:\Documents and Settings\Lukasz\Dane aplikacji\Image Zone Express
2007-11-04 12:11 --------- d-----w C:\Documents and Settings\Lukasz\Dane aplikacji\HP
2007-10-29 17:20 --------- d-----w C:\Program Files\Windows Media Components
2007-10-27 12:36 --------- d-----w C:\Program Files\A4Tech
2007-10-25 12:54 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-10-25 12:54 --------- d-----w C:\Program Files\AGEIA Technologies
2007-10-22 17:53 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-10-22 17:53 --------- d--h--r C:\Documents and Settings\Lukasz\Dane aplikacji\SecuROM
2007-10-20 00:56 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-10-20 00:56 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-10-12 22:19 13,653,824 ----a-w C:\WINDOWS\system32\xlivefnt.dll
2007-10-12 22:19 10,155,840 ----a-w C:\WINDOWS\system32\xlive.dll
2007-10-04 16:14 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll
2007-10-04 16:14 81,920 ----a-w C:\WINDOWS\system32\nvmctray.dll
2007-10-04 16:14 8,491,008 ----a-w C:\WINDOWS\system32\nvcpl.dll
2007-10-04 16:14 753,664 ----a-w C:\WINDOWS\system32\nvcplui.exe
2007-10-04 16:14 6,750,208 ----a-w C:\WINDOWS\system32\nvoglnt.dll
2007-10-04 16:14 6,344,704 ----a-w C:\WINDOWS\system32\nvdisps.dll
2007-10-04 16:14 5,783,424 ----a-w C:\WINDOWS\system32\nv4_disp.dll
2007-10-04 16:14 5,509,120 ----a-w C:\WINDOWS\system32\nvdispsr.dll
2007-10-04 16:14 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll
2007-10-04 16:14 458,752 ----a-w C:\WINDOWS\system32\nvmccssr.dll
2007-10-04 16:14 45,056 ----a-w C:\WINDOWS\system32\nvmccsrs.dll
2007-10-04 16:14 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe
2007-10-04 16:14 425,984 ----a-w C:\WINDOWS\system32\keystone.exe
2007-10-04 16:14 364,544 ----a-w C:\WINDOWS\system32\nvapi.dll
2007-10-04 16:14 36,864 ----a-w C:\WINDOWS\system32\nvcodins.dll
2007-10-04 16:14 36,864 ----a-w C:\WINDOWS\system32\nvcod.dll
2007-10-04 16:14 335,872 ----a-w C:\WINDOWS\system32\nvwrses.dll
2007-10-04 16:14 335,872 ----a-w C:\WINDOWS\system32\nvwrsel.dll
2007-10-04 16:14 327,680 ----a-w C:\WINDOWS\system32\nvwrsfr.dll
2007-10-04 16:14 327,680 ----a-w C:\WINDOWS\system32\nvwrsesm.dll
2007-10-04 16:14 327,680 ----a-w C:\WINDOWS\system32\nvrshe.dll
2007-10-04 16:14 327,680 ----a-w C:\WINDOWS\system32\nvrsar.dll
2007-10-04 16:14 323,584 ----a-w C:\WINDOWS\system32\nvwrspt.dll
2007-10-04 16:14 323,584 ----a-w C:\WINDOWS\system32\nvwrsit.dll
2007-10-04 16:14 319,488 ----a-w C:\WINDOWS\system32\nvwrsptb.dll
2007-10-04 16:14 319,488 ----a-w C:\WINDOWS\system32\nvwrsnl.dll
2007-10-04 16:14 315,392 ----a-w C:\WINDOWS\system32\nvwrsru.dll
2007-10-04 16:14 315,392 ----a-w C:\WINDOWS\system32\nvwrshu.dll
2007-10-04 16:14 311,296 ----a-w C:\WINDOWS\system32\nvwrsde.dll
2007-10-04 16:14 307,200 ----a-w C:\WINDOWS\system32\nvexpbar.dll
2007-10-04 16:14 303,104 ----a-w C:\WINDOWS\system32\nvwrstr.dll
2007-10-04 16:14 303,104 ----a-w C:\WINDOWS\system32\nvwrssl.dll
2007-10-04 16:14 303,104 ----a-w C:\WINDOWS\system32\nvwrsfi.dll
2007-10-04 16:14 3,629,056 ----a-w C:\WINDOWS\system32\nvvitvsr.dll
2007-10-04 16:14 3,551,232 ----a-w C:\WINDOWS\system32\nvvitvs.dll
2007-10-04 16:14 3,334,144 ----a-w C:\WINDOWS\system32\nvgames.dll
2007-10-04 16:14 3,166,208 ----a-w C:\WINDOWS\system32\nvgamesr.dll
2007-10-04 16:14 299,008 ----a-w C:\WINDOWS\system32\nvwrssk.dll
2007-10-04 16:14 299,008 ----a-w C:\WINDOWS\system32\nvwrsno.dll
2007-10-04 16:14 294,912 ----a-w C:\WINDOWS\system32\nvwrssv.dll
2007-10-04 16:14 294,912 ----a-w C:\WINDOWS\system32\nvwrspl.dll
2007-10-04 16:14 294,912 ----a-w C:\WINDOWS\system32\nvwrsda.dll
2007-10-04 16:14 290,816 ----a-w C:\WINDOWS\system32\nvwrsth.dll
2007-10-04 16:14 286,720 ----a-w C:\WINDOWS\system32\nvwrseng.dll
2007-10-04 16:14 286,720 ----a-w C:\WINDOWS\system32\nvwrscs.dll
2007-10-04 16:14 286,720 ----a-w C:\WINDOWS\system32\nvnt4cpl.dll
2007-10-04 16:14 282,624 ----a-w C:\WINDOWS\system32\nvwrsar.dll
2007-10-04 16:14 282,624 ----a-w C:\WINDOWS\system32\nvrsfr.dll
2007-10-04 16:14 282,624 ----a-w C:\WINDOWS\system32\nvrses.dll
2007-10-04 16:14 282,624 ----a-w C:\WINDOWS\system32\nvrsel.dll
2007-10-04 16:14 278,528 ----a-w C:\WINDOWS\system32\nvwrshe.dll
2007-10-04 16:14 278,528 ----a-w C:\WINDOWS\system32\nvrsit.dll
2007-10-04 16:14 278,528 ----a-w C:\WINDOWS\system32\nvrsde.dll
2007-10-04 16:14 274,432 ----a-w C:\WINDOWS\system32\nvrspt.dll
2007-10-04 16:14 274,432 ----a-w C:\WINDOWS\system32\nvrsnl.dll
2007-10-04 16:14 274,432 ----a-w C:\WINDOWS\system32\nvrsesm.dll
2007-10-04 16:14 270,336 ----a-w C:\WINDOWS\system32\nvrsru.dll
2007-10-04 16:14 266,240 ----a-w C:\WINDOWS\system32\nvrsptb.dll
2007-10-04 16:14 266,240 ----a-w C:\WINDOWS\system32\nvrsja.dll
2007-10-04 16:14 258,048 ----a-w C:\WINDOWS\system32\nvrstr.dll
2007-10-04 16:14 258,048 ----a-w C:\WINDOWS\system32\nvrssl.dll
2007-10-04 16:14 258,048 ----a-w C:\WINDOWS\system32\nvrssk.dll
2007-10-04 16:14 258,048 ----a-w C:\WINDOWS\system32\nvrsko.dll
2007-10-04 16:14 258,048 ----a-w C:\WINDOWS\system32\nvrshu.dll
2007-10-04 16:14 253,952 ----a-w C:\WINDOWS\system32\nvrsth.dll
2007-10-04 16:14 253,952 ----a-w C:\WINDOWS\system32\nvrssv.dll
2007-10-04 16:14 253,952 ----a-w C:\WINDOWS\system32\nvrspl.dll
2007-10-04 16:14 253,952 ----a-w C:\WINDOWS\system32\nvrsno.dll
2007-10-04 16:14 253,952 ----a-w C:\WINDOWS\system32\nvrsda.dll
2007-10-04 16:14 249,856 ----a-w C:\WINDOWS\system32\nvrsfi.dll
2007-10-04 16:14 249,856 ----a-w C:\WINDOWS\system32\nvrscs.dll
2007-10-04 16:14 245,760 ----a-w C:\WINDOWS\system32\nvrseng.dll
2007-10-04 16:14 229,376 ----a-w C:\WINDOWS\system32\nvmccs.dll
2007-10-04 16:14 225,280 ----a-w C:\WINDOWS\system32\nvrszhc.dll
2007-10-04 16:14 212,992 ----a-w C:\WINDOWS\system32\nvwrsja.dll
2007-10-04 16:14 2,854,912 ----a-w C:\WINDOWS\system32\nvmoblsr.dll
2007-10-04 16:14 2,441,216 ----a-w C:\WINDOWS\system32\nvwssr.dll
2007-10-04 16:14 2,371,584 ----a-w C:\WINDOWS\system32\nvwss.dll
.
((((((((((((((((((((((((((((( snapshot@2007-12-21_15.58.05.43 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-12-21 14:43:21 40,128 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2007-12-22 11:35:20 40,128 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2007-12-21 14:43:21 49,712 ----a-w C:\WINDOWS\system32\perfc015.dat
+ 2007-12-22 11:35:20 49,712 ----a-w C:\WINDOWS\system32\perfc015.dat
- 2007-12-21 14:43:21 311,740 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2007-12-22 11:35:20 311,740 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2007-12-21 14:43:21 355,830 ----a-w C:\WINDOWS\system32\perfh015.dat
+ 2007-12-22 11:35:20 355,830 ----a-w C:\WINDOWS\system32\perfh015.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadwin PrintScreen"="C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2007-08-20 09:42]
"AutoConnect"="D:\AutoConnect\AutoConnect.exe" [2004-08-28 19:27]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iKeyWorks"="C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe" [2005-04-14 04:35]
"AvMenu"="D:\ArcaBit 2007\ArcaVir\AVMenu.exe" [2007-12-05 10:24]
"ABREGMON"="D:\ArcaBit 2007\ArcaVir\ABregmon.exe" [2007-07-12 09:40]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-03 23:44 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2007-10-04 17:14 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-03 23:44 C:\WINDOWS\system32\rundll32.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:44]
C:\Documents and Settings\All Users\Menu Start\Programy\AutostartBTTray.lnk - D:\BLUETOOTH PC\BTTray.exe [2005-10-09 00:16:54]
DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2007-10-09 19:20:38]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\TS_LogonListener]
TS_LogonListener.dll 2007-01-12 15:41 101376 C:\WINDOWS\system32\TS_LogonListener.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ABRegmon]
2007-07-12 09:40 303104 --a------ D:\ArcaBit 2007\ArcaVir\ABregmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
ALCMTR.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcaCheck]
D:\ArcaBit 2007\ArcaVir\ArcaCheck.exe /startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
D:\demon\daemon.exe -lang 1033
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DataLayer]
2005-09-06 13:45 820736 --a------ C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\himem]
c:\windows\himem.exe 3fff 8ffff
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2005-05-11 22:12 49152 --a------ D:\HP 1410\HP Software Update\HPWuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe -start
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
2001-07-09 10:50 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
D:\Nokia PC Suite\Nokia PC Suite 6\LaunchApplication.exe -onlytray
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
RTHDCPL.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
SkyTel.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WooCnxMon]
2003-10-16 18:07 24576 --a------ C:\PROGRA~1\NEOSTR~1\CnxMon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOTASKBARICON]
2003-10-16 18:07 53248 --------- C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOWATCH]
2003-10-16 18:07 20480 --------- C:\PROGRA~1\NEOSTR~1\Watch.exe
R0 m5288;m5288;C:\WINDOWS\system32\DRIVERS\m5288.sys [2005-12-23 21:54]
R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);C:\WINDOWS\system32\drivers\sfsync03.sys [2005-10-13 14:46]
R1 ABTDI;ABTDI;D:\ArcaBit 2007\ArcaVir\ABTDI.sys [2007-05-08 13:45]
R2 ABFileMon;ArcaBit FileMonitor;"D:\ArcaBit 2007\ArcaVir\FileMonSV.exe" [2007-10-09 11:10]
R2 ArcaBit.TaskScheduler;ArcaBit.TaskScheduler;"D:\ArcaBit 2007\Common\TaskScheduler.exe" [2007-01-12 15:42]
R2 AVUpdate;ArcaBit Update Service;D:\ArcaBit 2007\ArcaUpdate\update.exe [2007-02-26 15:04]
R3 ABFLT;ArcaBit File Monitor Driver;D:\ARCABI~1\ArcaVir\ABFLT.sys [2007-09-12 13:37]
R3 ArcaBit.Core.Configurator;ArcaBit.Core.Configurator;"D:\ArcaBit 2007\Common\ArcaBit.Core.Configurator2.exe" [2007-01-11 15:01]
R3 ULI5261XP;ULi M526X Ethernet NT Driver;C:\WINDOWS\system32\DRIVERS\ULILAN51.SYS [2005-03-22 13:36]
S3 Amps2prt;A4Tech PS/2 Port Mouse Driver;C:\WINDOWS\system32\DRIVERS\Amps2prt.sys [2004-03-31 18:03]
S3 ArcaBit.Core.LoggingService;ArcaBit.Core.LoggingService;"D:\ArcaBit 2007\Common\ArcaBit.Core.LoggingService.exe" [2007-01-11 15:03]
S3 usbscan;Sterownik skanera USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 21:58]
S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 22:08]
.
**************************************************************************
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-22 12:41:32
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
[/quote]
Update BIOS-u ( o ile możliwy ) - ACPI, rzut okiem w FAQ w dziale XP przyklejony - pamiec nie może być read/written - pozwoli Ci wybrać drogę do uściślenia przyczyny pojawiania isę komunikatu ( czasem jest to czysta losówka - nieależna od niczego poza kaprysem systemu i wtedy trzba go polubić ), chyba jakieś sfc /scannow też by isę z cmd przydało, a na pewno by nie zaszkodziło ( oczywiście po czyszczeniu, o ktorym morda napisął ).
Ja, dla odmiany, zajmę się tylko logami, bo masz dwie infekcje: VUNDO oraz infekcję na pendrive.
Wklej do [b]Notatnika[/b]:
[CODE]
File::
C:\posE01.tmp
C:\posDAA.tmp
C:\pos1CF3.tmp
C:\posBB8.tmp
C:\pos88D.tmp
C:\pos1AF4.tmp
C:\pos7B3.tmp
C:\pos5D9.tmp
C:\pos3E3.tmp
C:\posF8.tmp
C:\pos171E.tmp
C:\WINDOWS\system32\yqrviazq.dll
C:\WINDOWS\system32\cwagdypo.dll
C:\WINDOWS\system32\yqrviazq.dllbox
Folder::
C:\WINDOWS\system32\windows
Driver::
MSControlService
ps_drv
Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8990f4f8-95f2-11dc-8c08-0016179032ea}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c7c20e78-3100-4ba2-a10d-33b3a01d2b3c}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\yqrviazq]
[/code]
[b]>>Plik>>Zapisz jako... >>> [color=red]CFScript[/color][/b] (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka [b]CFScript.txt[/b] znalazła się obok ikonki [b]ComboFix.exe[/b])
Przeciągnij i upuść plik [color=red][b]CFScript.txt[/b][/color] na plik [b]ComboFix.exe[/b] (czyli ikonkę [b]CFScript.txt[/b] na ikonkę [b]ComboFix.exe[/b])
– podobnie jak na tym obrazku [b][color=blue]-->[/color][/b][img]http://img.wklej.org/images/88953CFScript-createdbyMiekiemoes.gif[/img]
Ma się rozpocząć usuwanie. (i powstanie log).
[b]Po restarcie[/b] usuń ręcznie folder [b]C: \[color=red]Qoobox[/color][/b].
Daj ten log, który powstanie w trakcie usuwania.
Infekcje raczej nie mają nic wspólnego z pokazanymi błędami, ale chyba warto się pozbyć tych infekcji.
Przynajmniej nie będą zaciemniały sprawy dla kogoś, kto zechce Ci pomagać wprzy tych błędach.
.
Kilka screenów:
[URL=http://www.fotosik.pl/showFullSize.php?id=0a640d081623264b][IMG]http://images32.fotosik.pl/84/0a640d081623264bm.jpg[/IMG][/URL]
[URL=http://www.fotosik.pl/showFullSize.php?id=63ffad3d88d3dad9][IMG]http://images25.fotosik.pl/128/63ffad3d88d3dad9m.jpg[/IMG][/URL]
[URL=http://www.fotosik.pl/showFullSize.php?id=24f38c4cf756c0cc][IMG]http://images31.fotosik.pl/84/24f38c4cf756c0ccm.jpg[/IMG][/URL]
podgląd zdarzeń:
[URL=http://www.fotosik.pl/showFullSize.php?id=a258d92f16c7f18b][IMG]http://images33.fotosik.pl/84/a258d92f16c7f18bm.jpg[/IMG][/URL]
Kilka screenów:
[URL=http://www.fotosik.pl/showFullSize.php?id=0a640d081623264b][IMG]http://images32.fotosik.pl/84/0a640d081623264bm.jpg[/IMG][/URL]
[URL=http://www.fotosik.pl/showFullSize.php?id=63ffad3d88d3dad9][IMG]http://images25.fotosik.pl/128/63ffad3d88d3dad9m.jpg[/IMG][/URL]
[URL=http://www.fotosik.pl/showFullSize.php?id=24f38c4cf756c0cc][IMG]http://images31.fotosik.pl/84/24f38c4cf756c0ccm.jpg[/IMG][/URL]
podgląd zdarzeń:
[URL=http://www.fotosik.pl/showFullSize.php?id=a258d92f16c7f18b][IMG]http://images33.fotosik.pl/84/a258d92f16c7f18bm.jpg[/IMG][/URL]
A treść tych błedów to gdzie ?
PS.
Na logi - przynajmniej inne niz systemowe - nie mam zwyczaju spoglądać.
Strona 1 / 1