Miałem niby czyste logi, ale coś musi mulić mi kompa...

[adamsio]

Ostatnio miałem czyste logi ale coś mi tak zamula kompa że sie nie da normalnie nic zrobić, jak włączam antywirusa to nie mogę włączyć ani jednego programu, wcześniej skanowałem i grałem w Ciężkie gierki.

HJT

Kod: Zaznacz wszystko

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:05:37, on 2008-05-28
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Keyboard Driver\KMWDSrv.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\VMSnap3.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\TP-LINK\TL-WN321G Wireless Utility\Installer\WINXP\TWCU.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.start.tcz.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [VMSnap3] C:\WINDOWS\VMSnap3.EXE
O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - Global Startup: TL-WN321G Wireless Utility.lnk = C:\Program Files\TP-LINK\TL-WN321G Wireless Utility\Installer\WINXP\TWCU.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=www.onet.pl
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virusscanner/kavwebscan_unicode.cab
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: ipfw_helper (ipfw) - Unknown owner - C:\Program Files\MCS Studios\MCS Firewall 6\system\ipfw.exe (file missing)
O23 - Service: Keyboard And Mouse Communication Service (KMWDSERVICE) - UASSOFT.COM - C:\Program Files\Keyboard Driver\KMWDSrv.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PunkBuster (PnkBstrA) - Unknown owner - C:\Program Files\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe
O23 - Service: Start BT in service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe

--
End of file - 6962 bytes


COMBO FIX:

Kod: Zaznacz wszystko

ComboFix 08-05-21.2 - Kamil 2008-05-28 18:13:06.9 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1250.1.1045.18.599 [GMT 2:00]
Running from: D:\Downloads\Narzędzia Systemowe\ComboFix.exe
 * Resident AV is active


[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

(((((((((((((((((((((((((   Files Created from 2008-04-28 to 2008-05-28  )))))))))))))))))))))))))))))))
.

2008-05-22 18:28 . 2008-05-22 18:28   <DIR>   d--------   C:\Program Files\Electronic Arts
2008-05-21 16:57 . 2008-05-21 16:57   <DIR>   d--------   C:\WINDOWS\system32\AGEIA
2008-05-21 16:57 . 2008-05-21 16:57   <DIR>   d--------   C:\Program Files\Common Files\Wise Installation Wizard
2008-05-21 16:57 . 2008-05-21 16:57   <DIR>   d--------   C:\Program Files\AGEIA Technologies
2008-05-20 17:47 . 2008-05-20 17:47   <DIR>   d--------   C:\Program Files\Lavalys
2008-05-06 20:04 . 2008-05-06 20:04   <DIR>   d--------   C:\Program Files\ESET
2008-05-05 15:55 . 2008-05-05 15:55   <DIR>   d--------   C:\Program Files\GIMP-2.0
2008-04-30 18:46 . 2008-04-30 18:46   56   --ah-----   C:\WINDOWS\system32\ezsidmv.dat
2008-04-30 18:45 . 2008-04-30 18:45   <DIR>   d--------   C:\Program Files\Common Files\Skype
2008-04-30 17:51 . 2008-04-30 17:51   <DIR>   d--------   C:\WINDOWS\ServicePackFiles
2008-04-30 17:51 . 2008-04-14 22:51   294,912   -----c---   C:\WINDOWS\system32\dllcache\dlimport.exe
2008-04-29 15:54 . 2008-04-29 15:54   <DIR>   d--------   C:\Program Files\Radical Games

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-28 16:11   ---------   d-----w   C:\Documents and Settings\Kamil\Dane aplikacji\Skype
2008-05-28 15:56   ---------   d-----w   C:\Program Files\DC++
2008-05-28 15:49   ---------   d-----w   C:\Documents and Settings\Kamil\Dane aplikacji\skypePM
2008-05-27 12:08   ---------   d-----w   C:\Documents and Settings\Kamil\Dane aplikacji\BearShare
2008-05-26 18:55   ---------   d-----w   C:\Documents and Settings\Kamil\Dane aplikacji\gtk-2.0
2008-05-23 10:50   ---------   d-----w   C:\Documents and Settings\Kamil\Dane aplikacji\OpenOffice.org2
2008-05-22 17:37   ---------   d---a-w   C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2008-05-22 10:51   ---------   d-----w   C:\Program Files\Sunbelt Software
2008-05-16 15:32   1,431   ----a-w   C:\WINDOWS\system32\drivers\fwdrv.err
2008-04-29 13:58   ---------   d--h--w   C:\Program Files\InstallShield Installation Information
2008-04-25 15:12   ---------   d-----w   C:\Program Files\Activision
2008-04-24 17:25   ---------   d-----w   C:\Program Files\Kolekcja Klasyki
2008-04-24 14:27   108,144   ----a-w   C:\WINDOWS\system32\CmdLineExt.dll
2008-04-19 18:22   ---------   d-----w   C:\Program Files\MarBit
2008-04-17 17:52   ---------   d-----w   C:\Program Files\OpenOffice.org 2.4
2008-04-17 17:52   ---------   d-----w   C:\Program Files\Java
2008-04-17 17:20   ---------   d-----w   C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help
2008-04-16 11:20   ---------   d-----w   C:\Program Files\QuickTime
2008-04-16 11:19   ---------   d-----w   C:\Documents and Settings\All Users\Dane aplikacji\Apple Computer
2008-04-16 11:15   ---------   d-----w   C:\Program Files\Apple Software Update
2008-04-16 11:15   ---------   d-----w   C:\Documents and Settings\All Users\Dane aplikacji\Apple
2008-04-15 17:28   ---------   d-----w   C:\Program Files\Winamp
2008-04-15 11:30   ---------   d-----w   C:\Program Files\ffdshow
2008-04-14 21:16   1,804   ----a-w   C:\WINDOWS\system32\dcache.bin
2008-04-14 20:56   332,288   ----a-w   C:\WINDOWS\system32\netsetup.exe
2008-04-14 20:52   92,424   ----a-w   C:\WINDOWS\system32\rdpdd.dll
2008-04-14 20:52   87,176   ----a-w   C:\WINDOWS\system32\rdpwsx.dll
2008-04-14 20:52   40,840   ----a-w   C:\WINDOWS\system32\drivers\termdd.sys
2008-04-14 20:52   21,896   ----a-w   C:\WINDOWS\system32\drivers\tdtcp.sys
2008-04-14 20:52   139,656   ----a-w   C:\WINDOWS\system32\drivers\rdpwd.sys
2008-04-14 20:52   12,168   ----a-w   C:\WINDOWS\system32\tsddd.dll
2008-04-14 20:52   12,040   ----a-w   C:\WINDOWS\system32\drivers\tdpipe.sys
2008-04-14 20:50   999,936   ----a-w   C:\WINDOWS\system32\syssetup.dll
2008-04-14 20:49   98,304   ----a-w   C:\WINDOWS\system32\actxprxy.dll
2008-04-14 20:48   76,288   ----a-w   C:\WINDOWS\system32\uniime.dll
2008-04-14 20:48   5,632   ----a-w   C:\WINDOWS\system32\wmi.dll
2008-04-14 20:48   1,449,472   ----a-w   C:\WINDOWS\system32\winntbbu.dll
2008-04-14 20:47   57,375   ----a-w   C:\WINDOWS\system32\odbcji32.dll
2008-04-14 20:47   103,424   ----a-w   C:\WINDOWS\system32\dpcdll.dll
2008-04-14 20:43   4,126   ----a-w   C:\WINDOWS\system32\msdxmlc.dll
2008-04-14 20:42   3,584   ----a-w   C:\WINDOWS\system32\msafd.dll
2008-04-14 20:37   811,064   ----a-w   C:\WINDOWS\system32\imjp81k.dll
2008-04-14 20:36   3,584   ----a-w   C:\WINDOWS\system32\icmp.dll
2008-04-14 20:35   9,344   ----a-w   C:\WINDOWS\system32\framebuf.dll
2008-04-14 20:35   569,856   ----a-w   C:\WINDOWS\system32\gpedit.dll
2008-04-14 20:34   7,168   ----a-w   C:\WINDOWS\system32\f3ahvoas.dll
2008-04-14 20:33   3,072   ----a-w   C:\WINDOWS\system32\dpnlobby.dll
2008-04-14 20:33   3,072   ----a-w   C:\WINDOWS\system32\dpnaddr.dll
2008-04-14 20:33   24,064   ----a-w   C:\WINDOWS\system32\pidgen.dll
2008-04-14 20:31   16,896   ----a-w   C:\WINDOWS\system32\cfgmgr32.dll
2008-04-14 20:30   285,696   ----a-w   C:\WINDOWS\system32\atmfd.dll
2008-04-14 20:04   73,472   ----a-w   C:\WINDOWS\system32\drivers\sr.sys
2008-04-14 20:03   80,256   ----a-w   C:\WINDOWS\system32\drivers\parport.sys
2008-04-14 20:03   68,608   ----a-w   C:\WINDOWS\system32\drivers\pci.sys
2008-04-14 20:03   46,848   ----a-w   C:\WINDOWS\system32\drivers\p3.sys
2008-04-14 20:03   120,320   ----a-w   C:\WINDOWS\system32\drivers\pcmcia.sys
2008-04-14 19:59   2,146,816   ----a-w   C:\WINDOWS\system32\ntoskrnl.exe
2008-04-14 19:59   2,025,472   ----a-w   C:\WINDOWS\system32\ntkrnlpa.exe
2008-04-14 19:55   4,096   ----a-w   C:\WINDOWS\system32\dsprpres.dll
2008-04-14 19:52   89,600   ------w   C:\WINDOWS\system32\msxml6r.dll
2008-04-14 19:52   800,000   ----a-w   C:\WINDOWS\system32\drivers\dmboot.sys
2008-04-14 19:52   153,856   ----a-w   C:\WINDOWS\system32\drivers\dmio.sys
2008-04-14 19:50   80,896   ------w   C:\WINDOWS\system32\msshavmsg.dll
2008-04-14 19:50   24,960   ----a-w   C:\WINDOWS\system32\drivers\kbdclass.sys
2008-04-14 19:50   14,720   ----a-w   C:\WINDOWS\system32\drivers\kbdhid.sys
2008-04-14 19:48   37,632   ----a-w   C:\WINDOWS\system32\drivers\isapnp.sys
2008-04-14 19:47   40,832   ----a-w   C:\WINDOWS\system32\drivers\crusoe.sys
2008-04-14 19:46   40,448   ----a-w   C:\WINDOWS\system32\drivers\intelppm.sys
2008-04-14 19:45   49,664   ----a-w   C:\WINDOWS\system32\inetres.dll
2008-04-14 19:45   2,977,792   ----a-w   C:\WINDOWS\system32\wmploc.dll
2008-04-14 19:43   563,200   ----a-w   C:\WINDOWS\system32\shdoclc.dll
2008-04-14 19:41   65,280   ----a-w   C:\WINDOWS\system32\drivers\serial.sys
2008-04-14 19:41   53,248   ----a-w   C:\WINDOWS\system32\drivers\i8042prt.sys
2008-04-14 19:39   25,728   ------w   C:\WINDOWS\system32\drivers\hidbth.sys
2008-04-14 19:39   190,976   ----a-w   C:\WINDOWS\system32\wmerror.dll
2008-04-14 19:37   10,240   ----a-w   C:\WINDOWS\system32\gpkrsrc.dll
2008-04-14 19:35   67,584   ----a-w   C:\WINDOWS\system32\browselc.dll
2008-04-14 19:35   58,880   ----a-w   C:\WINDOWS\system32\drivers\redbook.sys
2008-04-14 19:35   273,920   ------w   C:\WINDOWS\system32\drivers\bthport.sys
2008-04-14 19:35   1,845,888   ----a-w   C:\WINDOWS\system32\win32k.sys
2008-04-14 19:33   44,672   ----a-w   C:\WINDOWS\system32\drivers\fips.sys
2008-04-14 19:31   52,864   ----a-w   C:\WINDOWS\system32\drivers\volsnap.sys
2008-04-14 19:30   701,440   ------w   C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-04-14 19:30   39,936   ----a-w   C:\WINDOWS\system32\drivers\processr.sys
2008-04-14 19:30   327,040   ------w   C:\WINDOWS\system32\drivers\ati2mtaa.sys
2008-04-14 19:29   8,192   ----a-w   C:\WINDOWS\system32\asferror.dll
2008-04-14 19:28   41,856   ----a-w   C:\WINDOWS\system32\drivers\amdk7.sys
2008-04-14 19:28   41,472   ----a-w   C:\WINDOWS\system32\drivers\amdk6.sys
2008-04-14 19:25   23,296   ----a-w   C:\WINDOWS\system32\drivers\mouclass.sys
2008-04-14 19:24   30,208   ----a-w   C:\WINDOWS\system32\drivers\modem.sys
2008-04-14 19:24   188,544   ----a-w   C:\WINDOWS\system32\drivers\acpi.sys
2008-04-14 16:33   ---------   d-----w   C:\Program Files\DAP
2008-04-13 22:58   175,744   ----a-w   C:\WINDOWS\system32\drivers\rdbss.sys
2008-04-13 22:51   162,816   ----a-w   C:\WINDOWS\system32\drivers\netbt.sys
2008-04-13 22:50   91,520   ----a-w   C:\WINDOWS\system32\drivers\ndiswan.sys
2008-04-13 22:50   361,344   ----a-w   C:\WINDOWS\system32\drivers\tcpip.sys
2008-04-13 22:50   182,656   ----a-w   C:\WINDOWS\system32\drivers\ndis.sys
2008-04-13 22:49   75,264   ----a-w   C:\WINDOWS\system32\drivers\ipsec.sys
2008-04-13 22:49   51,328   ----a-w   C:\WINDOWS\system32\drivers\rasl2tp.sys
2008-04-13 22:49   48,384   ----a-w   C:\WINDOWS\system32\drivers\raspptp.sys
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 22:51 15360]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-04-23 17:45 22058792]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2008-03-20 12:04 2127296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-11 15:43 7630848]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-08-11 15:43 86016]
"VMSnap3"="C:\WINDOWS\VMSnap3.EXE" [2006-08-30 10:58 49152]
"BigDog303"="C:\WINDOWS\VM303_STI.exe" [ ]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2007-12-21 08:21 1443072]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
TL-WN321G Wireless Utility.lnk - C:\Program Files\TP-LINK\TL-WN321G Wireless Utility\Installer\WINXP\TWCU.exe [2008-01-27 17:32:35 622592]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Kamil^Menu Start^Programy^Autostart^OpenOffice.org 2.4.lnk]
path=C:\Documents and Settings\Kamil\Menu Start\Programy\Autostart\OpenOffice.org 2.4.lnk
backup=C:\WINDOWS\pss\OpenOffice.org 2.4.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2007-06-27 20:03 152872 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDog303]
C:\WINDOWS\VM303_STI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet]
--a------ 2008-03-25 08:38 2196280 C:\Program Files\BitComet\BitComet.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Domino]
--a------ 2006-06-28 17:54 49152 C:\WINDOWS\Domino.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]
--a------ 2008-04-14 18:32 3053056 C:\Program Files\DAP\DAP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverCD]
E:\Run.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2006-02-19 03:41 49152 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
--a------ 2004-08-03 22:32 208952 C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Internet Download Accelerator]
C:\Program Files\IDA\ida.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KMCONFIG]
--a------ 2007-03-06 15:51 212992 C:\Program Files\Keyboard Driver\StartAutorun.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCS Firewall 6]
C:\Program Files\MCS Studios\MCS Firewall 6\mcsfw.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2008-04-14 22:51 1695232 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2006-08-11 15:43 1519616 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
--a------ 2004-08-03 22:32 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
--a------ 2004-08-03 22:32 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
-ra------ 2006-05-16 12:04 2879488 C:\WINDOWS\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Gadu-Gadu\\gg.exe"=
"C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
"C:\\Program Files\\DAP\\DAP.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\\Program Files\\Valve\\hl.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Sunbelt Software\\Personal Firewall 4\\kpf4gui.exe"=
"C:\\Program Files\\Valve\\hlds.exe"=
"C:\\Program Files\\Electronic Arts\\Medal of Honor Airborne\\UnrealEngine3\\Binaries\\MOHA.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7537:TCP"= 7537:TCP:BitComet 7537 TCP
"7537:UDP"= 7537:UDP:BitComet 7537 UDP
"9206:TCP"= 9206:TCP:BitComet 9206 TCP
"9206:UDP"= 9206:UDP:BitComet 9206 UDP
"22132:TCP"= 22132:TCP:BitComet 22132 TCP
"22132:UDP"= 22132:UDP:BitComet 22132 UDP
"18756:TCP"= 18756:TCP:BitComet 18756 TCP
"18756:UDP"= 18756:UDP:BitComet 18756 UDP
"8487:TCP"= 8487:TCP:BitComet 8487 TCP
"8487:UDP"= 8487:UDP:BitComet 8487 UDP
"8809:TCP"= 8809:TCP:BitComet 8809 TCP
"8809:UDP"= 8809:UDP:BitComet 8809 UDP

R0 axwhisky;axwhisky;C:\WINDOWS\system32\DRIVERS\axwhisky.sys [2003-07-02 18:41]
R0 axwskbus;axwskbus;C:\WINDOWS\system32\DRIVERS\axwskbus.sys [2003-07-02 17:49]
R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2005-12-15 18:13]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2005-12-15 18:01]
R2 KMWDSERVICE;Keyboard And Mouse Communication Service;C:\Program Files\Keyboard Driver\KMWDSrv.exe [2007-04-05 11:29]
R3 KMWDFilter;KMWDFilter;C:\WINDOWS\System32\Drivers\KMWDFilter.SYS [2007-03-29 16:00]
R3 vmfilter303;vmfilter303;C:\WINDOWS\system32\drivers\vmfilter303.sys [2006-04-25 10:57]
S2 ip_fw;ipfw kernel-mode driver;C:\Program Files\MCS Studios\MCS Firewall 6\system\ip_fw.sys []
S2 ipfw;ipfw_helper;C:\Program Files\MCS Studios\MCS Firewall 6\system\ipfw.exe []
S3 Bcfilter;Jetico Personal Firewall Network Monitor;C:\WINDOWS\system32\DRIVERS\bcfilter.sys []
S3 BcfilterMP;BcfilterMP;C:\WINDOWS\system32\DRIVERS\bcfilter.sys []
S3 ddsxeiservice;ddsxeiservice2;C:\Program Files\sXe Injected\ddsxei.sys []
S3 kvpndev;Kerio VPN adapter;C:\WINDOWS\system32\DRIVERS\kvpndrv.sys [2007-08-28 09:48]
S3 kwflower;Kerio WinRoute Firewall Driver - Lower Layer;C:\WINDOWS\system32\DRIVERS\kwflower.sys []
S3 netr73;TL-WN321G Wireless USB Adapter Driver for Vista;C:\WINDOWS\system32\DRIVERS\netr73.sys [2007-01-04 10:41]
S3 Start BT in service;Start BT in service;C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe [2007-04-21 15:54]

.
Contents of the 'Scheduled Tasks' folder
"2008-05-12 06:54:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-05-26 22:00:00 C:\WINDOWS\Tasks\At1.job"
- C:\WINDOWS\system32\gFI82A1K.exe
"2008-05-12 07:00:00 C:\WINDOWS\Tasks\At10.job"
- C:\WINDOWS\system32\gFI82A1K.exe
"2008-05-12 08:00:00 C:\WINDOWS\Tasks\At11.job"
- C:\WINDOWS\system32\gFI82A1K.exe
"2008-05-22 09:00:00 C:\WINDOWS\Tasks\At12.job"
- C:\WINDOWS\system32\gFI82A1K.exe
"2008-05-23 10:00:00 C:\WINDOWS\Tasks\At13.job"
- C:\WINDOWS\system32\gFI82A1K.exe
"2008-05-26 11:00:00 C:\WINDOWS\Tasks\At14.job"
- C:\WINDOWS\system32\gFI82A1K.exe
"2008-05-27 12:00:00 C:\WINDOWS\Tasks\At15.job"
- C:\WINDOWS\system32\gFI82A1K.exe
"2008-05-28 13:00:00 C:\WINDOWS\Tasks\At16.job"
- C:\WINDOWS\system32\gFI82A1K.exe
"2008-05-28 14:00:00 C:\WINDOWS\Tasks\At17.job"
- C:\WINDOWS\system32\gFI82A1K.exe
"2008-05-28 15:00:00 C:\WINDOWS\Tasks\At18.job"
- C:\WINDOWS\system32\gFI82A1K.exe
"2008-05-28 16:00:00 C:\WINDOWS\Tasks\At19.job"
- C:\WINDOWS\system32\gFI82A1K.exe
"2008-05-26 23:00:00 C:\WINDOWS\Tasks\At2.job"
- C:\WINDOWS\system32\gFI82A1K.exe
"2008-05-27 17:00:00 C:\WINDOWS\Tasks\At20.job"
- C:\WINDOWS\system32\gFI82A1K.exe
"2008-05-27 18:00:00 C:\WINDOWS\Tasks\At21.job"
- C:\WINDOWS\system32\gFI82A1K.exe
"2008-05-27 19:00:00 C:\WINDOWS\Tasks\At22.job"
- C:\WINDOWS\system32\gFI82A1K.exe
"2008-05-27 20:00:00 C:\WINDOWS\Tasks\At23.job"
- C:\WINDOWS\system32\gFI82A1K.exe
"2008-05-26 21:00:00 C:\WINDOWS\Tasks\At24.job"
- C:\WINDOWS\system32\gFI82A1K.exe
"2008-05-27 00:00:00 C:\WINDOWS\Tasks\At3.job"
- C:\WINDOWS\system32\gFI82A1K.exe
"2008-05-27 01:00:00 C:\WINDOWS\Tasks\At4.job"
- C:\WINDOWS\system32\gFI82A1K.exe
"2008-05-27 02:00:00 C:\WINDOWS\Tasks\At5.job"
- C:\WINDOWS\system32\gFI82A1K.exe
"2008-05-27 03:00:00 C:\WINDOWS\Tasks\At6.job"
- C:\WINDOWS\system32\gFI82A1K.exe
"2008-05-27 04:00:00 C:\WINDOWS\Tasks\At7.job"
- C:\WINDOWS\system32\gFI82A1K.exe
"2008-05-16 05:00:00 C:\WINDOWS\Tasks\At8.job"
- C:\WINDOWS\system32\gFI82A1K.exe
"2008-04-21 06:00:00 C:\WINDOWS\Tasks\At9.job"
- C:\WINDOWS\system32\gFI82A1K.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-28 18:17:05
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  BigDog303 = C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)????????????????0?????????@??????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-05-28 18:18:30
ComboFix-quarantined-files.txt  2008-05-28 16:18:25

Pre-Run: 7,006,023,680 bajtów wolnych
Post-Run: 7,004,925,952 bajtów wolnych

311   --- E O F ---   2008-05-16 10:21:20


[huber2t]

Wykonaj optymalizacje pc

fix w hijackthis

O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)

Pobierz ComboFix, ale nie uruchamiaj
Wklej do notatnika:

Kod: Zaznacz wszystko

File::
C:\WINDOWS\system32\gFI82A1K.exe
C:\WINDOWS\Tasks\At1.job
C:\WINDOWS\Tasks\At10.job
C:\WINDOWS\Tasks\At11.job
C:\WINDOWS\Tasks\At12.job
C:\WINDOWS\Tasks\At13.job
C:\WINDOWS\Tasks\At14.job
C:\WINDOWS\Tasks\At15.job
C:\WINDOWS\Tasks\At16.job
C:\WINDOWS\Tasks\At17.job
C:\WINDOWS\Tasks\At18.job
C:\WINDOWS\Tasks\At19.job
C:\WINDOWS\Tasks\At2.job
C:\WINDOWS\Tasks\At20.job
C:\WINDOWS\Tasks\At21.job
C:\WINDOWS\Tasks\At22.job
C:\WINDOWS\Tasks\At23.job
C:\WINDOWS\Tasks\At24.job
C:\WINDOWS\Tasks\At3.job
C:\WINDOWS\Tasks\At4.job
C:\WINDOWS\Tasks\At5.job
C:\WINDOWS\Tasks\At6.job
C:\WINDOWS\Tasks\At7.job
C:\WINDOWS\Tasks\At8.job
C:\WINDOWS\Tasks\At9.job

Driver::
ddsxeiservice


Plik zapisz jako CFScript.txt (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe)
Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe tak jak tu

Rozpocznie się usuwanie i powstanie log, daj ten log na forum.

Logi dajesz na http://www.wklej.eu/

[adamsio]

Zrobiłem dokładnie tak jak napisałeś i...Nie powstał żaden nowy log...

[huber2t]

To przeskanuj samym combofixem i daj log na forum

[adamsio]

Kod: Zaznacz wszystko

ComboFix 08-05-21.2 - Kamil 2008-05-29 16:27:56.10 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1250.1.1045.18.583 [GMT 2:00]
Running from: D:\Downloads\Narzędzia Systemowe\ComboFix.exe
 * Resident AV is active


[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

(((((((((((((((((((((((((   Files Created from 2008-04-28 to 2008-05-29  )))))))))))))))))))))))))))))))
.

2008-05-22 18:28 . 2008-05-22 18:28   <DIR>   d--------   C:\Program Files\Electronic Arts
2008-05-21 16:57 . 2008-05-21 16:57   <DIR>   d--------   C:\WINDOWS\system32\AGEIA
2008-05-21 16:57 . 2008-05-21 16:57   <DIR>   d--------   C:\Program Files\Common Files\Wise Installation Wizard
2008-05-21 16:57 . 2008-05-21 16:57   <DIR>   d--------   C:\Program Files\AGEIA Technologies
2008-05-20 17:47 . 2008-05-20 17:47   <DIR>   d--------   C:\Program Files\Lavalys
2008-05-06 20:04 . 2008-05-06 20:04   <DIR>   d--------   C:\Program Files\ESET
2008-05-05 15:55 . 2008-05-05 15:55   <DIR>   d--------   C:\Program Files\GIMP-2.0
2008-04-30 18:46 . 2008-04-30 18:46   56   --ah-----   C:\WINDOWS\system32\ezsidmv.dat
2008-04-30 18:45 . 2008-04-30 18:45   <DIR>   d--------   C:\Program Files\Common Files\Skype
2008-04-30 17:51 . 2008-04-30 17:51   <DIR>   d--------   C:\WINDOWS\ServicePackFiles
2008-04-30 17:51 . 2008-04-14 22:51   294,912   -----c---   C:\WINDOWS\system32\dllcache\dlimport.exe
2008-04-29 15:54 . 2008-04-29 15:54   <DIR>   d--------   C:\Program Files\Radical Games

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-29 14:31   ---------   d-----w   C:\Program Files\DC++
2008-05-29 14:07   ---------   d-----w   C:\Documents and Settings\Kamil\Dane aplikacji\Skype
2008-05-29 14:05   ---------   d-----w   C:\Documents and Settings\Kamil\Dane aplikacji\skypePM
2008-05-27 12:08   ---------   d-----w   C:\Documents and Settings\Kamil\Dane aplikacji\BearShare
2008-05-26 18:55   ---------   d-----w   C:\Documents and Settings\Kamil\Dane aplikacji\gtk-2.0
2008-05-23 10:50   ---------   d-----w   C:\Documents and Settings\Kamil\Dane aplikacji\OpenOffice.org2
2008-05-22 17:37   ---------   d---a-w   C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2008-05-22 10:51   ---------   d-----w   C:\Program Files\Sunbelt Software
2008-05-16 15:32   1,431   ----a-w   C:\WINDOWS\system32\drivers\fwdrv.err
2008-04-29 13:58   ---------   d--h--w   C:\Program Files\InstallShield Installation Information
2008-04-25 15:12   ---------   d-----w   C:\Program Files\Activision
2008-04-24 17:25   ---------   d-----w   C:\Program Files\Kolekcja Klasyki
2008-04-24 14:27   108,144   ----a-w   C:\WINDOWS\system32\CmdLineExt.dll
2008-04-19 18:22   ---------   d-----w   C:\Program Files\MarBit
2008-04-17 17:52   ---------   d-----w   C:\Program Files\OpenOffice.org 2.4
2008-04-17 17:52   ---------   d-----w   C:\Program Files\Java
2008-04-17 17:20   ---------   d-----w   C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help
2008-04-16 11:20   ---------   d-----w   C:\Program Files\QuickTime
2008-04-16 11:19   ---------   d-----w   C:\Documents and Settings\All Users\Dane aplikacji\Apple Computer
2008-04-16 11:15   ---------   d-----w   C:\Program Files\Apple Software Update
2008-04-16 11:15   ---------   d-----w   C:\Documents and Settings\All Users\Dane aplikacji\Apple
2008-04-15 17:28   ---------   d-----w   C:\Program Files\Winamp
2008-04-15 11:30   ---------   d-----w   C:\Program Files\ffdshow
2008-04-14 21:16   1,804   ----a-w   C:\WINDOWS\system32\dcache.bin
2008-04-14 20:56   332,288   ----a-w   C:\WINDOWS\system32\netsetup.exe
2008-04-14 20:52   92,424   ----a-w   C:\WINDOWS\system32\rdpdd.dll
2008-04-14 20:52   87,176   ----a-w   C:\WINDOWS\system32\rdpwsx.dll
2008-04-14 20:52   40,840   ----a-w   C:\WINDOWS\system32\drivers\termdd.sys
2008-04-14 20:52   21,896   ----a-w   C:\WINDOWS\system32\drivers\tdtcp.sys
2008-04-14 20:52   139,656   ----a-w   C:\WINDOWS\system32\drivers\rdpwd.sys
2008-04-14 20:52   12,168   ----a-w   C:\WINDOWS\system32\tsddd.dll
2008-04-14 20:52   12,040   ----a-w   C:\WINDOWS\system32\drivers\tdpipe.sys
2008-04-14 20:50   999,936   ----a-w   C:\WINDOWS\system32\syssetup.dll
2008-04-14 20:49   98,304   ----a-w   C:\WINDOWS\system32\actxprxy.dll
2008-04-14 20:48   76,288   ----a-w   C:\WINDOWS\system32\uniime.dll
2008-04-14 20:48   5,632   ----a-w   C:\WINDOWS\system32\wmi.dll
2008-04-14 20:48   1,449,472   ----a-w   C:\WINDOWS\system32\winntbbu.dll
2008-04-14 20:47   57,375   ----a-w   C:\WINDOWS\system32\odbcji32.dll
2008-04-14 20:47   103,424   ----a-w   C:\WINDOWS\system32\dpcdll.dll
2008-04-14 20:43   4,126   ----a-w   C:\WINDOWS\system32\msdxmlc.dll
2008-04-14 20:42   3,584   ----a-w   C:\WINDOWS\system32\msafd.dll
2008-04-14 20:37   811,064   ----a-w   C:\WINDOWS\system32\imjp81k.dll
2008-04-14 20:36   3,584   ----a-w   C:\WINDOWS\system32\icmp.dll
2008-04-14 20:35   9,344   ----a-w   C:\WINDOWS\system32\framebuf.dll
2008-04-14 20:35   569,856   ----a-w   C:\WINDOWS\system32\gpedit.dll
2008-04-14 20:34   7,168   ----a-w   C:\WINDOWS\system32\f3ahvoas.dll
2008-04-14 20:33   3,072   ----a-w   C:\WINDOWS\system32\dpnlobby.dll
2008-04-14 20:33   3,072   ----a-w   C:\WINDOWS\system32\dpnaddr.dll
2008-04-14 20:33   24,064   ----a-w   C:\WINDOWS\system32\pidgen.dll
2008-04-14 20:31   16,896   ----a-w   C:\WINDOWS\system32\cfgmgr32.dll
2008-04-14 20:30   285,696   ----a-w   C:\WINDOWS\system32\atmfd.dll
2008-04-14 20:04   73,472   ----a-w   C:\WINDOWS\system32\drivers\sr.sys
2008-04-14 20:03   80,256   ----a-w   C:\WINDOWS\system32\drivers\parport.sys
2008-04-14 20:03   68,608   ----a-w   C:\WINDOWS\system32\drivers\pci.sys
2008-04-14 20:03   46,848   ----a-w   C:\WINDOWS\system32\drivers\p3.sys
2008-04-14 20:03   120,320   ----a-w   C:\WINDOWS\system32\drivers\pcmcia.sys
2008-04-14 19:59   2,146,816   ----a-w   C:\WINDOWS\system32\ntoskrnl.exe
2008-04-14 19:59   2,025,472   ----a-w   C:\WINDOWS\system32\ntkrnlpa.exe
2008-04-14 19:55   4,096   ----a-w   C:\WINDOWS\system32\dsprpres.dll
2008-04-14 19:52   89,600   ------w   C:\WINDOWS\system32\msxml6r.dll
2008-04-14 19:52   800,000   ----a-w   C:\WINDOWS\system32\drivers\dmboot.sys
2008-04-14 19:52   153,856   ----a-w   C:\WINDOWS\system32\drivers\dmio.sys
2008-04-14 19:50   80,896   ------w   C:\WINDOWS\system32\msshavmsg.dll
2008-04-14 19:50   24,960   ----a-w   C:\WINDOWS\system32\drivers\kbdclass.sys
2008-04-14 19:50   14,720   ----a-w   C:\WINDOWS\system32\drivers\kbdhid.sys
2008-04-14 19:48   37,632   ----a-w   C:\WINDOWS\system32\drivers\isapnp.sys
2008-04-14 19:47   40,832   ----a-w   C:\WINDOWS\system32\drivers\crusoe.sys
2008-04-14 19:46   40,448   ----a-w   C:\WINDOWS\system32\drivers\intelppm.sys
2008-04-14 19:45   49,664   ----a-w   C:\WINDOWS\system32\inetres.dll
2008-04-14 19:45   2,977,792   ----a-w   C:\WINDOWS\system32\wmploc.dll
2008-04-14 19:43   563,200   ----a-w   C:\WINDOWS\system32\shdoclc.dll
2008-04-14 19:41   65,280   ----a-w   C:\WINDOWS\system32\drivers\serial.sys
2008-04-14 19:41   53,248   ----a-w   C:\WINDOWS\system32\drivers\i8042prt.sys
2008-04-14 19:39   25,728   ------w   C:\WINDOWS\system32\drivers\hidbth.sys
2008-04-14 19:39   190,976   ----a-w   C:\WINDOWS\system32\wmerror.dll
2008-04-14 19:37   10,240   ----a-w   C:\WINDOWS\system32\gpkrsrc.dll
2008-04-14 19:35   67,584   ----a-w   C:\WINDOWS\system32\browselc.dll
2008-04-14 19:35   58,880   ----a-w   C:\WINDOWS\system32\drivers\redbook.sys
2008-04-14 19:35   273,920   ------w   C:\WINDOWS\system32\drivers\bthport.sys
2008-04-14 19:35   1,845,888   ----a-w   C:\WINDOWS\system32\win32k.sys
2008-04-14 19:33   44,672   ----a-w   C:\WINDOWS\system32\drivers\fips.sys
2008-04-14 19:31   52,864   ----a-w   C:\WINDOWS\system32\drivers\volsnap.sys
2008-04-14 19:30   701,440   ------w   C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-04-14 19:30   39,936   ----a-w   C:\WINDOWS\system32\drivers\processr.sys
2008-04-14 19:30   327,040   ------w   C:\WINDOWS\system32\drivers\ati2mtaa.sys
2008-04-14 19:29   8,192   ----a-w   C:\WINDOWS\system32\asferror.dll
2008-04-14 19:28   41,856   ----a-w   C:\WINDOWS\system32\drivers\amdk7.sys
2008-04-14 19:28   41,472   ----a-w   C:\WINDOWS\system32\drivers\amdk6.sys
2008-04-14 19:25   23,296   ----a-w   C:\WINDOWS\system32\drivers\mouclass.sys
2008-04-14 19:24   30,208   ----a-w   C:\WINDOWS\system32\drivers\modem.sys
2008-04-14 19:24   188,544   ----a-w   C:\WINDOWS\system32\drivers\acpi.sys
2008-04-14 16:33   ---------   d-----w   C:\Program Files\DAP
2008-04-13 22:58   175,744   ----a-w   C:\WINDOWS\system32\drivers\rdbss.sys
2008-04-13 22:51   162,816   ----a-w   C:\WINDOWS\system32\drivers\netbt.sys
2008-04-13 22:50   91,520   ----a-w   C:\WINDOWS\system32\drivers\ndiswan.sys
2008-04-13 22:50   361,344   ----a-w   C:\WINDOWS\system32\drivers\tcpip.sys
2008-04-13 22:50   182,656   ----a-w   C:\WINDOWS\system32\drivers\ndis.sys
2008-04-13 22:49   75,264   ----a-w   C:\WINDOWS\system32\drivers\ipsec.sys
2008-04-13 22:49   51,328   ----a-w   C:\WINDOWS\system32\drivers\rasl2tp.sys
2008-04-13 22:49   48,384   ----a-w   C:\WINDOWS\system32\drivers\raspptp.sys
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 22:51 15360]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-04-23 17:45 22058792]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2008-03-20 12:04 2127296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-11 15:43 7630848]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-08-11 15:43 86016]
"VMSnap3"="C:\WINDOWS\VMSnap3.EXE" [2006-08-30 10:58 49152]
"BigDog303"="C:\WINDOWS\VM303_STI.exe" [ ]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2007-12-21 08:21 1443072]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
TL-WN321G Wireless Utility.lnk - C:\Program Files\TP-LINK\TL-WN321G Wireless Utility\Installer\WINXP\TWCU.exe [2008-01-27 17:32:35 622592]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Kamil^Menu Start^Programy^Autostart^OpenOffice.org 2.4.lnk]
path=C:\Documents and Settings\Kamil\Menu Start\Programy\Autostart\OpenOffice.org 2.4.lnk
backup=C:\WINDOWS\pss\OpenOffice.org 2.4.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2007-06-27 20:03 152872 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDog303]
C:\WINDOWS\VM303_STI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet]
--a------ 2008-03-25 08:38 2196280 C:\Program Files\BitComet\BitComet.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Domino]
--a------ 2006-06-28 17:54 49152 C:\WINDOWS\Domino.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]
--a------ 2008-04-14 18:32 3053056 C:\Program Files\DAP\DAP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverCD]
E:\Run.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2006-02-19 03:41 49152 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
--a------ 2004-08-03 22:32 208952 C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Internet Download Accelerator]
C:\Program Files\IDA\ida.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KMCONFIG]
--a------ 2007-03-06 15:51 212992 C:\Program Files\Keyboard Driver\StartAutorun.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCS Firewall 6]
C:\Program Files\MCS Studios\MCS Firewall 6\mcsfw.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2008-04-14 22:51 1695232 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2006-08-11 15:43 1519616 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
--a------ 2004-08-03 22:32 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
--a------ 2004-08-03 22:32 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
-ra------ 2006-05-16 12:04 2879488 C:\WINDOWS\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Gadu-Gadu\\gg.exe"=
"C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
"C:\\Program Files\\DAP\\DAP.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\\Program Files\\Valve\\hl.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Sunbelt Software\\Personal Firewall 4\\kpf4gui.exe"=
"C:\\Program Files\\Valve\\hlds.exe"=
"C:\\Program Files\\Electronic Arts\\Medal of Honor Airborne\\UnrealEngine3\\Binaries\\MOHA.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7537:TCP"= 7537:TCP:BitComet 7537 TCP
"7537:UDP"= 7537:UDP:BitComet 7537 UDP
"9206:TCP"= 9206:TCP:BitComet 9206 TCP
"9206:UDP"= 9206:UDP:BitComet 9206 UDP
"22132:TCP"= 22132:TCP:BitComet 22132 TCP
"22132:UDP"= 22132:UDP:BitComet 22132 UDP
"18756:TCP"= 18756:TCP:BitComet 18756 TCP
"18756:UDP"= 18756:UDP:BitComet 18756 UDP
"8487:TCP"= 8487:TCP:BitComet 8487 TCP
"8487:UDP"= 8487:UDP:BitComet 8487 UDP
"8809:TCP"= 8809:TCP:BitComet 8809 TCP
"8809:UDP"= 8809:UDP:BitComet 8809 UDP

R0 axwhisky;axwhisky;C:\WINDOWS\system32\DRIVERS\axwhisky.sys [2003-07-02 18:41]
R0 axwskbus;axwskbus;C:\WINDOWS\system32\DRIVERS\axwskbus.sys [2003-07-02 17:49]
R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2005-12-15 18:13]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2005-12-15 18:01]
R2 KMWDSERVICE;Keyboard And Mouse Communication Service;C:\Program Files\Keyboard Driver\KMWDSrv.exe [2007-04-05 11:29]
R3 KMWDFilter;KMWDFilter;C:\WINDOWS\System32\Drivers\KMWDFilter.SYS [2007-03-29 16:00]
R3 vmfilter303;vmfilter303;C:\WINDOWS\system32\drivers\vmfilter303.sys [2006-04-25 10:57]
S2 ip_fw;ipfw kernel-mode driver;C:\Program Files\MCS Studios\MCS Firewall 6\system\ip_fw.sys []
S2 ipfw;ipfw_helper;C:\Program Files\MCS Studios\MCS Firewall 6\system\ipfw.exe []
S3 Bcfilter;Jetico Personal Firewall Network Monitor;C:\WINDOWS\system32\DRIVERS\bcfilter.sys []
S3 BcfilterMP;BcfilterMP;C:\WINDOWS\system32\DRIVERS\bcfilter.sys []
S3 ddsxeiservice;ddsxeiservice2;C:\Program Files\sXe Injected\ddsxei.sys []
S3 kvpndev;Kerio VPN adapter;C:\WINDOWS\system32\DRIVERS\kvpndrv.sys [2007-08-28 09:48]
S3 kwflower;Kerio WinRoute Firewall Driver - Lower Layer;C:\WINDOWS\system32\DRIVERS\kwflower.sys []
S3 netr73;TL-WN321G Wireless USB Adapter Driver for Vista;C:\WINDOWS\system32\DRIVERS\netr73.sys [2007-01-04 10:41]
S3 Start BT in service;Start BT in service;C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe [2007-04-21 15:54]

.
Contents of the 'Scheduled Tasks' folder
"2008-05-12 06:54:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-05-26 22:00:00 C:\WINDOWS\Tasks\At1.job"
- C:\WINDOWS\system32\gFI82A1K.exe
"2008-05-12 07:00:00 C:\WINDOWS\Tasks\At10.job"
- C:\WINDOWS\system32\gFI82A1K.exe
"2008-05-12 08:00:00 C:\WINDOWS\Tasks\At11.job"
- C:\WINDOWS\system32\gFI82A1K.exe
"2008-05-22 09:00:00 C:\WINDOWS\Tasks\At12.job"
- C:\WINDOWS\system32\gFI82A1K.exe
"2008-05-23 10:00:00 C:\WINDOWS\Tasks\At13.job"
- C:\WINDOWS\system32\gFI82A1K.exe
"2008-05-26 11:00:00 C:\WINDOWS\Tasks\At14.job"
- C:\WINDOWS\system32\gFI82A1K.exe
"2008-05-27 12:00:00 C:\WINDOWS\Tasks\At15.job"
- C:\WINDOWS\system32\gFI82A1K.exe
"2008-05-28 13:00:00 C:\WINDOWS\Tasks\At16.job"
- C:\WINDOWS\system32\gFI82A1K.exe
"2008-05-29 14:00:00 C:\WINDOWS\Tasks\At17.job"
- C:\WINDOWS\system32\gFI82A1K.exe
"2008-05-28 15:00:00 C:\WINDOWS\Tasks\At18.job"
- C:\WINDOWS\system32\gFI82A1K.exe
"2008-05-28 16:00:00 C:\WINDOWS\Tasks\At19.job"
- C:\WINDOWS\system32\gFI82A1K.exe
"2008-05-26 23:00:00 C:\WINDOWS\Tasks\At2.job"
- C:\WINDOWS\system32\gFI82A1K.exe
"2008-05-28 17:00:00 C:\WINDOWS\Tasks\At20.job"
- C:\WINDOWS\system32\gFI82A1K.exe
"2008-05-28 18:00:00 C:\WINDOWS\Tasks\At21.job"
- C:\WINDOWS\system32\gFI82A1K.exe
"2008-05-28 19:00:00 C:\WINDOWS\Tasks\At22.job"
- C:\WINDOWS\system32\gFI82A1K.exe
"2008-05-28 20:00:00 C:\WINDOWS\Tasks\At23.job"
- C:\WINDOWS\system32\gFI82A1K.exe
"2008-05-26 21:00:00 C:\WINDOWS\Tasks\At24.job"
- C:\WINDOWS\system32\gFI82A1K.exe
"2008-05-27 00:00:00 C:\WINDOWS\Tasks\At3.job"
- C:\WINDOWS\system32\gFI82A1K.exe
"2008-05-27 01:00:00 C:\WINDOWS\Tasks\At4.job"
- C:\WINDOWS\system32\gFI82A1K.exe
"2008-05-27 02:00:00 C:\WINDOWS\Tasks\At5.job"
- C:\WINDOWS\system32\gFI82A1K.exe
"2008-05-27 03:00:00 C:\WINDOWS\Tasks\At6.job"
- C:\WINDOWS\system32\gFI82A1K.exe
"2008-05-27 04:00:00 C:\WINDOWS\Tasks\At7.job"
- C:\WINDOWS\system32\gFI82A1K.exe
"2008-05-16 05:00:00 C:\WINDOWS\Tasks\At8.job"
- C:\WINDOWS\system32\gFI82A1K.exe
"2008-04-21 06:00:00 C:\WINDOWS\Tasks\At9.job"
- C:\WINDOWS\system32\gFI82A1K.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-29 16:31:39
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  BigDog303 = C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)????????????????0?????????@??????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-05-29 16:33:03
ComboFix-quarantined-files.txt  2008-05-29 14:32:58

Pre-Run: 5,687,390,208 bajtów wolnych
Post-Run: 5,672,030,208 bajtów wolnych

311   --- E O F ---   2008-05-16 10:21:20


[huber2t]

Pobierz The Avenger

wklej do niego ten tekst:

Kod: Zaznacz wszystko

Files to delete:
C:\WINDOWS\system32\gFI82A1K.exe
C:\WINDOWS\Tasks\At1.job
C:\WINDOWS\Tasks\At10.job
C:\WINDOWS\Tasks\At11.job
C:\WINDOWS\Tasks\At12.job
C:\WINDOWS\Tasks\At13.job
C:\WINDOWS\Tasks\At14.job
C:\WINDOWS\Tasks\At15.job
C:\WINDOWS\Tasks\At16.job
C:\WINDOWS\Tasks\At17.job
C:\WINDOWS\Tasks\At18.job
C:\WINDOWS\Tasks\At19.job
C:\WINDOWS\Tasks\At2.job
C:\WINDOWS\Tasks\At20.job
C:\WINDOWS\Tasks\At21.job
C:\WINDOWS\Tasks\At22.job
C:\WINDOWS\Tasks\At23.job
C:\WINDOWS\Tasks\At24.job
C:\WINDOWS\Tasks\At3.job
C:\WINDOWS\Tasks\At4.job
C:\WINDOWS\Tasks\At5.job
C:\WINDOWS\Tasks\At6.job
C:\WINDOWS\Tasks\At7.job
C:\WINDOWS\Tasks\At8.job
C:\WINDOWS\Tasks\At9.job

Drivers to delete:
ddsxeiservice


kopiuj to i klikasz na Paste Script from Clipboard wybierasz Execute oraz Potwierdzasz i zgadzasz się na restart klikając OK.
Kasujesz ręcznie z dysku plik: C:\Avenger\backup.zip i wklejasz na forum raport: C:\avenger.txt

[adamsio]

Kod: Zaznacz wszystko

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform:  Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Error:  file "C:\WINDOWS\system32\gFI82A1K.exe" not found!
Deletion of file "C:\WINDOWS\system32\gFI82A1K.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist

File "C:\WINDOWS\Tasks\At1.job" deleted successfully.
File "C:\WINDOWS\Tasks\At10.job" deleted successfully.
File "C:\WINDOWS\Tasks\At11.job" deleted successfully.
File "C:\WINDOWS\Tasks\At12.job" deleted successfully.
File "C:\WINDOWS\Tasks\At13.job" deleted successfully.
File "C:\WINDOWS\Tasks\At14.job" deleted successfully.
File "C:\WINDOWS\Tasks\At15.job" deleted successfully.
File "C:\WINDOWS\Tasks\At16.job" deleted successfully.
File "C:\WINDOWS\Tasks\At17.job" deleted successfully.
File "C:\WINDOWS\Tasks\At18.job" deleted successfully.
File "C:\WINDOWS\Tasks\At19.job" deleted successfully.
File "C:\WINDOWS\Tasks\At2.job" deleted successfully.
File "C:\WINDOWS\Tasks\At20.job" deleted successfully.
File "C:\WINDOWS\Tasks\At21.job" deleted successfully.
File "C:\WINDOWS\Tasks\At22.job" deleted successfully.
File "C:\WINDOWS\Tasks\At23.job" deleted successfully.
File "C:\WINDOWS\Tasks\At24.job" deleted successfully.
File "C:\WINDOWS\Tasks\At3.job" deleted successfully.
File "C:\WINDOWS\Tasks\At4.job" deleted successfully.
File "C:\WINDOWS\Tasks\At5.job" deleted successfully.
File "C:\WINDOWS\Tasks\At6.job" deleted successfully.
File "C:\WINDOWS\Tasks\At7.job" deleted successfully.
File "C:\WINDOWS\Tasks\At8.job" deleted successfully.
File "C:\WINDOWS\Tasks\At9.job" deleted successfully.
Driver "ddsxeiservice" deleted successfully.

Completed script processing.

*******************

Finished!  Terminate.


[huber2t]

Pliki się usuneły czy są jeszcze problemy?

[adamsio]

Już o wiele lepiej...

Jeszcze trochę muli, ale to pewnie dlatego, że już niedługo trzeba zrobić format...

[huber2t]

Dla pewności daj nowego loga z combofix

[adamsio]

Kod: Zaznacz wszystko

ComboFix 08-05-21.2 - Kamil 2008-05-30 11:52:31.11 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1250.1.1045.18.577 [GMT 2:00]
Running from: D:\Downloads\Narzędzia Systemowe\ComboFix.exe
 * Resident AV is active


[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

(((((((((((((((((((((((((   Files Created from 2008-04-28 to 2008-05-30  )))))))))))))))))))))))))))))))
.

2008-05-29 19:01 . 2008-05-29 19:04   <DIR>   d--------   C:\Documents and Settings\Kamil\Dane aplikacji\Winamp
2008-05-22 18:28 . 2008-05-22 18:28   <DIR>   d--------   C:\Program Files\Electronic Arts
2008-05-21 16:57 . 2008-05-21 16:57   <DIR>   d--------   C:\WINDOWS\system32\AGEIA
2008-05-21 16:57 . 2008-05-21 16:57   <DIR>   d--------   C:\Program Files\Common Files\Wise Installation Wizard
2008-05-21 16:57 . 2008-05-21 16:57   <DIR>   d--------   C:\Program Files\AGEIA Technologies
2008-05-20 17:47 . 2008-05-20 17:47   <DIR>   d--------   C:\Program Files\Lavalys
2008-05-06 20:04 . 2008-05-06 20:04   <DIR>   d--------   C:\Program Files\ESET
2008-05-05 15:55 . 2008-05-05 15:55   <DIR>   d--------   C:\Program Files\GIMP-2.0
2008-04-30 18:46 . 2008-04-30 18:46   56   --ah-----   C:\WINDOWS\system32\ezsidmv.dat
2008-04-30 18:45 . 2008-04-30 18:45   <DIR>   d--------   C:\Program Files\Common Files\Skype
2008-04-30 17:51 . 2008-04-30 17:51   <DIR>   d--------   C:\WINDOWS\ServicePackFiles
2008-04-30 17:51 . 2008-04-14 22:51   294,912   -----c---   C:\WINDOWS\system32\dllcache\dlimport.exe
2008-04-29 15:54 . 2008-04-29 15:54   <DIR>   d--------   C:\Program Files\Radical Games
2008-04-25 17:12 . 2008-04-25 17:12   <DIR>   d--------   C:\Program Files\Activision
2008-04-24 19:25 . 2008-04-24 19:25   <DIR>   d--------   C:\Program Files\Kolekcja Klasyki
2008-04-22 19:03 . 2008-04-22 19:03   <DIR>   d--------   C:\WINDOWS\wb
2008-04-22 19:03 . 1996-08-16 13:44   87,552   -ra------   C:\WINDOWS\system\url.dll
2008-04-22 19:03 . 1996-09-30 12:32   9,728   -ra------   C:\WINDOWS\system\rnaph.dll
2008-04-22 19:00 . 2008-04-22 19:00   <DIR>   d--------   C:\WINDOWS\Start Menu
2008-04-22 19:00 . 1998-12-07 16:20   1,020,416   --a------   C:\WINDOWS\system32\WebPro32.ocx
2008-04-22 19:00 . 1999-01-22 17:08   34,665   --a------   C:\WINDOWS\system32\ripx.vxd
2008-04-22 18:59 . 2008-04-22 18:59   <DIR>   d--------   C:\Documents and Settings\Kamil\WINDOWS
2008-04-22 18:59 . 1996-10-15 18:01   298,496   --a------   C:\WINDOWS\uninst.exe
2008-04-20 14:12 . 2008-05-19 18:33   54,156   --ah-----   C:\WINDOWS\QTFont.qfn
2008-04-20 14:12 . 2008-04-20 14:12   1,409   --a------   C:\WINDOWS\QTFont.for
2008-04-19 20:22 . 2008-04-19 20:22   <DIR>   d--------   C:\Program Files\MarBit
2008-04-16 13:19 . 2008-04-16 13:20   <DIR>   d--------   C:\Program Files\QuickTime
2008-04-16 13:19 . 2008-04-16 13:19   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\Apple Computer
2008-04-16 13:15 . 2008-04-16 13:15   <DIR>   d--------   C:\Program Files\Apple Software Update
2008-04-16 13:15 . 2008-04-16 13:15   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\Apple
2008-04-15 20:25 . 2006-10-26 19:56   32,592   --a------   C:\WINDOWS\system32\msonpmon.dll
2008-04-15 20:23 . 2008-04-17 19:20   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help
2008-04-15 13:30 . 2007-04-24 17:30   60,273   --a------   C:\WINDOWS\system32\pthreadGC2.dll
2008-04-14 22:51 . 2008-04-14 22:51   20,992   ---------   C:\WINDOWS\system32\spupdwxp.exe
2008-04-14 22:51 . 2008-04-14 22:51   20,992   ---------   C:\WINDOWS\system32\faxpatch.exe
2008-04-14 22:51 . 2008-04-14 22:51   7,680   --a------   C:\WINDOWS\system32\spdwnwxp.exe
2008-04-14 22:33 . 2008-04-14 22:33   24,064   -----c---   C:\WINDOWS\system32\dllcache\pidgen.dll
2008-04-14 22:05 . 2008-04-14 22:05   1,950   ---------   C:\WINDOWS\system32\pid.inf
2008-04-13 16:39 . 2006-11-29 13:06   3,426,072   --a------   C:\WINDOWS\system32\d3dx9_32.dll
2008-04-13 16:39 . 2006-09-28 16:05   2,414,360   --a------   C:\WINDOWS\system32\d3dx9_31.dll
2008-04-13 16:39 . 2006-12-08 12:02   251,672   --a------   C:\WINDOWS\system32\xactengine2_5.dll
2008-04-13 16:39 . 2006-09-28 16:05   237,848   --a------   C:\WINDOWS\system32\xactengine2_4.dll
2008-04-13 16:34 . 2008-04-13 16:34   <DIR>   d--------   C:\Program Files\Empire Interactive
2008-04-12 08:38 . 2008-04-12 08:38   <DIR>   d--------   C:\Program Files\Rockstar Games
2008-04-09 14:04 . 2008-04-09 14:04   <DIR>   d--------   C:\Program Files\Common Files\Adobe
2008-04-08 15:59 . 2008-05-29 20:00   <DIR>   d--------   C:\Program Files\DC++
2008-04-08 15:49 . 2008-05-22 19:24   <DIR>   d--------   C:\Downloads
2008-04-05 19:36 . 2008-04-05 19:36   319   --a------   C:\WINDOWS\game.ini

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-30 09:49   ---------   d-----w   C:\Documents and Settings\Kamil\Dane aplikacji\Skype
2008-05-30 09:31   ---------   d-----w   C:\Documents and Settings\Kamil\Dane aplikacji\skypePM
2008-05-29 19:30   ---------   d---a-w   C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2008-05-29 19:24   ---------   d-----w   C:\Program Files\DAP
2008-05-29 17:01   ---------   d-----w   C:\Program Files\Winamp
2008-05-27 12:08   ---------   d-----w   C:\Documents and Settings\Kamil\Dane aplikacji\BearShare
2008-05-26 18:55   ---------   d-----w   C:\Documents and Settings\Kamil\Dane aplikacji\gtk-2.0
2008-05-23 10:50   ---------   d-----w   C:\Documents and Settings\Kamil\Dane aplikacji\OpenOffice.org2
2008-05-22 10:51   ---------   d-----w   C:\Program Files\Sunbelt Software
2008-05-16 15:32   1,431   ----a-w   C:\WINDOWS\system32\drivers\fwdrv.err
2008-04-29 13:58   ---------   d--h--w   C:\Program Files\InstallShield Installation Information
2008-04-24 14:27   108,144   ----a-w   C:\WINDOWS\system32\CmdLineExt.dll
2008-04-17 17:52   ---------   d-----w   C:\Program Files\OpenOffice.org 2.4
2008-04-17 17:52   ---------   d-----w   C:\Program Files\Java
2008-04-15 11:30   ---------   d-----w   C:\Program Files\ffdshow
2008-04-14 21:16   1,804   ----a-w   C:\WINDOWS\system32\dcache.bin
2008-04-14 20:56   332,288   ----a-w   C:\WINDOWS\system32\netsetup.exe
2008-04-14 20:52   92,424   ----a-w   C:\WINDOWS\system32\rdpdd.dll
2008-04-14 20:52   87,176   ----a-w   C:\WINDOWS\system32\rdpwsx.dll
2008-04-14 20:52   40,840   ----a-w   C:\WINDOWS\system32\drivers\termdd.sys
2008-04-14 20:52   21,896   ----a-w   C:\WINDOWS\system32\drivers\tdtcp.sys
2008-04-14 20:52   139,656   ----a-w   C:\WINDOWS\system32\drivers\rdpwd.sys
2008-04-14 20:52   12,168   ----a-w   C:\WINDOWS\system32\tsddd.dll
2008-04-14 20:52   12,040   ----a-w   C:\WINDOWS\system32\drivers\tdpipe.sys
2008-04-14 20:50   999,936   ----a-w   C:\WINDOWS\system32\syssetup.dll
2008-04-14 20:49   98,304   ----a-w   C:\WINDOWS\system32\actxprxy.dll
2008-04-14 20:48   76,288   ----a-w   C:\WINDOWS\system32\uniime.dll
2008-04-14 20:48   5,632   ----a-w   C:\WINDOWS\system32\wmi.dll
2008-04-14 20:48   1,449,472   ----a-w   C:\WINDOWS\system32\winntbbu.dll
2008-04-14 20:47   57,375   ----a-w   C:\WINDOWS\system32\odbcji32.dll
2008-04-14 20:47   103,424   ----a-w   C:\WINDOWS\system32\dpcdll.dll
2008-04-14 20:43   4,126   ----a-w   C:\WINDOWS\system32\msdxmlc.dll
2008-04-14 20:42   3,584   ----a-w   C:\WINDOWS\system32\msafd.dll
2008-04-14 20:37   811,064   ----a-w   C:\WINDOWS\system32\imjp81k.dll
2008-04-14 20:36   3,584   ----a-w   C:\WINDOWS\system32\icmp.dll
2008-04-14 20:35   9,344   ----a-w   C:\WINDOWS\system32\framebuf.dll
2008-04-14 20:35   569,856   ----a-w   C:\WINDOWS\system32\gpedit.dll
2008-04-14 20:34   7,168   ----a-w   C:\WINDOWS\system32\f3ahvoas.dll
2008-04-14 20:33   3,072   ----a-w   C:\WINDOWS\system32\dpnlobby.dll
2008-04-14 20:33   3,072   ----a-w   C:\WINDOWS\system32\dpnaddr.dll
2008-04-14 20:33   24,064   ----a-w   C:\WINDOWS\system32\pidgen.dll
2008-04-14 20:31   16,896   ----a-w   C:\WINDOWS\system32\cfgmgr32.dll
2008-04-14 20:30   285,696   ----a-w   C:\WINDOWS\system32\atmfd.dll
2008-04-14 20:04   73,472   ----a-w   C:\WINDOWS\system32\drivers\sr.sys
2008-04-14 20:03   80,256   ----a-w   C:\WINDOWS\system32\drivers\parport.sys
2008-04-14 20:03   68,608   ----a-w   C:\WINDOWS\system32\drivers\pci.sys
2008-04-14 20:03   46,848   ----a-w   C:\WINDOWS\system32\drivers\p3.sys
2008-04-14 20:03   120,320   ----a-w   C:\WINDOWS\system32\drivers\pcmcia.sys
2008-04-14 19:59   2,146,816   ----a-w   C:\WINDOWS\system32\ntoskrnl.exe
2008-04-14 19:59   2,025,472   ----a-w   C:\WINDOWS\system32\ntkrnlpa.exe
2008-04-14 19:55   4,096   ----a-w   C:\WINDOWS\system32\dsprpres.dll
2008-04-14 19:52   89,600   ------w   C:\WINDOWS\system32\msxml6r.dll
2008-04-14 19:52   800,000   ----a-w   C:\WINDOWS\system32\drivers\dmboot.sys
2008-04-14 19:52   153,856   ----a-w   C:\WINDOWS\system32\drivers\dmio.sys
2008-04-14 19:50   80,896   ------w   C:\WINDOWS\system32\msshavmsg.dll
2008-04-14 19:50   24,960   ----a-w   C:\WINDOWS\system32\drivers\kbdclass.sys
2008-04-14 19:50   14,720   ----a-w   C:\WINDOWS\system32\drivers\kbdhid.sys
2008-04-14 19:48   37,632   ----a-w   C:\WINDOWS\system32\drivers\isapnp.sys
2008-04-14 19:47   40,832   ----a-w   C:\WINDOWS\system32\drivers\crusoe.sys
2008-04-14 19:46   40,448   ----a-w   C:\WINDOWS\system32\drivers\intelppm.sys
2008-04-14 19:45   49,664   ----a-w   C:\WINDOWS\system32\inetres.dll
2008-04-14 19:45   2,977,792   ----a-w   C:\WINDOWS\system32\wmploc.dll
2008-04-14 19:43   563,200   ----a-w   C:\WINDOWS\system32\shdoclc.dll
2008-04-14 19:41   65,280   ----a-w   C:\WINDOWS\system32\drivers\serial.sys
2008-04-14 19:41   53,248   ----a-w   C:\WINDOWS\system32\drivers\i8042prt.sys
2008-04-14 19:39   25,728   ------w   C:\WINDOWS\system32\drivers\hidbth.sys
2008-04-14 19:39   190,976   ----a-w   C:\WINDOWS\system32\wmerror.dll
2008-04-14 19:37   10,240   ----a-w   C:\WINDOWS\system32\gpkrsrc.dll
2008-04-14 19:35   67,584   ----a-w   C:\WINDOWS\system32\browselc.dll
2008-04-14 19:35   58,880   ----a-w   C:\WINDOWS\system32\drivers\redbook.sys
2008-04-14 19:35   273,920   ------w   C:\WINDOWS\system32\drivers\bthport.sys
2008-04-14 19:35   1,845,888   ----a-w   C:\WINDOWS\system32\win32k.sys
2008-04-14 19:33   44,672   ----a-w   C:\WINDOWS\system32\drivers\fips.sys
2008-04-14 19:31   52,864   ----a-w   C:\WINDOWS\system32\drivers\volsnap.sys
2008-04-14 19:30   701,440   ------w   C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-04-14 19:30   39,936   ----a-w   C:\WINDOWS\system32\drivers\processr.sys
2008-04-14 19:30   327,040   ------w   C:\WINDOWS\system32\drivers\ati2mtaa.sys
2008-04-14 19:29   8,192   ----a-w   C:\WINDOWS\system32\asferror.dll
2008-04-14 19:28   41,856   ----a-w   C:\WINDOWS\system32\drivers\amdk7.sys
2008-04-14 19:28   41,472   ----a-w   C:\WINDOWS\system32\drivers\amdk6.sys
2008-04-14 19:25   23,296   ----a-w   C:\WINDOWS\system32\drivers\mouclass.sys
2008-04-14 19:24   30,208   ----a-w   C:\WINDOWS\system32\drivers\modem.sys
2008-04-14 19:24   188,544   ----a-w   C:\WINDOWS\system32\drivers\acpi.sys
2008-04-13 22:58   175,744   ----a-w   C:\WINDOWS\system32\drivers\rdbss.sys
2008-04-13 22:51   162,816   ----a-w   C:\WINDOWS\system32\drivers\netbt.sys
2008-04-13 22:50   91,520   ----a-w   C:\WINDOWS\system32\drivers\ndiswan.sys
2008-04-13 22:50   361,344   ----a-w   C:\WINDOWS\system32\drivers\tcpip.sys
2008-04-13 22:50   182,656   ----a-w   C:\WINDOWS\system32\drivers\ndis.sys
2008-04-13 22:49   75,264   ----a-w   C:\WINDOWS\system32\drivers\ipsec.sys
2008-04-13 22:49   51,328   ----a-w   C:\WINDOWS\system32\drivers\rasl2tp.sys
2008-04-13 22:49   48,384   ----a-w   C:\WINDOWS\system32\drivers\raspptp.sys
2008-04-13 22:49   146,048   ----a-w   C:\WINDOWS\system32\drivers\portcls.sys
2008-04-13 22:49   138,112   ----a-w   C:\WINDOWS\system32\drivers\afd.sys
2008-04-13 22:47   83,072   ----a-w   C:\WINDOWS\system32\drivers\wdmaud.sys
2008-04-13 22:47   456,576   ----a-w   C:\WINDOWS\system32\drivers\mrxsmb.sys
2008-04-13 22:47   105,344   ----a-w   C:\WINDOWS\system32\drivers\mup.sys
2008-04-13 22:46   49,536   ----a-w   C:\WINDOWS\system32\drivers\classpnp.sys
2008-04-13 22:46   141,056   ----a-w   C:\WINDOWS\system32\drivers\ks.sys
2008-04-13 22:45   60,800   ----a-w   C:\WINDOWS\system32\drivers\sysaudio.sys
2008-04-13 22:45   574,976   ----a-w   C:\WINDOWS\system32\drivers\ntfs.sys
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 22:51 15360]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-04-23 17:45 22058792]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2008-03-20 12:04 2127296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-11 15:43 7630848]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-08-11 15:43 86016]
"VMSnap3"="C:\WINDOWS\VMSnap3.EXE" [2006-08-30 10:58 49152]
"BigDog303"="C:\WINDOWS\VM303_STI.exe" [ ]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2007-12-21 08:21 1443072]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
TL-WN321G Wireless Utility.lnk - C:\Program Files\TP-LINK\TL-WN321G Wireless Utility\Installer\WINXP\TWCU.exe [2008-01-27 17:32:35 622592]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Kamil^Menu Start^Programy^Autostart^OpenOffice.org 2.4.lnk]
path=C:\Documents and Settings\Kamil\Menu Start\Programy\Autostart\OpenOffice.org 2.4.lnk
backup=C:\WINDOWS\pss\OpenOffice.org 2.4.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2007-06-27 20:03 152872 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDog303]
C:\WINDOWS\VM303_STI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet]
--a------ 2008-03-25 08:38 2196280 C:\Program Files\BitComet\BitComet.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Domino]
--a------ 2006-06-28 17:54 49152 C:\WINDOWS\Domino.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]
--a------ 2008-05-29 21:24 3053056 C:\Program Files\DAP\DAP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverCD]
E:\Run.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2006-02-19 03:41 49152 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
--a------ 2004-08-03 22:32 208952 C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Internet Download Accelerator]
C:\Program Files\IDA\ida.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KMCONFIG]
--a------ 2007-03-06 15:51 212992 C:\Program Files\Keyboard Driver\StartAutorun.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCS Firewall 6]
C:\Program Files\MCS Studios\MCS Firewall 6\mcsfw.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2008-04-14 22:51 1695232 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2006-08-11 15:43 1519616 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
--a------ 2004-08-03 22:32 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
--a------ 2004-08-03 22:32 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
-ra------ 2006-05-16 12:04 2879488 C:\WINDOWS\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Gadu-Gadu\\gg.exe"=
"C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
"C:\\Program Files\\DAP\\DAP.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\\Program Files\\Valve\\hl.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Sunbelt Software\\Personal Firewall 4\\kpf4gui.exe"=
"C:\\Program Files\\Valve\\hlds.exe"=
"C:\\Program Files\\Electronic Arts\\Medal of Honor Airborne\\UnrealEngine3\\Binaries\\MOHA.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7537:TCP"= 7537:TCP:BitComet 7537 TCP
"7537:UDP"= 7537:UDP:BitComet 7537 UDP
"9206:TCP"= 9206:TCP:BitComet 9206 TCP
"9206:UDP"= 9206:UDP:BitComet 9206 UDP
"22132:TCP"= 22132:TCP:BitComet 22132 TCP
"22132:UDP"= 22132:UDP:BitComet 22132 UDP
"18756:TCP"= 18756:TCP:BitComet 18756 TCP
"18756:UDP"= 18756:UDP:BitComet 18756 UDP
"8487:TCP"= 8487:TCP:BitComet 8487 TCP
"8487:UDP"= 8487:UDP:BitComet 8487 UDP
"8809:TCP"= 8809:TCP:BitComet 8809 TCP
"8809:UDP"= 8809:UDP:BitComet 8809 UDP

R0 axwhisky;axwhisky;C:\WINDOWS\system32\DRIVERS\axwhisky.sys [2003-07-02 18:41]
R0 axwskbus;axwskbus;C:\WINDOWS\system32\DRIVERS\axwskbus.sys [2003-07-02 17:49]
R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2005-12-15 18:13]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2005-12-15 18:01]
R2 KMWDSERVICE;Keyboard And Mouse Communication Service;C:\Program Files\Keyboard Driver\KMWDSrv.exe [2007-04-05 11:29]
R3 KMWDFilter;KMWDFilter;C:\WINDOWS\System32\Drivers\KMWDFilter.SYS [2007-03-29 16:00]
R3 vmfilter303;vmfilter303;C:\WINDOWS\system32\drivers\vmfilter303.sys [2006-04-25 10:57]
S2 ip_fw;ipfw kernel-mode driver;C:\Program Files\MCS Studios\MCS Firewall 6\system\ip_fw.sys []
S2 ipfw;ipfw_helper;C:\Program Files\MCS Studios\MCS Firewall 6\system\ipfw.exe []
S3 Bcfilter;Jetico Personal Firewall Network Monitor;C:\WINDOWS\system32\DRIVERS\bcfilter.sys []
S3 BcfilterMP;BcfilterMP;C:\WINDOWS\system32\DRIVERS\bcfilter.sys []
S3 kvpndev;Kerio VPN adapter;C:\WINDOWS\system32\DRIVERS\kvpndrv.sys [2007-08-28 09:48]
S3 kwflower;Kerio WinRoute Firewall Driver - Lower Layer;C:\WINDOWS\system32\DRIVERS\kwflower.sys []
S3 netr73;TL-WN321G Wireless USB Adapter Driver for Vista;C:\WINDOWS\system32\DRIVERS\netr73.sys [2007-01-04 10:41]
S3 Start BT in service;Start BT in service;C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe [2007-04-21 15:54]

.
Contents of the 'Scheduled Tasks' folder
"2008-05-12 06:54:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-30 11:56:08
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  BigDog303 = C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)????????????????0?????????@??????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-05-30 11:57:26
ComboFix-quarantined-files.txt  2008-05-30 09:57:21

Pre-Run: 5,618,266,112 bajtów wolnych
Post-Run: 5,602,607,104 bajtów wolnych

298   --- E O F ---   2008-05-16 10:21:20


[huber2t]

Bardzo dokładnie zoptymalizuj autostart i będzie ok

[adamsio]

Z Autostartem ma wszystko ok, komp włącza sie szybko, ale później wolno chodzi.

Zrobie niedługo formata i bedzie git ;]