Wylaczanie sie nowego kompa !?!

marslim · 16 Listopad 2007 15:43

Prosze o sprawdzenie moich Logow.

Mam nowego kompa od niecalych 2 miesiecy, sporo juz na nim dzialalem i nie bylo problemow, nagle od paru dni zaczal sie sam wylaczac (nie restartowac) bez zadnego komunikatu ani niczego wco moglo by dac jakas wskazowke co do wystepujacego problemu.

Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:19:53, on 2007-11-16 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE W:\bluetooth transfer\WindComm\bin\btwdins.exe D:\CFOSSPEED\spd.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\NetTime\NeTmSvNT.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Agnitum\Outpost Firewall\outpost.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\PnkBstrB.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe C:\WINDOWS\system32\taskswitch.exe C:\Program Files\Eset\nod32kui.exe C:\Program Files\Unlocker\UnlockerAssistant.exe C:\Program Files\NetTime\NetTime.exe C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe D:\CFOSSPEED\cFosSpeed.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\TGTSoft\StyleXP\StyleXP.exe W:\Daemon\DAEMON Tools\daemon.exe W:\program tv\TV Watcher\TV Watcher.exe C:\Program Files\uTorrent\uTorrent.exe W:\Uniblue\Registry booster\RegistryBooster2\RegistryBooster.exe D:\SpyEraser\SpyEraser.exe W:\bluetooth transfer\WindComm\BTTray.exe W:\BLUETO~1\WindComm\BTSTAC~1.EXE C:\Program Files\Common Files\Teleca Shared\Generic.exe D:\mxton\Maxthon2\Maxthon.exe C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe W:\totalcmd\TOTALCMD.EXE W:\PROGRAMY\skan i log startujacych programow\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM…\Run: [VGAUtil] C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe O4 - HKLM…\Run: [RemoteControl] “C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe” O4 - HKLM…\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe O4 - HKLM…\Run: [nod32kui] “C:\Program Files\Eset\nod32kui.exe” /WAITSERVICE O4 - HKLM…\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe O4 - HKLM…\Run: [iSUSScheduler] “C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe” -start O4 - HKLM…\Run: [unlockerAssistant] “C:\Program Files\Unlocker\UnlockerAssistant.exe” -H O4 - HKLM…\Run: [Outpost Firewall] C:\Program Files\Agnitum\Outpost Firewall\outpost.exe /waitservice O4 - HKLM…\Run: [OutpostFeedBack] C:\Program Files\Agnitum\Outpost Firewall\feedback.exe /dump:os_startup O4 - HKLM…\Run: [NetTime] C:\Program Files\NetTime\NetTime.exe O4 - HKLM…\Run: [iSUSPM] “C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe” -scheduler O4 - HKLM…\Run: [cFosSpeed] D:\CFOSSPEED\cFosSpeed.exe O4 - HKLM…\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,BluetoothAuthenticationAgent O4 - HKLM…\Run: [sony Ericsson PC Suite] “C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe” /startoptions O4 - HKLM…\Run: [QuickTime Task] “Y:\qUICK TIME PLAYER\QTTask.exe” -atboottime O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [nwiz] nwiz.exe /install O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM…\Run: [Anti Trojan Elite] Y:\free trojan scan\Anti Trojan Elite\TJEnder.exe :NO O4 - HKLM…\RunOnce: [NCInstallQueue] rundll32 netman.dll,ProcessQueue O4 - HKCU…\Run: [sTYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide O4 - HKCU…\Run: [DAEMON Tools] “W:\Daemon\DAEMON Tools\daemon.exe” -lang 1033 O4 - HKCU…\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe O4 - HKCU…\Run: [TV Watcher] “W:\program tv\TV Watcher\TV Watcher.exe” /a O4 - HKCU…\Run: [uTorrent] “C:\Program Files\uTorrent\uTorrent.exe” O4 - HKCU…\Run: [uniblue Registry Booster2] W:\Uniblue\Registry booster\RegistryBooster2\RegistryBooster.exe /S O4 - HKCU…\Run: [uniblue SpyEraser] “D:\SpyEraser\SpyEraser.exe” -m O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA LOKALNA’) O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA SIECIOWA’) O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’) O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’) O4 - Global Startup: BTTray.lnk = ? O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - W:\bluetooth transfer\WindComm\btsendto_ie.htm O9 - Extra ‘Tools’ menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - W:\bluetooth transfer\WindComm\btsendto_ie.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow … eqlab2.cab O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: SF3.DLL O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - W:\bluetooth transfer\WindComm\bin\btwdins.exe O23 - Service: cFosSpeed System Service (cFosSpeedS) - cFos Software GmbH - D:\CFOSSPEED\spd.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NetTime (NetTimeSvc) - Subjective Software - C:\Program Files\NetTime\NeTmSvNT.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum Ltd. - C:\Program Files\Agnitum\Outpost Firewall\outpost.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe O23 - Service: Loki Drivers Auto Removal (pr2agqwb) (pr2agqwb) - Cyanide - C:\WINDOWS\system32\pr2agqwb.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe – End of file - 8532 bytes

Silent Runners LOG:

“Silent Runners.vbs”, revision 52, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “STYLEXP” = “C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide” [empty string] “DAEMON Tools” = ““W:\Daemon\DAEMON Tools\daemon.exe” -lang 1033” [“DT Soft Ltd.”] “PeerGuardian” = “C:\Program Files\PeerGuardian2\pg2.exe” [“Methlabs”] “TV Watcher” = ““W:\program tv\TV Watcher\TV Watcher.exe” /a” [empty string] “uTorrent” = ““C:\Program Files\uTorrent\uTorrent.exe”” [null data] “Uniblue Registry Booster2” = “W:\Uniblue\Registry booster\RegistryBooster2\RegistryBooster.exe /S” [“Uniblue Software”] “Uniblue SpyEraser” = ““D:\SpyEraser\SpyEraser.exe” -m” [“Uniblue Software”] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “SoundMan” = “SOUNDMAN.EXE” [“Realtek Semiconductor Corp.”] “VGAUtil” = “C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe” [empty string] “RemoteControl” = ““C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe”” [“Cyberlink Corp.”] “CoolSwitch” = “C:\WINDOWS\system32\taskswitch.exe” [null data] “nod32kui” = ““C:\Program Files\Eset\nod32kui.exe” /WAITSERVICE” ["Eset “] “amd_dc_opt” = “C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe” [“AMD”] “ISUSScheduler” = ““C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe” -start” [“Macrovision Corporation”] “UnlockerAssistant” = ““C:\Program Files\Unlocker\UnlockerAssistant.exe” -H” [null data] “Outpost Firewall” = “C:\Program Files\Agnitum\Outpost Firewall\outpost.exe /waitservice” [“Agnitum Ltd.”] “OutpostFeedBack” = “C:\Program Files\Agnitum\Outpost Firewall\feedback.exe /dump:os_startup” [“Agnitum Ltd.”] “NetTime” = “C:\Program Files\NetTime\NetTime.exe” [“Subjective Software”] “ISUSPM” = ““C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe” -scheduler” [“Macrovision Corporation”] “cFosSpeed” = “D:\CFOSSPEED\cFosSpeed.exe” [“cFos Software GmbH”] “BluetoothAuthenticationAgent” = “rundll32.exe bthprops.cpl,BluetoothAuthenticationAgent” [MS] “Sony Ericsson PC Suite” = ““C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe” /startoptions” [null data] “QuickTime Task” = ““Y:\qUICK TIME PLAYER\QTTask.exe” -atboottime” [“Apple Inc.”] “NvCplDaemon” = “RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup” [MS] “nwiz” = “nwiz.exe /install” [“NVIDIA Corporation”] “NvMediaCenter” = “RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit” [MS] “Anti Trojan Elite” = “Y:\free trojan scan\Anti Trojan Elite\TJEnder.exe :NO” [file not found] HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\ {++} “NCInstallQueue” = “rundll32 netman.dll,ProcessQueue” [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided) -> {HKLM…CLSID} = “AcroIEHlprObj Class” \InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx” [empty string] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}(Default) = (no title provided) -> {HKLM…CLSID} = “SSVHelper Class” \InProcServer32(Default) = “C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll” [“Sun Microsystems, Inc.”] {C333CF63-767F-4831-94AC-E683D962C63C}(Default) = “TGTSoft Explorer Toolbar Changer” -> {HKLM…CLSID} = “CoTGT_BHO Class” \InProcServer32(Default) = “C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll” [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania” -> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania” \InProcServer32(Default) = “deskpan.dll” [file not found] “{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu” -> {HKLM…CLSID} = “HyperTerminal Icon Ext” \InProcServer32(Default) = “C:\WINDOWS\system32\hticons.dll” [“Hilgraeve, Inc.”] “{950FF917-7A57-46BC-8017-59D9BF474000}” = “Shell Extension for CDRW” -> {HKLM…CLSID} = “Shell Extension for CDRW” \InProcServer32(Default) = “C:\Program Files\Ahead\InCD\incdshx.dll” [“Nero AG”] “{1530F7EE-5128-43BD-9977-84A4B0FAD7DF}” = “PhotoToys” -> {HKCU…CLSID} = (no title provided) \InProcServer32(Default) = “C:\WINDOWS\system32\phototoys.dll” [MS] “{efb97cb8-a4a4-4357-a261-002ffaed0267}” = “CD Slideshow Powertoy” -> {HKCU…CLSID} = “CD Burn Slideshow Hook” \InProcServer32(Default) = “C:\WINDOWS\system32\slideshow.dll” [MS] “{709C6E11-538F-4759-86AC-6ACB302AA0DE}” = “Desktop Manager” -> {HKCU…CLSID} = “Desktop Manager” \InProcServer32(Default) = “C:\WINDOWS\system32\msvdm.dll” [null data] “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] “{B089FE88-FB52-11D3-BDF1-0050DA34150D}” = “NOD32 Context Menu Shell Extension” -> {HKLM…CLSID} = “NOD32 Context Menu Shell Extension” \InProcServer32(Default) = “C:\Program Files\Eset\nodshex.dll” [null data] “{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}” = “PowerISO” -> {HKLM…CLSID} = “PowerISO” \InProcServer32(Default) = “W:\Power ISO\PowerISO\PWRISOSH.DLL” [“PowerISO Computing, Inc.”] “{E0D79304-84BE-11CE-9641-444553540000}” = “WinZip” -> {HKLM…CLSID} = “WinZip” \InProcServer32(Default) = “Y:\DS2\WZSHLSTB.DLL” [“WinZip Computing, Inc.”] “{E0D79305-84BE-11CE-9641-444553540000}” = “WinZip” -> {HKLM…CLSID} = “WinZip” \InProcServer32(Default) = “Y:\DS2\WZSHLSTB.DLL” [“WinZip Computing, Inc.”] “{E0D79306-84BE-11CE-9641-444553540000}” = “WinZip” -> {HKLM…CLSID} = “WinZip” \InProcServer32(Default) = “Y:\DS2\WZSHLSTB.DLL” [“WinZip Computing, Inc.”] “{E0D79307-84BE-11CE-9641-444553540000}” = “WinZip” -> {HKLM…CLSID} = “WinZip” \InProcServer32(Default) = “Y:\DS2\WZSHLSTB.DLL” [“WinZip Computing, Inc.”] “{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}” = “UnlockerShellExtension” -> {HKLM…CLSID} = “UnlockerShellExtension” \InProcServer32(Default) = “C:\Program Files\Unlocker\UnlockerCOM.dll” [null data] “{03DAACC5-10BA-4E3E-9D54-2A569F6B4B87}” = “Menedżer plików firmy Sony Ericsson” -> {HKLM…CLSID} = “Menedżer plików firmy Sony Ericsson” \InProcServer32(Default) = “C:\Program Files\Sony Ericsson\Mobile2\File Manager\FM.dll” [“Popwire AB”] “{738D66C6-0149-4D40-84E4-A7BB2D0CE949}” = “Menedżer plików firmy Sony Ericsson” -> {HKLM…CLSID} = “Menedżer plików firmy Sony Ericsson” \InProcServer32(Default) = “C:\Program Files\Sony Ericsson\Mobile2\File Manager\FM.dll” [“Popwire AB”] “{6af09ec9-b429-11d4-a1fb-0090960218cb}” = “My Bluetooth Places” -> {HKLM…CLSID} = “Moje miejsca interfejsu Bluetooth” \InProcServer32(Default) = “C:\WINDOWS\system32\btneighborhood.dll” [“Broadcom Corporation.”] “{A70C977A-BF00-412C-90B7-034C51DA2439}” = “NvCpl DesktopContext Class” -> {HKLM…CLSID} = “DesktopContext Class” \InProcServer32(Default) = “C:\WINDOWS\system32\nvcpl.dll” [“NVIDIA Corporation”] “{1CDB2949-8F65-4355-8456-263E7C208A5D}” = “Desktop Explorer” -> {HKLM…CLSID} = “Desktop Explorer” \InProcServer32(Default) = “C:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”] “{1E9B04FB-F9E5-4718-997B-B8DA88302A47}” = “Desktop Explorer Menu” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”] “{1E9B04FB-F9E5-4718-997B-B8DA88302A48}” = “nView Desktop Context Menu” -> {HKLM…CLSID} = “nView Desktop Context Menu” \InProcServer32(Default) = “C:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”] “{FFB699E0-306A-11d3-8BD1-00104B6F7516}” = “Play on my TV helper” -> {HKLM…CLSID} = “NVIDIA CPL Extension” \InProcServer32(Default) = “C:\WINDOWS\system32\nvcpl.dll” [“NVIDIA Corporation”] HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ “WPDShServiceObj” = “{AAA288BA-9A4C-45B0-95D7-94D524869DB5}” -> {HKLM…CLSID} = “WPDShServiceObj Class” \InProcServer32(Default) = “C:\WINDOWS\system32\WPDShServiceObj.dll” [MS] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\ <> “AppInit_DLLs” = " SF3.DLL” [file not found] HKLM\Software\Classes*\shellex\ContextMenuHandlers\ ASW(Default) = “{33C9E362-3EDA-4930-8AFE-5DA39A8BB77A}” -> {HKLM…CLSID} = “Outpost.ASWShellExt Component” \InProcServer32(Default) = “C:\Program Files\Agnitum\Outpost Firewall\op_shell.dll” [“Agnitum Ltd.”] NOD32 Context Menu Shell Extension(Default) = “{B089FE88-FB52-11D3-BDF1-0050DA34150D}” -> {HKLM…CLSID} = “NOD32 Context Menu Shell Extension” \InProcServer32(Default) = “C:\Program Files\Eset\nodshex.dll” [null data] PowerISO(Default) = “{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}” -> {HKLM…CLSID} = “PowerISO” \InProcServer32(Default) = “W:\Power ISO\PowerISO\PWRISOSH.DLL” [“PowerISO Computing, Inc.”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] WinZip(Default) = “{E0D79304-84BE-11CE-9641-444553540000}” -> {HKLM…CLSID} = “WinZip” \InProcServer32(Default) = “Y:\DS2\WZSHLSTB.DLL” [“WinZip Computing, Inc.”] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ ASW(Default) = “{33C9E362-3EDA-4930-8AFE-5DA39A8BB77A}” -> {HKLM…CLSID} = “Outpost.ASWShellExt Component” \InProcServer32(Default) = “C:\Program Files\Agnitum\Outpost Firewall\op_shell.dll” [“Agnitum Ltd.”] PowerISO(Default) = “{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}” -> {HKLM…CLSID} = “PowerISO” \InProcServer32(Default) = “W:\Power ISO\PowerISO\PWRISOSH.DLL” [“PowerISO Computing, Inc.”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] WinZip(Default) = “{E0D79304-84BE-11CE-9641-444553540000}” -> {HKLM…CLSID} = “WinZip” \InProcServer32(Default) = “Y:\DS2\WZSHLSTB.DLL” [“WinZip Computing, Inc.”] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ ASW(Default) = “{33C9E362-3EDA-4930-8AFE-5DA39A8BB77A}” -> {HKLM…CLSID} = “Outpost.ASWShellExt Component” \InProcServer32(Default) = “C:\Program Files\Agnitum\Outpost Firewall\op_shell.dll” [“Agnitum Ltd.”] NOD32 Context Menu Shell Extension(Default) = “{B089FE88-FB52-11D3-BDF1-0050DA34150D}” -> {HKLM…CLSID} = “NOD32 Context Menu Shell Extension” \InProcServer32(Default) = “C:\Program Files\Eset\nodshex.dll” [null data] PowerISO(Default) = “{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}” -> {HKLM…CLSID} = “PowerISO” \InProcServer32(Default) = “W:\Power ISO\PowerISO\PWRISOSH.DLL” [“PowerISO Computing, Inc.”] UnlockerShellExtension(Default) = “{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}” -> {HKLM…CLSID} = “UnlockerShellExtension” \InProcServer32(Default) = “C:\Program Files\Unlocker\UnlockerCOM.dll” [null data] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] WinZip(Default) = “{E0D79304-84BE-11CE-9641-444553540000}” -> {HKLM…CLSID} = “WinZip” \InProcServer32(Default) = “Y:\DS2\WZSHLSTB.DLL” [“WinZip Computing, Inc.”] HKLM\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\ UnlockerShellExtension(Default) = “{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}” -> {HKLM…CLSID} = “UnlockerShellExtension” \InProcServer32(Default) = “C:\Program Files\Unlocker\UnlockerCOM.dll” [null data] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ “NoRecentDocsMenu” = (REG_DWORD) hex:0x00000001 {unrecognized setting} “NoSMConfigurePrograms” = (REG_DWORD) hex:0x00000001 {unrecognized setting} “NoSaveSettings” = (REG_DWORD) hex:0x00000000 {User Configuration|Administrative Templates|Desktop| Don’t save settings at exit} “ForceClassicControlPanel” = (REG_DWORD) hex:0x00000001 {unrecognized setting} “NoLowDiskSpaceChecks” = (REG_DWORD) hex:0x00000001 {unrecognized setting} “NoChangeKeyboardNavigationIndicators” = (REG_DWORD) hex:0x00000000 {unrecognized setting} “ClassicShell” = (REG_DWORD) hex:0x00000000 {User Configuration|Administrative Templates|Windows Components|Windows Explorer| Enable Classic Shell / Turn on Classic Shell} “NoSharedDocuments” = (REG_DWORD) hex:0x00000001 {User Configuration|Administrative Templates|Windows Components|Windows Explorer| Remove Shared Documents from My Computer} HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ “NoRemoteRecursiveEvents” = (REG_DWORD) hex:0x00000001 {unrecognized setting} “ClassicShell” = (REG_DWORD) hex:0x00000000 {unrecognized setting} HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\ “NoVisualStyleChoice” = (REG_DWORD) hex:0x00000000 {unrecognized setting} “NoColorChoice” = (REG_DWORD) hex:0x00000000 {unrecognized setting} “NoSizeChoice” = (REG_DWORD) hex:0x00000000 {unrecognized setting} HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ “shutdownwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} “undockwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} “NoInternetOpenWith” = (REG_DWORD) hex:0x00000001 {unrecognized setting} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ “Wallpaper” = “Y:\tapety\Amy Lee pulpit.bmp” Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ “Wallpaper” = “Y:\tapety\Amy Lee pulpit.bmp” Startup items in “slimak” & “All Users” startup folders: -------------------------------------------------------- C:\Documents and Settings\All Users\Menu Start\Programy\Autostart “BTTray” -> shortcut to: “W:\bluetooth transfer\WindComm\BTTray.exe” [“Broadcom Corporation.”] Enabled Scheduled Tasks: ------------------------ “AppleSoftwareUpdate” -> launches: “C:\Program Files\Apple Software Update\SoftwareUpdate.exe -task” [“Apple Inc.”] “Uniblue SpyEraser” -> launches: “D:\SpyEraser\SpyEraser.exe -s” [“Uniblue Software”] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS] 000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000004\LibraryPath = “%SystemRoot%\system32\wshbth.dll” [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: C:\WINDOWS\system32\imon.dll ["Eset "], 01 - 05, 11 %SystemRoot%\system32\mswsock.dll [MS], 06 - 08, 12 - 30 %SystemRoot%\system32\rsvpsp.dll [MS], 09 - 10 Toolbars, Explorer Bars, Extensions: ------------------------------------ Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ “MenuText” = “Sun Java Console” “CLSIDExtension” = “{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}” -> {HKCU…CLSID} = “Java Plug-in 1.5.0_06” \InProcServer32(Default) = “C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll” [“Sun Microsystems, Inc.”] -> {HKLM…CLSID} = “Java Plug-in 1.5.0_06” \InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll” [“Sun Microsystems, Inc.”] {CCA281CA-C863-46EF-9331-5C8D4460577F}\ “ButtonText” = “@btrez.dll,-4015” “MenuText” = “@btrez.dll,-12650” “Script” = “W:\bluetooth transfer\WindComm\btsendto_ie.htm” [null data] {E2E2DD38-D088-4134-82B7-F2BA38496583}\ “MenuText” = “@xpsp3res.dll,-20001” “Exec” = “%windir%\Network Diagnostic\xpnetdiag.exe” [MS] {FB5F1910-F110-11D2-BB9E-00C04F795683}\ “ButtonText” = “Messenger” “MenuText” = “Windows Messenger” “Exec” = “C:\Program Files\Messenger\msmsgs.exe” [MS] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Bluetooth Service, btwdins, “W:\bluetooth transfer\WindComm\bin\btwdins.exe” [“Broadcom Corporation.”] Bluetooth Support Service, BthServ, “C:\WINDOWS\system32\svchost.exe -k bthsvcs” {“C:\WINDOWS\System32\bthserv.dll” [MS]} cFosSpeed System Service, cFosSpeedS, ““D:\CFOSSPEED\spd.exe” -service” [“cFos Software GmbH”] InCD Helper, InCDsrv, “C:\Program Files\Ahead\InCD\InCDsrv.exe” [“Nero AG”] LightScribeService Direct Disc Labeling Service, LightScribeService, ““C:\Program Files\Common Files\LightScribe\LSSrvc.exe”” [“Hewlett-Packard Company”] NetTime, NetTimeSvc, “C:\Program Files\NetTime\NeTmSvNT.exe” [“Subjective Software”] NOD32 Kernel Service, NOD32krn, ““C:\Program Files\Eset\nod32krn.exe”” ["Eset "] NVIDIA Display Driver Service, NVSvc, “C:\WINDOWS\system32\nvsvc32.exe” [“NVIDIA Corporation”] Outpost Firewall Service, OutpostFirewall, “C:\Program Files\Agnitum\Outpost Firewall\outpost.exe /service” [“Agnitum Ltd.”] PnkBstrA, PnkBstrA, “C:\WINDOWS\system32\PnkBstrA.exe” [null data] PnkBstrB, PnkBstrB, “C:\WINDOWS\system32\PnkBstrB.exe” [null data] StarWind iSCSI Service, StarWindService, “C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe” [“Rocket Division Software”] StyleXPService, StyleXPService, ““C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe”” [empty string] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ Port drukarki interfejsu Bluetooth\Driver = “bthcrp.dll” [“Broadcom Corporation.”] ---------- (launch time: 2007-11-16 16:31:01) <>: Suspicious data at a malware launch point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives took 57 seconds. ---------- (total run time: 87 seconds)

HaxFix wykazal same zera.

LOG z ComboFix:

ComboFix 07-11-08.1 - slimak 2007-11-16 16:35:11.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.461 [GMT 1:00] Running from: W:\PROGRAMY\skan i log startujacych programow\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((( Files Created from 2007-10-16 to 2007-11-16 ))))))))))))))))))))))))))))))) . 2007-11-16 16:34 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-11-16 16:11 90,112 --a------ C:\WINDOWS\system32\RegDACL.exe 2007-11-16 16:11 53,248 --a------ C:\WINDOWS\system32\process.exe 2007-11-16 16:11 8,925 --a------ C:\clean.bat 2007-11-16 16:11 4,096 --a------ C:\WINDOWS\system32\reboot.exe 2007-11-16 16:11 347 --a------ C:\run2.reg 2007-11-13 20:23 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll 2007-11-13 20:23 1,358,192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll 2007-11-13 20:23 444,776 --a------ C:\WINDOWS\system32\d3dx10_35.dll 2007-11-13 20:23 267,112 --a------ C:\WINDOWS\system32\xactengine2_9.dll 2007-11-13 20:11 23,600 --a------ C:\WINDOWS\system32\drivers\TVICHW32.SYS 2007-11-13 19:55 202,240 -ra------ C:\WINDOWS\system32\fdco1.dll 2007-11-13 19:55 33,664 -ra------ C:\WINDOWS\system32\drivers\NVENETFD.sys 2007-11-13 19:54 283,136 -ra------ C:\WINDOWS\system32\drivers\nvnrm.sys 2007-11-13 19:54 209,920 -ra------ C:\WINDOWS\system32\drivers\nvsnpu.sys 2007-11-13 19:54 180,224 --a------ C:\WINDOWS\system32\nvunrm.exe 2007-11-13 19:54 101,120 -ra------ C:\WINDOWS\system32\drivers\nvtcp.sys 2007-11-13 19:54 33,280 -ra------ C:\WINDOWS\system32\nvconrmins.dll 2007-11-13 19:54 33,280 -ra------ C:\WINDOWS\system32\nvconrm.dll 2007-11-13 19:54 12,928 -ra------ C:\WINDOWS\system32\drivers\nvnetbus.sys 2007-11-13 19:54 9,728 -ra------ C:\WINDOWS\system32\bdco1.dll 2007-11-13 19:45 5,112 --a------ C:\WINDOWS\GPCIDrv.sys 2007-11-13 19:43 2007-11-13 19:43 356,352 --a------ C:\WINDOWS\system32\nvudisp.exe 2007-11-13 19:42 356,352 --a------ C:\WINDOWS\system32\NVUNINST.EXE 2007-11-13 19:21 2007-11-13 19:21 664 --a------ C:\WINDOWS\system32\d3d9caps.dat 2007-11-13 19:21 552 --a------ C:\WINDOWS\system32\d3d8caps.dat 2007-11-12 06:51 1,089,536 --a------ C:\WINDOWS\system32\nvcuda.dll 2007-11-12 06:27 2007-11-10 21:09 2007-11-09 23:45 2007-11-09 22:47 2007-11-09 22:47 2007-11-07 17:37 2007-11-04 14:47 2007-11-04 14:47 2007-11-04 14:47 2007-11-04 14:27 2007-11-01 22:10 23,176 -ra------ C:\WINDOWS\system32\drivers\s116nd5.sys 2007-11-01 11:03 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys 2007-11-01 11:03 14,848 --a–c— C:\WINDOWS\system32\dllcache\kbdhid.sys 2007-11-01 11:03 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys 2007-11-01 11:03 12,160 --a–c— C:\WINDOWS\system32\dllcache\mouhid.sys 2007-11-01 10:54 2007-11-01 10:14 100,488 -ra------ C:\WINDOWS\system32\drivers\s116mgmt.sys 2007-11-01 10:14 99,080 -ra------ C:\WINDOWS\system32\drivers\s116unic.sys 2007-11-01 10:14 98,696 -ra------ C:\WINDOWS\system32\drivers\s116obex.sys 2007-11-01 10:14 11,016 -ra------ C:\WINDOWS\system32\drivers\s116cr.sys 2007-11-01 09:44 2007-11-01 09:42 163,328 -r-hs---- C:\WINDOWS\system32\flvDX.dll 2007-11-01 09:42 31,232 -r-hs---- C:\WINDOWS\system32\msfDX.dll 2007-11-01 08:57 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys 2007-11-01 08:57 31,616 --a–c— C:\WINDOWS\system32\dllcache\usbccgp.sys 2007-11-01 08:56 108,680 -ra------ C:\WINDOWS\system32\drivers\s116mdm.sys 2007-11-01 08:56 83,336 -ra------ C:\WINDOWS\system32\drivers\s116bus.sys 2007-11-01 08:56 15,112 -ra------ C:\WINDOWS\system32\drivers\s116mdfl.sys 2007-11-01 08:56 12,424 -ra------ C:\WINDOWS\system32\drivers\s116whnt.sys 2007-11-01 08:56 12,424 -ra------ C:\WINDOWS\system32\drivers\s116wh.sys 2007-11-01 08:56 12,424 -ra------ C:\WINDOWS\system32\drivers\s116cmnt.sys 2007-11-01 08:56 12,424 -ra------ C:\WINDOWS\system32\drivers\s116cm.sys 2007-11-01 08:55 2007-11-01 08:51 2007-11-01 08:50 2007-11-01 08:50 2007-11-01 08:50 2007-11-01 08:49 2007-11-01 08:49 2007-11-01 08:41 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys 2007-11-01 08:41 5,504 --a–c— C:\WINDOWS\system32\dllcache\mstee.sys 2007-11-01 08:40 15,360 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys 2007-11-01 08:40 15,360 --a–c— C:\WINDOWS\system32\dllcache\streamip.sys 2007-11-01 08:40 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys 2007-11-01 08:40 10,880 --a–c— C:\WINDOWS\system32\dllcache\ndisip.sys 2007-11-01 08:39 85,376 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys 2007-11-01 08:39 85,376 --a–c— C:\WINDOWS\system32\dllcache\nabtsfec.sys 2007-11-01 08:39 19,328 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS 2007-11-01 08:39 19,328 --a–c— C:\WINDOWS\system32\dllcache\wstcodec.sys 2007-11-01 08:39 17,024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys 2007-11-01 08:39 17,024 --a–c— C:\WINDOWS\system32\dllcache\ccdecode.sys 2007-11-01 08:39 11,136 --a------ C:\WINDOWS\system32\drivers\SLIP.sys 2007-11-01 08:39 11,136 --a–c— C:\WINDOWS\system32\dllcache\slip.sys 2007-11-01 08:38 54,784 --a------ C:\WINDOWS\system32\drivers\vfwwdm32.dll 2007-10-28 12:39 2007-10-28 11:32 38,016 --a------ C:\WINDOWS\system32\drivers\bthmodem.sys 2007-10-28 11:32 38,016 --a–c— C:\WINDOWS\system32\dllcache\bthmodem.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-16 15:37 --------- d-----w C:\Documents and Settings\slimak\Dane aplikacji\uTorrent 2007-11-16 14:46 17,962 ----a-w C:\WINDOWS\system32\drivers\GVTDrv.sys 2007-11-16 09:35 --------- d-----w C:\Program Files\PeerGuardian2 2007-11-13 17:26 --------- d–h--w C:\Program Files\InstallShield Installation Information 2007-11-13 15:29 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys 2007-11-13 15:29 22,328 ----a-w C:\Documents and Settings\slimak\Dane aplikacji\PnkBstrK.sys 2007-11-13 15:28 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe 2007-11-13 15:28 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe 2007-11-12 05:51 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll 2007-11-12 05:51 81,920 ----a-w C:\WINDOWS\system32\nvmctray.dll 2007-11-12 05:51 8,523,776 ----a-w C:\WINDOWS\system32\nvcpl.dll 2007-11-12 05:51 757,760 ----a-w C:\WINDOWS\system32\nvcplui.exe 2007-11-12 05:51 7,433,504 ----a-w C:\WINDOWS\system32\drivers\nv4_mini.sys 2007-11-12 05:51 6,901,760 ----a-w C:\WINDOWS\system32\nvoglnt.dll 2007-11-12 05:51 6,537,216 ----a-w C:\WINDOWS\system32\nvdisps.dll 2007-11-12 05:51 5,770,880 ----a-w C:\WINDOWS\system32\nv4_disp.dll 2007-11-12 05:51 5,611,520 ----a-w C:\WINDOWS\system32\nvdispsr.dll 2007-11-12 05:51 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll 2007-11-12 05:51 458,752 ----a-w C:\WINDOWS\system32\nvmccssr.dll 2007-11-12 05:51 45,056 ----a-w C:\WINDOWS\system32\nvmccsrs.dll 2007-11-12 05:51 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe 2007-11-12 05:51 425,984 ----a-w C:\WINDOWS\system32\keystone.exe 2007-11-12 05:51 385,024 ----a-w C:\WINDOWS\system32\nvapi.dll 2007-11-12 05:51 35,328 ----a-w C:\WINDOWS\system32\nvcodins.dll 2007-11-12 05:51 35,328 ----a-w C:\WINDOWS\system32\nvcod.dll 2007-11-12 05:51 335,872 ----a-w C:\WINDOWS\system32\nvwrses.dll 2007-11-12 05:51 335,872 ----a-w C:\WINDOWS\system32\nvwrsel.dll 2007-11-12 05:51 327,680 ----a-w C:\WINDOWS\system32\nvwrsfr.dll 2007-11-12 05:51 327,680 ----a-w C:\WINDOWS\system32\nvwrsesm.dll 2007-11-12 05:51 327,680 ----a-w C:\WINDOWS\system32\nvrshe.dll 2007-11-12 05:51 327,680 ----a-w C:\WINDOWS\system32\nvrsar.dll 2007-11-12 05:51 323,584 ----a-w C:\WINDOWS\system32\nvwrspt.dll 2007-11-12 05:51 323,584 ----a-w C:\WINDOWS\system32\nvwrsit.dll 2007-11-12 05:51 319,488 ----a-w C:\WINDOWS\system32\nvwrsptb.dll 2007-11-12 05:51 319,488 ----a-w C:\WINDOWS\system32\nvwrsnl.dll 2007-11-12 05:51 315,392 ----a-w C:\WINDOWS\system32\nvwrsru.dll 2007-11-12 05:51 315,392 ----a-w C:\WINDOWS\system32\nvwrshu.dll 2007-11-12 05:51 311,296 ----a-w C:\WINDOWS\system32\nvwrsde.dll 2007-11-12 05:51 307,200 ----a-w C:\WINDOWS\system32\nvexpbar.dll 2007-11-12 05:51 303,104 ----a-w C:\WINDOWS\system32\nvwrstr.dll 2007-11-12 05:51 303,104 ----a-w C:\WINDOWS\system32\nvwrssl.dll 2007-11-12 05:51 303,104 ----a-w C:\WINDOWS\system32\nvwrsfi.dll 2007-11-12 05:51 3,715,072 ----a-w C:\WINDOWS\system32\nvvitvsr.dll 2007-11-12 05:51 3,698,688 ----a-w C:\WINDOWS\system32\nvvitvs.dll 2007-11-12 05:51 3,407,872 ----a-w C:\WINDOWS\system32\nvgames.dll 2007-11-12 05:51 3,330,048 ----a-w C:\WINDOWS\system32\nvgamesr.dll 2007-11-12 05:51 299,008 ----a-w C:\WINDOWS\system32\nvwrssk.dll 2007-11-12 05:51 299,008 ----a-w C:\WINDOWS\system32\nvwrsno.dll 2007-11-12 05:51 294,912 ----a-w C:\WINDOWS\system32\nvwrssv.dll 2007-11-12 05:51 294,912 ----a-w C:\WINDOWS\system32\nvwrspl.dll 2007-11-12 05:51 294,912 ----a-w C:\WINDOWS\system32\nvwrsda.dll 2007-11-12 05:51 290,816 ----a-w C:\WINDOWS\system32\nvwrsth.dll 2007-11-12 05:51 286,720 ----a-w C:\WINDOWS\system32\nvwrseng.dll 2007-11-12 05:51 286,720 ----a-w C:\WINDOWS\system32\nvwrscs.dll 2007-11-12 05:51 286,720 ----a-w C:\WINDOWS\system32\nvnt4cpl.dll 2007-11-12 05:51 282,624 ----a-w C:\WINDOWS\system32\nvwrsar.dll 2007-11-12 05:51 282,624 ----a-w C:\WINDOWS\system32\nvrsfr.dll 2007-11-12 05:51 282,624 ----a-w C:\WINDOWS\system32\nvrses.dll 2007-11-12 05:51 282,624 ----a-w C:\WINDOWS\system32\nvrsel.dll 2007-11-12 05:51 278,528 ----a-w C:\WINDOWS\system32\nvwrshe.dll 2007-11-12 05:51 278,528 ----a-w C:\WINDOWS\system32\nvrsit.dll 2007-11-12 05:51 278,528 ----a-w C:\WINDOWS\system32\nvrsde.dll 2007-11-12 05:51 274,432 ----a-w C:\WINDOWS\system32\nvrspt.dll 2007-11-12 05:51 274,432 ----a-w C:\WINDOWS\system32\nvrsnl.dll 2007-11-12 05:51 274,432 ----a-w C:\WINDOWS\system32\nvrsesm.dll 2007-11-12 05:51 270,336 ----a-w C:\WINDOWS\system32\nvrsru.dll 2007-11-12 05:51 266,240 ----a-w C:\WINDOWS\system32\nvrsptb.dll 2007-11-12 05:51 266,240 ----a-w C:\WINDOWS\system32\nvrsja.dll 2007-11-12 05:51 258,048 ----a-w C:\WINDOWS\system32\nvrstr.dll 2007-11-12 05:51 258,048 ----a-w C:\WINDOWS\system32\nvrssl.dll 2007-11-12 05:51 258,048 ----a-w C:\WINDOWS\system32\nvrssk.dll 2007-11-12 05:51 258,048 ----a-w C:\WINDOWS\system32\nvrsko.dll 2007-11-12 05:51 258,048 ----a-w C:\WINDOWS\system32\nvrshu.dll 2007-11-12 05:51 253,952 ----a-w C:\WINDOWS\system32\nvrsth.dll 2007-11-12 05:51 253,952 ----a-w C:\WINDOWS\system32\nvrssv.dll 2007-11-12 05:51 253,952 ----a-w C:\WINDOWS\system32\nvrspl.dll 2007-11-12 05:51 253,952 ----a-w C:\WINDOWS\system32\nvrsno.dll 2007-11-12 05:51 253,952 ----a-w C:\WINDOWS\system32\nvrsda.dll 2007-11-12 05:51 249,856 ----a-w C:\WINDOWS\system32\nvrsfi.dll 2007-11-12 05:51 249,856 ----a-w C:\WINDOWS\system32\nvrscs.dll 2007-11-12 05:51 245,760 ----a-w C:\WINDOWS\system32\nvrseng.dll 2007-11-12 05:51 229,376 ----a-w C:\WINDOWS\system32\nvmccs.dll 2007-11-12 05:51 225,280 ----a-w C:\WINDOWS\system32\nvrszhc.dll 2007-11-12 05:51 212,992 ----a-w C:\WINDOWS\system32\nvwrsja.dll 2007-11-12 05:51 2,854,912 ----a-w C:\WINDOWS\system32\nvmoblsr.dll 2007-11-12 05:51 2,519,040 ----a-w C:\WINDOWS\system32\nvwssr.dll 2007-11-12 05:51 2,486,272 ----a-w C:\WINDOWS\system32\nvwss.dll 2007-11-12 05:51 196,608 ----a-w C:\WINDOWS\system32\nvwrsko.dll 2007-11-12 05:51 188,416 ----a-w C:\WINDOWS\system32\nvmccss.dll 2007-11-12 05:51 167,936 ----a-w C:\WINDOWS\system32\nvwrszht.dll 2007-11-12 05:51 163,840 ----a-w C:\WINDOWS\system32\nvwrszhc.dll 2007-11-12 05:51 155,716 ----a-w C:\WINDOWS\system32\nvsvc32.exe 2007-11-12 05:51 147,456 ----a-w C:\WINDOWS\system32\nvcolor.exe 2007-11-12 05:51 126,976 ----a-w C:\WINDOWS\system32\nvrszht.dll 2007-11-12 05:51 1,703,936 ----a-w C:\WINDOWS\system32\nvwdmcpl.dll 2007-11-12 05:51 1,626,112 ----a-w C:\WINDOWS\system32\nwiz.exe 2007-11-12 05:51 1,474,560 ----a-w C:\WINDOWS\system32\nview.dll 2007-11-12 05:51 1,339,392 ----a-w C:\WINDOWS\system32\nvdspsch.exe 2007-11-12 05:51 1,212,416 ----a-w C:\WINDOWS\system32\nvmobls.dll 2007-11-12 05:51 1,073,152 ----a-w C:\WINDOWS\system32\nvcpluir.dll 2006-05-03 09:06:54 163,328 --sh–r C:\WINDOWS\system32\flvDX.dll 2007-02-21 10:47:16 31,232 --sh–r C:\WINDOWS\system32\msfDX.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “SoundMan”=“SOUNDMAN.EXE” [2006-08-02 22:12 C:\WINDOWS\soundman.exe] “VGAUtil”=“C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe” [2007-01-02 09:22] “RemoteControl”=“C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe” [2004-11-02 19:24] “CoolSwitch”=“C:\WINDOWS\system32\taskswitch.exe” [2002-03-19 16:30] “nod32kui”=“C:\Program Files\Eset\nod32kui.exe” [2007-08-25 19:19] “amd_dc_opt”=“C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe” [2006-11-17 15:49] “ISUSScheduler”=“C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe” [2006-03-20 16:40] “UnlockerAssistant”=“C:\Program Files\Unlocker\UnlockerAssistant.exe” [2006-09-07 18:19] “Outpost Firewall”=“C:\Program Files\Agnitum\Outpost Firewall\outpost.exe” [2007-04-05 15:56] “OutpostFeedBack”=“C:\Program Files\Agnitum\Outpost Firewall\feedback.exe” [2007-06-28 12:18] “NetTime”=“C:\Program Files\NetTime\NetTime.exe” [2000-12-31 16:12] “ISUSPM”=“C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe” [2006-03-20 16:40] “cFosSpeed”=“D:\CFOSSPEED\cFosSpeed.exe” [2007-07-09 17:10] “BluetoothAuthenticationAgent”=“bthprops.cpl” [2004-08-03 23:44 C:\WINDOWS\system32\bthprops.cpl] “Sony Ericsson PC Suite”=“C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe” [2007-06-13 08:16] “QuickTime Task”=“Y:\qUICK TIME PLAYER\QTTask.exe” [2007-06-29 06:24] “NvCplDaemon”=“C:\WINDOWS\system32\NvCpl.dll” [2007-11-12 06:51] “nwiz”=“nwiz.exe” [2007-11-12 06:51 C:\WINDOWS\system32\nwiz.exe] “NvMediaCenter”=“C:\WINDOWS\system32\NvMcTray.dll” [2007-11-12 06:51] “Anti Trojan Elite”=“Y:\free trojan scan\Anti Trojan Elite\TJEnder.exe” [] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “STYLEXP”=“C:\Program Files\TGTSoft\StyleXP\StyleXP.exe” [2005-03-14 20:21] “DAEMON Tools”=“W:\Daemon\DAEMON Tools\daemon.exe” [2006-11-12 11:48] “PeerGuardian”=“C:\Program Files\PeerGuardian2\pg2.exe” [2005-09-18 17:44] “TV Watcher”=“W:\program tv\TV Watcher\TV Watcher.exe” [2007-10-14 16:21] “uTorrent”=“C:\Program Files\uTorrent\uTorrent.exe” [2007-10-19 23:01] “Uniblue Registry Booster2”=“W:\Uniblue\Registry booster\RegistryBooster2\RegistryBooster.exe” [2007-04-23 15:40] “Uniblue SpyEraser”=“D:\SpyEraser\SpyEraser.exe” [2007-05-16 10:45] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce] “NCInstallQueue”=rundll32 netman.dll,ProcessQueue [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] “NoRecentDocsMenu”=1 (0x1) “NoSMConfigurePrograms”=1 (0x1) “ForceClassicControlPanel”=1 (0x1) “NoChangeKeyboardNavigationIndicators”=0 (0x0) “NoSharedDocuments”=1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] “UIHost”=“C:\Program Files\TGTSoft\StyleXP\CurrentLogon.EXE” [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] “AppInit_DLLs”= SF3.DLL R0 pe3agqwb;Loki Environment Driver (pe3agqwb);C:\WINDOWS\system32\drivers\pe3agqwb.sys R0 ps6agqwb;Loki Synchronization Driver (ps6agqwb);C:\WINDOWS\system32\drivers\ps6agqwb.sys R1 SandBox;Outpost Firewall Sandbox Driver;??\C:\Program Files\Agnitum\Outpost Firewall\kernel\Sandbox.SYS R1 SysTool;SysTool Overclocking Utility;C:\WINDOWS\system32\DRIVERS\SysTool.sys R1 VFILT;Outpost Firewall Kernel Driver;??\C:\Program Files\Agnitum\Outpost Firewall\kernel\FILTNT.SYS R2 NetTimeSvc;NetTime;C:\Program Files\NetTime\NeTmSvNT.exe R3 ADBLOCK.DLL;Outpost Firewall PlugIn (ADBLOCK.DLL);??\C:\Program Files\Agnitum\Outpost Firewall\kernel\ADBLOCK.DLL R3 AmdLLD;AMD Low Level Device Driver;C:\WINDOWS\system32\DRIVERS\AmdLLD.sys R3 ARP.DLL;Outpost Firewall PlugIn (ARP.DLL);??\C:\Program Files\Agnitum\Outpost Firewall\kernel\ARP.DLL R3 CONTENT.DLL;Outpost Firewall PlugIn (CONTENT.DLL);??\C:\Program Files\Agnitum\Outpost Firewall\kernel\CONTENT.DLL R3 DNSCACHE.DLL;Outpost Firewall PlugIn (DNSCACHE.DLL);??\C:\Program Files\Agnitum\Outpost Firewall\kernel\DNSCACHE.DLL R3 FTPFILT.DLL;Outpost Firewall PlugIn (FTPFILT.DLL);??\C:\Program Files\Agnitum\Outpost Firewall\kernel\FTPFILT.DLL R3 GPCIDrv;GPCIDrv;??\C:\WINDOWS\GPCIDrv.sys R3 GVTDrv;GVTDrv;??\C:\WINDOWS\system32\Drivers\GVTDrv.sys R3 HTMLFILT.DLL;Outpost Firewall PlugIn (HTMLFILT.DLL);??\C:\Program Files\Agnitum\Outpost Firewall\kernel\HTMLFILT.DLL R3 HTTPFILT.DLL;Outpost Firewall PlugIn (HTTPFILT.DLL);??\C:\Program Files\Agnitum\Outpost Firewall\kernel\HTTPFILT.DLL R3 IMAPFILT.DLL;Outpost Firewall PlugIn (IMAPFILT.DLL);??\C:\Program Files\Agnitum\Outpost Firewall\kernel\IMAPFILT.DLL R3 MAILFILT.DLL;Outpost Firewall PlugIn (MAILFILT.DLL);??\C:\Program Files\Agnitum\Outpost Firewall\kernel\MAILFILT.DLL R3 NNTPFILT.DLL;Outpost Firewall PlugIn (NNTPFILT.DLL);??\C:\Program Files\Agnitum\Outpost Firewall\kernel\NNTPFILT.DLL R3 POP3FILT.DLL;Outpost Firewall PlugIn (POP3FILT.DLL);??\C:\Program Files\Agnitum\Outpost Firewall\kernel\POP3FILT.DLL R3 PROTECT.DLL;Outpost Firewall PlugIn (PROTECT.DLL);??\C:\Program Files\Agnitum\Outpost Firewall\kernel\PROTECT.DLL R3 SECRET.DLL;Outpost Firewall PlugIn (SECRET.DLL);??\C:\Program Files\Agnitum\Outpost Firewall\kernel\SECRET.DLL S2 pr2agqwb;Loki Drivers Auto Removal (pr2agqwb);C:\WINDOWS\system32\pr2agqwb.exe svc S3 ATE_PROCMON;ATE_PROCMON;??\Y:\free trojan scan\Anti Trojan Elite\ATEPMon.sys S3 s116bus;Sony Ericsson Device 116 driver (WDM);C:\WINDOWS\system32\DRIVERS\s116bus.sys S3 s116mdfl;Sony Ericsson Device 116 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\s116mdfl.sys S3 s116mdm;Sony Ericsson Device 116 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\s116mdm.sys S3 s116mgmt;Sony Ericsson Device 116 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\s116mgmt.sys S3 s116nd5;Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (NDIS);C:\WINDOWS\system32\DRIVERS\s116nd5.sys S3 s116obex;Sony Ericsson Device 116 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\s116obex.sys S3 s116unic;Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (WDM);C:\WINDOWS\system32\DRIVERS\s116unic.sys S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS *Newly Created Service* - CATCHME . Contents of the ‘Scheduled Tasks’ folder “2007-11-09 15:40:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job” - C:\Program Files\Apple Software Update\SoftwareUpdate.exe “2007-11-15 16:02:05 C:\WINDOWS\Tasks\Uniblue SpyEraser.job” - D:\SpyEraser\SpyEraser.exe . ************************************************************************** catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-16 16:37:31 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-11-16 16:38:10 . — E O F —

Prosze o sprawdzenie i porady.

Star · 16 Listopad 2007 16:10

Podaj pełną konfiguracje komputera

Ostatnio miałem ten sam problem ,wcześniej sprawdzałem zasilacz skanowałem komputer i.t.p i zero , dopiero pomogło przywrócenie kopi zapasowej

Gutek · 16 Listopad 2007 18:06

Optymalizacja XP: http://forum.dobreprogramy.pl/viewtopic.php?t=76580

marslim · 17 Listopad 2007 18:26

@ Star-

AMD Athlon 64 X2 Dual Core Processor 4200+ 2.21GHz

2X512MB DDR2 667MHz RAM

NVIDIA GeForce 7600 GS 256MB PCE

HDD 320 GB SEAGATE 16 MB SATA2

PLYTA GLOWNA- MSI K9N4 ULTRA-F nF500 AM2

Jesli chodzilo Ci o cos innego to napisz.

Kopii zapasowej nie moglem przywrocic tak jak Ty, niestety…

@ Gutek2222-

Optymalizacja wykonana punkt po punkcie, nie wiem czy pomoglo, choc mam taka nadzieje.

Jak to mowia, czas pokaze…

Star · 17 Listopad 2007 18:51

A zasilacz ?