Pop-up'y, spowolnienie kompa, problem z neostrada.

[Smilodon]

Witam,
prosze o pomoc, nie bede przesadzal i mowil, ze "jestem" powaznie zainfekowany, po prostu mam kilka drobnych problemow z komputerem, przez ktore czuje sie dyskomfort w pracy na nim.
Probowalem walczyc sam (antivirus, Spybot S&D, rejestr + Hijackthis), troche pomoglo, ale nadal (od 2 tygodni), cos nie tak dzieje sie z komputerem.
Pomijajac troche wolne wlaczanie sie systemu (wylaczylem zbedne uslugi przy starcie) i czeste "zamułki" moim glownym porblemem sa pop-upy i neostrada...
Uzywam Opery kilka ladnych lat i nigdy nie mialem problemow z popami (zawsze byla opcja blokuj niechciane okienka), ale od pewnego czasu gdy klikne na stronie w link, obrazek badz wolne pole pojawia sie pop-up o zawsze podbnym adresie, podejrzewam ze to jakis malo szkodliwy reklamiarz aczkolwiek uciazliwy...
Z neostrada natomiast jest tak, ze czesto przy uruchomieniu czy restarcie doslownie staje w miejscu a wraz z nia caly system czasem trwa to minute, czasem 2 czasem kilka kolejnych restartow systemu i dopiero pomaga...probowalem ja przeinstalowac niestety wyswietla mi sie --->
;
Skonfigurowalem lacze recznie w "Panleu sterowania" noi jakos dziala, ale wolalbym dawny spsob logowania (przywyczajenie ) - i tu tez moje pytanie to moze byc wina jakiegos robaka czy cus ?, ja podejrzewam, ze to cos w rejestrze ?

Oto logi:

ComboFix

Kod: Zaznacz wszystko

ComboFix 08-12-26.03 - Sobcik 2008-12-28  3:03:46.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1250.1.1045.18.2039.1611 [GMT 1:00]
Uruchomiony z: c:\documents and settings\Sobcik\Pulpit\ComboFix.exe
AV: avast! antivirus 4.8.1296 [VPS 081227-0] *On-access scanning disabled* (Outdated)

[COLOR=RED][B]UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !![/B][/COLOR]
.

(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Sobcik\Dane aplikacji\BITS
c:\documents and settings\Sobcik\Dane aplikacji\BITS\BITS.ini
c:\documents and settings\Sobcik\Dane aplikacji\BITS\DHTTable.dat
c:\documents and settings\Sobcik\Dane aplikacji\BITS\ProxyList.ini
c:\documents and settings\Sobcik\Dane aplikacji\BITS\Torrent\20081215015646.torrent
c:\documents and settings\Sobcik\Dane aplikacji\BITS\Torrent\20081215015646.torrent.bits
c:\documents and settings\Sobcik\Dane aplikacji\BITS\Torrent\20081215015646.torrent.filelist
c:\documents and settings\Sobcik\Dane aplikacji\BITS\Torrent\20081215015646.torrent.hybridlist
c:\documents and settings\Sobcik\Dane aplikacji\BITS\Torrent\20081215015646.torrent.seeds
c:\documents and settings\Sobcik\Dane aplikacji\BITS\UPnP.ini

.
(((((((((((((((((((((((((((((((((((((((   Sterowniki/Usługi   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ISODRIVE
-------\Service_ISODrive


(((((((((((((((((((((((((   Pliki utworzone od 2008-11-28 do 2008-12-28  )))))))))))))))))))))))))))))))
.

2008-12-28 02:32 . 2008-12-28 02:56   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\Spybot - Search & Destroy
2008-12-28 01:50 . 2008-12-28 01:50   <DIR>   d--------   c:\program files\Thomson
2008-12-28 01:45 . 2008-12-28 01:45   <DIR>   d--------   C:\!KillBox
2008-12-28 01:40 . 2008-12-09 22:17   <DIR>   d--h-----   c:\documents and settings\Administrator\Ustawienia lokalne
2008-12-28 01:40 . 2008-12-09 22:17   <DIR>   d--------   c:\documents and settings\Administrator\Ulubione
2008-12-28 01:40 . 2008-12-09 21:21   <DIR>   d--h-----   c:\documents and settings\Administrator\Szablony
2008-12-28 01:40 . 2008-12-09 22:17   <DIR>   d--------   c:\documents and settings\Administrator\Pulpit
2008-12-28 01:40 . 2008-12-09 22:17   <DIR>   d--------   c:\documents and settings\Administrator\Moje dokumenty
2008-12-28 01:40 . 2008-12-09 22:17   <DIR>   dr-------   c:\documents and settings\Administrator\Menu Start
2008-12-28 01:40 . 2008-12-09 22:17   <DIR>   dr-h-----   c:\documents and settings\Administrator\Dane aplikacji
2008-12-28 01:40 . 2008-12-28 01:40   <DIR>   d--------   c:\documents and settings\Administrator
2008-12-28 01:38 . 2008-12-28 03:06   <DIR>   d--------   c:\program files\Neostrada TP
2008-12-28 00:40 . 2008-12-28 00:40   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\temp
2008-12-28 00:40 . 2008-12-28 00:40   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\playfirst
2008-12-28 00:39 . 2008-12-28 00:39   <DIR>   d--------   c:\program files\Common Files\inca shared
2008-12-28 00:39 . 2008-12-28 00:39   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\simcity societies
2008-12-28 00:39 . 2008-12-28 00:39   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\nview_profiles
2008-12-28 00:14 . 2008-12-28 00:14   632   --a------   c:\windows\CoD.INI
2008-12-27 23:31 . 2008-12-13 07:39   3,593,216   --a------   c:\windows\system32\sete.tmp
2008-12-27 23:31 . 2008-12-13 07:39   3,593,216   --a------   c:\windows\system32\set5.tmp
2008-12-27 23:31 . 2008-12-13 07:39   3,593,216   --a------   c:\windows\system32\set242.tmp
2008-12-27 23:31 . 2008-12-27 23:31   1,409   --a------   c:\windows\system32\tmp3152F.FOT
2008-12-27 23:31 . 2008-12-27 16:26   1,393   --a------   c:\windows\imsins.bak
2008-12-27 23:14 . 2008-12-27 23:14   <DIR>   d--h-----   c:\windows\$hf_mig$
2008-12-27 07:25 . 2008-12-27 17:13   766   --a------   c:\windows\eReg.dat
2008-12-23 14:34 . 2008-12-23 14:34   664   --a------   c:\windows\system32\d3d9caps.dat
2008-12-23 09:20 . 2008-12-24 12:09   <DIR>   d--------   c:\documents and settings\Sobcik\Dane aplikacji\gtk-2.0
2008-12-23 09:20 . 2008-12-23 09:20   <DIR>   d--------   c:\documents and settings\Sobcik\.thumbnails
2008-12-23 09:19 . 2008-12-24 12:12   <DIR>   d--------   c:\documents and settings\Sobcik\.gimp-2.6
2008-12-23 09:19 . 2008-12-23 09:19   <DIR>   d--------   c:\documents and settings\Sobcik\.gegl-0.0
2008-12-20 02:45 . 2008-12-20 02:57   921,624   --a------   C:\img2-001.raw
2008-12-20 02:41 . 2008-12-20 02:41   <DIR>   d--------   c:\windows\system32\drivers\umdf
2008-12-20 02:39 . 2007-04-10 22:46   1,966,696   -ra------   c:\windows\system32\drivers\VX3000.sys
2008-12-20 02:39 . 2007-04-10 22:46   185,704   -ra------   c:\windows\system32\cVX3000.dll
2008-12-20 02:39 . 2008-04-14 22:51   91,648   --a------   c:\windows\system32\kswdmcap.ax
2008-12-20 02:39 . 2008-04-14 22:51   91,648   --a--c---   c:\windows\system32\dllcache\kswdmcap.ax
2008-12-20 02:39 . 2008-04-14 22:51   61,952   --a------   c:\windows\system32\kstvtune.ax
2008-12-20 02:39 . 2008-04-14 22:51   61,952   --a--c---   c:\windows\system32\dllcache\kstvtune.ax
2008-12-20 02:39 . 2008-04-14 22:50   54,784   --a------   c:\windows\system32\vfwwdm32.dll
2008-12-20 02:39 . 2008-04-14 22:50   54,784   --a--c---   c:\windows\system32\dllcache\vfwwdm32.dll
2008-12-20 02:39 . 2008-04-14 22:51   43,008   --a------   c:\windows\system32\ksxbar.ax
2008-12-20 02:39 . 2008-04-14 22:51   43,008   --a--c---   c:\windows\system32\dllcache\ksxbar.ax
2008-12-20 00:09 . 2008-12-20 00:09   <DIR>   d--hs----   c:\windows\ftpcache
2008-12-20 00:08 . 2008-12-20 00:08   <DIR>   d--------   c:\windows\system32\LogFiles
2008-12-20 00:08 . 2008-12-20 21:16   137,688   --a------   c:\windows\system32\drivers\PnkBstrK.sys
2008-12-20 00:08 . 2008-12-20 00:08   22,328   --a------   c:\documents and settings\Sobcik\Dane aplikacji\PnkBstrK.sys
2008-12-20 00:08 . 2008-12-20 00:08   281   --a------   c:\windows\game.ini
2008-12-19 23:01 . 2007-03-16 10:19   5,174   -ra------   c:\windows\system32\nppt9x.vxd
2008-12-19 23:01 . 2007-03-16 10:19   4,682   -ra------   c:\windows\system32\npptNT2.sys
2008-12-19 02:23 . 2008-12-19 02:23   <DIR>   d--------   c:\windows\Diner Dash Flo Through Time
2008-12-19 02:23 . 2008-12-19 02:27   <DIR>   d--------   c:\documents and settings\Sobcik\Dane aplikacji\PlayFirst
2008-12-15 03:47 . 2008-12-27 21:43   <DIR>   d--------   c:\documents and settings\Sobcik\Dane aplikacji\uTorrent
2008-12-14 19:21 . 2008-12-14 19:21   2,570   --a------   c:\windows\Opera.INI
2008-12-14 15:20 . 2008-12-14 15:20   <DIR>   d--------   c:\documents and settings\Sobcik\Dane aplikacji\Media Player Classic
2008-12-14 15:13 . 2005-11-28 06:56   143,360   -ra------   c:\windows\system32\igfxres.dll
2008-12-14 13:51 . 2006-11-24 14:47   40,136   --a------   c:\windows\system32\drivers\ET5Drv.sys
2008-12-14 13:36 . 2008-12-14 13:37   <DIR>   d--------   c:\program files\Gigabyte
2008-12-14 13:36 . 1998-10-02 19:00   327,168   --a------   c:\windows\IsUninst.exe
2008-12-13 23:45 . 2008-12-13 23:45   <DIR>   d--------   c:\documents and settings\Sobcik\Dane aplikacji\Logitech
2008-12-13 23:45 . 2008-12-13 23:45   127,034   -r-------   c:\windows\bwUnin-8.1.1.50-8876480SL.exe
2008-12-13 23:45 . 2008-12-28 00:31   1,846   --a------   c:\windows\unins000.dat
2008-12-13 23:44 . 2008-12-13 23:44   0   --ah-----   c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-12-13 23:44 . 2008-12-13 23:44   0   --ah-----   c:\windows\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf
2008-12-13 23:44 . 2008-12-13 23:44   0   --ah-----   c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2008-12-13 23:43 . 2008-12-20 02:43   <DIR>   d----c---   c:\windows\system32\DRVSTORE
2008-12-13 23:43 . 2008-12-13 23:43   <DIR>   d--------   c:\program files\Common Files\Logitech
2008-12-13 23:43 . 2008-12-13 23:43   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\Logitech
2008-12-13 23:43 . 2007-01-23 15:45   1,419,024   --a------   c:\windows\system32\WdfCoInstaller01005.dll
2008-12-13 23:43 . 2007-02-14 12:22   163,840   --a------   c:\windows\system32\kemutb.dll
2008-12-13 23:43 . 2007-02-14 12:21   135,168   --a------   c:\windows\system32\KemUtil.dll
2008-12-13 23:43 . 2007-02-14 12:21   110,592   --a------   c:\windows\system32\KemWnd.dll
2008-12-13 23:43 . 2007-02-14 12:22   69,632   --a------   c:\windows\system32\KemXML.dll
2008-12-13 23:43 . 2007-01-23 15:45   34,576   --a------   c:\windows\system32\drivers\LHidFilt.Sys
2008-12-13 23:43 . 2007-01-23 15:45   28,176   --a------   c:\windows\system32\drivers\LUsbFilt.sys
2008-12-13 23:32 . 2003-06-19 01:31   17,920   --a------   c:\windows\system32\mdimon.dll
2008-12-13 23:32 . 2008-12-13 23:32   421   --a------   c:\windows\ODBC.INI
2008-12-13 23:30 . 2008-12-13 23:30   <DIR>   d--------   c:\documents and settings\Sobcik\Dane aplikacji\Foxit
2008-12-13 23:29 . 2008-12-13 23:30   <DIR>   d--------   c:\windows\SHELLNEW
2008-12-13 23:28 . 2008-12-13 23:28   <DIR>   d--------   c:\program files\Microsoft.NET
2008-12-13 21:53 . 2006-10-05 03:42   2,560   ---------   c:\windows\system32\drivers\cdralw2k.sys
2008-12-13 21:53 . 2006-10-05 03:42   2,432   ---------   c:\windows\system32\drivers\cdr4_xp.sys
2008-12-13 20:55 . 2008-12-17 03:49   <DIR>   d--------   c:\documents and settings\Sobcik\.netbeans-derby
2008-12-13 18:33 . 2008-12-13 18:34   56   --a------   c:\windows\Kulki.ini
2008-12-13 18:09 . 2008-12-13 18:09   <DIR>   d--------   c:\documents and settings\Sobcik\.netbeans-registration
2008-12-13 18:09 . 2008-12-13 20:54   <DIR>   d--------   c:\documents and settings\Sobcik\.netbeans
2008-12-13 18:04 . 2008-12-17 03:49   <DIR>   d--------   c:\program files\glassfish-v2ur2
2008-12-13 18:01 . 2008-12-13 18:07   <DIR>   d--------   c:\program files\Common Files\Adobe
2008-12-13 17:06 . 2008-12-13 17:06   <DIR>   d--------   c:\documents and settings\Sobcik\Dane aplikacji\DAEMON Tools
2008-12-11 23:34 . 2008-10-16 21:33   6,066,176   -----c---   c:\windows\system32\dllcache\ieframe.dll
2008-12-11 23:34 . 2007-04-17 10:32   2,455,488   -----c---   c:\windows\system32\dllcache\ieapfltr.dat
2008-12-11 23:34 . 2007-03-08 06:11   1,036,288   -----c---   c:\windows\system32\dllcache\ieframe.dll.mui
2008-12-11 23:34 . 2008-10-16 21:33   459,264   -----c---   c:\windows\system32\dllcache\msfeeds.dll
2008-12-11 23:34 . 2008-10-16 21:33   383,488   -----c---   c:\windows\system32\dllcache\ieapfltr.dll
2008-12-11 23:34 . 2008-10-16 21:33   267,776   -----c---   c:\windows\system32\dllcache\iertutil.dll
2008-12-11 23:34 . 2008-10-16 21:33   63,488   -----c---   c:\windows\system32\dllcache\icardie.dll
2008-12-11 23:34 . 2008-10-16 21:33   52,224   -----c---   c:\windows\system32\dllcache\msfeedsbs.dll
2008-12-11 23:34 . 2008-10-16 14:11   13,824   -----c---   c:\windows\system32\dllcache\ieudinit.exe
2008-12-11 14:26 . 2008-04-14 22:51   221,184   --a------   c:\windows\system32\wmpns.dll
2008-12-11 12:25 . 2008-12-11 12:27   <DIR>   d--------   c:\windows\ServicePackFiles
2008-12-11 12:25 . 2008-04-14 22:51   294,912   -----c---   c:\windows\system32\dllcache\dlimport.exe
2008-12-11 02:02 . 2008-12-11 02:02   <DIR>   d--------   c:\windows\system32\XPSViewer
2008-12-11 02:02 . 2008-12-11 02:02   <DIR>   d--------   c:\program files\Reference Assemblies
2008-12-11 02:02 . 2008-12-11 02:02   <DIR>   d--------   c:\program files\MSBuild
2008-12-11 02:02 . 2006-06-29 13:07   14,048   ---------   c:\windows\system32\spmsg2.dll
2008-12-11 01:56 . 2008-12-11 01:56   <DIR>   d--------   c:\documents and settings\Sobcik\Dane aplikacji\Shareaza
2008-12-11 01:43 . 2008-12-13 17:06   717,296   --a------   c:\windows\system32\drivers\sptd.sys
2008-12-11 01:30 . 2008-06-14 18:36   273,024   -----c---   c:\windows\system32\dllcache\bthport.sys
2008-12-11 01:29 . 2008-08-14 11:04   138,496   -----c---   c:\windows\system32\dllcache\afd.sys
2008-12-11 01:27 . 2008-12-13 07:39   3,593,216   -----c---   c:\windows\system32\dllcache\mshtml.dll
2008-12-11 01:27 . 2008-10-16 02:02   1,499,136   -----c---   c:\windows\system32\dllcache\shdocvw.dll
2008-12-11 01:27 . 2008-10-16 21:33   1,160,192   -----c---   c:\windows\system32\dllcache\urlmon.dll
2008-12-11 01:27 . 2008-10-16 21:33   826,368   -----c---   c:\windows\system32\dllcache\wininet.dll
2008-12-11 01:27 . 2008-09-08 11:41   333,824   -----c---   c:\windows\system32\dllcache\srv.sys
2008-12-11 01:26 . 2008-08-14 14:26   2,190,464   -----c---   c:\windows\system32\dllcache\ntoskrnl.exe
2008-12-11 01:26 . 2008-08-14 14:26   2,146,816   -----c---   c:\windows\system32\dllcache\ntkrnlmp.exe
2008-12-11 01:26 . 2008-08-14 14:26   2,067,328   -----c---   c:\windows\system32\dllcache\ntkrnlpa.exe
2008-12-11 01:26 . 2008-08-14 14:26   2,025,472   -----c---   c:\windows\system32\dllcache\ntkrpamp.exe
2008-12-11 01:26 . 2008-09-15 16:27   1,846,656   -----c---   c:\windows\system32\dllcache\win32k.sys
2008-12-11 01:25 . 2008-09-04 18:17   1,106,944   -----c---   c:\windows\system32\dllcache\msxml3.dll
2008-12-11 01:25 . 2008-04-11 20:06   691,712   -----c---   c:\windows\system32\dllcache\inetcomm.dll
2008-12-11 01:25 . 2008-10-24 12:21   455,296   -----c---   c:\windows\system32\dllcache\mrxsmb.sys
2008-12-11 01:25 . 2008-10-15 17:36   337,408   -----c---   c:\windows\system32\dllcache\netapi32.dll
2008-12-11 01:25 . 2008-05-01 15:37   331,776   -----c---   c:\windows\system32\dllcache\msadce.dll
2008-12-11 01:25 . 2008-05-08 15:02   203,136   -----c---   c:\windows\system32\dllcache\rmcast.sys
2008-12-10 02:54 . 2008-12-10 02:54   <DIR>   d--------   c:\documents and settings\Sobcik\English Translator 3

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-28 00:50   ---------   d--h--w   c:\program files\InstallShield Installation Information
2008-12-27 22:39   ---------   d-----w   c:\program files\Common Files\InstallShield
2008-12-09 20:44   ---------   d-----w   c:\program files\Realtek
2008-12-09 20:44   ---------   d-----w   c:\documents and settings\Sobcik\Dane aplikacji\InstallShield
2008-12-09 20:41   ---------   d-----w   c:\program files\Intel
2008-12-09 20:25   ---------   d-----w   c:\program files\microsoft frontpage
2008-12-09 20:23   ---------   d-----w   c:\program files\Usługi online
2008-11-02 14:02   7,680   ----a-w   c:\windows\system32\ff_vfw.dll
2008-10-28 22:35   684,032   ----a-w   c:\windows\system32\divx.dll
2008-10-27 09:04   235,856   ----a-w   c:\windows\system32\xactengine3_3.dll
2008-10-27 09:04   23,376   ----a-w   c:\windows\system32\X3DAudio1_5.dll
2008-10-23 12:42   286,720   ----a-w   c:\windows\system32\gdi32.dll
2008-10-16 20:33   826,368   ----a-w   c:\windows\system32\wininet.dll
2008-10-16 13:13   202,776   ----a-w   c:\windows\system32\wuweb.dll
2008-10-16 13:13   1,809,944   ----a-w   c:\windows\system32\wuaueng.dll
2008-10-16 13:12   561,688   ----a-w   c:\windows\system32\wuapi.dll
2008-10-16 13:12   323,608   ----a-w   c:\windows\system32\wucltui.dll
2008-10-16 13:09   92,696   ----a-w   c:\windows\system32\cdm.dll
2008-10-16 13:09   51,224   ----a-w   c:\windows\system32\wuauclt.exe
2008-10-16 13:09   43,544   ----a-w   c:\windows\system32\wups2.dll
2008-10-16 13:08   34,328   ----a-w   c:\windows\system32\wups.dll
2008-10-03 10:04   247,326   ----a-w   c:\windows\system32\strmdll.dll
.

(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="d:\programy\Avast\ashDisp.exe" [2008-11-26 81000]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"DeathAdder"="d:\programy\Razer\razerhid.exe" [2007-09-07 159744]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-28 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-28 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-28 118784]
"SpeedTouch USB Diagnostics"="c:\program files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 866816]
"WooCnxMon"="c:\progra~1\NEOSTR~1\CnxMon.exe" [2003-10-16 24576]
"WOOWATCH"="c:\progra~1\NEOSTR~1\Watch.exe" [2003-10-16 20480]
"WOOTASKBARICON"="c:\progra~1\NEOSTR~1\TaskbarIcon.exe" [2003-10-16 53248]
"RTHDCPL"="RTHDCPL.EXE" [2006-11-14 c:\windows\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe]
"nwiz"="nwiz.exe" [2008-10-07 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Natter.lnk]
path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Natter.lnk
backup=c:\windows\pss\Natter.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a--c--- 2008-08-08 13:11 490952 d:\programy\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EasyTuneV]
--a------ 2006-12-15 14:13 31552 c:\program files\Gigabyte\ET5\ETcall.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Odkurzacz-MCD]
--a--c--- 2008-08-16 16:01 264704 d:\programy\Odkurzacz\odk_mcd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
--a--c--- 2008-08-21 02:18 443968 d:\programy\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-12-10 01:24 140672 c:\program files\Java\jre1.7.0\bin\jusched.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Java\\jre1.7.0\\bin\\java.exe"=
"e:\\GRY\\FlatOut\\flatout.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Java\\jdk1.6.0_11\\bin\\java.exe"=
"d:\\PROGRAMY\\Shareaza\\Shareaza.exe"=
"d:\\PROGRAMY\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"e:\\GRY\\Valve\\SteamApps\\sobcik\\counter-strike\\hl.exe"=
"c:\\Program Files\\Gigabyte\\@BIOS\\gwflash.exe"=
"d:\\PROGRAMY\\Opera\\opera.exe"=
"d:\\PROGRAMY\\uTorrent\\uTorrent.exe"=
"d:\\PROGRAMY\\Gadu-Gadu\\gg.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-12-09 111184]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-12-09 20560]
R3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys [2008-12-10 22784]
S3 cpuz131;cpuz131;\??\c:\docume~1\Sobcik\USTAWI~1\Temp\cpuz131\cpuz_x32.sys []
S3 CyUsb;Cypress Generic USB Driver;c:\windows\system32\Drivers\CyUsb.sys [2008-12-10 31104]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c0bd09c0-c63a-11dd-8b1e-000e507096c9}]
\Shell\AutoRun\command - L:\o1.com
\Shell\explore\Command - L:\o1.com
\Shell\open\Command - L:\o1.com
.
- - - - USUNIĘTO PUSTE WPISY - - - -

MSConfigStartUp-VX3000 - c:\windows\vVX3000.exe


.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.neostrada.pl
uInternet Connection Wizard,ShellNext = iexplore
IE: &Pobierz wszystko przez FlashGet - d:\programy\FlashGet\ComDlls\Bhoall.htm
IE: &Pobrane przez FlashGet - d:\programy\FlashGet\ComDlls\Bholink.htm
IE: E&ksport do programu Microsoft Excel - d:\programy\Office\OFFICE11\EXCEL.EXE/3000
IE: { - c:\program files\Messenger\msmsgs.exe
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - d:\programy\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\Sobcik\Dane aplikacji\Mozilla\Firefox\Profiles\uyey3txx.default\
FF - prefs.js: browser.search.selectedEngine - Allegro
FF - component: d:\programy\FireFox\components\flashgetXpi.dll
FF - component: d:\programy\FireFox\components\iamfamous.dll
FF - plugin: c:\program files\Java\jre1.7.0\bin\npjava11.dll
FF - plugin: c:\program files\Java\jre1.7.0\bin\npjava12.dll
FF - plugin: c:\program files\Java\jre1.7.0\bin\npjava13.dll
FF - plugin: c:\program files\Java\jre1.7.0\bin\npjava14.dll
FF - plugin: c:\program files\Java\jre1.7.0\bin\npjava32.dll
FF - plugin: c:\program files\Java\jre1.7.0\bin\npjpi170.dll
FF - plugin: c:\program files\Java\jre1.7.0\bin\npoji610.dll
FF - plugin: d:\programy\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: d:\programy\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: d:\programy\Opera\program\plugins\npdsplay.dll
FF - plugin: d:\programy\Opera\program\plugins\NPFgc1.dll
FF - plugin: d:\programy\Opera\program\plugins\NPFgc2.dll
FF - plugin: d:\programy\Opera\program\plugins\NPFgc3.dll
FF - plugin: d:\programy\Opera\program\plugins\NPOFFICE.DLL
FF - plugin: d:\programy\Opera\program\plugins\nppl3260.dll
FF - plugin: d:\programy\Opera\program\plugins\nprpjplug.dll
FF - plugin: d:\programy\Opera\program\plugins\NPSWF32.dll
FF - plugin: d:\programy\Opera\program\plugins\npwmsdrm.dll
FF - plugin: d:\programy\Picasa2\npPicasa2.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-28 03:07:08
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone
ukryte pliki:

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\msqpdxserv.sys]
"imagepath"="\systemroot\system32\drivers\msqpdxpaxtoexh.sys"
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
d:\programy\Avast\aswUpdSv.exe
d:\programy\Avast\ashServ.exe
c:\windows\system32\nvsvc32.exe
d:\programy\Avast\ashMaiSv.exe
d:\programy\Avast\ashWebSv.exe
c:\windows\system32\rundll32.exe
d:\programy\Razer\razertra.exe
d:\programy\Razer\razerofa.exe
.
**************************************************************************
.
Czas ukończenia: 2008-12-28  3:07:58 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt  2008-12-28 02:07:55

Przed: 17 999 269 888 bajtów wolnych
Po: 17,914,998,784 bajtów wolnych

315   --- E O F ---   2008-12-27 22:14:22


HijackThis

Kod: Zaznacz wszystko

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:27:58, on 2008-12-28
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\PROGRAMY\Avast\aswUpdSv.exe
D:\PROGRAMY\Avast\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
D:\PROGRAMY\Avast\ashMaiSv.exe
D:\PROGRAMY\Avast\ashWebSv.exe
C:\WINDOWS\RTHDCPL.EXE
D:\PROGRAMY\Avast\ashDisp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
D:\PROGRAMY\Razer\razerhid.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\NEOSTR~1\CnxMon.exe
D:\PROGRAMY\Razer\razertra.exe
D:\PROGRAMY\Razer\razerofa.exe
C:\WINDOWS\explorer.exe
D:\PROGRAMY\Opera\opera.exe
F:\NeostradaTP\Neostrada.exe
C:\PROGRA~1\NEOSTR~1\Barriere.exe
D:\Multimedia\Duperele\De bello Troiano\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.7.0\bin\ssv.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [avast!] D:\PROGRAMY\Avast\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DeathAdder] D:\PROGRAMY\Razer\razerhid.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\RunOnce: [Fail] C:\PROGRA~1\NEOSTR~1\Fail.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Pobierz wszystko przez FlashGet - D:\PROGRAMY\FlashGet\ComDlls\Bhoall.htm
O8 - Extra context menu item: &Pobrane przez FlashGet - D:\PROGRAMY\FlashGet\ComDlls\Bholink.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://D:\PROGRAMY\Office\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.7.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.7.0\bin\ssv.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRAMY\Office\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{8F67494A-DB3F-4B5F-8EA2-97BBEC773D9C}: NameServer = 85.255.115.50,85.255.112.154
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.50 85.255.112.154
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.114.43;85.255.112.165
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.50 85.255.112.154
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - D:\PROGRAMY\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\PROGRAMY\Avast\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\PROGRAMY\Avast\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\PROGRAMY\Avast\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\PROGRAMY\Avast\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe (file missing)
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe (file missing)

--
End of file - 5821 bytes


Pozdrawiam i dziekuje za pomoc.

PS. W logu z Hijacka nie pasuja mi tez linie 017, usuwalem to juz kilka razy i nic ciagle wraca.

[wojtas]

Wykonaj to co jest podane w tym temacie

Ściągnij program Fixwareout i zastosuj go

Zastosuj SDFix . Po pobraniu uruchom go a rozpakuje się do C:\SDFix. Uruchom komputer w trybie awaryjnym (F8 przy stracie systemu). Będąc w awaryjnym uruchom plik RunThis.bat z folderu SDFixa. Zatwierdź czyszczenie przez Y. Poczekaj aż ukończy i komputer zresetuje

Potem wejdz do folderu C:\SDFix wrzuc zawartość pliku Report.txt + log z combofixa oraz daj loga z hijacka

[Smilodon]

Witam, kiedys natrafilem na jakas wzmianke w internecie z tym Fixewarout'em i nawet stosowalem, ale nie pomoglo... pomimo tego zastosowalem sie do podanych porad oto logi:

SDFix

Kod: Zaznacz wszystko

[b]SDFix: Version 1.240 [/b]
Run by Sobcik on 2008-12-29 at 01:10

Microsoft Windows XP [Wersja 5.1.2600]
Running From: C:\SDFix

[b]Checking Services [/b]:


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


[b]Checking Files [/b]:

No Trojan Files Found






Removing Temp Files

[b]ADS Check [/b]:



                                 [b]Final Check [/b]:

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-29 01:14:11
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

disk error: C:\WINDOWS\system32\config\system, 0
scanning hidden registry entries ...

disk error: C:\WINDOWS\system32\config\software, 0
disk error: C:\Documents and Settings\Sobcik\ntuser.dat, 0
scanning hidden files ...

disk error: C:\WINDOWS\

please note that you need administrator rights to perform deep scan

[b]Remaining Services [/b]:




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Java\\jre1.7.0\\bin\\java.exe"="C:\\Program Files\\Java\\jre1.7.0\\bin\\java.exe:*:Enabled:Java(TM) Platform SE binary"
"E:\\GRY\\FlatOut\\flatout.exe"="E:\\GRY\\FlatOut\\flatout.exe:*:Enabled:flatout"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Java\\jdk1.6.0_11\\bin\\java.exe"="C:\\Program Files\\Java\\jdk1.6.0_11\\bin\\java.exe:*:Enabled:Java(TM) Platform SE binary"
"D:\\PROGRAMY\\Shareaza\\Shareaza.exe"="D:\\PROGRAMY\\Shareaza\\Shareaza.exe:*:Enabled:Shareaza Ultimate File Sharing"
"D:\\PROGRAMY\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="D:\\PROGRAMY\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"E:\\GRY\\Valve\\SteamApps\\sobcik\\counter-strike\\hl.exe"="E:\\GRY\\Valve\\SteamApps\\sobcik\\counter-strike\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\Gigabyte\\@BIOS\\gwflash.exe"="C:\\Program Files\\Gigabyte\\@BIOS\\gwflash.exe:*:Enabled:gwflash"
"D:\\PROGRAMY\\Opera\\opera.exe"="D:\\PROGRAMY\\Opera\\opera.exe:*:Enabled:Opera Internet Browser"
"D:\\PROGRAMY\\uTorrent\\uTorrent.exe"="D:\\PROGRAMY\\uTorrent\\uTorrent.exe:*:Enabled:uTorrent"
"D:\\PROGRAMY\\Gadu-Gadu\\gg.exe"="D:\\PROGRAMY\\Gadu-Gadu\\gg.exe:*:Enabled:Gadu-Gadu - program gˆ˘wny"
"C:\\Program Files\\Java\\jre1.7.0\\launch4j-tmp\\JDownloader.exe"="C:\\Program Files\\Java\\jre1.7.0\\launch4j-tmp\\JDownloader.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\\WINDOWS\\system32\\java.exe"="C:\\WINDOWS\\system32\\java.exe:*:Enabled:Java(TM) Platform SE binary"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\\PROGRAMY\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="D:\\PROGRAMY\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"

[b]Remaining Files [/b]:



[b]Files with Hidden Attributes [/b]:


[b]Finished![/b]



ComboFix

Kod: Zaznacz wszystko

ComboFix 08-12-26.03 - Sobcik 2008-12-29  1:15:05.2 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1250.1.1045.18.2039.1601 [GMT 1:00]
Uruchomiony z: c:\documents and settings\Sobcik\Pulpit\ComboFix.exe
AV: avast! antivirus 4.8.1296 [VPS 081228-0] *On-access scanning disabled* (Outdated)

[COLOR=RED][B]UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !![/B][/COLOR]
.

(((((((((((((((((((((((((   Pliki utworzone od 2008-11-28 do 2008-12-29  )))))))))))))))))))))))))))))))
.

2008-12-29 01:10 . 2008-12-29 01:10   580,096   --a--c---   c:\windows\system32\dllcache\user32.dll
2008-12-29 01:08 . 2008-12-29 01:09   <DIR>   d--------   c:\windows\ERUNT
2008-12-29 01:03 . 2008-12-29 01:14   <DIR>   d--------   C:\SDFix
2008-12-29 01:00 . 2008-12-29 01:03   <DIR>   d--------   C:\fixwareout
2008-12-28 02:32 . 2008-12-28 02:56   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\Spybot - Search & Destroy
2008-12-28 01:50 . 2008-12-28 05:31   <DIR>   d--------   c:\program files\Thomson
2008-12-28 01:40 . 2008-12-29 01:16   <DIR>   d--h-----   c:\documents and settings\Administrator\Ustawienia lokalne
2008-12-28 01:40 . 2008-12-09 22:17   <DIR>   d--------   c:\documents and settings\Administrator\Ulubione
2008-12-28 01:40 . 2008-12-09 21:21   <DIR>   d--h-----   c:\documents and settings\Administrator\Szablony
2008-12-28 01:40 . 2008-12-09 22:17   <DIR>   d--------   c:\documents and settings\Administrator\Pulpit
2008-12-28 01:40 . 2008-12-09 22:17   <DIR>   d--------   c:\documents and settings\Administrator\Moje dokumenty
2008-12-28 01:40 . 2008-12-09 22:17   <DIR>   dr-------   c:\documents and settings\Administrator\Menu Start
2008-12-28 01:40 . 2008-12-09 22:17   <DIR>   dr-h-----   c:\documents and settings\Administrator\Dane aplikacji
2008-12-28 01:40 . 2008-12-28 01:40   <DIR>   d--------   c:\documents and settings\Administrator
2008-12-28 01:38 . 2008-12-28 06:16   <DIR>   d--------   c:\program files\Neostrada TP
2008-12-28 00:40 . 2008-12-28 05:25   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\temp
2008-12-28 00:40 . 2008-12-28 05:25   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\playfirst
2008-12-28 00:39 . 2008-12-28 05:25   <DIR>   d--------   c:\program files\Common Files\inca shared
2008-12-28 00:39 . 2008-12-28 05:25   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\nview_profiles
2008-12-28 00:14 . 2008-12-28 00:14   632   --a------   c:\windows\CoD.INI
2008-12-27 23:31 . 2008-12-27 23:31   1,409   --a------   c:\windows\system32\tmp3152F.FOT
2008-12-27 07:25 . 2008-12-27 17:13   766   --a------   c:\windows\eReg.dat
2008-12-23 14:34 . 2008-12-23 14:34   664   --a------   c:\windows\system32\d3d9caps.dat
2008-12-23 09:20 . 2008-12-24 12:09   <DIR>   d--------   c:\documents and settings\Sobcik\Dane aplikacji\gtk-2.0
2008-12-23 09:20 . 2008-12-23 09:20   <DIR>   d--------   c:\documents and settings\Sobcik\.thumbnails
2008-12-23 09:19 . 2008-12-24 12:12   <DIR>   d--------   c:\documents and settings\Sobcik\.gimp-2.6
2008-12-23 09:19 . 2008-12-23 09:19   <DIR>   d--------   c:\documents and settings\Sobcik\.gegl-0.0
2008-12-20 02:45 . 2008-12-20 02:57   921,624   --a------   C:\img2-001.raw
2008-12-20 02:41 . 2008-12-20 02:41   <DIR>   d--------   c:\windows\system32\drivers\umdf
2008-12-20 02:39 . 2007-04-10 22:46   1,966,696   -ra------   c:\windows\system32\drivers\VX3000.sys
2008-12-20 02:39 . 2007-04-10 22:46   185,704   -ra------   c:\windows\system32\cVX3000.dll
2008-12-20 02:39 . 2008-04-14 22:51   91,648   --a------   c:\windows\system32\kswdmcap.ax
2008-12-20 02:39 . 2008-04-14 22:51   91,648   --a--c---   c:\windows\system32\dllcache\kswdmcap.ax
2008-12-20 02:39 . 2008-04-14 22:51   61,952   --a------   c:\windows\system32\kstvtune.ax
2008-12-20 02:39 . 2008-04-14 22:51   61,952   --a--c---   c:\windows\system32\dllcache\kstvtune.ax
2008-12-20 02:39 . 2008-04-14 22:50   54,784   --a------   c:\windows\system32\vfwwdm32.dll
2008-12-20 02:39 . 2008-04-14 22:50   54,784   --a--c---   c:\windows\system32\dllcache\vfwwdm32.dll
2008-12-20 02:39 . 2008-04-14 22:51   43,008   --a------   c:\windows\system32\ksxbar.ax
2008-12-20 02:39 . 2008-04-14 22:51   43,008   --a--c---   c:\windows\system32\dllcache\ksxbar.ax
2008-12-20 00:09 . 2008-12-20 00:09   <DIR>   d--hs----   c:\windows\ftpcache
2008-12-20 00:08 . 2008-12-20 00:08   <DIR>   d--------   c:\windows\system32\LogFiles
2008-12-20 00:08 . 2008-12-20 21:16   137,688   --a------   c:\windows\system32\drivers\PnkBstrK.sys
2008-12-20 00:08 . 2008-12-20 00:08   22,328   --a------   c:\documents and settings\Sobcik\Dane aplikacji\PnkBstrK.sys
2008-12-20 00:08 . 2008-12-20 00:08   281   --a------   c:\windows\game.ini
2008-12-19 23:01 . 2007-03-16 10:19   5,174   -ra------   c:\windows\system32\nppt9x.vxd
2008-12-19 23:01 . 2007-03-16 10:19   4,682   -ra------   c:\windows\system32\npptNT2.sys
2008-12-19 02:23 . 2008-12-19 02:23   <DIR>   d--------   c:\windows\Diner Dash Flo Through Time
2008-12-19 02:23 . 2008-12-19 02:27   <DIR>   d--------   c:\documents and settings\Sobcik\Dane aplikacji\PlayFirst
2008-12-15 03:47 . 2008-12-28 23:52   <DIR>   d--------   c:\documents and settings\Sobcik\Dane aplikacji\uTorrent
2008-12-14 19:21 . 2008-12-14 19:21   2,570   --a------   c:\windows\Opera.INI
2008-12-14 15:20 . 2008-12-14 15:20   <DIR>   d--------   c:\documents and settings\Sobcik\Dane aplikacji\Media Player Classic
2008-12-14 15:13 . 2005-11-28 06:56   143,360   -ra------   c:\windows\system32\igfxres.dll
2008-12-14 13:51 . 2006-11-24 14:47   40,136   --a------   c:\windows\system32\drivers\ET5Drv.sys
2008-12-14 13:36 . 2008-12-14 13:37   <DIR>   d--------   c:\program files\Gigabyte
2008-12-14 13:36 . 1998-10-02 19:00   327,168   --a------   c:\windows\IsUninst.exe
2008-12-13 23:45 . 2008-12-13 23:45   <DIR>   d--------   c:\documents and settings\Sobcik\Dane aplikacji\Logitech
2008-12-13 23:45 . 2008-12-13 23:45   127,034   -r-------   c:\windows\bwUnin-8.1.1.50-8876480SL.exe
2008-12-13 23:45 . 2008-12-28 00:31   1,846   --a------   c:\windows\unins000.dat
2008-12-13 23:44 . 2008-12-13 23:44   0   --ah-----   c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-12-13 23:44 . 2008-12-13 23:44   0   --ah-----   c:\windows\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf
2008-12-13 23:44 . 2008-12-13 23:44   0   --ah-----   c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2008-12-13 23:43 . 2008-12-20 02:43   <DIR>   d----c---   c:\windows\system32\DRVSTORE
2008-12-13 23:43 . 2008-12-13 23:43   <DIR>   d--------   c:\program files\Common Files\Logitech
2008-12-13 23:43 . 2008-12-13 23:43   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\Logitech
2008-12-13 23:43 . 2007-01-23 15:45   1,419,024   --a------   c:\windows\system32\WdfCoInstaller01005.dll
2008-12-13 23:43 . 2007-02-14 12:22   163,840   --a------   c:\windows\system32\kemutb.dll
2008-12-13 23:43 . 2007-02-14 12:21   135,168   --a------   c:\windows\system32\KemUtil.dll
2008-12-13 23:43 . 2007-02-14 12:21   110,592   --a------   c:\windows\system32\KemWnd.dll
2008-12-13 23:43 . 2007-02-14 12:22   69,632   --a------   c:\windows\system32\KemXML.dll
2008-12-13 23:43 . 2007-01-23 15:45   34,576   --a------   c:\windows\system32\drivers\LHidFilt.Sys
2008-12-13 23:43 . 2007-01-23 15:45   28,176   --a------   c:\windows\system32\drivers\LUsbFilt.sys
2008-12-13 23:32 . 2003-06-19 01:31   17,920   --a------   c:\windows\system32\mdimon.dll
2008-12-13 23:32 . 2008-12-13 23:32   421   --a------   c:\windows\ODBC.INI
2008-12-13 23:30 . 2008-12-13 23:30   <DIR>   d--------   c:\documents and settings\Sobcik\Dane aplikacji\Foxit
2008-12-13 23:29 . 2008-12-13 23:30   <DIR>   d--------   c:\windows\SHELLNEW
2008-12-13 23:28 . 2008-12-13 23:28   <DIR>   d--------   c:\program files\Microsoft.NET
2008-12-13 21:53 . 2006-10-05 03:42   2,560   ---------   c:\windows\system32\drivers\cdralw2k.sys
2008-12-13 21:53 . 2006-10-05 03:42   2,432   ---------   c:\windows\system32\drivers\cdr4_xp.sys
2008-12-13 20:55 . 2008-12-17 03:49   <DIR>   d--------   c:\documents and settings\Sobcik\.netbeans-derby
2008-12-13 18:33 . 2008-12-13 18:34   56   --a------   c:\windows\Kulki.ini
2008-12-13 18:09 . 2008-12-13 18:09   <DIR>   d--------   c:\documents and settings\Sobcik\.netbeans-registration
2008-12-13 18:09 . 2008-12-13 20:54   <DIR>   d--------   c:\documents and settings\Sobcik\.netbeans
2008-12-13 18:04 . 2008-12-17 03:49   <DIR>   d--------   c:\program files\glassfish-v2ur2
2008-12-13 18:01 . 2008-12-13 18:07   <DIR>   d--------   c:\program files\Common Files\Adobe
2008-12-13 17:06 . 2008-12-13 17:06   <DIR>   d--------   c:\documents and settings\Sobcik\Dane aplikacji\DAEMON Tools
2008-12-11 23:34 . 2008-10-16 21:33   6,066,176   -----c---   c:\windows\system32\dllcache\ieframe.dll
2008-12-11 23:34 . 2007-04-17 10:32   2,455,488   -----c---   c:\windows\system32\dllcache\ieapfltr.dat
2008-12-11 23:34 . 2007-03-08 06:11   1,036,288   -----c---   c:\windows\system32\dllcache\ieframe.dll.mui
2008-12-11 23:34 . 2008-10-16 21:33   459,264   -----c---   c:\windows\system32\dllcache\msfeeds.dll
2008-12-11 23:34 . 2008-10-16 21:33   383,488   -----c---   c:\windows\system32\dllcache\ieapfltr.dll
2008-12-11 23:34 . 2008-10-16 21:33   267,776   -----c---   c:\windows\system32\dllcache\iertutil.dll
2008-12-11 23:34 . 2008-10-16 21:33   63,488   -----c---   c:\windows\system32\dllcache\icardie.dll
2008-12-11 23:34 . 2008-10-16 21:33   52,224   -----c---   c:\windows\system32\dllcache\msfeedsbs.dll
2008-12-11 23:34 . 2008-10-16 14:11   13,824   -----c---   c:\windows\system32\dllcache\ieudinit.exe
2008-12-11 14:26 . 2008-04-14 22:51   221,184   --a------   c:\windows\system32\wmpns.dll
2008-12-11 12:25 . 2008-12-11 12:27   <DIR>   d--------   c:\windows\ServicePackFiles
2008-12-11 12:25 . 2008-04-14 22:51   294,912   -----c---   c:\windows\system32\dllcache\dlimport.exe
2008-12-11 02:02 . 2008-12-11 02:02   <DIR>   d--------   c:\windows\system32\XPSViewer
2008-12-11 02:02 . 2008-12-11 02:02   <DIR>   d--------   c:\program files\Reference Assemblies
2008-12-11 02:02 . 2008-12-11 02:02   <DIR>   d--------   c:\program files\MSBuild
2008-12-11 02:02 . 2006-06-29 13:07   14,048   ---------   c:\windows\system32\spmsg2.dll
2008-12-11 01:56 . 2008-12-11 01:56   <DIR>   d--------   c:\documents and settings\Sobcik\Dane aplikacji\Shareaza
2008-12-11 01:43 . 2008-12-13 17:06   717,296   --a------   c:\windows\system32\drivers\sptd.sys
2008-12-11 01:30 . 2008-06-14 18:36   273,024   -----c---   c:\windows\system32\dllcache\bthport.sys
2008-12-11 01:29 . 2008-08-14 11:04   138,496   -----c---   c:\windows\system32\dllcache\afd.sys
2008-12-11 01:27 . 2008-12-13 07:39   3,593,216   -----c---   c:\windows\system32\dllcache\mshtml.dll
2008-12-11 01:27 . 2008-10-16 02:02   1,499,136   -----c---   c:\windows\system32\dllcache\shdocvw.dll
2008-12-11 01:27 . 2008-10-16 21:33   1,160,192   -----c---   c:\windows\system32\dllcache\urlmon.dll
2008-12-11 01:27 . 2008-10-16 21:33   826,368   -----c---   c:\windows\system32\dllcache\wininet.dll
2008-12-11 01:27 . 2008-09-08 11:41   333,824   -----c---   c:\windows\system32\dllcache\srv.sys
2008-12-11 01:26 . 2008-08-14 14:26   2,190,464   -----c---   c:\windows\system32\dllcache\ntoskrnl.exe
2008-12-11 01:26 . 2008-08-14 14:26   2,146,816   -----c---   c:\windows\system32\dllcache\ntkrnlmp.exe
2008-12-11 01:26 . 2008-08-14 14:26   2,067,328   -----c---   c:\windows\system32\dllcache\ntkrnlpa.exe
2008-12-11 01:26 . 2008-08-14 14:26   2,025,472   -----c---   c:\windows\system32\dllcache\ntkrpamp.exe
2008-12-11 01:26 . 2008-09-15 16:27   1,846,656   -----c---   c:\windows\system32\dllcache\win32k.sys
2008-12-11 01:25 . 2008-09-04 18:17   1,106,944   -----c---   c:\windows\system32\dllcache\msxml3.dll
2008-12-11 01:25 . 2008-04-11 20:06   691,712   -----c---   c:\windows\system32\dllcache\inetcomm.dll
2008-12-11 01:25 . 2008-10-24 12:21   455,296   -----c---   c:\windows\system32\dllcache\mrxsmb.sys
2008-12-11 01:25 . 2008-10-15 17:36   337,408   -----c---   c:\windows\system32\dllcache\netapi32.dll
2008-12-11 01:25 . 2008-05-01 15:37   331,776   -----c---   c:\windows\system32\dllcache\msadce.dll
2008-12-11 01:25 . 2008-05-08 15:02   203,136   -----c---   c:\windows\system32\dllcache\rmcast.sys
2008-12-10 02:54 . 2008-12-10 02:54   <DIR>   d--------   c:\documents and settings\Sobcik\English Translator 3
2008-12-10 02:17 . 2006-11-23 05:55   73,728   --a------   c:\windows\system32\DeathAdder.cpl
2008-12-10 02:12 . 2008-12-28 23:51   69   --a------   c:\windows\NeroDigital.ini
2008-12-10 01:31 . 2008-12-10 01:32   <DIR>   d--------   c:\windows\system32\URTTemp

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-28 00:50   ---------   d--h--w   c:\program files\InstallShield Installation Information
2008-12-27 22:39   ---------   d-----w   c:\program files\Common Files\InstallShield
2008-12-09 20:44   ---------   d-----w   c:\program files\Realtek
2008-12-09 20:44   ---------   d-----w   c:\documents and settings\Sobcik\Dane aplikacji\InstallShield
2008-12-09 20:41   ---------   d-----w   c:\program files\Intel
2008-12-09 20:25   ---------   d-----w   c:\program files\microsoft frontpage
2008-12-09 20:23   ---------   d-----w   c:\program files\Usługi online
2008-11-02 14:02   7,680   ----a-w   c:\windows\system32\ff_vfw.dll
2008-10-28 22:35   684,032   ----a-w   c:\windows\system32\divx.dll
2008-10-27 09:04   235,856   ----a-w   c:\windows\system32\xactengine3_3.dll
2008-10-27 09:04   23,376   ----a-w   c:\windows\system32\X3DAudio1_5.dll
2008-10-23 12:42   286,720   ----a-w   c:\windows\system32\gdi32.dll
2008-10-16 20:33   826,368   ----a-w   c:\windows\system32\wininet.dll
2008-10-16 13:13   202,776   ----a-w   c:\windows\system32\wuweb.dll
2008-10-16 13:13   1,809,944   ----a-w   c:\windows\system32\wuaueng.dll
2008-10-16 13:12   561,688   ----a-w   c:\windows\system32\wuapi.dll
2008-10-16 13:12   323,608   ----a-w   c:\windows\system32\wucltui.dll
2008-10-16 13:09   92,696   ----a-w   c:\windows\system32\cdm.dll
2008-10-16 13:09   51,224   ----a-w   c:\windows\system32\wuauclt.exe
2008-10-16 13:09   43,544   ----a-w   c:\windows\system32\wups2.dll
2008-10-16 13:08   34,328   ----a-w   c:\windows\system32\wups.dll
2008-10-03 10:04   247,326   ----a-w   c:\windows\system32\strmdll.dll
.

(((((((((((((((((((((((((((((   snapshot@2008-12-28_ 3.07.35.71   )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-08-07 14:27:04   163,328   ----a-w   c:\windows\ERUNT\SDFIX\ERDNT.EXE
+ 2008-12-29 00:09:12   4,698,112   ----a-w   c:\windows\ERUNT\SDFIX\Users\[u]0[/u]0000001\NTUSER.DAT
+ 2008-12-29 00:09:12   233,472   ----a-w   c:\windows\ERUNT\SDFIX\Users\[u]0[/u]0000002\UsrClass.dat
+ 2008-08-07 14:27:04   163,328   ----a-w   c:\windows\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-12-29 00:09:00   4,698,112   ----a-w   c:\windows\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000001\NTUSER.DAT
+ 2008-12-29 00:09:01   233,472   ----a-w   c:\windows\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000002\UsrClass.dat
- 2008-12-28 01:04:15   71,444   ----a-w   c:\windows\system32\perfc009.dat
+ 2008-12-28 14:05:07   71,444   ----a-w   c:\windows\system32\perfc009.dat
- 2008-12-28 01:04:15   89,166   ----a-w   c:\windows\system32\perfc015.dat
+ 2008-12-28 14:05:07   89,166   ----a-w   c:\windows\system32\perfc015.dat
- 2008-12-28 01:04:15   441,760   ----a-w   c:\windows\system32\perfh009.dat
+ 2008-12-28 14:05:07   441,760   ----a-w   c:\windows\system32\perfh009.dat
- 2008-12-28 01:04:15   500,826   ----a-w   c:\windows\system32\perfh015.dat
+ 2008-12-28 14:05:07   500,826   ----a-w   c:\windows\system32\perfh015.dat
- 2003-12-08 10:53:58   5,606   ----a-w   c:\windows\system32\stci.dll
+ 2003-12-08 11:53:58   5,606   ----a-w   c:\windows\system32\stci.dll
+ 2008-12-29 00:13:16   16,384   ----atw   c:\windows\Temp\Perflib_Perfdata_4b0.dat
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="d:\programy\Avast\ashDisp.exe" [2008-11-26 81000]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"DeathAdder"="d:\programy\Razer\razerhid.exe" [2007-09-07 159744]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-28 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-28 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-28 118784]
"SpeedTouch USB Diagnostics"="c:\program files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 866816]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"RTHDCPL"="RTHDCPL.EXE" [2006-11-14 c:\windows\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Natter.lnk]
path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Natter.lnk
backup=c:\windows\pss\Natter.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-14 22:51 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a--c--- 2008-08-08 13:11 490952 d:\programy\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EasyTuneV]
--a------ 2006-12-15 14:13 31552 c:\program files\Gigabyte\ET5\ETcall.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Odkurzacz-MCD]
--a--c--- 2008-08-16 16:01 264704 d:\programy\Odkurzacz\odk_mcd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
--a--c--- 2008-08-21 02:18 443968 d:\programy\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-12-10 01:24 140672 c:\program files\Java\jre1.7.0\bin\jusched.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Java\\jre1.7.0\\bin\\java.exe"=
"e:\\GRY\\FlatOut\\flatout.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Java\\jdk1.6.0_11\\bin\\java.exe"=
"d:\\PROGRAMY\\Shareaza\\Shareaza.exe"=
"d:\\PROGRAMY\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"e:\\GRY\\Valve\\SteamApps\\sobcik\\counter-strike\\hl.exe"=
"c:\\Program Files\\Gigabyte\\@BIOS\\gwflash.exe"=
"d:\\PROGRAMY\\Opera\\opera.exe"=
"d:\\PROGRAMY\\uTorrent\\uTorrent.exe"=
"d:\\PROGRAMY\\Gadu-Gadu\\gg.exe"=
"c:\\Program Files\\Java\\jre1.7.0\\launch4j-tmp\\JDownloader.exe"=
"c:\\WINDOWS\\system32\\java.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-12-09 111184]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-12-09 20560]
R3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys [2008-12-10 22784]
S3 cpuz131;cpuz131;\??\c:\docume~1\Sobcik\USTAWI~1\Temp\cpuz131\cpuz_x32.sys []
S3 CyUsb;Cypress Generic USB Driver;c:\windows\system32\Drivers\CyUsb.sys [2008-12-10 31104]
S3 MarkFun_NT;MarkFun_NT;\??\c:\program files\Gigabyte\ET5\markfun.w32 [2008-12-14 13512]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c0bd09c0-c63a-11dd-8b1e-000e507096c9}]
\Shell\AutoRun\command - L:\o1.com
\Shell\explore\Command - L:\o1.com
\Shell\open\Command - L:\o1.com
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.wanadoo.fr
uInternet Connection Wizard,ShellNext = iexplore
IE: &Pobierz wszystko przez FlashGet - d:\programy\FlashGet\ComDlls\Bhoall.htm
IE: &Pobrane przez FlashGet - d:\programy\FlashGet\ComDlls\Bholink.htm
IE: E&ksport do programu Microsoft Excel - d:\programy\Office\OFFICE11\EXCEL.EXE/3000
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - d:\programy\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\Sobcik\Dane aplikacji\Mozilla\Firefox\Profiles\uyey3txx.default\
FF - prefs.js: browser.search.selectedEngine - Allegro
FF - component: d:\programy\FireFox\components\flashgetXpi.dll
FF - component: d:\programy\FireFox\components\iamfamous.dll
FF - plugin: c:\program files\Java\jre1.7.0\bin\npjava11.dll
FF - plugin: c:\program files\Java\jre1.7.0\bin\npjava12.dll
FF - plugin: c:\program files\Java\jre1.7.0\bin\npjava13.dll
FF - plugin: c:\program files\Java\jre1.7.0\bin\npjava14.dll
FF - plugin: c:\program files\Java\jre1.7.0\bin\npjava32.dll
FF - plugin: c:\program files\Java\jre1.7.0\bin\npjpi170.dll
FF - plugin: c:\program files\Java\jre1.7.0\bin\npoji610.dll
FF - plugin: d:\programy\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: d:\programy\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: d:\programy\Opera\program\plugins\npdsplay.dll
FF - plugin: d:\programy\Opera\program\plugins\NPFgc1.dll
FF - plugin: d:\programy\Opera\program\plugins\NPFgc2.dll
FF - plugin: d:\programy\Opera\program\plugins\NPFgc3.dll
FF - plugin: d:\programy\Opera\program\plugins\NPOFFICE.DLL
FF - plugin: d:\programy\Opera\program\plugins\nppl3260.dll
FF - plugin: d:\programy\Opera\program\plugins\nprpjplug.dll
FF - plugin: d:\programy\Opera\program\plugins\NPSWF32.dll
FF - plugin: d:\programy\Opera\program\plugins\npwmsdrm.dll
FF - plugin: d:\programy\Picasa2\npPicasa2.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-29 01:16:20
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone
ukryte pliki:

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\msqpdxserv.sys]
"imagepath"="\systemroot\system32\drivers\msqpdxpaxtoexh.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MarkFun_NT]
"ImagePath"="\??\c:\program files\Gigabyte\ET5\markfun.w32"
.
Czas ukończenia: 2008-12-29  1:16:48
ComboFix-quarantined-files.txt  2008-12-29 00:16:46

Przed: 18 451 984 384 bajtów wolnych
Po: 18,441,900,032 bajtów wolnych

303   --- E O F ---   2008-12-27 22:14:22


HijackThis

Kod: Zaznacz wszystko

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:17:31, on 2008-12-29
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\PROGRAMY\Avast\aswUpdSv.exe
D:\PROGRAMY\Avast\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
D:\PROGRAMY\Avast\ashMaiSv.exe
D:\PROGRAMY\Avast\ashWebSv.exe
C:\WINDOWS\RTHDCPL.EXE
D:\PROGRAMY\Avast\ashDisp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
D:\PROGRAMY\Razer\razerhid.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
D:\PROGRAMY\Razer\razertra.exe
D:\PROGRAMY\Razer\razerofa.exe
C:\WINDOWS\system32\imapi.exe
C:\WINDOWS\explorer.exe
\?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE
D:\Multimedia\Duperele\De bello Troiano\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: (no name) - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.7.0\bin\ssv.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [avast!] D:\PROGRAMY\Avast\ashDisp.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DeathAdder] D:\PROGRAMY\Razer\razerhid.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Pobierz wszystko przez FlashGet - D:\PROGRAMY\FlashGet\ComDlls\Bhoall.htm
O8 - Extra context menu item: &Pobrane przez FlashGet - D:\PROGRAMY\FlashGet\ComDlls\Bholink.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://D:\PROGRAMY\Office\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.7.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.7.0\bin\ssv.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRAMY\Office\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - D:\PROGRAMY\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\PROGRAMY\Avast\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\PROGRAMY\Avast\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\PROGRAMY\Avast\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\PROGRAMY\Avast\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe (file missing)

--
End of file - 4944 bytes


PS. Kasować folder

C:\Qoobox

?

[wojtas]

wklej do notatnika

Windows Registry Editor Version 5.00

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c0bd09c0-c63a-11dd-8b1e-000e507096c9}]

[-HKEY_LOCAL_MACHINE\system\ControlSet001\Services\msqpdxserv.sys]

w notatniku u góry>>>plik zapisz jako>>>Zmien rozszerzenie z TXT na Wszystkie pliki *.* >>> Zapisz pod nazwą FIX.REG

Klikasz dwa razy na powstały plik fix i dodajesz go do rejestru....

1. Ściągnij OTMoveIt i go włacz i odpal go z opcji CleanUp oraz skasuj folder C:\Qoobox
2. wykonaj optymalizację windowsa
3.sciagnij ATF_Cleaner
zaznacz
Windows Temp
All users Temp
Temporary internet files
Recycle Bin
i wcisnij EMPTY SELECTED
4.Wyłącz przywracanie systemu ( właściwości mój komputer-zakładka przywracanie - wyłącz przywracanie na wszystkich dyskach). Po chwili włącz je powrotem
5.Przeskanuj obszar mojego komputera http://www.kaspersky.pl/virusscanner.html (uruchom przez IE) Daj raport z niego na forum.

i tym:

FixIEDef.

[Smilodon]

Probowalem sie zastosowac do Twoich rad wojtas, czaesc z nich wyszla, a czesc....no rece mi juz opadaja od wczoraj sie z tym morduje i nic.
Nie dziala:
- Scandisk
- Defragmentacja
-Kaspersky

^^szukalem rozwiazan po forach internetowych co do dwoch pierwszych myslnikow, niektore stosowalem i ch... nic, wiem ze defragmentawcje mozna wykonac oderbnym programem, ale to dziwne, ze nie dziala systemowa

Jakies sugestie ?


Zrobielm defragmentacje porgramem Smart Defrag po czym zapuscilem FixIEDf oto log:

Kod: Zaznacz wszystko

********************************************************************************
*                                                                              *
*                                 FixIEDef Log                                 *
*                              Version 1.7.20.7201                             *
*                                                                              *
********************************************************************************

Created at 04:48:08 on Wednesday, December 31, 2008

Time Zone            :

Logged On User       : Sobcik

Operating System     : Microsoft Windows XP Professional Dodatek Service Pack 3
OS Version           : 5.1.2600
System Langauge      : Polish
Keyboard Layout      : Polish
Processor            : X86 Intel(R) Core(TM)2 CPU          4300  @ 1.80GHz

System Drive         : C:\
Windows Directory    : C:\WINDOWS
System Directory     : C:\WINDOWS\system32

System Drive Type    : Fixed
System Drive Status  : READY
System Drive Label   :
System Drive Size    : 30.73 GB
System Drive Free    : 21.17 GB

Total Physical Memory: 2039 MB
Free Physical Memory : 1460 MB
Total Page File      : 2039 MB
Free Page File       : 3511 MB
Total Virtual Memory : 2048 MB
Free Virtual Memory  : 1971 MB

Boot State           : Normal boot

--------------------------------------------------------------------------------

!!! userinit.exe is Clean !!!

--------------------------------------------------------------------------------

!!! Files that have been deleted !!!

No malicious files found

--------------------------------------------------------------------------------

!!! Directories that have been removed !!!

No malicious directories to be removed

--------------------------------------------------------------------------------

!!! Registry entries that have been removed !!!

No malicious Registry entries found

================================================================================

All Done :)

ShadowPuterDude

Safe Surfing!!!

^^ na moje oko czysto

Pozdro i Dzieki

Dodam, że mam identyczny problem jak kolego tutaj i sie przygladam rozwiazaniom :F
trojan-zlob-dnschanger-windows-vista-vp808473.html

Kod: Zaznacz wszystko

O17 - HKLM\System\CCS\Services\Tcpip\..\{8F67494A-DB3F-4B5F-8EA2-97BBEC773D9C}: NameServer = 85.255.115.50,85.255.112.154
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.50 85.255.112.154
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.114.43;85.255.112.165
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.50 85.255.112.154

Czy te wpisy nie sa wytworem tego syfu z powyzszego linku, bo sprawdzalem moje DNSY neostradowe sa zupelnie inne, ostatnimi czasy co uruchomie internet to jest zamula 1-2 minuty...