Prosze o sprawdzenie loga z combofix

[slawek00514]

ComboFix 09-04-18.05 - julia 2009-04-18 11:07.1 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1250.48.1045.18.2046.1252 [GMT 2:00]
Uruchomiony z: c:\users\julia\Downloads\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\julia\AppData\Roaming\inst.exe
c:\windows\system32\drivers\ovfsthpaycefekiotpfvxhfinvsuxchrpkmkyj.sys
c:\windows\system32\ovfsthmdsqpfjqpqrmumprrnlitejmwmtnodbh.dat
c:\windows\system32\ovfsthnddonpoyxbedeilneciihqxwwmidoevt.dat
c:\windows\system32\ovfsthoxxbudbqswheptoicmpupavmxbwcrmoc.dll

.
((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_ovfsthnqutdvyaoxpguqceiqpsqfrihgrsmxpi


((((((((((((((((((((((((( Pliki utworzone od 2009-03-18 do 2009-04-18 )))))))))))))))))))))))))))))))
.

2009-04-16 21:02 . 2008-12-06 04:42 376832 ----a-w c:\windows\system32\winhttp.dll
2009-04-16 21:01 . 2008-06-06 03:27 38912 ----a-w c:\windows\system32\xolehlp.dll
2009-04-16 21:01 . 2008-06-06 03:27 562176 ----a-w c:\windows\system32\msdtcprx.dll
2009-04-16 21:00 . 2009-04-16 21:00 118 ----a-w c:\windows\system32\MRT.INI
2009-04-16 20:57 . 2009-02-13 08:49 72704 ----a-w c:\windows\system32\secur32.dll
2009-04-16 20:57 . 2009-02-13 08:49 1255936 ----a-w c:\windows\system32\lsasrv.dll
2009-04-16 20:57 . 2009-03-17 03:38 13824 ----a-w c:\windows\system32\apilogen.dll
2009-04-16 20:57 . 2009-03-17 03:38 24064 ----a-w c:\windows\system32\amxread.dll
2009-04-16 20:34 . 2008-12-11 06:38 159600 ----a-w c:\windows\system32\drivers\pctgntdi.sys
2009-04-16 20:34 . 2009-04-18 09:23 -------- d---a-w c:\users\All Users\TEMP
2009-04-16 20:34 . 2009-04-18 09:23 -------- d---a-w c:\programdata\TEMP
2009-04-16 20:34 . 2009-03-06 14:45 130424 ----a-w c:\windows\system32\drivers\PCTCore.sys
2009-04-16 20:34 . 2008-12-18 10:16 73840 ----a-w c:\windows\system32\drivers\PCTAppEvent.sys
2009-04-16 20:34 . 2008-12-10 10:36 64392 ----a-w c:\windows\system32\drivers\pctplsg.sys
2009-04-16 20:33 . 2009-04-16 20:33 -------- d-----w c:\users\julia\AppData\Roaming\PC Tools
2009-04-16 20:33 . 2009-04-16 20:33 -------- d-----w c:\users\All Users\PC Tools
2009-04-16 20:33 . 2009-04-16 20:33 -------- d-----w c:\programdata\PC Tools
2009-04-16 20:29 . 2009-03-03 04:39 551424 ----a-w c:\windows\system32\rpcss.dll
2009-04-16 20:29 . 2009-03-03 04:46 3599328 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-04-16 20:29 . 2009-03-03 04:46 3547632 ----a-w c:\windows\system32\ntoskrnl.exe
2009-04-16 20:29 . 2009-03-03 03:04 666624 ----a-w c:\windows\system32\printfilterpipelinesvc.exe
2009-04-16 20:29 . 2009-03-03 04:39 183296 ----a-w c:\windows\system32\sdohlp.dll
2009-04-16 20:29 . 2009-03-03 04:39 26112 ----a-w c:\windows\system32\printfilterpipelineprxy.dll
2009-04-16 20:29 . 2009-03-03 04:37 98304 ----a-w c:\windows\system32\iasrecst.dll
2009-04-16 20:29 . 2009-03-03 04:37 54784 ----a-w c:\windows\system32\iasads.dll
2009-04-16 20:29 . 2009-03-03 04:37 44032 ----a-w c:\windows\system32\iasdatastore.dll
2009-04-16 20:29 . 2009-03-03 02:38 17408 ----a-w c:\windows\system32\iashost.exe
2009-04-16 18:15 . 2009-04-16 18:15 -------- d-----w c:\users\julia\DoctorWeb
2009-04-16 13:20 . 2009-04-17 17:11 193759421 ----a-w c:\windows\MEMORY.DMP
2009-04-15 20:02 . 2009-04-15 20:02 -------- d-----w c:\users\All Users\258B
2009-04-15 20:02 . 2009-04-15 20:02 -------- d-----w c:\programdata\258B
2009-04-15 19:21 . 2009-04-15 19:21 -------- d-----w c:\users\julia\AppData\Local\ESET
2009-04-15 18:36 . 2009-04-15 18:36 -------- d-----w c:\users\All Users\ESET
2009-04-15 18:36 . 2009-04-15 18:36 -------- d-----w c:\programdata\ESET
2009-04-15 11:47 . 2009-04-15 11:47 25136 ----a-r c:\windows\system32\drivers\SymIMV.sys
2009-04-15 11:47 . 2009-04-15 11:47 805 ----a-w c:\windows\system32\drivers\SYMEVENT.INF
2009-04-15 11:47 . 2009-04-15 11:47 7386 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT
2009-04-15 11:47 . 2009-04-15 11:47 124464 ----a-w c:\windows\system32\drivers\SYMEVENT.SYS
2009-04-15 11:46 . 2009-04-15 11:46 -------- d-----w c:\windows\system32\drivers\NIS
2009-04-15 11:38 . 2009-04-15 11:38 -------- d-----w c:\users\All Users\PCSettings
2009-04-15 11:38 . 2009-04-15 11:38 -------- d-----w c:\programdata\PCSettings
2009-04-15 11:38 . 2009-04-15 11:47 -------- d-----w c:\users\All Users\Norton
2009-04-15 11:38 . 2009-04-15 11:47 -------- d-----w c:\programdata\Norton
2009-04-15 11:34 . 2009-04-15 11:46 -------- d-----w c:\users\All Users\NortonInstaller
2009-04-15 11:34 . 2009-04-15 11:46 -------- d-----w c:\programdata\NortonInstaller
2009-04-14 06:59 . 2009-04-14 06:59 -------- d-----w c:\users\All Users\3A98
2009-04-14 06:59 . 2009-04-14 06:59 -------- d-----w c:\programdata\3A98
2009-04-13 16:51 . 2009-04-17 23:28 106496 ----a-w c:\windows\system32\winsetup66.exe
2009-04-13 07:50 . 2009-04-13 07:50 -------- d-----w c:\users\All Users\495
2009-04-13 07:50 . 2009-04-13 07:50 -------- d-----w c:\programdata\495
2009-04-13 07:48 . 2009-04-13 07:48 -------- d-----w c:\users\All Users\27B0
2009-04-13 07:48 . 2009-04-13 07:48 -------- d-----w c:\programdata\27B0
2009-04-13 07:48 . 2009-04-13 07:48 -------- d-----w c:\users\All Users\17D7
2009-04-13 07:48 . 2009-04-13 07:48 -------- d-----w c:\programdata\17D7
2009-04-12 10:46 . 2009-04-12 10:46 -------- d-----w c:\users\All Users\2D68
2009-04-12 10:46 . 2009-04-12 10:46 -------- d-----w c:\programdata\2D68
2009-04-12 10:46 . 2009-04-12 10:46 -------- d-----w c:\users\All Users\10B5
2009-04-12 10:46 . 2009-04-12 10:46 -------- d-----w c:\programdata\10B5
2009-04-11 10:22 . 2009-04-11 10:22 -------- d-----w c:\users\All Users\8154
2009-04-11 10:22 . 2009-04-11 10:22 -------- d-----w c:\programdata\8154
2009-04-05 12:34 . 2009-04-05 12:34 -------- d-----w c:\users\julia\AppData\Roaming\Touchstone
2009-04-05 12:03 . 2009-04-05 12:03 -------- d-----w c:\windows\A5B5A16D277A476B8F621029A2F23072.TMP
2009-04-05 12:02 . 2009-04-12 16:41 120 ----a-w c:\windows\disney.ini
2009-03-28 16:32 . 2009-03-28 16:32 -------- d-----w c:\users\julia\Nowy folder (2)
2009-03-25 11:10 . 2009-03-25 11:17 -------- d-----w c:\users\julia\AppData\Local\GRAW2
2009-03-25 11:10 . 2009-03-25 11:10 -------- d-----w c:\users\All Users\GRAW2
2009-03-25 11:10 . 2009-03-25 11:10 -------- d-----w c:\programdata\GRAW2
2009-03-22 14:18 . 2009-03-22 14:18 -------- d-----w c:\users\julia\AppData\Local\capcom
2009-03-22 13:56 . 2009-03-22 13:56 -------- d-----w c:\windows\system32\xlive

.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-18 09:10 . 2006-12-05 05:19 704102 ----a-w c:\windows\System32\perfh015.dat
2009-04-18 09:10 . 2006-12-05 05:19 148654 ----a-w c:\windows\System32\perfc015.dat
2009-04-18 09:03 . 2008-04-29 20:44 -------- d-----w c:\program files\Gadu-Gadu
2009-04-17 16:44 . 2008-05-23 19:17 -------- d-----w c:\users\julia\AppData\Roaming\uTorrent
2009-04-17 11:13 . 2009-04-16 20:33 -------- d-----w c:\program files\Spyware Doctor
2009-04-16 21:06 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
2009-04-16 20:51 . 2009-04-16 20:34 -------- d-----w c:\program files\Common Files\PC Tools
2009-04-15 20:33 . 2008-10-16 17:43 -------- d-----w c:\program files\DAEMON Tools Lite
2009-04-15 18:36 . 2009-04-15 18:36 -------- d-----w c:\program files\ESET
2009-04-15 12:16 . 2008-03-06 09:44 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-04-15 11:47 . 2006-11-02 10:25 86016 ----a-w c:\windows\Inf\infstor.dat
2009-04-15 11:47 . 2006-11-02 10:25 51200 ----a-w c:\windows\Inf\infpub.dat
2009-04-15 11:47 . 2006-11-02 10:25 143360 ----a-w c:\windows\Inf\infstrng.dat
2009-04-15 11:47 . 2009-04-15 11:47 -------- d-----w c:\program files\Symantec
2009-04-15 11:46 . 2009-04-15 11:46 -------- d-----w c:\program files\Norton Internet Security
2009-04-15 11:46 . 2008-03-06 09:45 -------- d-----w c:\programdata\Symantec
2009-04-15 11:38 . 2009-04-15 11:34 -------- d-----w c:\program files\NortonInstaller
2009-04-14 07:07 . 2008-05-05 09:15 -------- d-----w c:\users\julia\AppData\Roaming\BearShare
2009-04-13 11:47 . 2008-03-06 08:40 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-13 11:42 . 2009-04-13 11:42 -------- d-----w c:\program files\Activision
2009-04-12 18:08 . 2008-08-05 17:51 -------- d-----w c:\users\julia\AppData\Roaming\OpenOffice.ux.pl2
2009-04-10 07:03 . 2008-12-01 11:55 -------- d-----w c:\users\julia\AppData\Roaming\Vso
2009-04-05 12:03 . 2008-10-30 16:34 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-04-03 10:40 . 2008-08-22 17:39 -------- d-----w c:\users\julia\AppData\Roaming\foobar2000
2009-03-27 17:41 . 2008-10-07 06:10 680 ----a-w c:\users\julia\AppData\Local\d3d9caps.dat
2009-03-25 10:33 . 2008-12-07 07:42 -------- d-----w c:\program files\Ubisoft
2009-03-22 14:00 . 2009-03-22 14:00 -------- d-----w c:\program files\CAPCOM
2009-03-18 14:33 . 2009-03-18 14:33 -------- d-----w c:\programdata\262A5
2009-03-17 21:26 . 2009-03-06 13:20 -------- d-----w c:\users\julia\AppData\Roaming\Skype
2009-03-17 03:38 . 2009-04-16 20:57 40960 ----a-w c:\windows\AppPatch\apihex86.dll
2009-03-16 11:03 . 2009-03-06 13:29 -------- d-----w c:\users\julia\AppData\Roaming\skypePM
2009-03-13 06:20 . 2009-03-13 06:20 -------- d-----w c:\programdata\1716C
2009-03-10 16:28 . 2009-02-12 17:21 -------- d-----w c:\users\julia\AppData\Roaming\DAEMON Tools Pro
2009-03-06 13:29 . 2009-03-06 13:29 56 ---ha-w c:\users\All Users\ezsidmv.dat
2009-03-06 13:29 . 2009-03-06 13:29 56 ---ha-w c:\programdata\ezsidmv.dat
2009-03-06 13:19 . 2009-03-06 13:19 -------- d-----w c:\program files\Common Files\Skype
2009-03-06 13:19 . 2009-03-06 13:19 -------- d-----r c:\program files\Skype
2009-03-06 13:19 . 2009-03-06 13:18 -------- d-----w c:\programdata\Skype
2009-03-03 04:40 . 2009-04-16 20:54 827392 ----a-w c:\windows\System32\wininet.dll
2009-03-03 04:37 . 2009-04-16 20:54 78336 ----a-w c:\windows\System32\ieencode.dll
2009-03-03 02:28 . 2009-04-16 20:54 26624 ----a-w c:\windows\System32\ieUnatt.exe
2009-03-01 18:54 . 2008-03-06 08:46 -------- d-----w c:\programdata\NVIDIA
2009-03-01 18:51 . 2008-10-30 16:34 -------- d-----w c:\program files\AGEIA Technologies
2009-03-01 15:26 . 2008-08-05 15:04 -------- d-----w c:\program files\Electronic Arts
2009-03-01 14:27 . 2009-03-01 14:28 66872 ----a-w c:\windows\System32\PnkBstrA.exe
2009-03-01 14:27 . 2009-03-01 14:28 138184 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-03-01 14:27 . 2009-03-01 14:27 183112 ----a-w c:\windows\System32\PnkBstrB.exe
2009-02-28 18:36 . 2009-02-12 17:17 -------- d-----w c:\program files\DAEMON Tools Toolbar
2009-02-25 12:48 . 2008-12-01 11:14 -------- d-----w c:\users\julia\AppData\Roaming\BESTplayer
2009-02-21 18:54 . 2009-02-21 18:54 -------- d-----w c:\program files\GameSpy Arcade
2009-02-18 10:19 . 2009-02-18 10:19 -------- d-----w c:\programdata\28338
2009-02-09 03:10 . 2009-03-11 14:34 2033152 ----a-w c:\windows\System32\win32k.sys
2009-02-05 09:54 . 2009-03-01 18:49 453152 ----a-w c:\windows\System32\NVUNINST.EXE
2008-12-12 13:30 . 2008-10-19 13:23 22328 ----a-w c:\users\julia\AppData\Roaming\PnkBstrK.sys
2008-12-01 11:55 . 2008-12-01 11:55 47360 ----a-w c:\users\julia\AppData\Roaming\pcouffin.sys
2008-10-29 16:50 . 2008-04-28 16:48 102264 ----a-w c:\users\julia\AppData\Local\GDIPFONTCACHEV1.DAT
2008-10-24 20:27 . 2008-11-10 17:33 868080 ----a-w c:\users\julia\paul.dll
2008-10-19 13:25 . 2008-10-19 13:25 93 ----a-w c:\users\julia\AppData\Local\fusioncache.dat
2008-05-23 22:30 . 2006-11-02 12:48 174 --sha-w c:\program files\desktop.ini
2003-02-27 14:12 . 2008-06-18 16:41 696320 ----a-w c:\users\julia\ikernel.dll
2002-12-05 12:10 . 2008-06-18 16:29 155648 ----a-w c:\users\julia\IUser.dll
2002-12-02 11:33 . 2008-06-18 16:41 237568 ----a-w c:\users\julia\IScript.dll
2002-12-02 11:33 . 2008-06-18 16:29 57344 ----a-w c:\users\julia\ctor.dll
.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D023EBF-70B8-45A6-9ED5-556515FA0FE4}]
2008-09-02 14:05 398776 ----a-w c:\program files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]
2008-09-02 14:05 398776 ----a-w c:\program files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{32099AAC-C132-4136-9E9A-4E364A424E17}"= "c:\program files\DAEMON Tools Toolbar\DTToolbar.dll" [2008-12-10 929224]

[HKEY_CLASSES_ROOT\clsid\{32099aac-c132-4136-9e9a-4e364a424e17}]
[HKEY_CLASSES_ROOT\DTToolbar.ToolBandObj.1]
[HKEY_CLASSES_ROOT\TypeLib\{3E288F79-03E4-4983-A48E-0D879B51FF19}]
[HKEY_CLASSES_ROOT\DTToolbar.ToolBandObj]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{32099AAC-C132-4136-9E9A-4E364A424E17}"= "c:\program files\DAEMON Tools Toolbar\DTToolbar.dll" [2008-12-10 929224]

[HKEY_CLASSES_ROOT\clsid\{32099aac-c132-4136-9e9a-4e364a424e17}]
[HKEY_CLASSES_ROOT\DTToolbar.ToolBandObj.1]
[HKEY_CLASSES_ROOT\TypeLib\{3E288F79-03E4-4983-A48E-0D879B51FF19}]
[HKEY_CLASSES_ROOT\DTToolbar.ToolBandObj]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2007-11-14 2131392]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-01-29 23975720]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-09 13683232]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-09 92704]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2021400]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2008-12-08 1173384]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-11 20:16 39792 ----a-w c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
2008-03-20 16:39 216520 ----a-w c:\program files\Alcohol Soft\Alcohol 52\AxCmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AsusStartupHelp]
2006-12-29 08:54 363008 ----a-w c:\program files\ASUS\AASP\1.00.24\AsRunHelp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-06-27 18:03 152872 ----a-w c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu]
2007-11-14 10:54 2131392 ----a-w c:\program files\Gadu-Gadu\gg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2007-10-18 10:34 5724184 ----a-w c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 14:57 153136 ----a-w c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2009-02-09 12:18 13683232 ----a-w c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2009-02-09 12:18 92704 ----a-w c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc]
2009-02-09 12:18 641568 ----a-w c:\windows\system32\nvsvc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2008-01-19 07:33 1233920 ----a-w c:\program files\Windows Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2006-12-18 13:34 868352 ----a-w c:\program files\Analog Devices\Core\smax4pnp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2008-01-28 09:43 2097488 --sha-r c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2008-07-09 21:33 36352 ----a-w c:\program files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 07:38 1008184 ----a-w c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-19 07:33 202240 ----a-w c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
2008-01-19 07:36 2153472 ----a-w c:\windows\System32\oobefldr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{12575F4B-5B37-495E-AB2D-F3B2F5C50D15}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{BBFAC545-4516-414D-B5C6-B5C548647640}"= UDP:c:\program files\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\Binaries\MOHA.exe:Medal of Honor Airborne
"{DC8AB732-34FC-498D-91D5-AE37EA0A3696}"= TCP:c:\program files\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\Binaries\MOHA.exe:Medal of Honor Airborne
"{9658BAB0-9F59-4E29-A80B-9868CB47D480}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{6B754AF3-59CE-4FEB-8404-3E75FA034BF4}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{AE28D719-5428-494B-B1D4-163C0E7C004C}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{02DE6071-71F3-484C-B51B-BC81E00169F5}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{00C64468-8802-46FF-8BB3-718C4AA56412}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{11BF157E-2A39-4926-9B19-95A3E02F0735}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{A8A35CCE-294B-4BFF-B6A3-7CA18EA8B676}"= UDP:c:\program files\Atari\AITD\Alone.exe:Alone In The Dark
"{38A9B03C-08EC-4146-B438-C56B521332BA}"= TCP:c:\program files\Atari\AITD\Alone.exe:Alone In The Dark
"{D967A8E5-7A50-44B3-86AF-B169E45FB399}"= UDP:c:\program files\Capcom\MotoGP 08\Launcher.exe:MotoGP 08
"{558578DF-AFCB-4F07-9AE1-38E01D080490}"= TCP:c:\program files\Capcom\MotoGP 08\Launcher.exe:MotoGP 08
"{8D6D80ED-4F4D-4A09-8A42-F3A6D4BB6640}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{89F8C0C1-9689-40CA-A700-769D0A1A61AC}"= UDP:c:\program files\CAPCOM\LOSTPLANETCOLONIES\LostPlanetColoniesDX9.exe:LOSTPLANETCOLONIES_DX9
"{593F1C48-C652-452F-9957-94AA36748E82}"= TCP:c:\program files\CAPCOM\LOSTPLANETCOLONIES\LostPlanetColoniesDX9.exe:LOSTPLANETCOLONIES_DX9
"{ED687275-6223-4AFC-9C84-388FA6C54D33}"= UDP:c:\program files\CAPCOM\LOSTPLANETCOLONIES\LostPlanetColoniesDX10.exe:LOSTPLANETCOLONIES_DX10
"{D5E0C173-B0F9-48F7-B7DA-F654831DCA0C}"= TCP:c:\program files\CAPCOM\LOSTPLANETCOLONIES\LostPlanetColoniesDX10.exe:LOSTPLANETCOLONIES_DX10

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-03-06 130424]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1005000.086\SYMEFA.SYS [2009-04-15 310320]
S1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NIS\1005000.086\BHDrvx86.sys [2009-04-15 258608]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1005000.086\ccHPx86.sys [2009-04-15 482352]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-02-06 106208]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20090414.001\IDSvix86.sys [2009-04-15 292912]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-02-06 727720]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2009-02-06 92800]
S2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.5.0.134\ccSvcHst.exe [2009-04-15 115560]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 810320]
S2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-01-07 348752]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-04-15 101936]
S3 SYMNDISV;Symantec Network Filter Driver;c:\windows\system32\drivers\NIS\1005000.086\SYMNDISV.SYS [2009-04-15 39984]


--- Inne Usługi/Sterowniki w Pamięci ---

*Deregistered* - mchInjDrv
*Deregistered* - sptd

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c559fbc3-057e-11de-a4e5-001d60dc2e04}]
\shell\AutoRun\command - K:\Autorun.exe
.
Zawartość folderu 'Zaplanowane zadania'

2008-03-06 c:\windows\Tasks\Sprawdź aktualizacje paska narzędzi Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20]

2009-04-18 c:\windows\Tasks\User_Feed_Synchronization-{9E4445F2-5DCB-4D61-B6D0-DB078E9A096E}.job
- c:\windows\system32\msfeedssync.exe [2008-05-23 07:33]
.
- - - - USUNIĘTO PUSTE WPISY - - - -

HKCU-Run-Picasa Media Detector - c:\program files\Picasa2\PicasaMediaDetector.exe
MSConfigStartUp-ALUAlert - c:\program files\Symantec\LiveUpdate\ALuNotify.exe
MSConfigStartUp-ccApp - c:\program files\Common Files\Symantec Shared\ccApp.exe
MSConfigStartUp-osCheck - c:\program files\Norton Internet Security\osCheck.exe
MSConfigStartUp-Picasa Media Detector - c:\program files\Picasa2\PicasaMediaDetector.exe
MSConfigStartUp-Symantec PIF AlertEng - c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
MSConfigStartUp-WhenUSave - c:\program files\Save\Save.exe


.
------- Skan uzupełniający -------
.
uStart Page = hxxp://search.bearshare.com/pl/
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\julia\AppData\Roaming\Mozilla\Firefox\Profiles\gfiv6x62.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.onet.pl/
FF - component: c:\program files\DAEMON Tools Toolbar\FirefoxDTT\components\DTToolbarFF.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npganymedenet.dll
FF - plugin: c:\windows\system32\C2MP\npdivx32.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-18 11:21
Windows 6.0.6001 Service Pack 1 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...


c:\windows\system32\drivers\ovfsthpaycefekiotpfvxhfinvsuxchrpkmkyj.sys 83968 bytes executable
c:\windows\system32\ovfsthccwcrpcunfqnnbkvgebxmstfkdohtlbf.dll 19456 bytes executable
c:\windows\system32\ovfsthjkrxsvsnghaefnfrcuphrtsrjqfssrtu.dll 17920 bytes executable
c:\windows\system32\ovfsthnogtqldkqfrdxngpdeqgrvqoxypbuere.dat 43 bytes
c:\windows\system32\ovfsthorwpwxnyxggmdsrkbfgwyiombxyqevog.dll 17920 bytes executable
c:\windows\system32\ovfsthssojjsntpnpvoqwwexfjcxycpyfrsyhs.dll 19456 bytes executable
c:\windows\system32\ovfsthtnwljfcfldrsbwaxmkrjeqvbctnbwijy.dat 1531 bytes
c:\windows\system32\ovfsthutepvpfbvxvcpidtoowtnxtatbtmtmcs.dll 61440 bytes executable
c:\users\julia\AppData\Local\Temp\ovfsth000 0 bytes
c:\users\julia\AppData\Local\Temp\catchme.dll 53248 bytes executable

skanowanie pomyślnie ukończone
ukryte pliki: 10

**************************************************************************
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

- - - - - - - > 'Explorer.exe'(3968)
c:\windows\system32\wbemcomn.dll
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\windows\System32\nvvsvc.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\rundll32.exe
c:\program files\Spyware Doctor\pctsSvc.exe
c:\program files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
c:\windows\System32\conime.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\System32\wbem\unsecapp.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Czas ukończenia: 2009-04-18 11:34 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt 2009-04-18 09:34

Przed: 24 698 036 224 bajtów wolnych
Po: 79 373 594 624 bajtów wolnych

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
362 --- E O F --- 2009-04-16 21:02

[wojtas]

zmień nazwe tematu ,prosze opisac problem oraz prosze objąć log w tagi