Problem z wirusami

[Wuch]

Proszę o profilaktyczne sprawdzenie logów, gdyż mam małe problemy z PC. A dokładnie chodzi o restartowanie się PC podczas grania np. w CoD4 albo BF2 i o to, że nie mogę go wyłączyć :O Zamiast wyłączyć się, restartuje się. Jakby ktoś miał jakieś pytania, to opiszę dokładniej.

Logi z HijackThis

Kod: Zaznacz wszystko

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:07:13, on 2009-02-23
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\TPSrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Marvell\61xx\svc\mvraidsvc.exe
C:\Program Files\Marvell\61xx\Apache2\bin\Apache.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\PsCtrls.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\PavFnSvr.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\pavsrv51.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\AVENGINE.EXE
C:\Program Files\Panda Security\Panda Internet Security 2008\AntiSpam\pskmssvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
c:\program files\panda security\panda internet security 2008\firewall\PSHOST.EXE
C:\Program Files\Panda Security\Panda Internet Security 2008\PsImSvc.exe
C:\Program Files\Marvell\61xx\Apache2\bin\Apache.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\ApvxdWin.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\SRVLOAD.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\PavBckPT.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Downloads\FF Download\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {259F616C-A300-44F5-B04A-ED001A26C85C} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Internet Security 2008\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Security\Panda Internet Security 2008\Inicio.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [HomeAlarm] C:\Program Files\Chameleon Clock\ChamClock.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Marvell RAID Event Agent (Marvell RAID) - Unknown owner - C:\Program Files\Marvell\61xx\svc\mvraidsvc.exe
O23 - Service: MRU Web Service (MRUWebService) - Apache Software Foundation - C:\Program Files\Marvell\61xx\Apache2\bin\Apache.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\PsCtrls.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\pavsrv51.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\AntiSpam\pskmssvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Panda Host Service (PSHost) - Panda Software International - c:\program files\panda security\panda internet security 2008\firewall\PSHOST.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\PsImSvc.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\TPSrv.exe

--
End of file - 8097 bytes


Log z ComboFix

Kod: Zaznacz wszystko

ComboFix 09-02-21.01 - Wuch 2009-02-23 19:55:59.1 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.3.1250.1.1045.18.2047.1479 [GMT 1:00]
Uruchomiony z: c:\downloads\FF Download\ComboFix.exe
AV: Panda Internet Security 2008 *On-access scanning disabled* (Outdated)
FW: Panda Internet Security 2008 *disabled*
* Utworzono nowy punkt przywracania
.

(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\bbJRCcdd.ini
c:\windows\system32\bbJRCcdd.ini2
c:\windows\system32\huwxuuig.ini
c:\windows\system32\winmfu32.dll
c:\windows\Tasks\csgspvmm.job

.
(((((((((((((((((((((((((   Pliki utworzone od 2009-01-23 do 2009-02-23  )))))))))))))))))))))))))))))))
.

2009-02-21 14:38 . 2009-02-21 14:38   <DIR>   d--------   c:\documents and settings\Wuch\Dane aplikacji\Nowe Gadu-Gadu
2009-02-20 22:12 . 2009-02-20 22:12   <DIR>   d--------   c:\program files\NAPI-PROJEKT
2009-01-31 13:57 . 2009-01-31 13:57   <DIR>   d--------   c:\program files\Mp3 Knife
2009-01-31 13:57 . 2004-04-12 17:27   609,584   --a------   c:\windows\system32\comctl32.ocx
2009-01-31 13:57 . 2004-04-12 17:27   152,848   --a------   c:\windows\system32\comdlg32.ocx

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-23 19:00   1,324   ----a-w   c:\windows\system32\drivers\APPFLTR.CFG.bck
2009-02-23 19:00   1,324   ----a-w   c:\windows\system32\drivers\APPFLTR.CFG
2009-02-23 18:59   13,880   ----a-w   c:\windows\system32\drivers\COMFiltr.sys
2009-02-23 18:59   ---------   d-----w   c:\program files\Chameleon Clock
2009-02-23 18:58   470,692   ----a-w   c:\windows\system32\drivers\APPFCONT.DAT.bck
2009-02-23 18:58   470,692   ----a-w   c:\windows\system32\drivers\APPFCONT.DAT
2009-02-23 18:36   140,216   ----a-w   c:\windows\system32\drivers\PnkBstrK.sys
2009-02-23 18:35   201,352   ----a-w   c:\windows\system32\PnkBstrB.exe
2009-02-22 19:21   ---------   d-----w   c:\program files\foobar2000
2009-02-22 16:38   ---------   d-----w   c:\program files\Mozilla Thunderbird
2009-02-14 12:12   ---------   d-----w   c:\program files\Activision
2009-02-13 17:18   ---------   d--h--w   c:\program files\InstallShield Installation Information
2009-02-13 17:18   ---------   d-----w   c:\program files\EA GAMES
2009-01-19 17:20   ---------   d-----w   c:\program files\abgx360
2009-01-18 18:27   ---------   d-----w   c:\program files\vixy.net
2009-01-17 14:30   399,360   ----a-w   c:\windows\system32\dllcache\rpcss.dll
2009-01-15 17:21   ---------   d-----w   c:\program files\Java
2009-01-13 18:25   ---------   d-----w   c:\documents and settings\All Users\Dane aplikacji\Skype
2009-01-06 18:44   ---------   d-----w   c:\documents and settings\Wuch\Dane aplikacji\skypePM
2009-01-02 20:26   ---------   d---a-w   c:\documents and settings\All Users\Dane aplikacji\TEMP
2009-01-02 12:25   ---------   d-----w   c:\program files\RocketDock
2008-12-20 23:03   826,368   ----a-w   c:\windows\system32\wininet.dll
2008-05-16 16:47   22,328   ----a-w   c:\documents and settings\Wuch\Dane aplikacji\PnkBstrK.sys
2008-04-08 19:39   32   ----a-w   c:\documents and settings\All Users\Dane aplikacji\ezsid.dat
2006-06-23 06:48   32,768   ----a-r   c:\windows\inf\UpdateUSB.exe
2008-05-10 17:08   32,768   --sha-w   c:\windows\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\MSHist012008051020080511\index.dat
.

(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"HomeAlarm"="c:\program files\Chameleon Clock\ChamClock.exe" [2007-12-11 709632]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2008-03-20 2127296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"APVXDWIN"="c:\program files\Panda Security\Panda Internet Security 2008\APVXDWIN.EXE" [2007-07-23 406832]
"SCANINICIO"="c:\program files\Panda Security\Panda Internet Security 2008\Inicio.exe" [2007-07-11 27952]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-05-28 570664]
"RTHDCPL"="RTHDCPL.EXE" [2008-03-26 c:\windows\RTHDCPL.exe]
"nwiz"="nwiz.exe" [2008-05-16 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu Start\Programy\Autostart\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
2007-02-15 19:02 50736 c:\windows\system32\avldr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i263_32.drv
"msacm.divxa32"= msaud32_divx.acm

[HKLM\~\startupfolder\C:^Documents and Settings^Wuch^Menu Start^Programy^Autostart^Avast Updater.exe]
path=c:\documents and settings\Wuch\Menu Start\Programy\Autostart\Avast Updater.exe
backup=c:\windows\pss\Avast Updater.exeStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2006-11-03 19:20 866584 c:\program files\Windows Defender\MSASCui.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\system32\\winver.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"27650:TCP"= 27650:TCP:BitComet 27650 TCP
"27650:UDP"= 27650:UDP:BitComet 27650 UDP
"22228:TCP"= 22228:TCP:BitComet 22228 TCP
"22228:UDP"= 22228:UDP:BitComet 22228 UDP
"4701:TCP"= 4701:TCP:BitComet 4701 TCP
"4701:UDP"= 4701:UDP:BitComet 4701 UDP
"4828:TCP"= 4828:TCP:BitComet 4828 TCP
"4828:UDP"= 4828:UDP:BitComet 4828 UDP
"14705:TCP"= 14705:TCP:BitComet 14705 TCP
"14705:UDP"= 14705:UDP:BitComet 14705 UDP
"5723:TCP"= 5723:TCP:BitComet 5723 TCP
"5723:UDP"= 5723:UDP:BitComet 5723 UDP
"6723:TCP"= 6723:TCP:BitComet 6723 TCP
"6723:UDP"= 6723:UDP:BitComet 6723 UDP
"5895:TCP"= 5895:TCP:BitComet 5895 TCP
"5895:UDP"= 5895:UDP:BitComet 5895 UDP
"5676:TCP"= 5676:TCP:BitComet 5676 TCP
"5676:UDP"= 5676:UDP:BitComet 5676 UDP
"6666:TCP"= 6666:TCP:BitComet 6666 TCP
"6666:UDP"= 6666:UDP:BitComet 6666 UDP
"9634:TCP"= 9634:TCP:BitComet 9634 TCP
"9634:UDP"= 9634:UDP:BitComet 9634 UDP
"4710:TCP"= 4710:TCP:BitComet 4710 TCP
"4710:UDP"= 4710:UDP:BitComet 4710 UDP
"4010:TCP"= 4010:TCP:BitComet 4010 TCP
"4010:UDP"= 4010:UDP:BitComet 4010 UDP

R0 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys [2007-05-25 137728]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-09-21 28544]
R1 APPFLT;App Filter Plugin;c:\windows\system32\drivers\APPFLT.SYS [2008-04-11 71736]
R1 DSAFLT;DSA Filter Plugin;c:\windows\system32\drivers\dsaflt.sys [2008-04-11 51256]
R1 FNETMON;NetMon Filter Plugin;c:\windows\system32\drivers\fnetmon.sys [2008-04-11 22072]
R1 IDSFLT;Ids Filter Plugin;c:\windows\system32\drivers\idsflt.sys [2008-04-11 191672]
R1 NETFLTDI;Panda Net Driver [TDI Layer];c:\windows\system32\drivers\NETFLTDI.SYS [2008-04-11 15:52:52 132920]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2009-01-11 270888]
R1 ShldDrv;Panda File Shield Driver;c:\windows\system32\drivers\ShlDrv51.sys [2008-04-11 38968]
R1 SMSFLT;SMS Filter Plugin;c:\windows\system32\drivers\smsflt.sys [2008-04-11 37304]
R1 WNMFLT;Wifi Monitor Filter Plugin;c:\windows\system32\drivers\wnmflt.sys [2008-04-11 30648]
R2 cpoint;Panda CPoint Driver;c:\windows\system32\drivers\cpoint.sys [2008-04-11 24760]
R2 Marvell RAID;Marvell RAID Event Agent;c:\program files\Marvell\61xx\svc\mvraidsvc.exe [2007-04-20 61440]
R2 MRUWebService;MRU Web Service;c:\program files\Marvell\61xx\Apache2\bin\Apache.exe [2007-01-10 20539]
R2 PavProc;Panda Process Protection Driver;c:\windows\system32\drivers\PavProc.sys [2008-04-11 178872]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [2008-04-08 38656]
R3 AvFlt;Antivirus Filter Driver;c:\windows\system32\drivers\av5flt.sys --> c:\windows\system32\drivers\av5flt.sys [?]
R3 ComFiltr;Panda Anti-Dialer;c:\windows\system32\drivers\COMFiltr.sys [2008-10-30 13880]
R3 NETIMFLT;PANDA NDIS IM Filter Miniport;c:\windows\system32\drivers\netimflt.sys [2008-04-11 142128]
R3 PavSRK.sys;PavSRK.sys;\??\c:\windows\system32\PavSRK.sys --> c:\windows\system32\PavSRK.sys [?]
R3 PavTPK.sys;PavTPK.sys;\??\c:\windows\system32\PavTPK.sys --> c:\windows\system32\PavTPK.sys [?]
S1 aswSP;avast! Self Protection; [x]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\Lavalys\EVEREST Home Edition\kerneld.wnt [2005-08-17 7168]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2008-04-29 13352]

--- Inne Usługi/Sterowniki w Pamięci ---

*NewlyCreated* - COMFILTR

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D40CAA05-2C1A-C433-0146-ED88A74028EC}]
c:\windows\system32\autofmtp.exe
.
Zawartość folderu 'Zaplanowane zadania'

2009-02-23 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]
.
- - - - USUNIĘTO PUSTE WPISY - - - -

BHO-{E708BEEA-2DED-4373-8B55-F204D59B2FC4} - (no file)
Notify-ddcBUKEU - ddcBUKEU.dll


.
------- Skan uzupełniający -------
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
LSP: c:\program files\Panda Security\Panda Internet Security 2008\pavlsp.dll
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {68282C51-9459-467B-95BF-3C0E89627E55} - hxxp://www.mks.com.pl/skaner/SkanerOnline.cab
FF - ProfilePath - c:\documents and settings\Wuch\Dane aplikacji\Mozilla\Firefox\Profiles\wfc28pur.default\
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-23 19:58:49
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

skanowanie ukrytych procesów ... 

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ... 

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Home Edition\kerneld.wnt"
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------

[HKEY_USERS\S-1-5-21-1708537768-1390067357-682003330-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:8a,42,c0,53,40,16,c8,4b,8f,f2,ca,00,2a,65,0d,dd,8b,80,59,b8,69,70,82,
   04,47,bd,4c,98,39,7e,eb,35,9a,3a,c3,c5,bd,15,73,8e,24,cc,10,34,fb,76,c2,26,\
"??"=hex:a1,5e,47,db,25,65,bb,27,8b,92,55,34,10,3f,d9,49

[HKEY_USERS\S-1-5-21-1708537768-1390067357-682003330-1004\Software\SecuROM\License information*]
"datasecu"=hex:30,65,7a,4b,91,86,6e,35,d1,71,08,85,4c,b5,0e,d3,29,a1,0c,13,1a,
   2a,ef,94,a7,08,95,44,07,fd,27,00,27,db,ce,a9,c2,a4,72,5e,93,48,d1,e8,0e,59,\
"rkeysecu"=hex:e8,d9,6b,30,63,78,9f,ab,f3,05,7e,b7,10,29,e3,55
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

- - - - - - - > 'winlogon.exe'(1080)
c:\windows\system32\avldr.dll
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\program files\Panda Security\Panda Internet Security 2008\TPSrv.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Panda Security\Panda Internet Security 2008\PsCtrlS.exe
c:\program files\Panda Security\Panda Internet Security 2008\PAVFNSVR.EXE
c:\program files\Common Files\Panda Software\PavShld\PavPrSrv.exe
c:\program files\Panda Security\Panda Internet Security 2008\PAVSRV51.EXE
c:\windows\system32\IoctlSvc.exe
c:\program files\Panda Security\Panda Internet Security 2008\AVENGINE.EXE
c:\program files\Panda Security\Panda Internet Security 2008\AntiSpam\pskmssvc.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Panda Security\Panda Internet Security 2008\FIREWALL\PSHost.exe
c:\program files\Panda Security\Panda Internet Security 2008\PsImSvc.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Panda Security\Panda Internet Security 2008\SrvLoad.exe
c:\windows\system32\rundll32.exe
c:\program files\Panda Security\Panda Internet Security 2008\avciman.exe
c:\program files\Panda Security\Panda Internet Security 2008\psimreal.exe
c:\program files\Panda Security\Panda Internet Security 2008\PavBckPT.exe
.
**************************************************************************
.
Czas ukończenia: 2009-02-23 20:03:47 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt  2009-02-23 19:03:45

Przed: 114 524 041 216 bajtów wolnych
Po: 114,544,951,296 bajtów wolnych

WindowsXP-KB310994-SP2-Home-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

239   --- E O F ---   2009-02-23 15:39:27


[wojtas]

skasuj:

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {259F616C-A300-44F5-B04A-ED001A26C85C} - (no file)

1. Ściągnij OTMoveIt i go włacz i odpal go z opcji CleanUp oraz skasuj folder C:\Qoobox
2. wykonaj optymalizację windowsa
3.sciagnij ATF_Cleaner
zaznacz
Windows Temp
All users Temp
Temporary internet files
Recycle Bin
i wcisnij EMPTY SELECTED
4.Wyłącz przywracanie systemu ( właściwości mój komputer-zakładka przywracanie - wyłącz przywracanie na wszystkich dyskach). Po chwili włącz je powrotem
5. Wykonaj skan Dr. Web CureIt
6. Przeskanuj obszar mojego komputera http://www.kaspersky.pl/virusscanner.html (uruchom przez IE) Daj raport z niego na forum.

i tym:

FixIEDef.