Problem sie zaczoł gdy po odpaleniu kompa pojawilsię komunikat że nie można odnależć modułu (nie jestem pewien pisowni)rotate.dll. Potem bardzo zamulił wiec go potraktowałem Combofixem.Odmulił ale zgubił sterowniki do wszystkich napędów[kod(39)].za cholerkę nie mogę ich zainstalować. Mam je na płycie ale co z tego… :? oto log: ComboFix 07-10-2.2 - Administrator 2007-10-15 15:17:13.4 - NTFSx86 MINIMAL Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.820 [GMT 2:00] Running from: D:\base\ComboFix.exe . ((((((((((((((((((((((((( Files Created from 2007-09-02 to 2007-10-2. ))))))))))))))))))))))))))))))) . 2007-10-14 08:11 2007-10-14 08:11 2007-10-13 12:25 2007-10-12 12:24 185,824 --a------ C:\WINDOWS\system32\afe6.sys 2007-10-12 12:19 185,824 --a------ C:\WINDOWS\system32\dcb1F.sys 2007-10-11 13:05 2007-10-11 11:01 2007-10-10 15:53 582,656 -----c— C:\WINDOWS\system32\dllcache\rpcrt4.dll 2007-10-10 15:52 2007-10-09 18:20 2007-10-09 17:57 2007-10-09 17:38 2007-10-09 17:36 2007-10-09 16:23 2007-10-09 00:02 2007-10-04 10:53 2007-10-04 08:42 2007-10-03 15:31 2007-10-03 11:53 82,061 --a------ C:\WINDOWS\system32\drivers\klick.dat 2007-10-03 11:53 81,549 --a------ C:\WINDOWS\system32\drivers\klin.dat 2007-10-03 11:53 6,257,696 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat 2007-10-03 11:53 147,744 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat 2007-10-03 11:53 2007-10-03 11:53 2007-10-03 11:51 2007-10-03 08:13 2007-10-03 00:11 2007-10-02 21:29 2007-10-02 15:28 2007-10-02 15:28 2007-10-02 15:28 2007-10-02 15:28 2007-10-02 15:28 2007-10-02 15:28 2007-10-02 15:28 2007-10-01 20:18 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-10-01 19:36 2007-10-01 19:13 2007-10-01 19:12 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys 2007-10-01 18:50 2007-10-01 17:29 2007-10-01 17:04 2007-10-01 17:04 2007-10-01 17:03 2007-10-01 15:58 2007-09-30 10:43 2007-09-27 21:12 17 --a------ C:\WINDOWS\popcinfo.dat 2007-09-22 07:05 122,880 --a------ C:\WINDOWS\system32\UAService7.exe 2007-09-20 23:21 2007-09-20 20:13 2007-09-20 18:11 2007-09-20 18:11 2007-09-19 02:44 2007-09-19 02:37 2007-09-19 02:36 2007-09-18 09:46 2007-09-18 09:32 2007-09-16 21:28 2007-09-10 23:39 2007-09-06 13:20 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-10-15 15:11 88016 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx 2007-10-15 15:11 16940 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx 2007-10-02 21:29 --------- d–h----- C:\Program Files\InstallShield Installation Information 2007-10-02 16:09 504832 --a------ C:\WINDOWS\system32\winlogon.exe 2007-10-02 16:06 --------- d-------- C:\Program Files\lg_fwupdate 2007-10-01 19:05 33280 --a------ C:\WINDOWS\system32\rundll32.exe 2007-10-01 18:02 --------- d-------- C:\Program Files\Odkurzacz 2007-09-27 21:23 79832 --a------ C:\WINDOWS\system32\adssite-remove.exe 2007-09-27 21:23 --------- d-------- C:\Program Files\Share_Accelerator_MM 2007-09-20 18:39 --------- d-------- C:\Program Files\Common Files\Real 2007-09-20 18:11 --------- d-------- C:\Program Files\Zapu 2007-08-21 08:18 683520 --a------ C:\WINDOWS\system32\inetcomm.dll 2007-08-20 08:40 52736 --a------ C:\WINDOWS\ipuninst.exe 2007-08-16 15:48 --------- d-------- C:\Program Files\PowerISO 2007-08-13 14:36 --------- d-------- C:\Program Files\AliveMedia 2007-08-13 11:35 --------- d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-08-11 14:36 --------- d-------- C:\Program Files\New Star Soccer 3 2007-08-11 13:58 --------- d-------- C:\Program Files\Vista Sidebar 2007-08-11 13:49 --------- d-------- C:\Program Files\Styler 2007-08-11 13:46 --------- d-------- C:\Program Files\VisualTooltip 2007-08-11 13:45 --------- d-------- C:\Program Files\LClock 2007-08-11 13:33 --------- d-------- C:\Documents and Settings\All Users\Dane aplikacji\TuneUp Software 2007-08-07 14:17 --------- d-------- C:\Program Files\Bethesda Softworks 2007-08-07 13:14 24576 --a------ C:\WINDOWS\MadUnInst.exe 2007-08-07 02:15 33052 --a------ C:\WINDOWS\system32\drivers\scdemu.sys 2007-08-06 15:20 73648 --a------ C:\WINDOWS\system32\RLDragDrop.dll 2007-08-06 15:20 679936 --a------ C:\WINDOWS\system32\libeay32.dll 2007-08-06 15:20 427978 --a------ C:\WINDOWS\system32\Ole2Plgin.dll 2007-08-06 15:20 225200 --a------ C:\WINDOWS\system32\AM.dll 2007-08-06 15:20 2233728 --a------ C:\WINDOWS\system32\drivers\redlight.sys 2007-08-06 15:20 147456 --a------ C:\WINDOWS\system32\ssleay32.dll 2007-08-06 15:20 128000 --a------ C:\WINDOWS\system32\madCHook.dll 2007-08-06 15:20 1222576 --a------ C:\WINDOWS\system32\RlShellExt.dll 2007-08-03 19:38 --------- d-------- C:\Program Files\Common Files\EZB Systems 2007-07-31 19:19 50688 --a------ C:\WINDOWS\system32\wbhelp2.dll 2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll 2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll 2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe 2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll 2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll 2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll 2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll 2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll 2007-07-09 15:20 582656 --a------ C:\WINDOWS\system32\rpcrt4.dll 2007-05-22 20:03 774144 --a------ C:\Program Files\RngInterstitial.dll 2004-10-01 15:00 40960 --a------ C:\Program Files\Uninstall_CDS.exe . – Snapshot reset to current date – . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “RTHDCPL”=“RTHDCPL.EXE” [2006-07-21 10:56 C:\WINDOWS\RTHDCPL.exe] “NvCplDaemon”=“C:\WINDOWS\system32\NvCpl.dll” [2006-10-22 12:22] “602PC SUITE PDF Saver”=“C:\Program Files\Common Files\soft602\pdfSaver.exe” [2005-11-14 08:21] “SmartDefrag”=“C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe” [2007-07-27 21:39] “NvMediaCenter”=“NvMCTray.dll” [2006-10-22 12:22 C:\WINDOWS\system32\nvmctray.dll] “LClock”=“C:\Program Files\LClock\LClock.exe” [2004-09-20 01:27] “Vista Sidebar”=“C:\Program Files\Vista Sidebar\sidebar.exe” [2006-12-25 08:14] “VisualTooltip”=“C:\Program Files\VisualTooltip\VisualToolTip.exe” [2006-10-06 09:21] “AVP”=“C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe” [2007-06-28 12:51] “TkBellExe”=“C:\Program Files\Common Files\Real\Update_OB\realsched.exe” [2007-05-20 15:40] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2006-03-02 14:00] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 07:05:26] NETGEAR WPN111 Smart Wizard.lnk - C:\Program Files\NETGEAR\WPN111\wpn111.exe [2007-05-12 11:27:52] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 07:05:26] NETGEAR WPN111 Smart Wizard.lnk - C:\Program Files\NETGEAR\WPN111\wpn111.exe [2007-05-12 11:27:52] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] “NoResolveSearch”=1 (0x1) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer] @=“Service” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] “LGODDFU”=“C:\Program Files\lg_fwupdate\fwupdate.exe” “Name of App”=C:\Program Files\SAMSUNG\FW LiveUpdate\FWManager.exe r “SkyTel”=SkyTel.EXE “Styler”=C:\Program Files\Styler\Styler.exe “Ulead AutoDetector v2”=C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe R0 ndisrd;ndisrd;C:\WINDOWS\system32\drivers\ndisrd.sys R0 REDLIGHT;REDLIGHT;C:\WINDOWS\system32\drivers\REDLIGHT.SYS R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);C:\WINDOWS\system32\drivers\sfsync03.sys S1 ISODrive;ISO DVD/CD-ROM Device Driver;??\D:\UltraISO\drivers\ISODrive.sys S2 BufferZoneSvc;BufferZone Service;C:\Program Files\BufferZone\CLNTSVC.EXE S2 BZDcomLaunch;BufferZone DCOM Helper;C:\Program Files\BufferZone\BZDCOMLAUNCH.EXE S2 BZRpcSs;BufferZone RPC Helper;C:\Program Files\BufferZone\BZRPCSS.EXE S3 afe6;afe6;??\C:\WINDOWS\system32\afe6.sys S3 dcb1F;dcb1F;??\C:\WINDOWS\system32\dcb1F.sys S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;??\C:\WINDOWS\system32\DNINDIS5.SYS S3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys S3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;C:\WINDOWS\system32\DRIVERS\WPN111.sys *Newly Created Service* - NWLNKFLT . Contents of the ‘Scheduled Tasks’ folder “2007-10-12 15:15:00 C:\WINDOWS\Tasks\1-Click Maintenance.job” - C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe “2007-10-12 01:30:00 C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job” - C:\Program Files\RegistrySmart\RegistrySmart.exe “2007-10-15 12:58:52 C:\WINDOWS\Tasks\SmartDefrag.job” - C:\Program Files\IObit\IObit SmartDefrag\schedule.exe . ************************************************************************** catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-10-02 15:18:36 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-10-02 15:19:04 C:\ComboFix-quarantined-files.txt … 2007-10-02 14:02 C:\ComboFix2.txt … 2007-10-02 15:31 C:\ComboFix3.txt … 2007-10-02 14:02 . — E O F — oto co mi wrzucil do kwarantanny; 2005-01-20 18:26 29 --a------ C:\Qoobox\Quarantine\D\Autorun.inf.vir 2007-05-30 20:16 89 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\A\Dane aplikacji\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys#www.broadcaster.com\settings.sol.vir 2007-07-14 19:44 8704 --a–c— C:\Qoobox\Quarantine\C\WINDOWS\system32\onljweo.dll.vir 2007-07-16 13:53 1150976 --a------ C:\Qoobox\Quarantine\C\Program Files\ShoppingReport\Bin\2.0.24\ShoppingReport.dll.vir 2007-08-19 05:15 17 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\msnav32.ax.vir 2007-08-22 14:21 806 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\A\Menu Start\Programy\Autostart\TA_Start.lnk.vir 2007-09-25 16:59 62464 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\nsz4F.dll.vir 2007-09-30 12:03 182595 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\A\Dane aplikacji\ShoppingReport\cs\dwld\WhiteList.xip.vir 2007-09-30 12:06 3840 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\A\Dane aplikacji\ShoppingReport\cs\Config.xml.vir 2007-10-01 17:03 87059 --a------ C:\Qoobox\Quarantine\C\Program Files\ShoppingReport\Uninst.exe.vir 2007-10-01 17:04 50 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\A\Dane aplikacji\ShoppingReport\cs\report\aggr_storage.xml.vir 2007-10-01 17:27 477320 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\A\Dane aplikacji\ShoppingReport\cs\res1\WhiteList.dbs.vir 2007-10-01 18:31 108 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\A\Dane aplikacji\ShoppingReport\cs\report\send_storage.xml.vir 2007-10-01 19:07 1140 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\A\Dane aplikacji\ShoppingReport\cs\db\Aliases.dbs.vir 2007-10-01 19:07 3580 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\A\Dane aplikacji\ShoppingReport\cs\db\Sites.dbs.vir 2007-10-02 20:21 1060 --a------ C:\Qoobox\Quarantine\Registry_backups\LEGACY_NWSAPAGENT.reg.dat 2007-10-02 20:21 352 --a------ C:\Qoobox\Quarantine\Registry_backups\services_nm.reg.dat 2007-10-02 20:21 3646 --a------ C:\Qoobox\Quarantine\Registry_backups\services_NwSapAgent.reg.dat 2007-10-02 20:21 774 --a------ C:\Qoobox\Quarantine\Registry_backups\LEGACY_FOPF.reg.dat Zmienna PATH folderu Numer seryjny woluminu: FC69-CCFB C:\QOOBOX\QUARANTINE ±–C | ±–Documents and Settings | | —A | | ±–Dane aplikacji | | | ±–Macromedia | | | | —Flash Player | | | | —macromedia.com | | | | —support | | | | —flashplayer | | | | —sys | | | | —#www.broadcaster.com | | | | settings.sol.vir | | | | | | | —ShoppingReport | | | —cs | | | | Config.xml.vir | | | | | | | ±–db | | | | Aliases.dbs.vir | | | | Sites.dbs.vir | | | | | | | ±–dwld | | | | WhiteList.xip.vir | | | | | | | ±–report | | | | aggr_storage.xml.vir | | | | send_storage.xml.vir | | | | | | | —res1 | | | WhiteList.dbs.vir | | | | | —Menu Start | | —Programy | | —Autostart | | TA_Start.lnk.vir | | | ±–Program Files | | —ShoppingReport | | | Uninst.exe.vir | | | | | —Bin | | —2.0.24 | | ShoppingReport.dll.vir | | | —WINDOWS | —system32 | msnav32.ax.vir | nsz4F.dll.vir | onljweo.dll.vir | ±–D | Autorun.inf.vir | —Registry_backups LEGACY_FOPF.reg.dat LEGACY_NWSAPAGENT.reg.dat services_nm.reg.dat services_NwSapAgent.reg.dat a to log z hjt: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:02:53, on 2007-10-22 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\BufferZone\CLNTSVC.EXE C:\Program Files\BufferZone\BZDCOMLAUNCH.EXE C:\Program Files\BufferZone\BZRPCSS.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Common Files\soft602\pdfSaver.exe C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe C:\WINDOWS\system32\RunDLL32.exe C:\Program Files\LClock\LClock.exe C:\Program Files\Eset\nod32kui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\PDF\pdfSaver\pdfSaver3.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\NETGEAR\WPN111\wpn111.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PSIService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\UAService7.exe C:\Program Files\Windows Media Player\WMPNetwk.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/webhp?sourceid=navclient&ie=UTF-8 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll O2 - BHO: ads_optimizer - {26E45419-7205-4fac-BBFE-174BC7337A79} - C:\WINDOWS\system32\nsgF.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\BitComet\tools\BitCometBHO.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll O3 - Toolbar: (no name) - {4596013b-6c31-408b-a266-deae5c086dc2} - (no file) O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll O4 - HKLM…\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [602PC SUITE PDF Saver] “C:\Program Files\Common Files\soft602\pdfSaver.exe” O4 - HKLM…\Run: [smartDefrag] “C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe” /startup O4 - HKLM…\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM…\Run: [LClock] C:\Program Files\LClock\LClock.exe O4 - HKLM…\Run: [nod32kui] “C:\Program Files\Eset\nod32kui.exe” /WAITSERVICE O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU…\Run: [pdfSaver3] “C:\Program Files\PDF\pdfSaver\pdfSaver3.exe” O4 - HKCU…\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU…\Run: [Orb] “C:\Program Files\Winamp Remote\bin\OrbTray.exe” /background O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA LOKALNA’) O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA SIECIOWA’) O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’) O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’) O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: NETGEAR WPN111 Smart Wizard.lnk = ? O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm O8 - Extra context menu item: Download all links using BitComet - res://D:\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Download all videos using BitComet - res://D:\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: Download link using &BitComet - res://D:\BitComet\BitComet.exe/AddLink.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virus … nicode.cab O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol … _en_dl.cab O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe O23 - Service: BufferZone Service (BufferZoneSvc) - Unknown owner - C:\Program Files\BufferZone\CLNTSVC.EXE O23 - Service: BufferZone DCOM Helper (BZDcomLaunch) - Unknown owner - C:\Program Files\BufferZone\BZDCOMLAUNCH.EXE O23 - Service: BufferZone RPC Helper (BZRpcSs) - Unknown owner - C:\Program Files\BufferZone\BZRPCSS.EXE O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: GVAFVFC - Google - (no file) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe O23 - Service: SQLAgent$SONY_MEDIAMGR - Unknown owner - (no file) O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe – End of file - 8558 bytes jak możecie to pomóżcie ,plissss