spowolniona praca systemu i problemy z działaniem internetu

[AfgaN]

Problemy z internetem miałem już wcześniej, ale po jakimś czasie znikły ( logi według was były czyste) jednak ponownie wróciły i nie jest to wina providera, ponieważ u sąsiadów wszystko działa dobrze. Dodatkowo zauważyłem, że coś muli mi system np. gdy korzystam z opery i wejdę na stronę startową to nie mogę przez jakiś czas wejść na żaden odnośnik gdyż całą stronę traktuje mi jako jeden link (kursor zamienia się w łapkę) a klikanie niczego nie daje. Proszę o przejrzenie logów.

Hijack

Kod: Zaznacz wszystko

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:41:28, on 2007-12-09
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Ashampoo\Ashampoo FireWall\FireWall.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\AcroRd32.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Program Files\Opera\Opera.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Ashampoo FireWall] "C:\Program Files\Ashampoo\Ashampoo FireWall\FireWall.exe" -TRAY
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - e:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - e:\Program Files\Hello\PicasaCapture.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Machine Debug Manager (MDM) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

--
End of file - 6484 bytes


combofix

Kod: Zaznacz wszystko

ComboFix 07-12-09.1 - TT 2007-12-09 16:50:07.11 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Professional  5.1.2600.2.1250.1.1045.18.191 [GMT 1:00]
Running from: E:\ComboFix.exe
* Created a new restore point
.

(((((((((((((((((((((((((   Files Created from 2007-11-09 to 2007-12-09  )))))))))))))))))))))))))))))))
.

2007-12-07 14:12 . 2007-12-07 14:12   <DIR>   d--hs----   C:\FOUND.078
2007-11-29 15:47 . 2007-11-29 15:47   <DIR>   d--------   C:\WINDOWS\system32\Lang
2007-11-29 15:25 . 2006-11-08 09:51   62,336   ---------   C:\WINDOWS\system32\drivers\rspndr.sys
2007-11-29 15:25 . 2006-11-08 09:51   10,752   ---------   C:\WINDOWS\system32\rspndr.exe
2007-11-29 15:22 . 2007-11-29 15:22   749   -rah-----   C:\WINDOWS\WindowsShell.Manifest
2007-11-29 15:22 . 2007-11-29 15:22   749   -rah-----   C:\WINDOWS\system32\wuaucpl.cpl.manifest
2007-11-29 15:22 . 2007-11-29 15:22   749   -rah-----   C:\WINDOWS\system32\sapi.cpl.manifest
2007-11-29 15:22 . 2007-11-29 15:22   749   -rah-----   C:\WINDOWS\system32\nwc.cpl.manifest
2007-11-29 15:22 . 2007-11-29 15:22   749   -rah-----   C:\WINDOWS\system32\ncpa.cpl.manifest
2007-11-29 15:22 . 2007-11-29 15:22   488   -rah-----   C:\WINDOWS\system32\logonui.exe.manifest
2007-11-29 15:19 . 2006-09-13 18:18   153,088   --a------   C:\WINDOWS\system32\irftp.exe
2007-11-29 15:19 . 2006-09-13 18:18   87,424   --a------   C:\WINDOWS\system32\drivers\irda.sys
2007-11-29 15:19 . 2006-09-13 18:19   27,648   --a------   C:\WINDOWS\system32\irmon.dll
2007-11-29 15:19 . 2006-09-13 18:18   8,192   --a------   C:\WINDOWS\system32\wshirda.dll
2007-11-29 15:15 . 2006-09-13 18:17   19,584   --a------   C:\WINDOWS\system32\drivers\rasirda.sys
2007-11-29 15:14 . 2001-10-26 19:29   24,661   --a------   C:\WINDOWS\system32\spxcoins.dll
2007-11-29 15:14 . 2001-10-26 19:29   13,312   --a------   C:\WINDOWS\system32\irclass.dll
2007-11-29 14:37 . 2007-11-29 14:37   <DIR>   d--------   C:\WINDOWS\ServicePackFiles
2007-11-27 19:40 . 2007-11-27 19:40   <DIR>   d--------   C:\Program Files\Ontrack
2007-11-26 13:55 . 2007-11-26 13:55   <DIR>   d--------   C:\WINDOWS\system32\Sunlight
2007-11-26 13:55 . 2004-05-19 14:56   21,632   --a------   C:\WINDOWS\system32\drivers\HidJFilter.sys
2007-11-26 13:55 . 2003-11-29 23:01   11,008   --a------   C:\WINDOWS\system32\drivers\SKBusEnum.sys
2007-11-26 13:55 . 2003-11-27 19:48   3,968   --a------   C:\WINDOWS\system32\drivers\VirtualK.sys
2007-11-26 13:55 . 2003-11-27 20:14   3,840   --a------   C:\WINDOWS\system32\drivers\VirtualM.sys
2007-11-26 13:52 . 2007-11-26 13:52   <DIR>   d--------   C:\Program Files\USB all-in-one game controller
2007-11-26 13:28 . 2007-11-26 13:28   <DIR>   d--hs----   C:\FOUND.077
2007-11-26 12:27 . 2007-11-26 12:30   552   --a------   C:\WINDOWS\system32\d3d8caps.dat
2007-11-26 12:22 . 2006-09-13 18:18   130,048   --a------   C:\WINDOWS\system32\ksproxy.ax
2007-11-26 12:22 . 2006-09-13 18:18   4,096   --a------   C:\WINDOWS\system32\ksuser.dll
2007-11-26 12:19 . 2007-11-26 12:19   0   --a------   C:\WINDOWS\[INI]
2007-11-25 00:03 . 2007-11-25 00:03   23,552   --a------   C:\WINDOWS\system\dpmodemx.dll
2007-11-24 23:59 . 2001-10-30 08:10   333,824   --a------   C:\WINDOWS\system\DDRAW.DLL
2007-11-24 23:57 . 2007-11-24 23:56   62,464   --a------   C:\WINDOWS\system\dpnmodem.dll
2007-11-24 23:57 . 2007-11-24 23:56   61,952   --a------   C:\WINDOWS\system\dpnwsock.dll
2007-11-24 23:57 . 2007-11-24 23:54   57,344   --a------   C:\WINDOWS\system\dpwsockx.dll
2007-11-24 23:57 . 2007-11-24 23:54   27,136   --a------   C:\WINDOWS\system\ddrawex.dll
2007-11-24 22:43 . 1999-05-05 22:22   471,040   --a------   C:\WINDOWS\system\KERNEL32.DLL
2007-11-24 22:40 . 2001-10-30 08:10   455,680   --a------   C:\WINDOWS\system\DSOUND.DLL
2007-11-24 21:59 . 2004-07-17 11:40   19,528   --a------   C:\WINDOWS\[u]0[/u]00001_.tmp
2007-11-24 20:34 . 2007-11-24 20:34   <DIR>   d--------   C:\WINDOWS\uninstall\DirectX Buster
2007-11-24 20:34 . 2007-11-24 20:34   <DIR>   d--------   C:\Program Files\DirectX Buster
2007-11-24 20:12 . 2007-11-24 20:12   <DIR>   d--------   C:\Program Files\DirectX Happy Uninstall
2007-11-24 20:02 . 2007-11-24 20:02   0   --a------   C:\WINDOWS\dxinfo.INI
2007-11-24 19:58 . 2007-11-24 19:58   <DIR>   d--------   C:\Program Files\directx
2007-11-24 18:50 . 2007-10-04 18:16   356,352   --a------   C:\WINDOWS\system32\NVUNINST.EXE
2007-11-24 18:05 . 2007-11-24 18:05   <DIR>   d--------   C:\WINDOWS\uninstall
2007-11-19 14:33 . 2007-11-29 15:23   23,392   --a------   C:\WINDOWS\system32\nscompat.tlb
2007-11-19 14:33 . 2007-11-29 15:23   16,832   --a------   C:\WINDOWS\system32\amcompat.tlb
2007-11-19 14:08 . 2007-11-19 14:08   <DIR>   d--------   C:\Program Files\Windows Media Connect 2
2007-11-19 14:06 . 2007-11-19 14:06   <DIR>   d--------   C:\WINDOWS\system32\drivers\UMDF
2007-11-16 20:09 . 2007-11-16 20:09   <DIR>   d--------   C:\Program Files\Tlen.pl
2007-11-16 20:09 . 2007-11-16 20:09   <DIR>   d--------   C:\Documents and Settings\TT\Dane aplikacji\Tlen.pl
2007-11-15 16:38 . 2007-11-15 16:38   <DIR>   d--hs----   C:\FOUND.076
2007-11-14 23:47 . 2007-11-14 23:47   <DIR>   d--hs----   C:\FOUND.075
2007-11-14 14:52 . 2007-11-14 14:52   <DIR>   d--hs----   C:\FOUND.074
2007-11-12 15:00 . 2007-11-12 15:00   <DIR>   d--hs----   C:\FOUND.073

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-06 11:59   22,328   ----a-w   C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-12-06 11:58   107,832   ----a-w   C:\WINDOWS\system32\PnkBstrB.exe
2007-12-06 11:29   12,464   ----a-w   C:\WINDOWS\system32\drivers\secdrv.sys
2007-12-04 14:56   93,264   ----a-w   C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55   94,544   ----a-w   C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53   23,152   ----a-w   C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51   42,912   ----a-w   C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49   26,624   ----a-w   C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-04 13:04   837,496   ----a-w   C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54   95,608   ----a-w   C:\WINDOWS\system32\AVASTSS.scr
2007-11-06 18:59   ---------   d-----w   C:\Program Files\FDRLab
2007-10-25 17:47   ---------   d-----w   C:\Program Files\Trend Micro
2007-10-25 13:49   ---------   d-----w   C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy
2007-10-24 19:16   ---------   d-----w   C:\Program Files\Lavasoft
2007-10-24 19:16   ---------   d-----w   C:\Documents and Settings\All Users\Dane aplikacji\Lavasoft
2007-10-14 22:54   66,872   ----a-w   C:\WINDOWS\system32\PnkBstrA.exe
2007-10-09 19:38   ---------   d-----w   C:\Program Files\WinHarp95
2007-10-04 17:16   356,352   ----a-w   C:\WINDOWS\system32\nvudisp.exe
2007-10-04 16:14   81,920   ----a-w   C:\WINDOWS\system32\nvwddi.dll
2007-10-04 16:14   81,920   ----a-w   C:\WINDOWS\system32\nvmctray.dll
2007-10-04 16:14   8,491,008   ----a-w   C:\WINDOWS\system32\nvcpl.dll
2007-10-04 16:14   753,664   ----a-w   C:\WINDOWS\system32\nvcplui.exe
2007-10-04 16:14   6,750,208   ----a-w   C:\WINDOWS\system32\nvoglnt.dll
2007-10-04 16:14   6,344,704   ----a-w   C:\WINDOWS\system32\nvdisps.dll
2007-10-04 16:14   5,783,424   ----a-w   C:\WINDOWS\system32\nv4_disp.dll
2007-10-04 16:14   466,944   ----a-w   C:\WINDOWS\system32\nvshell.dll
2007-10-04 16:14   45,056   ----a-w   C:\WINDOWS\system32\nvmccsrs.dll
2007-10-04 16:14   442,368   ----a-w   C:\WINDOWS\system32\nvappbar.exe
2007-10-04 16:14   425,984   ----a-w   C:\WINDOWS\system32\keystone.exe
2007-10-04 16:14   364,544   ----a-w   C:\WINDOWS\system32\nvapi.dll
2007-10-04 16:14   36,864   ----a-w   C:\WINDOWS\system32\nvcodins.dll
2007-10-04 16:14   307,200   ----a-w   C:\WINDOWS\system32\nvexpbar.dll
2007-10-04 16:14   3,551,232   ----a-w   C:\WINDOWS\system32\nvvitvs.dll
2007-10-04 16:14   3,334,144   ----a-w   C:\WINDOWS\system32\nvgames.dll
2007-10-04 16:14   286,720   ----a-w   C:\WINDOWS\system32\nvnt4cpl.dll
2007-10-04 16:14   229,376   ----a-w   C:\WINDOWS\system32\nvmccs.dll
2007-10-04 16:14   2,371,584   ----a-w   C:\WINDOWS\system32\nvwss.dll
2007-10-04 16:14   188,416   ----a-w   C:\WINDOWS\system32\nvmccss.dll
2007-10-04 16:14   155,716   ----a-w   C:\WINDOWS\system32\nvsvc32.exe
2007-10-04 16:14   147,456   ----a-w   C:\WINDOWS\system32\nvcolor.exe
2007-10-04 16:14   1,703,936   ----a-w   C:\WINDOWS\system32\nvwdmcpl.dll
2007-10-04 16:14   1,626,112   ----a-w   C:\WINDOWS\system32\nwiz.exe
2007-10-04 16:14   1,478,656   ----a-w   C:\WINDOWS\system32\nview.dll
2007-10-04 16:14   1,339,392   ----a-w   C:\WINDOWS\system32\nvdspsch.exe
2007-10-04 16:14   1,150,976   ----a-w   C:\WINDOWS\system32\nvmobls.dll
2007-10-04 16:14   1,019,904   ----a-w   C:\WINDOWS\system32\nvwimg.dll
2007-09-21 23:46   107,888   ----a-w   C:\WINDOWS\system32\CmdLineExt.dll
2006-11-18 19:56   492,896   ----a-w   C:\Documents and Settings\TT\Install.exe
2006-01-31 13:48   14,976   ----a-w   C:\Documents and Settings\TT\Device.dat
2005-08-18 18:48   1,682   --sha-w   C:\WINDOWS\system32\KGyGaAvL.sys
2005-08-18 18:48   56   --sh--r   C:\WINDOWS\system32\7A835BE76D.sys
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-03 23:44 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2007-10-04 17:14 C:\WINDOWS\system32\nwiz.exe]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-03 23:44 C:\WINDOWS\system32\rundll32.exe]
"Ashampoo FireWall"="C:\Program Files\Ashampoo\Ashampoo FireWall\FireWall.exe" [2007-04-05 14:57]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:44]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-04 00:33]
"nltide_3"="advpack.dll" [2004-08-03 23:43 C:\WINDOWS\system32\advpack.dll]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^TT^Menu Start^Programy^Autostart^UniSpiker-2.6.lnk]
path=C:\Documents and Settings\TT\Menu Start\Programy\Autostart\UniSpiker-2.6.lnk
backup=C:\WINDOWS\pss\UniSpiker-2.6.lnkStartup
         
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ashampoo FireWall]
         C:\Program Files\Ashampoo\Ashampoo FireWall\FireWall.exe -TRAY
         
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2004-08-03 23:44   15360   --a------   C:\WINDOWS\system32\ctfmon.exe
         
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
         C:\Program Files\DAEMON Tools\daemon.exe -lang 1033
         
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
         C:\Program Files\iTunes\iTunesHelper.exe
         
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
         C:\WINDOWS\system32\dumprep 0 -k
         
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Komunikator]
2007-11-07 15:33   6234624   --a------   C:\Program Files\Tlen.pl\tlen.exe
         
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 11:50   155648   --a------   C:\WINDOWS\system32\NeroCheck.exe
         
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
         RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
         
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
         RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
         
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVRaidService]
2004-06-11 05:15   83968   -ra------   C:\WINDOWS\system32\nvraidservice.exe
         
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
         nwiz.exe /install
         
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
         C:\Program Files\QuickTime\qttask.exe -atboottime
         
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
         C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
         
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2004-11-02 20:24   32768   --a------   C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
         
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
         D:\Programy\Skype\Phone\Skype.exe /nosplash /minimized
         
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
         SOUNDMAN.EXE
         
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
         d:\gry\steam\steam.exe -silent
         
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2005-03-04 03:36   36975   --a------   C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe

R0 VirtualK;VirtaulK;C:\WINDOWS\system32\drivers\VirtualK.sys
R0 VirtualM;VirtaulM;C:\WINDOWS\system32\drivers\VirtualM.sys
S3 skbusenum;SKBus Enumerator;C:\WINDOWS\system32\DRIVERS\skbusenum.sys
S3 usbscan;Sterownik skanera USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys
S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.2649]
-> C:\Program Files\Gadu-Gadu\ggwhook.dll
.
**************************************************************************

catchme 0.3.1331 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-09 16:51:24
Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-09 16:51:51
C:\ComboFix2.txt ... 2007-11-15 20:44
C:\ComboFix3.txt ... 2007-11-15 16:56
.
   --- E O F ---


[wojtas]

to mozesz skasowac w trybie awaryjnym:

R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)

[AfgaN]

Skasowałem. Zrobiłem jeszcze scan SDFix'em i Silent runners.
SDFix

Kod: Zaznacz wszystko

SDFix: Version 1.112

Run by Administrator on 2007-12-09 at 18:52

Microsoft Windows XP [Wersja 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

No Trojan Files Found




Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



                                 Final Check:

Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

Remaining Files:
---------------


Files with Hidden Attributes:

Thu 18 Aug 2005         1,682 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
Thu 18 Aug 2005            56 ..SHR --- "C:\WINDOWS\system32\7A835BE76D.sys"
Tue 24 Jan 2006         4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Mon 19 Nov 2007             0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Thu 29 Nov 2007             0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
Wed 28 Sep 2005            21 A..H. --- "C:\Documents and Settings\TT\Dane aplikacji\Kazaa Lite\db\np.tmp"
Sun 14 Oct 2007           444 ...HR --- "C:\Documents and Settings\TT\Dane aplikacji\SecuROM\UserData\securom_v7_01.bak"
Wed 10 Oct 2007           444 ...HR --- "C:\Documents and Settings\AfgaN\Dane aplikacji\SecuROM\UserData\securom_v7_01.bak"

Finished!


Silent runners

Kod: Zaznacz wszystko

"Silent Runners.vbs", revision 52, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"CTFMON.EXE" = "C:\WINDOWS\system32\CTFMON.EXE" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"avast!" = "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" ["ALWIL Software"]
"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS]
"Ashampoo FireWall" = ""C:\Program Files\Ashampoo\Ashampoo FireWall\FireWall.exe" -TRAY" [null data]

HKLM\Software\Microsoft\Active Setup\Installed Components\
>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS\(Default) = "Dostosowywanie przeglądarki"
                                              \StubPath   = "RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP" [MS]
{2C7339CF-2B09-4501-B3F3-F3508C9228ED}\(Default) = "Themes Setup"
                                       \StubPath   = "C:\WINDOWS\system32\regsvr32.exe /s /n /i:/UserInstall C:\WINDOWS\system32\themeui.dll" [MS]
{44BBA840-CC51-11CF-AAFA-00AA00B6015C}\(Default) = "Microsoft Outlook Express 6"
                                       \StubPath   = ""C:\Program Files\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install" [MS]
{5945c046-1e7d-11d1-bc44-00c04fd912be}\(Default) = "Windows Messenger 4.7"
                                       \StubPath   = "rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser" [MS]
{7790769C-0471-11d2-AF11-00C04FA35D02}\(Default) = "Książka adresowa 6"
                                       \StubPath   = ""C:\Program Files\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install" [MS]
{89820200-ECBD-11cf-8B85-00AA005B4340}\(Default) = "Aktualizacja pulpitu Windows"
                                       \StubPath   = "regsvr32.exe /s /n /i:U shell32.dll" [MS]
{89820200-ECBD-11cf-8B85-00AA005B4383}\(Default) = "Internet Explorer 6"
                                       \StubPath   = "C:\WINDOWS\system32\ie4uinit.exe" [MS]
{89B4C1CD-B018-4511-B0A1-5476DBF70820}\(Default) = (no title provided)
                                       \StubPath   = "C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}\(Default) = "BitComet ClickCapture"
  -> {HKLM...CLSID} = "BitComet Helper"
                   \InProcServer32\(Default) = "C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll" ["BitComet"]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
  -> {HKLM...CLSID} = "Spybot-S&D IE Protection"
                   \InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
  -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"
                   \InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
  -> {HKLM...CLSID} = "HyperTerminal Icon Ext"
                   \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"
  -> {HKLM...CLSID} = "avast"
                   \InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
  -> {HKLM...CLSID} = "DesktopContext Class"
                   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
  -> {HKLM...CLSID} = "Desktop Explorer"
                   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
  -> {HKLM...CLSID} = "nView Desktop Context Menu"
                   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{ED65AC21-B24F-11d3-BA80-00C0CA16AA37}" = "Siemens Device"
  -> {HKLM...CLSID} = "Siemens Device"
                   \InProcServer32\(Default) = "E:\Program Files\Mobile Phone Manager\DES\DESShellExt.dll" ["Siemens AG"]
"{ED65AC22-B24F-11d3-BA80-00C0CA16AA37}" = "Siemens Device ContextMenuHandler"
  -> {HKLM...CLSID} = "Siemens Device ContextMenuHandler"
                   \InProcServer32\(Default) = "E:\Program Files\Mobile Phone Manager\DES\DESShellExt.dll" ["Siemens AG"]
"{ED65AC23-B24F-11d3-BA80-00C0CA16AA37}" = "Siemens SX1 PropertySheetHandler"
  -> {HKLM...CLSID} = "Siemens Device PropertySheetHandler"
                   \InProcServer32\(Default) = "E:\Program Files\Mobile Phone Manager\DES\DESShellExt.dll" ["Siemens AG"]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
  -> {HKLM...CLSID} = "WinRAR"
                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
  -> {HKLM...CLSID} = "NVIDIA CPL Extension"
                   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{EFA24E62-B078-11d0-89E4-00C04FC9E26E}" = "History Band"
  -> {HKLM...CLSID} = "History Band"
                   \InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
"{3028902F-6374-48b2-8DC6-9725E775B926}" = "IE Microsoft AutoComplete"
  -> {HKLM...CLSID} = "IE Microsoft AutoComplete"
                   \InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
"WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
  -> {HKLM...CLSID} = "WPDShServiceObj Class"
                   \InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS]

HKLM\System\CurrentControlSet\Control\Session Manager\
<<!>> "BootExecute" = "autocheck autochk *"|"lsdelete" [null data]

HKLM\Software\Classes\PROTOCOLS\Filter\
<<!>> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
  -> {HKLM...CLSID} = "avast"
                   \InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
  -> {HKLM...CLSID} = "WinRAR"
                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
  -> {HKLM...CLSID} = "WinRAR"
                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
  -> {HKLM...CLSID} = "avast"
                   \InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
  -> {HKLM...CLSID} = "WinRAR"
                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]


Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "(Brak)"


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "%SystemRoot%\System32\logon.scr" [MS]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\nwprovau.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000004\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
C:\Program Files\Ashampoo\Ashampoo FireWall\spi.dll [null data], 01 - 05, 20
%SystemRoot%\system32\mswsock.dll [MS], 06 - 19, 21 - 23
%SystemRoot%\system32\rsvpsp.dll [MS], 24 - 25


Toolbars, Explorer Bars, Extensions:
------------------------------------

Explorer Bars

HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\

HKLM\Software\Classes\CLSID\{E7A829CC-671F-4C3D-B590-8C0AEA72E6B2}\(Default) = "BitComet Button"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll" ["BitComet"]

HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Badanie"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL" [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC}"
  -> {HKLM...CLSID} = "Java Plug-in 1.5.0_02"
                   \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll" ["Sun Microsystems, Inc."]

{461CC20B-FB6E-4F16-8FE8-C29359DB100E}\
"ButtonText" = "BitComet Search"

{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
"ButtonText" = "Badanie"

{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}\
"MenuText" = "Spybot - Search & Destroy Configuration"
"CLSIDExtension" = "{53707962-6F74-2D53-2644-206D7942484F}"
  -> {HKLM...CLSID} = "Spybot-S&D IE Protection"
                   \InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]


Miscellaneous IE Hijack Points
------------------------------

HKLM\Software\Microsoft\Internet Explorer\AboutURLs\
<<H>> "Tabs" = "C:\Documents and Settings\AfgaN\Dane aplikacji\MEGAUPLOADTOOLBAR\tabwelcome.html" [null data]


All Non-Disabled Services (Display Name, Service Name, Path {Service DLL}):
---------------------------------------------------------------------------

Ad-Aware 2007 Service, aawservice, ""C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe"" ["Lavasoft AB"]
ASP.NET State Service, aspnet_state, "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe" [MS]
avast! Antivirus, avast! Antivirus, ""C:\Program Files\Alwil Software\Avast4\ashServ.exe"" ["ALWIL Software"]
avast! iAVS4 Control Service, aswUpdSv, ""C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"" ["ALWIL Software"]
avast! Mail Scanner, avast! Mail Scanner, ""C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service" ["ALWIL Software"]
avast! Web Scanner, avast! Web Scanner, ""C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service" ["ALWIL Software"]
InstallDriver Table Manager, IDriverT, ""C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"" ["Macrovision Corporation"]
iPod Service, iPod Service, ""C:\Program Files\iPod\bin\iPodService.exe"" [file not found]
Karta wydajności WMI, WmiApSrv, "C:\WINDOWS\system32\wbem\wmiapsrv.exe" [MS]
LexBce Server, LexBceS, "C:\WINDOWS\system32\LEXBCES.EXE" ["Lexmark International, Inc."]
Machine Debug Manager, MDM, ""C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"" [file not found]
NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]
Office Source Engine, ose, ""C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"" [MS]
PnkBstrA, PnkBstrA, "C:\WINDOWS\system32\PnkBstrA.exe" [null data]
PnkBstrB, PnkBstrB, "C:\WINDOWS\system32\PnkBstrB.exe" [null data]
Struktura sterowników trybu użytkownika w systemie Windows, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]
User Privilege Service, usprserv, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {(missing data)}
Usługa administracyjna Menedżera dysków logicznych, dmadmin, "C:\WINDOWS\System32\dmadmin.exe /com" ["Microsoft Corp., Veritas Software"]
Usługa dostarczania sieci, xmlprov, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\xmlprov.dll" [MS]}
Usługa numeru seryjnego multimediów przenośnych, WmdmPmSN, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\system32\mspmsnsv.dll" [MS]}
Windows Driver Foundation - User-mode Driver Framework, WudfSvc, "C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup" {"C:\WINDOWS\System32\WUDFSvc.dll" [MS]}


Print Monitors:
---------------

HKLM\System\CurrentControlSet\Control\Print\Monitors\
Lexmark Network Port\Driver = "LEXLMPM.DLL" [file not found]
Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]


---------- (launch time: 2007-12-09 18:50:20)
<<!>>: Suspicious data at a malware launch point.
<<H>>: Suspicious data at a browser hijack point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
  launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
  DLL launch points, use the -supp parameter or answer "No" at the
  first message box and "Yes" at the second message box.
---------- (total run time: 32 seconds, including 9 seconds for message boxes)


[wojtas]

czysto

[AfgaN]

W takim razie już nic nie wiem... Trudno, czy może to być wina sprzętu?

[wojtas]

Trudno, czy może to być wina sprzętu?

ciezko co kolwiek wywnioskować moze sprzet a moze cos u dostawcy. nie wiem ale wirusow nie masz