Wolno dzialajacy internet .

[rafi9-92]

Witam ! Od paru dni zauwazylem ze moj internet zwolnil , strony sie wolniej laduja , potrafi nawet zlapac scine na pare sekund . Prosze o sprawdzenie logow :


Combo :

Kod: Zaznacz wszystko

ComboFix 09-03-26.03 - Krzysztof 2009-03-26 22:56:05.7 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.3.1250.1.1045.18.3326.2747 [GMT 1:00]
Uruchomiony z: c:\documents and settings\Krzysztof\Pulpit\ComboFix.exe
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated)
* Utworzono nowy punkt przywracania

UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!
.

(((((((((((((((((((((((((   Pliki utworzone od 2009-02-26 do 2009-03-26  )))))))))))))))))))))))))))))))
.

2009-03-27 12:58 . 2009-03-27 12:58   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\wanted
2009-03-27 12:12 . 2009-03-27 12:12   <DIR>   d--------   C:\Grz
2009-03-27 12:04 . 2009-03-27 12:04   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\DAEMON Tools Pro
2009-03-15 11:25 . 2009-03-15 11:25   56,268   --a------   c:\windows\system32\drivers\scdemu.sys
2009-03-05 19:52 . 1999-03-23 00:00   401,484   --a------   c:\windows\system32\msvcrtd.dll
2009-03-01 13:47 . 2008-12-21 00:03   6,066,688   -----c---   c:\windows\system32\dllcache\ieframe.dll
2009-03-01 13:47 . 2007-04-17 10:32   2,455,488   -----c---   c:\windows\system32\dllcache\ieapfltr.dat
2009-03-01 13:47 . 2007-03-08 06:11   1,036,288   -----c---   c:\windows\system32\dllcache\ieframe.dll.mui
2009-03-01 13:47 . 2008-12-21 00:03   459,264   -----c---   c:\windows\system32\dllcache\msfeeds.dll
2009-03-01 13:47 . 2008-12-21 00:03   383,488   -----c---   c:\windows\system32\dllcache\ieapfltr.dll
2009-03-01 13:47 . 2008-12-21 00:03   267,776   -----c---   c:\windows\system32\dllcache\iertutil.dll
2009-03-01 13:47 . 2008-12-21 00:03   63,488   -----c---   c:\windows\system32\dllcache\icardie.dll
2009-03-01 13:47 . 2008-12-21 00:03   52,224   -----c---   c:\windows\system32\dllcache\msfeedsbs.dll
2009-03-01 13:47 . 2008-12-19 10:10   13,824   -----c---   c:\windows\system32\dllcache\ieudinit.exe

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-27 20:17   ---------   d-----w   c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab
2009-03-27 20:15   5,748,768   --sha-w   c:\windows\system32\drivers\fidbox.dat
2009-03-27 20:15   5,280   --sha-w   c:\windows\system32\drivers\fidbox2.idx
2009-03-27 20:15   45,992   --sha-w   c:\windows\system32\drivers\fidbox.idx
2009-03-27 20:15   1,228,832   --sha-w   c:\windows\system32\drivers\fidbox2.dat
2009-03-27 18:21   ---------   d-----w   c:\program files\Neostrada TP
2009-03-27 16:17   ---------   d-----w   c:\documents and settings\Krzysztof\Dane aplikacji\BitTorrent
2009-03-27 11:13   ---------   d--h--w   c:\program files\InstallShield Installation Information
2009-03-27 11:11   ---------   d-----w   c:\documents and settings\Krzysztof\Dane aplikacji\DAEMON Tools Pro
2009-03-26 21:29   ---------   d-----w   c:\documents and settings\Krzysztof\Dane aplikacji\DAEMON Tools Lite
2009-03-26 21:12   ---------   d-----w   c:\program files\Common Files\Wise Installation Wizard
2009-03-26 21:11   ---------   d-----w   c:\program files\AGEIA Technologies
2009-03-22 18:11   ---------   d---a-w   c:\documents and settings\All Users\Dane aplikacji\TEMP
2009-03-04 12:44   ---------   d-----w   c:\documents and settings\Krzysztof\Dane aplikacji\GetRight Pro
2009-02-26 12:09   162,816   ----a-w   c:\windows\system32\fmod.dll
2009-02-25 19:03   ---------   d-----w   c:\program files\Common Files\Futuremark Shared
2009-02-09 14:07   1,847,040   ------w   c:\windows\system32\win32k.sys
2009-02-07 15:58   ---------   d-----w   c:\documents and settings\All Users\Dane aplikacji\ATI
2009-02-07 15:55   ---------   d-----w   c:\program files\ATI Technologies
2009-02-07 14:06   ---------   d-----w   c:\program files\Common Files\Logishrd
2009-02-07 13:45   ---------   d-----w   c:\program files\Common Files\Logitech
2009-02-04 15:01   33,808   ----a-w   c:\windows\system32\drivers\klbg.sys
2009-02-03 18:18   89,601   ----a-w   c:\windows\system32\drivers\klick.dat
2009-02-03 18:18   101,287   ----a-w   c:\windows\system32\drivers\klin.dat
2009-02-02 22:00   410,984   ----a-w   c:\windows\system32\deploytk.dll
2009-02-02 22:00   ---------   d-----w   c:\program files\Java
2009-01-31 14:44   ---------   d-----w   c:\documents and settings\All Users\Dane aplikacji\Blizzard
2009-01-31 14:35   ---------   d-----w   c:\program files\Common Files\Blizzard Entertainment
2009-01-14 15:50   444,952   ----a-w   c:\windows\system32\wrap_oal.dll
2009-01-14 15:50   109,080   ----a-w   c:\windows\system32\OpenAL32.dll
2009-01-14 05:46   11,591,680   ----a-w   c:\windows\system32\atioglxx.dll
2009-01-14 04:53   286,720   ----a-w   c:\windows\system32\atiok3x2.dll
2009-01-14 04:49   425,984   ----a-w   c:\windows\system32\ATIDEMGX.dll
2009-01-14 04:47   323,584   ----a-w   c:\windows\system32\ati2dvag.dll
2009-01-14 04:36   26,112   ----a-w   c:\windows\system32\Ati2mdxx.exe
2009-01-14 04:36   196,608   ----a-w   c:\windows\system32\atipdlxx.dll
2009-01-14 04:36   151,552   ----a-w   c:\windows\system32\Oemdspif.dll
2009-01-14 04:35   43,520   ----a-w   c:\windows\system32\ati2edxx.dll
2009-01-14 04:35   155,648   ----a-w   c:\windows\system32\ati2evxx.dll
2009-01-14 04:34   598,016   ----a-w   c:\windows\system32\ati2evxx.exe
2009-01-14 04:32   53,248   ----a-w   c:\windows\system32\ATIDDC.DLL
2009-01-14 04:22   4,009,152   ----a-w   c:\windows\system32\ati3duag.dll
2009-01-14 04:05   2,500,224   ----a-w   c:\windows\system32\ativvaxx.dll
2009-01-14 03:50   48,640   ----a-w   c:\windows\system32\amdpcom32.dll
2009-01-14 03:45   401,408   ----a-w   c:\windows\system32\atikvmag.dll
2009-01-14 03:44   17,408   ----a-w   c:\windows\system32\atitvo32.dll
2009-01-14 03:44   110,592   ----a-w   c:\windows\system32\atiadlxx.dll
2009-01-14 03:37   577,536   ----a-w   c:\windows\system32\ati2cqag.dll
2009-01-14 03:37   307,200   ----a-w   c:\windows\system32\atiiiexx.dll
2009-01-14 02:36   45,056   ----a-w   c:\windows\system32\amdcalrt.dll
2009-01-14 02:36   45,056   ----a-w   c:\windows\system32\amdcalcl.dll
2009-01-14 02:34   3,227,648   ----a-w   c:\windows\system32\Amdcaldd.dll
2009-01-13 20:05   593,920   ------w   c:\windows\system32\ati2sgag.exe
2008-09-04 19:50   92,064   ----a-w   c:\documents and settings\Krzysztof\mqdmmdm.sys
2008-09-04 19:50   9,232   ----a-w   c:\documents and settings\Krzysztof\mqdmmdfl.sys
2008-09-04 19:50   79,328   ----a-w   c:\documents and settings\Krzysztof\mqdmserd.sys
2008-09-04 19:50   66,656   ----a-w   c:\documents and settings\Krzysztof\mqdmbus.sys
2008-09-04 19:50   6,208   ----a-w   c:\documents and settings\Krzysztof\mqdmcmnt.sys
2008-09-04 19:50   5,936   ----a-w   c:\documents and settings\Krzysztof\mqdmwhnt.sys
2008-09-04 19:50   4,048   ----a-w   c:\documents and settings\Krzysztof\mqdmcr.sys
2008-09-04 19:50   25,600   ----a-w   c:\documents and settings\Krzysztof\usbsermptxp.sys
2008-09-04 19:50   22,768   ----a-w   c:\documents and settings\Krzysztof\usbsermpt.sys
.

(((((((((((((((((((((((((((((   snapshot@2009-03-27_22.50.49.37   )))))))))))))))))))))))))))))))))))))))))
.
- 2005-10-20 12:02:28   163,328   ----a-w   c:\windows\ERDNT\Hiv-backup\ERDNT.EXE
+ 2005-10-20 19:02:28   163,328   ----a-w   c:\windows\ERDNT\Hiv-backup\ERDNT.EXE
- 2000-08-31 07:00:00   286,720   ----a-w   c:\windows\SWREG.exe
+ 2000-08-31 07:00:00   161,792   ----a-w   c:\windows\SWREG.exe
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"AutoConnect"="c:\programy\AutoConnect\AutoConnect.exe" [2004-08-28 295424]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-15 68856]
"CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-08-07 700416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-08-29 1966080]
"Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600]
"NETIANET"="c:\program files\Netia\Net\netianet.exe" [2008-09-01 493568]
"SMSTray"="c:\programy\Samsung\Samsung Media Studio 5\SMSTray.exe" [2007-02-23 126976]
"MAAgent"="c:\program files\MarkAny\ContentSafer\MAAgent.exe" [2007-01-30 57344]
"GrooveMonitor"="c:\programy\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-09-11 185896]
"PCSuiteTrayApplication"="c:\programy\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 271360]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-06-16 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"QuickTime Task"="c:\programy\QuickTime\qttask.exe" [2008-09-06 413696]
"AVP"="c:\programy\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2009-02-04 206088]
"VolPanel"="c:\program files\Creative\Volume Panel\VolPanlu.exe" [2008-08-06 233576]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-02 136600]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"CloneCDTray"="c:\gry\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 57344]
"RTHDCPL"="RTHDCPL.EXE" [2008-07-31 c:\windows\RTHDCPL.EXE]
"SoundMan"="SOUNDMAN.EXE" [2008-06-18 c:\windows\SOUNDMAN.EXE]
"AlcWzrd"="ALCWZRD.EXE" [2008-06-19 c:\windows\ALCWZRD.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [2008-10-07 c:\windows\system32\Ctxfihlp.exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-10-10 c:\windows\KHALMNPR.Exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"Nokia.PCSync"="c:\programy\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 1241088]

c:\documents and settings\Krzysztof\Menu Start\Programy\Autostart\
eXtreme Movie Manager Updater.exe [2008-12-25 33982]

c:\documents and settings\All Users\Menu Start\Programy\Autostart\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-10-30 113664]
DSLMON.lnk - c:\program files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2008-09-01 962661]
Logitech SetPoint.lnk - c:\programy\Logitech\SetPoint\SetPoint.exe [2009-02-07 809488]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Taskman"="c:\recycler\S-1-5-21-2439936412-9197207049-023588522-3878\svchost.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-11-07 16:41 72208 c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Gry\\Valve\\Steam\\SteamApps\\rafi992\\counter-strike\\hl.exe"=
"c:\\Documents and Settings\\All Users\\Dane aplikacji\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 2009\\Polish\\setup.exe"=
"c:\\Programy\\BitTorrent\\bittorrent.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Dema\\Electronic Arts\\Crytek\\Crysis SP Demo\\Bin32\\Crysis.exe"=
"c:\\Dema\\Codemasters\\GRID Demo\\GRID.exe"=
"c:\\WINDOWS\\system32\\muzapp.exe"=
"c:\\Programy\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programy\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programy\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Gry\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Programy\\Ares\\Ares.exe"=
"c:\\Gry\\Valve\\Steam\\SteamApps\\rafi992\\team fortress 2\\hl2.exe"=
"c:\\Gry\\Grid\\GRID.exe"=
"c:\\Gry\\Opera\\opera.exe"=
"c:\\Gry\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"c:\\Gry\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Gry\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"=
"c:\\Gry\\SopCast\\adv\\SopAdver.exe"=
"c:\\Gry\\Tibia\\Tibia.exe"=
"c:\\Gry\\Valve\\Steam\\Steam.exe"=
"c:\\Gry\\Electronic Arts\\Burnout(TM) Paradise The Ultimate Box\\BurnoutLauncher.exe"=
"c:\\Gry\\Electronic Arts\\Burnout(TM) Paradise The Ultimate Box\\BurnoutConfigTool.exe"=
"c:\\Gry\\Electronic Arts\\Burnout(TM) Paradise The Ultimate Box\\BurnoutParadise.exe"=
"c:\\Gry\\Valve\\Steam\\SteamApps\\common\\left 4 dead\\left4dead.exe"=
"c:\\Programy\\eMule\\emule.exe"=
"c:\\Gry\\MicroProse\\Majesty\\Majesty.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 33808]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2009-02-07 10384]
R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [2008-10-08 171032]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [2008-10-08 1324056]
R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [2008-10-08 72728]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-04-30 24592]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-01-14 79360]
S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [2008-10-08 171032]
S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [2008-10-08 1324056]
S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [2008-10-08 72728]
S3 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\GEST\GSvr.exe [2008-09-01 47624]

--- Inne Usługi/Sterowniki w Pamięci ---

*Deregistered* - cpuz130

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0b4284aa-1a4d-11de-9982-4d6564696130}]
\Shell\AutoRun\command - F:\Autorun.exe
.
.
------- Skan uzupełniający -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.allegro.pl/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Download with GetRight Pro - c:\programy\GetRight\GRdownload.htm
IE: E&ksportuj do programu Microsoft Excel - c:\programy\MICROS~1\Office12\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: Open with GetRight Pro Browser - c:\programy\GetRight\GRbrowse.htm
IE: { - c:\program files\Messenger\msmsgs.exe
TCP: {832088B4-C1C5-4012-8506-C55FFC782CAB} = 213.241.79.37 83.238.255.76
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-26 22:57:21
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

skanowanie ukrytych procesów ... 

skanowanie ukrytych wpisów autostartu ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  CTxfiHlp = CTXFIHLP.EXE?

skanowanie ukrytych plików ... 


c:\docume~1\KRZYSZ~1\USTAWI~1\Temp\Perflib_Perfdata_9d0.dat 16384 bytes

skanowanie pomyślnie ukończone
ukryte pliki: 1

**************************************************************************
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------

[HKEY_USERS\S-1-5-21-776561741-1788223648-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{8971B1B8-F8DF-CF42-22F1-79F0E4EB747D}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"oageidejfbnhfiniflblkgklimpcej"=hex:64,61,68,6b,67,66,68,69,00,70
"oakbahakofbpbbinefgfdeikdbpfid"=hex:6a,61,68,6b,65,69,68,67,61,69,62,6a,67,6e,
   70,65,61,63,69,66,00,fd
"naeccmcndngmfnapoheiknhlkdol"=hex:69,61,61,6b,6a,69,6e,6f,69,6e,66,6f,6f,61,
   6e,6e,65,6a,00,00

[HKEY_USERS\S-1-5-21-776561741-1788223648-839522115-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:13,ef,de,47,37,a5,91,36,35,51,18,36,4d,a8,19,76,d3,9a,2c,c0,82,62,14,
   b6,8a,57,ef,86,3c,ef,bf,eb,61,db,b0,5d,b6,26,67,95,37,01,88,e3,0d,3a,58,5f,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50

[HKEY_USERS\S-1-5-21-776561741-1788223648-839522115-1004\Software\SecuROM\License information*]
"datasecu"=hex:89,bb,88,9a,69,02,0a,df,9a,78,65,bb,67,73,be,68,24,98,a5,fb,a0,
   20,da,25,bc,3e,3b,9d,c0,36,c0,05,c0,e2,02,1a,76,2b,7b,49,97,1f,23,c4,88,7d,\
"rkeysecu"=hex:2b,76,63,e3,79,a5,cc,06,3a,27,34,3f,78,ee,98,29
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

- - - - - - - > 'winlogon.exe'(1088)
c:\windows\system32\Ati2evxx.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
.
Czas ukończenia: 2009-03-26 22:59:40
ComboFix-quarantined-files.txt  2009-03-26 21:58:31
ComboFix2.txt  2009-03-27 21:51:31

Przed: 144 643 264 512 bajtów wolnych
Po: 144,630,870,016 bajtów wolnych

255   --- E O F ---   2009-03-21 00:21:55

HJ :

Kod: Zaznacz wszystko

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:03:19, on 2009-03-26
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\Program Files\Netia\Net\netianet.exe
C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
C:\Programy\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Programy\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Creative\Volume Panel\VolPanlu.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Programy\AutoConnect\AutoConnect.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Programy\Logitech\SetPoint\SetPoint.exe
C:\Documents and Settings\Krzysztof\Menu Start\Programy\Autostart\eXtreme Movie Manager Updater.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Gry\SKAN KOMPA\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.allegro.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programy\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programy\Real player\rpbrowserrecordplugin.dll
O2 - BHO: IE to GetRight Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Programy\GetRight\xx2gr.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programy\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programy\MICROS~1\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [NETIANET] C:\Program Files\Netia\Net\netianet.exe -auto
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [SMSTray] C:\Programy\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [MAAgent] C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programy\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programy\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programy\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVP] "C:\Programy\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [CloneCDTray] "C:\Gry\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AutoConnect] C:\Programy\AutoConnect\AutoConnect.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Programy\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: eXtreme Movie Manager Updater.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programy\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Download with GetRight Pro - C:\Programy\GetRight\GRdownload.htm
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\Programy\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Open with GetRight Pro Browser - C:\Programy\GetRight\GRbrowse.htm
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Statystyki ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programy\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programy\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programy\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programy\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_srl.cab
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/su/ocx/15101/CTSUEng.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Futuremark SystemInfo) - http://www.yougamers.com/systeminfo/FMSI.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su/ocx/15106/CTPID.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programy\MICROS~1\Office12\GR99D3~1.DLL
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Programy\Ares\chatServer.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Programy\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files\GIGABYTE\GEST\GSvr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 11939 bytes

[wojtas]

1. Ściągnij OTMoveIt i go włacz i odpal go z opcji CleanUp oraz skasuj folder C:\Qoobox
2. wykonaj optymalizację windowsa
3.sciagnij ATF_Cleaner
zaznacz
Windows Temp
All users Temp
Temporary internet files
Recycle Bin
i wcisnij EMPTY SELECTED
4.Wyłącz przywracanie systemu ( właściwości mój komputer-zakładka przywracanie - wyłącz przywracanie na wszystkich dyskach). Po chwili włącz je powrotem
5. Wykonaj skan Dr. Web CureIt
6. Przeskanuj obszar mojego komputera http://www.kaspersky.pl/virusscanner.html (uruchom przez IE) Daj raport z niego na forum.

i tym:

FixIEDef.

[rafi9-92]

Wszystko zrobilem daje loga z fixiedef :

Kod: Zaznacz wszystko

********************************************************************************
*                                                                              *
*                                 FixIEDef Log                                 *
*                              Version 1.7.22.7514                             *
*                                                                              *
********************************************************************************

Created at 21:47:32 on Wednesday, April 01, 2009

Time Zone            :

Logged On User       : Krzysztof

Operating System     : Microsoft Windows XP Home Edition Dodatek Service Pack 3
OS Architecture      : X86
System Langauge      : Polish
Keyboard Layout      : Polish
Processor            : X64 Procesor Intel Pentium III Xeon

System Drive         : C:\
Windows Directory    : C:\WINDOWS
System Directory     : C:\WINDOWS\system32

System Drive Type    : Fixed
System Drive Status  : READY
System Drive Label   :
System Drive Size    : 476.93 GB
System Drive Free    : 147.22 GB

Total Physical Memory: 3326 MB
Free Physical Memory : 2747 MB
Total Page File      : 3326 MB
Free Page File       : 4767 MB
Total Virtual Memory : 2048 MB
Free Virtual Memory  : 1961 MB

Boot State           : Normal boot

--------------------------------------------------------------------------------

!!! userinit.exe is Clean !!!

--------------------------------------------------------------------------------

!!! Files that have been deleted !!!

No malicious files found

--------------------------------------------------------------------------------

!!! Directories that have been removed !!!

No malicious directories to be removed

--------------------------------------------------------------------------------

!!! Registry entries that have been removed !!!

No malicious Registry entries found

================================================================================

All Done :)

ShadowPuterDude

Safe Surfing!!!

Kasperskim przejechalem pelnym skanowaniem bo uzywam aktualnie tego antyvira i nie moglem przeskanowac tym na stronie . Znalazlo pare wirusow wszystkie usunelem . dr.webem tez przejechalem wszystko usunelem . Ale mam pewien problem z przegladarka internetowa obojetnie jaka IE opera . Problem polega na tym ze jak wlacze sciaganie bit torrentem lub emule to w ogole potem internet nie dziala jak wlacze przegladarke to zobacze 2 strony to tak sie zawiesza ze musze zakonczyc proces zeby sie zamknela . Dopiero jak wlacze combo fixa to normalnie zaczyna dzialac . ;/

[wojtas]

daj nowego loga z combofixa oraz przeinstaluj emule i bittorrenta

[rafi9-92]

Przeinstalowane Wrzucam log z combo tak jak prosiles :

Kod: Zaznacz wszystko

ComboFix 09-04-01.01 - Krzysztof 2009-04-02 21:43:41.10 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.3.1250.1.1045.18.3326.2652 [GMT 2:00]
Uruchomiony z: c:\documents and settings\Krzysztof\Pulpit\ComboFix.exe
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated)
* Utworzono nowy punkt przywracania

UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!
.

(((((((((((((((((((((((((   Pliki utworzone od 2009-03-02 do 2009-04-02  )))))))))))))))))))))))))))))))
.

2009-04-02 17:59 . 2009-03-09 15:27   4,178,264   --a------   c:\windows\system32\D3DX9_41.dll
2009-04-02 17:59 . 2009-03-09 15:27   1,846,632   --a------   c:\windows\system32\D3DCompiler_41.dll
2009-04-02 17:59 . 2009-03-16 14:18   517,448   --a------   c:\windows\system32\XAudio2_4.dll
2009-04-02 17:59 . 2009-03-09 15:27   453,456   --a------   c:\windows\system32\d3dx10_41.dll
2009-04-02 17:59 . 2009-03-16 14:18   235,352   --a------   c:\windows\system32\xactengine3_4.dll
2009-04-02 17:59 . 2009-03-16 14:18   69,448   --a------   c:\windows\system32\XAPOFX1_3.dll
2009-04-02 17:59 . 2009-03-16 14:18   22,360   --a------   c:\windows\system32\X3DAudio1_6.dll
2009-04-02 17:58 . 2009-04-02 17:59   <DIR>   d--------   c:\windows\LastGood
2009-04-01 23:57 . 2009-04-01 23:57   0   --a------   c:\windows\system32\drivers\ovfsth.sys
2009-04-01 22:59 . 2009-04-01 22:59   18,432   --a------   c:\windows\system32\ovfsthhqraqajnojyxwrvxoasdmlrcxnddtbia.dll
2009-04-01 22:58 . 2009-04-01 22:58   43   --a------   c:\windows\system32\ovfsthppshkmxflxubpdeginweidxcmybarlyv.dat
2009-04-01 22:57 . 2009-04-01 22:57   18,944   --a------   c:\windows\system32\ovfsthxohrnbkppebhewfnragceumntrtmseah.dll
2009-04-01 22:57 . 2009-04-01 22:57   18,432   --a------   c:\windows\system32\ovfsthoyjdhnytompulcvumekbmkmvbdpfipmg.dll
2009-04-01 22:57 . 2009-04-01 22:59   2,182   --a------   c:\windows\system32\ovfsthyggrpdykohwwbkggsljovbvcxygbepsb.dat
2009-04-01 21:52 . 2009-04-01 21:52   <DIR>   d--------   c:\documents and settings\Krzysztof\DoctorWeb
2009-03-31 19:43 . 2009-03-31 19:43   <DIR>   d--------   c:\program files\ATI
2009-03-31 19:42 . 2009-02-25 15:15   593,920   ---------   c:\windows\system32\ati2sgag.exe
2009-03-31 19:41 . 2009-03-31 19:41   <DIR>   d--------   C:\ATI
2009-03-31 17:43 . 2009-03-31 17:43   <DIR>   d--------   c:\program files\Common Files\ATI Technologies
2009-03-31 17:42 . 2008-06-03 04:47   3,107,788   -ra------   c:\windows\system32\ativva5x.dat
2009-03-31 17:42 . 2008-06-03 04:47   887,724   -ra------   c:\windows\system32\ativva6x.dat
2009-03-31 17:42 . 2009-02-25 23:42   442,368   --a------   c:\windows\system32\ATIDEMGX.dll
2009-03-31 17:42 . 2009-01-26 19:55   182,995   --a------   c:\windows\system32\atiicdxx.dat
2009-03-31 17:42 . 2008-12-29 21:35   15,485   --a------   c:\windows\atiogl.xml
2009-03-31 17:42 . 2007-08-31 15:20   7,167   -ra------   c:\windows\system32\atifglpf.xml
2009-03-30 15:16 . 2009-03-30 15:16   <DIR>   d--------   C:\GryVentrilo
2009-03-29 22:08 . 2009-03-29 22:08   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\ATI
2009-03-27 13:58 . 2009-03-27 13:58   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\wanted
2009-03-27 13:04 . 2009-03-27 13:04   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\DAEMON Tools Pro
2009-03-15 12:25 . 2009-03-15 12:25   56,268   --a------   c:\windows\system32\drivers\scdemu.sys
2009-03-05 20:52 . 1999-03-23 01:00   401,484   --a------   c:\windows\system32\msvcrtd.dll

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-02 18:40   ---------   d-----w   c:\documents and settings\Krzysztof\Dane aplikacji\BitTorrent
2009-04-02 18:29   ---------   d-----w   c:\program files\Neostrada TP
2009-04-02 15:58   5,336   --sha-w   c:\windows\system32\drivers\fidbox2.idx
2009-04-02 15:58   1,245,216   --sha-w   c:\windows\system32\drivers\fidbox2.dat
2009-04-02 08:11   ---------   d-----w   c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab
2009-04-01 23:54   6,634,016   --sha-w   c:\windows\system32\drivers\fidbox.dat
2009-04-01 23:54   52,908   --sha-w   c:\windows\system32\drivers\fidbox.idx
2009-04-01 18:44   86,016   ----a-w   c:\windows\system32\OpenAL32.dll
2009-03-31 17:42   ---------   d--h--w   c:\program files\InstallShield Installation Information
2009-03-31 17:42   ---------   d-----w   c:\program files\ATI Technologies
2009-03-31 15:53   ---------   d-----w   c:\program files\Java
2009-03-29 22:26   ---------   d---a-w   c:\documents and settings\All Users\Dane aplikacji\TEMP
2009-03-28 17:15   ---------   d-----w   c:\documents and settings\Krzysztof\Dane aplikacji\DNA
2009-03-27 11:11   ---------   d-----w   c:\documents and settings\Krzysztof\Dane aplikacji\DAEMON Tools Pro
2009-03-26 21:29   ---------   d-----w   c:\documents and settings\Krzysztof\Dane aplikacji\DAEMON Tools Lite
2009-03-26 21:12   ---------   d-----w   c:\program files\Common Files\Wise Installation Wizard
2009-03-26 21:11   ---------   d-----w   c:\program files\AGEIA Technologies
2009-03-09 03:19   410,984   ----a-w   c:\windows\system32\deploytk.dll
2009-03-04 12:44   ---------   d-----w   c:\documents and settings\Krzysztof\Dane aplikacji\GetRight Pro
2009-02-26 12:09   162,816   ----a-w   c:\windows\system32\fmod.dll
2009-02-25 22:58   3,565,568   ----a-w   c:\windows\system32\drivers\ati2mtag.sys
2009-02-25 21:41   325,120   ----a-w   c:\windows\system32\ati2dvag.dll
2009-02-25 21:30   204,800   ----a-w   c:\windows\system32\atipdlxx.dll
2009-02-25 21:30   11,841,536   ----a-w   c:\windows\system32\atioglxx.dll
2009-02-25 21:29   43,520   ----a-w   c:\windows\system32\ati2edxx.dll
2009-02-25 21:29   26,112   ----a-w   c:\windows\system32\Ati2mdxx.exe
2009-02-25 21:29   155,648   ----a-w   c:\windows\system32\Oemdspif.dll
2009-02-25 21:29   155,648   ----a-w   c:\windows\system32\ati2evxx.dll
2009-02-25 21:27   602,112   ----a-w   c:\windows\system32\ati2evxx.exe
2009-02-25 21:26   53,248   ----a-w   c:\windows\system32\ATIDDC.DLL
2009-02-25 21:16   3,817,984   ----a-w   c:\windows\system32\ati3duag.dll
2009-02-25 21:09   307,200   ----a-w   c:\windows\system32\atiiiexx.dll
2009-02-25 20:59   2,670,080   ----a-w   c:\windows\system32\ativvaxx.dll
2009-02-25 20:44   49,664   ----a-w   c:\windows\system32\amdpcom32.dll
2009-02-25 20:40   475,136   ----a-w   c:\windows\system32\atikvmag.dll
2009-02-25 20:38   17,408   ----a-w   c:\windows\system32\atitvo32.dll
2009-02-25 20:38   126,976   ----a-w   c:\windows\system32\atiadlxx.dll
2009-02-25 20:37   53,248   ----a-w   c:\windows\system32\drivers\ati2erec.dll
2009-02-25 20:35   290,816   ----a-w   c:\windows\system32\atiok3x2.dll
2009-02-25 20:32   626,688   ----a-w   c:\windows\system32\ati2cqag.dll
2009-02-25 20:32   45,056   ----a-w   c:\windows\system32\aticalrt.dll
2009-02-25 20:32   45,056   ----a-w   c:\windows\system32\aticalcl.dll
2009-02-25 20:30   3,227,648   ----a-w   c:\windows\system32\aticaldd.dll
2009-02-25 19:03   ---------   d-----w   c:\program files\Common Files\Futuremark Shared
2009-02-09 14:07   1,847,040   ------w   c:\windows\system32\win32k.sys
2009-02-07 14:06   ---------   d-----w   c:\program files\Common Files\Logishrd
2009-02-07 13:45   ---------   d-----w   c:\program files\Common Files\Logitech
2009-02-04 15:01   33,808   ----a-w   c:\windows\system32\drivers\klbg.sys
2009-02-03 18:18   89,601   ----a-w   c:\windows\system32\drivers\klick.dat
2009-02-03 18:18   101,287   ----a-w   c:\windows\system32\drivers\klin.dat
2009-01-14 15:50   444,952   ----a-w   c:\windows\system32\wrap_oal.dll
2008-09-04 19:50   92,064   ----a-w   c:\documents and settings\Krzysztof\mqdmmdm.sys
2008-09-04 19:50   9,232   ----a-w   c:\documents and settings\Krzysztof\mqdmmdfl.sys
2008-09-04 19:50   79,328   ----a-w   c:\documents and settings\Krzysztof\mqdmserd.sys
2008-09-04 19:50   66,656   ----a-w   c:\documents and settings\Krzysztof\mqdmbus.sys
2008-09-04 19:50   6,208   ----a-w   c:\documents and settings\Krzysztof\mqdmcmnt.sys
2008-09-04 19:50   5,936   ----a-w   c:\documents and settings\Krzysztof\mqdmwhnt.sys
2008-09-04 19:50   4,048   ----a-w   c:\documents and settings\Krzysztof\mqdmcr.sys
2008-09-04 19:50   25,600   ----a-w   c:\documents and settings\Krzysztof\usbsermptxp.sys
2008-09-04 19:50   22,768   ----a-w   c:\documents and settings\Krzysztof\usbsermpt.sys
.

(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"AutoConnect"="c:\programy\AutoConnect\AutoConnect.exe" [2004-08-28 295424]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-15 68856]
"CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-08-07 700416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-08-29 1966080]
"Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600]
"NETIANET"="c:\program files\Netia\Net\netianet.exe" [2008-09-01 493568]
"MAAgent"="c:\program files\MarkAny\ContentSafer\MAAgent.exe" [2007-01-30 57344]
"GrooveMonitor"="c:\programy\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-09-12 185896]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-06-16 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"QuickTime Task"="c:\programy\QuickTime\qttask.exe" [2008-09-06 413696]
"AVP"="c:\programy\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2009-02-04 206088]
"VolPanel"="c:\program files\Creative\Volume Panel\VolPanlu.exe" [2008-08-06 233576]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-25 61440]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"RTHDCPL"="RTHDCPL.EXE" [2008-07-31 c:\windows\RTHDCPL.EXE]
"SoundMan"="SOUNDMAN.EXE" [2008-06-18 c:\windows\SOUNDMAN.EXE]
"AlcWzrd"="ALCWZRD.EXE" [2008-06-19 c:\windows\ALCWZRD.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [2008-10-08 c:\windows\system32\Ctxfihlp.exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-10-10 c:\windows\KHALMNPR.Exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"Nokia.PCSync"="c:\programy\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 1241088]

c:\documents and settings\Krzysztof\Menu Start\Programy\Autostart\
eXtreme Movie Manager Updater.exe [2008-12-25 33982]

c:\documents and settings\All Users\Menu Start\Programy\Autostart\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-10-30 113664]
DSLMON.lnk - c:\program files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2008-09-01 962661]
Logitech SetPoint.lnk - c:\programy\Logitech\SetPoint\SetPoint.exe [2009-02-07 809488]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Taskman"="c:\recycler\S-1-5-21-9313750817-4811536398-965831654-5087\svchost.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-11-07 17:41 72208 c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^Krzysztof^Menu Start^Programy^Autostart^eXtreme Movie Manager Updater.exe]
path=c:\documents and settings\Krzysztof\Menu Start\Programy\Autostart\eXtreme Movie Manager Updater.exe
backup=c:\windows\pss\eXtreme Movie Manager Updater.exeStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
--a------ 2006-09-28 21:21 57344 c:\gry\SlySoft\CloneCD\CloneCDTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
--a------ 2007-06-18 15:10 271360 c:\programy\Nokia\Nokia PC Suite 6\LaunchApplication.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSTray]
--a------ 2007-02-23 16:32 126976 c:\programy\Samsung\Samsung Media Studio 5\SMSTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Gry\\Valve\\Steam\\SteamApps\\rafi992\\counter-strike\\hl.exe"=
"c:\\Documents and Settings\\All Users\\Dane aplikacji\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 2009\\Polish\\setup.exe"=
"c:\\Programy\\BitTorrent\\bittorrent.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Dema\\Electronic Arts\\Crytek\\Crysis SP Demo\\Bin32\\Crysis.exe"=
"c:\\Dema\\Codemasters\\GRID Demo\\GRID.exe"=
"c:\\WINDOWS\\system32\\muzapp.exe"=
"c:\\Programy\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programy\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programy\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Gry\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Programy\\Ares\\Ares.exe"=
"c:\\Gry\\Valve\\Steam\\SteamApps\\rafi992\\team fortress 2\\hl2.exe"=
"c:\\Gry\\Grid\\GRID.exe"=
"c:\\Gry\\Opera\\opera.exe"=
"c:\\Gry\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"c:\\Gry\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Gry\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"=
"c:\\Gry\\SopCast\\adv\\SopAdver.exe"=
"c:\\Gry\\Tibia\\Tibia.exe"=
"c:\\Gry\\Valve\\Steam\\Steam.exe"=
"c:\\Gry\\Electronic Arts\\Burnout(TM) Paradise The Ultimate Box\\BurnoutLauncher.exe"=
"c:\\Gry\\Electronic Arts\\Burnout(TM) Paradise The Ultimate Box\\BurnoutConfigTool.exe"=
"c:\\Gry\\Electronic Arts\\Burnout(TM) Paradise The Ultimate Box\\BurnoutParadise.exe"=
"c:\\Gry\\Valve\\Steam\\SteamApps\\common\\left 4 dead\\left4dead.exe"=
"c:\\Programy\\eMule\\emule.exe"=
"c:\\Gry\\MicroProse\\Majesty\\Majesty.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 33808]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2009-02-07 10384]
R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [2008-10-08 171032]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [2008-10-08 1324056]
R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [2008-10-08 72728]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-04-30 24592]
S3 cpuz130;cpuz130;\??\c:\docume~1\KRZYSZ~1\USTAWI~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\KRZYSZ~1\USTAWI~1\Temp\cpuz130\cpuz_x32.sys [?]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-01-14 79360]
S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [2008-10-08 171032]
S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [2008-10-08 1324056]
S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [2008-10-08 72728]
S3 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\GEST\GSvr.exe [2008-09-01 47624]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0b4284aa-1a4d-11de-9982-4d6564696130}]
\Shell\AutoRun\command - F:\Autorun.exe
.
.
------- Skan uzupełniający -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.allegro.pl/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Download with GetRight Pro - c:\programy\GetRight\GRdownload.htm
IE: E&ksportuj do programu Microsoft Excel - c:\programy\MICROS~1\Office12\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: Open with GetRight Pro Browser - c:\programy\GetRight\GRbrowse.htm
IE: { - c:\program files\Messenger\msmsgs.exe
TCP: {832088B4-C1C5-4012-8506-C55FFC782CAB} = 213.241.79.37 83.238.255.76
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-02 21:46:44
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

skanowanie ukrytych procesów ... 

skanowanie ukrytych wpisów autostartu ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  CTxfiHlp = CTXFIHLP.EXE?

skanowanie ukrytych plików ... 

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------

[HKEY_USERS\S-1-5-21-776561741-1788223648-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{8971B1B8-F8DF-CF42-22F1-79F0E4EB747D}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"oageidejfbnhfiniflblkgklimpcej"=hex:64,61,68,6b,67,66,68,69,00,70
"oakbahakofbpbbinefgfdeikdbpfid"=hex:6a,61,68,6b,65,69,68,67,61,69,62,6a,67,6e,
   70,65,61,63,69,66,00,fd
"naeccmcndngmfnapoheiknhlkdol"=hex:69,61,61,6b,6a,69,6e,6f,69,6e,66,6f,6f,61,
   6e,6e,65,6a,00,00

[HKEY_USERS\S-1-5-21-776561741-1788223648-839522115-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:13,ef,de,47,37,a5,91,36,35,51,18,36,4d,a8,19,76,d3,9a,2c,c0,82,62,14,
   b6,8a,57,ef,86,3c,ef,bf,eb,61,db,b0,5d,b6,26,67,95,37,01,88,e3,0d,3a,58,5f,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50

[HKEY_USERS\S-1-5-21-776561741-1788223648-839522115-1004\Software\SecuROM\License information*]
"datasecu"=hex:5b,c4,78,73,0d,68,24,7d,28,f1,97,b7,7f,3d,38,de,81,77,d4,a6,8e,
   b2,fa,7a,15,e7,90,83,4a,f7,b7,c9,89,e0,c6,35,22,4a,66,c7,10,3e,50,37,31,77,\
"rkeysecu"=hex:2b,76,63,e3,79,a5,cc,06,3a,27,34,3f,78,ee,98,29
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

- - - - - - - > 'winlogon.exe'(1080)
c:\windows\system32\Ati2evxx.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
.
Czas ukończenia: 2009-04-02 21:48:54
ComboFix-quarantined-files.txt  2009-04-02 19:48:00

Przed: 153 524 936 704 bajtów wolnych
Po: 153,886,494,720 bajtów wolnych

266   --- E O F ---   2009-03-21 00:21:55

[wojtas]

Otworz notatnik i wklej w nim to:

File::
c:\windows\system32\drivers\ovfsth.sys
c:\windows\system32\ovfsthhqraqajnojyxwrvxoasdmlrcxnddtbia.dll
c:\windows\system32\ovfsthppshkmxflxubpdeginweidxcmybarlyv.dat
c:\windows\system32\ovfsthxohrnbkppebhewfnragceumntrtmseah.dll
c:\windows\system32\ovfsthoyjdhnytompulcvumekbmkmvbdpfipmg.dll
c:\windows\system32\ovfsthyggrpdykohwwbkggsljovbvcxygbepsb.dat

>>Plik>>Zapisz jako... >>> CFScript
Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe
-->
Ma się rozpocząć usuwanie. (i powstanie log).Daj ten log, który powstanie w trakcie usuwania.

[rafi9-92]

Kod: Zaznacz wszystko

ComboFix 09-04-01.01 - Krzysztof 2009-04-03 12:39:32.11 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.3.1250.1.1045.18.3326.2751 [GMT 2:00]
Uruchomiony z: c:\gry\SKAN KOMPA\ComboFix.exe
Użyto następujących komend :: c:\documents and settings\Krzysztof\Pulpit\CFScript.txt
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated)
* Utworzono nowy punkt przywracania

UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!

FILE ::
c:\windows\system32\drivers\ovfsth.sys
c:\windows\system32\ovfsthhqraqajnojyxwrvxoasdmlrcxnddtbia.dll
c:\windows\system32\ovfsthoyjdhnytompulcvumekbmkmvbdpfipmg.dll
c:\windows\system32\ovfsthppshkmxflxubpdeginweidxcmybarlyv.dat
c:\windows\system32\ovfsthxohrnbkppebhewfnragceumntrtmseah.dll
c:\windows\system32\ovfsthyggrpdykohwwbkggsljovbvcxygbepsb.dat
.

(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\ovfsth.sys
c:\windows\system32\ovfsthhqraqajnojyxwrvxoasdmlrcxnddtbia.dll
c:\windows\system32\ovfsthoyjdhnytompulcvumekbmkmvbdpfipmg.dll
c:\windows\system32\ovfsthppshkmxflxubpdeginweidxcmybarlyv.dat
c:\windows\system32\ovfsthxohrnbkppebhewfnragceumntrtmseah.dll
c:\windows\system32\ovfsthyggrpdykohwwbkggsljovbvcxygbepsb.dat

.
(((((((((((((((((((((((((   Pliki utworzone od 2009-03-03 do 2009-04-03  )))))))))))))))))))))))))))))))
.

2009-04-02 17:59 . 2009-03-09 15:27   4,178,264   --a------   c:\windows\system32\D3DX9_41.dll
2009-04-02 17:59 . 2009-03-09 15:27   1,846,632   --a------   c:\windows\system32\D3DCompiler_41.dll
2009-04-02 17:59 . 2009-03-16 14:18   517,448   --a------   c:\windows\system32\XAudio2_4.dll
2009-04-02 17:59 . 2009-03-09 15:27   453,456   --a------   c:\windows\system32\d3dx10_41.dll
2009-04-02 17:59 . 2009-03-16 14:18   235,352   --a------   c:\windows\system32\xactengine3_4.dll
2009-04-02 17:59 . 2009-03-16 14:18   69,448   --a------   c:\windows\system32\XAPOFX1_3.dll
2009-04-02 17:59 . 2009-03-16 14:18   22,360   --a------   c:\windows\system32\X3DAudio1_6.dll
2009-04-01 21:52 . 2009-04-01 21:52   <DIR>   d--------   c:\documents and settings\Krzysztof\DoctorWeb
2009-03-31 19:43 . 2009-03-31 19:43   <DIR>   d--------   c:\program files\ATI
2009-03-31 19:42 . 2009-02-25 15:15   593,920   ---------   c:\windows\system32\ati2sgag.exe
2009-03-31 19:41 . 2009-03-31 19:41   <DIR>   d--------   C:\ATI
2009-03-31 17:43 . 2009-03-31 17:43   <DIR>   d--------   c:\program files\Common Files\ATI Technologies
2009-03-31 17:42 . 2008-06-03 04:47   3,107,788   -ra------   c:\windows\system32\ativva5x.dat
2009-03-31 17:42 . 2008-06-03 04:47   887,724   -ra------   c:\windows\system32\ativva6x.dat
2009-03-31 17:42 . 2009-02-25 23:42   442,368   --a------   c:\windows\system32\ATIDEMGX.dll
2009-03-31 17:42 . 2009-01-26 19:55   182,995   --a------   c:\windows\system32\atiicdxx.dat
2009-03-31 17:42 . 2008-12-29 21:35   15,485   --a------   c:\windows\atiogl.xml
2009-03-31 17:42 . 2007-08-31 15:20   7,167   -ra------   c:\windows\system32\atifglpf.xml
2009-03-30 15:16 . 2009-03-30 15:16   <DIR>   d--------   C:\GryVentrilo
2009-03-29 22:08 . 2009-03-29 22:08   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\ATI
2009-03-27 13:58 . 2009-03-27 13:58   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\wanted
2009-03-27 13:04 . 2009-03-27 13:04   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\DAEMON Tools Pro
2009-03-15 12:25 . 2009-03-15 12:25   56,268   --a------   c:\windows\system32\drivers\scdemu.sys
2009-03-05 20:52 . 1999-03-23 01:00   401,484   --a------   c:\windows\system32\msvcrtd.dll

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-03 10:38   ---------   d-----w   c:\documents and settings\Krzysztof\Dane aplikacji\BitTorrent
2009-04-03 10:15   ---------   d-----w   c:\program files\Neostrada TP
2009-04-03 09:30   ---------   d-----w   c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab
2009-04-02 23:03   6,634,016   --sha-w   c:\windows\system32\drivers\fidbox.dat
2009-04-02 23:03   52,908   --sha-w   c:\windows\system32\drivers\fidbox.idx
2009-04-02 23:03   5,336   --sha-w   c:\windows\system32\drivers\fidbox2.idx
2009-04-02 23:03   1,245,216   --sha-w   c:\windows\system32\drivers\fidbox2.dat
2009-04-01 18:44   86,016   ----a-w   c:\windows\system32\OpenAL32.dll
2009-03-31 17:42   ---------   d--h--w   c:\program files\InstallShield Installation Information
2009-03-31 17:42   ---------   d-----w   c:\program files\ATI Technologies
2009-03-31 15:53   ---------   d-----w   c:\program files\Java
2009-03-29 22:26   ---------   d---a-w   c:\documents and settings\All Users\Dane aplikacji\TEMP
2009-03-28 17:15   ---------   d-----w   c:\documents and settings\Krzysztof\Dane aplikacji\DNA
2009-03-27 11:11   ---------   d-----w   c:\documents and settings\Krzysztof\Dane aplikacji\DAEMON Tools Pro
2009-03-26 21:29   ---------   d-----w   c:\documents and settings\Krzysztof\Dane aplikacji\DAEMON Tools Lite
2009-03-26 21:12   ---------   d-----w   c:\program files\Common Files\Wise Installation Wizard
2009-03-26 21:11   ---------   d-----w   c:\program files\AGEIA Technologies
2009-03-09 03:19   410,984   ----a-w   c:\windows\system32\deploytk.dll
2009-03-04 12:44   ---------   d-----w   c:\documents and settings\Krzysztof\Dane aplikacji\GetRight Pro
2009-02-26 12:09   162,816   ----a-w   c:\windows\system32\fmod.dll
2009-02-25 22:58   3,565,568   ----a-w   c:\windows\system32\drivers\ati2mtag.sys
2009-02-25 21:41   325,120   ----a-w   c:\windows\system32\ati2dvag.dll
2009-02-25 21:30   204,800   ----a-w   c:\windows\system32\atipdlxx.dll
2009-02-25 21:30   11,841,536   ----a-w   c:\windows\system32\atioglxx.dll
2009-02-25 21:29   43,520   ----a-w   c:\windows\system32\ati2edxx.dll
2009-02-25 21:29   26,112   ----a-w   c:\windows\system32\Ati2mdxx.exe
2009-02-25 21:29   155,648   ----a-w   c:\windows\system32\Oemdspif.dll
2009-02-25 21:29   155,648   ----a-w   c:\windows\system32\ati2evxx.dll
2009-02-25 21:27   602,112   ----a-w   c:\windows\system32\ati2evxx.exe
2009-02-25 21:26   53,248   ----a-w   c:\windows\system32\ATIDDC.DLL
2009-02-25 21:16   3,817,984   ----a-w   c:\windows\system32\ati3duag.dll
2009-02-25 21:09   307,200   ----a-w   c:\windows\system32\atiiiexx.dll
2009-02-25 20:59   2,670,080   ----a-w   c:\windows\system32\ativvaxx.dll
2009-02-25 20:44   49,664   ----a-w   c:\windows\system32\amdpcom32.dll
2009-02-25 20:40   475,136   ----a-w   c:\windows\system32\atikvmag.dll
2009-02-25 20:38   17,408   ----a-w   c:\windows\system32\atitvo32.dll
2009-02-25 20:38   126,976   ----a-w   c:\windows\system32\atiadlxx.dll
2009-02-25 20:37   53,248   ----a-w   c:\windows\system32\drivers\ati2erec.dll
2009-02-25 20:35   290,816   ----a-w   c:\windows\system32\atiok3x2.dll
2009-02-25 20:32   626,688   ----a-w   c:\windows\system32\ati2cqag.dll
2009-02-25 20:32   45,056   ----a-w   c:\windows\system32\aticalrt.dll
2009-02-25 20:32   45,056   ----a-w   c:\windows\system32\aticalcl.dll
2009-02-25 20:30   3,227,648   ----a-w   c:\windows\system32\aticaldd.dll
2009-02-25 19:03   ---------   d-----w   c:\program files\Common Files\Futuremark Shared
2009-02-09 14:07   1,847,040   ------w   c:\windows\system32\win32k.sys
2009-02-07 14:06   ---------   d-----w   c:\program files\Common Files\Logishrd
2009-02-07 13:45   ---------   d-----w   c:\program files\Common Files\Logitech
2009-02-04 15:01   33,808   ----a-w   c:\windows\system32\drivers\klbg.sys
2009-02-03 18:18   89,601   ----a-w   c:\windows\system32\drivers\klick.dat
2009-02-03 18:18   101,287   ----a-w   c:\windows\system32\drivers\klin.dat
2009-01-14 15:50   444,952   ----a-w   c:\windows\system32\wrap_oal.dll
2008-09-04 19:50   92,064   ----a-w   c:\documents and settings\Krzysztof\mqdmmdm.sys
2008-09-04 19:50   9,232   ----a-w   c:\documents and settings\Krzysztof\mqdmmdfl.sys
2008-09-04 19:50   79,328   ----a-w   c:\documents and settings\Krzysztof\mqdmserd.sys
2008-09-04 19:50   66,656   ----a-w   c:\documents and settings\Krzysztof\mqdmbus.sys
2008-09-04 19:50   6,208   ----a-w   c:\documents and settings\Krzysztof\mqdmcmnt.sys
2008-09-04 19:50   5,936   ----a-w   c:\documents and settings\Krzysztof\mqdmwhnt.sys
2008-09-04 19:50   4,048   ----a-w   c:\documents and settings\Krzysztof\mqdmcr.sys
2008-09-04 19:50   25,600   ----a-w   c:\documents and settings\Krzysztof\usbsermptxp.sys
2008-09-04 19:50   22,768   ----a-w   c:\documents and settings\Krzysztof\usbsermpt.sys
.

(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"AutoConnect"="c:\programy\AutoConnect\AutoConnect.exe" [2004-08-28 295424]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-15 68856]
"CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-08-07 700416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-08-29 1966080]
"Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600]
"NETIANET"="c:\program files\Netia\Net\netianet.exe" [2008-09-01 493568]
"MAAgent"="c:\program files\MarkAny\ContentSafer\MAAgent.exe" [2007-01-30 57344]
"GrooveMonitor"="c:\programy\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-09-12 185896]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-06-16 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"QuickTime Task"="c:\programy\QuickTime\qttask.exe" [2008-09-06 413696]
"AVP"="c:\programy\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2009-02-04 206088]
"VolPanel"="c:\program files\Creative\Volume Panel\VolPanlu.exe" [2008-08-06 233576]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-25 61440]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"RTHDCPL"="RTHDCPL.EXE" [2008-07-31 c:\windows\RTHDCPL.EXE]
"SoundMan"="SOUNDMAN.EXE" [2008-06-18 c:\windows\SOUNDMAN.EXE]
"AlcWzrd"="ALCWZRD.EXE" [2008-06-19 c:\windows\ALCWZRD.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [2008-10-08 c:\windows\system32\Ctxfihlp.exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-10-10 c:\windows\KHALMNPR.Exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"Nokia.PCSync"="c:\programy\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 1241088]

c:\documents and settings\Krzysztof\Menu Start\Programy\Autostart\
eXtreme Movie Manager Updater.exe [2008-12-25 33982]

c:\documents and settings\All Users\Menu Start\Programy\Autostart\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-10-30 113664]
DSLMON.lnk - c:\program files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2008-09-01 962661]
Logitech SetPoint.lnk - c:\programy\Logitech\SetPoint\SetPoint.exe [2009-02-07 809488]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Taskman"="c:\recycler\S-1-5-21-9313750817-4811536398-965831654-5087\svchost.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-11-07 17:41 72208 c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^Krzysztof^Menu Start^Programy^Autostart^eXtreme Movie Manager Updater.exe]
path=c:\documents and settings\Krzysztof\Menu Start\Programy\Autostart\eXtreme Movie Manager Updater.exe
backup=c:\windows\pss\eXtreme Movie Manager Updater.exeStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
--a------ 2006-09-28 21:21 57344 c:\gry\SlySoft\CloneCD\CloneCDTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
--a------ 2007-06-18 15:10 271360 c:\programy\Nokia\Nokia PC Suite 6\LaunchApplication.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSTray]
--a------ 2007-02-23 16:32 126976 c:\programy\Samsung\Samsung Media Studio 5\SMSTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Gry\\Valve\\Steam\\SteamApps\\rafi992\\counter-strike\\hl.exe"=
"c:\\Documents and Settings\\All Users\\Dane aplikacji\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 2009\\Polish\\setup.exe"=
"c:\\Programy\\BitTorrent\\bittorrent.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Dema\\Electronic Arts\\Crytek\\Crysis SP Demo\\Bin32\\Crysis.exe"=
"c:\\Dema\\Codemasters\\GRID Demo\\GRID.exe"=
"c:\\WINDOWS\\system32\\muzapp.exe"=
"c:\\Programy\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programy\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programy\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Gry\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Programy\\Ares\\Ares.exe"=
"c:\\Gry\\Valve\\Steam\\SteamApps\\rafi992\\team fortress 2\\hl2.exe"=
"c:\\Gry\\Grid\\GRID.exe"=
"c:\\Gry\\Opera\\opera.exe"=
"c:\\Gry\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"c:\\Gry\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Gry\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"=
"c:\\Gry\\SopCast\\adv\\SopAdver.exe"=
"c:\\Gry\\Tibia\\Tibia.exe"=
"c:\\Gry\\Valve\\Steam\\Steam.exe"=
"c:\\Gry\\Electronic Arts\\Burnout(TM) Paradise The Ultimate Box\\BurnoutLauncher.exe"=
"c:\\Gry\\Electronic Arts\\Burnout(TM) Paradise The Ultimate Box\\BurnoutConfigTool.exe"=
"c:\\Gry\\Electronic Arts\\Burnout(TM) Paradise The Ultimate Box\\BurnoutParadise.exe"=
"c:\\Gry\\Valve\\Steam\\SteamApps\\common\\left 4 dead\\left4dead.exe"=
"c:\\Programy\\eMule\\emule.exe"=
"c:\\Gry\\MicroProse\\Majesty\\Majesty.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 33808]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2009-02-07 10384]
R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [2008-10-08 171032]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [2008-10-08 1324056]
R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [2008-10-08 72728]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-04-30 24592]
S3 cpuz130;cpuz130;\??\c:\docume~1\KRZYSZ~1\USTAWI~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\KRZYSZ~1\USTAWI~1\Temp\cpuz130\cpuz_x32.sys [?]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-01-14 79360]
S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [2008-10-08 171032]
S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [2008-10-08 1324056]
S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [2008-10-08 72728]
S3 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\GEST\GSvr.exe [2008-09-01 47624]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0b4284aa-1a4d-11de-9982-4d6564696130}]
\Shell\AutoRun\command - F:\Autorun.exe
.
.
------- Skan uzupełniający -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.allegro.pl/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Download with GetRight Pro - c:\programy\GetRight\GRdownload.htm
IE: E&ksportuj do programu Microsoft Excel - c:\programy\MICROS~1\Office12\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: Open with GetRight Pro Browser - c:\programy\GetRight\GRbrowse.htm
IE: { - c:\program files\Messenger\msmsgs.exe
TCP: {832088B4-C1C5-4012-8506-C55FFC782CAB} = 213.241.79.37 83.238.255.76
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-03 12:41:20
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

skanowanie ukrytych procesów ... 

skanowanie ukrytych wpisów autostartu ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  CTxfiHlp = CTXFIHLP.EXE?

skanowanie ukrytych plików ... 

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------

[HKEY_USERS\S-1-5-21-776561741-1788223648-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{8971B1B8-F8DF-CF42-22F1-79F0E4EB747D}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"oageidejfbnhfiniflblkgklimpcej"=hex:64,61,68,6b,67,66,68,69,00,70
"oakbahakofbpbbinefgfdeikdbpfid"=hex:6a,61,68,6b,65,69,68,67,61,69,62,6a,67,6e,
   70,65,61,63,69,66,00,fd
"naeccmcndngmfnapoheiknhlkdol"=hex:69,61,61,6b,6a,69,6e,6f,69,6e,66,6f,6f,61,
   6e,6e,65,6a,00,00

[HKEY_USERS\S-1-5-21-776561741-1788223648-839522115-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:13,ef,de,47,37,a5,91,36,35,51,18,36,4d,a8,19,76,d3,9a,2c,c0,82,62,14,
   b6,8a,57,ef,86,3c,ef,bf,eb,61,db,b0,5d,b6,26,67,95,37,01,88,e3,0d,3a,58,5f,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50

[HKEY_USERS\S-1-5-21-776561741-1788223648-839522115-1004\Software\SecuROM\License information*]
"datasecu"=hex:5b,c4,78,73,0d,68,24,7d,28,f1,97,b7,7f,3d,38,de,81,77,d4,a6,8e,
   b2,fa,7a,15,e7,90,83,4a,f7,b7,c9,89,e0,c6,35,22,4a,66,c7,10,3e,50,37,31,77,\
"rkeysecu"=hex:2b,76,63,e3,79,a5,cc,06,3a,27,34,3f,78,ee,98,29
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

- - - - - - - > 'winlogon.exe'(1088)
c:\windows\system32\Ati2evxx.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
.
Czas ukończenia: 2009-04-03 12:43:25
ComboFix-quarantined-files.txt  2009-04-03 10:42:48
ComboFix2.txt  2009-04-02 19:48:55

Przed: 154 631 651 328 bajtów wolnych
Po: 154,681,896,960 bajtów wolnych

277   --- E O F ---   2009-03-21 00:21:55

Zrobione

[wojtas]

1. Ściągnij OTMoveIt i go włacz i odpal go z opcji CleanUp oraz skasuj folder C:\Qoobox
2. wykonaj optymalizację windowsa
3.sciagnij ATF_Cleaner
zaznacz
Windows Temp
All users Temp
Temporary internet files
Recycle Bin
i wcisnij EMPTY SELECTED
4.Wyłącz przywracanie systemu ( właściwości mój komputer-zakładka przywracanie - wyłącz przywracanie na wszystkich dyskach). Po chwili włącz je powrotem
5. Wykonaj skan Dr. Web CureIt
6. Przeskanuj obszar mojego komputera http://www.kaspersky.pl/virusscanner.html (uruchom przez IE) Daj raport z niego na forum.

i tym:

FixIEDef.

[rafi9-92]

2 dni temu przeciez to robilem napisales to w 1 poscie wykonac jeszcze raz ??

[wojtas]

nie zauważyłem ... sorka . wirusów juz nie masz

[rafi9-92]

hehe spoko To dziekuje bardzo wszystkie problemy zniknely )