mój komputer i otwórz za pomocą

**Posty:** 19 · przez **Skazii** 26 Kwi 2008, 19:31

Witam mam taki problem jak wbijam na partycje to wyskakuje mi takie cos!!
Robiłem rest wina nic z tego to samo proszę o pomoc!!

http://img.o3e.org/images/arx1209230952j.JPG
http://img.o3e.org/images/bwy1209231052u.JPG
http://img.o3e.org/images/bfi1209231075p.JPG
http://img.o3e.org/images/cqs1209231095p.JPG

pomocy

**Posty:** 10264 · przez **Mike** 26 Kwi 2008, 20:48

Skazii wstaw mniejsze screeny, bo rozwaliłeś forum :!:

**Posty:** 19 · przez **Skazii** 27 Kwi 2008, 14:14

takie będa dobre? kurde nie wiem co sie stało!!!

**Posty:** 8001 · przez **Okocza** 27 Kwi 2008, 14:15

log z hijackthis daj

http://www.forum.programosy.pl/hijackthis-amp-silent-runners-gtobsuga-i-umieszczanie-vt9452.html

tu masz wszystko wyjaśnione

Autor postu otrzymał pochwałę

**Posty:** 7838 · przez **Lukesh** 27 Kwi 2008, 14:36

Otworz notatnik i wklej w nim to:

Kod: Zaznacz wszystko: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive] @="Dysk" "EditFlags"=dword:000001d2 "BrowserFlags"=dword:00000008 [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\DefaultIcon] @=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,32,5c,73,\ 68,65,6c,6c,33,32,2e,64,6c,6c,2c,38,00 [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shell] @="" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shell\find] "SuppressionPolicy"=dword:00000080 [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shell\find\command] @=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,45,78,70,6c,6f,72,65,72,2e,65,\ 78,65,00 [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shell\find\ddeexec] @="[FindFolder(\"%l\", %I)]" "NoActivateHandler"="" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shell\find\ddeexec\application] @="Folders" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shell\find\ddeexec\topic] @="AppProperties" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers\Offline Files] @="{750fdf0e-2a26-11d1-a3ea-080036587f03}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers\Sharing] @="{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers\{59099400-57FF-11CE-BD94-0020AF85B590}] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers\{fbeb8a05-beee-4442-804e-409d6c4515e9}] @="" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\FolderExtensions] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}] @="" "DriveMask"=dword:00000020 [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\PropertySheetHandlers] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\PropertySheetHandlers\Sharing] @="{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\PropertySheetHandlers\{1F2E5C40-9550-11CE-99D2-00AA006E086C}] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\PropertySheetHandlers\{596AB062-B4D2-4215-9F74-E9109B0A8153}] @="" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\PropertySheetHandlers\{7988B573-EC89-11cf-9C00-00AA00A14F56}] @="" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\PropertySheetHandlers\{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\PropertySheetHandlers\{fbeb8a05-beee-4442-804e-409d6c4515e9}] @="" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\Drive] @="Dysk" "EditFlags"=hex:d2,01,00,00 [HKEY_CLASSES_ROOT\Drive\DefaultIcon] @=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\ 00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,68,00,\ 65,00,6c,00,6c,00,33,00,32,00,2e,00,64,00,6c,00,6c,00,2c,00,38,00,00,00 [HKEY_CLASSES_ROOT\Drive\shell] @="none" [HKEY_CLASSES_ROOT\Drive\shell\find] "SuppressionPolicy"=dword:00000080 [HKEY_CLASSES_ROOT\Drive\shell\find\command] @=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\ 00,5c,00,45,00,78,00,70,00,6c,00,6f,00,72,00,65,00,72,00,2e,00,65,00,78,00,\ 65,00,00,00 [HKEY_CLASSES_ROOT\Drive\shell\find\ddeexec] @="[FindFolder(\"%l\", %I)]" "NoActivateHandler"="" [HKEY_CLASSES_ROOT\Drive\shell\find\ddeexec\application] @="Folders" [HKEY_CLASSES_ROOT\Drive\shell\find\ddeexec\topic] @="AppProperties"

Zapisz jako fix.reg >> uruchom i zezwol na dodanie do rejestru. Jesli nie pomoze - na pewno jest to wina wirusow, dlatego napisze od razu co bedziesz musial zrobic:

:arrow:

Zastosuj sie do wskazowek z tematu: http://forum.programosy.pl/bad-generic-host-process-for-win32-services-vt79489.html
:arrow:

Zrob skan on-line www.ewido.com
:arrow:

Zastosuj SDFix . Po pobraniu uruchom go a rozpakuje się do C:\SDFix. Uruchom komputer w trybie awaryjnym (F8 przy stracie systemu). Będąc w awaryjnym uruchom plik RunThis.bat z folderu SDFixa. Zatwierdź czyszczenie przez Y. Poczekaj aż ukończy i komputer zresetuje

zastosuj:
SDFix

Potem wejdz do folderu C:\SDFix wrzuc zawartość pliku Report.txt

:arrow:

Pokaz log z ComboFix: http://www.programosy.pl/program,combofix.html
:arrow:

na sam koniec wstaw logi z HJ: http://forum.programosy.pl/hijackthis-amp-silent-runners-gtobsuga-i-umieszczanie-vt9452.html

**Posty:** 19 · przez **Skazii** 27 Kwi 2008, 17:19

Zrobiłem wszystko tak jak kazałem nic nie pomogło dalem logo.Musze sie tego pozbyć bo wchodzenie przez to ''uruchom''mnie dobija !!!

[ Dodano: Dzisiaj o 16:55 ]
Sory chłopaki zamuliłem sie!!

http://forum.programosy.pl/prosze-o-sprawdznie-loga-vt95315.html

**Posty:** 7838 · przez **Lukesh** 27 Kwi 2008, 18:07

http://forum.programosy.pl/tutaj-vt95315.html?sid=d29ea52be5e327e8d0f7b446b07c5e06

Polecial do kosza - pisz tutaj :!:

Autor postu otrzymał pochwałę

**Posty:** 19 · przez **Skazii** 27 Kwi 2008, 18:12

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:11:03, on 2008-04-27
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\savedump.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVP] "E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe

--
End of file - 1115 bytes

catchme 0.3.1353.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-27 17:00:21
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="E:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:17,f1,3a,e5,2f,4a,ba,9d,74,a6,58,2f,ba,c4,0f,4c,83,35,b5,41,7d,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,30,3a,2c,fc,e1,cc,e2,4b,e8,be,7e,29,a4,1b,88,49,a6,..
"khjeh"=hex:0e,bb,3d,9b,6f,4d,d3,7f,ed,a9,45,f2,29,d7,ac,41,b4,35,09,e3,5f,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:34,47,8c,ca,ca,92,63,b9,d0,14,53,a5,17,f2,18,76,98,28,75,df,3d,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="E:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:17,f1,3a,e5,2f,4a,ba,9d,74,a6,58,2f,ba,c4,0f,4c,83,35,b5,41,7d,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,30,3a,2c,fc,e1,cc,e2,4b,e8,be,7e,29,a4,1b,88,49,a6,..
"khjeh"=hex:0e,bb,3d,9b,6f,4d,d3,7f,ed,a9,45,f2,29,d7,ac,41,b4,35,09,e3,5f,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:34,47,8c,ca,ca,92,63,b9,d0,14,53,a5,17,f2,18,76,98,28,75,df,3d,..

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
"DeviceNotSelectedTimeout"="15"
"GDIProcessHandleQuota"=dword:00002710
"Spooler"="yes"
"swapdisk"=""
"TransmissionRetryTimeout"="90"
"USERProcessHandleQuota"=dword:00002710

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

[ Dodano: Dzisiaj o 16:16 ]
Cytat:
"Silent Runners.vbs", revision 56, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:
---------------------------------

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"NvCplDaemon" = "RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]
"AVP" = ""E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"" ["Kaspersky Lab"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
-> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "E:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {HKLM...CLSID} = "DesktopContext Class"
\InProcServer32\(Default) = "E:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {HKLM...CLSID} = "NVIDIA CPL Extension"
\InProcServer32\(Default) = "E:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {HKLM...CLSID} = "Desktop Explorer"
\InProcServer32\(Default) = "E:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "E:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
-> {HKLM...CLSID} = "nView Desktop Context Menu"
\InProcServer32\(Default) = "E:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {HKLM...CLSID} = "RealOne Player Context Menu Class"
\InProcServer32\(Default) = "E:\Program Files\ACE Mega CoDecS Pack\SystemS\RealMedia\rpshell.dll" ["RealNetworks, Inc."]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "E:\Program Files\WinRAR\rarext.dll" [null data]
"{85E0B171-04FA-11D1-B7DA-00A0C90348D6}" = "Statystyki dla ochrony WWW"
-> {HKLM...CLSID} = "Statystyki dla ochrony WWW"
\InProcServer32\(Default) = "E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll" ["Kaspersky Lab"]

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<<!>> klogon\DLLName = "E:\WINDOWS\system32\klogon.dll" ["Kaspersky Lab"]

HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\
Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\ShellEx.dll" ["Kaspersky Lab"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "E:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "E:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\
Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\ShellEx.dll" ["Kaspersky Lab"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "E:\Program Files\WinRAR\rarext.dll" [null data]

Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKCU\Software\Policies\Microsoft\Windows\System\

"disablecmd" = (REG_DWORD) dword:0x00000000
{User Configuration|Administrative Templates|System|
Disable the command prompt}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\

"shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}

Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "E:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "E:\Documents and Settings\Ajtuj\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"

Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "E:\WINDOWS\System32\logon.scr" [MS]

[ Dodano: Dzisiaj o 16:17 ]
Cytat:
catchme 0.3.1353.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-27 17:00:21
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="E:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:17,f1,3a,e5,2f,4a,ba,9d,74,a6,58,2f,ba,c4,0f,4c,83,35,b5,41,7d,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,30,3a,2c,fc,e1,cc,e2,4b,e8,be,7e,29,a4,1b,88,49,a6,..
"khjeh"=hex:0e,bb,3d,9b,6f,4d,d3,7f,ed,a9,45,f2,29,d7,ac,41,b4,35,09,e3,5f,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:34,47,8c,ca,ca,92,63,b9,d0,14,53,a5,17,f2,18,76,98,28,75,df,3d,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="E:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:17,f1,3a,e5,2f,4a,ba,9d,74,a6,58,2f,ba,c4,0f,4c,83,35,b5,41,7d,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,30,3a,2c,fc,e1,cc,e2,4b,e8,be,7e,29,a4,1b,88,49,a6,..
"khjeh"=hex:0e,bb,3d,9b,6f,4d,d3,7f,ed,a9,45,f2,29,d7,ac,41,b4,35,09,e3,5f,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:34,47,8c,ca,ca,92,63,b9,d0,14,53,a5,17,f2,18,76,98,28,75,df,3d,..

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
"DeviceNotSelectedTimeout"="15"
"GDIProcessHandleQuota"=dword:00002710
"Spooler"="yes"
"swapdisk"=""
"TransmissionRetryTimeout"="90"
"USERProcessHandleQuota"=dword:00002710

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

ComboFix 08-04-26.3 - Ajtuj 2008-04-27 17:39:41.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.217 [GMT 2:00]
Running from: E:\Documents and Settings\Ajtuj\Pulpit\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-03-27 to 2008-04-27 )))))))))))))))))))))))))))))))
.

2008-04-27 17:24 . 2008-04-27 17:44 <DIR> d--h----- E:\Documents and Settings\Administrator\Ustawienia lokalne
2008-04-27 17:24 . 2008-04-26 17:21 <DIR> d-------- E:\Documents and Settings\Administrator\Ulubione
2008-04-27 17:24 . 2008-04-26 15:30 <DIR> d--h----- E:\Documents and Settings\Administrator\Szablony
2008-04-27 17:24 . 2008-04-27 17:44 <DIR> d-------- E:\Documents and Settings\Administrator\Pulpit
2008-04-27 17:24 . 2008-04-26 17:21 <DIR> d-------- E:\Documents and Settings\Administrator\Moje dokumenty
2008-04-27 17:24 . 2008-04-26 17:21 <DIR> dr------- E:\Documents and Settings\Administrator\Menu Start
2008-04-27 17:24 . 2008-04-26 17:21 <DIR> dr-h----- E:\Documents and Settings\Administrator\Dane aplikacji
2008-04-27 17:24 . 2008-04-27 17:24 <DIR> d-------- E:\Documents and Settings\Administrator
2008-04-27 17:24 . 2008-04-27 17:39 1,024 --ah----- E:\Documents and Settings\Administrator\ntuser.dat.LOG
2008-04-27 17:05 . 2008-04-27 17:05 <DIR> d-------- E:\Program Files\Trend Micro
2008-04-27 16:57 . 2008-04-27 16:57 <DIR> d-------- E:\WINDOWS\ERUNT
2008-04-27 16:52 . 2008-04-27 17:30 <DIR> d-------- E:\SDFix
2008-04-27 16:46 . 2008-04-27 16:46 <DIR> d--h----- E:\WINDOWS\$hf_mig$
2008-04-26 16:39 . 2007-03-12 16:42 3,495,784 --a------ E:\WINDOWS\system32\d3dx9_33.dll
2008-04-26 16:38 . 2005-05-26 15:34 2,297,552 --a------ E:\WINDOWS\system32\d3dx9_26.dll
2008-04-26 16:26 . 2008-04-26 16:26 <DIR> d-------- E:\Program Files\DAEMON Tools
2008-04-26 16:23 . 2008-04-26 16:32 96,645 --a------ E:\WINDOWS\system32\drivers\klin.dat
2008-04-26 16:23 . 2008-04-26 16:32 87,941 --a------ E:\WINDOWS\system32\drivers\klick.dat
2008-04-26 16:22 . 2008-04-26 16:22 <DIR> d-------- E:\Program Files\Kaspersky Lab
2008-04-26 16:22 . 2008-04-26 16:22 <DIR> d-------- E:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files
2008-04-26 16:22 . 2008-04-27 17:37 <DIR> d-------- E:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab
2008-04-26 16:22 . 2008-04-27 17:45 4,675,360 --ahs---- E:\WINDOWS\system32\drivers\fidbox.dat
2008-04-26 16:22 . 2008-04-26 16:22 682,232 --a------ E:\WINDOWS\system32\drivers\sptd.sys
2008-04-26 16:22 . 2008-04-27 17:36 78,680 --ahs---- E:\WINDOWS\system32\drivers\fidbox.idx
2008-04-26 16:22 . 2008-04-27 17:44 47,648 --ahs---- E:\WINDOWS\system32\drivers\fidbox2.dat
2008-04-26 16:22 . 2008-04-27 17:36 7,388 --ahs---- E:\WINDOWS\system32\drivers\fidbox2.idx
2008-04-26 16:11 . 2008-04-26 16:12 <DIR> d-------- E:\Documents and Settings\Ajtuj\Gadu-Gadu
2008-04-26 16:11 . 2008-04-26 16:11 <DIR> d-------- E:\Documents and Settings\Ajtuj\Dane aplikacji\Gadu-Gadu
2008-04-26 16:06 . 2008-04-26 16:06 <DIR> d-------- E:\Program Files\foobar2000
2008-04-26 16:06 . 2008-04-27 16:54 <DIR> d-------- E:\Documents and Settings\Ajtuj\Dane aplikacji\foobar2000
2008-04-26 16:06 . 2003-08-18 05:10 122,880 --a------ E:\WINDOWS\system32\directx.cpl
2008-04-26 16:06 . 2003-03-25 05:49 106,544 --a------ E:\WINDOWS\system32\tweakui.cpl
2008-04-26 16:06 . 2003-03-25 05:49 98,304 --a------ E:\WINDOWS\system32\startup.cpl
2008-04-26 16:06 . 2008-04-26 16:06 98,304 --a------ E:\WINDOWS\system32\qttask.exe
2008-04-26 16:06 . 2004-02-17 10:11 53,248 --a------ E:\WINDOWS\system32\vp6dec_settings.cpl
2008-04-26 16:06 . 2003-03-25 05:49 51,238 --a------ E:\WINDOWS\system32\tweakui.hlp
2008-04-26 16:05 . 2008-04-26 16:06 <DIR> d-------- E:\Program Files\ACE Mega CoDecS Pack

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-27 15:40 --------- d-----w E:\Program Files\Neostrada TP
2008-04-26 13:52 --------- d--h--w E:\Program Files\InstallShield Installation Information
2008-04-26 13:52 --------- d-----w E:\Program Files\Thomson
2008-04-26 13:52 --------- d-----w E:\Program Files\Common Files\InstallShield
2008-04-26 13:50 --------- d-----w E:\Program Files\Razer
2008-04-26 13:50 --------- d-----w E:\Program Files\DIFX
2008-04-26 13:50 --------- d-----w E:\Documents and Settings\Ajtuj\Dane aplikacji\InstallShield
2008-04-26 13:35 --------- d-----w E:\Program Files\microsoft frontpage
2008-04-26 13:33 --------- d-----w E:\Program Files\Usługi online
2008-03-05 14:03 479,752 ----a-w E:\WINDOWS\system32\XAudio2_0.dll
2008-03-05 14:03 238,088 ----a-w E:\WINDOWS\system32\xactengine3_0.dll
2008-03-05 14:00 25,608 ----a-w E:\WINDOWS\system32\X3DAudio1_3.dll
2008-03-05 13:56 3,786,760 ----a-w E:\WINDOWS\system32\D3DX9_37.dll
2008-03-05 13:56 1,420,824 ----a-w E:\WINDOWS\system32\D3DCompiler_37.dll
2008-02-08 16:37 219,664 ----a-w E:\WINDOWS\system32\klogon.dll
2008-02-05 21:07 462,864 ----a-w E:\WINDOWS\system32\d3dx10_37.dll
2007-05-24 10:27 34,930 ----a-w E:\Program Files\nv4_disp.inf
2007-05-12 22:40 28,605 ----a-w E:\Program Files\nv4_disp.cat
2006-06-29 14:45 712,704 ----a-r E:\WINDOWS\inf\OTHER\AUDIO3D.DLL
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="E:\WINDOWS\system32\NvCpl.dll" [2007-04-19 13:26 7700480]
"AVP"="E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2008-02-08 18:36 227856]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.iac2"= E:\PROGRA~1\ACEMEG~1\SystemS\Intel\iac25_32.ax
"vidc.avrn"= E:\PROGRA~1\ACEMEG~1\SystemS\AVIDAV~1.DLL
"vidc.advj"= E:\PROGRA~1\ACEMEG~1\SystemS\AVIDAV~1.DLL
"vidc.mszh"= E:\PROGRA~1\ACEMEG~1\SystemS\avimszh.dll
"vidc.zlib"= E:\PROGRA~1\ACEMEG~1\SystemS\avizlib.dll
"vidc.cscd"= E:\PROGRA~1\ACEMEG~1\SystemS\camcodec.dll
"vidc.cvid"= E:\PROGRA~1\ACEMEG~1\SystemS\iccvid.dll
"msacm.trspch"= E:\PROGRA~1\ACEMEG~1\SystemS\tssoft32.acm
"vidc.em2v"= E:\PROGRA~1\ACEMEG~1\SystemS\etxcodec.dll
"vidc.mkvc"= E:\PROGRA~1\ACEMEG~1\SystemS\kmvidc32.dll
"vidc.hfyu"= E:\PROGRA~1\ACEMEG~1\SystemS\huffyuv.dll
"msacm.lameacm"= E:\PROGRA~1\ACEMEG~1\SystemS\lameacm.acm
"msacm.lhacm"= E:\PROGRA~1\ACEMEG~1\SystemS\lhacm.acm
"msacm.l3acm"= E:\PROGRA~1\ACEMEG~1\SystemS\l3codecp.acm
"vidc.sjpg"= E:\PROGRA~1\ACEMEG~1\SystemS\pmjpeg32.dll
"vidc.dmb2"= E:\PROGRA~1\ACEMEG~1\SystemS\pmjpeg32.dll
"vidc.gepj"= E:\PROGRA~1\ACEMEG~1\SystemS\pmjpeg32.dll
"vidc.qpeg"= E:\PROGRA~1\ACEMEG~1\SystemS\Qpeg32.dll
"vidc.q1.0"= E:\PROGRA~1\ACEMEG~1\SystemS\Qpeg32.dll
"msacm.sl_anet"= E:\PROGRA~1\ACEMEG~1\SystemS\sl_anet.acm
"vidc.tscc"= E:\PROGRA~1\ACEMEG~1\SystemS\tsccvid.dll
"vidc.vifp"= E:\PROGRA~1\ACEMEG~1\SystemS\vfcodec.dll
"vidc.wrpr"= E:\PROGRA~1\ACEMEG~1\SystemS\aviwrap.dll
"vidc.wnv1"= E:\PROGRA~1\ACEMEG~1\SystemS\wnvplay1.dll
"vidc.advs"= E:\PROGRA~1\ACEMEG~1\SystemS\Adaptec\Dvc.dll
"vidc.aflc"= E:\PROGRA~1\ACEMEG~1\SystemS\Autodesk\FLCCOD~1.DLL
"vidc.afli"= E:\PROGRA~1\ACEMEG~1\SystemS\Autodesk\FLCCOD~1.DLL
"vidc.aasc"= E:\PROGRA~1\ACEMEG~1\SystemS\Autodesk\Aasc32.dll
"vidc.aas4"= E:\PROGRA~1\ACEMEG~1\SystemS\Autodesk\Aasc32.dll
"vidc.asv1"= E:\PROGRA~1\ACEMEG~1\SystemS\ASUS\asusasv1.dll
"vidc.asv2"= E:\PROGRA~1\ACEMEG~1\SystemS\ASUS\asusasv2.dll
"vidc.asvx"= E:\PROGRA~1\ACEMEG~1\SystemS\ASUS\asusasv2.dll
"vidc.vcr1"= E:\PROGRA~1\ACEMEG~1\SystemS\ATI\ativcr1.dll
"vidc.vcr2"= E:\PROGRA~1\ACEMEG~1\SystemS\ATI\ativcr2.dll
"vidc.yv12"= E:\PROGRA~1\ACEMEG~1\SystemS\ATI\atiyuv12.DLL
"vidc.mwv1"= E:\PROGRA~1\ACEMEG~1\SystemS\Aware\icmw_32.dll
"vidc.bt20"= E:\PROGRA~1\ACEMEG~1\SystemS\BROOKT~1\btvvc32.drv
"vidc.y41p"= E:\PROGRA~1\ACEMEG~1\SystemS\BROOKT~1\btvvc32.drv
"msacm.pcdv"= E:\PROGRA~1\ACEMEG~1\SystemS\Canopus\pcdv.acm
"vidc.cdvc"= E:\PROGRA~1\ACEMEG~1\SystemS\Canopus\CSCCDVC.DLL
"vidc.ddvc"= E:\PROGRA~1\ACEMEG~1\SystemS\Canopus\CSCdvsd.DLL
"vidc.png1"= E:\PROGRA~1\ACEMEG~1\SystemS\Core\COREPN~1.DLL
"msacm.CoreFLAC_ACM"= E:\PROGRA~1\ACEMEG~1\SystemS\Core\COREFL~1.ACM
"vidc.davc"= E:\PROGRA~1\ACEMEG~1\SystemS\dicas\davcvfw.dll
"vidc.div3"= E:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivXc32.dll
"vidc.div5"= E:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivXc32.dll
"vidc.mpg3"= E:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivXc32.dll
"vidc.div4"= E:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivXc32f.dll
"vidc.div6"= E:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivXc32f.dll
"vidc.ap41"= E:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivXc32f.dll
"vidc.dvx4"= E:\PROGRA~1\ACEMEG~1\SystemS\DivX\divx4.dll
"vidc.divx"= E:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivX520.dll
"msacm.divxa32"= E:\PROGRA~1\ACEMEG~1\SystemS\DivX\divxa32.acm
"vidc.frwd"= E:\PROGRA~1\ACEMEG~1\SystemS\Forward\frwd.dll
"vidc.frwt"= E:\PROGRA~1\ACEMEG~1\SystemS\Forward\frwd.dll
"vidc.frwa"= E:\PROGRA~1\ACEMEG~1\SystemS\Forward\frwt.dll
"vidc.frwu"= E:\PROGRA~1\ACEMEG~1\SystemS\Forward\frwu.dll
"vidc.glzw"= E:\PROGRA~1\ACEMEG~1\SystemS\Gabest\GLZW.dll
"vidc.gpeg"= E:\PROGRA~1\ACEMEG~1\SystemS\Gabest\GPEG.dll
"vidc.i263"= E:\PROGRA~1\ACEMEG~1\SystemS\Intel\i263_32.drv
"vidc.iv30"= E:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv31"= E:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv32"= E:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv33"= E:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv34"= E:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv35"= E:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv36"= E:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv37"= E:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv38"= E:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv39"= E:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv40"= E:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv41"= E:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv42"= E:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv43"= E:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv44"= E:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv45"= E:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv46"= E:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv47"= E:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv48"= E:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv49"= E:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv50"= E:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir50_32.dll
"vidc.iyuv"= E:\PROGRA~1\ACEMEG~1\SystemS\Intel\iyuv_32.dll
"vidc.yvu9"= E:\PROGRA~1\ACEMEG~1\SystemS\Intel\Iyvu9_32.dll
"vidc.ir21"= E:\PROGRA~1\ACEMEG~1\SystemS\Intel\IR21_R.DLL
"vidc.rt21"= E:\PROGRA~1\ACEMEG~1\SystemS\Intel\IR21_R.DLL
"msacm.imc"= E:\PROGRA~1\ACEMEG~1\SystemS\Intel\IMC32.ACM
"vidc.lead"= E:\PROGRA~1\ACEMEG~1\SystemS\LEAD\LCODCCMP.DLL
"vidc.dvsd"= E:\PROGRA~1\ACEMEG~1\SystemS\MAINCO~1\MCDVD_32.DLL
"vidc.dvc"= E:\PROGRA~1\ACEMEG~1\SystemS\MAINCO~1\MCDVD_32.DLL
"vidc.dvcs"= E:\PROGRA~1\ACEMEG~1\SystemS\MAINCO~1\MCDVD_32.DLL
"vidc.dcmj"= E:\PROGRA~1\ACEMEG~1\SystemS\MAINCO~1\MCMJPG32.DLL
"vidc.avi1"= E:\PROGRA~1\ACEMEG~1\SystemS\MAINCO~1\MCMJPG32.DLL
"vidc.avi2"= E:\PROGRA~1\ACEMEG~1\SystemS\MAINCO~1\MCMJPG32.DLL
"vidc.dv25"= E:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.dv50"= E:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.msmc"= E:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.mmjp"= E:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.mtx1"= E:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.mtx2"= E:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.mtx3"= E:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.mtx4"= E:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.mtx5"= E:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.mtx6"= E:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.mtx7"= E:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.mtx8"= E:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.mtx9"= E:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.mmes"= E:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"msacm.msadpcm"= E:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msadp32.acm
"msacm.imaadpcm"= E:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\imaadp32.acm
"msacm.msg711"= E:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msg711.acm
"msacm.msg723"= E:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msg723.acm
"msacm.msgsm610"= E:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msgsm32.acm
"vidc.m261"= E:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msh261.drv
"vidc.m263"= E:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msh263.drv
"vidc.i420"= E:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msh263.drv
"vidc.mrle"= E:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msrle32.dll
"vidc.uyvy"= E:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll
"vidc.yuy2"= E:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll
"vidc.yvyu"= E:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll
"vidc.msvc"= E:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msvidc32.dll
"vidc.cram"= E:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msvidc32.dll
"vidc.mpg4"= E:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\mpg4c32.dll
"vidc.mp41"= E:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\mpg4c32.dll
"vidc.mp42"= E:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\mpg4c32.dll
"vidc.mp43"= E:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\mpg4c32.dll
"vidc.mp4s"= E:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\mpg4c32.dll
"vidc.mp4v"= E:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\mpg4c32.dll
"vidc.wmv3"= E:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\WMV9VCM.dll
"msacm.msaudio1"= E:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msaud32.acm
"vidc.vixl"= E:\PROGRA~1\ACEMEG~1\SystemS\Miro\miroxl32.dll
"vidc.nt00"= E:\PROGRA~1\ACEMEG~1\SystemS\Newtek\ntcodec.dll
"msacm.vorbis"= E:\PROGRA~1\ACEMEG~1\SystemS\OGG\vorbis.acm
"vidc.vp30"= E:\PROGRA~1\ACEMEG~1\SystemS\ON2TEC~1\vp31vfw.dll
"vidc.vp31"= E:\PROGRA~1\ACEMEG~1\SystemS\ON2TEC~1\vp31vfw.dll
"vidc.vp60"= E:\PROGRA~1\ACEMEG~1\SystemS\ON2TEC~1\vp6vfw.dll
"vidc.vp61"= E:\PROGRA~1\ACEMEG~1\SystemS\ON2TEC~1\vp6vfw.dll
"vidc.pdvc"= E:\PROGRA~1\ACEMEG~1\SystemS\PANASO~1\idvcodec.dll
"vidc.ipdv"= E:\PROGRA~1\ACEMEG~1\SystemS\PANASO~1\idvcodec.dll
"vidc.pvw2"= E:\PROGRA~1\ACEMEG~1\SystemS\Pegasus\pvwv220.dll
"vidc.pimj"= E:\PROGRA~1\ACEMEG~1\SystemS\Pegasus\pvljpg20.dll
"vidc.mjpx"= E:\PROGRA~1\ACEMEG~1\SystemS\Pegasus\pvmjpg21.dll
"vidc.miro"= E:\PROGRA~1\ACEMEG~1\SystemS\Pinnacle\MIRODV~1.DLL
"vidc.dcap"= E:\PROGRA~1\ACEMEG~1\SystemS\Pinnacle\MIRODV~1.DLL
"vidc.mjpa"= E:\PROGRA~1\ACEMEG~1\SystemS\Pinnacle\RTMJPG~1.DLL
"vidc.gpjm"= E:\PROGRA~1\ACEMEG~1\SystemS\Pinnacle\RTMJPG~1.DLL
"vidc.pim1"= E:\PROGRA~1\ACEMEG~1\SystemS\Pinnacle\pclepim1.dll
"msacm.qmpeg"= E:\PROGRA~1\ACEMEG~1\SystemS\QDesign\qmpeg.acm
"vidc.rmp4"= E:\PROGRA~1\ACEMEG~1\SystemS\REALMA~1\rmp4.dll
"vidc.rud0"= E:\PROGRA~1\ACEMEG~1\SystemS\Rududu\rududu.dll
"msacm.at3"= E:\PROGRA~1\ACEMEG~1\SystemS\SONY\atrac3.acm
"vidc.sony"= E:\PROGRA~1\ACEMEG~1\SystemS\SONY\sonydv.dll
"vidc.dvcp"= E:\PROGRA~1\ACEMEG~1\SystemS\SONY\sonydv.dll
"vidc.s422"= E:\PROGRA~1\ACEMEG~1\SystemS\Tekram\tekyuv.dll
"vidc.t420"= E:\PROGRA~1\ACEMEG~1\SystemS\Toshiba\tsbyuv.dll
"vidc.y411"= E:\PROGRA~1\ACEMEG~1\SystemS\Toshiba\tsbyuv.dll
"vidc.vssv"= E:\PROGRA~1\ACEMEG~1\SystemS\VANGUA~1\vsscodec.dll
"msacm.voxacm160"= E:\PROGRA~1\ACEMEG~1\SystemS\VoxWare\vct3216.acm
"vidc.xvid"= E:\PROGRA~1\ACEMEG~1\SystemS\XviD\xvidvfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"H:\\PROGRAMY\\Zainstalowane\\mis\\BearShare.exe"=
"H:\\PROGRAMY\\Zainstalowane\\Gadu-Gadu\\gg.exe"=
"E:\\Documents and Settings\\All Users\\Dane aplikacji\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.325\\Polish\\setup.exe"=

R3 DAdderFltr;DeathAdder Mouse;E:\WINDOWS\system32\drivers\dadder.sys [2007-08-02 17:32]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;E:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 13:28]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - m6dqm2vd.exe
\Shell\explore\Command - m6dqm2vd.exe
\Shell\open\Command - m6dqm2vd.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - m6dqm2vd.exe
\Shell\explore\Command - m6dqm2vd.exe
\Shell\open\Command - m6dqm2vd.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - m6dqm2vd.exe
\Shell\explore\Command - m6dqm2vd.exe
\Shell\open\Command - m6dqm2vd.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\AutoRun\command - m6dqm2vd.exe
\Shell\explore\Command - m6dqm2vd.exe
\Shell\open\Command - m6dqm2vd.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]
\Shell\AutoRun\command - m6dqm2vd.exe
\Shell\explore\Command - m6dqm2vd.exe
\Shell\open\Command - m6dqm2vd.exe

.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-27 17:44:59
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-27 17:46:39
ComboFix-quarantined-files.txt 2008-04-27 15:46:35

Pre-Run: 18,434,633,728 bajtów wolnych
Post-Run: 18,439,761,920 bajtów wolnych

280

[ Dodano: Dzisiaj o 17:14 ]
wszystko zrobiłem tak ja kazałeś a problem nie znikł!! why?

[ Dodano: Dzisiaj o 17:16 ]
chłopaki przed chwila mi zadziałało nie wiem z jakiej paki?? moze kaspersky blokuje?? bo go wyłaczyłem przed chwila!

**Posty:** 8001 · przez **Okocza** 27 Kwi 2008, 18:41

kaspersky na pewno nie powoduje tego problermu...

masz to na każdym dysku :?:

**Posty:** 19 · przez **Skazii** 27 Kwi 2008, 18:57

miałem.teraz juz nie mam znikło.Po formacie c:/ normalnie sie odpalał a inne nie!

**Posty:** 8001 · przez **Okocza** 27 Kwi 2008, 18:57

wszystko juz ok :?:

**Posty:** 19 · przez **Skazii** 27 Kwi 2008, 19:43

tak ok.nie wiem jak to sie stało! ale thx za wszystko!!

**Posty:** 18165 · przez **wojtas** 27 Kwi 2008, 20:36

wklej do notatnika

Windows Registry Editor Version 5.00

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]

w notatniku u góry>>>plik zapisz jako>>>Zmien rozszerzenie z TXT na Wszystkie pliki *.* >>> Zapisz pod nazwą FIX.REG

Klikasz dwa razy na powstały plik fix i dodajesz go do rejestru....

reset kompa i nowy log z combofixa

**Posty:** 19 · przez **Skazii** 28 Kwi 2008, 16:04

Kod: Zaznacz wszystko: ComboFix 08-04-26.5 - Ajtuj 2008-04-28 8:53:34.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.286 [GMT 2:00] Running from: E:\Documents and Settings\Ajtuj\Pulpit\ComboFix.exe * Created a new restore point [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color] . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . E:\WINDOWS\system32\dllcache\spoolsv.exe . ((((((((((((((((((((((((( Files Created from 2008-03-28 to 2008-04-28 ))))))))))))))))))))))))))))))) . 2008-04-27 18:55 . 2008-04-27 18:55 <DIR> d-------- E:\Documents and Settings\Ajtuj\Dane aplikacji\Talkback 2008-04-27 17:24 . 2008-04-28 09:05 <DIR> d--h----- E:\Documents and Settings\Administrator\Ustawienia lokalne 2008-04-27 17:24 . 2008-04-26 17:21 <DIR> d-------- E:\Documents and Settings\Administrator\Ulubione 2008-04-27 17:24 . 2008-04-26 15:30 <DIR> d--h----- E:\Documents and Settings\Administrator\Szablony 2008-04-27 17:24 . 2008-04-27 17:44 <DIR> d-------- E:\Documents and Settings\Administrator\Pulpit 2008-04-27 17:24 . 2008-04-26 17:21 <DIR> d-------- E:\Documents and Settings\Administrator\Moje dokumenty 2008-04-27 17:24 . 2008-04-26 17:21 <DIR> dr------- E:\Documents and Settings\Administrator\Menu Start 2008-04-27 17:24 . 2008-04-26 17:21 <DIR> dr-h----- E:\Documents and Settings\Administrator\Dane aplikacji 2008-04-27 17:24 . 2008-04-27 17:24 <DIR> d-------- E:\Documents and Settings\Administrator 2008-04-27 17:24 . 2008-04-28 08:53 1,024 --ah----- E:\Documents and Settings\Administrator\ntuser.dat.LOG 2008-04-27 17:05 . 2008-04-27 17:05 <DIR> d-------- E:\Program Files\Trend Micro 2008-04-27 16:57 . 2008-04-27 16:57 <DIR> d-------- E:\WINDOWS\ERUNT 2008-04-27 16:52 . 2008-04-27 17:30 <DIR> d-------- E:\SDFix 2008-04-27 16:46 . 2008-04-27 16:46 <DIR> d--h----- E:\WINDOWS\$hf_mig$ 2008-04-26 16:39 . 2007-03-12 16:42 3,495,784 --a------ E:\WINDOWS\system32\d3dx9_33.dll 2008-04-26 16:38 . 2005-05-26 15:34 2,297,552 --a------ E:\WINDOWS\system32\d3dx9_26.dll 2008-04-26 16:26 . 2008-04-26 16:26 <DIR> d-------- E:\Program Files\DAEMON Tools 2008-04-26 16:23 . 2008-04-26 16:32 96,645 --a------ E:\WINDOWS\system32\drivers\klin.dat 2008-04-26 16:23 . 2008-04-26 16:32 87,941 --a------ E:\WINDOWS\system32\drivers\klick.dat 2008-04-26 16:22 . 2008-04-26 16:22 <DIR> d-------- E:\Program Files\Kaspersky Lab 2008-04-26 16:22 . 2008-04-26 16:22 <DIR> d-------- E:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files 2008-04-26 16:22 . 2008-04-28 08:48 <DIR> d-------- E:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab 2008-04-26 16:22 . 2008-04-28 09:06 4,822,304 --ahs---- E:\WINDOWS\system32\drivers\fidbox.dat 2008-04-26 16:22 . 2008-04-26 16:22 682,232 --a------ E:\WINDOWS\system32\drivers\sptd.sys 2008-04-26 16:22 . 2008-04-27 20:21 80,504 --ahs---- E:\WINDOWS\system32\drivers\fidbox.idx 2008-04-26 16:22 . 2008-04-28 09:05 52,768 --ahs---- E:\WINDOWS\system32\drivers\fidbox2.dat 2008-04-26 16:22 . 2008-04-27 20:21 8,936 --ahs---- E:\WINDOWS\system32\drivers\fidbox2.idx 2008-04-26 16:11 . 2008-04-26 16:12 <DIR> d-------- E:\Documents and Settings\Ajtuj\Gadu-Gadu 2008-04-26 16:11 . 2008-04-26 16:11 <DIR> d-------- E:\Documents and Settings\Ajtuj\Dane aplikacji\Gadu-Gadu 2008-04-26 16:06 . 2008-04-26 16:06 <DIR> d-------- E:\Program Files\foobar2000 2008-04-26 16:06 . 2008-04-27 16:54 <DIR> d-------- E:\Documents and Settings\Ajtuj\Dane aplikacji\foobar2000 2008-04-26 16:06 . 2003-08-18 05:10 122,880 --a------ E:\WINDOWS\system32\directx.cpl 2008-04-26 16:06 . 2003-03-25 05:49 106,544 --a------ E:\WINDOWS\system32\tweakui.cpl 2008-04-26 16:06 . 2003-03-25 05:49 98,304 --a------ E:\WINDOWS\system32\startup.cpl 2008-04-26 16:06 . 2008-04-26 16:06 98,304 --a------ E:\WINDOWS\system32\qttask.exe 2008-04-26 16:06 . 2004-02-17 10:11 53,248 --a------ E:\WINDOWS\system32\vp6dec_settings.cpl 2008-04-26 16:06 . 2003-03-25 05:49 51,238 --a------ E:\WINDOWS\system32\tweakui.hlp 2008-04-26 16:05 . 2008-04-26 16:06 <DIR> d-------- E:\Program Files\ACE Mega CoDecS Pack . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-28 06:49 --------- d-----w E:\Program Files\Neostrada TP 2008-04-26 13:52 --------- d--h--w E:\Program Files\InstallShield Installation Information 2008-04-26 13:52 --------- d-----w E:\Program Files\Thomson 2008-04-26 13:52 --------- d-----w E:\Program Files\Common Files\InstallShield 2008-04-26 13:50 --------- d-----w E:\Program Files\Razer 2008-04-26 13:50 --------- d-----w E:\Program Files\DIFX 2008-04-26 13:50 --------- d-----w E:\Documents and Settings\Ajtuj\Dane aplikacji\InstallShield 2008-04-26 13:35 --------- d-----w E:\Program Files\microsoft frontpage 2008-04-26 13:33 --------- d-----w E:\Program Files\Usługi online 2008-03-05 14:03 479,752 ----a-w E:\WINDOWS\system32\XAudio2_0.dll 2008-03-05 14:03 238,088 ----a-w E:\WINDOWS\system32\xactengine3_0.dll 2008-03-05 14:00 25,608 ----a-w E:\WINDOWS\system32\X3DAudio1_3.dll 2008-03-05 13:56 3,786,760 ----a-w E:\WINDOWS\system32\D3DX9_37.dll 2008-03-05 13:56 1,420,824 ----a-w E:\WINDOWS\system32\D3DCompiler_37.dll 2008-02-08 16:37 219,664 ----a-w E:\WINDOWS\system32\klogon.dll 2008-02-05 21:07 462,864 ----a-w E:\WINDOWS\system32\d3dx10_37.dll 2007-05-24 10:27 34,930 ----a-w E:\Program Files\nv4_disp.inf 2007-05-12 22:40 28,605 ----a-w E:\Program Files\nv4_disp.cat 2006-06-29 14:45 712,704 ----a-r E:\WINDOWS\inf\OTHER\AUDIO3D.DLL . ((((((((((((((((((((((((((((( snapshot@2008-04-27_17.46.08,23 ))))))))))))))))))))))))))))))))))))))))) . - 2008-04-27 15:37:02 2,048 --s-a-w E:\WINDOWS\bootstat.dat + 2008-04-28 06:48:21 2,048 --s-a-w E:\WINDOWS\bootstat.dat - 2008-04-27 15:41:08 39,992 ----a-w E:\WINDOWS\system32\perfc009.dat + 2008-04-28 06:52:39 39,992 ----a-w E:\WINDOWS\system32\perfc009.dat - 2008-04-27 15:41:08 49,492 ----a-w E:\WINDOWS\system32\perfc015.dat + 2008-04-28 06:52:39 49,492 ----a-w E:\WINDOWS\system32\perfc015.dat - 2008-04-27 15:41:08 311,604 ----a-w E:\WINDOWS\system32\perfh009.dat + 2008-04-28 06:52:39 311,604 ----a-w E:\WINDOWS\system32\perfh009.dat - 2008-04-27 15:41:08 355,486 ----a-w E:\WINDOWS\system32\perfh015.dat + 2008-04-28 06:52:39 355,486 ----a-w E:\WINDOWS\system32\perfh015.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Gadu-Gadu"="H:\PROGRAMY\Zainstalowane\Gadu-Gadu\gg.exe" [2007-07-09 09:39 2119104] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="E:\WINDOWS\system32\NvCpl.dll" [2007-04-19 13:26 7700480] "AVP"="E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2008-02-08 18:36 227856] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.iac2"= E:\PROGRA~1\ACEMEG~1\SystemS\Intel\iac25_32.ax "vidc.avrn"= E:\PROGRA~1\ACEMEG~1\SystemS\AVIDAV~1.DLL "vidc.advj"= E:\PROGRA~1\ACEMEG~1\SystemS\AVIDAV~1.DLL "vidc.mszh"= E:\PROGRA~1\ACEMEG~1\SystemS\avimszh.dll "vidc.zlib"= E:\PROGRA~1\ACEMEG~1\SystemS\avizlib.dll "vidc.cscd"= E:\PROGRA~1\ACEMEG~1\SystemS\camcodec.dll "vidc.cvid"= E:\PROGRA~1\ACEMEG~1\SystemS\iccvid.dll "msacm.trspch"= E:\PROGRA~1\ACEMEG~1\SystemS\tssoft32.acm "vidc.em2v"= E:\PROGRA~1\ACEMEG~1\SystemS\etxcodec.dll "vidc.mkvc"= E:\PROGRA~1\ACEMEG~1\SystemS\kmvidc32.dll "vidc.hfyu"= E:\PROGRA~1\ACEMEG~1\SystemS\huffyuv.dll "msacm.lameacm"= E:\PROGRA~1\ACEMEG~1\SystemS\lameacm.acm "msacm.lhacm"= E:\PROGRA~1\ACEMEG~1\SystemS\lhacm.acm "msacm.l3acm"= E:\PROGRA~1\ACEMEG~1\SystemS\l3codecp.acm "vidc.sjpg"= E:\PROGRA~1\ACEMEG~1\SystemS\pmjpeg32.dll "vidc.dmb2"= E:\PROGRA~1\ACEMEG~1\SystemS\pmjpeg32.dll "vidc.gepj"= E:\PROGRA~1\ACEMEG~1\SystemS\pmjpeg32.dll "vidc.qpeg"= E:\PROGRA~1\ACEMEG~1\SystemS\Qpeg32.dll "vidc.q1.0"= E:\PROGRA~1\ACEMEG~1\SystemS\Qpeg32.dll "msacm.sl_anet"= E:\PROGRA~1\ACEMEG~1\SystemS\sl_anet.acm "vidc.tscc"= E:\PROGRA~1\ACEMEG~1\SystemS\tsccvid.dll "vidc.vifp"= E:\PROGRA~1\ACEMEG~1\SystemS\vfcodec.dll "vidc.wrpr"= E:\PROGRA~1\ACEMEG~1\SystemS\aviwrap.dll "vidc.wnv1"= E:\PROGRA~1\ACEMEG~1\SystemS\wnvplay1.dll "vidc.advs"= E:\PROGRA~1\ACEMEG~1\SystemS\Adaptec\Dvc.dll "vidc.aflc"= E:\PROGRA~1\ACEMEG~1\SystemS\Autodesk\FLCCOD~1.DLL "vidc.afli"= E:\PROGRA~1\ACEMEG~1\SystemS\Autodesk\FLCCOD~1.DLL "vidc.aasc"= E:\PROGRA~1\ACEMEG~1\SystemS\Autodesk\Aasc32.dll "vidc.aas4"= E:\PROGRA~1\ACEMEG~1\SystemS\Autodesk\Aasc32.dll "vidc.asv1"= E:\PROGRA~1\ACEMEG~1\SystemS\ASUS\asusasv1.dll "vidc.asv2"= E:\PROGRA~1\ACEMEG~1\SystemS\ASUS\asusasv2.dll "vidc.asvx"= E:\PROGRA~1\ACEMEG~1\SystemS\ASUS\asusasv2.dll "vidc.vcr1"= E:\PROGRA~1\ACEMEG~1\SystemS\ATI\ativcr1.dll "vidc.vcr2"= E:\PROGRA~1\ACEMEG~1\SystemS\ATI\ativcr2.dll "vidc.yv12"= E:\PROGRA~1\ACEMEG~1\SystemS\ATI\atiyuv12.DLL "vidc.mwv1"= E:\PROGRA~1\ACEMEG~1\SystemS\Aware\icmw_32.dll "vidc.bt20"= E:\PROGRA~1\ACEMEG~1\SystemS\BROOKT~1\btvvc32.drv "vidc.y41p"= E:\PROGRA~1\ACEMEG~1\SystemS\BROOKT~1\btvvc32.drv "msacm.pcdv"= E:\PROGRA~1\ACEMEG~1\SystemS\Canopus\pcdv.acm "vidc.cdvc"= E:\PROGRA~1\ACEMEG~1\SystemS\Canopus\CSCCDVC.DLL "vidc.ddvc"= E:\PROGRA~1\ACEMEG~1\SystemS\Canopus\CSCdvsd.DLL "vidc.png1"= E:\PROGRA~1\ACEMEG~1\SystemS\Core\COREPN~1.DLL "msacm.CoreFLAC_ACM"= E:\PROGRA~1\ACEMEG~1\SystemS\Core\COREFL~1.ACM "vidc.davc"= E:\PROGRA~1\ACEMEG~1\SystemS\dicas\davcvfw.dll "vidc.div3"= E:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivXc32.dll "vidc.div5"= E:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivXc32.dll "vidc.mpg3"= E:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivXc32.dll "vidc.div4"= E:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivXc32f.dll "vidc.div6"= E:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivXc32f.dll "vidc.ap41"= E:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivXc32f.dll "vidc.dvx4"= E:\PROGRA~1\ACEMEG~1\SystemS\DivX\divx4.dll "vidc.divx"= E:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivX520.dll "msacm.divxa32"= E:\PROGRA~1\ACEMEG~1\SystemS\DivX\divxa32.acm "vidc.frwd"= E:\PROGRA~1\ACEMEG~1\SystemS\Forward\frwd.dll "vidc.frwt"= E:\PROGRA~1\ACEMEG~1\SystemS\Forward\frwd.dll "vidc.frwa"= E:\PROGRA~1\ACEMEG~1\SystemS\Forward\frwt.dll "vidc.frwu"= E:\PROGRA~1\ACEMEG~1\SystemS\Forward\frwu.dll "vidc.glzw"= E:\PROGRA~1\ACEMEG~1\SystemS\Gabest\GLZW.dll "vidc.gpeg"= E:\PROGRA~1\ACEMEG~1\SystemS\Gabest\GPEG.dll "vidc.i263"= E:\PROGRA~1\ACEMEG~1\SystemS\Intel\i263_32.drv "vidc.iv30"= E:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll "vidc.iv31"= E:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll "vidc.iv32"= E:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll "vidc.iv33"= E:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll "vidc.iv34"= E:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll "vidc.iv35"= E:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll "vidc.iv36"= E:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll "vidc.iv37"= E:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll "vidc.iv38"= E:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll "vidc.iv39"= E:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll "vidc.iv40"= E:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll "vidc.iv41"= E:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll "vidc.iv42"= E:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll "vidc.iv43"= E:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll "vidc.iv44"= E:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll "vidc.iv45"= E:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll "vidc.iv46"= E:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll "vidc.iv47"= E:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll "vidc.iv48"= E:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll "vidc.iv49"= E:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll "vidc.iv50"= E:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir50_32.dll "vidc.iyuv"= E:\PROGRA~1\ACEMEG~1\SystemS\Intel\iyuv_32.dll "vidc.yvu9"= E:\PROGRA~1\ACEMEG~1\SystemS\Intel\Iyvu9_32.dll "vidc.ir21"= E:\PROGRA~1\ACEMEG~1\SystemS\Intel\IR21_R.DLL "vidc.rt21"= E:\PROGRA~1\ACEMEG~1\SystemS\Intel\IR21_R.DLL "msacm.imc"= E:\PROGRA~1\ACEMEG~1\SystemS\Intel\IMC32.ACM "vidc.lead"= E:\PROGRA~1\ACEMEG~1\SystemS\LEAD\LCODCCMP.DLL "vidc.dvsd"= E:\PROGRA~1\ACEMEG~1\SystemS\MAINCO~1\MCDVD_32.DLL "vidc.dvc"= E:\PROGRA~1\ACEMEG~1\SystemS\MAINCO~1\MCDVD_32.DLL "vidc.dvcs"= E:\PROGRA~1\ACEMEG~1\SystemS\MAINCO~1\MCDVD_32.DLL "vidc.dcmj"= E:\PROGRA~1\ACEMEG~1\SystemS\MAINCO~1\MCMJPG32.DLL "vidc.avi1"= E:\PROGRA~1\ACEMEG~1\SystemS\MAINCO~1\MCMJPG32.DLL "vidc.avi2"= E:\PROGRA~1\ACEMEG~1\SystemS\MAINCO~1\MCMJPG32.DLL "vidc.dv25"= E:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll "vidc.dv50"= E:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll "vidc.msmc"= E:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll "vidc.mmjp"= E:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll "vidc.mtx1"= E:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll "vidc.mtx2"= E:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll "vidc.mtx3"= E:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll "vidc.mtx4"= E:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll "vidc.mtx5"= E:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll "vidc.mtx6"= E:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll "vidc.mtx7"= E:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll "vidc.mtx8"= E:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll "vidc.mtx9"= E:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll "vidc.mmes"= E:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll "msacm.msadpcm"= E:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msadp32.acm "msacm.imaadpcm"= E:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\imaadp32.acm "msacm.msg711"= E:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msg711.acm "msacm.msg723"= E:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msg723.acm "msacm.msgsm610"= E:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msgsm32.acm "vidc.m261"= E:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msh261.drv "vidc.m263"= E:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msh263.drv "vidc.i420"= E:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msh263.drv "vidc.mrle"= E:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msrle32.dll "vidc.uyvy"= E:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll "vidc.yuy2"= E:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll "vidc.yvyu"= E:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll "vidc.msvc"= E:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msvidc32.dll "vidc.cram"= E:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msvidc32.dll "vidc.mpg4"= E:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\mpg4c32.dll "vidc.mp41"= E:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\mpg4c32.dll "vidc.mp42"= E:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\mpg4c32.dll "vidc.mp43"= E:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\mpg4c32.dll "vidc.mp4s"= E:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\mpg4c32.dll "vidc.mp4v"= E:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\mpg4c32.dll "vidc.wmv3"= E:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\WMV9VCM.dll "msacm.msaudio1"= E:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msaud32.acm "vidc.vixl"= E:\PROGRA~1\ACEMEG~1\SystemS\Miro\miroxl32.dll "vidc.nt00"= E:\PROGRA~1\ACEMEG~1\SystemS\Newtek\ntcodec.dll "msacm.vorbis"= E:\PROGRA~1\ACEMEG~1\SystemS\OGG\vorbis.acm "vidc.vp30"= E:\PROGRA~1\ACEMEG~1\SystemS\ON2TEC~1\vp31vfw.dll "vidc.vp31"= E:\PROGRA~1\ACEMEG~1\SystemS\ON2TEC~1\vp31vfw.dll "vidc.vp60"= E:\PROGRA~1\ACEMEG~1\SystemS\ON2TEC~1\vp6vfw.dll "vidc.vp61"= E:\PROGRA~1\ACEMEG~1\SystemS\ON2TEC~1\vp6vfw.dll "vidc.pdvc"= E:\PROGRA~1\ACEMEG~1\SystemS\PANASO~1\idvcodec.dll "vidc.ipdv"= E:\PROGRA~1\ACEMEG~1\SystemS\PANASO~1\idvcodec.dll "vidc.pvw2"= E:\PROGRA~1\ACEMEG~1\SystemS\Pegasus\pvwv220.dll "vidc.pimj"= E:\PROGRA~1\ACEMEG~1\SystemS\Pegasus\pvljpg20.dll "vidc.mjpx"= E:\PROGRA~1\ACEMEG~1\SystemS\Pegasus\pvmjpg21.dll "vidc.miro"= E:\PROGRA~1\ACEMEG~1\SystemS\Pinnacle\MIRODV~1.DLL "vidc.dcap"= E:\PROGRA~1\ACEMEG~1\SystemS\Pinnacle\MIRODV~1.DLL "vidc.mjpa"= E:\PROGRA~1\ACEMEG~1\SystemS\Pinnacle\RTMJPG~1.DLL "vidc.gpjm"= E:\PROGRA~1\ACEMEG~1\SystemS\Pinnacle\RTMJPG~1.DLL "vidc.pim1"= E:\PROGRA~1\ACEMEG~1\SystemS\Pinnacle\pclepim1.dll "msacm.qmpeg"= E:\PROGRA~1\ACEMEG~1\SystemS\QDesign\qmpeg.acm "vidc.rmp4"= E:\PROGRA~1\ACEMEG~1\SystemS\REALMA~1\rmp4.dll "vidc.rud0"= E:\PROGRA~1\ACEMEG~1\SystemS\Rududu\rududu.dll "msacm.at3"= E:\PROGRA~1\ACEMEG~1\SystemS\SONY\atrac3.acm "vidc.sony"= E:\PROGRA~1\ACEMEG~1\SystemS\SONY\sonydv.dll "vidc.dvcp"= E:\PROGRA~1\ACEMEG~1\SystemS\SONY\sonydv.dll "vidc.s422"= E:\PROGRA~1\ACEMEG~1\SystemS\Tekram\tekyuv.dll "vidc.t420"= E:\PROGRA~1\ACEMEG~1\SystemS\Toshiba\tsbyuv.dll "vidc.y411"= E:\PROGRA~1\ACEMEG~1\SystemS\Toshiba\tsbyuv.dll "vidc.vssv"= E:\PROGRA~1\ACEMEG~1\SystemS\VANGUA~1\vsscodec.dll "msacm.voxacm160"= E:\PROGRA~1\ACEMEG~1\SystemS\VoxWare\vct3216.acm "vidc.xvid"= E:\PROGRA~1\ACEMEG~1\SystemS\XviD\xvidvfw.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "H:\\PROGRAMY\\Zainstalowane\\mis\\BearShare.exe"= "H:\\PROGRAMY\\Zainstalowane\\Gadu-Gadu\\gg.exe"= "E:\\Documents and Settings\\All Users\\Dane aplikacji\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.325\\Polish\\setup.exe"= R3 DAdderFltr;DeathAdder Mouse;E:\WINDOWS\system32\drivers\dadder.sys [2007-08-02 17:32] R3 klim5;Kaspersky Anti-Virus NDIS Filter;E:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 13:28] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D] \Shell\AutoRun\command - m6dqm2vd.exe \Shell\explore\Command - m6dqm2vd.exe \Shell\open\Command - m6dqm2vd.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F] \Shell\AutoRun\command - m6dqm2vd.exe \Shell\explore\Command - m6dqm2vd.exe \Shell\open\Command - m6dqm2vd.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G] \Shell\AutoRun\command - m6dqm2vd.exe \Shell\explore\Command - m6dqm2vd.exe \Shell\open\Command - m6dqm2vd.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H] \Shell\AutoRun\command - m6dqm2vd.exe \Shell\explore\Command - m6dqm2vd.exe \Shell\open\Command - m6dqm2vd.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I] \Shell\AutoRun\command - m6dqm2vd.exe \Shell\explore\Command - m6dqm2vd.exe \Shell\open\Command - m6dqm2vd.exe . ************************************************************************** catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-28 09:05:44 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... ************************************************************************** . Completion time: 2008-04-28 9:07:44 ComboFix-quarantined-files.txt 2008-04-28 07:06:40 ComboFix2.txt 2008-04-27 15:46:43 Pre-Run: 18,389,688,320 bajtów wolnych Post-Run: 18,298,089,472 bajtów wolnych 299

mój komputer i otwórz za pomocą

mój komputer i otwórz za pomocą

Kto jest na forum