Ukryte pliki i foldery

[malysmok18]

Po zaznaczeniu w opcjach folderów pokaż ukryte pliki i foldery. Pliki nie odkrywają się. Gdy wracam jest z powrotem zaznaczona opcja nie pokazuj ukrytych plików i folderów

Eset nod32 informuje mnie o virusie:
Threat found

Alert
Object:
C:\System Volume Information\_restore{3B967E4A-13F1'4061...\A0000056.dll

Threat:
a variant of Win32/Pacex.Gen wirus

Comment:
Event occurred on a file modified by the application:
C:\WINDOws\System32\svchost.exe

Mój log z combo:

Kod: Zaznacz wszystko

ComboFix 08-12-18.01 - Jerzy 2008-12-20  7:24:41.3 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1250.1.1045.18.2047.1465 [GMT 1:00]
Uruchomiony z: c:\documents and settings\Jerzy\Pulpit\ComboFix.exe
* Resident AV is active

.

(((((((((((((((((((((((((   Pliki utworzone od 2008-11-20 do 2008-12-20  )))))))))))))))))))))))))))))))
.

2008-12-19 23:02 . 2008-12-20 07:29   85,504   -r-hs----   c:\windows\system32\vbsdfe0.dll
2008-12-19 11:51 . 2008-12-19 11:51   116,502   -r-hs----   c:\windows\system32\vamsoft.exe
2008-12-17 15:19 . 2008-12-17 15:19   6,568   --a------   C:\TMPGeri Halliwell - Mi Chico Latino.tiger
2008-12-17 15:13 . 2008-12-20 00:09   700   --a------   C:\TMPGeri Halliwell - Mi Chico Latino.dat.bak
2008-12-17 15:13 . 2008-12-20 02:17   700   --a------   C:\TMPGeri Halliwell - Mi Chico Latino.dat
2008-12-17 00:33 . 2008-12-17 00:34   <DIR>   d--------   c:\program files\Boilsoft Video Joiner
2008-12-16 20:13 . 2008-12-16 20:13   <DIR>   d--------   c:\program files\Xilisoft
2008-12-16 01:06 . 2008-12-16 01:06   <DIR>   d--------   c:\documents and settings\Jerzy\Bluetooth Software
2008-12-16 01:01 . 2008-12-16 01:01   <DIR>   d--------   c:\program files\WIDCOMM
2008-12-16 00:22 . 2008-12-16 00:22   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\Bluetooth
2008-12-16 00:19 . 2008-04-14 19:21   91,648   --a------   c:\windows\system32\drivers\kswdmcap.ax
2008-12-16 00:19 . 2008-04-14 19:21   61,952   --a------   c:\windows\system32\drivers\kstvtune.ax
2008-12-16 00:19 . 2008-04-14 19:20   54,784   --a------   c:\windows\system32\drivers\vfwwdm32.dll
2008-12-16 00:19 . 2008-04-14 19:21   43,008   --a------   c:\windows\system32\drivers\ksxbar.ax
2008-12-16 00:19 . 2008-04-14 19:21   28,672   --a------   c:\windows\system32\drivers\vidcap.ax
2008-12-16 00:18 . 2008-12-16 00:18   <DIR>   d--------   c:\program files\IVT Corporation
2008-12-15 20:31 . 2008-12-15 20:33   <DIR>   d--------   c:\documents and settings\Jerzy\Dane aplikacji\Nokia Multimedia Player
2008-12-15 18:12 . 2008-12-15 18:12   <DIR>   d--------   c:\program files\Lonely Cat Games
2008-12-14 17:50 . 2008-12-14 17:50   <DIR>   d--------   c:\documents and settings\Jerzy\Dane aplikacji\Leadertech
2008-12-14 17:41 . 2008-12-14 17:41   107,888   --a------   c:\windows\system32\CmdLineExt.dll
2008-12-14 02:35 . 2008-12-14 14:54   <DIR>   d--------   c:\documents and settings\Jerzy\Dane aplikacji\NSeries
2008-12-14 02:12 . 2008-12-14 02:12   <DIR>   d--------   c:\program files\Common Files\Nokia
2008-12-14 02:12 . 2008-12-14 02:12   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\Nokia
2008-12-14 02:04 . 2008-12-14 02:26   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\PC Suite
2008-12-14 02:03 . 2008-12-14 02:03   <DIR>   d--------   c:\documents and settings\Jerzy\Dane aplikacji\PC Suite
2008-12-14 02:03 . 2008-12-14 02:12   <DIR>   d--------   c:\documents and settings\Jerzy\Dane aplikacji\Nokia
2008-12-14 01:59 . 2008-12-14 01:59   <DIR>   d--------   c:\program files\Common Files\PCSuite
2008-12-14 01:58 . 2008-12-14 02:12   <DIR>   d--------   c:\program files\Nokia
2008-12-14 01:58 . 2007-02-22 10:15   137,216   --a------   c:\windows\system32\drivers\nmwcd.sys
2008-12-14 01:58 . 2007-02-22 10:15   65,536   --a------   c:\windows\system32\nmwcdcocls.dll
2008-12-14 01:58 . 2007-02-22 10:15   12,288   --a------   c:\windows\system32\drivers\nmwcdcm.sys
2008-12-14 01:58 . 2007-02-22 10:15   12,288   --a------   c:\windows\system32\drivers\nmwcdcj.sys
2008-12-14 01:58 . 2007-02-22 10:15   8,320   --a------   c:\windows\system32\drivers\nmwcdc.sys
2008-12-14 00:21 . 2008-12-14 00:21   <DIR>   d--------   c:\program files\CDisplay
2008-12-07 11:40 . 2008-12-07 11:40   <DIR>   d--------   c:\program files\Common Files\EZB Systems
2008-12-04 00:47 . 2008-12-04 00:47   <DIR>   d--------   c:\documents and settings\Jerzy\Dane aplikacji\dp3d
2008-12-02 15:38 . 2008-12-02 15:38   <DIR>   d--------   c:\documents and settings\Jerzy\Dane aplikacji\StarMaker
2008-12-02 11:48 . 2008-12-02 15:37   <DIR>   d--------   c:\program files\ipla
2008-12-02 11:48 . 2008-12-02 15:31   <DIR>   d--------   c:\documents and settings\Jerzy\Dane aplikacji\ipla
2008-12-02 11:48 . 2008-12-02 11:48   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\ipla
2008-12-02 11:47 . 2008-12-02 11:47   1,700,352   --a------   c:\windows\system32\gdiplus.dll
2008-11-28 14:52 . 2008-11-28 14:52   <DIR>   d--------   c:\program files\Twin Shock GamePad
2008-11-27 03:22 . 2008-11-27 03:22   <DIR>   d--------   c:\program files\JLC's Software
2008-11-27 03:22 . 2008-11-27 03:22   <DIR>   d--------   c:\documents and settings\Jerzy\Dane aplikacji\JLC's Software
2008-11-26 23:22 . 2008-11-26 23:22   <DIR>   d--------   c:\program files\Ager Web Edytor
2008-11-26 23:22 . 2008-11-27 01:45   <DIR>   d--------   c:\documents and settings\Jerzy\Dane aplikacji\AgerWebEdytor
2008-11-26 22:04 . 2008-11-26 22:04   <DIR>   d--------   c:\program files\iTunes
2008-11-26 22:04 . 2008-11-26 22:04   <DIR>   d--------   c:\program files\iPod
2008-11-26 22:04 . 2008-11-26 22:04   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-26 22:02 . 2008-11-26 22:02   <DIR>   d--------   c:\program files\QuickTime
2008-11-26 09:54 . 2008-11-10 05:43   410,984   --a------   c:\windows\system32\deploytk.dll
2008-11-21 13:38 . 2008-11-21 13:38   <DIR>   d--------   c:\program files\i-Covers
2008-11-21 13:38 . 2004-03-09 01:00   124,688   --a------   c:\windows\system32\mswinsck.ocx
2008-11-21 13:38 . 2000-10-02 01:00   119,568   --a------   c:\windows\system32\vb6fr.dll
2008-11-21 13:38 . 1998-07-13 01:00   15,872   --a------   c:\windows\system32\winskfr.dll

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-20 01:19   ---------   d-----w   c:\program files\English Translator 3
2008-12-19 18:24   ---------   d-----w   c:\documents and settings\Jerzy\Dane aplikacji\Vista Start Menu
2008-12-17 23:31   ---------   d---a-w   c:\documents and settings\All Users\Dane aplikacji\TEMP
2008-12-17 21:56   ---------   d-----w   c:\documents and settings\Jerzy\Dane aplikacji\AVI ReComp
2008-12-17 10:36   ---------   d-----w   c:\program files\SpeedFan
2008-12-11 17:42   ---------   d-----w   c:\documents and settings\All Users\Dane aplikacji\Microsoft Help
2008-12-11 08:48   ---------   d-----w   c:\program files\Java
2008-12-08 18:02   6,144   --sha-w   c:\program files\Common Files\Thumbs.db
2008-12-07 10:40   ---------   d-----w   c:\program files\UltraISO
2008-12-06 15:18   ---------   d--h--w   c:\program files\InstallShield Installation Information
2008-12-06 15:18   ---------   d-----w   c:\program files\Multimedia Card Reader
2008-12-04 00:05   ---------   d-----w   c:\program files\YouTube Downloader
2008-12-04 00:05   ---------   d-----w   c:\program files\NAPI-PROJEKT
2008-12-04 00:05   ---------   d-----w   c:\program files\Midnight Club 2
2008-12-04 00:05   ---------   d-----w   c:\program files\GameSpy Arcade
2008-12-04 00:05   ---------   d-----w   c:\program files\ePSXe InPCP
2008-11-27 23:30   3,532   ----a-w   C:\drmHeader.bin
2008-11-27 09:17   ---------   d-----w   c:\program files\Nowe Gadu-Gadu
2008-11-26 21:04   ---------   d-----w   c:\program files\Common Files\Apple
2008-11-23 13:01   ---------   d-----w   c:\program files\FXhome VisionLab Studio
2008-11-19 08:20   ---------   d-----w   c:\documents and settings\All Users\Dane aplikacji\nView_Profiles
2008-11-13 08:33   ---------   d-----w   c:\program files\Symantec
2008-11-12 21:49   ---------   d-----w   c:\documents and settings\LocalService\Dane aplikacji\Acronis
2008-11-12 21:44   441,760   ----a-w   c:\windows\system32\drivers\timntr.sys
2008-11-12 21:44   44,384   ----a-w   c:\windows\system32\drivers\tifsfilt.sys
2008-11-12 21:44   129,248   ----a-w   c:\windows\system32\drivers\snapman.sys
2008-11-12 21:44   ---------   d-----w   c:\documents and settings\All Users\Dane aplikacji\Acronis
2008-11-12 21:43   368,480   ----a-w   c:\windows\system32\drivers\tdrpman.sys
2008-11-12 21:43   ---------   d-----w   c:\program files\Common Files\Acronis
2008-11-12 21:42   ---------   d-----w   c:\program files\Acronis
2008-11-11 17:42   ---------   d-----w   c:\program files\CloneDVD
2008-11-10 13:00   ---------   d-----w   c:\program files\Reference Assemblies
2008-11-10 13:00   ---------   d-----w   c:\program files\MSBuild
2008-11-09 15:50   ---------   d-----w   c:\documents and settings\Jerzy\Dane aplikacji\Samsung
2008-11-09 15:47   5,632   ----a-w   c:\windows\system32\drivers\StarOpen.sys
2008-11-09 15:31   ---------   d-----w   c:\program files\Samsung
2008-11-08 16:39   ---------   d-----w   c:\documents and settings\All Users\Dane aplikacji\TrackMania
2008-11-08 12:36   ---------   d-----w   c:\documents and settings\Jerzy\Dane aplikacji\Thinstall
2008-11-05 00:02   ---------   d-----w   c:\documents and settings\All Users\Dane aplikacji\Trymedia
2008-11-03 09:05   ---------   d-----w   c:\program files\Gadu-Gadu
2008-11-02 12:55   ---------   d-----w   c:\program files\ALLPlayer
2008-11-01 08:11   ---------   d-----w   c:\program files\Opera
2008-11-01 00:01   ---------   d-----w   c:\program files\MoorHunt
2008-10-30 09:05   737,280   ----a-w   c:\windows\iun6002.exe
2008-10-28 21:01   ---------   d-----w   c:\program files\EA Games
2008-10-28 20:27   ---------   d-----w   c:\program files\Ea Sports
2008-10-28 20:12   96,256   ----a-w   c:\windows\system32\drivers\sptddrv1.sys
2008-10-28 20:08   972,336   ----a-w   c:\windows\UNNeroVision.exe
2008-10-28 19:46   7,168   --sha-w   c:\program files\Thumbs.db
2008-10-28 09:50   ---------   d-----w   c:\program files\SystemRequirementsLab
2008-10-28 08:58   ---------   d-----w   c:\program files\Aspell
2008-10-27 12:33   ---------   d-----w   c:\documents and settings\All Users\Dane aplikacji\NVIDIA
2008-10-27 09:47   12,288   ----a-w   c:\windows\impborl.dll
2008-10-26 15:20   39,488   ----a-w   c:\windows\system32\drivers\Pcouffin.sys
2008-10-26 13:03   0   ---ha-w   c:\windows\system32\drivers\Msft_Kernel_xusb21_01005.Wdf
2008-10-25 16:53   ---------   d-----w   c:\program files\Xvid
2008-10-25 16:53   ---------   d-----w   c:\program files\Windows Media Connect 2
2008-10-25 16:53   ---------   d-----w   c:\program files\Ulead Systems
2008-10-25 16:53   ---------   d-----w   c:\program files\Reshade
2008-10-25 16:53   ---------   d-----w   c:\program files\Real Alternative
2008-10-25 16:53   ---------   d-----w   c:\program files\DivX
2008-10-25 08:23   ---------   d-----w   c:\program files\PC Connectivity Solution
2008-10-25 08:23   ---------   d-----w   c:\program files\DIFX
2008-10-25 08:14   0   ---ha-w   c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-10-25 08:14   0   ---ha-w   c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-10-24 11:21   455,296   ----a-w   c:\windows\system32\drivers\mrxsmb.sys
2008-10-22 16:59   ---------   d-----w   c:\program files\Gabest
2008-10-22 16:59   ---------   d-----w   c:\program files\AviSynth 2.5
2008-10-22 16:59   ---------   d-----w   c:\program files\AVI ReComp
2008-10-22 08:58   ---------   d-----w   c:\program files\Common Files\Adobe
2008-10-20 20:42   ---------   d-----w   c:\program files\High-Logic
2008-10-20 16:23   ---------   d-----w   c:\program files\ChomikBox
2008-10-11 16:01   20,976,776   ----a-w   c:\program files\FLV PlayerRCSetup.exe
.

(((((((((((((((((((((((((((((   snapshot@2008-12-19_23.17.34.17   )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-12-20 06:29:18   16,384   ----atw   c:\windows\Temp\Perflib_Perfdata_8b0.dat
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 25088]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-08-03 202024]
"VistaStartMenu"="c:\program files\Vista Start Menu\VistaStartMenu.exe" [2007-08-29 1646080]
"vamsoft"="c:\windows\system32\vamsoft.exe" [2008-12-19 116502]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"WinFast Schedule"="c:\program files\WinFast\WFTVFM\WFWIZ.exe" [2006-08-12 348160]
"iKeyWorks"="c:\progra~1\A4Tech\Keyboard\Ikeymain.exe" [2006-09-07 65536]
"WheelMouse"="c:\program files\A4Tech\Mouse\Amoumain.exe" [2006-09-07 200704]
"Hidder"="c:\progra~1\GDATAS~1\SEKRET~1\Hidder.exe" [2002-06-03 565248]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 1443072]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"RTHDCPL"="RTHDCPL.EXE" [2008-10-28 c:\windows\RTHDCPL.exe]
"nwiz"="nwiz.exe" [2008-10-07 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 25088]

c:\documents and settings\Jerzy\Menu Start\Programy\Autostart\
Rejestracja FIFA 09.lnk - d:\gry zainstalowane\Fifa 09\Support\EAregister.exe [2008-08-13 4369408]

c:\documents and settings\All Users\Menu Start\Programy\Autostart\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
BTTray.lnk - c:\program files\WIDCOMM\Oprogramowanie interfejsu Bluetooth\BTTray.exe [2006-05-12 581693]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-05-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= c:\progra~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"msacm.MPEGacm"= c:\progra~1\COMMON~1\ULEADS~1\MPEG\MPEGacm.acm
"msacm.ulmp3acm"= c:\progra~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Nowe Gadu-Gadu\\gg.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Midnight Club 2\\mc2.exe"=
"c:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"c:\\Program Files\\MoorHunt\\MoorHunt.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=

R0 AFPAnsi;G-DATA UkrywaczAnsi;c:\windows\system32\Drivers\AFPAnsi.sys [2008-10-10 31776]
R1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys [2007-12-21 33800]
R2 ekrn;Eset Service;"c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe" [2007-12-21 468224]
R2 SBKUPNT;SBKUPNT;\??\c:\windows\system32\Drivers\SBKUPNT.SYS [2008-11-12 14976]
R3 WFIOCTL;WFIOCTL;\??\c:\program files\WinFast\WFTVFM\WFIOCTL.SYS [2008-10-10 9446]
S3 kvpndev;Kerio VPN adapter;c:\windows\system32\DRIVERS\kvpndrv.sys [2008-06-24 65024]
S3 kwflower;Kerio WinRoute Firewall Driver - Lower Layer;c:\windows\system32\DRIVERS\kwflower.sys []
.
Zawartość folderu 'Zaplanowane zadania'

2008-12-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.yahoo.com
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Settings,ProxyOverride = *.local
IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Wyślij do interfejsu &Bluetooth - c:\program files\WIDCOMM\Oprogramowanie interfejsu Bluetooth\btsendto_ie_ctx.htm
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-20 07:29:14
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

- - - - - - - > 'winlogon.exe'(1240)
c:\windows\system32\sfc_os.dll
c:\windows\system32\COMRes.dll
c:\windows\system32\cscui.dll

- - - - - - - > 'lsass.exe'(1296)
c:\windows\system32\relog_ap.dll
c:\windows\system32\scecli.dll
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\IVT Corporation\BlueSoleil\BTNtService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\WIDCOMM\Oprogramowanie interfejsu Bluetooth\bin\btwdins.exe
c:\program files\Common Files\InterVideo\DeviceService\DevSvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\rundll32.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
c:\program files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\searchindexer.exe
c:\progra~1\WIDCOMM\OPROGR~1\BTSTAC~1.EXE
c:\program files\Common Files\Nero\Lib\NMIndexingService.exe
c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
c:\windows\system32\searchprotocolhost.exe
c:\windows\system32\searchfilterhost.exe
.
**************************************************************************
.
Czas ukończenia: 2008-12-20  7:34:49 - komputer został uruchomiony ponownie [Jerzy]
ComboFix-quarantined-files.txt  2008-12-20 06:34:45
ComboFix2.txt  2008-12-19 22:18:10

Przed: 5,760,950,272 bajtów wolnych
Po: 5,773,320,192 bajtów wolnych

265   --- E O F ---   2008-12-19 09:06:28


Mój log z hijack this

Kod: Zaznacz wszystko

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:07:54, on 2008-12-20
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Oprogramowanie interfejsu Bluetooth\bin\btwdins.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Vista Start Menu\VistaStartMenu.exe
C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\WIDCOMM\Oprogramowanie interfejsu Bluetooth\BTTray.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\PROGRA~1\WIDCOMM\OPROGR~1\BTSTAC~1.EXE
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\A4Tech\Mouse\Amoumain.exe
C:\Program Files\WinFast\WFTVFM\WFTV.exe
c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - (no file)
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
O4 - HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe
O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [Hidder] C:\PROGRA~1\GDATAS~1\SEKRET~1\Hidder.exe /start
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [VistaStartMenu] "C:\Program Files\Vista Start Menu\VistaStartMenu.exe"
O4 - HKCU\..\Run: [vamsoft] C:\WINDOWS\system32\vamsoft.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Rejestracja FIFA 09.lnk = D:\Gry Zainstalowane\Fifa 09\Support\EAregister.exe
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Wyślij do interfejsu &Bluetooth - C:\Program Files\WIDCOMM\Oprogramowanie interfejsu Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Oprogramowanie interfejsu Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Oprogramowanie interfejsu Bluetooth\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Oprogramowanie interfejsu Bluetooth\bin\btwdins.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Usługa iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 9896 bytes