proszę o sprawdzenie loga

[LOko "noob"]

Od jakiegoś czasu mam straszne gubienie pakietów i zmienne pingi. Admin od internetu mówi że u niego wszystko jest Ok. Dlatego prosze o sprawdzenie loga...

Logfile of HijackThis v1.99.1
Scan saved at 20:42:27, on 2008-01-30
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\RALINK\RT2500 Wireless LAN Card\Installer\WINXP\RaConfig2500.exe
C:\Program Files\USB all-in-one game controller\GM_DevUpdate.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Documents and Settings\Adminow\Pulpit\Madelogery\Madelogery\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.daemonsearch.com/intl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: ConnectionServices module - {6D7B211A-88EA-490c-BAB9-3600D8D7C503} - C:\Program Files\ConnectionServices\ConnectionServices.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WhenUSearchWHSE] "C:\Program Files\DAEMON Tools SearchBar\whse.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - Startup: GM_DevUpdate.lnk = C:\Program Files\USB all-in-one game controller\GM_DevUpdate.exe
O4 - Global Startup: RaConfig2500.lnk = C:\Program Files\RALINK\RT2500 Wireless LAN Card\Installer\WINXP\RaConfig2500.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Pobierz z &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{57314174-4269-4D13-9F08-43E3E5CC6F75}: NameServer = 192.168.1.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe

"Silent Runners.vbs", revision R50, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"avast!" = "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" ["ALWIL Software"]
"WhenUSearchWHSE" = ""C:\Program Files\DAEMON Tools SearchBar\whse.exe"" [file not found]
"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "AcroIEHlprObj Class"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}\(Default) = "flashget urlcatch"
-> {HKLM...CLSID} = "FGCatchUrl"
\InProcServer32\(Default) = "C:\Program Files\FlashGet\jccatch.dll" ["www.flashget.com"]
{6D7B211A-88EA-490c-BAB9-3600D8D7C503}\(Default) = "ConnectionServices module"
-> {HKLM...CLSID} = "ConnectionServices Class"
\InProcServer32\(Default) = "C:\Program Files\ConnectionServices\ConnectionServices.dll" [null data]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll" ["Sun Microsystems, Inc."]
{F156768E-81EF-470C-9057-481BA8380DBA}\(Default) = (no title provided)
-> {HKLM...CLSID} = "FlashGet GetFlash Class"
\InProcServer32\(Default) = "C:\Program Files\FlashGet\getflash.dll" ["www.flashget.com"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
-> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {HKLM...CLSID} = "DesktopContext Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {HKLM...CLSID} = "Desktop Explorer"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
-> {HKLM...CLSID} = "nView Desktop Context Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{F49C55B9-D417-45A1-A6E7-D6E057946280}" = "FdmUplShlExt"
-> {HKLM...CLSID} = "FdmUplShlExt Class"
\InProcServer32\(Default) = "C:\Program Files\Free Download Manager\FUM\fumshext.dll" [file not found]
"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
-> {HKLM...CLSID} = "Microsoft Office Outlook"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Rozszerzenie ikon plików programu Outlook"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]
"{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {HKLM...CLSID} = "RealOne Player Context Menu Class"
\InProcServer32\(Default) = "C:\Program Files\Real Alternative\rpshell.dll" ["RealNetworks, Inc."]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {HKLM...CLSID} = "NVIDIA CPL Extension"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\PROTOCOLS\Filter\
<<!>> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
MyPhoneExplorer\(Default) = "{6863F1C7-E13A-481E-BF9C-5C8F01AF74E5}"
-> {HKLM...CLSID} = "MyPhoneExplorer_ShellEx.ShellExt"
\InProcServer32\(Default) = "C:\Program Files\MyPhoneExplorer\DLL\ShellMgr.dll" ["F.J. Wechselberger"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\
FdmUplShlExt\(Default) = "{F49C55B9-D417-45A1-A6E7-D6E057946280}"
-> {HKLM...CLSID} = "FdmUplShlExt Class"
\InProcServer32\(Default) = "C:\Program Files\Free Download Manager\FUM\fumshext.dll" [file not found]


Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Adminow\Dane aplikacji\Mozilla\Firefox\Tapeta pulpitu.bmp"


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\system32\logon.scr" [MS]


Startup items in "Adminow" & "All Users" startup folders:
---------------------------------------------------------

C:\Documents and Settings\Adminow\Menu Start\Programy\Autostart
"GM_DevUpdate" -> shortcut to: "C:\Program Files\USB all-in-one game controller\GM_DevUpdate.exe" [null data]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart
"RaConfig2500" -> shortcut to: "C:\Program Files\RALINK\RT2500 Wireless LAN Card\Installer\WINXP\RaConfig2500.exe -s" ["Ralink Technology, Corp."]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 14
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


Toolbars, Explorer Bars, Extensions:
------------------------------------

Explorer Bars

HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\

HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Badanie"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL" [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}"
-> {HKCU...CLSID} = "Java Plug-in 1.6.0_03"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll" ["Sun Microsystems, Inc."]
-> {HKLM...CLSID} = "Java Plug-in 1.6.0_03"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll" ["Sun Microsystems, Inc."]

{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
"ButtonText" = "Badanie"

{D6E814A0-E0C5-11D4-8D29-0050BA6940E3}\
"ButtonText" = "FlashGet"
"MenuText" = "FlashGet"
"Exec" = "C:\Program Files\FlashGet\FlashGet.exe" ["FlashGet.com"]

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]


Miscellaneous IE Hijack Points
------------------------------

HKLM\Software\Microsoft\Internet Explorer\AboutURLs\
<<H>> "Tabs" = "res://ieframe.dll/tabswelcome.htm" [file not found]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

avast! Antivirus, avast! Antivirus, ""C:\Program Files\Alwil Software\Avast4\ashServ.exe"" ["ALWIL Software"]
avast! iAVS4 Control Service, aswUpdSv, ""C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"" ["ALWIL Software"]
avast! Mail Scanner, avast! Mail Scanner, ""C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service" ["ALWIL Software"]
avast! Web Scanner, avast! Web Scanner, ""C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service" ["ALWIL Software"]
Machine Debug Manager, MDM, ""C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"" [MS]
NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]
Pml Driver HPZ12, Pml Driver HPZ12, "C:\WINDOWS\system32\HPZipm12.exe" ["HP"]
PnkBstrA, PnkBstrA, "C:\WINDOWS\system32\PnkBstrA.exe" [null data]
SecuROM User Access Service (V7), UserAccess7, "C:\WINDOWS\system32\UAService7.exe" ["Sony DADC Austria AG."]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]


Print Monitors:
---------------

HKLM\System\CurrentControlSet\Control\Print\Monitors\
HP Standard TCP/IP Port\Driver = "HpTcpMon.dll" ["Hewlett Packard"]
hpzlnt12\Driver = "hpzlnt12.dll" ["HP"]
Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]


----------
<<!>>: Suspicious data at a malware launch point.
<<H>>: Suspicious data at a browser hijack point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 36 seconds.
---------- (total run time: 93 seconds)

[Dzi@dek]

Usuń te wpisy w Hijackthis:

O2 - BHO: ConnectionServices module - {6D7B211A-88EA-490c-BAB9-3600D8D7C503} - C:\Program Files\ConnectionServices\ConnectionServices.dll
O4 - HKLM\..\Run: [WhenUSearchWHSE] "C:\Program Files\DAEMON Tools SearchBar\whse.exe"
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe

Otwórz notatnik i wklej

File::
C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe

Folder::
C:\Program Files\DAEMON Tools SearchBar
C:\Program Files\ConnectionServices

Driver::
"Boonty Games - BOONTY"

Plik Zapisz jako... CFScript - najlepiej jeśli zapiszesz w
takiej lokalizacji, by ikona CFScript.txt znalazła się obok ikony ComboFix.exe
Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe
Potwierdz zresetuje sie komputer.

Jeśli pojawi się pytanie "1 or 2" - to wpisz 1 i naciśnij ENTER. Rozpocznie się proces usuwania.

Daj nowe logi z Combofix oraz Hijackthis.

Autor postu otrzymał pochwałę

[LOko "noob"]

Logfile of HijackThis v1.99.1
Scan saved at 00:30:17, on 2008-01-31
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\RALINK\RT2500 Wireless LAN Card\Installer\WINXP\RaConfig2500.exe
C:\Program Files\USB all-in-one game controller\GM_DevUpdate.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Adminow\Pulpit\Madelogery\Madelogery\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.daemonsearch.com/intl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - Startup: GM_DevUpdate.lnk = C:\Program Files\USB all-in-one game controller\GM_DevUpdate.exe
O4 - Global Startup: RaConfig2500.lnk = C:\Program Files\RALINK\RT2500 Wireless LAN Card\Installer\WINXP\RaConfig2500.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Pobierz z &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{57314174-4269-4D13-9F08-43E3E5CC6F75}: NameServer = 192.168.1.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe

ComboFix 08-01-31.1 - Adminow 2008-01-31 0:21:40.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.733 [GMT 1:00]
Running from: C:\Documents and Settings\Adminow\Pulpit\ComboFix.exe
Command switches used :: C:\Documents and Settings\Adminow\Pulpit\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE
C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
C:\Program Files\ConnectionServices
C:\Program Files\ConnectionServices\Uninstall.exe
C:\WINDOWS\hosts

.
((((((((((((((((((((((((( Files Created from 2007-12-28 to 2008-01-31 )))))))))))))))))))))))))))))))
.

2008-01-27 12:20 . 2008-01-27 12:20 <DIR> d-------- C:\Program Files\MIKSOFT
2008-01-25 20:22 . 2008-01-25 20:22 <DIR> d-------- C:\Documents and Settings\Adminow\Battleground Europe
2008-01-23 19:58 . 2008-01-23 19:58 217,088 --a------ C:\WINDOWS\system32\UAService7.exe
2008-01-20 17:36 . 2001-05-11 13:18 420,240 --a------ C:\WINDOWS\system32\mpg4c32.dll
2008-01-20 17:36 . 2001-05-16 17:54 309,616 --a------ C:\WINDOWS\system32\wmv8dmod.dll
2008-01-20 17:36 . 2001-03-26 04:41 245,760 --a------ C:\WINDOWS\system32\mp4sds32.ax
2008-01-18 11:25 . 2003-02-18 05:51 545 --a------ C:\WINDOWS\UC.PIF
2008-01-18 11:25 . 2003-02-18 05:51 545 --a------ C:\WINDOWS\RAR.PIF
2008-01-18 11:25 . 2003-02-18 05:51 545 --a------ C:\WINDOWS\PKZIP.PIF
2008-01-18 11:25 . 2003-02-18 05:51 545 --a------ C:\WINDOWS\PKUNZIP.PIF
2008-01-18 11:25 . 2003-02-18 05:51 545 --a------ C:\WINDOWS\NOCLOSE.PIF
2008-01-18 11:25 . 2003-02-18 05:51 545 --a------ C:\WINDOWS\LHA.PIF
2008-01-18 11:25 . 2003-02-18 05:51 545 --a------ C:\WINDOWS\ARJ.PIF
2008-01-18 11:25 . 2008-01-18 11:28 331 --a------ C:\WINDOWS\wincmd.ini
2008-01-16 19:34 . 2008-01-16 19:34 <DIR> d-------- C:\Program Files\Common Files\BOONTY Shared
2008-01-16 19:34 . 2008-01-16 19:34 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\BOONTY
2008-01-10 19:30 . 2008-01-10 19:46 <DIR> d-------- C:\Program Files\RegCleaner
2008-01-10 16:40 . 2008-01-20 16:44 <DIR> d-------- C:\Program Files\eMule
2008-01-09 20:46 . 2008-01-09 20:46 <DIR> d-------- C:\Program Files\TP
2008-01-08 14:31 . 2008-01-08 14:31 <DIR> d--hs---- C:\WINDOWS\ftpcache
2008-01-08 14:29 . 2008-01-08 14:30 <DIR> d-------- C:\Program Files\Success Pre-Intermediate
2008-01-07 17:41 . 2005-02-28 20:10 205,824 --a------ C:\WINDOWS\patchw32.dll
2008-01-07 17:19 . 2005-02-28 20:10 205,824 --a------ C:\WINDOWS\pw32a.dll
2007-12-30 19:26 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2007-12-30 19:25 . 2007-12-30 19:26 <DIR> d-------- C:\Program Files\Java
2007-12-30 19:21 . 2007-12-30 19:21 <DIR> d-------- C:\Program Files\Common Files\Java
2007-12-29 15:05 . 2007-12-29 15:05 <DIR> d-------- C:\Program Files\Steam
2007-12-28 19:20 . 2007-12-28 19:20 <DIR> d-------- C:\Documents and Settings\Adminow\Dane aplikacji\InstallShield
2007-12-27 16:10 . 2007-12-28 09:51 <DIR> d-------- C:\Program Files\Winamp Remote
2007-12-27 16:10 . 2007-12-28 09:51 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\OrbNetworks
2007-12-27 16:02 . 2007-12-27 17:04 <DIR> d-------- C:\Documents and Settings\Adminow\Dane aplikacji\Winamp
2007-12-26 13:09 . 2008-01-05 16:03 23 --a------ C:\WINDOWS\BlendSettings.ini
2007-12-26 12:40 . 2008-01-27 12:04 <DIR> d-------- C:\The Elder Scrolls IV Oblivion
2007-12-22 00:16 . 2007-12-22 00:16 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-21 18:30 . 2008-01-13 13:36 <DIR> d-------- C:\Program Files\MoorHunt
2007-12-21 18:14 . 2004-08-03 23:44 2,804,224 --a------ C:\WINDOWS\system32\msi.dll
2007-12-21 18:14 . 2004-08-03 23:44 2,804,224 --a------ C:\WINDOWS\system32\dllcache\msi.dll
2007-12-21 18:14 . 2004-08-03 23:43 884,736 --a------ C:\WINDOWS\system32\msimsg.dll
2007-12-21 18:14 . 2004-08-03 23:43 884,736 --a------ C:\WINDOWS\system32\dllcache\msimsg.dll
2007-12-21 18:14 . 2004-08-03 23:44 331,264 --a------ C:\WINDOWS\system32\msihnd.dll
2007-12-21 18:14 . 2004-08-03 23:44 331,264 --a------ C:\WINDOWS\system32\dllcache\msihnd.dll
2007-12-21 18:14 . 2004-08-03 23:44 77,312 --a------ C:\WINDOWS\system32\msiexec.exe
2007-12-21 18:14 . 2004-08-03 23:44 77,312 --a------ C:\WINDOWS\system32\dllcache\msiexec.exe
2007-12-21 18:14 . 2004-08-03 23:44 44,032 --a------ C:\WINDOWS\system32\msisip.dll
2007-12-21 18:14 . 2004-08-03 23:44 44,032 --a------ C:\WINDOWS\system32\dllcache\msisip.dll
2007-12-19 09:51 . 2007-12-19 09:51 <DIR> d-------- C:\Documents and Settings\Adminow\Dane aplikacji\gslist
2007-12-19 03:34 . 2007-12-19 03:34 2,560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2007-12-19 03:32 . 2007-12-19 03:34 956 --a------ C:\WINDOWS\ARCHPR.INI
2007-12-19 03:31 . 2007-12-19 03:34 <DIR> d-------- C:\Program Files\ARCHPR
2007-12-18 09:43 . 2007-12-18 09:45 <DIR> d-------- C:\Program Files\BitComet
2007-12-16 21:15 . 2007-12-16 21:15 <DIR> d-------- C:\Program Files\D-Tools
2007-12-16 21:15 . 2004-08-22 16:31 155,136 --a------ C:\WINDOWS\system32\drivers\d347bus.sys
2007-12-16 21:15 . 2004-08-22 16:31 5,248 --a------ C:\WINDOWS\system32\drivers\d347prt.sys
2007-12-12 18:58 . 2007-12-12 19:15 <DIR> d-------- C:\Program Files\EAGLE-4.16r2
2007-12-07 23:10 . 1996-11-06 12:05 302,592 --a------ C:\WINDOWS\unin0407.exe
2007-12-07 16:54 . 2007-12-07 16:54 635 --a------ C:\WINDOWS\Rtcw.INI
2007-12-06 11:36 . 2008-01-24 16:17 <DIR> d-------- C:\Program Files\GameSpy Arcade
2007-12-05 21:03 . 2007-12-05 21:03 3,770 --a------ C:\WINDOWS\Outlook.VUE
2007-12-04 17:29 . 2007-12-04 17:29 31 --a------ C:\WINDOWS\Config.ini
2007-12-01 14:31 . 2007-12-01 14:31 <DIR> d-------- C:\NVIDIA

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-29 19:54 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-01-29 19:54 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-01-29 19:53 --------- d-----w C:\Documents and Settings\Adminow\Dane aplikacji\teamspeak2
2008-01-27 11:53 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-25 19:14 --------- d-----w C:\Program Files\FlashGet
2008-01-23 18:58 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-01-22 09:55 --------- d-----w C:\Documents and Settings\Adminow\Dane aplikacji\Skype
2008-01-15 07:35 --------- d-----w C:\Program Files\Gadu-Gadu
2008-01-08 15:05 --------- d-----w C:\Documents and Settings\Adminow\Dane aplikacji\Image Zone Express
2008-01-03 20:05 --------- d-----w C:\Documents and Settings\Adminow\Dane aplikacji\MyPhoneExplorer
2007-12-27 15:11 --------- d-----w C:\Program Files\Winamp
2007-12-26 16:29 --------- d-----w C:\Program Files\Sony Ericsson
2007-12-20 11:52 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2007-12-06 18:34 --------- d-----w C:\Program Files\Audacity
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
2007-10-30 19:02 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2007-10-04 17:16 356,352 ----a-w C:\WINDOWS\system32\NVUNINST.EXE
2007-10-04 17:16 356,352 ----a-w C:\WINDOWS\system32\nvudisp.exe
2007-10-04 16:14 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll
2007-10-04 16:14 81,920 ----a-w C:\WINDOWS\system32\nvmctray.dll
2007-10-04 16:14 8,491,008 ----a-w C:\WINDOWS\system32\nvcpl.dll
2007-10-04 16:14 753,664 ----a-w C:\WINDOWS\system32\nvcplui.exe
2007-10-04 16:14 6,750,208 ----a-w C:\WINDOWS\system32\nvoglnt.dll
2007-10-04 16:14 6,344,704 ----a-w C:\WINDOWS\system32\nvdisps.dll
2007-10-04 16:14 5,783,424 ----a-w C:\WINDOWS\system32\nv4_disp.dll
2007-10-04 16:14 5,509,120 ----a-w C:\WINDOWS\system32\nvdispsr.dll
2007-10-04 16:14 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll
2007-10-04 16:14 458,752 ----a-w C:\WINDOWS\system32\nvmccssr.dll
2007-10-04 16:14 45,056 ----a-w C:\WINDOWS\system32\nvmccsrs.dll
2007-10-04 16:14 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe
2007-10-04 16:14 425,984 ----a-w C:\WINDOWS\system32\keystone.exe
2007-10-04 16:14 364,544 ----a-w C:\WINDOWS\system32\nvapi.dll
2007-10-04 16:14 36,864 ----a-w C:\WINDOWS\system32\nvcodins.dll
2007-10-04 16:14 36,864 ----a-w C:\WINDOWS\system32\nvcod.dll
2007-10-04 16:14 335,872 ----a-w C:\WINDOWS\system32\nvwrses.dll
2007-10-04 16:14 335,872 ----a-w C:\WINDOWS\system32\nvwrsel.dll
2007-10-04 16:14 327,680 ----a-w C:\WINDOWS\system32\nvwrsfr.dll
2007-10-04 16:14 327,680 ----a-w C:\WINDOWS\system32\nvwrsesm.dll
2007-10-04 16:14 327,680 ----a-w C:\WINDOWS\system32\nvrshe.dll
2007-10-04 16:14 327,680 ----a-w C:\WINDOWS\system32\nvrsar.dll
2007-10-04 16:14 323,584 ----a-w C:\WINDOWS\system32\nvwrspt.dll
2007-10-04 16:14 323,584 ----a-w C:\WINDOWS\system32\nvwrsit.dll
2007-10-04 16:14 319,488 ----a-w C:\WINDOWS\system32\nvwrsptb.dll
2007-10-04 16:14 319,488 ----a-w C:\WINDOWS\system32\nvwrsnl.dll
2007-10-04 16:14 315,392 ----a-w C:\WINDOWS\system32\nvwrsru.dll
2007-10-04 16:14 315,392 ----a-w C:\WINDOWS\system32\nvwrshu.dll
2007-10-04 16:14 311,296 ----a-w C:\WINDOWS\system32\nvwrsde.dll
2007-10-04 16:14 307,200 ----a-w C:\WINDOWS\system32\nvexpbar.dll
2007-10-04 16:14 303,104 ----a-w C:\WINDOWS\system32\nvwrstr.dll
2007-10-04 16:14 303,104 ----a-w C:\WINDOWS\system32\nvwrssl.dll
2007-10-04 16:14 303,104 ----a-w C:\WINDOWS\system32\nvwrsfi.dll
2007-10-04 16:14 3,629,056 ----a-w C:\WINDOWS\system32\nvvitvsr.dll
2007-10-04 16:14 3,551,232 ----a-w C:\WINDOWS\system32\nvvitvs.dll
2007-10-04 16:14 3,334,144 ----a-w C:\WINDOWS\system32\nvgames.dll
2007-10-04 16:14 3,166,208 ----a-w C:\WINDOWS\system32\nvgamesr.dll
2007-10-04 16:14 299,008 ----a-w C:\WINDOWS\system32\nvwrssk.dll
2007-10-04 16:14 299,008 ----a-w C:\WINDOWS\system32\nvwrsno.dll
2007-10-04 16:14 294,912 ----a-w C:\WINDOWS\system32\nvwrssv.dll
2007-10-04 16:14 294,912 ----a-w C:\WINDOWS\system32\nvwrspl.dll
2007-10-04 16:14 294,912 ----a-w C:\WINDOWS\system32\nvwrsda.dll
2007-10-04 16:14 290,816 ----a-w C:\WINDOWS\system32\nvwrsth.dll
2007-10-04 16:14 286,720 ----a-w C:\WINDOWS\system32\nvwrseng.dll
2007-10-04 16:14 286,720 ----a-w C:\WINDOWS\system32\nvwrscs.dll
2007-10-04 16:14 286,720 ----a-w C:\WINDOWS\system32\nvnt4cpl.dll
2007-10-04 16:14 282,624 ----a-w C:\WINDOWS\system32\nvwrsar.dll
2007-10-04 16:14 282,624 ----a-w C:\WINDOWS\system32\nvrsfr.dll
2007-10-04 16:14 282,624 ----a-w C:\WINDOWS\system32\nvrses.dll
2007-10-04 16:14 282,624 ----a-w C:\WINDOWS\system32\nvrsel.dll
2007-10-04 16:14 278,528 ----a-w C:\WINDOWS\system32\nvwrshe.dll
2007-10-04 16:14 278,528 ----a-w C:\WINDOWS\system32\nvrsit.dll
2007-10-04 16:14 278,528 ----a-w C:\WINDOWS\system32\nvrsde.dll
2007-10-04 16:14 274,432 ----a-w C:\WINDOWS\system32\nvrspt.dll
2007-10-04 16:14 274,432 ----a-w C:\WINDOWS\system32\nvrsnl.dll
2007-10-04 16:14 274,432 ----a-w C:\WINDOWS\system32\nvrsesm.dll
2007-10-04 16:14 270,336 ----a-w C:\WINDOWS\system32\nvrsru.dll
2007-10-04 16:14 266,240 ----a-w C:\WINDOWS\system32\nvrsptb.dll
2007-10-04 16:14 266,240 ----a-w C:\WINDOWS\system32\nvrsja.dll
2007-10-04 16:14 258,048 ----a-w C:\WINDOWS\system32\nvrstr.dll
2007-10-04 16:14 258,048 ----a-w C:\WINDOWS\system32\nvrssl.dll
2007-10-04 16:14 258,048 ----a-w C:\WINDOWS\system32\nvrssk.dll
2007-10-04 16:14 258,048 ----a-w C:\WINDOWS\system32\nvrsko.dll
2007-10-04 16:14 258,048 ----a-w C:\WINDOWS\system32\nvrshu.dll
2007-10-04 16:14 253,952 ----a-w C:\WINDOWS\system32\nvrsth.dll
2007-10-04 16:14 253,952 ----a-w C:\WINDOWS\system32\nvrssv.dll
2007-10-04 16:14 253,952 ----a-w C:\WINDOWS\system32\nvrspl.dll
2007-10-04 16:14 253,952 ----a-w C:\WINDOWS\system32\nvrsno.dll
2007-10-04 16:14 253,952 ----a-w C:\WINDOWS\system32\nvrsda.dll
2007-10-04 16:14 249,856 ----a-w C:\WINDOWS\system32\nvrsfi.dll
2007-10-04 16:14 249,856 ----a-w C:\WINDOWS\system32\nvrscs.dll
2007-10-04 16:14 245,760 ----a-w C:\WINDOWS\system32\nvrseng.dll
2007-10-04 16:14 229,376 ----a-w C:\WINDOWS\system32\nvmccs.dll
2007-10-04 16:14 225,280 ----a-w C:\WINDOWS\system32\nvrszhc.dll
2007-10-04 16:14 212,992 ----a-w C:\WINDOWS\system32\nvwrsja.dll
2007-10-04 16:14 2,854,912 ----a-w C:\WINDOWS\system32\nvmoblsr.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-04 17:14 8491008]
"nwiz"="nwiz.exe" [2007-10-04 17:14 1626112 C:\WINDOWS\system32\nwiz.exe]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-10-04 17:14 81920]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:44 15360]

C:\Documents and Settings\Adminow\Menu Start\Programy\Autostart\
GM_DevUpdate.lnk - C:\Program Files\USB all-in-one game controller\GM_DevUpdate.exe [2007-11-15 16:31:49 45056]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
RaConfig2500.lnk - C:\Program Files\RALINK\RT2500 Wireless LAN Card\Installer\WINXP\RaConfig2500.exe [2007-08-22 15:27:59 532480]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AudioDeck]
--a------ 2004-08-11 10:32 7956992 C:\Program Files\VIAudioi\SBADeck\ADeck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
C:\Program Files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-05-11 22:12 49152 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe

R0 VirtualK;VirtaulK;C:\WINDOWS\system32\drivers\VirtualK.sys [2003-11-27 19:48]
R1 XPROTECTOR;XPROTECTOR;C:\WINDOWS\system32\drivers\Oreans.sys [2007-10-27 09:57]
R3 GMFilter;GMFilter HID Filter Driver;C:\WINDOWS\system32\DRIVERS\GMFilter.sys [2005-08-23 11:54]
R3 skbusenum;SKBus Enumerator;C:\WINDOWS\system32\DRIVERS\skbusenum.sys [2004-12-16 12:20]
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\NSNDIS5.SYS []
S3 SF-620;Kingsun SF-620 USB Infrared Adapter;C:\WINDOWS\system32\DRIVERS\SF-620.sys [2004-08-12 03:18]
S4 Boonty Games;Boonty Games;"C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe" []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6aa3931c-95c8-11dc-b404-00508d51fc08}]
\Shell\AutoRun\command - H:\Autorun.exe

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-31 00:23:00
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-31 0:23:32
ComboFix-quarantined-files.txt 2008-01-30 23:23:18

[Dzi@dek]

c:\WINDOWS\system32\drivers\etc\hosts

- pokaż zawartość tego pliku.l

[LOko "noob"]

[wojtas]

otworz plik hosts za pomoca notatnika i pokaz zawartosc

[LOko "noob"]

wojtas dzięki za podpowiedź

# Copyright (c) 1993-1999 Microsoft Corp.
#
# To jest przykładowy plik HOSTS używany przez Microsoft TCP/IP
# w systemie Windows.
# Ten plik zawiera mapowania adresów IP na nazwy komputerów
# Każdy wpis powinien być w osobnej linii.
# W pierwszej kolumnie powinny być umieszczone adresy IP, a następnie
# odpowiadające im nazwy komputerów. Adres i nazwa powinny być oddzielone
# co najmniej jedną spacją
#
# Dodatkowo, komentarze (takie jak te) można wstawiać w poszczególnych
# liniach lub po nazwie komputera, oznaczając je symbolem '#'.
#
# Na przykład:
#
# 102.54.94.97 rhino.acme.com # serwer źródłowy
# 38.25.63.10 x.acme.com # komputer kliencki x

127.0.0.1 localhost

[wojtas]

czysto juz

Autor postu otrzymał pochwałę

[LOko "noob"]

dziękuję Dzi@dek i wojtas

Można zamknąć