internet i sprzet dzialaja znacznie gorzej

[raiylo]

Witam,
jakis czas temu do mojego PC dorwaly sie osoby 3cie bawiace sie razem ze mna na libacji alkoholowej. Obecnie sprzet dziala niesatysfakcjonujaco, to znaczy potrafi sie zawiesic co wczesniej sie nie zdarzalo czy tez wyraznie "tnie" przy uruchamianiu niezbyt wymagajacych aplikacji. Kolejny klopot to polaczenie z internetem, niestabilne, znacznie spadla jakosc... sam nie wiem czy to wina ingerencji nieporzadanych osob ale wole sprawdzic, logi:

HijackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:51:02, on 2007-12-19
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\Stardock\SDMCP.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Ashampoo\Ashampoo FireWall\FireWall.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\nvsvc32.exe
D:\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.5.19.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: ConnectionServices module - {6D7B211A-88EA-490c-BAB9-3600D8D7C503} - C:\Program Files\ConnectionServices\ConnectionServices.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: ADSTechnology Class - {831CBAC0-8283-4653-9D81-FEB9F3F6E47C} - C:\Program Files\ADSTechnology\ADSTechnology.dll
O2 - BHO: ActivationManager module - {86A44EF7-78FC-4e18-A564-B18F806F7F56} - C:\Program Files\ActivationManager\ActivationManager.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Ashampoo FireWall] "C:\Program Files\Ashampoo\Ashampoo FireWall\FireWall.exe" -TRAY
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Flashget] C:\Program Files\FlashGet\flashget.exe /min
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O8 - Extra context menu item: &Ściągnij przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Ściągnij wszystko przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Pobierz za pomocą Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {B91AEDBE-93DF-4017-8BB3-F1C300C0EC51} - file://C:\Program Files\InstallShield\Professional 7 Eval Setup\Disk1\setup.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: winzdn32 - winzdn32.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PunkBuster (PnkBstrA) - Unknown owner - D:\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe

--
End of file - 7632 bytes

Combofix:

ComboFix 07-12-19.2 - p 2007-12-19 16:46:38.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.610 [GMT 1:00]
Running from: E:\Wazne\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\myglobalsearch
C:\Program Files\myglobalsearch\bar\2.bin\M9FFXTBR.JAR
C:\Program Files\myglobalsearch\bar\2.bin\M9FFXTBR.MANIFEST
C:\Program Files\myglobalsearch\bar\2.bin\M9NTSTBR.JAR
C:\Program Files\myglobalsearch\bar\2.bin\M9NTSTBR.MANIFEST
C:\Program Files\myglobalsearch\bar\2.bin\M9PLUGIN.DLL
C:\Program Files\myglobalsearch\bar\2.bin\MGSBAR.DLL
C:\Program Files\myglobalsearch\bar\2.bin\NPMYGLSH.DLL

.
((((((((((((((((((((((((( Files Created from 2007-11-19 to 2007-12-19 )))))))))))))))))))))))))))))))
.

2007-12-18 21:05 . 2007-12-18 21:07 <DIR> d-------- C:\WINDOWS\system32\manutd_fanzone_players dir
2007-12-18 21:05 . 2007-12-18 21:05 <DIR> d-------- C:\WINDOWS\system32\manutd_fanzone_oldtrafford dir
2007-12-18 21:05 . 2007-12-18 21:06 <DIR> d-------- C:\WINDOWS\system32\kidzone_screensaver dir
2007-12-18 21:05 . 2007-12-18 21:05 532,480 --a------ C:\WINDOWS\system32\manutd_fanzone_players.scr
2007-12-18 21:05 . 2007-12-18 21:05 532,480 --a------ C:\WINDOWS\system32\manutd_fanzone_oldtrafford.scr
2007-12-18 21:05 . 2007-12-18 21:05 532,480 --a------ C:\WINDOWS\system32\kidzone_screensaver.scr
2007-12-16 14:49 . 2007-12-16 14:51 <DIR> d-------- C:\Program Files\TVUPlayer
2007-12-16 14:49 . 2007-12-16 14:50 <DIR> d-------- C:\Documents and Settings\p\Dane aplikacji\TVU Networks
2007-12-08 10:48 . 2004-09-30 11:17 135,168 --a------ C:\WINDOWS\system32\directx.cpl
2007-12-03 21:55 . 2007-12-03 21:55 <DIR> d-------- C:\Documents and Settings\p\Dane aplikacji\Apple Computer
2007-12-01 21:31 . 2004-08-03 23:44 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-12-01 21:25 . 2007-12-01 21:25 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-11-30 18:03 . 2007-11-30 18:03 <DIR> d-------- C:\WINDOWS\speech
2007-11-30 18:03 . 2007-11-30 18:12 <DIR> d-------- C:\Program Files\ivo
2007-11-25 16:00 . 2007-11-25 16:00 <DIR> d-------- C:\Program Files\Common Files\Enterbrain
2007-11-21 19:53 . 2007-11-21 19:53 <DIR> d-------- C:\Program Files\totalcmd
2007-11-21 19:53 . 2007-12-02 13:16 3,973 --a------ C:\WINDOWS\wincmd.ini
2007-11-21 19:53 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\UC.PIF
2007-11-21 19:53 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\RAR.PIF
2007-11-21 19:53 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\PKZIP.PIF
2007-11-21 19:53 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\PKUNZIP.PIF
2007-11-21 19:53 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\NOCLOSE.PIF
2007-11-21 19:53 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\LHA.PIF
2007-11-21 19:53 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\ARJ.PIF
2007-11-21 19:53 . 2007-12-02 13:11 522 --a------ C:\WINDOWS\wcx_ftp.ini
2007-11-21 16:36 . 2007-11-21 16:36 <DIR> d-------- C:\Program Files\AbsoluteFTP
2007-11-21 16:36 . 2007-11-21 16:36 <DIR> d-------- C:\Documents and Settings\p\Dane aplikacji\VanDyke

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-19 15:22 --------- d-----w C:\Documents and Settings\p\Dane aplikacji\Skype
2007-12-19 15:09 --------- d-----w C:\Program Files\FlashGet
2007-12-11 19:14 --------- d-----w C:\Program Files\MWSnap
2007-12-09 11:45 --------- d-----w C:\Program Files\Gadu-Gadu
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
2007-12-02 12:39 --------- d-----w C:\Documents and Settings\p\Dane aplikacji\gtk-2.0
2007-12-01 19:13 --------- d-----w C:\Program Files\SopCast
2007-11-29 14:43 --------- d-----w C:\Program Files\ConnectionServices
2007-11-27 19:50 --------- d-----w C:\Documents and Settings\p\Dane aplikacji\SopCast
2007-11-25 15:55 --------- d-----w C:\Program Files\CamStudio
2007-11-21 18:45 --------- d-----w C:\Documents and Settings\p\Dane aplikacji\FileZilla
2007-11-18 16:00 --------- d-----w C:\Program Files\eMule
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-09 19:17 --------- d-----w C:\Documents and Settings\p\Dane aplikacji\Hamachi
2007-11-06 17:15 25,280 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
2007-11-06 14:13 --------- d-----w C:\Program Files\BearShare
2007-11-03 14:22 --------- d-----w C:\Program Files\IrfanView
2007-11-03 11:42 --------- d-----w C:\Program Files\ActivationManager
2007-11-02 20:14 --------- d-----w C:\Program Files\Hide IP Platinum
2007-10-31 18:40 --------- d-----w C:\Program Files\mIRC
2007-10-31 18:13 --------- d-----w C:\Program Files\Opera
2007-10-31 16:51 --------- d-----w C:\Program Files\Ashampoo
2007-10-30 18:25 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Agnitum
2007-10-30 17:39 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-29 22:44 1,291,264 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-28 17:31 --------- d-----w C:\Program Files\DAEMON Tools
2007-10-28 17:29 --------- d--h--w C:\Program Files\Zero G Registry
2007-10-22 12:03 --------- d-----w C:\Documents and Settings\p\Dane aplikacji\Media Player Classic
2007-10-22 12:02 --------- d-----w C:\Program Files\Real Alternative
2007-10-20 05:01 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-09-29 10:47 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-08-05 20:33 66,934 ----a-w C:\WINDOWS\Fonts\hg.zip
2007-08-05 20:32 90,604 ----a-w C:\WINDOWS\Fonts\uoip.zip
2007-08-05 20:32 82,799 ----a-w C:\WINDOWS\Fonts\yu.zip
2007-08-05 20:32 299,872 ----a-w C:\WINDOWS\Fonts\t.zip
2007-08-05 20:32 198,857 ----a-w C:\WINDOWS\Fonts\p[;.zip
2007-08-05 20:32 175,178 ----a-w C:\WINDOWS\Fonts\[.zip
2007-08-05 20:32 128,796 ----a-w C:\WINDOWS\Fonts\oi.o..zip
2007-08-05 20:32 120,692 ----a-w C:\WINDOWS\Fonts\i.zip
2007-08-05 20:31 66,865 ----a-w C:\WINDOWS\Fonts\cxvcx.zip
2007-08-05 20:31 58,728 ----a-w C:\WINDOWS\Fonts\edf.zip
2007-08-05 20:31 319,491 ----a-w C:\WINDOWS\Fonts\erty.zip
2007-08-05 20:31 23,360 ----a-w C:\WINDOWS\Fonts\qwe.zip
2007-08-05 20:31 18,062 ----a-w C:\WINDOWS\Fonts\rty.zip
2007-08-05 20:30 331,447 ----a-w C:\WINDOWS\Fonts\sdfsdf.zip
2007-08-05 20:30 250,926 ----a-w C:\WINDOWS\Fonts\fdg.zip
2007-08-05 20:30 181,729 ----a-w C:\WINDOWS\Fonts\ss.zip
2007-08-05 20:30 14,532 ----a-w C:\WINDOWS\Fonts\dfg.zip
2007-08-05 20:30 122,962 ----a-w C:\WINDOWS\Fonts\dfgfdg.zip
2007-08-05 20:29 89,933 ----a-w C:\WINDOWS\Fonts\downloadrfwe.zip
2007-08-05 20:29 75,972 ----a-w C:\WINDOWS\Fonts\2.zip
2007-08-05 20:29 433,029 ----a-w C:\WINDOWS\Fonts\download.zip
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D7B211A-88EA-490c-BAB9-3600D8D7C503}]
2007-11-24 16:40 399872 --a------ C:\Program Files\ConnectionServices\ConnectionServices.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{831CBAC0-8283-4653-9D81-FEB9F3F6E47C}]
2007-09-11 04:01 118784 --a------ C:\Program Files\ADSTechnology\ADSTechnology.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{86A44EF7-78FC-4e18-A564-B18F806F7F56}]
2007-10-31 18:07 233472 --a------ C:\Program Files\ActivationManager\ActivationManager.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-05-08 09:47]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-04-20 16:51]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-03 23:44 C:\WINDOWS\system32\rundll32.exe]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 14:21 C:\WINDOWS\system32\HdAShCut.exe]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-05-21 10:11]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00]
"Ashampoo FireWall"="C:\Program Files\Ashampoo\Ashampoo FireWall\FireWall.exe" [2007-04-05 14:57]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-03 23:44 C:\WINDOWS\system32\rundll32.exe]
"Flashget"="C:\Program Files\FlashGet\flashget.exe" [2007-09-25 09:10]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"RunStartupScriptSync"= 1 (0x1)
"SynchronousMachineGroupPolicy"= 1 (0x1)
"SynchronousUserGroupPolicy"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoStrCmpLogical"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 0 (0x0)
"NoRecentDocsHistory"= 0 (0x0)
"MemCheckBoxInRunDlg"= 0 (0x0)
"NoAutoTrayNotify"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoResolveSearch"= 0 (0x0)
"NoWelcomeScreen"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
"ForceClassicControlPanel"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
C:\Program Files\Common Files\Stardock\mcpstub.dll 2005-01-31 14:13 49152 C:\Program Files\Common Files\Stardock\MCPStub.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winzdn32]
winzdn32.dll

R1 ISODrive;ISO DVD/CD-ROM Device Driver;C:\Program Files\UltraISO\drivers\ISODrive.sys [2007-04-13 16:42]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2007-04-05 10:55]
R3 AEAudioService;AEAudio Service;C:\WINDOWS\system32\drivers\AEAudio.sys [2005-03-05 21:53]
R3 lmimirr;lmimirr;C:\WINDOWS\system32\DRIVERS\lmimirr.sys [2007-04-17 13:00]
S2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\RaInfo.sys []
S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 22:08]

.
Contents of the 'Scheduled Tasks' folder
"2007-09-26 17:48:55 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-19 16:48:19
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
-> C:\Program Files\Ashampoo\Ashampoo FireWall\spi.dll
.
Completion time: 2007-12-19 16:48:43
.
2007-12-12 13:59:41 --- E O F ---

[wojtas]

O2 - BHO: ConnectionServices module - {6D7B211A-88EA-490c-BAB9-3600D8D7C503} - C:\Program Files\ConnectionServices\ConnectionServices.dll
O2 - BHO: ADSTechnology Class - {831CBAC0-8283-4653-9D81-FEB9F3F6E47C} - C:\Program Files\ADSTechnology\ADSTechnology.dll
O2 - BHO: ActivationManager module - {86A44EF7-78FC-4e18-A564-B18F806F7F56} - C:\Program Files\ActivationManager\ActivationManager.dll
O20 - Winlogon Notify: winzdn32 - winzdn32.dll (file missing)

skasuj te wpisy + pogrubione do kosza

znasz to:

wyglada mi to na jakies czcionki zapakowane w rara lub cos oraz jakies wygaszacze ekranu sam to instalowales , sciagales?

2007-08-05 20:33 66,934 ----a-w C:\WINDOWS\Fonts\hg.zip
2007-08-05 20:32 90,604 ----a-w C:\WINDOWS\Fonts\uoip.zip
2007-08-05 20:32 82,799 ----a-w C:\WINDOWS\Fonts\yu.zip
2007-08-05 20:32 299,872 ----a-w C:\WINDOWS\Fonts\t.zip
2007-08-05 20:32 198,857 ----a-w C:\WINDOWS\Fonts\p[;.zip
2007-08-05 20:32 175,178 ----a-w C:\WINDOWS\Fonts\[.zip
2007-08-05 20:32 128,796 ----a-w C:\WINDOWS\Fonts\oi.o..zip
2007-08-05 20:32 120,692 ----a-w C:\WINDOWS\Fonts\i.zip
2007-08-05 20:31 66,865 ----a-w C:\WINDOWS\Fonts\cxvcx.zip
2007-08-05 20:31 58,728 ----a-w C:\WINDOWS\Fonts\edf.zip
2007-08-05 20:31 319,491 ----a-w C:\WINDOWS\Fonts\erty.zip
2007-08-05 20:31 23,360 ----a-w C:\WINDOWS\Fonts\qwe.zip


2007-12-18 21:05 . 2007-12-18 21:07 <DIR> d-------- C:\WINDOWS\system32\manutd_fanzone_players dir
2007-12-18 21:05 . 2007-12-18 21:05 <DIR> d-------- C:\WINDOWS\system32\manutd_fanzone_oldtrafford dir
2007-12-18 21:05 . 2007-12-18 21:06 <DIR> d-------- C:\WINDOWS\system32\kidzone_screensaver dir
2007-12-18 21:05 . 2007-12-18 21:05 532,480 --a------ C:\WINDOWS\system32\manutd_fanzone_players.scr
2007-12-18 21:05 . 2007-12-18 21:05 532,480 --a------ C:\WINDOWS\system32\manutd_fanzone_oldtrafford.scr
2007-12-18 21:05 . 2007-12-18 21:05 532,480 --a------ C:\WINDOWS\system32\kidzone_screensaver.scr

[raiylo]

wyglada mi to na jakies czcionki zapakowane w rara lub cos oraz jakies wygaszacze ekranu sam to instalowales , sciagales?

Cytowny przez Ciebie fragment loga to dokladnie to co napisales, wygaszacze ekranu sciagniete z oficjalnej strony Manchesteru United, co do czcionek nigdy nie wrzucalem spakowanych zestawow do katalogu Fonts, zawsze byly one juz gotowe do uzycia czyli wypakowane.

[wojtas]

ok wykonaj co kazalem i wroc z logami

[raiylo]

Combofix:

ComboFix 07-12-19.2 - p 2007-12-19 20:20:14.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.631 [GMT 1:00]
Running from: E:\Wazne\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2007-11-19 to 2007-12-19 )))))))))))))))))))))))))))))))
.

2007-12-18 21:05 . 2007-12-18 21:07 <DIR> d-------- C:\WINDOWS\system32\manutd_fanzone_players dir
2007-12-18 21:05 . 2007-12-18 21:05 <DIR> d-------- C:\WINDOWS\system32\manutd_fanzone_oldtrafford dir
2007-12-18 21:05 . 2007-12-18 21:06 <DIR> d-------- C:\WINDOWS\system32\kidzone_screensaver dir
2007-12-18 21:05 . 2007-12-18 21:05 532,480 --a------ C:\WINDOWS\system32\manutd_fanzone_players.scr
2007-12-18 21:05 . 2007-12-18 21:05 532,480 --a------ C:\WINDOWS\system32\manutd_fanzone_oldtrafford.scr
2007-12-18 21:05 . 2007-12-18 21:05 532,480 --a------ C:\WINDOWS\system32\kidzone_screensaver.scr
2007-12-16 14:49 . 2007-12-16 14:51 <DIR> d-------- C:\Program Files\TVUPlayer
2007-12-16 14:49 . 2007-12-16 14:50 <DIR> d-------- C:\Documents and Settings\p\Dane aplikacji\TVU Networks
2007-12-08 10:48 . 2004-09-30 11:17 135,168 --a------ C:\WINDOWS\system32\directx.cpl
2007-12-03 21:55 . 2007-12-03 21:55 <DIR> d-------- C:\Documents and Settings\p\Dane aplikacji\Apple Computer
2007-12-01 21:31 . 2004-08-03 23:44 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-12-01 21:25 . 2007-12-01 21:25 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-11-30 18:03 . 2007-11-30 18:03 <DIR> d-------- C:\WINDOWS\speech
2007-11-30 18:03 . 2007-11-30 18:12 <DIR> d-------- C:\Program Files\ivo
2007-11-25 16:00 . 2007-11-25 16:00 <DIR> d-------- C:\Program Files\Common Files\Enterbrain
2007-11-21 19:53 . 2007-11-21 19:53 <DIR> d-------- C:\Program Files\totalcmd
2007-11-21 19:53 . 2007-12-02 13:16 3,973 --a------ C:\WINDOWS\wincmd.ini
2007-11-21 19:53 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\UC.PIF
2007-11-21 19:53 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\RAR.PIF
2007-11-21 19:53 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\PKZIP.PIF
2007-11-21 19:53 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\PKUNZIP.PIF
2007-11-21 19:53 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\NOCLOSE.PIF
2007-11-21 19:53 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\LHA.PIF
2007-11-21 19:53 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\ARJ.PIF
2007-11-21 19:53 . 2007-12-02 13:11 522 --a------ C:\WINDOWS\wcx_ftp.ini
2007-11-21 16:36 . 2007-11-21 16:36 <DIR> d-------- C:\Program Files\AbsoluteFTP
2007-11-21 16:36 . 2007-11-21 16:36 <DIR> d-------- C:\Documents and Settings\p\Dane aplikacji\VanDyke

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-19 19:17 --------- d-----w C:\Program Files\MWSnap
2007-12-19 19:00 --------- d-----w C:\Program Files\FlashGet
2007-12-19 19:00 --------- d-----w C:\Documents and Settings\p\Dane aplikacji\Skype
2007-12-19 18:31 --------- d-----w C:\Program Files\ConnectionServices
2007-12-09 11:45 --------- d-----w C:\Program Files\Gadu-Gadu
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
2007-12-02 12:39 --------- d-----w C:\Documents and Settings\p\Dane aplikacji\gtk-2.0
2007-12-01 19:13 --------- d-----w C:\Program Files\SopCast
2007-11-27 19:50 --------- d-----w C:\Documents and Settings\p\Dane aplikacji\SopCast
2007-11-25 15:55 --------- d-----w C:\Program Files\CamStudio
2007-11-21 18:45 --------- d-----w C:\Documents and Settings\p\Dane aplikacji\FileZilla
2007-11-18 16:00 --------- d-----w C:\Program Files\eMule
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-09 19:17 --------- d-----w C:\Documents and Settings\p\Dane aplikacji\Hamachi
2007-11-06 17:15 25,280 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
2007-11-06 14:13 --------- d-----w C:\Program Files\BearShare
2007-11-03 14:22 --------- d-----w C:\Program Files\IrfanView
2007-11-02 20:14 --------- d-----w C:\Program Files\Hide IP Platinum
2007-10-31 18:40 --------- d-----w C:\Program Files\mIRC
2007-10-31 18:13 --------- d-----w C:\Program Files\Opera
2007-10-31 16:51 --------- d-----w C:\Program Files\Ashampoo
2007-10-30 18:25 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Agnitum
2007-10-30 17:39 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-29 22:44 1,291,264 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-28 17:31 --------- d-----w C:\Program Files\DAEMON Tools
2007-10-28 17:29 --------- d--h--w C:\Program Files\Zero G Registry
2007-10-22 12:03 --------- d-----w C:\Documents and Settings\p\Dane aplikacji\Media Player Classic
2007-10-22 12:02 --------- d-----w C:\Program Files\Real Alternative
2007-10-20 05:01 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-09-29 10:47 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-08-05 20:33 66,934 ----a-w C:\WINDOWS\Fonts\hg.zip
2007-08-05 20:32 90,604 ----a-w C:\WINDOWS\Fonts\uoip.zip
2007-08-05 20:32 82,799 ----a-w C:\WINDOWS\Fonts\yu.zip
2007-08-05 20:32 299,872 ----a-w C:\WINDOWS\Fonts\t.zip
2007-08-05 20:32 198,857 ----a-w C:\WINDOWS\Fonts\p[;.zip
2007-08-05 20:32 175,178 ----a-w C:\WINDOWS\Fonts\[.zip
2007-08-05 20:32 128,796 ----a-w C:\WINDOWS\Fonts\oi.o..zip
2007-08-05 20:32 120,692 ----a-w C:\WINDOWS\Fonts\i.zip
2007-08-05 20:31 66,865 ----a-w C:\WINDOWS\Fonts\cxvcx.zip
2007-08-05 20:31 58,728 ----a-w C:\WINDOWS\Fonts\edf.zip
2007-08-05 20:31 319,491 ----a-w C:\WINDOWS\Fonts\erty.zip
2007-08-05 20:31 23,360 ----a-w C:\WINDOWS\Fonts\qwe.zip
2007-08-05 20:31 18,062 ----a-w C:\WINDOWS\Fonts\rty.zip
2007-08-05 20:30 331,447 ----a-w C:\WINDOWS\Fonts\sdfsdf.zip
2007-08-05 20:30 250,926 ----a-w C:\WINDOWS\Fonts\fdg.zip
2007-08-05 20:30 181,729 ----a-w C:\WINDOWS\Fonts\ss.zip
2007-08-05 20:30 14,532 ----a-w C:\WINDOWS\Fonts\dfg.zip
2007-08-05 20:30 122,962 ----a-w C:\WINDOWS\Fonts\dfgfdg.zip
2007-08-05 20:29 89,933 ----a-w C:\WINDOWS\Fonts\downloadrfwe.zip
2007-08-05 20:29 75,972 ----a-w C:\WINDOWS\Fonts\2.zip
2007-08-05 20:29 433,029 ----a-w C:\WINDOWS\Fonts\download.zip
.

((((((((((((((((((((((((((((( snapshot@2007-12-19_16.48.20,73 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-12-19 18:59:56 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_4e4.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-05-08 09:47]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-04-20 16:51]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-03 23:44 C:\WINDOWS\system32\rundll32.exe]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 14:21 C:\WINDOWS\system32\HdAShCut.exe]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-05-21 10:11]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00]
"Ashampoo FireWall"="C:\Program Files\Ashampoo\Ashampoo FireWall\FireWall.exe" [2007-04-05 14:57]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-03 23:44 C:\WINDOWS\system32\rundll32.exe]
"Flashget"="C:\Program Files\FlashGet\flashget.exe" [2007-09-25 09:10]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"RunStartupScriptSync"= 1 (0x1)
"SynchronousMachineGroupPolicy"= 1 (0x1)
"SynchronousUserGroupPolicy"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoStrCmpLogical"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 0 (0x0)
"NoRecentDocsHistory"= 0 (0x0)
"MemCheckBoxInRunDlg"= 0 (0x0)
"NoAutoTrayNotify"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoResolveSearch"= 0 (0x0)
"NoWelcomeScreen"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
"ForceClassicControlPanel"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
C:\Program Files\Common Files\Stardock\mcpstub.dll 2005-01-31 14:13 49152 C:\Program Files\Common Files\Stardock\MCPStub.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winzdn32]
winzdn32.dll

R1 ISODrive;ISO DVD/CD-ROM Device Driver;C:\Program Files\UltraISO\drivers\ISODrive.sys [2007-04-13 16:42]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2007-04-05 10:55]
R3 AEAudioService;AEAudio Service;C:\WINDOWS\system32\drivers\AEAudio.sys [2005-03-05 21:53]
R3 lmimirr;lmimirr;C:\WINDOWS\system32\DRIVERS\lmimirr.sys [2007-04-17 13:00]
S2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\RaInfo.sys []
S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 22:08]

.
Contents of the 'Scheduled Tasks' folder
"2007-09-26 17:48:55 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-19 20:21:49
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
-> C:\Program Files\Ashampoo\Ashampoo FireWall\spi.dll
.
Completion time: 2007-12-19 20:22:21
C:\ComboFix2.txt ... 2007-12-19 16:48
.
2007-12-12 13:59:41 --- E O F ---

HijackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:25:21, on 2007-12-19
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\Stardock\SDMCP.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Ashampoo\Ashampoo FireWall\FireWall.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
D:\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\MWSnap\MWSnap.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.5.19.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Ashampoo FireWall] "C:\Program Files\Ashampoo\Ashampoo FireWall\FireWall.exe" -TRAY
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Flashget] C:\Program Files\FlashGet\flashget.exe /min
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O8 - Extra context menu item: &Ściągnij przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Ściągnij wszystko przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Pobierz za pomocą Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {B91AEDBE-93DF-4017-8BB3-F1C300C0EC51} - file://C:\Program Files\InstallShield\Professional 7 Eval Setup\Disk1\setup.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: winzdn32 - winzdn32.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PunkBuster (PnkBstrA) - Unknown owner - D:\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe

--
End of file - 7270 bytes

[wojtas]

wklej do notatnika:

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winzdn32]

w notatniku u góry>>>plik zapisz jako>>>Zmien rozszerzenie z TXT na Wszystkie pliki *.* >>> Zapisz pod nazwą FIX.REG

Klikasz dwa razy na powstały plik fix i dodajesz go do rejestru....


potem znowu do notatnika:

Folder::
C:\Program Files\ConnectionServices

Plik >>> zapisz jako CFScript.txt .Plik przeciągnij i upuść na ikonę ComboFixa (tak jak tu ) . Potwierdz >>> zresetuje sie komputer

(jeśli pojawi się pytanie "1 or 2" - to wpisz 1 i naciśnij ENTER). Rozpocznie się proces usuwania
Potem nowy log z hijacka oraz combofixa

Autor postu otrzymał pochwałę

[raiylo]

HijackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:39:02, on 2007-12-19
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\Stardock\SDMCP.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Ashampoo\Ashampoo FireWall\FireWall.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
D:\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.5.19.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Ashampoo FireWall] "C:\Program Files\Ashampoo\Ashampoo FireWall\FireWall.exe" -TRAY
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Flashget] C:\Program Files\FlashGet\flashget.exe /min
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O8 - Extra context menu item: &Ściągnij przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Ściągnij wszystko przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Pobierz za pomocą Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {B91AEDBE-93DF-4017-8BB3-F1C300C0EC51} - file://C:\Program Files\InstallShield\Professional 7 Eval Setup\Disk1\setup.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PunkBuster (PnkBstrA) - Unknown owner - D:\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe

--
End of file - 7171 bytes

Combofix:

ComboFix 07-12-19.2 - p 2007-12-19 20:35:54.6 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.623 [GMT 1:00]
Running from: E:\Wazne\ComboFix.exe
Command switches used :: C:\Documents and Settings\p\Pulpit\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\ConnectionServices
C:\Program Files\ConnectionServices\Uninstall.exe

.
((((((((((((((((((((((((( Files Created from 2007-11-19 to 2007-12-19 )))))))))))))))))))))))))))))))
.

2007-12-18 21:05 . 2007-12-18 21:07 <DIR> d-------- C:\WINDOWS\system32\manutd_fanzone_players dir
2007-12-18 21:05 . 2007-12-18 21:05 <DIR> d-------- C:\WINDOWS\system32\manutd_fanzone_oldtrafford dir
2007-12-18 21:05 . 2007-12-18 21:06 <DIR> d-------- C:\WINDOWS\system32\kidzone_screensaver dir
2007-12-18 21:05 . 2007-12-18 21:05 532,480 --a------ C:\WINDOWS\system32\manutd_fanzone_players.scr
2007-12-18 21:05 . 2007-12-18 21:05 532,480 --a------ C:\WINDOWS\system32\manutd_fanzone_oldtrafford.scr
2007-12-18 21:05 . 2007-12-18 21:05 532,480 --a------ C:\WINDOWS\system32\kidzone_screensaver.scr
2007-12-16 14:49 . 2007-12-16 14:51 <DIR> d-------- C:\Program Files\TVUPlayer
2007-12-16 14:49 . 2007-12-16 14:50 <DIR> d-------- C:\Documents and Settings\p\Dane aplikacji\TVU Networks
2007-12-08 10:48 . 2004-09-30 11:17 135,168 --a------ C:\WINDOWS\system32\directx.cpl
2007-12-03 21:55 . 2007-12-03 21:55 <DIR> d-------- C:\Documents and Settings\p\Dane aplikacji\Apple Computer
2007-12-01 21:31 . 2004-08-03 23:44 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-12-01 21:25 . 2007-12-01 21:25 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-11-30 18:03 . 2007-11-30 18:03 <DIR> d-------- C:\WINDOWS\speech
2007-11-30 18:03 . 2007-11-30 18:12 <DIR> d-------- C:\Program Files\ivo
2007-11-25 16:00 . 2007-11-25 16:00 <DIR> d-------- C:\Program Files\Common Files\Enterbrain
2007-11-21 19:53 . 2007-11-21 19:53 <DIR> d-------- C:\Program Files\totalcmd
2007-11-21 19:53 . 2007-12-02 13:16 3,973 --a------ C:\WINDOWS\wincmd.ini
2007-11-21 19:53 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\UC.PIF
2007-11-21 19:53 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\RAR.PIF
2007-11-21 19:53 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\PKZIP.PIF
2007-11-21 19:53 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\PKUNZIP.PIF
2007-11-21 19:53 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\NOCLOSE.PIF
2007-11-21 19:53 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\LHA.PIF
2007-11-21 19:53 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\ARJ.PIF
2007-11-21 19:53 . 2007-12-02 13:11 522 --a------ C:\WINDOWS\wcx_ftp.ini
2007-11-21 16:36 . 2007-11-21 16:36 <DIR> d-------- C:\Program Files\AbsoluteFTP
2007-11-21 16:36 . 2007-11-21 16:36 <DIR> d-------- C:\Documents and Settings\p\Dane aplikacji\VanDyke

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-19 19:31 --------- d-----w C:\Program Files\MWSnap
2007-12-19 19:00 --------- d-----w C:\Program Files\FlashGet
2007-12-19 19:00 --------- d-----w C:\Documents and Settings\p\Dane aplikacji\Skype
2007-12-09 11:45 --------- d-----w C:\Program Files\Gadu-Gadu
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
2007-12-02 12:39 --------- d-----w C:\Documents and Settings\p\Dane aplikacji\gtk-2.0
2007-12-01 19:13 --------- d-----w C:\Program Files\SopCast
2007-11-27 19:50 --------- d-----w C:\Documents and Settings\p\Dane aplikacji\SopCast
2007-11-25 15:55 --------- d-----w C:\Program Files\CamStudio
2007-11-21 18:45 --------- d-----w C:\Documents and Settings\p\Dane aplikacji\FileZilla
2007-11-18 16:00 --------- d-----w C:\Program Files\eMule
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-09 19:17 --------- d-----w C:\Documents and Settings\p\Dane aplikacji\Hamachi
2007-11-06 17:15 25,280 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
2007-11-06 14:13 --------- d-----w C:\Program Files\BearShare
2007-11-03 14:22 --------- d-----w C:\Program Files\IrfanView
2007-11-02 20:14 --------- d-----w C:\Program Files\Hide IP Platinum
2007-10-31 18:40 --------- d-----w C:\Program Files\mIRC
2007-10-31 18:13 --------- d-----w C:\Program Files\Opera
2007-10-31 16:51 --------- d-----w C:\Program Files\Ashampoo
2007-10-30 18:25 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Agnitum
2007-10-30 17:39 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-29 22:44 1,291,264 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-28 17:31 --------- d-----w C:\Program Files\DAEMON Tools
2007-10-28 17:29 --------- d--h--w C:\Program Files\Zero G Registry
2007-10-22 12:03 --------- d-----w C:\Documents and Settings\p\Dane aplikacji\Media Player Classic
2007-10-22 12:02 --------- d-----w C:\Program Files\Real Alternative
2007-10-20 05:01 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-09-29 10:47 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-08-05 20:33 66,934 ----a-w C:\WINDOWS\Fonts\hg.zip
2007-08-05 20:32 90,604 ----a-w C:\WINDOWS\Fonts\uoip.zip
2007-08-05 20:32 82,799 ----a-w C:\WINDOWS\Fonts\yu.zip
2007-08-05 20:32 299,872 ----a-w C:\WINDOWS\Fonts\t.zip
2007-08-05 20:32 198,857 ----a-w C:\WINDOWS\Fonts\p[;.zip
2007-08-05 20:32 175,178 ----a-w C:\WINDOWS\Fonts\[.zip
2007-08-05 20:32 128,796 ----a-w C:\WINDOWS\Fonts\oi.o..zip
2007-08-05 20:32 120,692 ----a-w C:\WINDOWS\Fonts\i.zip
2007-08-05 20:31 66,865 ----a-w C:\WINDOWS\Fonts\cxvcx.zip
2007-08-05 20:31 58,728 ----a-w C:\WINDOWS\Fonts\edf.zip
2007-08-05 20:31 319,491 ----a-w C:\WINDOWS\Fonts\erty.zip
2007-08-05 20:31 23,360 ----a-w C:\WINDOWS\Fonts\qwe.zip
2007-08-05 20:31 18,062 ----a-w C:\WINDOWS\Fonts\rty.zip
2007-08-05 20:30 331,447 ----a-w C:\WINDOWS\Fonts\sdfsdf.zip
2007-08-05 20:30 250,926 ----a-w C:\WINDOWS\Fonts\fdg.zip
2007-08-05 20:30 181,729 ----a-w C:\WINDOWS\Fonts\ss.zip
2007-08-05 20:30 14,532 ----a-w C:\WINDOWS\Fonts\dfg.zip
2007-08-05 20:30 122,962 ----a-w C:\WINDOWS\Fonts\dfgfdg.zip
2007-08-05 20:29 89,933 ----a-w C:\WINDOWS\Fonts\downloadrfwe.zip
2007-08-05 20:29 75,972 ----a-w C:\WINDOWS\Fonts\2.zip
2007-08-05 20:29 433,029 ----a-w C:\WINDOWS\Fonts\download.zip
.

((((((((((((((((((((((((((((( snapshot@2007-12-19_16.48.20,73 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-12-19 18:59:56 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_4e4.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-05-08 09:47]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-04-20 16:51]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-03 23:44 C:\WINDOWS\system32\rundll32.exe]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 14:21 C:\WINDOWS\system32\HdAShCut.exe]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-05-21 10:11]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00]
"Ashampoo FireWall"="C:\Program Files\Ashampoo\Ashampoo FireWall\FireWall.exe" [2007-04-05 14:57]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-03 23:44 C:\WINDOWS\system32\rundll32.exe]
"Flashget"="C:\Program Files\FlashGet\flashget.exe" [2007-09-25 09:10]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"RunStartupScriptSync"= 1 (0x1)
"SynchronousMachineGroupPolicy"= 1 (0x1)
"SynchronousUserGroupPolicy"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoStrCmpLogical"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 0 (0x0)
"NoRecentDocsHistory"= 0 (0x0)
"MemCheckBoxInRunDlg"= 0 (0x0)
"NoAutoTrayNotify"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoResolveSearch"= 0 (0x0)
"NoWelcomeScreen"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
"ForceClassicControlPanel"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
C:\Program Files\Common Files\Stardock\mcpstub.dll 2005-01-31 14:13 49152 C:\Program Files\Common Files\Stardock\MCPStub.dll

R1 ISODrive;ISO DVD/CD-ROM Device Driver;C:\Program Files\UltraISO\drivers\ISODrive.sys [2007-04-13 16:42]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2007-04-05 10:55]
R3 AEAudioService;AEAudio Service;C:\WINDOWS\system32\drivers\AEAudio.sys [2005-03-05 21:53]
R3 lmimirr;lmimirr;C:\WINDOWS\system32\DRIVERS\lmimirr.sys [2007-04-17 13:00]
S2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\RaInfo.sys []
S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 22:08]

.
Contents of the 'Scheduled Tasks' folder
"2007-09-26 17:48:55 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-19 20:36:38
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
-> C:\Program Files\Ashampoo\Ashampoo FireWall\spi.dll
.
Completion time: 2007-12-19 20:37:02
C:\ComboFix2.txt ... 2007-12-19 20:22
C:\ComboFix3.txt ... 2007-12-19 16:48
.
2007-12-12 13:59:41 --- E O F ---

[wojtas]

czysto jest

[raiylo]

Swietnie dziekuje Ci serdecznie wojtas19162