Nagłe zatrzymywanie się systemu brak reakcji

[mackobdg]

witam od jakiegoś czasu komputer nagle się zawiesza i nie reaguje konieczny jest restart systemu proszę o sprawdzenie logów
hijackthis

Kod: Zaznacz wszystko

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:55:56, on 2009-02-03
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18372)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\G DATA\InternetSecurity\Firewall\GDFirewallTray.exe
C:\Program Files\G DATA\InternetSecurity\AVKTray\AVKTray.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nowe Gadu-Gadu\gg.exe
C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe
C:\Program Files\G DATA\InternetSecurity\AVK\AVKService.exe
C:\Program Files\G DATA\InternetSecurity\AVK\AVKWCtl.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe
c:\program files\lenovo\system update\suservice.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\G DATA\InternetSecurity\Firewall\GDFwSvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [GDFirewallTray] C:\Program Files\G DATA\InternetSecurity\Firewall\GDFirewallTray.exe
O4 - HKLM\..\Run: [G DATA AntiVirus Trayapplication] C:\Program Files\G DATA\InternetSecurity\AVKTray\AVKTray.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Nowe Gadu-Gadu] "C:\Program Files\Nowe Gadu-Gadu\gg.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1245616491218
O23 - Service: G DATA AntiVirus Proxy (AVKProxy) - G DATA Software - C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe
O23 - Service: G DATA Scheduler (AVKService) - G DATA Software - C:\Program Files\G DATA\InternetSecurity\AVK\AVKService.exe
O23 - Service: Strażnik AntiVirus (AVKWCtl) - G DATA Software AG - C:\Program Files\G DATA\InternetSecurity\AVK\AVKWCtl.exe
O23 - Service: G DATA Personal Firewall (GDFwSvc) - G DATA Software AG - C:\Program Files\G DATA\InternetSecurity\Firewall\GDFwSvc.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: TVT Windows Update Monitor (TVT_UpdateMonitor) - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe

--
End of file - 6100 bytes


combofix

Kod: Zaznacz wszystko

ComboFix 09-02-02.04 - maciej i sabinka 2009-02-03 20:57:33.6 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.3.1250.1.1045.18.3062.2276 [GMT 1:00]
Uruchomiony z: c:\documents and settings\maciej i sabinka\Pulpit\ComboFix.exe
AV: G DATA InternetSecurity 2009 *On-access scanning disabled* (Updated)
FW: G DATA Personal Firewall *enabled*
* Utworzono nowy punkt przywracania
.

(((((((((((((((((((((((((   Pliki utworzone od 2009-01-03 do 2009-02-03  )))))))))))))))))))))))))))))))
.

Nie utworzono żadnych nowych plików w tym okresie

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-21 18:30   ---------   d-----w   c:\program files\Ashampoo
2009-06-21 18:30   ---------   d-----w   c:\documents and settings\maciej i sabinka\Dane aplikacji\Ashampoo
2009-06-21 18:30   ---------   d-----w   c:\documents and settings\All Users\Dane aplikacji\ashampoo
2009-06-21 18:05   ---------   d-----w   c:\program files\VS Revo Group
2009-06-21 17:58   219,648   ------w   c:\windows\system32\uxtheme.dll
2009-06-21 17:06   ---------   d-----w   c:\documents and settings\maciej i sabinka\Dane aplikacji\Nowe Gadu-Gadu
2009-06-21 17:03   ---------   d-----w   c:\program files\Nowe Gadu-Gadu
2009-06-21 16:40   68,296   ------w   c:\windows\system32\drivers\GRD.sys
2009-06-21 09:00   ---------   d-----w   c:\program files\NetWaiting
2009-06-21 09:00   ---------   d-----w   c:\documents and settings\maciej i sabinka\Dane aplikacji\InstallShield
2009-06-21 08:53   ---------   d-----w   c:\program files\DIFX
2009-06-21 08:52   ---------   d-----w   c:\program files\Synaptics
2009-06-21 08:49   ---------   d-----w   c:\program files\CONEXANT
2009-06-21 08:38   ---------   d-----w   c:\program files\Intel
2009-06-19 18:05   ---------   d-----w   c:\documents and settings\All Users\Dane aplikacji\G DATA
2009-06-19 18:01   50,888   ------w   c:\windows\system32\drivers\MiniIcpt.sys
2009-06-19 18:01   50,888   ------w   c:\windows\system32\drivers\GDTdiIcpt.sys
2009-06-19 18:01   32,200   ------w   c:\windows\system32\drivers\HookCentre.sys
2009-06-19 18:01   22,272   ------w   c:\windows\system32\drivers\GDNdisIc.sys
2009-06-19 18:01   ---------   d-----w   c:\program files\Common Files\G DATA
2009-06-19 18:00   ---------   d-----w   c:\program files\G DATA
2009-06-19 17:33   ---------   d-----w   c:\program files\microsoft frontpage
2009-06-19 17:30   ---------   d-----w   c:\program files\Usługi online
2009-02-03 19:51   ---------   d-----w   c:\program files\Mozilla Firefox 3.1 Beta 2
2009-02-03 15:34   ---------   d-----w   c:\documents and settings\maciej i sabinka\Dane aplikacji\Malwarebytes
2009-02-03 15:33   ---------   d-----w   c:\documents and settings\All Users\Dane aplikacji\Malwarebytes
2009-02-02 16:20   410,984   ----a-w   c:\windows\system32\deploytk.dll
2009-02-02 16:20   ---------   d-----w   c:\program files\Java
2009-02-02 15:52   ---------   d-----w   c:\documents and settings\maciej i sabinka\Dane aplikacji\Ancient Quest of Saqqarah__cminion
2009-02-02 15:38   ---------   d-----w   c:\program files\TURK
2009-02-02 13:22   ---------   d-----w   c:\program files\Common Files\Java
2009-02-01 19:27   ---------   d-----w   c:\documents and settings\maciej i sabinka\Dane aplikacji\Winamp
2009-02-01 19:24   ---------   d-----w   c:\program files\Winamp
2009-02-01 13:42   ---------   d-----w   c:\documents and settings\maciej i sabinka\Dane aplikacji\ipla
2009-02-01 13:42   ---------   d-----w   c:\documents and settings\All Users\Dane aplikacji\ipla
2009-02-01 13:40   1,700,352   ----a-w   c:\windows\system32\gdiplus.dll
2009-01-30 19:03   ---------   d-----w   c:\program files\Innovative Solutions
2009-01-30 17:34   ---------   d--h--w   c:\program files\InstallShield Installation Information
2009-01-30 17:33   ---------   d-----w   c:\program files\Common Files\InstallShield
2009-01-30 16:24   ---------   d-----w   c:\program files\Common Files\Lenovo
2009-01-30 11:20   ---------   dc-h--w   c:\documents and settings\All Users\Dane aplikacji\{66E2F539-12B6-4870-A500-7689CDE75C5E}
2009-01-30 11:18   ---------   d-----w   c:\documents and settings\maciej i sabinka\Dane aplikacji\Uniblue
2009-01-28 19:40   ---------   d-----w   c:\program files\El Dorado Quest
2009-01-28 19:32   ---------   d-----w   c:\program files\Retro64 Games
2009-01-28 18:09   ---------   d-----w   c:\documents and settings\maciej i sabinka\Dane aplikacji\Media Player Classic
2009-01-28 18:05   ---------   d-----w   c:\program files\CCleaner
2009-01-27 14:44   ---------   d-----w   c:\program files\MSXML 4.0
2009-01-26 17:04   33,536   ------w   c:\windows\system32\drivers\tvtfilter.sys
2009-01-26 17:04   ---------   d-----w   c:\program files\Lenovo
2009-01-26 17:03   7,012   ------w   c:\windows\system32\drivers\pmemnt.sys
2009-01-26 17:03   30,144   ------w   c:\windows\system32\drivers\psadd.sys
2009-01-26 17:03   118,520   ------w   c:\windows\system32\pxinsi64.exe
2009-01-26 17:03   116,472   ------w   c:\windows\system32\pxcpyi64.exe
2009-01-26 17:00   ---------   d-----w   c:\program files\Broadcom
2009-01-25 20:22   ---------   d-----w   c:\program files\Windows Defender
2009-01-25 16:42   ---------   d-----w   c:\documents and settings\maciej i sabinka\Dane aplikacji\Zylom
2009-01-25 16:42   ---------   d-----w   c:\documents and settings\All Users\Dane aplikacji\Zylom
2009-01-25 16:13   ---------   d-----w   c:\documents and settings\maciej i sabinka\Dane aplikacji\Saqqarah
2009-01-25 15:46   ---------   d-----w   c:\documents and settings\maciej i sabinka\Dane aplikacji\Azureus
2009-01-25 15:39   ---------   d-----w   c:\documents and settings\All Users\Dane aplikacji\Azureus
2009-01-25 15:38   ---------   d-----w   c:\program files\Common Files\i4j_jres
2009-01-25 15:19   ---------   d-----w   c:\program files\Amazonia
2009-01-24 20:26   ---------   d-----w   c:\documents and settings\All Users\Dane aplikacji\Awem
2009-01-24 10:07   ---------   d-----w   c:\program files\Tumblebugs 2
2009-01-24 09:54   ---------   d-----w   c:\program files\PopCap Games
2009-01-23 19:56   ---------   d-----w   c:\program files\ReflexiveArcade
2009-01-23 19:56   ---------   d-----w   c:\documents and settings\maciej i sabinka\Dane aplikacji\Wildfire
2009-01-23 17:17   ---------   d-----w   c:\program files\Trend Micro
2009-01-23 13:13   ---------   d-----w   c:\program files\Reference Assemblies
2009-01-23 13:13   ---------   d-----w   c:\program files\MSBuild
2009-01-22 18:32   ---------   d-----w   c:\program files\K-Lite Codec Pack
2009-01-22 18:28   ---------   d-----w   c:\program files\ALLPlayer
2009-01-22 18:23   ---------   d-----w   c:\program files\NAPI-PROJEKT
2009-01-15 01:05   911,872   ------w   c:\windows\system32\wininet.dll
2009-01-15 01:05   43,008   ------w   c:\windows\system32\licmgr10.dll
2009-01-15 01:04   18,944   ------w   c:\windows\system32\corpol.dll
2009-01-15 01:03   72,704   ------w   c:\windows\system32\admparse.dll
2009-01-15 01:03   71,680   ------w   c:\windows\system32\iesetup.dll
2009-01-15 01:03   420,352   ------w   c:\windows\system32\vbscript.dll
2009-01-15 01:01   34,304   ------w   c:\windows\system32\imgutil.dll
2009-01-15 01:00   48,128   ------w   c:\windows\system32\mshtmler.dll
2009-01-15 01:00   45,568   ------w   c:\windows\system32\mshta.exe
2009-01-15 00:50   156,160   ------w   c:\windows\system32\msls31.dll
2008-12-25 14:17   187,392   ------w   c:\windows\system32\drivers\b57xp32.sys
2008-12-11 10:57   333,952   ------w   c:\windows\system32\drivers\srv.sys
2008-12-11 00:33   86,016   ------w   c:\windows\system32\dpl100.dll
2008-12-08 11:53   57,344   ------w   c:\windows\system32\ff_vfw.dll
2008-12-07 18:08   795,648   ------w   c:\windows\system32\xvidcore.dll
2008-12-07 18:08   130,048   ------w   c:\windows\system32\xvidvfw.dll
2008-11-12 09:05   652,312   ------w   c:\windows\system32\igfxcfg.exe
2008-11-12 09:05   250,392   ------w   c:\windows\system32\igfxsrvc.exe
2008-11-12 09:05   172,056   ------w   c:\windows\system32\igfxext.exe
2008-11-12 09:05   141,336   ------w   c:\windows\system32\igfxtray.exe
2008-11-12 09:05   141,336   ------w   c:\windows\system32\igfxpers.exe
2008-11-12 09:04   173,592   ------w   c:\windows\system32\hkcmd.exe
2008-11-06 16:37   3,596,288   ------w   c:\windows\system32\qt-dx331.dll
2008-11-06 16:33   684,032   ------w   c:\windows\system32\divx.dll
2008-11-03 08:59   147,456   ------w   c:\windows\system32\igfxCoIn_v5009.dll
2008-11-03 08:48   3,773,440   ------w   c:\windows\system32\igxpdx32.dll
2008-11-03 08:47   57,344   ------w   c:\windows\system32\igxprd32.dll
.

------- Sigcheck -------

2008-04-15 13:00  589312  fa1e2372f554782332a8504a58300d15   c:\windows\system32\user32.dll
2008-04-15 13:00  589312  fa1e2372f554782332a8504a58300d15   c:\windows\system32\dllcache\user32.dll
2008-04-15 13:00  580096  a435c5c069afd901751ac323ad238793   c:\windows\VistaMizer\old\user32.dll

2008-04-15 13:00  549888  335813eacd16e84f3047a3326f6e5473   c:\windows\system32\winlogon.exe
2008-04-15 13:00  549888  335813eacd16e84f3047a3326f6e5473   c:\windows\system32\dllcache\winlogon.exe
2008-04-15 13:00  510464  51fd2e13d723857b9ca239ae77150f48   c:\windows\VistaMizer\old\winlogon.exe

2008-08-14 18:27  2067328  638346856e53887b0c3da62a9ab2c203   c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
2008-04-15 13:00  2025472  280cd53ba94a32bca61b5ea01753aed8   c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe
2008-08-14 14:26  2067328  5ab2f07ad3fd76790294ddccc6e06d46   c:\windows\Driver Cache\i386\ntkrnlpa.exe
2008-08-14 14:46  2059008  740d5209ce5ec76bb99923a710cd0a53   c:\windows\SoftwareDistribution\Download\e0f2b4f68b88b3164335825c2ea24f7a\SP2GDR\ntkrnlpa.exe
2008-08-14 14:40  2064256  bd1c2093733023e5afc1520c095c2195   c:\windows\SoftwareDistribution\Download\e0f2b4f68b88b3164335825c2ea24f7a\SP2QFE\ntkrnlpa.exe
2008-08-14 14:26  2067328  5ab2f07ad3fd76790294ddccc6e06d46   c:\windows\SoftwareDistribution\Download\e0f2b4f68b88b3164335825c2ea24f7a\SP3GDR\ntkrnlpa.exe
2008-08-14 18:27  2067328  638346856e53887b0c3da62a9ab2c203   c:\windows\SoftwareDistribution\Download\e0f2b4f68b88b3164335825c2ea24f7a\SP3QFE\ntkrnlpa.exe
2008-08-14 14:26  2282496  dcd626b644711a21b19bc79e100420fa   c:\windows\system32\ntkrnlpa.exe
2008-08-14 14:26  2282496  dcd626b644711a21b19bc79e100420fa   c:\windows\system32\dllcache\ntkrnlpa.exe
2008-08-14 14:26  2025472  e7a6d707315001dddc18e2fd4e0d0a6b   c:\windows\VistaMizer\old\ntkrnlpa.exe

2008-08-14 18:27  2190464  dcdd970025463dfc9676ebe18abd6a86   c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
2008-04-15 13:00  2146816  1b4b41ac8cdaa66ded8999a7de212d3e   c:\windows\$NtUninstallKB956841$\ntoskrnl.exe
2008-08-14 14:26  2190464  9ce159c91e076ff6c25d055310ebb259   c:\windows\Driver Cache\i386\ntoskrnl.exe
2008-08-14 14:46  2181632  1e808411607a060ad7c582b7556c9afa   c:\windows\SoftwareDistribution\Download\e0f2b4f68b88b3164335825c2ea24f7a\SP2GDR\ntoskrnl.exe
2008-08-14 14:40  2187264  8eac2f887f5e093186a6b2e548f719ba   c:\windows\SoftwareDistribution\Download\e0f2b4f68b88b3164335825c2ea24f7a\SP2QFE\ntoskrnl.exe
2008-08-14 14:26  2190464  9ce159c91e076ff6c25d055310ebb259   c:\windows\SoftwareDistribution\Download\e0f2b4f68b88b3164335825c2ea24f7a\SP3GDR\ntoskrnl.exe
2008-08-14 18:27  2190464  dcdd970025463dfc9676ebe18abd6a86   c:\windows\SoftwareDistribution\Download\e0f2b4f68b88b3164335825c2ea24f7a\SP3QFE\ntoskrnl.exe
2008-08-14 14:26  2403840  c67ecbd799b4f2422f4d54bf4413aa34   c:\windows\system32\ntoskrnl.exe
2008-08-14 14:26  2403840  c67ecbd799b4f2422f4d54bf4413aa34   c:\windows\system32\dllcache\ntoskrnl.exe
2008-08-14 14:26  2146816  5f320d7766c59566310ce2f255b6672b   c:\windows\VistaMizer\old\ntoskrnl.exe

2008-04-15 13:00  1553408  a08939afcdbe68f67e9c35383a4ce62c   c:\windows\explorer.exe
2008-04-15 13:00  1553408  a08939afcdbe68f67e9c35383a4ce62c   c:\windows\system32\dllcache\explorer.exe
2008-04-15 13:00  1035264  c791ed9eac5e76d9525e157b1d7a599a   c:\windows\VistaMizer\old\explorer.exe

2008-04-15 13:00  25088  5336d3244305fd884215daf84d108566   c:\windows\system32\ctfmon.exe
2008-04-15 13:00  25088  5336d3244305fd884215daf84d108566   c:\windows\system32\dllcache\ctfmon.exe
2008-04-15 13:00  15360  1bd41eda5b869afc99895c39a8de36e1   c:\windows\VistaMizer\old\ctfmon.exe
.
(((((((((((((((((((((((((((((   snapshot_2009-02-01_20.53.46,82   )))))))))))))))))))))))))))))))))))))))))
.
- 2005-10-20 12:02:28   163,328   ----a-w   c:\windows\ERDNT\Hiv-backup\ERDNT.EXE
+ 2005-10-20 19:02:28   163,328   ----a-w   c:\windows\ERDNT\Hiv-backup\ERDNT.EXE
- 2000-08-31 07:00:00   286,720   ----a-w   c:\windows\SWREG.exe
+ 2000-08-31 07:00:00   161,792   ----a-w   c:\windows\SWREG.exe
+ 2009-02-02 16:20:53   144,792   ----a-w   c:\windows\system32\java.exe
+ 2009-02-02 16:20:53   144,792   ----a-w   c:\windows\system32\javaw.exe
+ 2009-02-02 16:20:53   148,888   ----a-w   c:\windows\system32\javaws.exe
- 2009-01-30 12:39:57   71,394   ------w   c:\windows\system32\perfc009.dat
+ 2009-02-02 10:11:49   71,394   ----a-w   c:\windows\system32\perfc009.dat
- 2009-01-30 12:39:57   89,036   ------w   c:\windows\system32\perfc015.dat
+ 2009-02-02 10:11:49   89,036   ----a-w   c:\windows\system32\perfc015.dat
- 2009-01-30 12:39:57   441,458   ------w   c:\windows\system32\perfh009.dat
+ 2009-02-02 10:11:49   441,458   ----a-w   c:\windows\system32\perfh009.dat
- 2009-01-30 12:39:57   500,540   ------w   c:\windows\system32\perfh015.dat
+ 2009-02-02 10:11:49   500,540   ----a-w   c:\windows\system32\perfh015.dat
+ 2009-02-03 19:50:34   16,384   ----atw   c:\windows\Temp\Perflib_Perfdata_4dc.dat
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-15 25088]
"Nowe Gadu-Gadu"="c:\program files\Nowe Gadu-Gadu\gg.exe" [2008-12-22 8966760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GDFirewallTray"="c:\program files\G DATA\InternetSecurity\Firewall\GDFirewallTray.exe" [2008-09-09 1037992]
"G DATA AntiVirus Trayapplication"="c:\program files\G DATA\InternetSecurity\AVKTray\AVKTray.exe" [2008-09-08 993864]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2007-08-10 110592]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-08-10 512000]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-11-12 141336]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-11-12 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-11-12 141336]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-05-14 487424]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 25088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverMax]
--------- 2009-01-30 11:50 5386584 c:\program files\Innovative Solutions\DriverMax\devices.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2009-02-02 17:20 136600 c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2008-08-04 00:02 36352 c:\program files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=

R0 GDNdisIc;GDNdisIc;c:\windows\system32\drivers\GDNdisIc.sys [2009-06-19 22272]
R1 GRD;G DATA Rootkit Detector Driver;c:\windows\system32\drivers\GRD.sys [2009-06-21 68296]
R1 tvtumon;tvtumon;c:\windows\system32\drivers\tvtumon.sys [2008-05-09 46144]
R2 AVKProxy;G DATA AntiVirus Proxy;c:\program files\Common Files\G DATA\AVKProxy\AVKProxy.exe [2008-09-08 651336]
R2 AVKService;G DATA Scheduler;c:\program files\G DATA\InternetSecurity\AVK\AVKService.exe [2008-09-08 386120]
R2 AVKWCtl;Strażnik AntiVirus;c:\program files\G DATA\InternetSecurity\AVK\AVKWCtl.exe [2008-08-14 1185496]
R2 GDTdiInterceptor;GDTdiInterceptor;c:\windows\system32\drivers\GDTdiIcpt.sys [2009-06-19 50888]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [2008-05-14 520192]
R2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\Lenovo\Rescue and Recovery\UpdateMonitor.exe [2008-05-09 360448]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R3 GDFwSvc;G DATA Personal Firewall;c:\program files\G DATA\InternetSecurity\Firewall\GDFwSvc.exe [2008-08-15 1395616]
R3 GDMnIcpt;GDMnIcpt;c:\windows\system32\drivers\MiniIcpt.sys [2009-06-19 50888]
R3 HookCentre;HookCentre;c:\windows\system32\drivers\HookCentre.sys [2009-06-19 32200]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2008-02-22 37312]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Zawartość folderu 'Zaplanowane zadania'

2009-02-03 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]

2009-01-29 c:\windows\Tasks\NSSstub.job
- c:\windows\system32\Adobe\Shockwave 11\nssstub.exe []
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.wp.pl/
uInternet Settings,ProxyOverride = <local>
FF - ProfilePath - c:\documents and settings\maciej i sabinka\Dane aplikacji\Mozilla\Firefox\Profiles\n15xqtyr.default\
FF - prefs.js: browser.startup.homepage - www.dobreprogramy.pl
FF - plugin: c:\documents and settings\All Users\Dane aplikacji\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll

---- FIREFOX - SPOSÓB POSTĘPOWANIA ----
c:\program files\Mozilla Firefox 3.1 Beta 2\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox 3.1 Beta 2\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox 3.1 Beta 2\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox 3.1 Beta 2\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox 3.1 Beta 2\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-03 20:59:05
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

skanowanie ukrytych procesów ... 

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ... 


c:\windows\TEMP\TMP00000063D1A1C3501385A595 524288 bytes executable

skanowanie pomyślnie ukończone
ukryte pliki: 1

**************************************************************************
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

- - - - - - - > 'winlogon.exe'(792)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\cscui.dll
c:\windows\system32\COMRes.dll

- - - - - - - > 'lsass.exe'(872)
c:\windows\system32\setupapi.dll
c:\windows\system32\scecli.dll
c:\windows\system32\psbase.dll
.
Czas ukończenia: 2009-02-03 21:00:29
ComboFix-quarantined-files.txt  2009-02-03 20:00:26

Przed: 5 910 351 872 bajtów wolnych
Po: 5,899,706,368 bajtów wolnych

266   --- E O F ---   2009-02-03 10:14:45

[wojtas]

wklej do notatnika

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

w notatniku u góry>>>plik zapisz jako>>>Zmien rozszerzenie z TXT na Wszystkie pliki *.* >>> Zapisz pod nazwą FIX.REG

Klikasz dwa razy na powstały plik fix i dodajesz go do rejestru....

skasuj;

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

1. Ściągnij OTMoveIt i go włacz i odpal go z opcji CleanUp oraz skasuj folder C:\Qoobox
2. wykonaj optymalizację windowsa
3.sciagnij ATF_Cleaner
zaznacz
Windows Temp
All users Temp
Temporary internet files
Recycle Bin
i wcisnij EMPTY SELECTED
4.Wyłącz przywracanie systemu ( właściwości mój komputer-zakładka przywracanie - wyłącz przywracanie na wszystkich dyskach). Po chwili włącz je powrotem
5. Wykonaj skan Dr. Web CureIt
6. Przeskanuj obszar mojego komputera http://www.kaspersky.pl/virusscanner.html (uruchom przez IE) Daj raport z niego na forum.

i tym:

FixIEDef.

[mackobdg]

kaspersky nic nie wykrył zrobiłem to wszystko podaje nowe logi
hijackthis

Kod: Zaznacz wszystko

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:56:13, on 2009-02-03
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18372)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\G DATA\InternetSecurity\Firewall\GDFirewallTray.exe
C:\Program Files\G DATA\InternetSecurity\AVKTray\AVKTray.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nowe Gadu-Gadu\gg.exe
C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe
C:\Program Files\G DATA\InternetSecurity\AVK\AVKService.exe
C:\Program Files\G DATA\InternetSecurity\AVK\AVKWCtl.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe
c:\program files\lenovo\system update\suservice.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\G DATA\InternetSecurity\Firewall\GDFwSvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [GDFirewallTray] C:\Program Files\G DATA\InternetSecurity\Firewall\GDFirewallTray.exe
O4 - HKLM\..\Run: [G DATA AntiVirus Trayapplication] C:\Program Files\G DATA\InternetSecurity\AVKTray\AVKTray.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Nowe Gadu-Gadu] "C:\Program Files\Nowe Gadu-Gadu\gg.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1245616491218
O23 - Service: G DATA AntiVirus Proxy (AVKProxy) - G DATA Software - C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe
O23 - Service: G DATA Scheduler (AVKService) - G DATA Software - C:\Program Files\G DATA\InternetSecurity\AVK\AVKService.exe
O23 - Service: Strażnik AntiVirus (AVKWCtl) - G DATA Software AG - C:\Program Files\G DATA\InternetSecurity\AVK\AVKWCtl.exe
O23 - Service: G DATA Personal Firewall (GDFwSvc) - G DATA Software AG - C:\Program Files\G DATA\InternetSecurity\Firewall\GDFwSvc.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: TVT Windows Update Monitor (TVT_UpdateMonitor) - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe

--
End of file - 6080 bytes


combofix

Kod: Zaznacz wszystko

ComboFix 09-02-02.04 - maciej i sabinka 2009-02-03 21:57:21.7 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.3.1250.1.1045.18.3062.1945 [GMT 1:00]
Uruchomiony z: c:\documents and settings\maciej i sabinka\Pulpit\ComboFix.exe
AV: G DATA InternetSecurity 2009 *On-access scanning disabled* (Updated)
FW: G DATA Personal Firewall *enabled*
.

(((((((((((((((((((((((((   Pliki utworzone od 2009-01-03 do 2009-02-03  )))))))))))))))))))))))))))))))
.

Nie utworzono żadnych nowych plików w tym okresie

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-21 18:30   ---------   d-----w   c:\program files\Ashampoo
2009-06-21 18:30   ---------   d-----w   c:\documents and settings\maciej i sabinka\Dane aplikacji\Ashampoo
2009-06-21 18:30   ---------   d-----w   c:\documents and settings\All Users\Dane aplikacji\ashampoo
2009-06-21 18:05   ---------   d-----w   c:\program files\VS Revo Group
2009-06-21 17:58   219,648   ------w   c:\windows\system32\uxtheme.dll
2009-06-21 17:06   ---------   d-----w   c:\documents and settings\maciej i sabinka\Dane aplikacji\Nowe Gadu-Gadu
2009-06-21 17:03   ---------   d-----w   c:\program files\Nowe Gadu-Gadu
2009-06-21 16:40   68,296   ------w   c:\windows\system32\drivers\GRD.sys
2009-06-21 09:00   ---------   d-----w   c:\program files\NetWaiting
2009-06-21 09:00   ---------   d-----w   c:\documents and settings\maciej i sabinka\Dane aplikacji\InstallShield
2009-06-21 08:53   ---------   d-----w   c:\program files\DIFX
2009-06-21 08:52   ---------   d-----w   c:\program files\Synaptics
2009-06-21 08:49   ---------   d-----w   c:\program files\CONEXANT
2009-06-21 08:38   ---------   d-----w   c:\program files\Intel
2009-06-19 18:05   ---------   d-----w   c:\documents and settings\All Users\Dane aplikacji\G DATA
2009-06-19 18:01   50,888   ------w   c:\windows\system32\drivers\MiniIcpt.sys
2009-06-19 18:01   50,888   ------w   c:\windows\system32\drivers\GDTdiIcpt.sys
2009-06-19 18:01   32,200   ------w   c:\windows\system32\drivers\HookCentre.sys
2009-06-19 18:01   22,272   ------w   c:\windows\system32\drivers\GDNdisIc.sys
2009-06-19 18:01   ---------   d-----w   c:\program files\Common Files\G DATA
2009-06-19 18:00   ---------   d-----w   c:\program files\G DATA
2009-06-19 17:33   ---------   d-----w   c:\program files\microsoft frontpage
2009-06-19 17:30   ---------   d-----w   c:\program files\Usługi online
2009-02-03 20:54   ---------   d-----w   c:\program files\Mozilla Firefox 3.1 Beta 2
2009-02-03 15:34   ---------   d-----w   c:\documents and settings\maciej i sabinka\Dane aplikacji\Malwarebytes
2009-02-03 15:33   ---------   d-----w   c:\documents and settings\All Users\Dane aplikacji\Malwarebytes
2009-02-02 16:20   410,984   ----a-w   c:\windows\system32\deploytk.dll
2009-02-02 16:20   ---------   d-----w   c:\program files\Java
2009-02-02 15:52   ---------   d-----w   c:\documents and settings\maciej i sabinka\Dane aplikacji\Ancient Quest of Saqqarah__cminion
2009-02-02 15:38   ---------   d-----w   c:\program files\TURK
2009-02-02 13:22   ---------   d-----w   c:\program files\Common Files\Java
2009-02-01 19:27   ---------   d-----w   c:\documents and settings\maciej i sabinka\Dane aplikacji\Winamp
2009-02-01 19:24   ---------   d-----w   c:\program files\Winamp
2009-02-01 13:42   ---------   d-----w   c:\documents and settings\maciej i sabinka\Dane aplikacji\ipla
2009-02-01 13:42   ---------   d-----w   c:\documents and settings\All Users\Dane aplikacji\ipla
2009-02-01 13:40   1,700,352   ----a-w   c:\windows\system32\gdiplus.dll
2009-01-30 19:03   ---------   d-----w   c:\program files\Innovative Solutions
2009-01-30 17:34   ---------   d--h--w   c:\program files\InstallShield Installation Information
2009-01-30 17:33   ---------   d-----w   c:\program files\Common Files\InstallShield
2009-01-30 16:24   ---------   d-----w   c:\program files\Common Files\Lenovo
2009-01-30 11:20   ---------   dc-h--w   c:\documents and settings\All Users\Dane aplikacji\{66E2F539-12B6-4870-A500-7689CDE75C5E}
2009-01-30 11:18   ---------   d-----w   c:\documents and settings\maciej i sabinka\Dane aplikacji\Uniblue
2009-01-28 19:40   ---------   d-----w   c:\program files\El Dorado Quest
2009-01-28 19:32   ---------   d-----w   c:\program files\Retro64 Games
2009-01-28 18:09   ---------   d-----w   c:\documents and settings\maciej i sabinka\Dane aplikacji\Media Player Classic
2009-01-28 18:05   ---------   d-----w   c:\program files\CCleaner
2009-01-27 14:44   ---------   d-----w   c:\program files\MSXML 4.0
2009-01-26 17:04   33,536   ------w   c:\windows\system32\drivers\tvtfilter.sys
2009-01-26 17:04   ---------   d-----w   c:\program files\Lenovo
2009-01-26 17:03   7,012   ------w   c:\windows\system32\drivers\pmemnt.sys
2009-01-26 17:03   30,144   ------w   c:\windows\system32\drivers\psadd.sys
2009-01-26 17:03   118,520   ------w   c:\windows\system32\pxinsi64.exe
2009-01-26 17:03   116,472   ------w   c:\windows\system32\pxcpyi64.exe
2009-01-26 17:00   ---------   d-----w   c:\program files\Broadcom
2009-01-25 20:22   ---------   d-----w   c:\program files\Windows Defender
2009-01-25 16:42   ---------   d-----w   c:\documents and settings\maciej i sabinka\Dane aplikacji\Zylom
2009-01-25 16:42   ---------   d-----w   c:\documents and settings\All Users\Dane aplikacji\Zylom
2009-01-25 16:13   ---------   d-----w   c:\documents and settings\maciej i sabinka\Dane aplikacji\Saqqarah
2009-01-25 15:46   ---------   d-----w   c:\documents and settings\maciej i sabinka\Dane aplikacji\Azureus
2009-01-25 15:39   ---------   d-----w   c:\documents and settings\All Users\Dane aplikacji\Azureus
2009-01-25 15:38   ---------   d-----w   c:\program files\Common Files\i4j_jres
2009-01-25 15:19   ---------   d-----w   c:\program files\Amazonia
2009-01-24 20:26   ---------   d-----w   c:\documents and settings\All Users\Dane aplikacji\Awem
2009-01-24 10:07   ---------   d-----w   c:\program files\Tumblebugs 2
2009-01-24 09:54   ---------   d-----w   c:\program files\PopCap Games
2009-01-23 19:56   ---------   d-----w   c:\program files\ReflexiveArcade
2009-01-23 19:56   ---------   d-----w   c:\documents and settings\maciej i sabinka\Dane aplikacji\Wildfire
2009-01-23 17:17   ---------   d-----w   c:\program files\Trend Micro
2009-01-23 13:13   ---------   d-----w   c:\program files\Reference Assemblies
2009-01-23 13:13   ---------   d-----w   c:\program files\MSBuild
2009-01-22 18:32   ---------   d-----w   c:\program files\K-Lite Codec Pack
2009-01-22 18:28   ---------   d-----w   c:\program files\ALLPlayer
2009-01-22 18:23   ---------   d-----w   c:\program files\NAPI-PROJEKT
2009-01-15 01:05   911,872   ------w   c:\windows\system32\wininet.dll
2009-01-15 01:05   43,008   ------w   c:\windows\system32\licmgr10.dll
2009-01-15 01:04   18,944   ------w   c:\windows\system32\corpol.dll
2009-01-15 01:03   72,704   ------w   c:\windows\system32\admparse.dll
2009-01-15 01:03   71,680   ------w   c:\windows\system32\iesetup.dll
2009-01-15 01:03   420,352   ------w   c:\windows\system32\vbscript.dll
2009-01-15 01:01   34,304   ------w   c:\windows\system32\imgutil.dll
2009-01-15 01:00   48,128   ------w   c:\windows\system32\mshtmler.dll
2009-01-15 01:00   45,568   ------w   c:\windows\system32\mshta.exe
2009-01-15 00:50   156,160   ------w   c:\windows\system32\msls31.dll
2008-12-25 14:17   187,392   ------w   c:\windows\system32\drivers\b57xp32.sys
2008-12-11 10:57   333,952   ------w   c:\windows\system32\drivers\srv.sys
2008-12-11 00:33   86,016   ------w   c:\windows\system32\dpl100.dll
2008-12-08 11:53   57,344   ------w   c:\windows\system32\ff_vfw.dll
2008-12-07 18:08   795,648   ------w   c:\windows\system32\xvidcore.dll
2008-12-07 18:08   130,048   ------w   c:\windows\system32\xvidvfw.dll
2008-11-12 09:05   652,312   ------w   c:\windows\system32\igfxcfg.exe
2008-11-12 09:05   250,392   ------w   c:\windows\system32\igfxsrvc.exe
2008-11-12 09:05   172,056   ------w   c:\windows\system32\igfxext.exe
2008-11-12 09:05   141,336   ------w   c:\windows\system32\igfxtray.exe
2008-11-12 09:05   141,336   ------w   c:\windows\system32\igfxpers.exe
2008-11-12 09:04   173,592   ------w   c:\windows\system32\hkcmd.exe
2008-11-06 16:37   3,596,288   ------w   c:\windows\system32\qt-dx331.dll
2008-11-06 16:33   684,032   ------w   c:\windows\system32\divx.dll
2008-11-03 08:59   147,456   ------w   c:\windows\system32\igfxCoIn_v5009.dll
2008-11-03 08:48   3,773,440   ------w   c:\windows\system32\igxpdx32.dll
2008-11-03 08:47   57,344   ------w   c:\windows\system32\igxprd32.dll
.

------- Sigcheck -------

2008-04-15 13:00  589312  fa1e2372f554782332a8504a58300d15   c:\windows\system32\user32.dll
2008-04-15 13:00  589312  fa1e2372f554782332a8504a58300d15   c:\windows\system32\dllcache\user32.dll
2008-04-15 13:00  580096  a435c5c069afd901751ac323ad238793   c:\windows\VistaMizer\old\user32.dll

2008-04-15 13:00  549888  335813eacd16e84f3047a3326f6e5473   c:\windows\system32\winlogon.exe
2008-04-15 13:00  549888  335813eacd16e84f3047a3326f6e5473   c:\windows\system32\dllcache\winlogon.exe
2008-04-15 13:00  510464  51fd2e13d723857b9ca239ae77150f48   c:\windows\VistaMizer\old\winlogon.exe

2008-08-14 18:27  2067328  638346856e53887b0c3da62a9ab2c203   c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
2008-04-15 13:00  2025472  280cd53ba94a32bca61b5ea01753aed8   c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe
2008-08-14 14:26  2067328  5ab2f07ad3fd76790294ddccc6e06d46   c:\windows\Driver Cache\i386\ntkrnlpa.exe
2008-08-14 14:46  2059008  740d5209ce5ec76bb99923a710cd0a53   c:\windows\SoftwareDistribution\Download\e0f2b4f68b88b3164335825c2ea24f7a\SP2GDR\ntkrnlpa.exe
2008-08-14 14:40  2064256  bd1c2093733023e5afc1520c095c2195   c:\windows\SoftwareDistribution\Download\e0f2b4f68b88b3164335825c2ea24f7a\SP2QFE\ntkrnlpa.exe
2008-08-14 14:26  2067328  5ab2f07ad3fd76790294ddccc6e06d46   c:\windows\SoftwareDistribution\Download\e0f2b4f68b88b3164335825c2ea24f7a\SP3GDR\ntkrnlpa.exe
2008-08-14 18:27  2067328  638346856e53887b0c3da62a9ab2c203   c:\windows\SoftwareDistribution\Download\e0f2b4f68b88b3164335825c2ea24f7a\SP3QFE\ntkrnlpa.exe
2008-08-14 14:26  2282496  dcd626b644711a21b19bc79e100420fa   c:\windows\system32\ntkrnlpa.exe
2008-08-14 14:26  2282496  dcd626b644711a21b19bc79e100420fa   c:\windows\system32\dllcache\ntkrnlpa.exe
2008-08-14 14:26  2025472  e7a6d707315001dddc18e2fd4e0d0a6b   c:\windows\VistaMizer\old\ntkrnlpa.exe

2008-08-14 18:27  2190464  dcdd970025463dfc9676ebe18abd6a86   c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
2008-04-15 13:00  2146816  1b4b41ac8cdaa66ded8999a7de212d3e   c:\windows\$NtUninstallKB956841$\ntoskrnl.exe
2008-08-14 14:26  2190464  9ce159c91e076ff6c25d055310ebb259   c:\windows\Driver Cache\i386\ntoskrnl.exe
2008-08-14 14:46  2181632  1e808411607a060ad7c582b7556c9afa   c:\windows\SoftwareDistribution\Download\e0f2b4f68b88b3164335825c2ea24f7a\SP2GDR\ntoskrnl.exe
2008-08-14 14:40  2187264  8eac2f887f5e093186a6b2e548f719ba   c:\windows\SoftwareDistribution\Download\e0f2b4f68b88b3164335825c2ea24f7a\SP2QFE\ntoskrnl.exe
2008-08-14 14:26  2190464  9ce159c91e076ff6c25d055310ebb259   c:\windows\SoftwareDistribution\Download\e0f2b4f68b88b3164335825c2ea24f7a\SP3GDR\ntoskrnl.exe
2008-08-14 18:27  2190464  dcdd970025463dfc9676ebe18abd6a86   c:\windows\SoftwareDistribution\Download\e0f2b4f68b88b3164335825c2ea24f7a\SP3QFE\ntoskrnl.exe
2008-08-14 14:26  2403840  c67ecbd799b4f2422f4d54bf4413aa34   c:\windows\system32\ntoskrnl.exe
2008-08-14 14:26  2403840  c67ecbd799b4f2422f4d54bf4413aa34   c:\windows\system32\dllcache\ntoskrnl.exe
2008-08-14 14:26  2146816  5f320d7766c59566310ce2f255b6672b   c:\windows\VistaMizer\old\ntoskrnl.exe

2008-04-15 13:00  1553408  a08939afcdbe68f67e9c35383a4ce62c   c:\windows\explorer.exe
2008-04-15 13:00  1553408  a08939afcdbe68f67e9c35383a4ce62c   c:\windows\system32\dllcache\explorer.exe
2008-04-15 13:00  1035264  c791ed9eac5e76d9525e157b1d7a599a   c:\windows\VistaMizer\old\explorer.exe

2008-04-15 13:00  25088  5336d3244305fd884215daf84d108566   c:\windows\system32\ctfmon.exe
2008-04-15 13:00  25088  5336d3244305fd884215daf84d108566   c:\windows\system32\dllcache\ctfmon.exe
2008-04-15 13:00  15360  1bd41eda5b869afc99895c39a8de36e1   c:\windows\VistaMizer\old\ctfmon.exe
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-15 25088]
"Nowe Gadu-Gadu"="c:\program files\Nowe Gadu-Gadu\gg.exe" [2008-12-22 8966760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GDFirewallTray"="c:\program files\G DATA\InternetSecurity\Firewall\GDFirewallTray.exe" [2008-09-09 1037992]
"G DATA AntiVirus Trayapplication"="c:\program files\G DATA\InternetSecurity\AVKTray\AVKTray.exe" [2008-09-08 993864]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2007-08-10 110592]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-08-10 512000]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-11-12 141336]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-11-12 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-11-12 141336]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-05-14 487424]
"MSConfig"="c:\windows\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2008-04-15 196096]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 25088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverMax]
--------- 2009-01-30 11:50 5386584 c:\program files\Innovative Solutions\DriverMax\devices.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2009-02-02 17:20 136600 c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2008-08-04 00:02 36352 c:\program files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=

R0 GDNdisIc;GDNdisIc;c:\windows\system32\drivers\GDNdisIc.sys [2009-06-19 22272]
R1 GRD;G DATA Rootkit Detector Driver;c:\windows\system32\drivers\GRD.sys [2009-06-21 68296]
R1 tvtumon;tvtumon;c:\windows\system32\drivers\tvtumon.sys [2008-05-09 46144]
R2 AVKProxy;G DATA AntiVirus Proxy;c:\program files\Common Files\G DATA\AVKProxy\AVKProxy.exe [2008-09-08 651336]
R2 AVKService;G DATA Scheduler;c:\program files\G DATA\InternetSecurity\AVK\AVKService.exe [2008-09-08 386120]
R2 AVKWCtl;Strażnik AntiVirus;c:\program files\G DATA\InternetSecurity\AVK\AVKWCtl.exe [2008-08-14 1185496]
R2 GDTdiInterceptor;GDTdiInterceptor;c:\windows\system32\drivers\GDTdiIcpt.sys [2009-06-19 50888]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [2008-05-14 520192]
R2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\Lenovo\Rescue and Recovery\UpdateMonitor.exe [2008-05-09 360448]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R3 GDFwSvc;G DATA Personal Firewall;c:\program files\G DATA\InternetSecurity\Firewall\GDFwSvc.exe [2008-08-15 1395616]
R3 GDMnIcpt;GDMnIcpt;c:\windows\system32\drivers\MiniIcpt.sys [2009-06-19 50888]
R3 HookCentre;HookCentre;c:\windows\system32\drivers\HookCentre.sys [2009-06-19 32200]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2008-02-22 37312]

--- Inne Usługi/Sterowniki w Pamięci ---

*Deregistered* - DwShield000017F7
.
Zawartość folderu 'Zaplanowane zadania'

2009-02-03 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]

2009-01-29 c:\windows\Tasks\NSSstub.job
- c:\windows\system32\Adobe\Shockwave 11\nssstub.exe []
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.wp.pl/
uInternet Settings,ProxyOverride = <local>
FF - ProfilePath - c:\documents and settings\maciej i sabinka\Dane aplikacji\Mozilla\Firefox\Profiles\n15xqtyr.default\
FF - prefs.js: browser.startup.homepage - www.dobreprogramy.pl
FF - plugin: c:\documents and settings\All Users\Dane aplikacji\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll

---- FIREFOX - SPOSÓB POSTĘPOWANIA ----
c:\program files\Mozilla Firefox 3.1 Beta 2\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox 3.1 Beta 2\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox 3.1 Beta 2\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox 3.1 Beta 2\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox 3.1 Beta 2\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-03 21:58:51
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

skanowanie ukrytych procesów ... 

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ... 

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

- - - - - - - > 'winlogon.exe'(784)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\cscui.dll
c:\windows\system32\COMRes.dll

- - - - - - - > 'lsass.exe'(840)
c:\windows\system32\setupapi.dll
c:\windows\system32\scecli.dll
c:\windows\system32\psbase.dll
.
Czas ukończenia: 2009-02-03 22:00:14
ComboFix-quarantined-files.txt  2009-02-03 21:00:11

Przed: 5 904 486 400 bajtów wolnych
Po: 5,959,020,544 bajtów wolnych

246   --- E O F ---   2009-02-03 10:14:45


[wojtas]

czysto

[mackobdg]

Dziękuje za pomoc