Log z hjt = komputer wyraznie zwolnil

[robradew]

laptop mojej siostry ostatnio dosc wyraznie zwolnil, prosze o sprawdzenie loga

Kod: Zaznacz wszystko

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:08:33, on 2009-10-25
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
D:\Program Files\ipla\ipla.exe
D:\Program Files\Nowe Gadu-Gadu\gg.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
D:\Program Files\Nowe Gadu-Gadu\spellchecker_gg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\a-squared Free\a2free.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: IEPluginBHO - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\Ewelina\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [OutpostMonitor] C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe /tray /noservice
O4 - HKLM\..\Run: [OutpostFeedBack] "C:\Program Files\Agnitum\Outpost Firewall Pro\feedback.exe" /dump:os_startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [IPLA!] d:\Program Files\ipla\ipla.exe /autorun
O4 - HKCU\..\Run: [Nowe Gadu-Gadu] "d:\Program Files\Nowe Gadu-Gadu\gg.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Ustawienia Outpost Firewall Pro - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\Program Files\Agnitum\Outpost Firewall Pro\ie_bar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1222126456234
O20 - AppInit_DLLs: c:\progra~1\agnitum\outpos~1\wl_hook.dll
O23 - Service: Eset Trial Reset (.EsetTrialReset) - Unknown owner - C:\WINDOWS\reset.exe
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

--
End of file - 7307 bytes


[Okocza]

robradew, daj log z combofixa

[Kris14]

Mam również problem. Komputer zwolnił pracę, ale też wykazuje oznaki wirusa. Zniknęła defragmentacja dysku, gry, przywracanie systemu itd... otworzyłem przywracanie systemu z wierszu polecenia, jednak jest tam moment obecny. (2 listopada) i nic więcej. Oto log z Combofixa. Pomóżcie proszę!

Kod: Zaznacz wszystko

ComboFix 09-10-30.01 - Właściciel 2009-11-02  8:50.1.4 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1250.48.1045.18.2046.1501 [GMT 1:00]
Uruchomiony z: d:\documents and settings\Właściciel\Pulpit\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.

(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.

d:\$recycle.bin\S-1-5-21-3528825361-439397398-3577288498-1000
d:\program files\Mozilla Firefox\plugins\NPMyGlSh.dll
d:\program files\myglobalsearch
d:\program files\myglobalsearch\bar\1.bin\M9FFXTBR.JAR
d:\program files\myglobalsearch\bar\1.bin\M9FFXTBR.MANIFEST
d:\program files\myglobalsearch\bar\1.bin\M9NTSTBR.JAR
d:\program files\myglobalsearch\bar\1.bin\M9NTSTBR.MANIFEST
d:\program files\myglobalsearch\bar\1.bin\M9PLUGIN.DLL
d:\program files\myglobalsearch\bar\1.bin\MGSBAR.DLL
d:\program files\myglobalsearch\bar\1.bin\NPMYGLSH.DLL
d:\program files\myglobalsearch\bar\Cache\001240DA
d:\program files\myglobalsearch\bar\Cache\0045E57E
d:\program files\myglobalsearch\bar\Cache\0068F7E3
d:\program files\myglobalsearch\bar\Cache\0068FCA5.bin
d:\program files\myglobalsearch\bar\Cache\00690187.bin
d:\program files\myglobalsearch\bar\Cache\006903E9.bin
d:\program files\myglobalsearch\bar\Cache\files.ini
d:\program files\myglobalsearch\bar\History\search
d:\program files\myglobalsearch\bar\Settings\prevcfg.htm
d:\windows\OPTIONS\CABS\_desktop.ini
d:\windows\system32\d3d10core.dll
d:\windows\system32\kernel32new.dll
d:\windows\system32\msvcrtnew.dll

.
(((((((((((((((((((((((((   Pliki utworzone od 2009-10-02 do 2009-11-02  )))))))))))))))))))))))))))))))
.

2009-11-01 18:32 . 2009-11-01 18:32   --------   d-----w-   d:\documents and settings\All Users\Dane aplikacji\Yahoo! Companion
2009-10-31 21:17 . 2009-10-31 21:42   2516   --sha-w-   d:\windows\system32\KGyGaAvL.sys
2009-10-31 21:17 . 2009-10-31 21:17   88   --sh--r-   d:\windows\system32\A4B3E7CF90.sys
2009-10-31 21:17 . 2009-10-31 21:17   --------   d-----w-   d:\documents and settings\All Users\Dane aplikacji\Corel
2009-10-31 21:16 . 2009-10-31 21:16   --------   d-----w-   d:\program files\Common Files\Corel
2009-10-31 21:16 . 2009-10-31 21:16   --------   d-----w-   d:\program files\Corel
2009-10-31 21:10 . 2009-10-31 21:10   --------   d-----w-   d:\program files\Yahoo!
2009-10-24 21:49 . 2009-10-24 21:49   --------   d-----w-   D:\found.000
2009-10-24 18:38 . 2009-10-24 18:54   --------   d-----w-   d:\windows\system32\CatRoot_bak
2009-10-24 18:33 . 2009-10-24 18:33   --------   d-----w-   d:\program files\MSXML 6.0
2009-10-24 18:03 . 2009-10-24 18:23   --------   d-----w-   d:\program files\ErrorKiller
2009-10-24 18:03 . 1999-03-25 22:00   101888   ----a-w-   d:\windows\system32\vb6stkit.dll
2009-10-21 15:00 . 2009-10-21 15:00   --------   d-----w-   d:\program files\Microsoft CAPICOM 2.1.0.2
2009-10-21 14:52 . 2009-06-21 22:07   153088   -c--a-w-   d:\windows\system32\dllcache\triedit.dll
2009-10-21 14:47 . 2008-10-16 12:06   268648   ----a-w-   d:\windows\system32\mucltui.dll
2009-10-21 14:47 . 2008-10-16 12:06   208744   ----a-w-   d:\windows\system32\muweb.dll
2009-10-18 21:35 . 2009-10-18 21:35   --------   d-----w-   d:\documents and settings\All Users\Dane aplikacji\TVU Networks
2009-10-18 21:22 . 2009-10-18 21:22   --------   d-----w-   d:\program files\Common Files\NSV
2009-10-18 21:16 . 2009-10-18 21:36   --------   d-----w-   d:\program files\TVUPlayer
2009-10-18 21:03 . 2009-10-18 21:03   --------   d-----w-   d:\program files\JLC's Software
2009-10-15 14:59 . 2009-09-09 05:50   545   ----a-w-   d:\windows\UC.PIF
2009-10-15 14:59 . 2009-09-09 05:50   545   ----a-w-   d:\windows\RAR.PIF
2009-10-15 14:59 . 2009-09-09 05:50   545   ----a-w-   d:\windows\PKZIP.PIF
2009-10-15 14:59 . 2009-09-09 05:50   545   ----a-w-   d:\windows\PKUNZIP.PIF
2009-10-15 14:59 . 2009-09-09 05:50   545   ----a-w-   d:\windows\NOCLOSE.PIF
2009-10-15 14:59 . 2009-09-09 05:50   545   ----a-w-   d:\windows\LHA.PIF
2009-10-15 14:59 . 2009-09-09 05:50   545   ----a-w-   d:\windows\ARJ.PIF
2009-10-07 17:54 . 2009-10-07 20:43   --------   d-----w-   d:\program files\Need for Speed - Shift
2009-10-07 00:46 . 2009-10-07 00:46   25752   ----a-w-   d:\windows\system32\drivers\LVPr2Mon.sys
2009-10-07 00:23 . 2009-10-07 00:23   13584   ----a-w-   d:\windows\system32\drivers\iKeyLFT2.dll

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-02 10:31 . 2009-06-04 18:26   89192   --sha-w-   d:\windows\system32\drivers\fidbox.idx
2009-11-02 10:31 . 2009-06-04 18:26   6356   --sha-w-   d:\windows\system32\drivers\fidbox2.idx
2009-11-02 10:31 . 2009-06-04 18:26   1237024   --sha-w-   d:\windows\system32\drivers\fidbox2.dat
2009-11-02 10:31 . 2009-06-04 18:26   11010080   --sha-w-   d:\windows\system32\drivers\fidbox.dat
2009-11-02 07:56 . 2009-06-04 18:26   --------   d-----w-   d:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab
2009-11-01 22:50 . 2004-08-04 12:00   724642   ----a-w-   d:\windows\system32\perfh015.dat
2009-11-01 22:50 . 2004-08-04 12:00   145092   ----a-w-   d:\windows\system32\perfc015.dat
2009-11-01 22:39 . 2009-06-07 13:09   --------   d-----w-   d:\program files\Mozilla Thunderbird
2009-10-31 22:48 . 2009-06-07 13:22   --------   d-----w-   d:\program files\Common Files\LogiShrd
2009-10-24 22:23 . 2009-06-04 13:29   --------   d-----w-   d:\program files\Usługi online
2009-10-24 12:45 . 2009-06-17 12:36   --------   d-----w-   d:\documents and settings\All Users\Dane aplikacji\ipla
2009-10-23 21:03 . 2009-08-23 14:09   664   ----a-w-   d:\windows\system32\d3d9caps.dat
2009-10-21 15:00 . 2009-08-31 17:04   --------   d-----w-   d:\documents and settings\All Users\Dane aplikacji\Microsoft Help
2009-10-20 15:56 . 2009-06-07 13:08   --------   d-----w-   d:\program files\Steam
2009-10-14 18:40 . 2009-06-04 18:27   95259   ----a-w-   d:\windows\system32\drivers\klick.dat
2009-10-14 18:40 . 2009-06-04 18:27   108059   ----a-w-   d:\windows\system32\drivers\klin.dat
2009-10-07 18:15 . 2009-06-07 12:06   --------   d-----w-   d:\program files\Common Files\Wise Installation Wizard
2009-10-07 18:14 . 2009-06-07 12:06   --------   d-----w-   d:\program files\AGEIA Technologies
2009-10-07 08:48 . 2009-06-07 13:24   539160   ----a-w-   d:\windows\system32\LVUI2RC.dll
2009-10-07 08:48 . 2009-06-07 13:24   539160   ----a-w-   d:\windows\system32\LVUI2.dll
2009-10-07 08:43 . 2009-06-07 13:24   416280   ----a-w-   d:\windows\system32\LVCodec2.dll
2009-10-07 00:25 . 2009-10-07 00:25   85302   ----a-w-   d:\windows\system32\drivers\LVFeL102.cfg
2009-10-07 00:25 . 2009-10-07 00:25   69592   ----a-w-   d:\windows\system32\drivers\LVFaL100.cfg
2009-10-07 00:25 . 2009-10-07 00:25   227172   ----a-w-   d:\windows\system32\drivers\LVFeL100.cfg
2009-10-07 00:25 . 2009-10-07 00:25   146680   ----a-w-   d:\windows\system32\drivers\LVFeL101.cfg
2009-10-06 21:13 . 2009-06-17 21:18   --------   d-----w-   d:\program files\BearShare
2009-09-21 12:33 . 2009-09-21 12:33   --------   d-----w-   d:\program files\kRk Software
2009-09-19 12:32 . 2009-09-19 12:32   --------   d-----w-   d:\program files\MyCo
2009-09-18 19:38 . 2009-08-24 12:20   --------   d-----w-   d:\program files\KONAMI
2009-09-15 15:54 . 2009-09-15 15:54   --------   d-----w-   d:\program files\Pamela
2009-09-13 21:38 . 2009-09-13 21:38   56   ---ha-w-   d:\windows\system32\ezsidmv.dat
2009-09-13 21:37 . 2009-09-13 21:37   --------   d-----r-   d:\program files\Skype
2009-09-13 21:37 . 2009-09-13 21:37   --------   d-----w-   d:\program files\Common Files\Skype
2009-09-13 21:37 . 2009-09-13 21:37   --------   d-----w-   d:\documents and settings\All Users\Dane aplikacji\Skype
2009-09-12 18:29 . 2009-09-12 18:29   --------   d-----w-   d:\program files\Microsoft Silverlight
2009-09-11 14:36 . 2009-06-11 22:24   133632   ----a-w-   d:\windows\system32\msv1_0.dll
2009-09-09 16:57 . 2009-09-09 16:57   --------   d-----w-   d:\documents and settings\All Users\Dane aplikacji\OpenFM
2009-09-06 10:49 . 2009-06-07 12:59   --------   d-----w-   d:\program files\Common Files\Adobe AIR
2009-09-04 20:47 . 2004-08-04 12:00   58880   ----a-w-   d:\windows\system32\msasn1.dll
2009-09-03 19:48 . 2009-06-04 18:39   --------   d-----w-   d:\program files\Nowe Gadu-Gadu
2009-08-30 11:14 . 2009-08-26 15:57   223373   ----a-w-   D:\crlog_.tot.tmp
2009-08-30 10:15 . 2008-01-29 16:29   33808   ----a-w-   d:\windows\system32\drivers\klbg.sys
2009-08-29 12:19 . 2009-08-29 12:19   2927   ----a-w-   d:\windows\system32\unins000.dat
2009-08-29 12:19 . 2009-08-29 12:19   716153   ----a-w-   d:\windows\system32\unins000.exe
2009-08-29 07:58 . 2004-08-04 12:00   916480   ----a-w-   d:\windows\system32\wininet.dll
2009-08-26 08:16 . 2004-08-04 12:00   247326   ----a-w-   d:\windows\system32\strmdll.dll
2009-08-25 15:03 . 2009-08-25 15:03   36868   ----a-w-   d:\program files\uninst-Lux.exe
2009-08-25 15:03 . 2009-08-25 15:03   36868   ----a-w-   d:\program files\uninst-Echospace.exe
2009-08-25 14:59 . 2009-08-25 14:59   6832   ----a-w-   d:\program files\KLF2.5GPU.log
2009-08-25 14:20 . 2009-08-25 14:20   107888   ----a-w-   d:\windows\system32\CmdLineExt.dll
2009-08-24 12:40 . 2009-08-24 12:40   36868   ----a-w-   d:\program files\uninst-Particular.exe
2009-08-24 12:37 . 2009-08-24 12:37   3920   ----a-w-   d:\program files\mbsuite21.log
2009-08-24 12:35 . 2009-08-24 12:35   6844   ----a-w-   d:\program files\mbsuite20.log
2009-08-21 13:39 . 2009-08-21 13:39   721904   ----a-w-   d:\windows\system32\drivers\sptd.sys
2009-08-14 11:36 . 2009-08-14 11:36   70936   ----a-w-   d:\windows\system32\PhysXLoader.dll
2009-08-06 19:16 . 2009-08-06 19:17   505128   ----a-w-   d:\windows\system32\msvcp71.dll
2009-08-06 19:16 . 2009-08-06 19:17   29480   ----a-w-   d:\windows\system32\msxml3a.dll
2009-08-06 19:16 . 2009-06-11 20:31   353576   ----a-w-   d:\windows\system32\msvcr71.dll
2009-08-05 09:08 . 2004-08-04 12:00   205312   ----a-w-   d:\windows\system32\mswebdvd.dll
2009-08-04 17:07 . 2009-06-11 22:24   2137600   ----a-w-   d:\windows\system32\ntoskrnl.exe
2009-08-04 17:07 . 2009-06-11 22:24   2017280   ----a-w-   d:\windows\system32\ntkrnlpa.exe
2008-03-09 05:25 . 2009-08-29 12:19   236   ----a-w-   d:\program files\Common Files\dx.reg
2003-11-03 15:07 . 2004-04-23 15:06   499712   ----a-w-   d:\program files\msvcp71.dll
2003-11-03 15:07 . 2004-04-23 15:06   348160   ----a-w-   d:\program files\msvcr71.dll
2003-05-30 07:22 . 2003-09-08 07:09   344064   ----a-r-   d:\program files\msvcr70.dll
2002-01-05 01:40 . 2003-09-08 07:09   487424   ----a-w-   d:\program files\msvcp70.dll
.

(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane 
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-07-10 15:28   1174920   ----a-w-   d:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "d:\program files\Ask.com\GenericAskToolbar.dll" [2009-07-10 1174920]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IPLA!"="d:\program files\ipla\ipla.exe" [2009-10-13 6039960]
"Nowe Gadu-Gadu"="d:\program files\Nowe Gadu-Gadu\gg.exe" [2009-08-31 11391592]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-06-16 2794928]
"Logitech Vid"="d:\program files\Logitech\Logitech Vid\Vid.exe" [2009-07-16 5458704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Reclusa"="d:\program files\Razer\Reclusa\razerhid.exe" [2007-03-07 167936]
"NvMediaCenter"="d:\windows\system32\NvMcTray.dll" [2009-04-30 86016]
"NvCplDaemon"="d:\windows\system32\NvCpl.dll" [2009-04-30 13750272]
"Lycosa"="d:\program files\Razer\Lycosa\razerhid.exe" [2008-10-16 147456]
"Lachesis"="d:\program files\Razer\Lachesis\razerhid.exe" [2007-09-12 172032]
"Adobe Reader Speed Launcher"="d:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Corel File Shell Monitor"="d:\program files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe" [2008-01-15 16200]
"LogitechQuickCamRibbon"="d:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"AVP"="d:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-08-01 208616]
"Corel Photo Downloader"="d:\program files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [2007-12-14 531784]
"RTHDCPL"="RTHDCPL.EXE" - d:\windows\RTHDCPL.exe [2007-04-12 16132608]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

d:\documents and settings\Wˆa˜ciciel\Menu Start\Programy\Autostart\
Logitech . Rejestracja produktu.lnk - d:\program files\Logitech\Logitech WebCam Software\eReg.exe [2009-10-14 517384]

d:\documents and settings\Wˆa˜ciciel\Menu Start\Programy\Autostart\
Logitech . Rejestracja produktu.lnk - d:\program files\Logitech\Logitech WebCam Software\eReg.exe [2009-10-14 517384]

d:\documents and settings\Wˆa˜ciciel\Menu Start\Programy\Autostart\
Logitech . Rejestracja produktu.lnk - d:\program files\Logitech\Logitech WebCam Software\eReg.exe [2009-10-14 517384]

d:\documents and settings\Wˆa˜ciciel\Menu Start\Programy\Autostart\
Logitech . Rejestracja produktu.lnk - d:\program files\Logitech\Logitech WebCam Software\eReg.exe [2009-10-14 517384]

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Menu Start^Programy^Autostart^QuickTV.lnk]
path=d:\documents and settings\All Users\Menu Start\Programy\Autostart\QuickTV.lnk
backup=d:\windows\pss\QuickTV.lnkCommon Startup

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Menu Start^Programy^Autostart^TeleSA.lnk]
path=d:\documents and settings\All Users\Menu Start\Programy\Autostart\TeleSA.lnk
backup=d:\windows\pss\TeleSA.lnkCommon Startup

[HKLM\~\startupfolder\D:^Documents and Settings^Właściciel^Menu Start^Programy^Autostart^OpenOffice.org 3.1.lnk]
path=d:\documents and settings\Właściciel\Menu Start\Programy\Autostart\OpenOffice.org 3.1.lnk
backup=d:\windows\pss\OpenOffice.org 3.1.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\Skype\\Phone\\Skype.exe"=
"d:\\Program Files\\Logitech\\Logitech Vid\\Vid.exe"=

R0 klbg;Kaspersky Lab Boot Guard Driver;d:\windows\system32\drivers\klbg.sys [2008-01-29 33808]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2009/08/06 21:18];d:\program files\CyberLink\PowerDVD9\000.fcl [2009-02-28 18:40 87536]
R2 BT848;AVerMedia, AVerTV WDM Video Capture;d:\windows\system32\drivers\BT848.sys [2009-06-04 261696]
R2 BTTUNER;AVerMedia, AVerTV WDM TvTuner;d:\windows\system32\drivers\bttuner.sys [2009-06-04 22016]
R2 BTXBAR;AVerMedia, AVerTV WDM Crossbar;d:\windows\system32\drivers\btxbar.sys [2009-06-04 13312]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;d:\windows\system32\drivers\klfltdev.sys [2008-03-13 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;d:\windows\system32\drivers\klim5.sys [2008-04-30 24592]
R3 LachesisFltr;Lachesis Mouse Driver;d:\windows\system32\drivers\Lachesis.sys [2009-08-31 12032]
R3 RecFltr;Reclusa Keyboard;d:\windows\system32\drivers\RecFltr.sys [2009-06-07 41984]

--- Inne Usługi/Sterowniki w Pamięci ---

*NewlyCreated* - CLASSPNP_2
*NewlyCreated* - MBR
*Deregistered* - CLASSPNP_2
*Deregistered* - mbr

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"d:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Zawartość folderu 'Zaplanowane zadania'

2009-06-07 d:\windows\Tasks\AppleSoftwareUpdate.job
- d:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2009-11-01 d:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- d:\program files\Ask.com\UpdateTask.exe [2009-07-10 15:29]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.onet.pl/
uInternet Settings,ProxyOverride = <local>
IE: Dodaj do listy blokowanych banerów - d:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
IE: E&ksportuj do programu Microsoft Excel - d:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Ściągnij przez IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Ściągnij wszystkie linki przez IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Ściągnij zawartość wideo FLV przez IDM - c:\program files\Internet Download Manager\IEGetVL.htm
FF - ProfilePath - d:\documents and settings\Właściciel\Dane aplikacji\Mozilla\Firefox\Profiles\ghh5a6ld.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - onet.pl
FF - prefs.js: keyword.URL - hxxp://supertoolbar.ask.com/redirect?client=ff&src=kw&tb=BT3&o=14979&locale=en_US&q=
FF - component: d:\documents and settings\Właściciel\Dane aplikacji\IDM\idmmzcc3\components\idmmzcc.dll
FF - plugin: d:\program files\Mozilla Firefox\plugins\np-mswmp.dll

---- FIREFOX - SPOSÓB POSTĘPOWANIA ----
d:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - USUNIĘTO PUSTE WPISY - - - -

Notify-dimsntfy - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-02 13:40
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

skanowanie ukrytych procesów ... 

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ... 

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\d:\program files\CyberLink\PowerDVD9\000.fcl"
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):c2,d3,76,c4,d7,59,b8,92,01,26,dc,95,e1,d7,35,4e,91,e2,88,82,5c,
   89,00,ac,a2,ee,e3,e7,6e,61,45,00,50,0a,17,7a,00,73,2d,5d,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{92d7efe0-8a78-45fa-9e29-4f82aa4bb25a}]
@Denied: (Full) (Everyone)
"Model"=dword:000000c6
"Therad"=dword:00000021
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
   38,95,44,85,b1,12,f9,90,dd,23,a1,49,8c,bf,1a,9d,fe,41,71,cb,3f,46,a4,7c,ab,\
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

- - - - - - - > 'explorer.exe'(2812)
d:\windows\system32\WININET.dll
d:\windows\system32\webcheck.dll
d:\windows\system32\WPDShServiceObj.dll
d:\windows\system32\PortableDeviceTypes.dll
d:\windows\system32\PortableDeviceApi.dll
d:\windows\system32\browselc.dll
d:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
d:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
d:\documents and settings\Właściciel\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll
d:\windows\system32\ODBC32.dll
d:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.POL
d:\program files\Common Files\Nero\SMC\NeroDigitalExt.dll
d:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
d:\windows\system32\shdoclc.dll
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
d:\windows\system32\nvsvc32.exe
d:\program files\Java\jre6\bin\jqs.exe
d:\program files\Common Files\LightScribe\LSSrvc.exe
d:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
d:\windows\system32\PSIService.exe
d:\windows\system32\wbem\wmiapsrv.exe
d:\windows\system32\RUNDLL32.EXE
d:\program files\Razer\Reclusa\razertra.exe
d:\program files\Razer\Lachesis\OSD.exe
d:\program files\Razer\Lachesis\razertra.exe
d:\program files\Razer\Lachesis\razerofa.exe
.
**************************************************************************
.
Czas ukończenia: 2009-11-02 13:44 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt  2009-11-02 12:44

Przed: 87 364 714 496 bajtów wolnych
Po: 86 992 658 432 bajtów wolnych

- - End Of File - - B3D0FE09DCCD1C5A7FA7176BD55A140D


[wojtas]

Kris14, załoz swoj temat, opisz problem , wstaw loga