Zmulony komp + Win32:Small-EQY [Trj]

Xil · 4 Kwiecień 2007 14:54

Witam. Odpaliłem dzisiaj kompa i wyskoczyło mi ostrzeżenie o trojanie Win32:Small-EQY [Trj]. Komp bardzo zwolnił a ja za cholerę nie mogę go usunąć. Na początku wyskakiwał mi tylko jeden zainfekowany plik, teraz jest już ich kilka. Proszę o pomoc. Załączam logi:

Log z HT:

Logfile of HijackThis v1.99.1 Scan saved at 16:53:29, on 2007-04-04 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\NeroCheck.exe C:\WINDOWS\RTHDCPL.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\DAEMON Tools\daemon.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Paweł\Pulpit\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.2.7.dll O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [nwiz] nwiz.exe /install O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM…\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM…\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM…\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM…\Run: [DAEMON Tools] “C:\Program Files\DAEMON Tools\daemon.exe” -lang 1033 O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip…{0B64B7CD-0846-4122-89E5-16694FCAD194}: NameServer = 85.255.115.28,85.255.112.130 O17 - HKLM\System\CCS\Services\Tcpip…{0BA19532-1EEB-46F4-A4C8-CE9D9E630FCF}: NameServer = 85.255.115.28,85.255.112.130 O17 - HKLM\System\CCS\Services\Tcpip…{46020257-F06C-4BAF-9263-FC26934BFA6D}: NameServer = 85.255.115.28,85.255.112.130 O17 - HKLM\System\CCS\Services\Tcpip…{5D091470-F46D-455E-8BB0-DB1E3149CDEC}: NameServer = 85.255.115.28,85.255.112.130 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.28 85.255.112.130 O17 - HKLM\System\CS1\Services\Tcpip…{0B64B7CD-0846-4122-89E5-16694FCAD194}: NameServer = 85.255.115.28,85.255.112.130 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.28 85.255.112.130 O20 - AppInit_DLLs: O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

Log z SR:

“Silent Runners.vbs”, revision R50, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “CTFMON.EXE” = “C:\WINDOWS\system32\ctfmon.exe” [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “NvCplDaemon” = “RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup” [MS] “nwiz” = “nwiz.exe /install” [“NVIDIA Corporation”] “NvMediaCenter” = “RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit” [MS] “RTHDCPL” = “RTHDCPL.EXE” [“Realtek Semiconductor Corp.”] “avast!” = “C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [null data] “UserFaultCheck” = “C:\WINDOWS\system32\dumprep 0 -u” “KernelFaultCheck” = “C:\WINDOWS\system32\dumprep 0 -k” “DAEMON Tools” = ““C:\Program Files\DAEMON Tools\daemon.exe” -lang 1033” [“DT Soft Ltd.”] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided) -> {HKLM…CLSID} = “AcroIEHlprObj Class” \InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll” [“Adobe Systems Incorporated”] {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}(Default) = “BitComet ClickCapture” -> {HKLM…CLSID} = “BitComet Helper” \InProcServer32(Default) = “C:\Program Files\BitComet\tools\BitCometBHO_1.1.2.7.dll” [“BitComet”] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania” -> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania” \InProcServer32(Default) = “deskpan.dll” [file not found] “{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu” -> {HKLM…CLSID} = “HyperTerminal Icon Ext” \InProcServer32(Default) = “C:\WINDOWS\System32\hticons.dll” [“Hilgraeve, Inc.”] “{A70C977A-BF00-412C-90B7-034C51DA2439}” = “NvCpl DesktopContext Class” -> {HKLM…CLSID} = “DesktopContext Class” \InProcServer32(Default) = “C:\WINDOWS\System32\nvcpl.dll” [“NVIDIA Corporation”] “{FFB699E0-306A-11d3-8BD1-00104B6F7516}” = “Play on my TV helper” -> {HKLM…CLSID} = “NVIDIA CPL Extension” \InProcServer32(Default) = “C:\WINDOWS\System32\nvcpl.dll” [“NVIDIA Corporation”] “{1CDB2949-8F65-4355-8456-263E7C208A5D}” = “Desktop Explorer” -> {HKLM…CLSID} = “Desktop Explorer” \InProcServer32(Default) = “C:\WINDOWS\System32\nvshell.dll” [“NVIDIA Corporation”] “{1E9B04FB-F9E5-4718-997B-B8DA88302A47}” = “Desktop Explorer Menu” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\WINDOWS\System32\nvshell.dll” [“NVIDIA Corporation”] “{1E9B04FB-F9E5-4718-997B-B8DA88302A48}” = “nView Desktop Context Menu” -> {HKLM…CLSID} = “nView Desktop Context Menu” \InProcServer32(Default) = “C:\WINDOWS\System32\nvshell.dll” [“NVIDIA Corporation”] “{472083B0-C522-11CF-8763-00608CC02F24}” = “avast” -> {HKLM…CLSID} = “avast” \InProcServer32(Default) = “C:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”] “{E0D79304-84BE-11CE-9641-444553540000}” = “WinZip” -> {HKLM…CLSID} = “WinZip” \InProcServer32(Default) = “C:\PROGRA~1\WINZIP\WZSHLSTB.DLL” [“WinZip Computing LP”] “{E0D79305-84BE-11CE-9641-444553540000}” = “WinZip” -> {HKLM…CLSID} = “WinZip” \InProcServer32(Default) = “C:\PROGRA~1\WINZIP\WZSHLSTB.DLL” [“WinZip Computing LP”] “{E0D79306-84BE-11CE-9641-444553540000}” = “WinZip” -> {HKLM…CLSID} = “WinZip” \InProcServer32(Default) = “C:\PROGRA~1\WINZIP\WZSHLSTB.DLL” [“WinZip Computing LP”] “{E0D79307-84BE-11CE-9641-444553540000}” = “WinZip” -> {HKLM…CLSID} = “WinZip” \InProcServer32(Default) = “C:\PROGRA~1\WINZIP\WZSHLSTB.DLL” [“WinZip Computing LP”] HKLM\System\CurrentControlSet\Control\Session Manager\ <> “BootExecute” = “autocheck autochk *”|“aswBoot.exe /M:892b0517” [null data] HKLM\Software\Classes*\shellex\ContextMenuHandlers\ avast(Default) = “{472083B0-C522-11CF-8763-00608CC02F24}” -> {HKLM…CLSID} = “avast” \InProcServer32(Default) = “C:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”] WinZip(Default) = “{E0D79304-84BE-11CE-9641-444553540000}” -> {HKLM…CLSID} = “WinZip” \InProcServer32(Default) = “C:\PROGRA~1\WINZIP\WZSHLSTB.DLL” [“WinZip Computing LP”] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ WinZip(Default) = “{E0D79304-84BE-11CE-9641-444553540000}” -> {HKLM…CLSID} = “WinZip” \InProcServer32(Default) = “C:\PROGRA~1\WINZIP\WZSHLSTB.DLL” [“WinZip Computing LP”] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ avast(Default) = “{472083B0-C522-11CF-8763-00608CC02F24}” -> {HKLM…CLSID} = “avast” \InProcServer32(Default) = “C:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”] WinZip(Default) = “{E0D79304-84BE-11CE-9641-444553540000}” -> {HKLM…CLSID} = “WinZip” \InProcServer32(Default) = “C:\PROGRA~1\WINZIP\WZSHLSTB.DLL” [“WinZip Computing LP”] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ “shutdownwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} “undockwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ “Wallpaper” = “C:\WINDOWS\web\wallpaper\Idylla.bmp” Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ “Wallpaper” = “C:\WINDOWS\web\wallpaper\Idylla.bmp” Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ “SCRNSAVE.EXE” = “C:\WINDOWS\System32\logon.scr” [MS] Startup items in “Paweł” & “All Users” startup folders: ------------------------------------------------------- C:\Documents and Settings\All Users\Menu Start\Programy\Autostart “Microsoft Office” -> shortcut to: “C:\Program Files\Microsoft Office\Office\OSA9.EXE -b -l” [MS] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS] 000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 04, 07 - 18 %SystemRoot%\system32\rsvpsp.dll [MS], 05 - 06 Toolbars, Explorer Bars, Extensions: ------------------------------------ Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {FB5F1910-F110-11D2-BB9E-00C04F795683}\ “ButtonText” = “Messenger” “MenuText” = “Windows Messenger” “Exec” = “C:\Program Files\Messenger\msmsgs.exe” [MS] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ avast! Antivirus, avast! Antivirus, ““C:\Program Files\Alwil Software\Avast4\ashServ.exe”” [null data] avast! iAVS4 Control Service, aswUpdSv, ““C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe”” [null data] avast! Mail Scanner, avast! Mail Scanner, ““C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe” /service” [“ALWIL Software”] avast! Web Scanner, avast! Web Scanner, ““C:\Program Files\Alwil Software\Avast4\ashWebSv.exe” /service” [“ALWIL Software”] LightScribeService Direct Disc Labeling Service, LightScribeService, “C:\Program Files\Common Files\LightScribe\LSSrvc.exe” [“Hewlett-Packard Company”] NVIDIA Display Driver Service, NVSvc, “C:\WINDOWS\System32\nvsvc32.exe” [“NVIDIA Corporation”] Remote Procedure Call (RPC) Extensions, gb, “C:\WINDOWS\System32\svchost.exe -k netsvcs” {“C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.dll” [null data]} Sunbelt Kerio Personal Firewall 4, KPF4, “C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe” [“Sunbelt Software”] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ Monitor języka BJ\Driver = “CNBJMON.DLL” [MS] ---------- <>: Suspicious data at a malware launch point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives took 4 seconds. ---------- (total run time: 28 seconds)

adam9870 · 4 Kwiecień 2007 15:26

O4 - HKLM…\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM…\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O17 - HKLM\System\CCS\Services\Tcpip…{0B64B7CD-0846-4122-89E5-16694FCAD194}: NameServer = 85.255.115.28,85.255.112.130 O17 - HKLM\System\CCS\Services\Tcpip…{0BA19532-1EEB-46F4-A4C8-CE9D9E630FCF}: NameServer = 85.255.115.28,85.255.112.130 O17 - HKLM\System\CCS\Services\Tcpip…{46020257-F06C-4BAF-9263-FC26934BFA6D}: NameServer = 85.255.115.28,85.255.112.130 O17 - HKLM\System\CCS\Services\Tcpip…{5D091470-F46D-455E-8BB0-DB1E3149CDEC}: NameServer = 85.255.115.28,85.255.112.130 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.28 85.255.112.130 O17 - HKLM\System\CS1\Services\Tcpip…{0B64B7CD-0846-4122-89E5-16694FCAD194}: NameServer = 85.255.115.28,85.255.112.130 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.28 85.255.112.130 O20 - AppInit_DLLs:

Usuń wpisy HJT.

Użyj narzędzia FixWareOut.

Po wykonaniu wklej log z ComboScan i zawartość pliku c:\fixwareout\report.txt

Xil · 4 Kwiecień 2007 15:50

Zawartość pliku report:

Fixwareout Last edited 2/11/2007 Post this report in the forums please … »»»»»Prerun check »»»»» System restarted »»»»» Postrun check HKLM\SOFTWARE~\Winlogon\ “System”="" … … »»»»» Misc files. C:\WINDOWS\System32\kernel32.exe Deleted … »»»»» Checking for older varients. … Search five digit cs, dm, kd, jb, other, files. The following files NEED TO BE SUBMITTED to one of the following URL’S for further inspection. Click browse, find the file then click submit. http://www.virustotal.com/flash/index_en.html Or http://virusscan.jotti.org/ »»»»» Other »»»»» Current runs [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “NvCplDaemon”=“RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup” “nwiz”=“nwiz.exe /install” “NvMediaCenter”=“RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit” “RTHDCPL”=“RTHDCPL.EXE” “avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” “DAEMON Tools”="“C:\Program Files\DAEMON Tools\daemon.exe” -lang 1033" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” … Hosts file was reset, If you use a custom hosts file please replace it »»»»» End report »»»»»

Log ComboScan.txt:

ComboScan v20070306.20 run by Paweł on 2007-04-04 at 17:46:46 Computer is in Normal Mode. -------------------------------------------------------------------------------- – System Restore -------------------------------------------------------------- Successfully created ComboScan Restore Point. – Last 5 Restore Point(s) – 39: 2007-04-04 15:46:49 UTC - RP39 - ComboScan Restore Point 38: 2007-04-03 19:11:47 UTC - RP38 - Installed Virtual Earth 3D (Beta) 37: 2007-04-03 19:03:04 UTC - RP37 - Installed Windows XP WIC. 36: 2007-04-03 17:40:55 UTC - RP36 - Punkt kontrolny systemu 35: 2007-03-31 21:57:15 UTC - RP35 - Zainstalowany program DirectX – First Restore Point – 1: 2007-03-02 15:38:24 UTC - RP1 - Punkt kontrolny systemu Performed disk cleanup. – HijackThis (run as Paweł.exe) ----------------------------------------------- Logfile of HijackThis v1.99.1 Scan saved at 17:46:55, on 2007-04-04 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\RTHDCPL.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\DAEMON Tools\daemon.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Paweł\Pulpit\comboscan.exe C:\DOCUME~1\PAWE~1\Pulpit\Paweł.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.2.7.dll O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [nwiz] nwiz.exe /install O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM…\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM…\Run: [DAEMON Tools] “C:\Program Files\DAEMON Tools\daemon.exe” -lang 1033 O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip…{0BA19532-1EEB-46F4-A4C8-CE9D9E630FCF}: NameServer = 217.30.129.149,217.30.137.200 O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe – HijackThis Fixed Entries (C:\DOCUME~1\PAWE~1\Pulpit\backups) --------------- backup-20070404-173904-497 O17 - HKLM\System\CCS\Services\Tcpip…{5D091470-F46D-455E-8BB0-DB1E3149CDEC}: NameServer = 85.255.115.28,85.255.112.130 backup-20070404-173904-632 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.28 85.255.112.130 backup-20070404-173904-652 O17 - HKLM\System\CCS\Services\Tcpip…{0B64B7CD-0846-4122-89E5-16694FCAD194}: NameServer = 85.255.115.28,85.255.112.130 backup-20070404-173904-675 O17 - HKLM\System\CCS\Services\Tcpip…{46020257-F06C-4BAF-9263-FC26934BFA6D}: NameServer = 85.255.115.28,85.255.112.130 backup-20070404-173904-764 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.28 85.255.112.130 backup-20070404-173904-861 O17 - HKLM\System\CCS\Services\Tcpip…{0BA19532-1EEB-46F4-A4C8-CE9D9E630FCF}: NameServer = 85.255.115.28,85.255.112.130 backup-20070404-173904-873 O4 - HKLM…\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k backup-20070404-173904-955 O4 - HKLM…\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u backup-20070404-173904-963 O17 - HKLM\System\CS1\Services\Tcpip…{0B64B7CD-0846-4122-89E5-16694FCAD194}: NameServer = 85.255.115.28,85.255.112.130 – File Associations ----------------------------------------------------------- .bat - batfile - “%1” %* .chm - chm.file - “C:\WINDOWS\hh.exe” %1 .cmd - cmdfile - “%1” %* .com - comfile - “%1” %* .exe - exefile - “%1” %* .hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1 .inf - inffile - %SystemRoot%\System32\NOTEPAD.EXE %1 .ini - inifile - %SystemRoot%\System32\NOTEPAD.EXE %1 .js - JSFile - %SystemRoot%\System32\WScript.exe “%1” %* .lnk - lnkfile - {00021401-0000-0000-C000-000000000046} .pif - piffile - “%1” %* .reg - regfile - regedit.exe “%1” .scr - scrfile - “%1” /S .txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1 .vbs - VBSFile - %SystemRoot%\System32\WScript.exe “%1” %* – Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- 1R Aavmker4 (avast! Asynchronous Virus Monitor) - C:\WINDOWS\system32\drivers\aavmker4.sys 3R Arp1394 (Protokół klienta 1394 ARP) - C:\WINDOWS\system32\drivers\arp1394.sys 2R aswMon2 (avast! Standard Shield Support) - C:\WINDOWS\system32\drivers\aswmon2.sys 3R aswRdr - C:\WINDOWS\system32\drivers\aswRdr.sys 1R aswTdi (avast! Network Shield Support) - C:\WINDOWS\system32\drivers\aswTdi.sys 3S CCDECODE (Closed Caption Decoder) - C:\WINDOWS\system32\drivers\ccdecode.sys 1R fwdrv (Firewall Driver) - C:\WINDOWS\system32\drivers\fwdrv.sys 3S GMSIPCI - F:\INSTALL\GMSIPCI.SYS (not found) 3R HDAudBus (Microsoft UAA Bus Driver for High Definition Audio) - C:\WINDOWS\system32\drivers\Hdaudbus.sys 3R IntcAzAudAddService (Service for Realtek HD Audio (WDM)) - C:\WINDOWS\system32\drivers\RtkHDAud.Sys 2R irda (Protokół IrDA) - C:\WINDOWS\system32\drivers\irda.sys 3R irsir (Sterownik portu szeregowego podczerwieni Microsoft) - C:\WINDOWS\system32\drivers\irsir.sys 1R khips (Kerio HIPS Driver) - C:\WINDOWS\system32\drivers\khips.sys 3R LVUSBSta (Logitech USB Monitor Filter) - C:\WINDOWS\system32\drivers\LVUSBSta.sys 3S MSTEE (Microsoft Streaming Tee/Sink-to-Sink Converter) - C:\WINDOWS\system32\drivers\mstee.sys 3S NABTSFEC (NABTS/FEC VBI Codec) - C:\WINDOWS\system32\drivers\nabtsfec.sys 3S NdisIP (Microsoft TV/Video Connection) - C:\WINDOWS\system32\drivers\ndisip.sys 3R NIC1394 (Sterownik sieci 1394) - C:\WINDOWS\system32\drivers\nic1394.sys 3R nv - C:\WINDOWS\system32\drivers\nv4_mini.sys 3R NVENETFD (NVIDIA nForce Networking Controller Driver) - C:\WINDOWS\system32\drivers\NVENETFD.sys 3R nvnetbus (NVIDIA Network Bus Enumerator) - C:\WINDOWS\system32\drivers\nvnetbus.sys 0R ohci1394 (Kontroler hosta IEEE 1394 VIA zgodny z OHCI) - C:\WINDOWS\system32\drivers\ohci1394.sys 3R pfc (Padus ASPI Shell) - C:\WINDOWS\system32\drivers\pfc.sys 3R PID_0928 (Labtec WebCam(PID_0928)) - C:\WINDOWS\system32\drivers\LV561AV.SYS 0R PxHelp20 - C:\WINDOWS\system32\drivers\PxHelp20.sys 3R Rasirda (WAN Miniport (IrDA)) - C:\WINDOWS\system32\drivers\rasirda.sys 3S Runtime - C:\WINDOWS\System32\runtime.sys (not found) 3S SLIP (BDA Slip De-Framer) - C:\WINDOWS\system32\drivers\slip.sys 0R sptd - C:\WINDOWS\system32\drivers\sptd.sys 3S streamip (BDA IPSink) - C:\WINDOWS\system32\drivers\streamip.sys 3R usbehci (Sterownik Miniport rozszerzonego kontrolera hosta USB 2.0 Microsoft) - C:\WINDOWS\system32\drivers\usbehci.sys 3R usbohci (Sterownik Miniport otwartego kontrolera hosta USB Microsoft) - C:\WINDOWS\system32\drivers\usbohci.sys 3S WSTCODEC (World Standard Teletext Codec) - C:\WINDOWS\system32\drivers\wstcodec.sys – Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- 3S aspnet_state (ASP.NET State Service) - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe 2R aswUpdSv (avast! iAVS4 Control Service) - “C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe” 2R avast! Antivirus - “C:\Program Files\Alwil Software\Avast4\ashServ.exe” 3R avast! Mail Scanner - “C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe” /service 3R avast! Web Scanner - “C:\Program Files\Alwil Software\Avast4\ashWebSv.exe” /service 3S clr_optimization_v2.0.50727_32 (.NET Runtime Optimization Service v2.0.50727_X86) - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 2S gb (Remote Procedure Call (RPC) Extensions) - C:\WINDOWS\System32\svchost.exe -k netsvcs 2R Irmon (Monitor podczerwieni) - C:\WINDOWS\System32\svchost.exe -k netsvcs 2R KPF4 (Sunbelt Kerio Personal Firewall 4) - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe 2R LightScribeService (LightScribeService Direct Disc Labeling Service) - C:\Program Files\Common Files\LightScribe\LSSrvc.exe 2R NVSvc (NVIDIA Display Driver Service) - C:\WINDOWS\System32\nvsvc32.exe – Files created between 2007-03-04 and 2007-04-04 ----------------------------- 2007-04-04 17:39:30 0 d-------- C:\fixwareout 2007-04-03 21:11:55 0 d-------- C:\Program Files\Virtual Earth 3D 2007-04-01 00:08:28 108144 --a------ C:\WINDOWS\system32\CmdLineExt.dll 2007-03-31 23:57:26 68888 --a------ C:\WINDOWS\system32\xinput1_3.dll 2007-03-31 23:57:26 237848 --a------ C:\WINDOWS\system32\xactengine2_4.dll 2007-03-31 23:57:26 15128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll 2007-03-31 23:57:25 62744 --a------ C:\WINDOWS\system32\xinput1_2.dll 2007-03-31 23:57:25 236824 --a------ C:\WINDOWS\system32\xactengine2_3.dll 2007-03-31 23:57:25 2414360 --a------ C:\WINDOWS\system32\d3dx9_31.dll 2007-03-31 23:57:17 2297552 --a------ C:\WINDOWS\system32\d3dx9_26.dll 2007-03-31 23:55:45 0 dr–s---- C:\WINDOWS\assembly 2007-03-31 23:55:03 0 d-------- C:\WINDOWS\Microsoft.NET 2007-03-31 23:07:44 0 d-------- C:\Program Files\DAEMON Tools 2007-03-24 19:23:39 0 d-------- C:\Program Files\X-Trader 4 2007-03-24 01:37:50 0 d-------- C:\WINDOWS\system32\bak 2007-03-22 00:23:51 639224 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2007-03-20 16:27:02 0 d-------- C:\WINDOWS\Cache 2007-03-13 16:03:53 0 d-------- C:\Program Files\Edgard Multimedia 2007-03-13 00:00:38 0 d-------- C:\Program Files\Axis Communications 2007-03-09 02:00:01 0 d-------- C:\Program Files\ReflexiveArcade 2007-03-09 01:49:01 18 --a------ C:\WINDOWS\XMMR810eno.dll 2007-03-09 01:49:01 36 --a------ C:\WINDOWS\IIEsv44JBS5X2.dll 2007-03-09 01:49:01 4 --a------ C:\WINDOWS\IIEsv44JBS5X.dll 2007-03-06 02:39:50 0 d-------- C:\Program Files\Common Files\ACD Systems 2007-03-06 02:39:50 0 d-------- C:\Program Files\ACD Systems 2007-03-06 02:39:40 10368 --a------ C:\WINDOWS\system32\drivers\pfc.sys 2007-03-06 02:39:11 0 d-------- C:\WINDOWS\Downloaded Installations 2007-03-05 15:22:10 0 d-------- C:\Program Files\Common Files\DirectX 2007-03-05 02:36:27 237568 --a------ C:\WINDOWS\system32\OggDS.dll 2007-03-05 02:36:23 921600 --a------ C:\WINDOWS\system32\vorbisenc.dll 2007-03-05 02:36:12 188416 --a------ C:\WINDOWS\system32\vorbis.dll 2007-03-05 02:36:10 45056 --a------ C:\WINDOWS\system32\ogg.dll 2007-03-05 02:36:07 1415680 --a------ C:\WINDOWS\system32\WMV9VCM.dll 2007-03-05 02:35:46 245760 --a------ C:\WINDOWS\system32\mplvpx.dll 2007-03-05 02:35:42 9216 --a------ C:\WINDOWS\system32\cpuinf32.dll 2007-03-05 02:35:21 765952 --a------ C:\WINDOWS\system32\xvidcore.dll 2007-03-05 00:40:30 0 d-------- C:\WINDOWS\SoftwareDistribution 2007-03-05 00:40:27 0 d-------- C:\WINDOWS\Prefetch 2007-03-05 00:34:15 40832 -----n— C:\WINDOWS\system32\drivers\irbus.sys 2007-03-05 00:34:15 9728 -----n— C:\WINDOWS\system32\comsdupd.exe 2007-03-05 00:34:14 25471 -----n— C:\WINDOWS\system32\drivers\watv10nt.sys 2007-03-05 00:34:14 22271 -----n— C:\WINDOWS\system32\drivers\watv06nt.sys 2007-03-05 00:34:14 11935 -----n— C:\WINDOWS\system32\drivers\wadv11nt.sys 2007-03-05 00:34:14 11871 -----n— C:\WINDOWS\system32\drivers\wadv09nt.sys 2007-03-05 00:34:14 11295 -----n— C:\WINDOWS\system32\drivers\wadv08nt.sys 2007-03-05 00:34:14 11807 -----n— C:\WINDOWS\system32\drivers\wadv07nt.sys 2007-03-05 00:34:14 13568 -----n— C:\WINDOWS\system32\drivers\wacompen.sys 2007-03-05 00:34:14 42240 -----n— C:\WINDOWS\system32\drivers\viaagp.sys 2007-03-05 00:34:14 11325 -----n— C:\WINDOWS\system32\drivers\vchnt5.dll 2007-03-05 00:34:14 78464 -----n— C:\WINDOWS\system32\drivers\usbvideo.sys 2007-03-05 00:34:14 12672 -----n— C:\WINDOWS\system32\drivers\usb8023x.sys 2007-03-05 00:34:14 44672 -----n— C:\WINDOWS\system32\drivers\uagp35.sys 2007-03-05 00:34:14 6016 -----n— C:\WINDOWS\system32\drivers\smbali.sys 2007-03-05 00:34:14 13240 -----n— C:\WINDOWS\system32\drivers\slwdmsup.sys 2007-03-05 00:34:14 95424 -----n— C:\WINDOWS\system32\drivers\slnthal.sys 2007-03-05 00:34:14 404990 -----n— C:\WINDOWS\system32\drivers\slntamr.sys 2007-03-05 00:34:14 129535 -----n— C:\WINDOWS\system32\drivers\slnt7554.sys 2007-03-05 00:34:14 41088 -----n— C:\WINDOWS\system32\drivers\sisagp.sys 2007-03-05 00:34:14 3901 -----n— C:\WINDOWS\system32\drivers\siint5.dll 2007-03-05 00:34:14 10240 -----n— C:\WINDOWS\system32\drivers\sffp_sd.sys 2007-03-05 00:34:14 11136 -----n— C:\WINDOWS\system32\drivers\sffdisk.sys 2007-03-05 00:34:14 67584 -----n— C:\WINDOWS\system32\drivers\sdbus.sys 2007-03-05 00:34:14 166912 -----n— C:\WINDOWS\system32\drivers\s3gnbm.sys 2007-03-05 00:34:14 30080 -----n— C:\WINDOWS\system32\drivers\rndismpx.sys 2007-03-05 00:34:14 59648 -----n— C:\WINDOWS\system32\drivers\rfcomm.sys 2007-03-05 00:34:14 13776 -----n— C:\WINDOWS\system32\drivers\recagent.sys 2007-03-05 00:34:14 180360 -----n— C:\WINDOWS\system32\drivers\ntmtlfax.sys 2007-03-05 00:34:14 12672 -----n— C:\WINDOWS\system32\drivers\mutohpen.sys 2007-03-05 00:34:14 452736 -----n— C:\WINDOWS\system32\drivers\mtxparhm.sys 2007-03-05 00:34:14 1309184 -----n— C:\WINDOWS\system32\drivers\mtlstrm.sys 2007-03-05 00:34:14 126686 -----n— C:\WINDOWS\system32\drivers\mtlmnt5.sys 2007-03-05 00:34:14 15488 -----n— C:\WINDOWS\system32\drivers\mssmbios.sys 2007-03-05 00:34:14 11868 -----n— C:\WINDOWS\system32\drivers\mdmxsdk.sys 2007-03-05 00:34:14 29056 -----n— C:\WINDOWS\system32\drivers\ip6fw.sys 2007-03-05 00:34:14 40320 -----n— C:\WINDOWS\system32\drivers\intelppm.sys 2007-03-05 00:34:14 263040 -----n— C:\WINDOWS\system32\drivers\http.sys 2007-03-05 00:34:14 1041536 -----n— C:\WINDOWS\system32\drivers\hsfdpsp2.sys 2007-03-05 00:34:14 685056 -----n— C:\WINDOWS\system32\drivers\hsfcxts2.sys 2007-03-05 00:34:14 220032 -----n— C:\WINDOWS\system32\drivers\hsfbs2s2.sys 2007-03-05 00:34:14 15104 -----n— C:\WINDOWS\system32\drivers\hidir.sys 2007-03-05 00:34:14 25728 -----n— C:\WINDOWS\system32\drivers\hidbth.sys 2007-03-05 00:34:14 46464 -----n— C:\WINDOWS\system32\drivers\gagp30kx.sys 2007-03-05 00:34:14 124800 -----n— C:\WINDOWS\system32\drivers\fltmgr.sys 2007-03-05 00:34:14 15423 -----n— C:\WINDOWS\system32\drivers\ch7xxnt5.dll 2007-03-05 00:34:14 18944 -----n— C:\WINDOWS\system32\drivers\bthusb.sys 2007-03-05 00:34:14 35456 -----n— C:\WINDOWS\system32\drivers\bthprint.sys 2007-03-05 00:34:14 275200 -----n— C:\WINDOWS\system32\drivers\bthport.sys 2007-03-05 00:34:14 100992 -----n— C:\WINDOWS\system32\drivers\bthpan.sys 2007-03-05 00:34:14 38016 -----n— C:\WINDOWS\system32\drivers\bthmodem.sys 2007-03-05 00:34:14 17024 -----n— C:\WINDOWS\system32\drivers\bthenum.sys 2007-03-05 00:34:14 17279 -----n— C:\WINDOWS\system32\drivers\atv10nt5.dll 2007-03-05 00:34:14 14143 -----n— C:\WINDOWS\system32\drivers\atv06nt5.dll 2007-03-05 00:34:14 25471 -----n— C:\WINDOWS\system32\drivers\atv04nt5.dll 2007-03-05 00:34:14 11359 -----n— C:\WINDOWS\system32\drivers\atv02nt5.dll 2007-03-05 00:34:14 21183 -----n— C:\WINDOWS\system32\drivers\atv01nt5.dll 2007-03-05 00:34:14 63488 -----n— C:\WINDOWS\system32\drivers\atinxsxx.sys 2007-03-05 00:34:14 31744 -----n— C:\WINDOWS\system32\drivers\atinxbxx.sys 2007-03-05 00:34:14 73216 -----n— C:\WINDOWS\system32\drivers\atintuxx.sys 2007-03-05 00:34:14 13824 -----n— C:\WINDOWS\system32\drivers\atinttxx.sys 2007-03-05 00:34:14 28672 -----n— C:\WINDOWS\system32\drivers\atinsnxx.sys 2007-03-05 00:34:14 104960 -----n— C:\WINDOWS\system32\drivers\atinrvxx.sys 2007-03-05 00:34:14 52224 -----n— C:\WINDOWS\system32\drivers\atinraxx.sys 2007-03-05 00:34:14 14336 -----n— C:\WINDOWS\system32\drivers\atinpdxx.sys 2007-03-05 00:34:14 13824 -----n— C:\WINDOWS\system32\drivers\atinmdxx.sys 2007-03-05 00:34:14 57856 -----n— C:\WINDOWS\system32\drivers\atinbtxx.sys 2007-03-05 00:34:14 701440 -----n— C:\WINDOWS\system32\drivers\ati2mtag.sys 2007-03-05 00:34:14 327040 -----n— C:\WINDOWS\system32\drivers\ati2mtaa.sys 2007-03-05 00:34:14 34735 -----n— C:\WINDOWS\system32\drivers\ati1xsxx.sys 2007-03-05 00:34:14 29455 -----n— C:\WINDOWS\system32\drivers\ati1xbxx.sys 2007-03-05 00:34:14 36463 -----n— C:\WINDOWS\system32\drivers\ati1tuxx.sys 2007-03-05 00:34:14 21343 -----n— C:\WINDOWS\system32\drivers\ati1ttxx.sys 2007-03-05 00:34:14 26367 -----n— C:\WINDOWS\system32\drivers\ati1snxx.sys 2007-03-05 00:34:14 63663 -----n— C:\WINDOWS\system32\drivers\ati1rvxx.sys 2007-03-05 00:34:14 30671 -----n— C:\WINDOWS\system32\drivers\ati1raxx.sys 2007-03-05 00:34:14 12047 -----n— C:\WINDOWS\system32\drivers\ati1pdxx.sys 2007-03-05 00:34:14 11615 -----n— C:\WINDOWS\system32\drivers\ati1mdxx.sys 2007-03-05 00:34:14 56623 -----n— C:\WINDOWS\system32\drivers\ati1btxx.sys 2007-03-05 00:34:14 43008 -----n— C:\WINDOWS\system32\drivers\amdagp.sys 2007-03-05 00:34:14 42752 -----n— C:\WINDOWS\system32\drivers\alim1541.sys 2007-03-05 00:34:14 44928 -----n— C:\WINDOWS\system32\drivers\agpcpq.sys 2007-03-05 00:34:14 42368 -----n— C:\WINDOWS\system32\drivers\agp440.sys 2007-03-05 00:34:14 3775 -----n— C:\WINDOWS\system32\drivers\adv11nt5.dll 2007-03-05 00:34:14 3711 -----n— C:\WINDOWS\system32\drivers\adv09nt5.dll 2007-03-05 00:34:14 3135 -----n— C:\WINDOWS\system32\drivers\adv08nt5.dll 2007-03-05 00:34:14 3647 -----n— C:\WINDOWS\system32\drivers\adv07nt5.dll 2007-03-05 00:34:14 3615 -----n— C:\WINDOWS\system32\drivers\adv05nt5.dll 2007-03-05 00:34:14 3967 -----n— C:\WINDOWS\system32\drivers\adv02nt5.dll 2007-03-05 00:34:14 4255 -----n— C:\WINDOWS\system32\drivers\adv01nt5.dll 2007-03-05 00:34:14 377984 -----n— C:\WINDOWS\system32\ati2dvaa.dll 2007-03-05 00:34:14 229376 -----n— C:\WINDOWS\system32\ati2cqag.dll 2007-03-05 00:34:13 86016 -----n— C:\WINDOWS\system32\mdmxsdk.dll 2007-03-05 00:34:13 7168 -----n— C:\WINDOWS\system32\kbdukx.dll 2007-03-05 00:34:13 7680 -----n— C:\WINDOWS\system32\kbdsmsno.dll 2007-03-05 00:34:13 7680 -----n— C:\WINDOWS\system32\kbdsmsfi.dll 2007-03-05 00:34:13 7168 -----n— C:\WINDOWS\system32\kbdno1.dll 2007-03-05 00:34:13 6144 -----n— C:\WINDOWS\system32\kbdmlt48.dll 2007-03-05 00:34:13 6144 -----n— C:\WINDOWS\system32\kbdmlt47.dll 2007-03-05 00:34:13 5632 -----n— C:\WINDOWS\system32\kbdmaori.dll 2007-03-05 00:34:13 6656 -----n— C:\WINDOWS\system32\kbdinmal.dll 2007-03-05 00:34:13 6656 -----n— C:\WINDOWS\system32\kbdinben.dll 2007-03-05 00:34:13 6144 -----n— C:\WINDOWS\system32\kbdinbe1.dll 2007-03-05 00:34:13 7168 -----n— C:\WINDOWS\system32\kbdfi1.dll 2007-03-05 00:34:13 183808 -----n— C:\WINDOWS\system32\ir50_qcx.dll 2007-03-05 00:34:13 200192 -----n— C:\WINDOWS\system32\ir50_qc.dll 2007-03-05 00:34:13 755200 -----n— C:\WINDOWS\system32\ir50_32.dll 2007-03-05 00:34:13 338432 -----n— C:\WINDOWS\system32\ir41_qcx.dll 2007-03-05 00:34:13 120320 -----n— C:\WINDOWS\system32\ir41_qc.dll 2007-03-05 00:34:13 81920 -----n— C:\WINDOWS\system32\ieencode.dll 2007-03-05 00:34:13 24576 -----n— C:\WINDOWS\system32\httpapi.dll 2007-03-05 00:34:13 32285 -----n— C:\WINDOWS\system32\hsfcisp2.dll 2007-03-05 00:34:13 60416 -----n— C:\WINDOWS\system32\fwcfg.dll 2007-03-05 00:34:13 193024 -----n— C:\WINDOWS\system32\fsquirt.exe 2007-03-05 00:34:13 22528 -----n— C:\WINDOWS\system32\fltmc.exe 2007-03-05 00:34:13 16896 -----n— C:\WINDOWS\system32\fltlib.dll 2007-03-05 00:34:13 13824 -----n— C:\WINDOWS\system32\cmsetacl.dll 2007-03-05 00:34:13 50688 -----n— C:\WINDOWS\system32\btpanui.dll 2007-03-05 00:34:13 30208 -----n— C:\WINDOWS\system32\bthserv.dll 2007-03-05 00:34:13 20992 -----n— C:\WINDOWS\system32\bthci.dll 2007-03-05 00:34:13 71680 -----n— C:\WINDOWS\system32\blastcln.exe 2007-03-05 00:34:13 7168 -----n— C:\WINDOWS\system32\bitsprx3.dll 2007-03-05 00:34:13 8192 -----n— C:\WINDOWS\system32\bitsprx2.dll 2007-03-05 00:34:13 14336 -----n— C:\WINDOWS\system32\auditusr.exe 2007-03-05 00:34:13 516768 -----n— C:\WINDOWS\system32\ativvaxx.dll 2007-03-05 00:34:13 32768 -----n— C:\WINDOWS\system32\ativtmxx.dll 2007-03-05 00:34:13 1888992 -----n— C:\WINDOWS\system32\ati3duag.dll 2007-03-05 00:34:13 870784 -----n— C:\WINDOWS\system32\ati3d1ag.dll 2007-03-05 00:34:13 201728 -----n— C:\WINDOWS\system32\ati2dvag.dll 2007-03-05 00:34:12 2953216 -----n— C:\WINDOWS\system32\xpsp2res.dll 2007-03-05 00:34:12 427008 -----n— C:\WINDOWS\system32\xpob2res.dll 2007-03-05 00:34:12 190976 -----n— C:\WINDOWS\system32\wmerror.dll 2007-03-05 00:34:12 17408 -----n— C:\WINDOWS\system32\winshfhc.dll 2007-03-05 00:34:12 15872 -----n— C:\WINDOWS\system32\w3ssl.dll 2007-03-05 00:34:12 44032 -----n— C:\WINDOWS\system32\twext.dll 2007-03-05 00:34:12 75776 -----n— C:\WINDOWS\system32\strmfilt.dll 2007-03-05 00:34:12 8192 -----n— C:\WINDOWS\system32\smbinst.exe 2007-03-05 00:34:12 73796 -----n— C:\WINDOWS\system32\slserv.exe 2007-03-05 00:34:12 32866 -----n— C:\WINDOWS\system32\slrundll.exe 2007-03-05 00:34:12 188508 -----n— C:\WINDOWS\system32\slgen.dll 2007-03-05 00:34:12 286792 -----n— C:\WINDOWS\system32\slextspk.dll 2007-03-05 00:34:12 73832 -----n— C:\WINDOWS\system32\slcoinst.dll 2007-03-05 00:34:12 29184 -----n— C:\WINDOWS\system32\sdhcinst.dll 2007-03-05 00:34:12 397056 -----n— C:\WINDOWS\system32\s3gnb.dll 2007-03-05 00:34:12 49152 -----n— C:\WINDOWS\system32\powercfg.exe 2007-03-05 00:34:12 48640 -----n— C:\WINDOWS\system32\pnrpnsp.dll 2007-03-05 00:34:12 526848 -----n— C:\WINDOWS\system32\p2psvc.dll 2007-03-05 00:34:12 88064 -----n— C:\WINDOWS\system32\p2pnetsh.dll 2007-03-05 00:34:12 312320 -----n— C:\WINDOWS\system32\p2pgraph.dll 2007-03-05 00:34:12 86016 -----n— C:\WINDOWS\system32\p2pgasvc.dll 2007-03-05 00:34:12 116224 -----n— C:\WINDOWS\system32\p2p.dll 2007-03-05 00:34:12 1737856 -----n— C:\WINDOWS\system32\mtxparhd.dll 2007-03-05 00:34:12 52736 -----n— C:\WINDOWS\system32\mspmsnsv.dll 2007-03-05 00:34:12 118784 -----n— C:\WINDOWS\system32\msdadiag.dll 2007-03-05 00:34:11 50176 -----n— C:\WINDOWS\system32\xmlprovi.dll 2007-03-05 00:34:11 129536 -----n— C:\WINDOWS\system32\xmlprov.dll 2007-03-05 00:34:11 120320 -----n— C:\WINDOWS\system32\wuweb.dll 2007-03-05 00:34:11 36864 -----n— C:\WINDOWS\system32\wups.dll 2007-03-05 00:34:11 113664 -----n— C:\WINDOWS\system32\wucltui.dll 2007-03-05 00:34:11 184320 -----n— C:\WINDOWS\system32\wuaueng1.dll 2007-03-05 00:34:11 168960 -----n— C:\WINDOWS\system32\wuauclt1.exe 2007-03-05 00:34:11 431616 -----n— C:\WINDOWS\system32\wuapi.dll 2007-03-05 00:34:11 108032 -----n— C:\WINDOWS\system32\wshbth.dll 2007-03-05 00:34:11 81408 -----n— C:\WINDOWS\system32\wscsvc.dll 2007-03-05 00:34:11 13824 -----n— C:\WINDOWS\system32\wscntfy.exe 2007-03-05 00:34:11 233472 -----n— C:\WINDOWS\system32\wmpdxm.dll 2007-03-05 00:34:11 114688 -----n— C:\WINDOWS\system32\wmpasf.dll 2007-03-05 00:34:11 32866 -----n— C:\WINDOWS\slrundll.exe 2007-03-05 00:34:10 0 d-------- C:\WINDOWS\provisioning 2007-03-05 00:34:10 0 d-------- C:\WINDOWS\peernet 2007-03-05 00:33:15 0 d-------- C:\WINDOWS\ServicePackFiles 2007-03-05 00:31:04 0 d-------- C:\WINDOWS\EHome 2007-03-05 00:10:11 0 d-------- C:\Program Files\MarBit 2007-03-04 21:28:58 0 d-------- C:\Program Files\Winamp 2007-03-04 21:23:59 115880 -----n— C:\WINDOWS\system32\pxinsi64.exe 2007-03-04 21:23:59 129784 -----n— C:\WINDOWS\system32\pxafs.dll 2007-03-04 21:23:59 36528 -----n— C:\WINDOWS\system32\drivers\PxHelp20.sys 2007-03-04 21:23:59 2560 -----n— C:\WINDOWS\system32\drivers\cdralw2k.sys 2007-03-04 21:23:59 2432 -----n— C:\WINDOWS\system32\drivers\cdr4_xp.sys 2007-03-04 20:22:55 0 d–h----- C:\WINDOWS$hf_mig$ 2007-03-04 20:22:52 395776 --a------ C:\WINDOWS\system32\rpcss.dll 2007-03-04 20:22:52 581120 --a------ C:\WINDOWS\system32\rpcrt4.dll 2007-03-04 20:22:52 75264 --a------ C:\WINDOWS\system32\olecli32.dll 2007-03-04 20:22:52 1284608 --a------ C:\WINDOWS\system32\ole32.dll 2007-03-04 11:37:03 0 d-------- C:\Downloads 2007-03-04 11:36:56 0 d-------- C:\Program Files\BitComet – Find3M Report --------------------------------------------------------------- 2007-03-31 23:57:03 448004 --a------ C:\WINDOWS\system32\perfh015.dat 2007-03-31 23:57:03 74230 --a------ C:\WINDOWS\system32\perfc015.dat 2007-03-31 23:54:14 0 d–h----- C:\Program Files\InstallShield Installation Information 2007-03-31 23:09:03 0 d-------- C:\Documents and Settings\Paweł\Dane aplikacji\InstallShield 2007-03-30 12:25:46 0 d-------- C:\Documents and Settings\Paweł\Dane aplikacji\Skype 2007-03-20 16:29:01 0 d-------- C:\Program Files\Common Files\Adobe 2007-03-20 16:29:01 0 d-------- C:\Documents and Settings\Paweł\Dane aplikacji\Adobe 2007-03-09 19:58:18 0 d-------- C:\Documents and Settings\Paweł\Dane aplikacji\Help 2007-03-06 02:41:41 0 d-------- C:\Documents and Settings\Paweł\Dane aplikacji\ACD Systems 2007-03-05 14:50:09 0 d-------- C:\Program Files\Gadu-Gadu 2007-03-05 00:34:16 0 d-------- C:\Program Files\Messenger 2007-03-05 00:34:10 0 d-------- C:\Program Files\Movie Maker 2007-03-05 00:33:04 0 d-------- C:\Program Files\Windows NT 2007-03-05 00:00:12 0 d—s---- C:\Documents and Settings\Paweł\Dane aplikacji\Microsoft 2007-03-04 11:37:04 2560 --a------ C:\WINDOWS\system32\BitCometRes.dll 2007-03-03 01:28:42 0 d-------- C:\Program Files\Skype 2007-03-02 19:36:44 0 d-------- C:\Program Files\Alwil Software 2007-03-02 18:51:09 0 d-------- C:\Documents and Settings\Paweł\Dane aplikacji\Macromedia 2007-03-02 18:21:05 0 d-------- C:\Program Files\Sunbelt Software 2007-03-02 18:13:01 0 d-------- C:\Documents and Settings\Paweł\Dane aplikacji\Microsoft Web Folders 2007-03-02 18:12:58 0 d-------- C:\Program Files\microsoft frontpage 2007-03-02 18:05:42 0 d-------- C:\Program Files\Realtek 2007-03-02 18:02:03 0 d-------- C:\Program Files\Common Files\LightScribe 2007-03-02 17:58:58 0 d-------- C:\Program Files\Ahead 2007-03-02 17:58:45 0 d-------- C:\Program Files\Common Files\Ahead 2007-03-02 17:45:39 0 d-------- C:\Program Files\Common Files\InstallShield 2007-03-02 17:38:17 0 d-------- C:\Documents and Settings\Paweł\Dane aplikacji\Identities 2007-03-02 17:34:44 0 -rahs---- C:\MSDOS.SYS 2007-03-02 17:34:44 0 -rahs---- C:\IO.SYS 2007-03-02 17:34:44 0 --a------ C:\CONFIG.SYS 2007-03-02 17:34:44 0 --a------ C:\AUTOEXEC.BAT 2007-03-02 17:33:15 0 d-------- C:\Program Files\Common Files\MSSoap 2007-03-02 17:32:43 21856 --a------ C:\WINDOWS\system32\emptyregdb.dat 2007-03-02 17:32:40 0 d–h----- C:\Program Files\WindowsUpdate 2007-03-02 17:32:40 0 d-------- C:\Program Files\Usługi online 2007-03-02 17:32:34 0 d-------- C:\Program Files\MSN Gaming Zone 2007-03-02 17:28:08 0 d-------- C:\Program Files\Common Files\ODBC 2007-03-02 17:28:05 0 d-------- C:\Program Files\Common Files\SpeechEngines 2007-03-02 17:27:38 62 --ahs---- C:\Documents and Settings\Paweł\Dane aplikacji\desktop.ini 2007-01-15 19:32:07 689280 --a------ C:\WINDOWS\system32\aswBoot.exe 2007-01-15 19:23:20 90112 --a------ C:\WINDOWS\system32\AVASTSS.scr – Registry Dump --------------------------------------------------------------- [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] “CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] “NvCplDaemon”=“RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup” “nwiz”=“nwiz.exe /install” “NvMediaCenter”=“RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit” “RTHDCPL”=“RTHDCPL.EXE” “avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” “DAEMON Tools”="“C:\Program Files\DAEMON Tools\daemon.exe” -lang 1033" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] “Installed”=“1” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] “NoChange”=“1” “Installed”=“1” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] “Installed”=“1” [HKEY_USERS.default\software\microsoft\windows\currentversion\run] “CTFMON.EXE”=“C:\WINDOWS\System32\CTFMON.EXE” [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run] “CTFMON.EXE”=“C:\WINDOWS\System32\CTFMON.EXE” [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] “SecurityProviders”=“msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll” [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 HKLM\software\Microsoft\Windows NT\CurrentVersion\Svchost *netsvcs* gb – End of ComboScan: finished at 2007-04-04 at 17:47:42 ------------------------

Log Supplementary.txt:

ComboScan v20070306.20 run by Paweł on 2007-04-04 at 17:46:46 Supplementary logfile - please post this as an attachment with your post. -------------------------------------------------------------------------------- – System Information ---------------------------------------------------------- Microsoft Windows XP Professional (build 2600) SP 2.0 Architecture: X86; Language: Polish CPU 0: AMD Athlon 64 Processor 3500+ Percentage of Memory in Use: 18% Physical Memory (total/avail): 2047.36 MiB / 1659.91 MiB Pagefile Memory (total/avail): 3939.84 MiB / 3673.79 MiB Virtual Memory (total/avail): 2047.88 MiB / 1997.88 MiB A: is Removable (Unformatted) C: is Fixed (NTFS) - 19.53 GiB total, 10.22 GiB free. D: is Fixed (NTFS) - 106.45 GiB total, 7.49 GiB free. E: is Fixed (NTFS) - 106.9 GiB total, 2.77 GiB free. F: is CDROM (CDFS) G: is CDROM (UDF) – Security Center ------------------------------------------------------------- AUOptions is disabled. AUState says computer has updates disabled. Windows Internal Firewall is disabled. – Environment Variables ------------------------------------------------------- ALLUSERSPROFILE=C:\Documents and Settings\All Users APPDATA=C:\Documents and Settings\Pawe\Dane aplikacji CommonProgramFiles=C:\Program Files\Common Files COMPUTERNAME=PILNIK ComSpec=C:\WINDOWS\system32\cmd.exe FP_NO_HOST_CHECK=NO HOMEDRIVE=C: HOMEPATH=\Documents and Settings\Pawe LOGONSERVER=\PILNIK NUMBER_OF_PROCESSORS=1 OS=Windows_NT Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 15 Model 79 Stepping 2, AuthenticAMD PROCESSOR_LEVEL=15 PROCESSOR_REVISION=4f02 ProgramFiles=C:\Program Files PROMPT=$P$G SESSIONNAME=Console SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\DOCUME~1\PAWE~1\USTAWI~1\Temp TMP=C:\DOCUME~1\PAWE~1\USTAWI~1\Temp USERDOMAIN=PILNIK USERNAME=Pawe USERPROFILE=C:\Documents and Settings\Pawe windir=C:\WINDOWS – User Profiles --------------------------------------------------------------- Paweł (admin) – Add/Remove Programs --------------------------------------------------------- --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf ACDSee Pro --> MsiExec.exe /I{F99F74B4-972B-4B06-B893-6B3B0DB0128B} Adobe Flash Player 9 ActiveX --> C:\WINDOWS\System32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete Adobe Reader 6.0.2 CE --> MsiExec.exe /I{AC76BA86-7AD7-1038-7B44-CEA000000001} Aktualizacja dla systemu Windows XP (KB894391) --> “C:\WINDOWS$NtUninstallKB894391$\spuninst\spuninst.exe” ALLPlayer V2.4 --> “C:\Program Files\MarBit\ALLPlayer\unins000.exe” avast! Antivirus --> rundll32 C:\PROGRA~1\ALWILS~1\Avast4\Setup\setiface.dll,RunSetup AXIS Media Control --> rundll32 “C:\Program Files\Axis Communications\AXIS Media Control\AxisMediaControl.dll”,UninstallMe AXIS Media Control SDK 4.13 --> “C:\Program Files\Axis Communications\AXIS Media Control SDK\unins000.exe” BitComet 0.84 --> C:\Program Files\BitComet\uninst.exe Gadu-Gadu 7.6 --> C:\Program Files\Gadu-Gadu\Setup.exe GPGNet --> MsiExec.exe /I{C194D333-B84A-4BB7-B35E-060732D98DC4} High Definition Audio Driver Package - KB888111 --> “C:\WINDOWS$NtUninstallKB888111WXP$\spuninst\spuninst.exe” HijackThis 1.99.1 --> C:\Documents and Settings\Paweł\Pulpit\HijackThis.exe /uninstall Jets’n’Guns GOLD 1.211 --> D:\Gry\Starocie\Jets n gun\Jets’n’Guns GOLD\uninst.exe Microsoft Office 2000 Premium --> MsiExec.exe /I{00000415-78E1-11D2-B60F-006097C998E7} Need for Speed Underground 2 --> D:\Gry\NFS Underground 2\EAUninstall.exe Nero OEM --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL NVIDIA Drivers --> C:\WINDOWS\System32\nvunrm.exe UninstallGUI Profesor Henry 4.0 - Słownictwo i Konwersacje --> “C:\Program Files\Edgard Multimedia\Profesor Henry 4.0\unins000.exe” Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe” -l0x15 -removeonly Skype 3.0 --> “C:\Program Files\Skype\Phone\unins000.exe” Sunbelt Kerio Personal Firewall --> MsiExec.exe /X{E659E0EE-10E6-49B7-8696-60F38D0EB174} Supreme Commander --> C:\Program Files\InstallShield Installation Information{25A1E6A4-2DBD-4AC0-8650-8EA9A45B183D}\setup.exe -runfromtemp -l0x0009 -removeonly Virtual Earth 3D (Beta) --> MsiExec.exe /X{619B8475-0F48-41B7-A370-5147F7092989} Winamp (remove only) --> “C:\Program Files\Winamp\UninstWA.exe” Windows Imaging Component --> “C:\WINDOWS$NtUninstallWIC$\spuninst\spuninst.exe” WinZip --> “C:\Program Files\WinZip\WINZIP32.EXE” /uninstall X-Trader 4.00 --> “C:\Program Files\X-Trader 4\Uninstall.exe” “C:\Program Files\X-Trader 4\install.log” – End of ComboScan: finished at 2007-04-04 at 17:47:42 ------------------------

boczi · 4 Kwiecień 2007 16:03

Xil

Na Forum używamy polskich znaków w pisowni. Proszę poprawić wiadomości, używając opcji Zmień

Xil · 4 Kwiecień 2007 16:18

Zrobione. Tak się zastanawiałem skąd prawie 13k postów ;]

adam9870 · 4 Kwiecień 2007 16:18

Start => uruchom => wpisz cmd i kliknij OK => w konsoli, która się otworzy wpisz:

Możesz usunąć folder, w którym są przechowywane backupy hijacka -> C:\DOCUME~1\PAWE~1\Pulpit\backups

Xil · 4 Kwiecień 2007 16:27

Usunąłem gb. Bardzo dziękuję za pomoc. Pozdrawiam