Komputer zamula, internet ledwie dziala - apokalisa :)

[Pokahontaz]

Problemy sa takie jak w temacie + czasem wysakakuja bledy pliku bdfxgja.exe ktory znajduje sie na dysku C:/ jest on tez procesem przy uruchamianu systemy, ktory jak wylacze i tak sie wlacza
logi:

hijack:

Kod: Zaznacz wszystko

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:49:38, on 2009-05-06
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Microsoft\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\WZCBDL Service\WZCBDLS.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\bdfxgja.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Nowe Gadu-Gadu\gg.exe
C:\Program Files\Nowe Gadu-Gadu\spellchecker_gg.exe
C:\Documents and Settings\Admin\Pulpit\HiJackThis.exe
c:\lsass.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
F2 - REG:system.ini: Shell=Explorer.exe "C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Microsoft\svchost.exe"
O2 - BHO: AcroIEHelperStub - {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL
O4 - HKLM\..\Run: [18924] C:\bdfxgja.exe
O4 - HKCU\..\RunOnce: [WiseStubReboot] MSIEXEC /quiet SKIP_PPU_DRIVER_INSTALL=1 /I "C:\Program Files\Common Files\Wise Installation Wizard\WISDD1865F0AD7340FBB23E1822E02396FF_9_09_0203.MSI" TRANSFORMS="C:\Program Files\Common Files\Wise Installation Wizard\WISDD1865F0AD7340FBB23E1822E02396FF_9_09_0203.MST" WISE_SETUP_EXE_PATH="c:\nvidia\winxp\182.50\is\PhysX_9.09.0203_SystemSoftware.exe"
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: D-Link AirPlus G Configuration Utility.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: __c0077DBF - C:\WINDOWS\system32\__c0077DBF.dat
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Usługa inteligentnego transferu w tle (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FCI (fci) - Unknown owner - C:\WINDOWS\system32\svchost.exe:ext.exe
O23 - Service: Usługa iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB (pnkbstrb) - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Aktualizacje automatyczne (wuauserv) - Unknown owner - C:\WINDOWS\
O23 - Service: WZCBDL Service (WZCBDLService) - D-Link - C:\Program Files\WZCBDL Service\WZCBDLS.exe

--
End of file - 4269 bytes


co do combofixa teraz nie mam czasu nawet go zrobic - pod wieczor podrzuce
pozdrawiam

[Okocza]

Wykonaj to co jest podane w tym temacie

Zastosuj SDFix . Po pobraniu uruchom go a rozpakuje się do C:\SDFix. Uruchom komputer w trybie awaryjnym (F8 przy stracie systemu). Będąc w awaryjnym uruchom plik RunThis.bat z folderu SDFixa. Zatwierdź czyszczenie przez Y. Poczekaj aż ukończy i komputer zresetuje

Potem wejdz do folderu C:\SDFix wrzuc zawartość pliku Report.txt + log z combofixa oraz daj loga z hijacka

[Pokahontaz]

ok tak wiec po kolei SDFIX:

Kod: Zaznacz wszystko

[b]SDFix: Version 1.240 [/b]
Run by Administrator on 2009-05-06 at 21:15

Microsoft Windows XP [Wersja 5.1.2600]
Running From: C:\SDFix

[b]Checking Services [/b]:

[b]Name [/b]:
FCI

[b]Path [/b]:
C:\WINDOWS\system32\svchost.exe:ext.exe

FCI - Deleted



Restoring Default Security Values
Restoring Default Hosts File

Rebooting


[b]Checking Files [/b]:

Trojan Files Found:

C:\-86876~1 - Deleted
C:\lsass.exe - Deleted
C:\WINDOWS\system32\crypts.dll - Deleted





Removing Temp Files

[b]ADS Check [/b]:


C:\WINDOWS\system32\svchost.exe
  : ADS Found!
svchost.exe: deleted 32768 bytes in 1 streams.

Checking for remaining Streams

C:\WINDOWS\system32\svchost.exe
No streams found.



                                 [b]Final Check [/b]:

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-06 21:29:17
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\1de84b56]
"ImagePath"="\SystemRoot\System32\drivers\1de84b56.sys"
"Type"=dword:00000001
"Start"=dword:00000001
"ErrorControl"=dword:00000001
"F96ZK6nPB"="YmluZGVyeXNlcnZpY2UubW9iaQ=="
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\636273ea]
"ImagePath"="\SystemRoot\System32\drivers\636273ea.sys"
"Type"=dword:00000001
"Start"=dword:00000001
"ErrorControl"=dword:00000001
"F96ZK6nPB"="YmluZGVyeXNlcnZpY2UubW9iaQ=="
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\89fec34]
"ImagePath"="\SystemRoot\System32\drivers\89fec34.sys"
"Type"=dword:00000001
"Start"=dword:00000001
"ErrorControl"=dword:00000001
"F96ZK6nPB"="YmluZGVyeXNlcnZpY2UubW9iaQ=="
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ab69099d]
"ImagePath"="\SystemRoot\System32\drivers\ab69099d.sys"
"Type"=dword:00000001
"Start"=dword:00000001
"ErrorControl"=dword:00000001
"F96ZK6nPB"="YmluZGVyeXNlcnZpY2UubW9iaQ=="
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\fb9efa98]
"ImagePath"="\SystemRoot\System32\drivers\fb9efa98.sys"
"Type"=dword:00000001
"Start"=dword:00000001
"ErrorControl"=dword:00000001
"F96ZK6nPB"="YmluZGVyeXNlcnZpY2UubW9iaQ=="
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"hdf12"=hex:15,99,3f,27,06,09,78,39,5c,48,f4,33,15,a0,65,cd,93,b9,d3,26,92,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]
"a0"=hex:20,01,00,00,f7,b5,f5,6f,2a,8b,45,11,03,ba,d3,32,69,17,da,e6,e9,..
"hdf12"=hex:59,3b,45,56,1e,95,70,bb,30,40,77,b5,c2,54,f5,ae,12,f7,6e,63,8a,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]
"hdf12"=hex:80,bc,66,ba,c6,55,55,82,48,ef,91,56,7e,11,26,fb,46,88,07,bc,46,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\1de84b56]
"ImagePath"="\SystemRoot\System32\drivers\1de84b56.sys"
"Type"=dword:00000001
"Start"=dword:00000001
"ErrorControl"=dword:00000001
"F96ZK6nPB"="YmluZGVyeXNlcnZpY2UubW9iaQ=="
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\636273ea]
"ImagePath"="\SystemRoot\System32\drivers\636273ea.sys"
"Type"=dword:00000001
"Start"=dword:00000001
"ErrorControl"=dword:00000001
"F96ZK6nPB"="YmluZGVyeXNlcnZpY2UubW9iaQ=="
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\89fec34]
"ImagePath"="\SystemRoot\System32\drivers\89fec34.sys"
"Type"=dword:00000001
"Start"=dword:00000001
"ErrorControl"=dword:00000001
"F96ZK6nPB"="YmluZGVyeXNlcnZpY2UubW9iaQ=="
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\ab69099d]
"ImagePath"="\SystemRoot\System32\drivers\ab69099d.sys"
"Type"=dword:00000001
"Start"=dword:00000001
"ErrorControl"=dword:00000001
"F96ZK6nPB"="YmluZGVyeXNlcnZpY2UubW9iaQ=="
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\fb9efa98]
"ImagePath"="\SystemRoot\System32\drivers\fb9efa98.sys"
"Type"=dword:00000001
"Start"=dword:00000001
"ErrorControl"=dword:00000001
"F96ZK6nPB"="YmluZGVyeXNlcnZpY2UubW9iaQ=="
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"hdf12"=hex:15,99,3f,27,06,09,78,39,5c,48,f4,33,15,a0,65,cd,93,b9,d3,26,92,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]
"a0"=hex:20,01,00,00,f7,b5,f5,6f,2a,8b,45,11,03,ba,d3,32,69,17,da,e6,e9,..
"hdf12"=hex:59,3b,45,56,1e,95,70,bb,30,40,77,b5,c2,54,f5,ae,12,f7,6e,63,8a,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]
"hdf12"=hex:80,bc,66,ba,c6,55,55,82,48,ef,91,56,7e,11,26,fb,46,88,07,bc,46,..

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


[b]Remaining Services [/b]:




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Nowe Gadu-Gadu\\gg.exe"="C:\\Program Files\\Nowe Gadu-Gadu\\gg.exe:*:Enabled:Nowe Gadu-Gadu"
"C:\\Program Files\\Xfire\\xfire.exe"="C:\\Program Files\\Xfire\\xfire.exe:*:Enabled:Xfire"
"C:\\Program Files\\Quake III Arena\\quake3.exe"="C:\\Program Files\\Quake III Arena\\quake3.exe:*:Enabled:quake3"
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"="C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe:*:Enabled:iw3mp"
"C:\\Program Files\\Counter-Strike 1.6\\hl.exe"="C:\\Program Files\\Counter-Strike 1.6\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\WarCraft III LAN\\war3.exe"="C:\\Program Files\\WarCraft III LAN\\war3.exe:*:Enabled:Warcraft III"
"C:\\Program Files\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"="C:\\Program Files\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe:*:Enabled:left4dead"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\\Program Files\\call of duty 2\\CoD2MP_s.exe"="C:\\Program Files\\call of duty 2\\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
"C:\\Program Files\\Quake III Arena defrag\\quake3.exe"="C:\\Program Files\\Quake III Arena defrag\\quake3.exe:*:Enabled:quake3"
"C:\\Program Files\\Cyanide\\Loki\\Loki.exe"="C:\\Program Files\\Cyanide\\Loki\\Loki.exe:*:Enabled:Loki"
"C:\\Program Files\\Cyanide\\Loki\\Autorun\\Autorun.exe"="C:\\Program Files\\Cyanide\\Loki\\Autorun\\Autorun.exe:*:Enabled:Loki - AutoRun"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
@="c:\\wavunte.exe:*:Enabled:KL"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[b]Remaining Files [/b]:


File Backups: - C:\SDFix\backups\backups.zip

[b]Files with Hidden Attributes [/b]:

Mon  4 May 2009        72,704 ..SHR --- "C:\RECYCLER\S-1-5-21-7277121753-2945178229-616438081-5407\service.exe"
Wed  6 May 2009        30,720 ..SHR --- "C:\RECYCLER\S-1-5-21-0243636035-3055115376-381863306-1556\pqlmq.exe"
Sun 26 Jun 2005       616,448 A.SHR --- "C:\Program Files\eRightSoft\SUPER\cygwin1.dll"
Tue 21 Jun 2005        45,568 A.SHR --- "C:\Program Files\eRightSoft\SUPER\cygz.dll"
Fri 11 Jul 2008        72,704 A.SHR --- "C:\Program Files\eRightSoft\SUPER\Setup.exe"
Tue  2 Oct 2007        16,384 A.SHR --- "C:\Program Files\eRightSoft\SUPER\_Setup.dll"
Tue 24 Mar 2009             0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Tue  4 Jun 2002        84,992 A..HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\14_43260.dll"
Tue  4 Jun 2002        44,032 A..HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\28_83260.dll"
Tue 10 Dec 2002        73,766 A..HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\atrc3260.dll"
Tue 10 Dec 2002        65,575 A..HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\cook3260.dll"
Sun  9 Jun 2002        36,864 A..HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\ddnt3260.dll"
Tue  4 Jun 2002        20,480 A..HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\dnet3260.dll"
Tue 10 Dec 2002       102,437 A..HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv13260.dll"
Tue 10 Dec 2002       176,165 A..HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv23260.dll"
Tue 10 Dec 2002       208,935 A..HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv33260.dll"
Tue 10 Dec 2002       217,127 A..HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv43260.dll"
Sun  9 Jun 2002        40,448 A..HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\dspr3260.dll"
Sun  4 Nov 2001       225,280 A..HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\ivvideo.dll"
Tue 10 Apr 2001       225,280 A..HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\qtmlClient.dll"
Fri 20 Feb 2004       232,960 A..HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\raac.dll"
Sun  9 Jun 2002       525,824 A..HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rnco3260.dll"
Tue 10 Dec 2002       245,805 A..HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rnlt3260.dll"
Tue 10 Dec 2002        45,093 A..HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv103260.dll"
Tue 10 Dec 2002        98,341 A..HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv203260.dll"
Tue 10 Dec 2002        94,247 A..HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv303260.dll"
Tue 10 Dec 2002        90,151 A..HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv403260.dll"
Tue 10 Dec 2002       102,439 A..HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\sipr3260.dll"
Sun  9 Jun 2002        49,152 A..HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\tokr3260.dll"
Thu 20 Mar 2008         5,632 A.SHR --- "C:\Program Files\eRightSoft\SUPER\spk\1stRun.exe"
Fri 20 Mar 2009         6,092 ...HR --- "C:\Documents and Settings\Pucek\Dane aplikacji\SecuROM\UserData\securom_v7_01.bak"

[b]Finished![/b]



combofix:

Kod: Zaznacz wszystko

ComboFix 09-05-05.05 - Admin 2009-05-06 21:33.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1250.48.1045.18.2046.1627 [GMT 2:00]
Uruchomiony z: c:\documents and settings\Admin\Pulpit\ComboFix.exe

UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!
.

(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Admin\reader_s.exe
C:\lsass.exe
c:\windows\system32\__c00156A2.dat
c:\windows\system32\__c0041C26.dat
c:\windows\system32\__c004E474.dat
c:\windows\system32\__c0062961.dat
c:\windows\system32\__c00690F.dat
c:\windows\system32\__c0077DBF.dat
c:\windows\system32\__c008BFB7.dat
c:\windows\system32\__c0098FA6.dat
c:\windows\system32\__c009F566.dat
c:\windows\system32\__c00B1044.dat
c:\windows\system32\__c00B7334.dat
c:\windows\system32\__c00B87BE.dat
c:\windows\system32\__c00C909A.dat
c:\windows\system32\__c00DB918.dat
c:\windows\system32\__c00E3710.dat
c:\windows\system32\drivers\1de84b56.sys
c:\windows\system32\drivers\34a46b9f.sys
c:\windows\system32\drivers\4e12b642.sys
c:\windows\system32\drivers\57be7f4f.sys
c:\windows\system32\drivers\636273ea.sys
c:\windows\system32\drivers\a5b91d47.sys
c:\windows\system32\drivers\ab69099d.sys
c:\windows\system32\drivers\ntndis.sys
c:\windows\system32\reader_s.exe

.
(((((((((((((((((((((((((((((((((((((((   Sterowniki/Usługi   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_1de84b56
-------\Service_636273ea
-------\Service_ab69099d


(((((((((((((((((((((((((   Pliki utworzone od 2009-04-06 do 2009-05-06  )))))))))))))))))))))))))))))))
.

2009-05-06 19:35 . 2009-05-06 19:35   20480   ----a-w   C:\lsass.exe
2009-05-06 19:02 . 2009-05-06 19:02   664   ----a-w   c:\windows\system32\d3d9caps.dat
2009-05-06 19:01 . 2009-05-06 19:01   --------   d-----w   c:\documents and settings\Administrator.PUCEK\Ustawienia lokalne\Dane aplikacji\Mozilla
2009-05-06 18:56 . 2009-05-06 18:56   --------   d-----w   C:\Nowy folder
2009-05-06 09:16 . 2009-05-06 09:16   7168   ----a-w   C:\poedmta.exe
2009-05-06 09:07 . 2009-05-06 19:33   20480   ----a-w   C:\bdfxgja.exe
2009-05-06 08:27 . 2009-05-06 19:35   103932   ----a-w   c:\windows\system32\drivers\89fec34.sys
2009-05-06 08:18 . 2009-05-06 09:16   81920   ----a-w   C:\nmutwl.exe
2009-05-05 15:07 . 2009-05-05 15:07   --------   d-----w   c:\documents and settings\Admin\Ustawienia lokalne\Dane aplikacji\World in Conflict
2009-05-05 15:06 . 2007-05-18 11:11   3495784   ----a-w   c:\windows\system\d3dx9_33.dll
2009-05-05 07:13 . 2009-05-05 07:13   --------   d-----w   c:\program files\Common Files\Adobe AIR
2009-05-05 07:12 . 2009-05-05 07:13   --------   d-----w   c:\documents and settings\Admin\Ustawienia lokalne\Dane aplikacji\Adobe
2009-05-04 20:35 . 2009-05-06 09:16   705   ----a-w   C:\meplgps.exe
2009-05-04 20:35 . 2009-05-06 09:16   37376   ----a-w   C:\tqrsiug.exe
2009-05-04 17:48 . 2009-05-04 19:28   705   ----a-w   C:\himtgop.exe
2009-05-04 17:48 . 2009-05-04 19:28   101888   ----a-w   C:\ohkbrkoo.exe
2009-05-04 17:48 . 2009-05-04 19:28   37376   ----a-w   C:\xmrgycj.exe
2009-05-04 17:48 . 2009-05-04 17:48   46665   ----a-w   C:\wavunte.exe
2009-05-04 17:48 . 2009-05-06 19:35   116476   ----a-w   c:\windows\system32\drivers\fb9efa98.sys
2009-05-04 17:47 . 2009-05-04 17:47   705   ----a-w   C:\nfhusmai.exe
2009-05-04 17:47 . 2009-05-04 17:47   101888   ----a-w   C:\dyvj.exe
2009-05-04 17:47 . 2009-05-04 17:47   37376   ----a-w   C:\kvcxcscl.exe
2009-05-04 17:47 . 2009-05-04 17:47   46665   ----a-w   C:\tcevdbsi.exe
2009-05-04 16:51 . 2009-03-19 14:32   23400   ----a-w   c:\windows\system32\drivers\GEARAspiWDM.sys
2009-05-04 16:51 . 2008-04-17 10:12   107368   ----a-w   c:\windows\system32\GEARAspi.dll
2009-05-04 16:50 . 2009-05-04 16:51   --------   d-----w   c:\documents and settings\All Users.WINDOWS\Dane aplikacji\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-05-04 16:50 . 2009-05-04 16:50   --------   d-----w   c:\program files\Bonjour
2009-05-04 16:50 . 2009-03-26 13:23   36864   ----a-w   c:\windows\system32\drivers\usbaapl.sys
2009-05-04 16:50 . 2009-03-26 13:23   1900544   ----a-w   c:\windows\system32\usbaaplrc.dll
2009-05-04 07:10 . 2009-05-04 07:10   --------   d-----w   c:\documents and settings\All Users.WINDOWS\Dane aplikacji\Razer
2009-05-04 07:10 . 2005-12-21 09:23   14592   ----a-w   c:\windows\system32\drivers\Usbicp.sys
2009-05-04 07:10 . 2009-05-04 07:10   --------   d-----w   c:\program files\DIFX
2009-05-04 07:09 . 2007-08-08 09:04   12032   ----a-w   c:\windows\system32\drivers\Lachesis.sys
2009-05-04 07:09 . 2009-05-04 07:09   --------   d-----w   c:\program files\Razer
2009-05-04 07:09 . 2009-05-04 07:09   --------   d-----w   c:\documents and settings\Admin\Dane aplikacji\InstallShield
2009-05-03 21:34 . 2009-05-04 17:04   --------   d-----w   c:\documents and settings\Admin\Dane aplikacji\Apple Computer
2009-05-03 21:34 . 2009-05-03 21:35   --------   d-----w   c:\documents and settings\All Users.WINDOWS\Dane aplikacji\Apple Computer
2009-05-03 21:33 . 2009-05-03 21:33   --------   d-----w   c:\documents and settings\Admin\Ustawienia lokalne\Dane aplikacji\Apple
2009-05-03 21:33 . 2009-05-03 21:33   --------   d-----w   c:\documents and settings\All Users.WINDOWS\Dane aplikacji\Apple
2009-05-03 21:33 . 2009-05-03 21:34   --------   d-----w   c:\documents and settings\Admin\Ustawienia lokalne\Dane aplikacji\Apple Computer
2009-05-03 21:26 . 2001-10-26 15:29   5632   ----a-w   c:\windows\system32\ptpusb.dll
2009-05-03 21:26 . 2004-08-03 22:44   159232   ----a-w   c:\windows\system32\ptpusd.dll
2009-05-03 21:26 . 2004-08-03 20:58   15104   -c--a-w   c:\windows\system32\dllcache\usbscan.sys
2009-05-03 21:26 . 2004-08-03 20:58   15104   ----a-w   c:\windows\system32\drivers\usbscan.sys
2009-05-02 22:41 . 2009-05-02 22:41   --------   d-----w   c:\documents and settings\Admin\Dane aplikacji\teamspeak2
2009-05-02 18:34 . 2009-05-02 18:34   --------   d-----w   c:\documents and settings\All Users.WINDOWS\Dane aplikacji\2DBoy
2009-05-02 12:22 . 2009-05-02 12:22   --------   d-----w   c:\program files\D-Link AirPlus G
2009-05-02 12:22 . 2004-01-09 09:45   256896   ----a-r   c:\windows\system32\drivers\MRV8K51.sys
2009-05-02 10:46 . 2009-05-02 10:46   --------   d-----w   c:\program files\D-Link
2009-05-02 05:58 . 2009-05-02 06:10   --------   d-----w   c:\program files\America's Army
2009-05-01 16:58 . 2009-05-01 16:59   --------   d-----w   c:\program files\Quake III Arena
2009-05-01 16:38 . 2009-05-06 15:40   --------   d-----w   c:\program files\call of duty 2
2009-05-01 12:52 . 2006-10-26 18:56   32592   ----a-w   c:\windows\system32\msonpmon.dll
2009-05-01 12:47 . 2009-05-01 12:47   --------   d-----w   c:\documents and settings\Admin\Ustawienia lokalne\Dane aplikacji\Microsoft Help
2009-05-01 12:47 . 2009-05-01 13:07   --------   d-----w   c:\documents and settings\All Users.WINDOWS\Dane aplikacji\Microsoft Help
2009-05-01 09:50 . 2009-05-01 09:50   --------   d-----w   c:\documents and settings\Admin\Dane aplikacji\Ashampoo
2009-05-01 08:56 . 2005-07-15 12:41   2337488   ----a-w   c:\windows\system\d3dx9_25.dll
2009-05-01 06:34 . 2009-05-06 15:42   137928   ----a-w   c:\windows\system32\drivers\PnkBstrK.sys
2009-05-01 06:33 . 2009-05-06 15:42   189768   ----a-w   c:\windows\system32\PnkBstrB.exe
2009-05-01 06:33 . 2009-05-01 06:33   75064   ----a-w   c:\windows\system32\PnkBstrA.exe
2009-05-01 06:33 . 2009-05-02 06:11   --------   d-----w   c:\documents and settings\Admin\Ustawienia lokalne\Dane aplikacji\PunkBuster
2009-05-01 06:30 . 2009-05-04 17:51   --------   d-----w   c:\documents and settings\Admin\Dane aplikacji\Winamp
2009-04-30 21:27 . 2008-08-19 11:26   77824   ----a-w   c:\windows\SOUNDMAN.EXE
2009-04-30 21:27 . 2008-10-23 15:42   290816   ----a-w   c:\windows\vncutil.exe
2009-04-30 21:27 . 2008-06-19 14:27   9715200   ----a-w   c:\windows\RTLCPL.EXE
2009-04-30 21:27 . 2009-03-12 15:25   5051904   ----a-w   c:\windows\system32\drivers\RtkHDAud.sys
2009-04-30 21:27 . 2009-03-12 13:34   39424   ----a-w   c:\windows\system32\RtkCoInstXP.dll
2009-04-30 21:27 . 2008-06-24 12:46   104992   ----a-w   c:\windows\RtkAudioService.exe
2009-04-30 21:27 . 2009-03-12 15:21   17531392   ----a-w   c:\windows\RTHDCPL.EXE
2009-04-30 21:27 . 2006-01-04 13:41   1389056   ----a-w   c:\windows\system32\drivers\Monfilt.sys
2009-04-30 21:27 . 2009-03-10 12:32   2168320   ----a-w   c:\windows\MicCal.exe
2009-04-30 21:27 . 2008-08-05 18:10   1684736   ----a-w   c:\windows\system32\drivers\Ambfilt.sys
2009-04-30 21:27 . 2009-03-02 09:14   57344   ----a-w   c:\windows\ALCMTR.EXE
2009-04-30 21:27 . 2008-06-19 14:42   2808832   ----a-w   c:\windows\ALCWZRD.EXE
2009-04-30 21:27 . 2008-08-25 14:17   528384   ----a-w   c:\windows\RtlExUpd.dll
2009-04-30 20:45 . 2009-04-30 20:41   29962744   ----a-w   C:\WDM_R221_(www.programs.pl).exe
2009-04-30 17:54 . 2007-05-16 14:45   3497832   ----a-w   c:\windows\system\d3dx9_34.dll
2009-04-30 17:05 . 2004-08-03 22:38   14848   -c--a-w   c:\windows\system32\dllcache\kbdhid.sys
2009-04-30 17:05 . 2004-08-03 22:38   14848   ----a-w   c:\windows\system32\drivers\kbdhid.sys
2009-04-30 17:05 . 2001-10-26 14:57   12160   -c--a-w   c:\windows\system32\dllcache\mouhid.sys
2009-04-30 17:05 . 2001-10-26 14:57   12160   ----a-w   c:\windows\system32\drivers\mouhid.sys
2009-04-30 17:05 . 2001-08-17 20:02   9600   -c--a-w   c:\windows\system32\dllcache\hidusb.sys
2009-04-30 17:05 . 2001-08-17 20:02   9600   ----a-w   c:\windows\system32\drivers\hidusb.sys
2009-04-30 17:05 . 2004-08-03 21:08   31616   -c--a-w   c:\windows\system32\dllcache\usbccgp.sys
2009-04-30 17:05 . 2004-08-03 21:08   31616   ----a-w   c:\windows\system32\drivers\usbccgp.sys
2009-04-30 16:55 . 2009-04-30 16:56   --------   d-----w   c:\program files\Counter-Strike 1.6
2009-04-30 15:58 . 2009-05-02 07:30   --------   d-----w   c:\documents and settings\Admin\Dane aplikacji\Xfire
2009-04-30 15:26 . 2009-04-30 15:31   35653   ----a-w   c:\windows\DIIUnin.dat
2009-04-30 15:26 . 2009-04-30 15:26   2829   ----a-w   c:\windows\DIIUnin.pif
2009-04-30 15:26 . 2009-04-30 15:26   106496   ----a-w   c:\windows\DIIUnin.exe
2009-04-30 15:15 . 2009-05-03 06:18   43520   ----a-w   c:\windows\system32\CmdLineExt03.dll
2009-04-30 14:22 . 2009-04-30 14:22   21840   ----atw   c:\windows\system32\SIntfNT.dll
2009-04-30 14:22 . 2009-04-30 14:22   17212   ----atw   c:\windows\system32\SIntf32.dll
2009-04-30 14:22 . 2009-04-30 14:22   12067   ----atw   c:\windows\system32\SIntf16.dll
2009-04-30 14:09 . 2009-05-06 16:49   --------   d-----w   c:\program files\Diablo II
2009-04-30 14:08 . 2009-04-30 14:08   --------   d-----w   c:\documents and settings\Admin\Dane aplikacji\DAEMON Tools Pro
2009-04-30 14:06 . 2009-04-30 14:06   --------   d-----w   c:\documents and settings\All Users.WINDOWS\Dane aplikacji\DAEMON Tools Lite
2009-04-30 14:06 . 2009-04-30 14:06   --------   d-----w   c:\program files\DAEMON Tools Toolbar
2009-04-30 13:38 . 2009-04-30 13:38   721904   ----a-w   c:\windows\system32\drivers\sptd.sys
2009-04-30 13:38 . 2009-04-30 14:07   --------   d-----w   c:\documents and settings\Admin\Dane aplikacji\DAEMON Tools Lite
2009-04-30 12:14 . 2003-07-14 10:45   159104   ----a-r   c:\windows\system32\drivers\NETDLWL.sys
2009-04-30 12:09 . 2007-03-01 08:05   90496   ----a-r   c:\windows\system32\drivers\Rtenicxp.sys
2009-04-30 12:07 . 2004-11-18 08:42   22752   ----a-w   c:\windows\system32\spupdsvc.exe
2009-04-30 12:06 . 2009-05-01 16:03   15600   ----a-w   c:\windows\gdrv.sys
2009-04-30 11:57 . 2009-04-30 11:57   --------   d-sh--w   c:\documents and settings\LocalService.ZARZĄDZANIE NT
2009-04-30 11:56 . 2009-04-30 11:56   --------   d-sh--w   c:\documents and settings\NetworkService.ZARZĄDZANIE NT
2009-04-30 11:54 . 2004-08-03 23:44   7680   -c--a-w   c:\windows\system32\dllcache\migregdb.exe
2009-04-30 11:53 . 2009-04-30 11:53   --------   d-----w   c:\documents and settings\Default User.WINDOWS\Ustawienia lokalne\Dane aplikacji\Microsoft
2009-04-30 11:52 . 2009-05-04 17:46   --------   d-sh--w   c:\documents and settings\All Users.WINDOWS\DRM
2009-04-30 11:52 . 2009-05-01 16:05   68456   ----a-w   c:\documents and settings\Admin\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
2009-04-30 11:52 . 2001-10-26 17:29   28160   -c--a-w   c:\windows\system32\dllcache\msoobe.exe
2009-04-30 11:50 . 2001-10-26 17:30   5632   -c--a-w   c:\windows\system32\dllcache\write.exe
2009-04-30 11:48 . 2009-03-27 08:03   453152   ----a-w   c:\windows\system32\nvudisp.exe
2009-04-30 11:48 . 2009-03-27 06:14   453152   ----a-w   c:\windows\system32\NVUNINST.EXE
2009-04-30 11:23 . 2009-04-30 11:23   0   ----a-w   c:\windows\nsreg.dat
2009-04-30 11:23 . 2009-04-30 11:23   --------   d-----w   c:\documents and settings\Admin\Ustawienia lokalne\Dane aplikacji\Mozilla
2009-04-30 11:20 . 2009-05-01 06:50   --------   d-----w   c:\documents and settings\Admin\Dane aplikacji\Nowe Gadu-Gadu
2009-04-30 11:20 . 2009-04-30 11:20   --------   d-----w   c:\program files\Nowe Gadu-Gadu
2009-04-22 18:41 . 2009-04-22 18:41   --------   d-----w   c:\program files\MSXML 4.0
2009-04-19 14:44 . 2009-04-19 14:47   --------   d-----w   c:\documents and settings\Pucek\Dane aplikacji\Ventrilo
2009-04-19 14:44 . 2009-04-19 14:44   --------   d-----w   c:\program files\Ventrilo
2009-04-18 07:16 . 2009-04-18 07:16   --------   d-----w   c:\program files\ffdshow
2009-04-18 07:14 . 2009-04-18 07:14   --------   d-----w   c:\documents and settings\Pucek\Dane aplikacji\BESTplayer
2009-04-17 22:59 . 2009-04-17 22:59   --------   d-----w   c:\program files\SquareEnix
2009-04-13 08:49 . 2009-04-13 08:49   --------   d-----w   c:\program files\Azure Gaming

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-06 09:16 . 2004-08-03 23:44   14336   ----a-w   c:\windows\system32\svchost.exe
2009-05-04 18:04 . 2004-08-03 22:14   212480   ----a-w   c:\windows\system32\drivers\ndis.sys
2009-05-04 17:46 . 2008-01-20 15:45   --------   d-----w   c:\program files\Winamp
2009-05-04 16:51 . 2008-03-09 19:21   --------   d-----w   c:\program files\iTunes
2009-05-04 16:50 . 2008-01-23 23:07   --------   d-----w   c:\program files\Common Files\Apple
2009-05-04 07:09 . 2008-01-20 15:33   --------   d--h--w   c:\program files\InstallShield Installation Information
2009-05-03 21:34 . 2008-03-09 19:20   --------   d-----w   c:\program files\QuickTime
2009-05-03 21:33 . 2008-01-23 23:07   --------   d-----w   c:\program files\Apple Software Update
2009-05-03 17:49 . 2001-10-26 16:15   74230   ----a-w   c:\windows\system32\perfc015.dat
2009-05-03 17:49 . 2001-10-26 16:15   448004   ----a-w   c:\windows\system32\perfh015.dat
2009-05-03 09:16 . 2008-07-15 19:45   --------   d-----w   c:\program files\Quake III Arena defrag
2009-05-02 10:46 . 2008-02-12 20:46   --------   d-----w   c:\program files\WZCBDL Service
2009-05-02 10:46 . 2008-02-12 20:46   --------   d-----w   c:\program files\NIOC Service
2009-05-02 03:18 . 2008-07-15 15:08   --------   d-----w   c:\program files\WarCraft III LAN
2009-05-01 15:53 . 2009-04-30 11:53   86327   ----a-w   c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-04-30 21:27 . 2008-01-20 15:33   --------   d-----w   c:\program files\Realtek
2009-04-30 19:02 . 2008-10-24 20:49   --------   d-----w   c:\program files\DAEMON Tools Lite
2009-04-30 15:59 . 2008-04-24 19:19   --------   d-----w   c:\program files\Xfire
2009-04-30 11:53 . 2001-07-21 22:36   67   --sha-w   c:\windows\Fonts\desktop.ini
2009-04-30 11:51 . 2009-04-30 11:51   21856   ----a-w   c:\windows\system32\emptyregdb.dat
2009-04-30 11:49 . 2008-06-07 10:42   --------   d-----w   c:\program files\Common Files\Wise Installation Wizard
2009-04-29 07:41 . 2009-01-06 16:22   --------   d-----w   c:\program files\Ninja
2009-04-22 18:40 . 2008-08-05 10:48   --------   d-----w   c:\program files\Cyanide
2009-04-17 20:51 . 2008-01-23 10:47   --------   d-----w   c:\program files\Ubisoft
2009-04-16 04:52 . 2008-01-20 15:57   --------   d-----w   c:\program files\Electronic Arts
2009-04-15 17:49 . 2008-10-03 21:25   --------   d-----w   c:\program files\EA Games
2009-04-13 07:26 . 2008-02-05 17:55   --------   d-----w   c:\program files\FlashGet
2009-04-11 07:56 . 2008-02-01 14:34   22328   ----a-w   c:\documents and settings\Pucek\Dane aplikacji\PnkBstrK.sys
2009-04-11 06:17 . 2009-03-24 07:40   --------   d-----w   c:\program files\Sony Ericsson
2009-04-02 13:40 . 2009-03-30 07:15   --------   d-----w   c:\program files\Etherlords II
2009-03-26 21:11 . 2009-03-02 14:57   --------   d-----w   c:\program files\Steam
2009-03-26 15:05 . 2008-01-20 15:34   70720   ----a-w   c:\documents and settings\Pucek\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
2009-03-24 14:31 . 2009-03-24 14:31   --------   d-----w   c:\program files\Microsoft Works
2009-03-24 14:31 . 2008-04-23 23:52   --------   d-----w   c:\program files\MSBuild
2009-03-24 14:29 . 2009-03-24 14:29   --------   d-----w   c:\program files\Microsoft.NET
2009-03-24 14:27 . 2009-03-24 14:27   --------   d-----w   c:\program files\Microsoft Visual Studio 8
2009-03-24 07:40 . 2009-03-24 07:40   --------   d-----w   c:\program files\Common Files\Sony Shared
2009-03-24 07:40 . 2009-03-24 07:40   --------   d-----w   c:\program files\Sony
2009-03-24 07:38 . 2009-03-24 07:38   --------   d-----w   c:\program files\Sony Setup
2009-03-20 16:55 . 2009-03-20 16:55   --------   d-----w   c:\program files\FStarForce
2009-03-20 11:41 . 2009-03-20 11:41   --------   d-----w   c:\program files\Aspyr
2009-03-15 12:52 . 2008-05-15 14:44   --------   d-----w   c:\program files\LucasArts
2009-03-14 12:32 . 2009-01-25 20:37   --------   d-----w   c:\program files\Two Worlds
2009-03-11 10:37 . 2008-04-16 22:52   --------   d-----w   c:\program files\9Dragons
.

------- Sigcheck -------

[-] 2009-05-04 18:04   212480   791778A1F54D4B3F36773F11783A53FC   c:\windows\system32\dllcache\ndis.sys
[-] 2009-05-04 18:04   212480   791778A1F54D4B3F36773F11783A53FC   c:\windows\system32\drivers\ndis.sys
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"WiseStubReboot"="MSIEXEC" [X]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"9676"="C:\bdfxgja.exe" [2009-05-06 20480]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

c:\documents and settings\All Users.WINDOWS\Menu Start\Programy\Autostart\
D-Link AirPlus G Configuration Utility.lnk - c:\program files\D-Link AirPlus G\AirPlus.exe [2009-5-2 294912]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Nowe Gadu-Gadu\\gg.exe"=
"c:\\Program Files\\Xfire\\xfire.exe"=
"c:\\Program Files\\Quake III Arena\\quake3.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Counter-Strike 1.6\\hl.exe"=
"c:\\Program Files\\WarCraft III LAN\\war3.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\call of duty 2\\CoD2MP_s.exe"=
"c:\\Program Files\\Quake III Arena defrag\\quake3.exe"=
"c:\\Program Files\\Cyanide\\Loki\\Loki.exe"=
"c:\\Program Files\\Cyanide\\Loki\\Autorun\\Autorun.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"<NO NAME>"= c:\\wavunte.exe

R2 NIOC;NIOC Service;c:\windows\system32\NIOC.sys [2002-09-27 22912]
R2 WZCBDLService;WZCBDL Service;c:\program files\WZCBDL Service\WZCBDLS.exe [2002-03-19 36864]
R3 NETDLWL;D-Link Air Wireless Adapter(DL) NT Driver;c:\windows\system32\drivers\NETDLWL.sys [2009-04-30 159104]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-04-30 1684736]
S3 LachesisFltr;Lachesis Mouse Driver;c:\windows\system32\drivers\Lachesis.sys [2009-05-04 12032]
.
Zawartość folderu 'Zaplanowane zadania'

2009-05-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
- - - - USUNIĘTO PUSTE WPISY - - - -

Notify-__c0077DBF - c:\windows\system32\__c0077DBF.dat


.
------- Skan uzupełniający -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\vkm4mf60.default\
FF - plugin: c:\documents and settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\vkm4mf60.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPPOKER.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-06 21:35
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

skanowanie ukrytych procesów ... 

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ... 

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\89fec34]
"ImagePath"="\SystemRoot\System32\drivers\89fec34.sys"
--

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\fb9efa98]
"ImagePath"="\SystemRoot\System32\drivers\fb9efa98.sys"
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

- - - - - - - > 'explorer.exe'(2128)
c:\windows\system32\msi.dll
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
C:\lsass.exe
.
**************************************************************************
.
Czas ukończenia: 2009-05-06 21:40 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt  2009-05-06 19:40
ComboFix2.txt  2009-01-06 17:43
ComboFix3.txt  2008-11-26 22:01
ComboFix4.txt  2008-06-25 15:28

Przed: 6 992 773 120 bajtów wolnych
Po: 8 174 346 240 bajtów wolnych

314


no i hijack:

Kod: Zaznacz wszystko

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:43:52, on 2009-05-06
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\WZCBDL Service\WZCBDLS.exe
C:\WINDOWS\system32\wscntfy.exe
C:\bdfxgja.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Admin\Pulpit\HiJackThis.exe
c:\lsass.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHelperStub - {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL
O4 - HKLM\..\Run: [20767] C:\bdfxgja.exe
O4 - HKCU\..\RunOnce: [WiseStubReboot] MSIEXEC /quiet SKIP_PPU_DRIVER_INSTALL=1 /I "C:\Program Files\Common Files\Wise Installation Wizard\WISDD1865F0AD7340FBB23E1822E02396FF_9_09_0203.MSI" TRANSFORMS="C:\Program Files\Common Files\Wise Installation Wizard\WISDD1865F0AD7340FBB23E1822E02396FF_9_09_0203.MST" WISE_SETUP_EXE_PATH="c:\nvidia\winxp\182.50\is\PhysX_9.09.0203_SystemSoftware.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: D-Link AirPlus G Configuration Utility.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Usługa inteligentnego transferu w tle (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Usługa iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB (pnkbstrb) - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Aktualizacje automatyczne (wuauserv) - Unknown owner - C:\WINDOWS\
O23 - Service: WZCBDL Service (WZCBDLService) - D-Link - C:\Program Files\WZCBDL Service\WZCBDLS.exe

--
End of file - 4251 bytes


[wojtas]

Otworz notatnik i wklej w nim to:

File::
C:\poedmta.exe
C:\bdfxgja.exe
c:\windows\system32\drivers\89fec34.sys
C:\nmutwl.exe
C:\meplgps.exe
C:\tqrsiug.exe
C:\himtgop.exe
C:\ohkbrkoo.exe
C:\xmrgycj.exe
C:\wavunte.exe
c:\windows\system32\drivers\fb9efa98.sys
C:\nfhusmai.exe
C:\dyvj.exe
C:\kvcxcscl.exe
C:\tcevdbsi.exe
C:\RECYCLER\S-1-5-21-7277121753-2945178229-616438081-5407\service.exe
C:\RECYCLER\S-1-5-21-0243636035-3055115376-381863306-1556\pqlmq.exe

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"9676"=-
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\89fec34]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\fb9efa98]


>>Plik>>Zapisz jako... >>> CFScript
Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe
-->
Ma się rozpocząć usuwanie. (i powstanie log).Daj ten log, który powstanie w trakcie usuwania.

[Pokahontaz]

Kod: Zaznacz wszystko

ComboFix 09-05-06.05 - Admin 2009-05-07 11:22.2 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1250.48.1045.18.2046.1591 [GMT 2:00]
Uruchomiony z: c:\documents and settings\Admin\Pulpit\ComboFix.exe
Użyto następujących komend :: c:\documents and settings\Admin\Pulpit\CFScript.txt

UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!

FILE ::
C:\bdfxgja.exe
C:\dyvj.exe
C:\himtgop.exe
C:\kvcxcscl.exe
C:\meplgps.exe
C:\nfhusmai.exe
C:\nmutwl.exe
C:\ohkbrkoo.exe
C:\poedmta.exe
c:\recycler\S-1-5-21-0243636035-3055115376-381863306-1556\pqlmq.exe
c:\recycler\S-1-5-21-7277121753-2945178229-616438081-5407\service.exe
C:\tcevdbsi.exe
C:\tqrsiug.exe
C:\wavunte.exe
c:\windows\system32\drivers\89fec34.sys
c:\windows\system32\drivers\fb9efa98.sys
C:\xmrgycj.exe
.

(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\bdfxgja.exe
C:\dyvj.exe
C:\himtgop.exe
C:\kvcxcscl.exe
C:\lsass.exe
C:\meplgps.exe
C:\nfhusmai.exe
C:\nmutwl.exe
C:\ohkbrkoo.exe
C:\poedmta.exe
C:\tcevdbsi.exe
C:\tqrsiug.exe
C:\wavunte.exe
c:\windows\system32\drivers\89fec34.sys
c:\windows\system32\drivers\fb9efa98.sys
C:\xmrgycj.exe

.
(((((((((((((((((((((((((((((((((((((((   Sterowniki/Usługi   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_89fec34
-------\Service_fb9efa98


(((((((((((((((((((((((((   Pliki utworzone od 2009-04-07 do 2009-05-07  )))))))))))))))))))))))))))))))
.

2009-05-06 19:02 . 2009-05-06 19:02   664   ----a-w   c:\windows\system32\d3d9caps.dat
2009-05-06 19:01 . 2009-05-06 19:01   --------   d-----w   c:\documents and settings\Administrator.PUCEK\Ustawienia lokalne\Dane aplikacji\Mozilla
2009-05-06 18:56 . 2009-05-06 18:56   --------   d-----w   C:\Nowy folder
2009-05-05 15:07 . 2009-05-05 15:07   --------   d-----w   c:\documents and settings\Admin\Ustawienia lokalne\Dane aplikacji\World in Conflict
2009-05-05 15:06 . 2007-05-18 11:11   3495784   ----a-w   c:\windows\system\d3dx9_33.dll
2009-05-05 07:13 . 2009-05-05 07:13   --------   d-----w   c:\program files\Common Files\Adobe AIR
2009-05-05 07:12 . 2009-05-05 07:13   --------   d-----w   c:\documents and settings\Admin\Ustawienia lokalne\Dane aplikacji\Adobe
2009-05-04 16:51 . 2009-03-19 14:32   23400   ----a-w   c:\windows\system32\drivers\GEARAspiWDM.sys
2009-05-04 16:51 . 2008-04-17 10:12   107368   ----a-w   c:\windows\system32\GEARAspi.dll
2009-05-04 16:50 . 2009-05-04 16:51   --------   d-----w   c:\documents and settings\All Users.WINDOWS\Dane aplikacji\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-05-04 16:50 . 2009-05-04 16:50   --------   d-----w   c:\program files\Bonjour
2009-05-04 16:50 . 2009-03-26 13:23   36864   ----a-w   c:\windows\system32\drivers\usbaapl.sys
2009-05-04 16:50 . 2009-03-26 13:23   1900544   ----a-w   c:\windows\system32\usbaaplrc.dll
2009-05-04 07:10 . 2009-05-04 07:10   --------   d-----w   c:\documents and settings\All Users.WINDOWS\Dane aplikacji\Razer
2009-05-04 07:10 . 2005-12-21 09:23   14592   ----a-w   c:\windows\system32\drivers\Usbicp.sys
2009-05-04 07:10 . 2009-05-04 07:10   --------   d-----w   c:\program files\DIFX
2009-05-04 07:09 . 2007-08-08 09:04   12032   ----a-w   c:\windows\system32\drivers\Lachesis.sys
2009-05-04 07:09 . 2009-05-04 07:09   --------   d-----w   c:\program files\Razer
2009-05-04 07:09 . 2009-05-04 07:09   --------   d-----w   c:\documents and settings\Admin\Dane aplikacji\InstallShield
2009-05-03 21:34 . 2009-05-04 17:04   --------   d-----w   c:\documents and settings\Admin\Dane aplikacji\Apple Computer
2009-05-03 21:34 . 2009-05-03 21:35   --------   d-----w   c:\documents and settings\All Users.WINDOWS\Dane aplikacji\Apple Computer
2009-05-03 21:33 . 2009-05-03 21:33   --------   d-----w   c:\documents and settings\Admin\Ustawienia lokalne\Dane aplikacji\Apple
2009-05-03 21:33 . 2009-05-03 21:33   --------   d-----w   c:\documents and settings\All Users.WINDOWS\Dane aplikacji\Apple
2009-05-03 21:33 . 2009-05-03 21:34   --------   d-----w   c:\documents and settings\Admin\Ustawienia lokalne\Dane aplikacji\Apple Computer
2009-05-03 21:26 . 2001-10-26 15:29   5632   ----a-w   c:\windows\system32\ptpusb.dll
2009-05-03 21:26 . 2004-08-03 22:44   159232   ----a-w   c:\windows\system32\ptpusd.dll
2009-05-03 21:26 . 2004-08-03 20:58   15104   -c--a-w   c:\windows\system32\dllcache\usbscan.sys
2009-05-03 21:26 . 2004-08-03 20:58   15104   ----a-w   c:\windows\system32\drivers\usbscan.sys
2009-05-02 22:41 . 2009-05-02 22:41   --------   d-----w   c:\documents and settings\Admin\Dane aplikacji\teamspeak2
2009-05-02 18:34 . 2009-05-02 18:34   --------   d-----w   c:\documents and settings\All Users.WINDOWS\Dane aplikacji\2DBoy
2009-05-02 12:22 . 2009-05-02 12:22   --------   d-----w   c:\program files\D-Link AirPlus G
2009-05-02 12:22 . 2004-01-09 09:45   256896   ----a-r   c:\windows\system32\drivers\MRV8K51.sys
2009-05-02 10:46 . 2009-05-02 10:46   --------   d-----w   c:\program files\D-Link
2009-05-02 05:58 . 2009-05-02 06:10   --------   d-----w   c:\program files\America's Army
2009-05-01 16:58 . 2009-05-01 16:59   --------   d-----w   c:\program files\Quake III Arena
2009-05-01 16:38 . 2009-05-06 15:40   --------   d-----w   c:\program files\call of duty 2
2009-05-01 12:52 . 2006-10-26 18:56   32592   ----a-w   c:\windows\system32\msonpmon.dll
2009-05-01 12:47 . 2009-05-01 12:47   --------   d-----w   c:\documents and settings\Admin\Ustawienia lokalne\Dane aplikacji\Microsoft Help
2009-05-01 12:47 . 2009-05-01 13:07   --------   d-----w   c:\documents and settings\All Users.WINDOWS\Dane aplikacji\Microsoft Help
2009-05-01 09:50 . 2009-05-01 09:50   --------   d-----w   c:\documents and settings\Admin\Dane aplikacji\Ashampoo
2009-05-01 08:56 . 2005-07-15 12:41   2337488   ----a-w   c:\windows\system\d3dx9_25.dll
2009-05-01 06:34 . 2009-05-06 15:42   137928   ----a-w   c:\windows\system32\drivers\PnkBstrK.sys
2009-05-01 06:33 . 2009-05-06 15:42   189768   ----a-w   c:\windows\system32\PnkBstrB.exe
2009-05-01 06:33 . 2009-05-01 06:33   75064   ----a-w   c:\windows\system32\PnkBstrA.exe
2009-05-01 06:33 . 2009-05-02 06:11   --------   d-----w   c:\documents and settings\Admin\Ustawienia lokalne\Dane aplikacji\PunkBuster
2009-05-01 06:30 . 2009-05-04 17:51   --------   d-----w   c:\documents and settings\Admin\Dane aplikacji\Winamp
2009-04-30 21:27 . 2008-08-19 11:26   77824   ----a-w   c:\windows\SOUNDMAN.EXE
2009-04-30 21:27 . 2008-10-23 15:42   290816   ----a-w   c:\windows\vncutil.exe
2009-04-30 21:27 . 2008-06-19 14:27   9715200   ----a-w   c:\windows\RTLCPL.EXE
2009-04-30 21:27 . 2009-03-12 15:25   5051904   ----a-w   c:\windows\system32\drivers\RtkHDAud.sys
2009-04-30 21:27 . 2009-03-12 13:34   39424   ----a-w   c:\windows\system32\RtkCoInstXP.dll
2009-04-30 21:27 . 2008-06-24 12:46   104992   ----a-w   c:\windows\RtkAudioService.exe
2009-04-30 21:27 . 2009-03-12 15:21   17531392   ----a-w   c:\windows\RTHDCPL.EXE
2009-04-30 21:27 . 2006-01-04 13:41   1389056   ----a-w   c:\windows\system32\drivers\Monfilt.sys
2009-04-30 21:27 . 2009-03-10 12:32   2168320   ----a-w   c:\windows\MicCal.exe
2009-04-30 21:27 . 2008-08-05 18:10   1684736   ----a-w   c:\windows\system32\drivers\Ambfilt.sys
2009-04-30 21:27 . 2009-03-02 09:14   57344   ----a-w   c:\windows\ALCMTR.EXE
2009-04-30 21:27 . 2008-06-19 14:42   2808832   ----a-w   c:\windows\ALCWZRD.EXE
2009-04-30 21:27 . 2008-08-25 14:17   528384   ----a-w   c:\windows\RtlExUpd.dll
2009-04-30 20:45 . 2009-04-30 20:41   29962744   ----a-w   C:\WDM_R221_(www.programs.pl).exe
2009-04-30 17:54 . 2007-05-16 14:45   3497832   ----a-w   c:\windows\system\d3dx9_34.dll
2009-04-30 17:05 . 2004-08-03 22:38   14848   -c--a-w   c:\windows\system32\dllcache\kbdhid.sys
2009-04-30 17:05 . 2004-08-03 22:38   14848   ----a-w   c:\windows\system32\drivers\kbdhid.sys
2009-04-30 17:05 . 2001-10-26 14:57   12160   -c--a-w   c:\windows\system32\dllcache\mouhid.sys
2009-04-30 17:05 . 2001-10-26 14:57   12160   ----a-w   c:\windows\system32\drivers\mouhid.sys
2009-04-30 17:05 . 2001-08-17 20:02   9600   -c--a-w   c:\windows\system32\dllcache\hidusb.sys
2009-04-30 17:05 . 2001-08-17 20:02   9600   ----a-w   c:\windows\system32\drivers\hidusb.sys
2009-04-30 17:05 . 2004-08-03 21:08   31616   -c--a-w   c:\windows\system32\dllcache\usbccgp.sys
2009-04-30 17:05 . 2004-08-03 21:08   31616   ----a-w   c:\windows\system32\drivers\usbccgp.sys
2009-04-30 16:55 . 2009-04-30 16:56   --------   d-----w   c:\program files\Counter-Strike 1.6
2009-04-30 15:58 . 2009-05-02 07:30   --------   d-----w   c:\documents and settings\Admin\Dane aplikacji\Xfire
2009-04-30 15:26 . 2009-04-30 15:31   35653   ----a-w   c:\windows\DIIUnin.dat
2009-04-30 15:26 . 2009-04-30 15:26   2829   ----a-w   c:\windows\DIIUnin.pif
2009-04-30 15:26 . 2009-04-30 15:26   106496   ----a-w   c:\windows\DIIUnin.exe
2009-04-30 15:15 . 2009-05-03 06:18   43520   ----a-w   c:\windows\system32\CmdLineExt03.dll
2009-04-30 14:22 . 2009-04-30 14:22   21840   ----atw   c:\windows\system32\SIntfNT.dll
2009-04-30 14:22 . 2009-04-30 14:22   17212   ----atw   c:\windows\system32\SIntf32.dll
2009-04-30 14:22 . 2009-04-30 14:22   12067   ----atw   c:\windows\system32\SIntf16.dll
2009-04-30 14:09 . 2009-05-06 20:39   --------   d-----w   c:\program files\Diablo II
2009-04-30 14:08 . 2009-04-30 14:08   --------   d-----w   c:\documents and settings\Admin\Dane aplikacji\DAEMON Tools Pro
2009-04-30 14:06 . 2009-04-30 14:06   --------   d-----w   c:\documents and settings\All Users.WINDOWS\Dane aplikacji\DAEMON Tools Lite
2009-04-30 14:06 . 2009-04-30 14:06   --------   d-----w   c:\program files\DAEMON Tools Toolbar
2009-04-30 13:38 . 2009-04-30 13:38   721904   ----a-w   c:\windows\system32\drivers\sptd.sys
2009-04-30 13:38 . 2009-04-30 14:07   --------   d-----w   c:\documents and settings\Admin\Dane aplikacji\DAEMON Tools Lite
2009-04-30 12:14 . 2003-07-14 10:45   159104   ----a-r   c:\windows\system32\drivers\NETDLWL.sys
2009-04-30 12:09 . 2007-03-01 08:05   90496   ----a-r   c:\windows\system32\drivers\Rtenicxp.sys
2009-04-30 12:07 . 2004-11-18 08:42   22752   ----a-w   c:\windows\system32\spupdsvc.exe
2009-04-30 12:06 . 2009-05-01 16:03   15600   ----a-w   c:\windows\gdrv.sys
2009-04-30 11:57 . 2009-04-30 11:57   --------   d-sh--w   c:\documents and settings\LocalService.ZARZĄDZANIE NT
2009-04-30 11:56 . 2009-04-30 11:56   --------   d-sh--w   c:\documents and settings\NetworkService.ZARZĄDZANIE NT
2009-04-30 11:54 . 2004-08-03 23:44   7680   -c--a-w   c:\windows\system32\dllcache\migregdb.exe
2009-04-30 11:53 . 2009-04-30 11:53   --------   d-----w   c:\documents and settings\Default User.WINDOWS\Ustawienia lokalne\Dane aplikacji\Microsoft
2009-04-30 11:52 . 2009-05-04 17:46   --------   d-sh--w   c:\documents and settings\All Users.WINDOWS\DRM
2009-04-30 11:52 . 2009-05-01 16:05   68456   ----a-w   c:\documents and settings\Admin\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
2009-04-30 11:52 . 2001-10-26 17:29   28160   -c--a-w   c:\windows\system32\dllcache\msoobe.exe
2009-04-30 11:50 . 2001-10-26 17:30   5632   -c--a-w   c:\windows\system32\dllcache\write.exe
2009-04-30 11:48 . 2009-03-27 08:03   453152   ----a-w   c:\windows\system32\nvudisp.exe
2009-04-30 11:48 . 2009-03-27 06:14   453152   ----a-w   c:\windows\system32\NVUNINST.EXE
2009-04-30 11:23 . 2009-04-30 11:23   0   ----a-w   c:\windows\nsreg.dat
2009-04-30 11:23 . 2009-04-30 11:23   --------   d-----w   c:\documents and settings\Admin\Ustawienia lokalne\Dane aplikacji\Mozilla
2009-04-30 11:20 . 2009-05-01 06:50   --------   d-----w   c:\documents and settings\Admin\Dane aplikacji\Nowe Gadu-Gadu
2009-04-30 11:20 . 2009-04-30 11:20   --------   d-----w   c:\program files\Nowe Gadu-Gadu
2009-04-22 18:41 . 2009-04-22 18:41   --------   d-----w   c:\program files\MSXML 4.0
2009-04-19 14:44 . 2009-04-19 14:47   --------   d-----w   c:\documents and settings\Pucek\Dane aplikacji\Ventrilo
2009-04-19 14:44 . 2009-04-19 14:44   --------   d-----w   c:\program files\Ventrilo
2009-04-18 07:16 . 2009-04-18 07:16   --------   d-----w   c:\program files\ffdshow
2009-04-18 07:14 . 2009-04-18 07:14   --------   d-----w   c:\documents and settings\Pucek\Dane aplikacji\BESTplayer
2009-04-17 22:59 . 2009-04-17 22:59   --------   d-----w   c:\program files\SquareEnix
2009-04-13 08:49 . 2009-04-13 08:49   --------   d-----w   c:\program files\Azure Gaming
2009-04-11 06:20 . 2009-04-11 06:20   --------   d-----w   c:\documents and settings\Pucek\Dane aplikacji\Teleca
2009-04-11 06:17 . 2009-04-11 06:17   --------   d-----w   c:\program files\Common Files\Sony Ericsson Shared
2009-04-11 06:17 . 2009-04-11 06:17   --------   d-----w   c:\program files\Common Files\Teleca Shared
2009-04-11 06:16 . 2009-04-11 06:16   --------   d-----w   c:\windows\Downloaded Installations

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-06 09:16 . 2004-08-03 23:44   14336   ----a-w   c:\windows\system32\svchost.exe
2009-05-04 18:04 . 2004-08-03 22:14   212480   ----a-w   c:\windows\system32\drivers\ndis.sys
2009-05-04 17:46 . 2008-01-20 15:45   --------   d-----w   c:\program files\Winamp
2009-05-04 16:51 . 2008-03-09 19:21   --------   d-----w   c:\program files\iTunes
2009-05-04 16:50 . 2008-01-23 23:07   --------   d-----w   c:\program files\Common Files\Apple
2009-05-04 07:09 . 2008-01-20 15:33   --------   d--h--w   c:\program files\InstallShield Installation Information
2009-05-03 21:34 . 2008-03-09 19:20   --------   d-----w   c:\program files\QuickTime
2009-05-03 21:33 . 2008-01-23 23:07   --------   d-----w   c:\program files\Apple Software Update
2009-05-03 17:49 . 2001-10-26 16:15   74230   ----a-w   c:\windows\system32\perfc015.dat
2009-05-03 17:49 . 2001-10-26 16:15   448004   ----a-w   c:\windows\system32\perfh015.dat
2009-05-03 09:16 . 2008-07-15 19:45   --------   d-----w   c:\program files\Quake III Arena defrag
2009-05-02 10:46 . 2008-02-12 20:46   --------   d-----w   c:\program files\WZCBDL Service
2009-05-02 10:46 . 2008-02-12 20:46   --------   d-----w   c:\program files\NIOC Service
2009-05-02 03:18 . 2008-07-15 15:08   --------   d-----w   c:\program files\WarCraft III LAN
2009-05-01 15:53 . 2009-04-30 11:53   86327   ----a-w   c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-04-30 21:27 . 2008-01-20 15:33   --------   d-----w   c:\program files\Realtek
2009-04-30 19:02 . 2008-10-24 20:49   --------   d-----w   c:\program files\DAEMON Tools Lite
2009-04-30 15:59 . 2008-04-24 19:19   --------   d-----w   c:\program files\Xfire
2009-04-30 11:53 . 2001-07-21 22:36   67   --sha-w   c:\windows\Fonts\desktop.ini
2009-04-30 11:51 . 2009-04-30 11:51   21856   ----a-w   c:\windows\system32\emptyregdb.dat
2009-04-30 11:49 . 2008-06-07 10:42   --------   d-----w   c:\program files\Common Files\Wise Installation Wizard
2009-04-29 07:41 . 2009-01-06 16:22   --------   d-----w   c:\program files\Ninja
2009-04-22 18:40 . 2008-08-05 10:48   --------   d-----w   c:\program files\Cyanide
2009-04-17 20:51 . 2008-01-23 10:47   --------   d-----w   c:\program files\Ubisoft
2009-04-16 04:52 . 2008-01-20 15:57   --------   d-----w   c:\program files\Electronic Arts
2009-04-15 17:49 . 2008-10-03 21:25   --------   d-----w   c:\program files\EA Games
2009-04-13 07:26 . 2008-02-05 17:55   --------   d-----w   c:\program files\FlashGet
2009-04-11 07:56 . 2008-02-01 14:34   22328   ----a-w   c:\documents and settings\Pucek\Dane aplikacji\PnkBstrK.sys
2009-04-11 06:17 . 2009-03-24 07:40   --------   d-----w   c:\program files\Sony Ericsson
2009-04-02 13:40 . 2009-03-30 07:15   --------   d-----w   c:\program files\Etherlords II
2009-03-26 21:11 . 2009-03-02 14:57   --------   d-----w   c:\program files\Steam
2009-03-26 15:05 . 2008-01-20 15:34   70720   ----a-w   c:\documents and settings\Pucek\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
2009-03-24 14:31 . 2009-03-24 14:31   --------   d-----w   c:\program files\Microsoft Works
2009-03-24 14:31 . 2008-04-23 23:52   --------   d-----w   c:\program files\MSBuild
2009-03-24 14:29 . 2009-03-24 14:29   --------   d-----w   c:\program files\Microsoft.NET
2009-03-24 14:27 . 2009-03-24 14:27   --------   d-----w   c:\program files\Microsoft Visual Studio 8
2009-03-24 07:40 . 2009-03-24 07:40   --------   d-----w   c:\program files\Common Files\Sony Shared
2009-03-24 07:40 . 2009-03-24 07:40   --------   d-----w   c:\program files\Sony
2009-03-24 07:38 . 2009-03-24 07:38   --------   d-----w   c:\program files\Sony Setup
2009-03-20 16:55 . 2009-03-20 16:55   --------   d-----w   c:\program files\FStarForce
2009-03-20 11:41 . 2009-03-20 11:41   --------   d-----w   c:\program files\Aspyr
2009-03-15 12:52 . 2008-05-15 14:44   --------   d-----w   c:\program files\LucasArts
2009-03-14 12:32 . 2009-01-25 20:37   --------   d-----w   c:\program files\Two Worlds
2009-03-11 10:37 . 2008-04-16 22:52   --------   d-----w   c:\program files\9Dragons
.

------- Sigcheck -------

[-] 2009-05-04 18:04   212480   791778A1F54D4B3F36773F11783A53FC   c:\windows\system32\dllcache\ndis.sys
[-] 2009-05-04 18:04   212480   791778A1F54D4B3F36773F11783A53FC   c:\windows\system32\drivers\ndis.sys
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"WiseStubReboot"="MSIEXEC" [X]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13684736]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

c:\documents and settings\All Users.WINDOWS\Menu Start\Programy\Autostart\
D-Link AirPlus G Configuration Utility.lnk - c:\program files\D-Link AirPlus G\AirPlus.exe [2009-5-2 294912]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Nowe Gadu-Gadu\\gg.exe"=
"c:\\Program Files\\Xfire\\xfire.exe"=
"c:\\Program Files\\Quake III Arena\\quake3.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Counter-Strike 1.6\\hl.exe"=
"c:\\Program Files\\WarCraft III LAN\\war3.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\call of duty 2\\CoD2MP_s.exe"=
"c:\\Program Files\\Quake III Arena defrag\\quake3.exe"=
"c:\\Program Files\\Cyanide\\Loki\\Loki.exe"=
"c:\\Program Files\\Cyanide\\Loki\\Autorun\\Autorun.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"<NO NAME>"= c:\\wavunte.exe

R2 NIOC;NIOC Service;c:\windows\system32\NIOC.sys [2002-09-27 22912]
R2 WZCBDLService;WZCBDL Service;c:\program files\WZCBDL Service\WZCBDLS.exe [2002-03-19 36864]
R3 NETDLWL;D-Link Air Wireless Adapter(DL) NT Driver;c:\windows\system32\drivers\NETDLWL.sys [2009-04-30 159104]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-04-30 1684736]
S3 LachesisFltr;Lachesis Mouse Driver;c:\windows\system32\drivers\Lachesis.sys [2009-05-04 12032]
.
Zawartość folderu 'Zaplanowane zadania'

2009-05-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
- - - - USUNIĘTO PUSTE WPISY - - - -

HKLM-Run-9819 - C:\bdfxgja.exe


.
------- Skan uzupełniający -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\vkm4mf60.default\
FF - plugin: c:\documents and settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\vkm4mf60.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPPOKER.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-07 11:28
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

skanowanie ukrytych procesów ... 

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ... 

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

- - - - - - - > 'explorer.exe'(2544)
c:\windows\system32\msi.dll
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Czas ukończenia: 2009-05-07 11:33 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt  2009-05-07 09:33
ComboFix2.txt  2009-05-06 19:40
ComboFix3.txt  2009-01-06 17:43
ComboFix4.txt  2008-11-26 22:01
ComboFix5.txt  2009-05-07 09:20

Przed: 8 133 701 632 bajtów wolnych
Po: 8 120 381 440 bajtów wolnych

305


[wojtas]

1. Ściągnij OTMoveIt i go włacz i odpal go z opcji CleanUp oraz skasuj folder C:\Qoobox
2. wykonaj optymalizację windowsa
3.sciagnij ATF_Cleaner
zaznacz
Windows Temp
All users Temp
Temporary internet files
Recycle Bin
i wcisnij EMPTY SELECTED
4.Wyłącz przywracanie systemu ( właściwości mój komputer-zakładka przywracanie - wyłącz przywracanie na wszystkich dyskach). Po chwili włącz je powrotem
5. Wykonaj skan Dr. Web CureIt
6. Przeskanuj obszar mojego komputera http://www.kaspersky.pl/virusscanner.html (uruchom przez IE) Daj raport z niego na forum.

i tym:

FixIEDef.