Proszę o sprawdzenie ( nie włączają się programy + muli )

[TiTi]

Kod: Zaznacz wszystko

ComboFix 09-02-06.02 - pleXz 2009-02-07 14:25:41.1 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1250.1.1045.18.2047.1643 [GMT 1:00]
Uruchomiony z: c:\documents and settings\pleXz\Pulpit\ComboFix.exe
FW: ActiveArmor Firewall *disabled*
* Utworzono nowy punkt przywracania

UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!
.

(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\svchost.exe

.
(((((((((((((((((((((((((   Pliki utworzone od 2009-01-07 do 2009-02-07  )))))))))))))))))))))))))))))))
.

2009-02-07 14:22 . 2009-02-07 14:22   <DIR>   d--------   c:\program files\Nowe Gadu-Gadu
2009-02-06 19:55 . 2009-02-06 20:17   <DIR>   d--------   c:\program files\World of Warcraft
2009-02-06 19:12 . 2009-02-07 13:57   <DIR>   d--------   c:\program files\Common Files\Blizzard Entertainment
2009-02-05 23:00 . 2009-02-05 22:34   35,489   --a------   C:\login_bg.png
2009-02-05 22:53 . 2009-02-05 22:53   393,568   --a------   C:\enternow.png
2009-02-05 22:52 . 2009-02-05 22:34   201,231   --a------   C:\header_bg.png
2009-02-05 22:51 . 2009-02-06 16:59   39,748   --a------   C:\logo.png
2009-02-05 21:55 . 2009-02-05 22:01   2,935   --a------   C:\sc_randompic.php
2009-02-04 22:26 . 2009-02-04 22:26   <DIR>   d-a------   C:\Blue Storm
2009-02-04 22:26 . 2009-02-06 22:33   15,679   --a------   C:\index.php
2009-02-04 22:08 . 2009-02-04 22:32   929,935   --a------   C:\gd_template38.zip
2009-02-04 21:32 . 2009-02-05 22:52   <DIR>   d--------   C:\WWW
2009-02-03 22:18 . 2009-02-03 22:18   <DIR>   d--------   c:\windows\system32\pl-PL
2009-02-03 22:18 . 2006-06-29 13:07   14,048   ---------   c:\windows\system32\spmsg2.dll
2009-02-03 22:17 . 2009-02-03 22:17   <DIR>   d--------   c:\windows\system32\XPSViewer
2009-02-03 22:17 . 2009-02-03 22:17   <DIR>   d--------   c:\program files\Reference Assemblies
2009-02-03 22:17 . 2009-02-03 22:17   <DIR>   d--------   c:\program files\MSBuild
2009-02-03 22:16 . 2009-02-03 22:17   <DIR>   d--------   C:\654bff16337153e38987dab9f69e
2009-02-03 22:16 . 2008-07-06 13:06   1,676,288   ---------   c:\windows\system32\xpssvcs.dll
2009-02-03 22:16 . 2008-07-06 13:06   1,676,288   -----c---   c:\windows\system32\dllcache\xpssvcs.dll
2009-02-03 22:16 . 2008-07-06 11:50   597,504   -----c---   c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-02-03 22:16 . 2008-07-06 13:06   575,488   ---------   c:\windows\system32\xpsshhdr.dll
2009-02-03 22:16 . 2008-07-06 13:06   575,488   -----c---   c:\windows\system32\dllcache\xpsshhdr.dll
2009-02-03 22:16 . 2008-07-06 13:06   117,760   ---------   c:\windows\system32\prntvpt.dll
2009-02-03 22:16 . 2008-07-06 13:06   89,088   -----c---   c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-02-03 22:15 . 2009-02-03 22:15   <DIR>   d--------   c:\program files\MSXML 6.0
2009-02-03 21:29 . 2009-02-03 21:30   <DIR>   d--------   c:\documents and settings\pleXz\Dane aplikacji\Sports Interactive
2009-02-03 21:27 . 2009-02-03 21:32   <DIR>   d-a------   c:\documents and settings\All Users\Dane aplikacji\Sports Interactive
2009-02-03 21:24 . 2009-02-03 21:24   6,595   --a------   c:\windows\FontData.fdb
2009-02-03 21:19 . 2009-02-03 21:19   <DIR>   d--h-----   c:\program files\Zero G Registry
2009-02-03 21:19 . 2009-02-03 21:19   <DIR>   d--------   c:\program files\Sports Interactive
2009-02-03 21:19 . 2009-02-03 21:19   <DIR>   d--h-----   c:\documents and settings\pleXz\InstallAnywhere
2009-02-03 21:18 . 2009-02-03 21:18   <DIR>   d--------   c:\program files\DAEMON Tools Lite
2009-02-03 20:56 . 2009-02-03 20:57   <DIR>   d--------   C:\CFG na Serw
2009-02-03 20:37 . 2009-02-03 20:37   <DIR>   d--------   c:\documents and settings\pleXz\Dane aplikacji\DAEMON Tools
2009-02-03 20:37 . 2009-02-03 20:37   717,296   --a------   c:\windows\system32\drivers\sptd.sys
2009-02-03 20:08 . 2009-02-06 22:33   67   --a------   c:\windows\wcx_ftp.ini
2009-02-02 23:42 . 2009-02-02 23:42   <DIR>   d--------   c:\documents and settings\pleXz\.gstreamer-0.10
2009-02-02 19:04 . 2009-02-02 19:04   <DIR>   d--------   c:\program files\Teamspeak2_RC2
2009-02-02 19:04 . 2009-02-02 19:04   <DIR>   d--------   c:\documents and settings\pleXz\Dane aplikacji\teamspeak2
2009-02-02 19:04 . 2009-02-02 19:04   34,064   --a------   c:\windows\system32\lhacm.acm
2009-02-02 18:50 . 2009-02-02 18:50   <DIR>   d--------   c:\documents and settings\NetworkService\Dane aplikacji\Xfire
2009-02-02 18:49 . 2009-02-06 22:21   <DIR>   d--------   c:\program files\Xfire
2009-02-02 18:49 . 2009-02-07 00:03   <DIR>   d--------   c:\documents and settings\pleXz\Dane aplikacji\Xfire
2009-02-02 17:55 . 2009-02-02 17:55   <DIR>   d--------   c:\windows\system32\LogFiles
2009-02-02 17:55 . 2009-02-04 12:30   202,040   --a------   c:\windows\system32\PnkBstrB.exe
2009-02-02 17:55 . 2009-02-04 12:30   137,688   --a------   c:\windows\system32\drivers\PnkBstrK.sys
2009-02-02 17:55 . 2009-02-02 17:59   66,872   --a------   c:\windows\system32\PnkBstrA.exe
2009-02-02 17:55 . 2009-02-02 17:55   22,328   --a------   c:\documents and settings\pleXz\Dane aplikacji\PnkBstrK.sys
2009-02-02 17:55 . 2009-02-02 17:55   319   --a------   c:\windows\game.ini
2009-02-02 17:42 . 2009-02-02 17:42   <DIR>   d--------   c:\program files\Activision
2009-02-02 17:32 . 2009-02-02 17:32   <DIR>   d--hs----   c:\windows\ftpcache
2009-02-02 12:45 . 2004-08-03 23:08   26,496   --a--c---   c:\windows\system32\dllcache\usbstor.sys
2009-01-31 21:01 . 2009-02-05 20:35   <DIR>   d--------   c:\program files\mIRC
2009-01-31 21:01 . 2009-02-05 20:36   <DIR>   d--------   c:\documents and settings\pleXz\Dane aplikacji\mIRC
2009-01-31 20:16 . 2009-02-03 20:07   <DIR>   d--------   C:\totalcmd
2009-01-31 20:16 . 2009-02-06 22:34   1,806   --a------   c:\windows\wincmd.ini
2009-01-31 20:16 . 2008-08-08 07:04   545   --a------   c:\windows\UC.PIF
2009-01-31 20:16 . 2008-08-08 07:04   545   --a------   c:\windows\RAR.PIF
2009-01-31 20:16 . 2008-08-08 07:04   545   --a------   c:\windows\PKZIP.PIF
2009-01-31 20:16 . 2008-08-08 07:04   545   --a------   c:\windows\PKUNZIP.PIF
2009-01-31 20:16 . 2008-08-08 07:04   545   --a------   c:\windows\NOCLOSE.PIF
2009-01-31 20:16 . 2008-08-08 07:04   545   --a------   c:\windows\LHA.PIF
2009-01-31 20:16 . 2008-08-08 07:04   545   --a------   c:\windows\ARJ.PIF
2009-01-31 14:53 . 2009-01-31 14:53   <DIR>   d--------   c:\program files\Common Files\Adobe Systems Shared
2009-01-31 14:52 . 2009-01-31 14:53   <DIR>   d--------   c:\program files\Common Files\Adobe
2009-01-30 20:39 . 2009-01-30 20:39   <DIR>   d--------   c:\documents and settings\pleXz\Dane aplikacji\Corel
2009-01-30 20:25 . 2009-01-30 20:39   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\Corel
2009-01-30 20:23 . 2009-01-30 20:23   <DIR>   d--------   c:\program files\Common Files\Corel
2009-01-30 20:21 . 2009-01-30 20:21   <DIR>   d--------   c:\program files\Corel
2009-01-30 13:40 . 2009-01-30 13:40   <DIR>   d--------   c:\documents and settings\pleXz\Dane aplikacji\Ubisoft
2009-01-30 13:27 . 2009-01-30 13:27   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\Ubisoft
2009-01-30 13:15 . 2009-01-30 13:15   <DIR>   d--------   c:\program files\Ubisoft
2009-01-30 12:05 . 2009-01-30 12:05   <DIR>   d--------   c:\program files\Ventrilo
2009-01-30 12:05 . 2009-01-30 12:09   <DIR>   d--------   c:\documents and settings\pleXz\Dane aplikacji\Ventrilo
2009-01-30 11:24 . 2009-01-30 11:24   <DIR>   d--------   c:\windows\ERUNT
2009-01-30 11:24 . 2009-01-30 11:24   <DIR>   d--------   C:\ERDNT
2009-01-30 11:24 . 2009-02-07 14:19   <DIR>   d--------   C:\!FixIEDef
2009-01-30 11:19 . 2009-02-07 14:20   <DIR>   d---s----   c:\program files\HLSW
2009-01-30 10:44 . 2009-01-30 10:44   <DIR>   d--------   c:\windows\system32\AGEIA
2009-01-30 10:44 . 2009-01-30 12:05   <DIR>   d--------   c:\program files\Common Files\Wise Installation Wizard
2009-01-30 10:44 . 2009-01-30 10:44   <DIR>   d--------   c:\program files\AGEIA Technologies
2009-01-30 10:43 . 2009-01-30 10:45   <DIR>   d--------   c:\windows\NV33163340.TMP
2009-01-30 10:43 . 2009-01-15 08:19   206,793   --a------   c:\windows\system32\nvapps.nvb
2009-01-30 10:42 . 2009-01-30 10:42   <DIR>   d--------   C:\NVIDIA
2009-01-30 07:48 . 2009-01-30 07:48   <DIR>   d--------   c:\program files\SystemRequirementsLab
2009-01-29 23:08 . 2004-08-04 01:35   58,624   --a------   c:\windows\system32\drivers\redbook.sys
2009-01-29 23:08 . 2004-08-04 01:44   21,504   --a------   c:\windows\system32\hidserv.dll
2009-01-29 23:08 . 2001-08-17 22:59   3,072   --a------   c:\windows\system32\drivers\audstub.sys
2009-01-29 23:07 . 2004-08-04 01:44   77,312   --a------   c:\windows\system32\usbui.dll
2009-01-29 23:05 . 2009-01-29 23:05   <DIR>   dr-h-----   c:\documents and settings\Default User\Ustawienia lokalne
2009-01-29 23:05 . 2009-01-29 23:05   <DIR>   d--------   c:\documents and settings\Default User\Ulubione
2009-01-29 23:05 . 2009-01-29 22:15   <DIR>   d--h-----   c:\documents and settings\Default User\Szablony
2009-01-29 23:05 . 2009-01-29 23:05   <DIR>   d--------   c:\documents and settings\Default User\Pulpit
2009-01-29 23:05 . 2009-01-29 23:05   <DIR>   d--------   c:\documents and settings\Default User\Moje dokumenty
2009-01-29 23:05 . 2009-01-29 23:05   <DIR>   dr-------   c:\documents and settings\Default User\Menu Start
2009-01-29 23:05 . 2009-01-29 23:05   <DIR>   d--------   c:\documents and settings\All Users\Ulubione
2009-01-29 23:05 . 2009-01-29 23:05   <DIR>   d--h-----   c:\documents and settings\All Users\Szablony
2009-01-29 23:05 . 2009-02-07 14:22   <DIR>   d-a------   c:\documents and settings\All Users\Pulpit
2009-01-29 23:05 . 2009-01-29 22:44   <DIR>   dr-------   c:\documents and settings\All Users\Menu Start
2009-01-29 23:05 . 2009-02-03 21:30   <DIR>   dr-------   c:\documents and settings\All Users\Dokumenty
2009-01-29 23:04 . 2009-02-07 14:25   <DIR>   d--------   c:\windows\system32\CatRoot2
2009-01-29 23:04 . 2009-01-29 23:05   <DIR>   dr-h-----   c:\documents and settings\Default User\Dane aplikacji
2009-01-29 23:04 . 2009-02-03 21:27   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji
2009-01-29 23:03 . 2009-01-29 22:18   <DIR>   d--h-----   c:\documents and settings\Default User
2009-01-29 23:03 . 2009-01-29 22:17   <DIR>   d--------   c:\documents and settings\All Users
2009-01-29 23:03 . 2009-01-29 22:21   <DIR>   d--------   C:\Documents and Settings
2009-01-29 23:02 . 2009-01-29 22:19   261   --a------   c:\windows\system32\$winnt$.inf

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-02 16:55   ---------   d--h--w   c:\program files\InstallShield Installation Information
2009-02-01 16:33   196,608   ----a-w   c:\windows\system32\drivers\nStandard.bin
2009-01-29 21:56   ---------   d-----w   c:\documents and settings\pleXz\Dane aplikacji\Nowe Gadu-Gadu
2009-01-29 21:50   ---------   d-----w   c:\program files\Valve
2009-01-29 21:47   ---------   d-----w   c:\program files\Opera
2009-01-29 21:44   ---------   d-----w   c:\program files\LG Soft India
2009-01-29 21:44   ---------   d-----w   c:\program files\Common Files\InstallShield
2009-01-29 21:44   ---------   d-----w   c:\documents and settings\All Users\Dane aplikacji\InstallShield
2009-01-29 21:43   ---------   d-----w   c:\program files\Razer
2009-01-29 21:42   ---------   d-----w   c:\documents and settings\pleXz\Dane aplikacji\InstallShield
2009-01-29 21:41   ---------   d-----w   c:\program files\My Company Name
2009-01-29 21:40   ---------   d-----w   c:\program files\ASUS
2009-01-29 21:31   ---------   d-----w   c:\program files\Analog Devices
2009-01-29 21:27   ---------   d-----w   c:\program files\DIFX
2009-01-29 21:23   ---------   d-----w   c:\program files\NVIDIA Corporation
2009-01-29 21:18   ---------   d-----w   c:\program files\microsoft frontpage
2009-01-29 21:17   ---------   d-----w   c:\program files\Usługi online
2009-01-23 01:17   42,320   ----a-w   c:\windows\system32\xfcodec.dll
2009-01-07 10:28   489,504   ----a-w   c:\windows\system32\NVUNINST.EXE
2008-12-10 08:45   70,936   ----a-w   c:\windows\system32\PhysXLoader.dll
2008-12-04 08:28   24,344   ----a-w   c:\windows\system32\PhysXDevice.dll
2008-11-26 07:55   324,376   ----a-w   c:\windows\system32\PhysXCplUI.exe
2008-11-25 07:38   324,376   ----a-w   c:\windows\system32\PhysXCompatCplUI.exe
.

(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"Steam"="c:\program files\valve\steam\steam.exe" [2009-01-29 1410296]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-04-01 486856]
"Nowe Gadu-Gadu"="c:\program files\Nowe Gadu-Gadu\gg.exe" [2008-12-22 8966760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"AsusStartupHelp"="c:\program files\ASUS\AASP\1.00.16\AsRunHelp.exe" [2006-11-14 399360]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-15 13680640]
"ASUSGamerOSD"="c:\program files\ASUS\GamerOSD\GamerOSD.exe" [2007-07-12 380928]
"Diamondback"="c:\program files\Razer\Diamondback 3G\razerhid.exe" [2007-08-01 147456]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 232960]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-04-13 69632]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-15 86016]
"nwiz"="nwiz.exe" [2009-01-15 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\pleXz\Menu Start\Programy\Autostart\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 150016]

c:\documents and settings\All Users\Menu Start\Programy\Autostart\
forteManager.lnk - c:\program files\LG Soft India\forteManager\bin\Monitor.exe [2009-01-29 1064960]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"c:\\Program Files\\HLSW\\hlsw.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\plexz\\counter-strike\\hl.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\doluse\\counter-strike\\hl.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=

R3 LGDDCDevice;LGDDCDevice;c:\program files\LG Soft India\forteManager\bin\I2CDriver.sys [2009-01-29 14336]
R3 Razerlow;Diamondback 3G USB Filter Driver;c:\windows\system32\drivers\DB3G.sys [2009-01-29 13225]
S3 LGII2CDevice;LGII2CDevice;c:\program files\LG Soft India\forteManager\bin\PII2CDriver.sys [2009-01-29 13312]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-07 14:26:24
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

skanowanie ukrytych procesów ... 

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ... 

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------

[HKEY_USERS\S-1-5-21-789336058-1957994488-839522115-1004\Software\G*e*n*i*e*"!\FM Genie Scout 2009 XE]
"GameDir"="c:\\Documents and Settings\\pleXz\\Moje dokumenty\\Sports Interactive\\Football Manager 2009\\games"
"ShortlistDir"=""
"ScreenshotsDir"="c:\\Documents and Settings\\pleXz\\Moje dokumenty\\Sports Interactive\\Football Manager 2009"
"SaveDir"="c:\\Documents and Settings\\pleXz\\Moje dokumenty\\Sports Interactive\\Football Manager 2009\\"
"HistoryDir"="c:\\DOCUME~1\\pleXz\\USTAWI~1\\Temp\\Rar$EX00.047\\FM Genie Scout 2009 XE\\History Points"
"LangDB"="c:\\Program Files\\Sports Interactive\\Football Manager 2009\\data\\updates\\update-910\\db\\910\\lang_db.dat"
"LastSaveGame"="c:\\Documents and Settings\\pleXz\\Moje dokumenty\\Sports Interactive\\Football Manager 2009\\games\\Arka Gdynia.fm"
"Language"="English"
"LoadLangDB"=dword:00000001
"CompressHistoryPoints"=dword:00000000
"HighlightedAttributes"=dword:00000000
"MinCondition"=dword:00000050
"SkinName"="Champions League"
"LastUpdateCheck"=dword:00000000
"HighQualityGUI"=dword:00000001
"AutomaticallyUpdateCheck"=dword:00000001
"AdvancedGeneration"=dword:00000000
"TranslateStaffSkills"=dword:00000001
"TranslatePlayerSkills"=dword:00000001
"TranslatePositions"=dword:00000001
"ShowHistory"=dword:00000001
"Version"=dword:00000066
"UniqueID"="8A-FDC5-20B3"
"UseProxy"=dword:00000000
"ProxyHost"=""
"ProxyPort"=""
"UseAuthentication"=dword:00000000
"UserName"=""
"UserPassword"=""
.
Czas ukończenia: 2009-02-07 14:26:52
ComboFix-quarantined-files.txt  2009-02-07 13:26:50

Przed: 67 589 623 808 bajtów wolnych
Po: 67,755,159,552 bajtów wolnych

243


A po combofixie
Przeskanowalem tym :

Kod: Zaznacz wszystko

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:30:05, on 2009-02-07
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
C:\Program Files\Razer\Diamondback 3G\razerhid.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\program files\valve\steam\steam.exe
C:\Program Files\LG Soft India\forteManager\bin\Monitor.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Razer\Diamondback 3G\razertra.exe
C:\Program Files\Razer\Diamondback 3G\razerofa.exe
C:\WINDOWS\system32\wpabaln.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [AsusStartupHelp] C:\Program Files\ASUS\AASP\1.00.16\AsRunHelp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ASUSGamerOSD] C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
O4 - HKLM\..\Run: [Diamondback] C:\Program Files\Razer\Diamondback 3G\razerhid.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Nowe Gadu-Gadu] "C:\Program Files\Nowe Gadu-Gadu\gg.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: forteManager.lnk = ?
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

--
End of file - 5118 bytes


Komputer muli + nie włączają się niektóre programy . Na dodatek zauwazyłem , że jakby mi programy zżerało wczoraj total comander dziś gg ...<- Nie można ich uruchomić

[wojtas]

przeinstaluj te programy ktore nie dzialaja i :


1. Ściągnij OTMoveIt i go włacz i odpal go z opcji CleanUp oraz skasuj folder C:\Qoobox
2. wykonaj optymalizację windowsa
3.sciagnij ATF_Cleaner
zaznacz
Windows Temp
All users Temp
Temporary internet files
Recycle Bin
i wcisnij EMPTY SELECTED
4.Wyłącz przywracanie systemu ( właściwości mój komputer-zakładka przywracanie - wyłącz przywracanie na wszystkich dyskach). Po chwili włącz je powrotem
5. Wykonaj skan Dr. Web CureIt
6. Przeskanuj obszar mojego komputera http://www.kaspersky.pl/virusscanner.html (uruchom przez IE) Daj raport z niego na forum.

i tym:

FixIEDef.

[TiTi]

[code:cenzura!]Created at 17:21:10 on Saturday, February 07, 2009

Time Zone :

Logged On User : pleXz

Operating System : Microsoft Windows XP Home Edition Dodatek Service Pack 2
OS Architecture : X86
System Langauge : Polish
Keyboard Layout : Polish
Processor : X64 AMD Athlon(tm) 64 X2 Dual Core Processor 5000+

System Drive : C:\
Windows Directory : C:\WINDOWS
System Directory : C:\WINDOWS\system32

System Drive Type : Fixed
System Drive Status : READY
System Drive Label :
System Drive Size : 100 GB
System Drive Free : 70.36 GB

Total Physical Memory: 2047 MB
Free Physical Memory : 1528 MB
Total Page File : 2047 MB
Free Page File : 3635 MB
Total Virtual Memory : 2048 MB
Free Virtual Memory : 1970 MB

Boot State : Normal boot

--------------------------------------------------------------------------------

!!! userinit.exe is Clean !!!

--------------------------------------------------------------------------------

!!! Files that have been deleted !!!

C:\WINDOWS\svchost.exe
C:\WINDOWS\system32\nmp.log

--------------------------------------------------------------------------------

!!! Directories that have been removed !!!

No malicious directories to be removed

--------------------------------------------------------------------------------

!!! Registry entries that have been removed !!!

No malicious Registry entries found

================================================================================

All Done :)

ShadowPuterDude

Safe Surfing!!![/code:cenzura!]


[code:cenzura!]Proces w pamięci: C:\WINDOWS\svchost.exe:988;;Win32.HLLP.Jeefo.32356;Zniszczony.;
asrunhelp.exe;c:\program files\asus\aasp\1.00.16;Win32.HLLP.Jeefo.36352;Wyleczony.;
adobe gamma loader.exe;c:\program files\common files\adobe\calibration;Win32.HLLP.Jeefo.36352;Wyleczony.;
isuspm.exe;c:\program files\common files\installshield\updateservice;Win32.HLLP.Jeefo.36352;Wyleczony.;
msmsgs.exe;c:\program files\messenger;Win32.HLLP.Jeefo.36352;Wyleczony.;
svchost.exe;c:\windows;Win32.HLLP.Jeefo.36352;Niewyleczalny.Przeniesiony.;
svchost.exe;C:\!FixIEDef;Win32.HLLP.Jeefo.36352;Niewyleczalny.Przeniesiony.;
CGSX4SP2.exe;C:\Documents and Settings\All Users\Dane aplikacji\Corel\Downloads\540228824_507026\1225405113942;Win32.HLLP.Jeefo.36352;Wyleczony.;
Setup.exe;C:\Documents and Settings\All Users\Dokumenty\Corel\CorelDRAW Graphics Suite X4\Extras\Setup;Win32.HLLP.Jeefo.36352;Wyleczony.;
SetupARP.exe;C:\Documents and Settings\All Users\Dokumenty\Corel\CorelDRAW Graphics Suite X4\Extras\Setup;Win32.HLLP.Jeefo.36352;Wyleczony.;
181.22_geforce_winxp_32bit_international_whql.exe;C:\Documents and Settings\pleXz\Pulpit;Win32.HLLP.Jeefo.36352;Wyleczony.;
[/code:cenzura!]
Przepraszam bardzo , ale cos jest nie tak z "code" , nie wpisuje obraźliwych znaków itd.. a wyskakuje "cenzura!"
Wykrył wirusy Jeffo , zaraz leci skan z Kasperskiego






[code:cenzura!]--------------------------------------------------------------------------------
RAPORT KASPERSKY ONLINE SCANNER 7.0
sobota, 7 luty 2009
System operacyjny: Microsoft Windows XP Home Edition Dodatek Service Pack 2 (build 2600)
Wersja Kaspersky Online Scanner: 7.0.26.12
Data ostatniej aktualizacji bazy danych: Saturday, February 07, 2009 16:21:43
Liczba wpisów: 1765571
--------------------------------------------------------------------------------

Ustawienia skanowania:
Typ bazy danych użytej do skanowania: rozszerzona
Skanuj archiwa: tak
Skanuj pocztowe bazy danych: tak

Obszar skanowania - Mój komputer:
A:\
C:\
D:\
E:\
F:\

Statystyki skanowania:
Przeskanowanych plików: 0
Nazwa zagrożenia: 1
Zainfekowanych obiektów: 1
Podejrzanych obiektów: 0
Czas skanowania: 00:00:27


Nazwa pliku / Nazwa zagrożenia / Liczba zagrożeń
C:\WINDOWS\svchost.exe/C:\WINDOWS\svchost.exe Zainfekowany: Virus.Win32.Hidrag.a 1
[/code:cenzura!]

[wojtas]

sciagnij killbox’a

Odpalasz Killboxa zaznacz opcję Delete on Reboot następnie w polu Full Path of File to Delete wklej ścieżkę

C:\WINDOWS\svchost.exe

i nacisnij x
Program będzie pytał o restart (oczywiście zgadzasz się)

i daj nowego loga z combofixa

[TiTi]

Kod: Zaznacz wszystko

ComboFix 09-02-06.04 - pleXz 2009-02-08 16:13:18.2 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1250.1.1045.18.2047.1624 [GMT 1:00]
Uruchomiony z: c:\documents and settings\pleXz\Pulpit\ComboFix.exe
FW: ActiveArmor Firewall *disabled*
* Utworzono nowy punkt przywracania

UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!
.

(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\svchost.exe

.
(((((((((((((((((((((((((((((((((((((((   Sterowniki/Usługi   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_POWERMANAGER
-------\Service_PowerManager


(((((((((((((((((((((((((   Pliki utworzone od 2009-01-08 do 2009-02-08  )))))))))))))))))))))))))))))))
.

2009-02-08 16:09 . 2009-02-08 16:09   <DIR>   d--------   C:\!KillBox
2009-02-07 18:29 . 2009-02-07 18:31   <DIR>   d--------   c:\program files\Aspell
2009-02-07 18:21 . 2009-02-07 18:29   <DIR>   d--------   c:\documents and settings\pleXz\TmpInstall
2009-02-07 17:22 . 2009-02-07 17:22   <DIR>   d--------   c:\windows\Sun
2009-02-07 17:21 . 2009-02-07 17:21   <DIR>   d--------   c:\program files\Java
2009-02-07 17:21 . 2009-02-07 17:21   410,984   --a------   c:\windows\system32\deploytk.dll
2009-02-07 17:21 . 2009-02-07 17:21   73,728   --a------   c:\windows\system32\javacpl.cpl
2009-02-07 17:09 . 2009-02-07 17:11   <DIR>   d--------   c:\documents and settings\pleXz\DoctorWeb
2009-02-07 14:30 . 2009-02-07 14:30   <DIR>   d--------   c:\program files\Trend Micro
2009-02-07 14:22 . 2009-02-07 14:22   <DIR>   d--------   c:\program files\Nowe Gadu-Gadu
2009-02-06 19:55 . 2009-02-07 16:14   <DIR>   d--------   c:\program files\World of Warcraft
2009-02-06 19:12 . 2009-02-07 13:57   <DIR>   d--------   c:\program files\Common Files\Blizzard Entertainment
2009-02-03 22:18 . 2009-02-03 22:18   <DIR>   d--------   c:\windows\system32\pl-PL
2009-02-03 22:18 . 2006-06-29 13:07   14,048   ---------   c:\windows\system32\spmsg2.dll
2009-02-03 22:17 . 2009-02-03 22:17   <DIR>   d--------   c:\windows\system32\XPSViewer
2009-02-03 22:17 . 2009-02-03 22:17   <DIR>   d--------   c:\program files\Reference Assemblies
2009-02-03 22:17 . 2009-02-03 22:17   <DIR>   d--------   c:\program files\MSBuild
2009-02-03 22:16 . 2008-07-06 13:06   1,676,288   ---------   c:\windows\system32\xpssvcs.dll
2009-02-03 22:16 . 2008-07-06 13:06   1,676,288   -----c---   c:\windows\system32\dllcache\xpssvcs.dll
2009-02-03 22:16 . 2008-07-06 11:50   597,504   -----c---   c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-02-03 22:16 . 2008-07-06 13:06   575,488   ---------   c:\windows\system32\xpsshhdr.dll
2009-02-03 22:16 . 2008-07-06 13:06   575,488   -----c---   c:\windows\system32\dllcache\xpsshhdr.dll
2009-02-03 22:16 . 2008-07-06 13:06   117,760   ---------   c:\windows\system32\prntvpt.dll
2009-02-03 22:16 . 2008-07-06 13:06   89,088   -----c---   c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-02-03 22:15 . 2009-02-03 22:15   <DIR>   d--------   c:\program files\MSXML 6.0
2009-02-03 21:29 . 2009-02-03 21:30   <DIR>   d--------   c:\documents and settings\pleXz\Dane aplikacji\Sports Interactive
2009-02-03 21:27 . 2009-02-03 21:32   <DIR>   d-a------   c:\documents and settings\All Users\Dane aplikacji\Sports Interactive
2009-02-03 21:24 . 2009-02-03 21:24   6,595   --a------   c:\windows\FontData.fdb
2009-02-03 21:19 . 2009-02-03 21:19   <DIR>   d--h-----   c:\program files\Zero G Registry
2009-02-03 21:19 . 2009-02-03 21:19   <DIR>   d--------   c:\program files\Sports Interactive
2009-02-03 21:19 . 2009-02-03 21:19   <DIR>   d--h-----   c:\documents and settings\pleXz\InstallAnywhere
2009-02-03 21:18 . 2009-02-03 21:18   <DIR>   d--------   c:\program files\DAEMON Tools Lite
2009-02-03 20:37 . 2009-02-03 20:37   <DIR>   d--------   c:\documents and settings\pleXz\Dane aplikacji\DAEMON Tools
2009-02-03 20:37 . 2009-02-03 20:37   717,296   --a------   c:\windows\system32\drivers\sptd.sys
2009-02-03 20:08 . 2009-02-06 22:33   67   --a------   c:\windows\wcx_ftp.ini
2009-02-02 23:42 . 2009-02-02 23:42   <DIR>   d--------   c:\documents and settings\pleXz\.gstreamer-0.10
2009-02-02 19:04 . 2009-02-02 19:04   <DIR>   d--------   c:\program files\Teamspeak2_RC2
2009-02-02 19:04 . 2009-02-02 19:04   <DIR>   d--------   c:\documents and settings\pleXz\Dane aplikacji\teamspeak2
2009-02-02 19:04 . 2009-02-02 19:04   34,064   --a------   c:\windows\system32\lhacm.acm
2009-02-02 18:50 . 2009-02-02 18:50   <DIR>   d--------   c:\documents and settings\NetworkService\Dane aplikacji\Xfire
2009-02-02 18:49 . 2009-02-06 22:21   <DIR>   d--------   c:\program files\Xfire
2009-02-02 18:49 . 2009-02-07 00:03   <DIR>   d--------   c:\documents and settings\pleXz\Dane aplikacji\Xfire
2009-02-02 17:55 . 2009-02-02 17:55   <DIR>   d--------   c:\windows\system32\LogFiles
2009-02-02 17:55 . 2009-02-04 12:30   202,040   --a------   c:\windows\system32\PnkBstrB.exe
2009-02-02 17:55 . 2009-02-04 12:30   137,688   --a------   c:\windows\system32\drivers\PnkBstrK.sys
2009-02-02 17:55 . 2009-02-02 17:59   66,872   --a------   c:\windows\system32\PnkBstrA.exe
2009-02-02 17:55 . 2009-02-02 17:55   22,328   --a------   c:\documents and settings\pleXz\Dane aplikacji\PnkBstrK.sys
2009-02-02 17:55 . 2009-02-02 17:55   319   --a------   c:\windows\game.ini
2009-02-02 17:42 . 2009-02-02 17:42   <DIR>   d--------   c:\program files\Activision
2009-02-02 17:32 . 2009-02-02 17:32   <DIR>   d--hs----   c:\windows\ftpcache
2009-02-02 12:45 . 2004-08-03 23:08   26,496   --a--c---   c:\windows\system32\dllcache\usbstor.sys
2009-01-31 21:01 . 2009-02-07 22:23   <DIR>   d--------   c:\program files\mIRC
2009-01-31 21:01 . 2009-02-07 22:23   <DIR>   d--------   c:\documents and settings\pleXz\Dane aplikacji\mIRC
2009-01-31 20:16 . 2009-02-03 20:07   <DIR>   d--------   C:\totalcmd
2009-01-31 20:16 . 2009-02-07 14:34   1,794   --a------   c:\windows\wincmd.ini
2009-01-31 20:16 . 2008-08-08 07:04   545   --a------   c:\windows\UC.PIF
2009-01-31 20:16 . 2008-08-08 07:04   545   --a------   c:\windows\RAR.PIF
2009-01-31 20:16 . 2008-08-08 07:04   545   --a------   c:\windows\PKZIP.PIF
2009-01-31 20:16 . 2008-08-08 07:04   545   --a------   c:\windows\PKUNZIP.PIF
2009-01-31 20:16 . 2008-08-08 07:04   545   --a------   c:\windows\NOCLOSE.PIF
2009-01-31 20:16 . 2008-08-08 07:04   545   --a------   c:\windows\LHA.PIF
2009-01-31 20:16 . 2008-08-08 07:04   545   --a------   c:\windows\ARJ.PIF
2009-01-31 14:53 . 2009-01-31 14:53   <DIR>   d--------   c:\program files\Common Files\Adobe Systems Shared
2009-01-31 14:52 . 2009-01-31 14:53   <DIR>   d--------   c:\program files\Common Files\Adobe
2009-01-30 20:39 . 2009-01-30 20:39   <DIR>   d--------   c:\documents and settings\pleXz\Dane aplikacji\Corel
2009-01-30 20:25 . 2009-01-30 20:39   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\Corel
2009-01-30 20:23 . 2009-01-30 20:23   <DIR>   d--------   c:\program files\Common Files\Corel
2009-01-30 20:21 . 2009-01-30 20:21   <DIR>   d--------   c:\program files\Corel
2009-01-30 13:40 . 2009-01-30 13:40   <DIR>   d--------   c:\documents and settings\pleXz\Dane aplikacji\Ubisoft
2009-01-30 13:27 . 2009-01-30 13:27   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\Ubisoft
2009-01-30 13:15 . 2009-01-30 13:15   <DIR>   d--------   c:\program files\Ubisoft
2009-01-30 12:05 . 2009-01-30 12:05   <DIR>   d--------   c:\program files\Ventrilo
2009-01-30 12:05 . 2009-01-30 12:09   <DIR>   d--------   c:\documents and settings\pleXz\Dane aplikacji\Ventrilo
2009-01-30 11:24 . 2009-01-30 11:24   <DIR>   d--------   c:\windows\ERUNT
2009-01-30 11:24 . 2009-01-30 11:24   <DIR>   d--------   C:\ERDNT
2009-01-30 11:24 . 2009-02-07 17:20   <DIR>   d--------   C:\!FixIEDef
2009-01-30 11:19 . 2009-02-07 14:20   <DIR>   d---s----   c:\program files\HLSW
2009-01-30 10:44 . 2009-01-30 10:44   <DIR>   d--------   c:\windows\system32\AGEIA
2009-01-30 10:44 . 2009-01-30 12:05   <DIR>   d--------   c:\program files\Common Files\Wise Installation Wizard
2009-01-30 10:44 . 2009-01-30 10:44   <DIR>   d--------   c:\program files\AGEIA Technologies
2009-01-30 10:43 . 2009-01-30 10:45   <DIR>   d--------   c:\windows\NV33163340.TMP
2009-01-30 10:43 . 2009-01-15 08:19   206,793   --a------   c:\windows\system32\nvapps.nvb
2009-01-30 10:42 . 2009-01-30 10:42   <DIR>   d--------   C:\NVIDIA
2009-01-30 07:48 . 2009-01-30 07:48   <DIR>   d--------   c:\program files\SystemRequirementsLab
2009-01-29 23:08 . 2004-08-04 01:35   58,624   --a------   c:\windows\system32\drivers\redbook.sys
2009-01-29 23:08 . 2004-08-04 01:44   21,504   --a------   c:\windows\system32\hidserv.dll
2009-01-29 23:08 . 2001-08-17 22:59   3,072   --a------   c:\windows\system32\drivers\audstub.sys
2009-01-29 23:07 . 2004-08-04 01:44   77,312   --a------   c:\windows\system32\usbui.dll
2009-01-29 23:05 . 2009-01-29 23:05   <DIR>   dr-h-----   c:\documents and settings\Default User\Ustawienia lokalne
2009-01-29 23:05 . 2009-01-29 23:05   <DIR>   d--------   c:\documents and settings\Default User\Ulubione
2009-01-29 23:05 . 2009-01-29 22:15   <DIR>   d--h-----   c:\documents and settings\Default User\Szablony
2009-01-29 23:05 . 2009-01-29 23:05   <DIR>   d--------   c:\documents and settings\Default User\Pulpit
2009-01-29 23:05 . 2009-01-29 23:05   <DIR>   d--------   c:\documents and settings\Default User\Moje dokumenty
2009-01-29 23:05 . 2009-01-29 23:05   <DIR>   dr-------   c:\documents and settings\Default User\Menu Start
2009-01-29 23:05 . 2009-01-29 23:05   <DIR>   d--------   c:\documents and settings\All Users\Ulubione
2009-01-29 23:05 . 2009-01-29 23:05   <DIR>   d--h-----   c:\documents and settings\All Users\Szablony
2009-01-29 23:05 . 2009-02-07 16:14   <DIR>   d-a------   c:\documents and settings\All Users\Pulpit
2009-01-29 23:05 . 2009-01-29 22:44   <DIR>   dr-------   c:\documents and settings\All Users\Menu Start
2009-01-29 23:05 . 2009-02-03 21:30   <DIR>   dr-------   c:\documents and settings\All Users\Dokumenty
2009-01-29 23:04 . 2009-02-08 16:13   <DIR>   d--------   c:\windows\system32\CatRoot2
2009-01-29 23:04 . 2009-01-29 23:05   <DIR>   dr-h-----   c:\documents and settings\Default User\Dane aplikacji
2009-01-29 23:04 . 2009-02-03 21:27   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji
2009-01-29 23:03 . 2009-02-07 14:26   <DIR>   d--h-----   c:\documents and settings\Default User
2009-01-29 23:03 . 2009-01-29 22:17   <DIR>   d--------   c:\documents and settings\All Users
2009-01-29 23:03 . 2009-01-29 22:21   <DIR>   d--------   C:\Documents and Settings
2009-01-29 23:02 . 2009-01-29 22:19   261   --a------   c:\windows\system32\$winnt$.inf

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-07 17:30   ---------   d-----w   c:\program files\Opera
2009-02-02 16:55   ---------   d--h--w   c:\program files\InstallShield Installation Information
2009-02-01 16:33   196,608   ----a-w   c:\windows\system32\drivers\nStandard.bin
2009-01-29 21:56   ---------   d-----w   c:\documents and settings\pleXz\Dane aplikacji\Nowe Gadu-Gadu
2009-01-29 21:50   ---------   d-----w   c:\program files\Valve
2009-01-29 21:44   ---------   d-----w   c:\program files\LG Soft India
2009-01-29 21:44   ---------   d-----w   c:\program files\Common Files\InstallShield
2009-01-29 21:44   ---------   d-----w   c:\documents and settings\All Users\Dane aplikacji\InstallShield
2009-01-29 21:43   ---------   d-----w   c:\program files\Razer
2009-01-29 21:42   ---------   d-----w   c:\documents and settings\pleXz\Dane aplikacji\InstallShield
2009-01-29 21:41   ---------   d-----w   c:\program files\My Company Name
2009-01-29 21:40   ---------   d-----w   c:\program files\ASUS
2009-01-29 21:31   ---------   d-----w   c:\program files\Analog Devices
2009-01-29 21:27   ---------   d-----w   c:\program files\DIFX
2009-01-29 21:23   ---------   d-----w   c:\program files\NVIDIA Corporation
2009-01-29 21:18   ---------   d-----w   c:\program files\microsoft frontpage
2009-01-29 21:17   ---------   d-----w   c:\program files\Usługi online
2009-01-15 07:19   6,301,248   ----a-w   c:\windows\system32\drivers\nv4_mini.sys
.

(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"Steam"="c:\program files\valve\steam\steam.exe" [2009-01-29 1410296]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-04-01 486856]
"Nowe Gadu-Gadu"="c:\program files\Nowe Gadu-Gadu\gg.exe" [2008-12-22 8966760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"AsusStartupHelp"="c:\program files\ASUS\AASP\1.00.16\AsRunHelp.exe" [2006-11-14 700928]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-15 13680640]
"ASUSGamerOSD"="c:\program files\ASUS\GamerOSD\GamerOSD.exe" [2007-07-12 380928]
"Diamondback"="c:\program files\Razer\Diamondback 3G\razerhid.exe" [2007-08-01 147456]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 826368]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-04-13 69632]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-15 86016]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-07 136600]
"nwiz"="nwiz.exe" [2009-01-15 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\pleXz\Menu Start\Programy\Autostart\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 337920]

c:\documents and settings\All Users\Menu Start\Programy\Autostart\
forteManager.lnk - c:\program files\LG Soft India\forteManager\bin\Monitor.exe [2009-01-29 1064960]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"c:\\Program Files\\HLSW\\hlsw.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\plexz\\counter-strike\\hl.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\doluse\\counter-strike\\hl.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=

R3 LGDDCDevice;LGDDCDevice;c:\program files\LG Soft India\forteManager\bin\I2CDriver.sys [2009-01-29 14336]
R3 Razerlow;Diamondback 3G USB Filter Driver;c:\windows\system32\drivers\DB3G.sys [2009-01-29 13225]
S2 PowerManager;Power Manager;c:\windows\svchost.exe --> c:\windows\svchost.exe [?]
S3 LGII2CDevice;LGII2CDevice;c:\program files\LG Soft India\forteManager\bin\PII2CDriver.sys [2009-01-29 13312]

--- Inne Usługi/Sterowniki w Pamięci ---

*NewlyCreated* - POWERMANAGER
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-08 16:15:10
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

skanowanie ukrytych procesów ... 

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ... 

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------

[HKEY_USERS\S-1-5-21-789336058-1957994488-839522115-1004\Software\G*e*n*i*e*"!\FM Genie Scout 2009 XE]
"GameDir"="c:\\Documents and Settings\\pleXz\\Moje dokumenty\\Sports Interactive\\Football Manager 2009\\games"
"ShortlistDir"=""
"ScreenshotsDir"="c:\\Documents and Settings\\pleXz\\Moje dokumenty\\Sports Interactive\\Football Manager 2009"
"SaveDir"="c:\\Documents and Settings\\pleXz\\Moje dokumenty\\Sports Interactive\\Football Manager 2009\\"
"HistoryDir"="c:\\DOCUME~1\\pleXz\\USTAWI~1\\Temp\\Rar$EX00.047\\FM Genie Scout 2009 XE\\History Points"
"LangDB"="c:\\Program Files\\Sports Interactive\\Football Manager 2009\\data\\updates\\update-910\\db\\910\\lang_db.dat"
"LastSaveGame"="c:\\Documents and Settings\\pleXz\\Moje dokumenty\\Sports Interactive\\Football Manager 2009\\games\\Arka Gdynia.fm"
"Language"="English"
"LoadLangDB"=dword:00000001
"CompressHistoryPoints"=dword:00000000
"HighlightedAttributes"=dword:00000000
"MinCondition"=dword:00000050
"SkinName"="Champions League"
"LastUpdateCheck"=dword:00000000
"HighQualityGUI"=dword:00000001
"AutomaticallyUpdateCheck"=dword:00000001
"AdvancedGeneration"=dword:00000000
"TranslateStaffSkills"=dword:00000001
"TranslatePlayerSkills"=dword:00000001
"TranslatePositions"=dword:00000001
"ShowHistory"=dword:00000001
"Version"=dword:00000066
"UniqueID"="8A-FDC5-20B3"
"UseProxy"=dword:00000000
"ProxyHost"=""
"ProxyPort"=""
"UseAuthentication"=dword:00000000
"UserName"=""
"UserPassword"=""
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\windows\system32\rundll32.exe
c:\windows\ATKKBService.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
c:\program files\Razer\Diamondback 3G\razertra.exe
c:\program files\Razer\Diamondback 3G\razerofa.exe
c:\windows\system32\wpabaln.exe
c:\docume~1\pleXz\USTAWI~1\temp\Blizzard Installer Bootstrap - 000230f9\Installer.exe
.
**************************************************************************
.
Czas ukończenia: 2009-02-08 16:17:24 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt  2009-02-08 15:17:22

Przed: 72 990 621 696 bajtów wolnych
Po: 73,006,796,800 bajtów wolnych

264


Proszę bardzo

[wojtas]

uzyj:
-->(Jeefogui)

Start => Uruchom => cmd =>
sc stop PowerManager
enter
sc delete PowerManager
enter

[TiTi]

Po tym zabiegu nie działa już żaden program . Muszę zainstalować od nowa

LOGA

Kod: Zaznacz wszystko

********************************************************************************
*                                                                              *
*                                 FixIEDef Log                                 *
*                              Version 1.7.22.7368                             *
*                                                                              *
********************************************************************************

Created at 17:18:33 on Sunday, February 08, 2009

Time Zone            :

Logged On User       : pleXz

Operating System     : Microsoft Windows XP Home Edition Dodatek Service Pack 2
OS Architecture      : X86
System Langauge      : Polish
Keyboard Layout      : Polish
Processor            : X64 AMD Athlon(tm) 64 X2 Dual Core Processor 5000+

System Drive         : C:\
Windows Directory    : C:\WINDOWS
System Directory     : C:\WINDOWS\system32

System Drive Type    : Fixed
System Drive Status  : READY
System Drive Label   :
System Drive Size    : 100 GB
System Drive Free    : 64.49 GB

Total Physical Memory: 2047 MB
Free Physical Memory : 1651 MB
Total Page File      : 2047 MB
Free Page File       : 3690 MB
Total Virtual Memory : 2048 MB
Free Virtual Memory  : 1970 MB

Boot State           : Normal boot

--------------------------------------------------------------------------------

!!! userinit.exe is Clean !!!

--------------------------------------------------------------------------------

!!! Files that have been deleted !!!

C:\WINDOWS\system32\nmp.log

--------------------------------------------------------------------------------

!!! Directories that have been removed !!!

No malicious directories to be removed

--------------------------------------------------------------------------------

!!! Registry entries that have been removed !!!

No malicious Registry entries found

================================================================================

All Done :)

ShadowPuterDude

Safe Surfing!!!

Kod: Zaznacz wszystko

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:20:08, on 2009-02-08
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
C:\Program Files\Razer\Diamondback 3G\razerhid.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\LG Soft India\forteManager\bin\Monitor.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Razer\Diamondback 3G\razertra.exe
C:\Program Files\Razer\Diamondback 3G\razerofa.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Nowe Gadu-Gadu\gg.exe
C:\WINDOWS\system32\wpabaln.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [AsusStartupHelp] C:\Program Files\ASUS\AASP\1.00.16\AsRunHelp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ASUSGamerOSD] C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
O4 - HKLM\..\Run: [Diamondback] C:\Program Files\Razer\Diamondback 3G\razerhid.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Nowe Gadu-Gadu] "C:\Program Files\Nowe Gadu-Gadu\gg.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: forteManager.lnk = ?
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

--
End of file - 5819 bytes


[wojtas]

daj loga jeszcze z combofixa.