Komputer wolno chodzi i sie zawiesza

[Pawel616]

Był bym wdzieczny jak ktos by sprawdzil ;p

combofix

Kod: Zaznacz wszystko

ComboFix 09-03-14.02 - Marta 2009-03-15 19:22:24.2 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1250.1.1045.18.255.95 [GMT 1:00]
Uruchomiony z: c:\documents and settings\Marta\Moje dokumenty\anty key\ComboFixx.exe

UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!
.

(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\LocalService\Dane aplikacji\twain_32
c:\documents and settings\LocalService\Dane aplikacji\twain_32\user.ds
c:\documents and settings\NetworkService\Dane aplikacji\twain_32
c:\documents and settings\NetworkService\Dane aplikacji\twain_32\user.ds
c:\program files\LPVideoPlugin
c:\program files\LPVideoPlugin\5378.exe
c:\program files\LPVideoPlugin\work.log
c:\program files\MicroAntivirus
c:\program files\MicroAntivirus\microAV.cpl
c:\program files\MicroAntivirus\microAV.exe
c:\program files\MicroAntivirus\microAV.ooo
c:\program files\MicroAntivirus\microAV0.dat
c:\program files\MicroAntivirus\microAV1.dat
c:\windows\system32\drivers\TDSSnxwe.sys
c:\windows\system32\explorer.exe
c:\windows\system32\TDSSmtpe.dat
c:\windows\system32\TDSSnpur.dll
c:\windows\system32\TDSSnrse.dll
c:\windows\system32\TDSSohtu.dll
c:\windows\system32\TDSSoiqh.dll
c:\windows\system32\TDSSoiqh.log
c:\windows\system32\TDSSosvn.log
c:\windows\system32\TDSSpqxt.log
c:\windows\system32\TDSSprpx.dll
c:\windows\system32\tdssservers.dat
c:\windows\system32\TDSSyhqm.dll
c:\windows\system32\twain_32
c:\windows\system32\twain_32\local.ds
c:\windows\system32\twain_32\user.ds
c:\windows\system32\twain32
c:\windows\system32\twain32\local.ds
c:\windows\system32\twain32\user.ds
c:\windows\system32\twex.exe
c:\windows\system32\twext.exe

.
(((((((((((((((((((((((((((((((((((((((   Sterowniki/Usługi   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_TDSSSERV.SYS
-------\Legacy_TDSSSERV.SYS


(((((((((((((((((((((((((   Pliki utworzone od 2009-02-15 do 2009-03-15  )))))))))))))))))))))))))))))))
.

2009-03-08 14:26 . 2009-03-08 14:26   <DIR>   d--------   C:\games

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-15 17:00   ---------   d-----w   c:\program files\Norton Security Scan
2009-03-15 10:19   ---------   d-----w   c:\documents and settings\Marta\Dane aplikacji\MegauploadToolbar
2009-03-11 18:01   ---------   d-----w   c:\documents and settings\All Users\Dane aplikacji\CanonIJPLM
2009-03-06 08:38   ---------   d-----w   c:\documents and settings\Pawel\Dane aplikacji\MEGAUPLOADTOOLBAR
2009-02-22 13:25   ---------   d-----w   c:\documents and settings\Marta\Dane aplikacji\Tibia
2009-01-21 12:15   382,464   ----a-w   C:\KillIt.exe
2008-12-29 10:12   2,710   ----a-w   c:\windows\system32\TDSSpqxt.dll
2008-12-29 08:22   2,710   ----a-w   c:\windows\system32\TDSSmhct.dll
2008-09-20 05:29   382,352   -c--a-w   c:\program files\jre-6u7-windows-i586-p-iftw.exe
2008-04-29 18:05   4,566,240   ----a-w   c:\program files\TVUPlayer.zip
2007-11-16 15:34   1,336,832   -c--a-w   c:\program files\ventrilo-2.1.4(www.plikmania.pl).exe
2006-08-06 22:53   9,924,115   -c--a-w   c:\documents and settings\Marta\tibia76.exe
2006-07-14 16:46   35,097,792   -c--a-w   c:\program files\directx_9c_redist.exe
2004-07-22 08:51   3,432,656   -c--a-w   c:\program files\ManagedDX.CAB
2004-07-19 20:58   1,156,363   -c--a-w   c:\program files\BDANT.cab
2004-07-19 20:53   976,020   -c--a-w   c:\program files\BDAXP.cab
2004-07-16 12:30   3,858   -c--a-w   c:\program files\directx redist.txt
2004-07-09 12:17   13,265,040   -c--a-w   c:\program files\dxnt.cab
2004-07-09 07:13   703,080   -c--a-w   c:\program files\BDA.cab
2004-07-09 07:13   15,493,481   -c--a-w   c:\program files\DirectX.cab
2004-07-09 02:08   472,576   -c--a-w   c:\program files\dxsetup.exe
2004-07-09 02:08   2,242,560   -c--a-w   c:\program files\dsetup32.dll
2004-07-09 01:03   62,976   -c--a-w   c:\program files\DSETUP.dll
2003-05-30 07:00   892,416   -c--a-w   c:\program files\d3dim700.dll
2003-03-24 07:00   73,728   -c--a-w   c:\program files\dpnhupnp.dll
2003-03-24 07:00   720,896   -c--a-w   c:\program files\dpnet.dll
2003-03-24 07:00   45,056   -c--a-w   c:\program files\dpnhpast.dll
2003-03-24 07:00   28,672   -c--a-w   c:\program files\dpnsvr.exe
2003-03-24 07:00   16,384   -c--a-w   c:\program files\dpnlobby.dll
2001-10-30 06:10   94,208   -c--a-w   c:\program files\dimap.dll
2001-10-30 06:10   936   -c--a-w   c:\program files\diactfrm.inf
2001-10-30 06:10   692,224   -c--a-w   c:\program files\dinput8.dll
2001-10-30 06:10   667,648   -c--a-w   c:\program files\dinput.dll
2001-10-30 06:10   6,656   -c--a-w   c:\program files\gchand.dll
2001-10-30 06:10   491,520   -c--a-w   c:\program files\gcdef.dll
2001-10-30 06:10   466,944   -c--a-w   c:\program files\diactfrm.dll
2001-10-30 06:10   442,368   -c--a-w   c:\program files\joy.cpl
2001-10-30 06:10   40,960   ----a-w   c:\program files\pid.dll
2001-10-30 06:10   33,882   -c--a-w   c:\program files\vjoyd.vxd
2001-10-30 06:10   2,352   -c--a-w   c:\program files\msjstick.drv
2001-10-30 06:10   12,745   -c--a-w   c:\program files\msanalog.vxd
2001-10-30 06:10   10,874   -c--a-w   c:\program files\dinput.vxd
1999-11-27 05:00   8,880   -c--a-w   c:\program files\hidgame.sys
1999-09-09 05:00   625,690   -c--a-w   c:\program files\d3dim.dll
1999-09-09 05:00   589,852   -c--a-w   c:\program files\d3dramp.dll
1999-09-09 05:00   30,469   -c--a-w   c:\program files\ddraw.vxd
1999-09-09 05:00   28,496   -c--a-w   c:\program files\ddraw16.dll
1999-09-09 05:00   24,092   -c--a-w   c:\program files\ddrawex.dll
1999-09-09 05:00   2,170   -c--a-w   c:\program files\dxapi.sys
1999-09-09 05:00   10,512   -c--a-w   c:\program files\gameenum.sys
1999-01-08 16:10   87,069   -c--a-w   c:\program files\d3dpmesh.dll
1999-01-08 16:10   576   -c--a-w   c:\program files\gmreadme.txt
1999-01-08 16:10   436,762   -c--a-w   c:\program files\d3drm.dll
1999-01-08 16:10   3,440,660   -c--a-w   c:\program files\gm16.dls
1999-01-08 16:10   107,547   -c--a-w   c:\program files\d3dxof.dll
1998-07-29 16:00   1,315   -c--a-w   c:\program files\license.txt
2004-08-04 11:00   98,304   --sha-r   c:\windows\system32\mstmdm.dll
.

(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\HOMERunner.exe" [2008-05-06 202088]
"EXPLORER.EXE"="EXPLORER.EXE" [2007-06-13 c:\windows\explorer.exe]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"<NO NAME>"="OSK.exe" [2004-08-03 c:\windows\system32\osk.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 75520]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-04-03 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"nwiz"="nwiz.exe" [2006-10-22 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-03 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"UpdateCheck"= {1228E339-B99A-4878-B064-8799A55A6931} - c:\windows\system32\mstmdm.dll [2004-08-04 98304]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader - Schnellstart.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Synchronizer.lnk]
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^UniSpiker-2.6.lnk]
path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\UniSpiker-2.6.lnk
backup=c:\windows\pss\UniSpiker-2.6.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a--c--- 2005-06-06 22:46 57344 c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
--a------ 2009-01-29 13:05 2356088 c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb]
--a--c--- 2008-01-07 21:02 495616 c:\program files\Winamp Remote\bin\OrbTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a--c--- 2008-01-15 23:54 37376 c:\program files\Winamp\winampa.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\LANczat\\LANczat.exe"=
"c:\\Program Files\\Gadu-Gadu\\gg.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\Gadu-Gadu77\\gg.exe"=
"c:\\Program Files\\PeerCast\\PeerCast.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Blackd Tools\\Blackd Proxy\\BlackdProxy.exe"=
"c:\\Program Files\\Blackd Tools\\Blackd Proxy\\Updater.exe"=
"c:\\Program Files\\HLSW\\hlsw.exe"=
"c:\\Documents and Settings\\Pawel\\Pulpit\\Gadu-Gadu\\gg.exe"=
"d:\\Gadu-Gadu\\gg.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
"d:\\GRy\\TrackMania Nations ESWC\\TmNationsESWC.exe"=
"d:\\Tibia\\Tibia8.11\\TibiCAM\\TibiCAM.exe"=
"d:\\Tibia\\Tibia8.11\\Tibia.exe"=
"c:\\Program Files\\disciples2\\Discipl2.exe"=
"d:\\GRy\\cs\\hl.exe"=
"c:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"=

R1 Klmc;Klmc;c:\windows\system32\drivers\klmc.sys [2006-03-20 10899]
S3 ddsxeiservice;ddsxeiservice2;c:\program files\sXe Injected\ddsxei.sys [2008-09-05 46208]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6422f1d1-7f5e-11dd-8fff-0004754d6c5a}]
\Shell\AutoRun\command - G:\InstallTomTomHOME.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7cdd0d10-64c6-11dd-8fb9-0004754d6c5a}]
\Shell\AutoRun\command - G:\
\Shell\open\Command - rundll32.exe .\desktop.dll,InstallM

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f4f3b240-76b6-11dd-8fdc-0004754d6c5a}]
\Shell\AutoRun\command - G:\
\Shell\open\Command - G:\EXPLORER.EXE
.
Zawartość folderu 'Zaplanowane zadania'

2009-03-15 c:\windows\Tasks\Norton Security Scan for Marta.job
- c:\program files\Norton Security Scan\Nss.exe [2008-09-19 04:18]
.
- - - - USUNIĘTO PUSTE WPISY - - - -

HKCU-Run-wsctf.exe - wsctf.exe
MSConfigStartUp-Steam - c:\program files\steam\steam.exe


.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.google.pl/
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
FF - ProfilePath - c:\documents and settings\Marta\Dane aplikacji\Mozilla\Firefox\Profiles\66e2n28e.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.pl
FF - plugin: c:\program files\Java\jre1.5.0_11\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_11\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_11\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_11\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_11\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_11\bin\NPJPI150_11.dll
FF - plugin: c:\program files\Java\jre1.5.0_11\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPBOARDS.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMAKAOV2.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-15 19:25:17
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

skanowanie ukrytych procesów ... 

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ... 

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
Czas ukończenia: 2009-03-15 19:28:22
ComboFix-quarantined-files.txt  2009-03-15 18:27:42
ComboFix2.txt  2008-10-03 19:05:18

Przed: 4,236,464,128 bajtów wolnych
Po: 4,587,917,312 bajtów wolnych

WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe

231   --- E O F ---   2008-04-03 17:55:57


Hijackthis

Kod: Zaznacz wszystko

Logfile of HijackThis v1.99.1
Scan saved at 19:32:29, on 2009-03-15
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\OSK.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\MSSWCHX.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Marta\Moje dokumenty\anty key\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: MEGAUPLOADTOOLBAR - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Spybot\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: MEGAUPLOADTOOLBAR - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKCU\..\Run: [EXPLORER.EXE] EXPLORER.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: UpdateCheck - {1228E339-B99A-4878-B064-8799A55A6931} - C:\WINDOWS\system32\mstmdm.dll
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe



[wojtas]

Otworz notatnik i wklej w nim to:

File::
c:\windows\system32\TDSSpqxt.dll
c:\windows\system32\TDSSmhct.dll

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f4f3b240-76b6-11dd-8fdc-0004754d6c5a}]

>>Plik>>Zapisz jako... >>> CFScript
Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe
-->
Ma się rozpocząć usuwanie. (i powstanie log).Daj ten log, który powstanie w trakcie usuwania.

[Pawel616]

Kod: Zaznacz wszystko

ComboFix 09-03-15.01 - Marta 2009-03-16  7:16:31.3 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1250.1.1045.18.255.35 [GMT 1:00]
Uruchomiony z: c:\documents and settings\Marta\Moje dokumenty\anty key\ComboFixx.exe
Użyto następujących komend :: c:\documents and settings\Marta\Moje dokumenty\anty key\CFScript.txt
* Utworzono nowy punkt przywracania

FILE ::
c:\windows\system32\TDSSmhct.dll
c:\windows\system32\TDSSpqxt.dll
.

(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\TDSSmhct.dll
c:\windows\system32\TDSSpqxt.dll

.
(((((((((((((((((((((((((   Pliki utworzone od 2009-02-16 do 2009-03-16  )))))))))))))))))))))))))))))))
.

2009-03-08 14:26 . 2009-03-08 14:26   <DIR>   d--------   C:\games

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-15 17:00   ---------   d-----w   c:\program files\Norton Security Scan
2009-03-15 10:19   ---------   d-----w   c:\documents and settings\Marta\Dane aplikacji\MegauploadToolbar
2009-03-11 18:01   ---------   d-----w   c:\documents and settings\All Users\Dane aplikacji\CanonIJPLM
2009-03-06 08:38   ---------   d-----w   c:\documents and settings\Pawel\Dane aplikacji\MEGAUPLOADTOOLBAR
2009-02-22 13:25   ---------   d-----w   c:\documents and settings\Marta\Dane aplikacji\Tibia
2009-01-21 12:15   382,464   ----a-w   C:\KillIt.exe
2008-09-20 05:29   382,352   -c--a-w   c:\program files\jre-6u7-windows-i586-p-iftw.exe
2008-04-29 18:05   4,566,240   ----a-w   c:\program files\TVUPlayer.zip
2007-11-16 15:34   1,336,832   -c--a-w   c:\program files\ventrilo-2.1.4(www.plikmania.pl).exe
2006-08-06 22:53   9,924,115   -c--a-w   c:\documents and settings\Marta\tibia76.exe
2006-07-14 16:46   35,097,792   -c--a-w   c:\program files\directx_9c_redist.exe
2004-07-22 08:51   3,432,656   -c--a-w   c:\program files\ManagedDX.CAB
2004-07-19 20:58   1,156,363   -c--a-w   c:\program files\BDANT.cab
2004-07-19 20:53   976,020   -c--a-w   c:\program files\BDAXP.cab
2004-07-16 12:30   3,858   -c--a-w   c:\program files\directx redist.txt
2004-07-09 12:17   13,265,040   -c--a-w   c:\program files\dxnt.cab
2004-07-09 07:13   703,080   -c--a-w   c:\program files\BDA.cab
2004-07-09 07:13   15,493,481   -c--a-w   c:\program files\DirectX.cab
2004-07-09 02:08   472,576   -c--a-w   c:\program files\dxsetup.exe
2004-07-09 02:08   2,242,560   -c--a-w   c:\program files\dsetup32.dll
2004-07-09 01:03   62,976   -c--a-w   c:\program files\DSETUP.dll
2003-05-30 07:00   892,416   -c--a-w   c:\program files\d3dim700.dll
2003-03-24 07:00   73,728   -c--a-w   c:\program files\dpnhupnp.dll
2003-03-24 07:00   720,896   -c--a-w   c:\program files\dpnet.dll
2003-03-24 07:00   45,056   -c--a-w   c:\program files\dpnhpast.dll
2003-03-24 07:00   28,672   -c--a-w   c:\program files\dpnsvr.exe
2003-03-24 07:00   16,384   -c--a-w   c:\program files\dpnlobby.dll
2001-10-30 06:10   94,208   -c--a-w   c:\program files\dimap.dll
2001-10-30 06:10   936   -c--a-w   c:\program files\diactfrm.inf
2001-10-30 06:10   692,224   -c--a-w   c:\program files\dinput8.dll
2001-10-30 06:10   667,648   -c--a-w   c:\program files\dinput.dll
2001-10-30 06:10   6,656   -c--a-w   c:\program files\gchand.dll
2001-10-30 06:10   491,520   -c--a-w   c:\program files\gcdef.dll
2001-10-30 06:10   466,944   -c--a-w   c:\program files\diactfrm.dll
2001-10-30 06:10   442,368   -c--a-w   c:\program files\joy.cpl
2001-10-30 06:10   40,960   ----a-w   c:\program files\pid.dll
2001-10-30 06:10   33,882   -c--a-w   c:\program files\vjoyd.vxd
2001-10-30 06:10   2,352   -c--a-w   c:\program files\msjstick.drv
2001-10-30 06:10   12,745   -c--a-w   c:\program files\msanalog.vxd
2001-10-30 06:10   10,874   -c--a-w   c:\program files\dinput.vxd
1999-11-27 05:00   8,880   -c--a-w   c:\program files\hidgame.sys
1999-09-09 05:00   625,690   -c--a-w   c:\program files\d3dim.dll
1999-09-09 05:00   589,852   -c--a-w   c:\program files\d3dramp.dll
1999-09-09 05:00   30,469   -c--a-w   c:\program files\ddraw.vxd
1999-09-09 05:00   28,496   -c--a-w   c:\program files\ddraw16.dll
1999-09-09 05:00   24,092   -c--a-w   c:\program files\ddrawex.dll
1999-09-09 05:00   2,170   -c--a-w   c:\program files\dxapi.sys
1999-09-09 05:00   10,512   -c--a-w   c:\program files\gameenum.sys
1999-01-08 16:10   87,069   -c--a-w   c:\program files\d3dpmesh.dll
1999-01-08 16:10   576   -c--a-w   c:\program files\gmreadme.txt
1999-01-08 16:10   436,762   -c--a-w   c:\program files\d3drm.dll
1999-01-08 16:10   3,440,660   -c--a-w   c:\program files\gm16.dls
1999-01-08 16:10   107,547   -c--a-w   c:\program files\d3dxof.dll
1998-07-29 16:00   1,315   -c--a-w   c:\program files\license.txt
2004-08-04 11:00   98,304   --sha-r   c:\windows\system32\mstmdm.dll
.

(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\HOMERunner.exe" [2008-05-06 202088]
"EXPLORER.EXE"="EXPLORER.EXE" [2007-06-13 c:\windows\explorer.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 75520]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-04-03 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"nwiz"="nwiz.exe" [2006-10-22 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-03 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"UpdateCheck"= {1228E339-B99A-4878-B064-8799A55A6931} - c:\windows\system32\mstmdm.dll [2004-08-04 98304]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader - Schnellstart.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Synchronizer.lnk]
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^UniSpiker-2.6.lnk]
path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\UniSpiker-2.6.lnk
backup=c:\windows\pss\UniSpiker-2.6.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a--c--- 2005-06-06 22:46 57344 c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
--a------ 2009-01-29 13:05 2356088 c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb]
--a--c--- 2008-01-07 21:02 495616 c:\program files\Winamp Remote\bin\OrbTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a--c--- 2008-01-15 23:54 37376 c:\program files\Winamp\winampa.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\LANczat\\LANczat.exe"=
"c:\\Program Files\\Gadu-Gadu\\gg.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\Gadu-Gadu77\\gg.exe"=
"c:\\Program Files\\PeerCast\\PeerCast.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Blackd Tools\\Blackd Proxy\\BlackdProxy.exe"=
"c:\\Program Files\\Blackd Tools\\Blackd Proxy\\Updater.exe"=
"c:\\Program Files\\HLSW\\hlsw.exe"=
"c:\\Documents and Settings\\Pawel\\Pulpit\\Gadu-Gadu\\gg.exe"=
"d:\\Gadu-Gadu\\gg.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
"d:\\GRy\\TrackMania Nations ESWC\\TmNationsESWC.exe"=
"d:\\Tibia\\Tibia8.11\\TibiCAM\\TibiCAM.exe"=
"d:\\Tibia\\Tibia8.11\\Tibia.exe"=
"c:\\Program Files\\disciples2\\Discipl2.exe"=
"d:\\GRy\\cs\\hl.exe"=
"c:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"=

R1 Klmc;Klmc;c:\windows\system32\drivers\klmc.sys [2006-03-20 10899]
S3 ddsxeiservice;ddsxeiservice2;c:\program files\sXe Injected\ddsxei.sys [2008-09-05 46208]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6422f1d1-7f5e-11dd-8fff-0004754d6c5a}]
\Shell\AutoRun\command - G:\InstallTomTomHOME.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7cdd0d10-64c6-11dd-8fb9-0004754d6c5a}]
\Shell\AutoRun\command - G:\
\Shell\open\Command - rundll32.exe .\desktop.dll,InstallM
.
Zawartość folderu 'Zaplanowane zadania'

2009-03-15 c:\windows\Tasks\Norton Security Scan for Marta.job
- c:\program files\Norton Security Scan\Nss.exe [2008-09-19 04:18]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.google.pl/
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
FF - ProfilePath - c:\documents and settings\Marta\Dane aplikacji\Mozilla\Firefox\Profiles\66e2n28e.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.pl
FF - plugin: c:\program files\Java\jre1.5.0_11\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_11\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_11\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_11\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_11\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_11\bin\NPJPI150_11.dll
FF - plugin: c:\program files\Java\jre1.5.0_11\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPBOARDS.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMAKAOV2.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-16 07:18:02
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

skanowanie ukrytych procesów ... 

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ... 

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
Czas ukończenia: 2009-03-16  7:20:55
ComboFix-quarantined-files.txt  2009-03-16 06:20:17
ComboFix2.txt  2009-03-15 18:28:24
ComboFix3.txt  2008-10-03 19:05:18

Przed: 4 476 440 576 bajtów wolnych
Po: 4,467,335,168 bajtów wolnych

WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

196   --- E O F ---   2008-04-03 17:55:57


[Okocza]

Wykonaj to co jest podane w tym temacie

1. tym programem przejdź komputer)
2. wykonaj optymalizację windowsa
3.sciagnij ATF_Cleaner
zaznacz
Windows Temp
All users Temp
Temporary internet files
Recycle Bin
i wcisnij EMPTY SELECTED
4.Wyłącz przywracanie systemu ( właściwości mój komputer-zakładka przywracanie - wyłącz przywracanie na wszystkich dyskach). Po chwili włącz je powrotem
5. Przeskanuj komputer pod względem Trojanów tym programem
6. Wstaw na forum screen z zakładki uruchamianie (start – uruchom – msconfig – uruchamianie) może uda się cos wyrzucic stamtąd.

[Kitson]

Witam,

podłączę się pod istniejący temat. Mam te same problemy, dodatkowo kilka dni temu spotkał mnie blue screen. System nie chciał wstawać, stworzyłem nową instalację (nie do końca wiem, co zrobiłem i jak to opisać... ) teraz wstaje i działa, jednak muli przeraźliwie. Przeszukałem system Spyware Doctorem, avastem i combofixem. Doctor znalazł 86 elementów o niskiej szkodliwości, wywaliłem, nic się nie zmieniło.

Wklejam loga z combofixa, proszę o pomoc.

Kod: Zaznacz wszystko

ComboFix 09-04-04.01 - Kamil Skowroński 2009-04-05 14:49:47.1 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1250.48.1045.18.1534.922 [GMT 2:00]
Uruchomiony z: c:\documents and settings\Kamil Skowroński\Pulpit\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090405-0] *On-access scanning disabled* (Updated)
FW: PC Tools Firewall Plus *enabled*
.
[color=purple]Następujące pliki zostały wyłączone z działania w czasie skanowania:[/color]
c:\program files\Common Files\Logitech\LVMVFM\LVPrcInj.dll


(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Kamil Skowroński\Dane aplikacji\wiaserva.log
c:\windows\system32\BDGuardS.DAT
c:\windows\system32\drivers\npf.sys
c:\windows\system32\packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll

.
(((((((((((((((((((((((((((((((((((((((   Sterowniki/Usługi   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Service_NPF


(((((((((((((((((((((((((   Pliki utworzone od 2009-03-05 do 2009-04-05  )))))))))))))))))))))))))))))))
.

2009-04-05 14:43 . 2006-03-03 00:42   73,728   --a------   C:\pv.exe
2009-04-05 13:29 . 2009-04-05 14:33   <DIR>   d--------   c:\windows\system32\CatRoot_bak
2009-04-02 01:14 . 2009-04-02 01:25   98,304   --a------   c:\windows\DUMP4dc2.tmp
2009-04-02 00:28 . 2009-04-02 00:51   98,304   --a------   c:\windows\DUMP4ab5.tmp
2009-04-01 23:55 . 2009-04-01 23:55   <DIR>   d--------   c:\program files\MSSOAP
2009-04-01 23:32 . 2009-04-01 23:32   164   --a------   c:\windows\install.dat
2009-04-01 23:20 . 2008-12-10 12:36   64,392   --a------   c:\windows\system32\drivers\pctplsg.sys
2009-04-01 23:19 . 2009-04-03 02:22   <DIR>   d--------   c:\program files\Spyware Doctor
2009-04-01 23:19 . 2009-04-01 23:19   <DIR>   d--------   c:\documents and settings\Kamil Skowroński\Dane aplikacji\PC Tools
2009-04-01 23:19 . 2009-04-01 23:19   <DIR>   d--------   c:\documents and settings\Kamil Skowroński\Dane aplikacji\PC Tools
2009-04-01 23:19 . 2009-04-01 23:19   <DIR>   d--------   c:\documents and settings\Kamil Skowroński\Dane aplikacji\PC Tools
2009-04-01 23:19 . 2009-04-01 23:19   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\PC Tools
2009-03-22 22:51 . 2009-03-23 01:49   <DIR>   d--------   c:\documents and settings\Kamil Skowroński\Dane aplikacji\Mount&Blade
2009-03-22 22:51 . 2009-03-23 01:49   <DIR>   d--------   c:\documents and settings\Kamil Skowroński\Dane aplikacji\Mount&Blade
2009-03-22 22:51 . 2009-03-23 01:49   <DIR>   d--------   c:\documents and settings\Kamil Skowroński\Dane aplikacji\Mount&Blade

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-05 13:05   22,528   ----a-w   c:\windows\system32\drivers\nhcDriver.sys
2009-04-05 13:03   ---------   d---a-w   c:\documents and settings\All Users\Dane aplikacji\TEMP
2009-04-05 12:32   ---------   d-----w   c:\program files\Java
2009-04-02 16:06   ---------   d-----w   c:\program files\GDS Byte Counter
2009-04-01 22:24   98,304   ----a-w   c:\windows\DUMP5832.tmp
2009-04-01 21:20   ---------   d-----w   c:\program files\Common Files\PC Tools
2009-04-01 21:02   ---------   d-----w   c:\program files\PC Tools Firewall Plus
2009-03-30 21:52   95,640   ----a-w   c:\windows\system32\drivers\pctplfw.sys
2009-03-30 21:52   73,840   ----a-w   c:\windows\system32\drivers\PCTAppEvent.sys
2009-03-30 21:52   130,424   ----a-w   c:\windows\system32\drivers\PCTCore.sys
2009-03-10 09:23   ---------   d-----w   c:\documents and settings\Kamil Skowroński\Dane aplikacji\BearShare
2009-03-10 09:23   ---------   d-----w   c:\documents and settings\Kamil Skowroński\Dane aplikacji\BearShare
2009-03-10 09:23   ---------   d-----w   c:\documents and settings\Kamil Skowroński\Dane aplikacji\BearShare
2009-02-06 22:41   ---------   d-----w   c:\program files\SecureW2
2009-02-06 22:25   ---------   d-----w   c:\documents and settings\Kamil Skowroński\Dane aplikacji\uTorrent
2009-02-06 22:25   ---------   d-----w   c:\documents and settings\Kamil Skowroński\Dane aplikacji\uTorrent
2009-02-06 22:25   ---------   d-----w   c:\documents and settings\Kamil Skowroński\Dane aplikacji\uTorrent
2008-06-07 14:16   22,328   -c--a-w   c:\documents and settings\Kamil Skowroński\Dane aplikacji\PnkBstrK.sys
2008-06-07 14:16   22,328   -c--a-w   c:\documents and settings\Kamil Skowroński\Dane aplikacji\PnkBstrK.sys
2008-06-07 14:16   22,328   -c--a-w   c:\documents and settings\Kamil Skowroński\Dane aplikacji\PnkBstrK.sys
2007-05-17 10:01   35,008   ----a-w   c:\program files\mozilla firefox\plugins\NanoInst.dll
2007-05-03 10:33   53,248   ----a-w   c:\program files\mozilla firefox\plugins\PSComm.dll
2007-05-17 10:01   130,152   ----a-w   c:\program files\mozilla firefox\plugins\PSNAdBrk.dll
2008-02-21 18:44   88   --sha-r   c:\windows\system32\4656CD1AF0.sys
2008-02-21 18:45   3,766   -csha-w   c:\windows\system32\KGyGaAvL.sys
.

(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane 
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2008-03-20 1267040]

[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"Konnekt"="c:\program files\Konnekt\konnekt.exe" [2005-05-24 503808]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-08-29 171464]
"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 136136]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-12-21 53248]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-07-20 729177]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PCMService"="c:\program files\Acer\Acer Arcade\PCMService.exe" [2005-12-13 151552]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-28 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-28 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-28 118784]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2005-12-27 69632]
"ADMTray.exe"="c:\acer\Empowering Technology\admtray.exe" [2005-10-24 2462208]
"ntiMUI"="c:\program files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-11 45056]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-12 7577600]
"ePower_DMC"="c:\acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-01-17 344064]
"Acer ePower Management"="c:\acer\Empowering Technology\ePower\Acer ePower Management.exe" [2006-01-16 3080192]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2006-03-28 593920]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\Monitor.exe" [2006-01-24 397312]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2006-04-06 225280]
"LogitechCameraAssistant"="c:\program files\Acer\OrbiCam\CameraAssistant.exe" [2006-04-06 331776]
"LogitechVideo[inspector]"="c:\program files\Acer\OrbiCam\InstallHelper.exe" [2006-04-06 19:06 73728]
"LogitechCameraService(E)"="c:\windows\system32\ElkCtrl.exe" [2004-11-01 262144]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-04-01 36352]
"00PCTFW"="c:\program files\PC Tools Firewall Plus\FirewallGUI.exe" [2009-03-30 2652056]
"NotebookHardwareControl"="c:\program files\Notebook Hardware Control\nhc.exe" [2007-05-04 2629632]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"nwiz"="nwiz.exe" [2006-06-12 c:\windows\system32\nwiz.exe]
"NvMediaCenter"="NvMCTray.dll" [2006-06-12 c:\windows\system32\nvmctray.dll]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 c:\windows\system32\bthprops.cpl]
"RTHDCPL"="RTHDCPL.EXE" [2007-08-20 c:\windows\RTHDCPL.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\Kamil Skowroäski\Menu Start\Programy\Autostart\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-09-12 384000]

c:\documents and settings\All Users\Menu Start\Programy\Autostart\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-01-17 618557]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.FFDS"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
"vidc.wmv3"= c:\progra~1\COMBIN~1\Filters\wmv9vcm.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"navapsvc"=2 (0x2)
"mnmsrvc"=3 (0x3)
"ccSetMgr"=2 (0x2)
"ccEvtMgr"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Acer\\Acer Arcade\\PCMService.exe"=
"c:\\Documents and Settings\\Kamil Skowroński\\Pulpit\\utorrent.exe"=
"c:\\Program Files\\Konnekt\\konnekt.exe"=
"c:\\Program Files\\Soulseek\\slsk.exe"=
"c:\\Program Files\\Spik\\Spik.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Documents and Settings\\Kamil Skowroński\\Dane aplikacji\\SopCast\\adv\\SopAdver.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Documents and Settings\\Kamil Skowroński\\Moje dokumenty\\utorrent.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-01-24 130424]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-04-03 114768]
R1 OsaFsLoc;OsaFsLoc;c:\windows\system32\drivers\OsaFsLoc.sys [2005-10-15 12106]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2009-01-24 159600]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-04-03 20560]
R2 EpmPsd;Acer EPM Power Scheme Driver;c:\windows\system32\drivers\epm-psd.sys [2006-12-10 4096]
R2 EpmShd;Acer EPM System Hardware Driver;c:\windows\system32\drivers\epm-shd.sys [2006-12-10 78208]
R2 osaio;osaio;c:\windows\system32\drivers\osaio.sys [2005-06-30 7296]
R2 osanbm;osanbm;c:\windows\system32\drivers\osanbm.sys [2005-01-14 4010]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [2009-01-24 73840]
R3 lv321av;Logitech USB PC Camera (VC0321);c:\windows\system32\drivers\lv321av.sys [2006-12-10 1097472]
R3 NdisFilt;OSA NdisFilter Protocol;c:\windows\system32\drivers\NdisFilt.sys [2005-09-13 4392]
R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [2009-01-24 95640]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-04-01 348752]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12   REG_MULTI_SZ      Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt   REG_MULTI_SZ      hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4ccd5322-4a98-11dc-9a9f-0013026efea8}]
\Shell\AutoRun\command - K:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6ed81470-892d-11db-9a0e-0016d41a545e}]
\Shell\AutoRun\command - L:\uxdeiect.com
\Shell\explore\Command - L:\uxdeiect.com
\Shell\open\Command - L:\uxdeiect.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6fc106cc-e511-11db-9a6a-0013026efea8}]
\Shell\AutoRun\command - 6l6w8.com
\Shell\explore\Command - 6l6w8.com
\Shell\open\Command - 6l6w8.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{71358ea6-d8a4-11dc-9ab8-0013026efea8}]
\Shell\Auto\command - L:\svrhost.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL svrhost.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a1b01240-8963-11db-9a10-0013026efea8}]
\Shell\AutoRun\command - 6l6w8.com
\Shell\explore\Command - 6l6w8.com
\Shell\open\Command - 6l6w8.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ac8c2a24-e786-11db-9a6e-ae7c0d792640}]
\Shell\AutoRun\command - 6l6w8.com
\Shell\explore\Command - 6l6w8.com
\Shell\open\Command - 6l6w8.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ac8c2a25-e786-11db-9a6e-0013026efea8}]
\Shell\Auto\command - Cn911.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Cn911.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d3dc90f8-f7dc-11db-9a73-0013026efea8}]
\Shell\Auto\command - K:\Cn911.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Cn911.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{df981c8c-dc45-11dd-9ae3-0016d41a545e}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
\Shell\Open(&0)\command - Recycled\ctfmon.exe
.
- - - - USUNIĘTO PUSTE WPISY - - - -

HKCU-Run-Uniblue RegistryBooster 2009 - c:\program files\Uniblue\RegistryBooster\RegistryBooster.exe


.
------- Skan uzupełniający -------
.
uStart Page = hxxp://google.daemonsearch.com/intl/
uInternet Connection Wizard,ShellNext = iexplore
IE: &Winamp Search - c:\documents and settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&ksport do programu Microsoft Excel
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Wyślij do urządzenia &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
Handler: wpmsg - {2E0AC5A0-3597-11D6-B3ED-0001021DC1C3} - c:\program files\Spik\url_wpmsg.dll
FF - ProfilePath - c:\documents and settings\Kamil Skowroński\Dane aplikacji\Mozilla\Firefox\Profiles\gyg7fvfc.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=megaup&p=
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwpk.dll
FF - plugin: c:\program files\Spik\mozilla\npwpk.dll
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-05 15:07:38
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

skanowanie ukrytych procesów ... 

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ... 

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------

[HKEY_USERS\S-1-5-21-2885720229-2622823769-1416443707-1006\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{7D4A75CB-ED5B-AE59-AE15-6C432159976B}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"abghdlaclodeoafkokohhcnhjglbidjomn"=hex:61,61,00,00
"bbghdlaclodeoafkokjggcbdjlfidhefnekb"=hex:61,61,00,00
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\program files\PC Tools Firewall Plus\FWService.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\acer\Empowering Technology\admServ.exe
c:\windows\system32\rundll32.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
c:\program files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
c:\program files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\progra~1\MICROS~3\rapimgr.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
c:\docume~1\KAMILS~1\USTAWI~1\Temp\RtkBtMnt.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Czas ukończenia: 2009-04-05 15:13:29 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt  2009-04-05 13:13:25
ComboFix2.txt  2009-02-06 22:35:12

Przed: 1 431 339 520 bajtów wolnych
Po: 1,558,584,832 bajtów wolnych

Current=3 Default=3 Failed=2 LastKnownGood=4 Sets=1,2,3,4
291   --- E O F ---   2008-07-10 19:19:25


oraz z hijacka

Kod: Zaznacz wszystko

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:28:25, on 2009-04-05
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Acer\Empowering Technology\admtray.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Acer\Empowering Technology\admServ.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Winamp\winampa.exe
c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Notebook Hardware Control\nhc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Konnekt\konnekt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\DAEMON Tools Pro\DTProAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\DOCUME~1\KAMILS~1\USTAWI~1\Temp\RtkBtMnt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.daemonsearch.com/intl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Acer\OrbiCam\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKLM\..\Run: [NotebookHardwareControl] "C:\Program Files\Notebook Hardware Control\nhc.exe" -quiet
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Konnekt] "C:\Program Files\Konnekt\konnekt.exe" /autostart
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Wyślij do urządzenia &Bluetooth... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Utwórz Ulubione dla urządzenia przenośnego... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Zaznaczanie HP Smart - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wpmsg - {2E0AC5A0-3597-11D6-B3ED-0001021DC1C3} - C:\Program Files\Spik\url_wpmsg.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Program Files\PC Tools Firewall Plus\FWService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 13336 bytes


[Okocza]

Kitson, załóż swój temat.