prośba o sprawdzenie loga/ znikające savy i zawiasy

[Jagla]

Witam, chciałbym dać tu loga do sprawdzenia ponieważ ostatnio nie pokoji mnie kilka rzeczy
- przed wczoraj nagle mialem uszkodzone savy z jednej gry a na nastepny dzien z drugiej
- dzisiaj resetujac kompa po zwisie podczas tego powitania komp zawieszal sie tak ze nie moglem nic zrobic i musialem resetowac...pomoglo wylaczenie kompa, odpiecie od pradu, podpiecie do pradu i wlaczenie
- Mam wrażenie że w moim kompie jest za dużo zbędnych procesów oraz że czasami troszkę za długo pracuje niż powinien ponieważ jest świeżutko zakupiony więc mnie to troche martwi
- i wogole chcialem prosic o sprawdzenie loga

aha jeszcze jedno. jak wlaczalem combofixa wyskakiwaly jakies komunikaty a kiedys tego nie mialem

Kod: Zaznacz wszystko

 ComboFix 08-01-23.2 - Maciekk 2008-01-24 15:44:29.4 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Professional  5.1.2600.2.1250.1.1045.18.1465 [GMT 1:00]
Running from: C:\Documents and Settings\Maciekk\Pulpit\ComboFix.exe
 * Created a new restore point

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

(((((((((((((((((((((((((   Files Created from 2007-12-24 to 2008-01-24  )))))))))))))))))))))))))))))))
.

2008-01-24 15:43 . 2000-08-31 08:00   51,200   --a------   C:\WINDOWS\Nircmd.exe
2008-01-24 15:14 . 2008-01-24 15:14   <DIR>   d--hs----   C:\FOUND.009
2008-01-24 15:02 . 2008-01-24 15:02   <DIR>   d--hs----   C:\FOUND.008
2008-01-22 18:01 . 2008-01-22 18:01   <DIR>   d--hs----   C:\FOUND.007
2008-01-21 15:15 . 2008-01-21 15:15   <DIR>   d--hs----   C:\FOUND.006
2008-01-21 15:01 . 2008-01-21 15:01   <DIR>   d--hs----   C:\FOUND.005
2008-01-20 09:34 . 2008-01-20 09:34   <DIR>   d--hs----   C:\FOUND.004
2008-01-17 20:23 . 2008-01-17 20:23   <DIR>   d--hs----   C:\FOUND.003
2008-01-17 10:47 . 2008-01-17 10:47   427   --a------   C:\WINDOWS\ODBC.INI
2008-01-17 10:44 . 2008-01-17 10:44   <DIR>   d--------   C:\WINDOWS\ShellNew
2008-01-16 19:40 . 2008-01-16 19:40   <DIR>   d--------   C:\Program Files\Ulead Systems
2008-01-16 19:40 . 2008-01-16 19:40   <DIR>   d--------   C:\Program Files\Common Files\Ulead Systems
2008-01-16 19:40 . 2001-12-19 15:47   49,152   ---------   C:\WINDOWS\system32\TempDel.EXE
2008-01-16 19:40 . 2005-01-06 16:55   9,446   --a------   C:\WINDOWS\system32\drivers\WFIOCTL.sys
2008-01-16 19:40 . 2002-06-03 23:01   8,734   --a------   C:\WINDOWS\system32\WFSch.ICO
2008-01-16 19:35 . 2008-01-16 19:35   <DIR>   d--------   C:\WINDOWS\system32\WinFox
2008-01-16 19:35 . 2008-01-16 19:35   <DIR>   d--------   C:\WINDOWS\system32\WinFast
2008-01-16 19:35 . 2003-09-05 09:57   9,469   --a------   C:\WINDOWS\system32\drivers\WINFOXIO.sys
2008-01-15 22:49 . 2008-01-15 22:49   <DIR>   d--------   C:\WINDOWS\ERUNT
2008-01-14 22:03 . 2008-01-14 22:03   <DIR>   d--------   C:\Program Files\Abbyy FineReader 6.0 Sprint
2008-01-14 22:02 . 2008-01-14 22:02   <DIR>   d--------   C:\Program Files\Lx_cats
2008-01-14 22:02 . 2008-01-14 22:02   <DIR>   d--------   C:\Program Files\Lexmark Fax Solutions
2008-01-14 22:02 . 2003-03-11 18:26   339,968   --a------   C:\WINDOWS\system32\IMGMAN32.DLL
2008-01-14 22:02 . 2003-03-11 18:26   98,345   --a------   C:\WINDOWS\system32\IMHOST32.DLL
2008-01-14 22:02 . 2003-03-11 18:26   98,304   --a------   C:\WINDOWS\system32\IM31XPNG.DEL
2008-01-14 22:02 . 2003-03-11 18:26   69,632   --a------   C:\WINDOWS\system32\IM31XTIF.DEL
2008-01-14 22:02 . 2003-03-11 18:26   49,152   --a------   C:\WINDOWS\system32\IM31IMG.DIL
2008-01-14 22:02 . 2005-07-12 10:33   32,768   --a------   C:\WINDOWS\system32\LXPRMON.DLL
2008-01-14 22:02 . 2008-01-14 22:03   23,029   --a------   C:\WINDOWS\system32\LexFiles.ulf
2008-01-14 22:02 . 2005-07-12 10:33   20,480   --a------   C:\WINDOWS\system32\LXPMONUI.DLL
2008-01-14 22:02 . 2005-07-12 10:37   12,288   --a------   C:\WINDOWS\system32\LXPMONRC.DLL
2008-01-14 22:01 . 2004-08-03 23:08   31,616   --a------   C:\WINDOWS\system32\drivers\usbccgp.sys
2008-01-14 22:01 . 2004-08-03 23:08   31,616   --a------   C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-01-14 22:01 . 2004-08-03 23:01   25,856   --a------   C:\WINDOWS\system32\drivers\usbprint.sys
2008-01-14 22:01 . 2004-08-03 23:01   25,856   --a------   C:\WINDOWS\system32\dllcache\usbprint.sys
2008-01-14 21:56 . 2008-01-14 21:56   <DIR>   d--------   C:\Temp\{9F5FBC24-EFE2-4f90-B498-EC0FB7D47D15}
2008-01-14 21:56 . 2008-01-14 21:56   <DIR>   d--------   C:\Temp
2008-01-14 21:56 . 2008-01-14 21:56   <DIR>   d--------   C:\Program Files\Lexmark 3300 Series
2008-01-14 21:56 . 2001-10-26 17:29   87,040   --a------   C:\WINDOWS\system32\wiafbdrv.dll
2008-01-14 21:56 . 2001-10-26 17:29   87,040   --a------   C:\WINDOWS\system32\dllcache\wiafbdrv.dll
2008-01-14 21:56 . 2004-08-03 22:58   15,104   --a------   C:\WINDOWS\system32\drivers\usbscan.sys
2008-01-14 21:56 . 2004-08-03 22:58   15,104   --a------   C:\WINDOWS\system32\dllcache\usbscan.sys
2008-01-13 17:38 . 2008-01-13 17:38   <DIR>   d--------   C:\Program Files\Common Files\Wise Installation Wizard
2008-01-13 17:26 . 2008-01-13 17:26   <DIR>   d--------   C:\Program Files\Common Files\Nero
2008-01-13 17:23 . 2008-01-13 17:23   <DIR>   d--------   C:\WINDOWS\system32\LogFiles
2008-01-13 16:33 . 2008-01-13 16:33   <DIR>   d--hs----   C:\FOUND.002
2008-01-13 16:17 . 2008-01-14 22:01   14   --ah-----   C:\WINDOWS\mmax.ini
2008-01-13 16:16 . 2008-01-14 21:59   41,472   --a------   C:\WINDOWS\mmhr.exe
2008-01-13 16:16 . 2008-01-14 22:01   13   --ah-----   C:\WINDOWS\mmax_reco.ini
2008-01-13 16:15 . 2008-01-14 21:59   41,472   --a------   C:\WINDOWS\mm_tmphr.exe
2008-01-13 16:15 . 2008-01-14 22:00   4   --a------   C:\WINDOWS\c.pid
2008-01-13 16:14 . 2008-01-13 16:14   59,392   --a------   C:\WINDOWS\system32\2360078
2008-01-13 16:14 . 2008-01-13 16:14   37,632   --a------   C:\WINDOWS\system32\drivers\ntio922.sys
2008-01-13 16:14 . 2008-01-13 16:14   7,040   --a------   C:\WINDOWS\system32\drivers\ndisaluo.sys
2008-01-13 15:18 . 2008-01-13 15:34   715,248   --a------   C:\WINDOWS\system32\drivers\sptd.sys
2008-01-13 15:04 . 2008-01-13 15:04   278,984   --a------   C:\WINDOWS\system32\drivers\atksgt.sys
2008-01-13 15:04 . 2008-01-13 15:04   25,416   --a------   C:\WINDOWS\system32\drivers\lirsgt.sys
2008-01-11 17:36 . 2004-08-03 23:10   61,056   --a------   C:\WINDOWS\system32\drivers\ohci1394.sys
2008-01-11 17:36 . 2004-08-03 23:10   61,056   --a------   C:\WINDOWS\system32\dllcache\ohci1394.sys
2008-01-11 17:36 . 2004-08-03 23:10   53,248   --a------   C:\WINDOWS\system32\drivers\1394bus.sys
2008-01-11 17:36 . 2004-08-03 23:10   53,248   --a------   C:\WINDOWS\system32\dllcache\1394bus.sys
2008-01-11 17:36 . 2001-08-17 21:46   6,400   --a------   C:\WINDOWS\system32\drivers\enum1394.sys
2008-01-11 17:36 . 2001-08-17 21:46   6,400   --a------   C:\WINDOWS\system32\dllcache\enum1394.sys
2008-01-11 13:34 . 2008-01-11 13:34   <DIR>   d--------   C:\Program Files\Common Files\Adobe
2008-01-11 13:33 . 2008-01-11 13:33   <DIR>   d--------   C:\WINDOWS\Cache
2008-01-10 18:22 . 2004-08-03 23:08   26,496   --a------   C:\WINDOWS\system32\dllcache\usbstor.sys
2008-01-10 15:52 . 2004-08-03 23:14   359,040   --a------   C:\WINDOWS\system32\drivers\tcpip.sys.flg
2008-01-10 08:38 . 2008-01-10 08:38   108,144   --a------   C:\WINDOWS\system32\CmdLineExt.dll
2008-01-09 21:41 . 2008-01-09 21:41   <DIR>   d--------   C:\WINDOWS\Sun
2008-01-09 21:41 . 2007-09-24 23:31   69,632   --a------   C:\WINDOWS\system32\javacpl.cpl
2008-01-09 21:40 . 2008-01-09 21:41   <DIR>   d--------   C:\Program Files\Java
2008-01-09 21:39 . 2008-01-09 21:39   <DIR>   d--------   C:\Program Files\Common Files\Java
2008-01-09 21:33 . 2008-01-19 20:02   1,477   --a------   C:\WINDOWS\mozver.dat
2008-01-09 20:40 . 2008-01-09 20:40   0   --a------   C:\WINDOWS\nsreg.dat
2008-01-09 20:31 . 2008-01-09 20:31   <DIR>   d--------   C:\WINDOWS\system32\Lang
2008-01-09 20:31 . 2008-01-09 20:31   940,794   --a------   C:\WINDOWS\system32\LoopyMusic.wav
2008-01-09 20:31 . 2008-01-09 20:31   146,650   --a------   C:\WINDOWS\system32\BuzzingBee.wav
2008-01-09 20:29 . 2008-01-09 20:29   <DIR>   d--------   C:\WINDOWS\system32\DRVSTORE
2008-01-09 20:29 . 2008-01-09 20:29   <DIR>   d--------   C:\Program Files\Realtek
2008-01-09 20:29 . 2008-01-09 20:29   <DIR>   d--h-----   C:\Program Files\InstallShield Installation Information
2008-01-09 20:29 . 2008-01-09 20:29   <DIR>   d--------   C:\Program Files\DIFX
2008-01-09 20:28 . 2008-01-09 20:28   <DIR>   d--hs----   C:\FOUND.000
2008-01-09 20:22 . 2008-01-09 20:22   <DIR>   d--------   C:\Program Files\Yahoo!
2008-01-09 20:22 . 2006-11-07 14:58   356,352   --a------   C:\WINDOWS\system32\nvunrm.exe
2008-01-09 20:22 . 2006-10-05 16:35   356,352   ---------   C:\WINDOWS\system32\nvuide.exe
2008-01-09 20:22 . 2006-10-19 09:36   3,903   --a------   C:\WINDOWS\system32\nvnrm.nvu
2008-01-09 20:22 . 2006-10-24 13:13   1,732   --a------   C:\WINDOWS\system32\drivers\nvphy.bin
2008-01-09 20:22 . 2006-09-11 15:14   1,570   ---------   C:\WINDOWS\system32\nvide.nvu
2008-01-09 20:21 . 2008-01-09 20:31   15,600   --a------   C:\WINDOWS\gdrv.sys
2008-01-09 20:13 . 2008-01-24 15:44   559   --a------   C:\WINDOWS\DFC.INI
2008-01-09 20:10 . 2008-01-09 20:10   <DIR>   d--------   C:\WINDOWS\nview
2008-01-09 20:10 . 2007-09-16 18:07   356,352   --a------   C:\WINDOWS\system32\nvudisp.exe
2008-01-09 20:10 . 2008-01-09 20:13   138,893   --a------   C:\WINDOWS\system32\nvapps.xml
2008-01-09 20:10 . 2007-09-16 18:07   17,525   --a------   C:\WINDOWS\system32\nvdisp.nvu
2008-01-09 20:09 . 2008-01-09 20:09   <DIR>   d--------   C:\Program Files\Common Files\InstallShield
2008-01-09 20:08 . 2007-10-12 15:14   3,734,536   --a------   C:\WINDOWS\system32\d3dx9_36.dll
2008-01-09 20:07 . 2008-01-09 20:07   <DIR>   d--------   C:\Program Files\VDOTool
2008-01-09 20:07 . 2007-03-16 10:11   12,256   --a------   C:\WINDOWS\system32\drivers\TBPanel.sys
2008-01-09 20:06 . 2008-01-09 20:06   <DIR>   d--hs----   C:\Recycled
2008-01-09 20:01 . 2008-01-09 20:01   <DIR>   d--h-----   C:\Program Files\Uninstall Information

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-13 15:27   9,216   ----a-w   C:\WINDOWS\system32\clipsrv.exe
2008-01-13 15:22   9,216   ----a-w   C:\WINDOWS\system32\alg.exe.tmp
2008-01-09 19:29   315,392   ----a-w   C:\WINDOWS\HideWin.exe
2008-01-09 18:55   ---------   d-----w   C:\Program Files\microsoft frontpage
2008-01-09 18:54   ---------   d-----w   C:\Program Files\Usługi online
2007-12-13 18:09   972,072   ----a-w   C:\WINDOWS\UNNeroMediaHome.exe
2007-12-04 08:59   972,072   ----a-w   C:\WINDOWS\UNRecode.exe
2007-12-03 17:04   95,600   ----a-w   C:\WINDOWS\system32\NeroCo.dll
.

(((((((((((((((((((((((((((((   snapshot_2008-01-21_15.08.39,54   )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-21 14:07:44   229,376   ----a-w   C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\ntuser.dat
+ 2008-01-24 14:44:24   229,376   ----a-w   C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\ntuser.dat
- 2008-01-21 14:07:44   8,192   ----a-w   C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-24 14:44:24   8,192   ----a-w   C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-21 14:07:44   233,472   ----a-w   C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\ntuser.dat
+ 2008-01-24 14:44:24   233,472   ----a-w   C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\ntuser.dat
- 2008-01-21 14:07:44   8,192   ----a-w   C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-24 14:44:24   8,192   ----a-w   C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-21 14:07:44   1,437,696   ----a-w   C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\ntuser.dat
+ 2008-01-24 14:44:24   2,048,000   ----a-w   C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\ntuser.dat
- 2008-01-21 14:07:44   147,456   ----a-w   C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-24 14:44:26   147,456   ----a-w   C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
- 2008-01-13 13:05:12   9,662   ----a-r   C:\WINDOWS\Installer\{000E79B7-E725-4F01-870A-C12942B7F8E4}\ARPPRODUCTICON.exe
+ 2008-01-23 13:48:30   9,662   ----a-r   C:\WINDOWS\Installer\{000E79B7-E725-4F01-870A-C12942B7F8E4}\ARPPRODUCTICON.exe
- 2008-01-13 13:05:12   10,134   ----a-r   C:\WINDOWS\Installer\{000E79B7-E725-4F01-870A-C12942B7F8E4}\checkForUpdatesSC_000E79B7E7254F01870AC12942B7F8E4.exe
+ 2008-01-23 13:48:30   10,134   ----a-r   C:\WINDOWS\Installer\{000E79B7-E725-4F01-870A-C12942B7F8E4}\checkForUpdatesSC_000E79B7E7254F01870AC12942B7F8E4.exe
- 2008-01-13 13:05:12   10,134   ----a-r   C:\WINDOWS\Installer\{000E79B7-E725-4F01-870A-C12942B7F8E4}\visitWebsite_000E79B7E7254F01870AC12942B7F8E4.exe
+ 2008-01-23 13:48:30   10,134   ----a-r   C:\WINDOWS\Installer\{000E79B7-E725-4F01-870A-C12942B7F8E4}\visitWebsite_000E79B7E7254F01870AC12942B7F8E4.exe
- 2008-01-21 14:06:26   16,384   ----a-w   C:\WINDOWS\Temp\Perflib_Perfdata_54c.dat
+ 2008-01-24 14:15:28   16,384   ----a-w   C:\WINDOWS\Temp\Perflib_Perfdata_54c.dat
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44 15360]
"Gadu-Gadu"="E:\Gadu-Gadu\gg.exe" [2007-11-14 11:54 2131392]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 00:55 1667584]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-13 19:10 1688872]
"DAEMON Tools Lite"="e:\DAEMON Tools Lite\daemon.exe" [2008-01-03 14:54 486856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gainward"="C:\Program Files\VDOTool\TBPanel.exe" [2007-11-01 13:25 2165272]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-09-16 18:07 8491008]
"nwiz"="nwiz.exe" [2007-09-16 18:07 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-09-16 18:07 81920]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-05 09:08 16380416 C:\WINDOWS\RTHDCPL.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"Flashget"="e:\FlashGet\FlashGet.exe" [2007-09-25 09:10 2007088]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57 153136]
"NBKeyScan"="E:\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 14:21 2213160]
"lxccmon.exe"="C:\Program Files\Lexmark 3300 Series\lxccmon.exe" [2005-07-21 01:17 192512]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2005-07-12 10:36 299008]
"WinFast Schedule"="e:\TV\WFWIZ.exe" [2005-03-02 13:21 278528]
"WinampAgent"="E:\Winamp\winampa.exe" [2007-12-20 16:16 37376]
"LXCCCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll" [2005-07-20 14:44 73728]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:44 15360]
"win32"="C:\WINDOWS\System32\drivers\win32.exe" [ ]
"nv"="C:\Documents and Settings\LocalService\desktop.exe" [ ]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 21:05:56 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\partnershipreg]
C:\Documents and Settings\All Users\Dokumenty\Settings\partnership.dll 2008-01-13 16:13 13980 C:\Documents and Settings\All Users\Dokumenty\Settings\partnership.dll

R2 WF23880;WinFast TV2000/DV2000 WDM Video Capture.;C:\WINDOWS\system32\drivers\wf88vcap.sys [2004-10-18 11:25]
R2 WF88XBAR;WinFast TV2000/DV2000 WDM Crossbar.;C:\WINDOWS\system32\drivers\WF88XBAR.sys [2004-10-18 11:25]
R2 WFTUNE;WinFast TV2000/DV2000 WDM Tuner.;C:\WINDOWS\system32\drivers\WF88TUNE.sys [2004-10-18 11:25]
R3 WFIOCTL;WFIOCTL;e:\TV\WFIOCTL.SYS [2005-01-06 16:55]
S3 gdrv;gdrv;C:\WINDOWS\gdrv.sys [2008-01-09 20:31]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-24 15:45:07
Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  LXCCCATS = rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\Documents and Settings\All Users\Dokumenty\Settings\partnership.dll
.


[Jagla]

Dodaje jeszcze loga z hijackthis:

Kod: Zaznacz wszystko

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:06, on 2008-01-24
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
E:\Ad-Aware 2007\aawservice.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\VDOTool\TBPanel.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Lexmark 3300 Series\lxccmon.exe
E:\TV\WFWIZ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\lxcccoms.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
E:\Gadu-Gadu\gg.exe
E:\Gadu-Gadu\gg.exe
C:\WINDOWS\system32\wscntfy.exe
E:\TV\WFTV.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
e:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.bearshare.com/pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - e:\FlashGet\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - e:\FlashGet\getflash.dll
O4 - HKLM\..\Run: [Gainward] C:\Program Files\VDOTool\TBPanel.exe /A
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Flashget] "e:\FlashGet\FlashGet.exe" /min
O4 - HKLM\..\Run: [NBKeyScan] "E:\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [lxccmon.exe] "C:\Program Files\Lexmark 3300 Series\lxccmon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [WinFast Schedule] e:\TV\WFWIZ.exe
O4 - HKLM\..\Run: [WinampAgent] E:\Winamp\winampa.exe
O4 - HKLM\..\Run: [LXCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [BearShare] "E:\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\RunOnce: [My Global Search Uninstall] rundll32 C:\PROGRA~1\UNINST~1.DLL,O -2
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "E:\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [DAEMON Tools Lite] "e:\DAEMON Tools Lite\daemon.exe"
O4 - HKCU\..\RunOnce: [NeroHomeFirstStart] "C:\Program Files\Common Files\Nero\Lib\NMFirstStart.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Download All with FlashGet - E:\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - E:\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - e:\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - e:\FlashGet\FlashGet.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: partnershipreg - C:\Documents and Settings\All Users\Dokumenty\Settings\partnership.dll
O21 - SSODL: PdcoywRN - {203D7CBB-8A97-D611-55FB-C76659B4C12F} - (no file)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - E:\Ad-Aware 2007\aawservice.exe
O23 - Service: lxcc_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcccoms.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - E:\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 5805 bytes


[pp3088]

Wklej do Notatnika:

Folder::
C:\FOUND.009
C:\FOUND.008
C:\FOUND.007
C:\FOUND.006
C:\FOUND.005
C:\FOUND.004
C:\FOUND.003
C:\FOUND.002
C:\FOUND.001
C:\Temp
C:\Program Files\Yahoo!

File::
C:\Documents and Settings\All Users\Dokumenty\Settings\partnership.dll
C:\WINDOWS\System32\drivers\win32.exe
e:\FlashGet\FlashGet.exe
C:\WINDOWS\UNRecode.exe
C:\WINDOWS\HideWin.exe
C:\WINDOWS\system32\alg.exe.tmp
C:\WINDOWS\mm_tmphr.exe
e:\TV\WFWIZ.exe

>>Plik>>Zapisz jako... >>> CFScript (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe)
Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe (czyli ikonkę CFScript.txt na ikonkę ComboFix.exe)
– podobnie jak na tym obrazku -->
Ma się rozpocząć usuwanie. (i powstanie log).
Po restarcie usuń ręcznie folder C: \Qoobox.

Daj ten log, który powstanie w trakcie usuwania.

[Jagla]

O to log:

Kod: Zaznacz wszystko

ComboFix 08-01-23.2 - Maciekk 2008-01-25 15:18:11.5 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Professional  5.1.2600.2.1250.1.1045.18.1668 [GMT 1:00]
Running from: C:\Documents and Settings\Maciekk\Pulpit\ComboFix.exe
Command switches used :: C:\Documents and Settings\Maciekk\Pulpit\CFScript.txt
 * Created a new restore point

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]

FILE
C:\Documents and Settings\All Users\Dokumenty\Settings\partnership.dll
C:\WINDOWS\HideWin.exe
C:\WINDOWS\mm_tmphr.exe
C:\WINDOWS\system32\alg.exe.tmp
C:\WINDOWS\System32\drivers\win32.exe
C:\WINDOWS\UNRecode.exe
e:\FlashGet\FlashGet.exe
e:\TV\WFWIZ.exe
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Dokumenty\Settings\partnership.dll
C:\FOUND.001
C:\FOUND.001\FILE0000.CHK
C:\FOUND.001\FILE0001.CHK
C:\FOUND.002
C:\FOUND.002\FILE0000.CHK
C:\FOUND.002\FILE0001.CHK
C:\FOUND.002\FILE0002.CHK
C:\FOUND.002\FILE0003.CHK
C:\FOUND.002\FILE0004.CHK
C:\FOUND.002\FILE0005.CHK
C:\FOUND.002\FILE0006.CHK
C:\FOUND.002\FILE0007.CHK
C:\FOUND.003
C:\FOUND.003\FILE0000.CHK
C:\FOUND.004
C:\FOUND.004\FILE0000.CHK
C:\FOUND.004\FILE0001.CHK
C:\FOUND.005
C:\FOUND.005\FILE0000.CHK
C:\FOUND.006
C:\FOUND.006\FILE0000.CHK
C:\FOUND.007
C:\FOUND.007\FILE0000.CHK
C:\FOUND.007\FILE0001.CHK
C:\FOUND.007\FILE0002.CHK
C:\FOUND.007\FILE0003.CHK
C:\FOUND.007\FILE0004.CHK
C:\FOUND.008
C:\FOUND.008\FILE0000.CHK
C:\FOUND.009
C:\FOUND.009\FILE0000.CHK
C:\Program Files\myglobalsearch
C:\Program Files\Yahoo!
C:\Program Files\Yahoo!\Companion\Data\dlg_as.html
C:\Program Files\Yahoo!\Companion\Data\dlg_cnf.html
C:\Program Files\Yahoo!\Companion\Data\dlg_opt.html
C:\Program Files\Yahoo!\Companion\Data\dlg_pub.html
C:\Program Files\Yahoo!\Companion\Data\feed4.data
C:\Program Files\Yahoo!\Companion\Icons\1.ico
C:\Program Files\Yahoo!\Companion\Icons\3.ico
C:\Program Files\Yahoo!\Companion\Icons\4.ico
C:\Program Files\Yahoo!\Companion\Icons\yma1.bmp
C:\Program Files\Yahoo!\Companion\Installs\cpn\INSTALL.LOG
C:\Program Files\Yahoo!\Companion\Installs\cpn\pubmod.dll
C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll
C:\Program Files\Yahoo!\Companion\Installs\cpn\ypubc.dll
C:\Temp
C:\WINDOWS\HideWin.exe
C:\WINDOWS\mm_tmphr.exe
C:\WINDOWS\system32\alg.exe.tmp
e:\FlashGet\FlashGet.exe
e:\TV\WFWIZ.exe

.
(((((((((((((((((((((((((   Files Created from 2007-12-25 to 2008-01-25  )))))))))))))))))))))))))))))))
.

2008-01-24 21:30 . 2008-01-24 21:30   3,348   --a------   C:\WINDOWS\nero.INI
2008-01-24 20:22 . 2008-01-24 20:22   0   --a------   C:\WINDOWS\Irremote.ini
2008-01-24 15:43 . 2000-08-31 08:00   51,200   --a------   C:\WINDOWS\Nircmd.exe
2008-01-17 10:47 . 2008-01-17 10:47   427   --a------   C:\WINDOWS\ODBC.INI
2008-01-17 10:44 . 2008-01-17 10:44   <DIR>   d--------   C:\WINDOWS\ShellNew
2008-01-16 19:40 . 2008-01-16 19:40   <DIR>   d--------   C:\Program Files\Ulead Systems
2008-01-16 19:40 . 2008-01-16 19:40   <DIR>   d--------   C:\Program Files\Common Files\Ulead Systems
2008-01-16 19:40 . 2001-12-19 15:47   49,152   ---------   C:\WINDOWS\system32\TempDel.EXE
2008-01-16 19:40 . 2005-01-06 16:55   9,446   --a------   C:\WINDOWS\system32\drivers\WFIOCTL.sys
2008-01-16 19:40 . 2002-06-03 23:01   8,734   --a------   C:\WINDOWS\system32\WFSch.ICO
2008-01-16 19:35 . 2008-01-16 19:35   <DIR>   d--------   C:\WINDOWS\system32\WinFox
2008-01-16 19:35 . 2008-01-16 19:35   <DIR>   d--------   C:\WINDOWS\system32\WinFast
2008-01-16 19:35 . 2003-09-05 09:57   9,469   --a------   C:\WINDOWS\system32\drivers\WINFOXIO.sys
2008-01-15 22:49 . 2008-01-15 22:49   <DIR>   d--------   C:\WINDOWS\ERUNT
2008-01-14 22:03 . 2008-01-14 22:03   <DIR>   d--------   C:\Program Files\Abbyy FineReader 6.0 Sprint
2008-01-14 22:02 . 2008-01-14 22:02   <DIR>   d--------   C:\Program Files\Lx_cats
2008-01-14 22:02 . 2008-01-14 22:02   <DIR>   d--------   C:\Program Files\Lexmark Fax Solutions
2008-01-14 22:02 . 2003-03-11 18:26   339,968   --a------   C:\WINDOWS\system32\IMGMAN32.DLL
2008-01-14 22:02 . 2003-03-11 18:26   98,345   --a------   C:\WINDOWS\system32\IMHOST32.DLL
2008-01-14 22:02 . 2003-03-11 18:26   98,304   --a------   C:\WINDOWS\system32\IM31XPNG.DEL
2008-01-14 22:02 . 2003-03-11 18:26   69,632   --a------   C:\WINDOWS\system32\IM31XTIF.DEL
2008-01-14 22:02 . 2003-03-11 18:26   49,152   --a------   C:\WINDOWS\system32\IM31IMG.DIL
2008-01-14 22:02 . 2005-07-12 10:33   32,768   --a------   C:\WINDOWS\system32\LXPRMON.DLL
2008-01-14 22:02 . 2008-01-14 22:03   23,029   --a------   C:\WINDOWS\system32\LexFiles.ulf
2008-01-14 22:02 . 2005-07-12 10:33   20,480   --a------   C:\WINDOWS\system32\LXPMONUI.DLL
2008-01-14 22:02 . 2005-07-12 10:37   12,288   --a------   C:\WINDOWS\system32\LXPMONRC.DLL
2008-01-14 22:01 . 2004-08-03 23:08   31,616   --a------   C:\WINDOWS\system32\drivers\usbccgp.sys
2008-01-14 22:01 . 2004-08-03 23:08   31,616   --a------   C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-01-14 22:01 . 2004-08-03 23:01   25,856   --a------   C:\WINDOWS\system32\drivers\usbprint.sys
2008-01-14 22:01 . 2004-08-03 23:01   25,856   --a------   C:\WINDOWS\system32\dllcache\usbprint.sys
2008-01-14 21:56 . 2008-01-14 21:56   <DIR>   d--------   C:\Program Files\Lexmark 3300 Series
2008-01-14 21:56 . 2001-10-26 17:29   87,040   --a------   C:\WINDOWS\system32\wiafbdrv.dll
2008-01-14 21:56 . 2001-10-26 17:29   87,040   --a------   C:\WINDOWS\system32\dllcache\wiafbdrv.dll
2008-01-14 21:56 . 2004-08-03 22:58   15,104   --a------   C:\WINDOWS\system32\drivers\usbscan.sys
2008-01-14 21:56 . 2004-08-03 22:58   15,104   --a------   C:\WINDOWS\system32\dllcache\usbscan.sys
2008-01-13 17:38 . 2008-01-13 17:38   <DIR>   d--------   C:\Program Files\Common Files\Wise Installation Wizard
2008-01-13 17:26 . 2008-01-13 17:26   <DIR>   d--------   C:\Program Files\Common Files\Nero
2008-01-13 17:23 . 2008-01-13 17:23   <DIR>   d--------   C:\WINDOWS\system32\LogFiles
2008-01-13 16:17 . 2008-01-14 22:01   14   --ah-----   C:\WINDOWS\mmax.ini
2008-01-13 16:16 . 2008-01-14 21:59   41,472   --a------   C:\WINDOWS\mmhr.exe
2008-01-13 16:16 . 2008-01-14 22:01   13   --ah-----   C:\WINDOWS\mmax_reco.ini
2008-01-13 16:15 . 2008-01-14 22:00   4   --a------   C:\WINDOWS\c.pid
2008-01-13 16:14 . 2008-01-13 16:14   59,392   --a------   C:\WINDOWS\system32\2360078
2008-01-13 16:14 . 2008-01-13 16:14   37,632   --a------   C:\WINDOWS\system32\drivers\ntio922.sys
2008-01-13 16:14 . 2008-01-13 16:14   7,040   --a------   C:\WINDOWS\system32\drivers\ndisaluo.sys
2008-01-13 15:18 . 2008-01-13 15:34   715,248   --a------   C:\WINDOWS\system32\drivers\sptd.sys
2008-01-13 15:04 . 2008-01-13 15:04   278,984   --a------   C:\WINDOWS\system32\drivers\atksgt.sys
2008-01-13 15:04 . 2008-01-13 15:04   25,416   --a------   C:\WINDOWS\system32\drivers\lirsgt.sys
2008-01-11 17:36 . 2004-08-03 23:10   61,056   --a------   C:\WINDOWS\system32\drivers\ohci1394.sys
2008-01-11 17:36 . 2004-08-03 23:10   61,056   --a------   C:\WINDOWS\system32\dllcache\ohci1394.sys
2008-01-11 17:36 . 2004-08-03 23:10   53,248   --a------   C:\WINDOWS\system32\drivers\1394bus.sys
2008-01-11 17:36 . 2004-08-03 23:10   53,248   --a------   C:\WINDOWS\system32\dllcache\1394bus.sys
2008-01-11 17:36 . 2001-08-17 21:46   6,400   --a------   C:\WINDOWS\system32\drivers\enum1394.sys
2008-01-11 17:36 . 2001-08-17 21:46   6,400   --a------   C:\WINDOWS\system32\dllcache\enum1394.sys
2008-01-11 13:34 . 2008-01-11 13:34   <DIR>   d--------   C:\Program Files\Common Files\Adobe
2008-01-11 13:33 . 2008-01-11 13:33   <DIR>   d--------   C:\WINDOWS\Cache
2008-01-10 18:22 . 2004-08-03 23:08   26,496   --a------   C:\WINDOWS\system32\dllcache\usbstor.sys
2008-01-10 15:52 . 2004-08-03 23:14   359,040   --a------   C:\WINDOWS\system32\drivers\tcpip.sys.flg
2008-01-10 08:38 . 2008-01-10 08:38   108,144   --a------   C:\WINDOWS\system32\CmdLineExt.dll
2008-01-09 21:41 . 2008-01-09 21:41   <DIR>   d--------   C:\WINDOWS\Sun
2008-01-09 21:41 . 2007-09-24 23:31   69,632   --a------   C:\WINDOWS\system32\javacpl.cpl
2008-01-09 21:40 . 2008-01-09 21:41   <DIR>   d--------   C:\Program Files\Java
2008-01-09 21:39 . 2008-01-09 21:39   <DIR>   d--------   C:\Program Files\Common Files\Java
2008-01-09 21:33 . 2008-01-19 20:02   1,477   --a------   C:\WINDOWS\mozver.dat
2008-01-09 20:40 . 2008-01-09 20:40   0   --a------   C:\WINDOWS\nsreg.dat
2008-01-09 20:31 . 2008-01-09 20:31   <DIR>   d--------   C:\WINDOWS\system32\Lang
2008-01-09 20:31 . 2008-01-09 20:31   940,794   --a------   C:\WINDOWS\system32\LoopyMusic.wav
2008-01-09 20:31 . 2008-01-09 20:31   146,650   --a------   C:\WINDOWS\system32\BuzzingBee.wav
2008-01-09 20:29 . 2008-01-09 20:29   <DIR>   d--------   C:\WINDOWS\system32\DRVSTORE
2008-01-09 20:29 . 2008-01-09 20:29   <DIR>   d--------   C:\Program Files\Realtek
2008-01-09 20:29 . 2008-01-09 20:29   <DIR>   d--h-----   C:\Program Files\InstallShield Installation Information
2008-01-09 20:29 . 2008-01-09 20:29   <DIR>   d--------   C:\Program Files\DIFX
2008-01-09 20:29 . 2007-07-05 09:08   16,380,416   -r-------   C:\WINDOWS\RTHDCPL.exe
2008-01-09 20:29 . 2007-07-18 12:26   4,547,584   -r-------   C:\WINDOWS\system32\drivers\RtkHDAud.sys
2008-01-09 20:29 . 2006-05-04 09:26   2,808,832   -r-------   C:\WINDOWS\alcwzrd.exe
2008-01-09 20:29 . 2007-06-28 09:44   2,165,760   -r-------   C:\WINDOWS\MicCal.exe
2008-01-09 20:29 . 2007-01-12 09:54   520,192   -r-------   C:\WINDOWS\RtlExUpd.dll
2008-01-09 20:29 . 2005-09-21 03:25   299,008   -r-------   C:\WINDOWS\system32\ALSndMgr.cpl
2008-01-09 20:29 . 2005-05-03 11:43   69,632   -r-------   C:\WINDOWS\Alcmtr.exe
2008-01-09 20:29 . 2006-06-18 23:51   43,520   --a------   C:\WINDOWS\system32\drivers\AmdK8.sys
2008-01-09 20:29 . 2004-11-18 10:42   22,752   --a------   C:\WINDOWS\system32\spupdsvc.exe
2008-01-09 20:22 . 2006-11-07 14:58   356,352   --a------   C:\WINDOWS\system32\nvunrm.exe
2008-01-09 20:22 . 2006-10-05 16:35   356,352   ---------   C:\WINDOWS\system32\nvuide.exe
2008-01-09 20:22 . 2006-10-19 09:36   3,903   --a------   C:\WINDOWS\system32\nvnrm.nvu
2008-01-09 20:22 . 2006-10-24 13:13   1,732   --a------   C:\WINDOWS\system32\drivers\nvphy.bin
2008-01-09 20:22 . 2006-09-11 15:14   1,570   ---------   C:\WINDOWS\system32\nvide.nvu
2008-01-09 20:21 . 2008-01-09 20:31   15,600   --a------   C:\WINDOWS\gdrv.sys
2008-01-09 20:13 . 2008-01-25 15:20   559   --a------   C:\WINDOWS\DFC.INI
2008-01-09 20:10 . 2008-01-09 20:10   <DIR>   d--------   C:\WINDOWS\nview
2008-01-09 20:10 . 2007-09-16 18:07   356,352   --a------   C:\WINDOWS\system32\nvudisp.exe
2008-01-09 20:10 . 2008-01-09 20:13   138,893   --a------   C:\WINDOWS\system32\nvapps.xml
2008-01-09 20:10 . 2007-09-16 18:07   17,525   --a------   C:\WINDOWS\system32\nvdisp.nvu
2008-01-09 20:09 . 2008-01-09 20:09   <DIR>   d--------   C:\Program Files\Common Files\InstallShield
2008-01-09 20:08 . 2007-10-12 15:14   3,734,536   --a------   C:\WINDOWS\system32\d3dx9_36.dll
2008-01-09 20:07 . 2008-01-09 20:07   <DIR>   d--------   C:\Program Files\VDOTool
2008-01-09 20:07 . 2007-03-16 10:11   12,256   --a------   C:\WINDOWS\system32\drivers\TBPanel.sys
2008-01-09 20:06 . 2008-01-09 20:06   <DIR>   d--hs----   C:\Recycled
2008-01-09 20:01 . 2008-01-09 20:01   <DIR>   d--h-----   C:\Program Files\Uninstall Information
2008-01-09 20:00 . 2008-01-09 20:00   <DIR>   d---s----   C:\WINDOWS\system32\Microsoft

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-13 15:27   9,216   ----a-w   C:\WINDOWS\system32\clipsrv.exe
2008-01-09 18:55   ---------   d-----w   C:\Program Files\microsoft frontpage
2008-01-09 18:54   ---------   d-----w   C:\Program Files\Usługi online
.

(((((((((((((((((((((((((((((   snapshot_2008-01-21_15.08.39,54   )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-21 14:07:44   229,376   ----a-w   C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\ntuser.dat
+ 2008-01-25 14:18:06   229,376   ----a-w   C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-21 14:07:44   8,192   ----a-w   C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-25 14:18:06   8,192   ----a-w   C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-21 14:07:44   233,472   ----a-w   C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\ntuser.dat
+ 2008-01-25 14:18:06   233,472   ----a-w   C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
- 2008-01-21 14:07:44   8,192   ----a-w   C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-25 14:18:06   8,192   ----a-w   C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-21 14:07:44   1,437,696   ----a-w   C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\ntuser.dat
+ 2008-01-25 14:18:06   2,048,000   ----a-w   C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
- 2008-01-21 14:07:44   147,456   ----a-w   C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-25 14:18:06   147,456   ----a-w   C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
- 2008-01-13 13:05:12   9,662   ----a-r   C:\WINDOWS\Installer\{000E79B7-E725-4F01-870A-C12942B7F8E4}\ARPPRODUCTICON.exe
+ 2008-01-23 13:48:30   9,662   ----a-r   C:\WINDOWS\Installer\{000E79B7-E725-4F01-870A-C12942B7F8E4}\ARPPRODUCTICON.exe
- 2008-01-13 13:05:12   10,134   ----a-r   C:\WINDOWS\Installer\{000E79B7-E725-4F01-870A-C12942B7F8E4}\checkForUpdatesSC_000E79B7E7254F01870AC12942B7F8E4.exe
+ 2008-01-23 13:48:30   10,134   ----a-r   C:\WINDOWS\Installer\{000E79B7-E725-4F01-870A-C12942B7F8E4}\checkForUpdatesSC_000E79B7E7254F01870AC12942B7F8E4.exe
- 2008-01-13 13:05:12   10,134   ----a-r   C:\WINDOWS\Installer\{000E79B7-E725-4F01-870A-C12942B7F8E4}\visitWebsite_000E79B7E7254F01870AC12942B7F8E4.exe
+ 2008-01-23 13:48:30   10,134   ----a-r   C:\WINDOWS\Installer\{000E79B7-E725-4F01-870A-C12942B7F8E4}\visitWebsite_000E79B7E7254F01870AC12942B7F8E4.exe
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44 15360]
"Gadu-Gadu"="E:\Gadu-Gadu\gg.exe" [2007-11-14 11:54 2131392]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 00:55 1667584]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [ ]
"DAEMON Tools Lite"="e:\DAEMON Tools Lite\daemon.exe" [2008-01-03 14:54 486856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gainward"="C:\Program Files\VDOTool\TBPanel.exe" [2007-11-01 13:25 2165272]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-09-16 18:07 8491008]
"nwiz"="nwiz.exe" [2007-09-16 18:07 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-09-16 18:07 81920]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-05 09:08 16380416 C:\WINDOWS\RTHDCPL.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"Flashget"="e:\FlashGet\FlashGet.exe" [ ]
"NBKeyScan"="E:\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [ ]
"lxccmon.exe"="C:\Program Files\Lexmark 3300 Series\lxccmon.exe" [2005-07-21 01:17 192512]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2005-07-12 10:36 299008]
"WinFast Schedule"="e:\TV\WFWIZ.exe" [ ]
"WinampAgent"="E:\Winamp\winampa.exe" [2007-12-20 16:16 37376]
"BearShare"="E:\BearShare\BearShare.exe" [2006-08-01 17:04 3313664]
"LXCCCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll" [2005-07-20 14:44 73728]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:44 15360]
"win32"="C:\WINDOWS\System32\drivers\win32.exe" [ ]
"nv"="C:\Documents and Settings\LocalService\desktop.exe" [ ]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 21:05:56 65588]

R2 WF23880;WinFast TV2000/DV2000 WDM Video Capture.;C:\WINDOWS\system32\drivers\wf88vcap.sys [2004-10-18 11:25]
R2 WF88XBAR;WinFast TV2000/DV2000 WDM Crossbar.;C:\WINDOWS\system32\drivers\WF88XBAR.sys [2004-10-18 11:25]
R2 WFTUNE;WinFast TV2000/DV2000 WDM Tuner.;C:\WINDOWS\system32\drivers\WF88TUNE.sys [2004-10-18 11:25]
S3 gdrv;gdrv;C:\WINDOWS\gdrv.sys [2008-01-09 20:31]
S3 WFIOCTL;WFIOCTL;e:\TV\WFIOCTL.SYS [2005-01-06 16:55]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-25 15:20:09
Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  LXCCCATS = rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.


ej, jeśli to wszystko, to moge wiedzieć co to było i czym było to spowodowane??

[pp3088]

Wklej do Notatnika:

File::
C:\WINDOWS\mmax.ini
C:\WINDOWS\mmax_reco.ini
C:\WINDOWS\mmax.ini
C:\WINDOWS\System32\drivers\win32.exe
C:\Documents and Settings\LocalService\desktop.exe

Folder::
C:\WINDOWS\system32\2360078

>>Plik>>Zapisz jako... >>> CFScript (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe)
Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe (czyli ikonkę CFScript.txt na ikonkę ComboFix.exe)
– podobnie jak na tym obrazku -
Ma się rozpocząć usuwanie. (i powstanie log).
Po restarcie usuń ręcznie folder C: \Qoobox.

Daj ten log, który powstanie w trakcie usuwania.

Wybacz, ale jestem dzis nieprzytomny.

Co to może być? Wirusy, robaki, praktycznie każdego rodzaju śmieć. Tworzyły się przez niego pliki błędów C:\FOUND.001-00*.

[Jagla]

oto log:

Kod: Zaznacz wszystko

ComboFix 08-01-23.2 - Maciekk 2008-01-25 17:35:53.6 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Professional  5.1.2600.2.1250.1.1045.18.1616 [GMT 1:00]
Running from: C:\Documents and Settings\Maciekk\Pulpit\ComboFix.exe
Command switches used :: C:\Documents and Settings\Maciekk\Pulpit\CFScript.txt
 * Created a new restore point

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]

FILE
C:\Documents and Settings\LocalService\desktop.exe
C:\WINDOWS\mmax.ini
C:\WINDOWS\mmax_reco.ini
C:\WINDOWS\System32\drivers\win32.exe
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\mmax.ini
C:\WINDOWS\mmax_reco.ini
C:\WINDOWS\system32\2360078\

.
(((((((((((((((((((((((((   Files Created from 2007-12-25 to 2008-01-25  )))))))))))))))))))))))))))))))
.

2008-01-25 15:43 . 2008-01-25 15:43   <DIR>   d--------   C:\Program Files\Common Files\Ahead
2008-01-24 21:30 . 2008-01-24 21:30   3,348   --a------   C:\WINDOWS\nero.INI
2008-01-24 20:22 . 2008-01-24 20:22   0   --a------   C:\WINDOWS\Irremote.ini
2008-01-24 15:43 . 2000-08-31 08:00   51,200   --a------   C:\WINDOWS\Nircmd.exe
2008-01-17 10:47 . 2008-01-17 10:47   427   --a------   C:\WINDOWS\ODBC.INI
2008-01-17 10:44 . 2008-01-17 10:44   <DIR>   d--------   C:\WINDOWS\ShellNew
2008-01-16 19:40 . 2008-01-16 19:40   <DIR>   d--------   C:\Program Files\Ulead Systems
2008-01-16 19:40 . 2008-01-16 19:40   <DIR>   d--------   C:\Program Files\Common Files\Ulead Systems
2008-01-16 19:40 . 2001-12-19 15:47   49,152   ---------   C:\WINDOWS\system32\TempDel.EXE
2008-01-16 19:40 . 2005-01-06 16:55   9,446   --a------   C:\WINDOWS\system32\drivers\WFIOCTL.sys
2008-01-16 19:40 . 2002-06-03 23:01   8,734   --a------   C:\WINDOWS\system32\WFSch.ICO
2008-01-16 19:35 . 2008-01-16 19:35   <DIR>   d--------   C:\WINDOWS\system32\WinFox
2008-01-16 19:35 . 2008-01-16 19:35   <DIR>   d--------   C:\WINDOWS\system32\WinFast
2008-01-16 19:35 . 2003-09-05 09:57   9,469   --a------   C:\WINDOWS\system32\drivers\WINFOXIO.sys
2008-01-15 22:49 . 2008-01-15 22:49   <DIR>   d--------   C:\WINDOWS\ERUNT
2008-01-14 22:03 . 2008-01-14 22:03   <DIR>   d--------   C:\Program Files\Abbyy FineReader 6.0 Sprint
2008-01-14 22:02 . 2008-01-14 22:02   <DIR>   d--------   C:\Program Files\Lx_cats
2008-01-14 22:02 . 2008-01-14 22:02   <DIR>   d--------   C:\Program Files\Lexmark Fax Solutions
2008-01-14 22:02 . 2003-03-11 18:26   339,968   --a------   C:\WINDOWS\system32\IMGMAN32.DLL
2008-01-14 22:02 . 2003-03-11 18:26   98,345   --a------   C:\WINDOWS\system32\IMHOST32.DLL
2008-01-14 22:02 . 2003-03-11 18:26   98,304   --a------   C:\WINDOWS\system32\IM31XPNG.DEL
2008-01-14 22:02 . 2003-03-11 18:26   69,632   --a------   C:\WINDOWS\system32\IM31XTIF.DEL
2008-01-14 22:02 . 2003-03-11 18:26   49,152   --a------   C:\WINDOWS\system32\IM31IMG.DIL
2008-01-14 22:02 . 2005-07-12 10:33   32,768   --a------   C:\WINDOWS\system32\LXPRMON.DLL
2008-01-14 22:02 . 2008-01-14 22:03   23,029   --a------   C:\WINDOWS\system32\LexFiles.ulf
2008-01-14 22:02 . 2005-07-12 10:33   20,480   --a------   C:\WINDOWS\system32\LXPMONUI.DLL
2008-01-14 22:02 . 2005-07-12 10:37   12,288   --a------   C:\WINDOWS\system32\LXPMONRC.DLL
2008-01-14 22:01 . 2004-08-03 23:08   31,616   --a------   C:\WINDOWS\system32\drivers\usbccgp.sys
2008-01-14 22:01 . 2004-08-03 23:08   31,616   --a------   C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-01-14 22:01 . 2004-08-03 23:01   25,856   --a------   C:\WINDOWS\system32\drivers\usbprint.sys
2008-01-14 22:01 . 2004-08-03 23:01   25,856   --a------   C:\WINDOWS\system32\dllcache\usbprint.sys
2008-01-14 21:56 . 2008-01-14 21:56   <DIR>   d--------   C:\Program Files\Lexmark 3300 Series
2008-01-14 21:56 . 2001-10-26 17:29   87,040   --a------   C:\WINDOWS\system32\wiafbdrv.dll
2008-01-14 21:56 . 2001-10-26 17:29   87,040   --a------   C:\WINDOWS\system32\dllcache\wiafbdrv.dll
2008-01-14 21:56 . 2004-08-03 22:58   15,104   --a------   C:\WINDOWS\system32\drivers\usbscan.sys
2008-01-14 21:56 . 2004-08-03 22:58   15,104   --a------   C:\WINDOWS\system32\dllcache\usbscan.sys
2008-01-13 17:38 . 2008-01-13 17:38   <DIR>   d--------   C:\Program Files\Common Files\Wise Installation Wizard
2008-01-13 17:26 . 2008-01-13 17:26   <DIR>   d--------   C:\Program Files\Common Files\Nero
2008-01-13 17:23 . 2008-01-13 17:23   <DIR>   d--------   C:\WINDOWS\system32\LogFiles
2008-01-13 16:16 . 2008-01-14 21:59   41,472   --a------   C:\WINDOWS\mmhr.exe
2008-01-13 16:15 . 2008-01-14 22:00   4   --a------   C:\WINDOWS\c.pid
2008-01-13 16:14 . 2008-01-13 16:14   59,392   --a------   C:\WINDOWS\system32\2360078
2008-01-13 16:14 . 2008-01-13 16:14   37,632   --a------   C:\WINDOWS\system32\drivers\ntio922.sys
2008-01-13 16:14 . 2008-01-13 16:14   7,040   --a------   C:\WINDOWS\system32\drivers\ndisaluo.sys
2008-01-13 15:18 . 2008-01-13 15:34   715,248   --a------   C:\WINDOWS\system32\drivers\sptd.sys
2008-01-13 15:04 . 2008-01-13 15:04   278,984   --a------   C:\WINDOWS\system32\drivers\atksgt.sys
2008-01-13 15:04 . 2008-01-13 15:04   25,416   --a------   C:\WINDOWS\system32\drivers\lirsgt.sys
2008-01-11 17:36 . 2004-08-03 23:10   61,056   --a------   C:\WINDOWS\system32\drivers\ohci1394.sys
2008-01-11 17:36 . 2004-08-03 23:10   61,056   --a------   C:\WINDOWS\system32\dllcache\ohci1394.sys
2008-01-11 17:36 . 2004-08-03 23:10   53,248   --a------   C:\WINDOWS\system32\drivers\1394bus.sys
2008-01-11 17:36 . 2004-08-03 23:10   53,248   --a------   C:\WINDOWS\system32\dllcache\1394bus.sys
2008-01-11 17:36 . 2001-08-17 21:46   6,400   --a------   C:\WINDOWS\system32\drivers\enum1394.sys
2008-01-11 17:36 . 2001-08-17 21:46   6,400   --a------   C:\WINDOWS\system32\dllcache\enum1394.sys
2008-01-11 13:34 . 2008-01-11 13:34   <DIR>   d--------   C:\Program Files\Common Files\Adobe
2008-01-11 13:33 . 2008-01-11 13:33   <DIR>   d--------   C:\WINDOWS\Cache
2008-01-10 18:22 . 2004-08-03 23:08   26,496   --a------   C:\WINDOWS\system32\dllcache\usbstor.sys
2008-01-10 15:52 . 2004-08-03 23:14   359,040   --a------   C:\WINDOWS\system32\drivers\tcpip.sys.flg
2008-01-10 08:38 . 2008-01-10 08:38   108,144   --a------   C:\WINDOWS\system32\CmdLineExt.dll
2008-01-09 21:41 . 2008-01-09 21:41   <DIR>   d--------   C:\WINDOWS\Sun
2008-01-09 21:41 . 2007-09-24 23:31   69,632   --a------   C:\WINDOWS\system32\javacpl.cpl
2008-01-09 21:40 . 2008-01-09 21:41   <DIR>   d--------   C:\Program Files\Java
2008-01-09 21:39 . 2008-01-09 21:39   <DIR>   d--------   C:\Program Files\Common Files\Java
2008-01-09 21:33 . 2008-01-19 20:02   1,477   --a------   C:\WINDOWS\mozver.dat
2008-01-09 20:40 . 2008-01-09 20:40   0   --a------   C:\WINDOWS\nsreg.dat
2008-01-09 20:31 . 2008-01-09 20:31   <DIR>   d--------   C:\WINDOWS\system32\Lang
2008-01-09 20:31 . 2008-01-09 20:31   940,794   --a------   C:\WINDOWS\system32\LoopyMusic.wav
2008-01-09 20:31 . 2008-01-09 20:31   146,650   --a------   C:\WINDOWS\system32\BuzzingBee.wav
2008-01-09 20:29 . 2008-01-09 20:29   <DIR>   d--------   C:\WINDOWS\system32\DRVSTORE
2008-01-09 20:29 . 2008-01-09 20:29   <DIR>   d--------   C:\Program Files\Realtek
2008-01-09 20:29 . 2008-01-09 20:29   <DIR>   d--h-----   C:\Program Files\InstallShield Installation Information
2008-01-09 20:29 . 2008-01-09 20:29   <DIR>   d--------   C:\Program Files\DIFX
2008-01-09 20:29 . 2007-07-05 09:08   16,380,416   -r-------   C:\WINDOWS\RTHDCPL.exe
2008-01-09 20:29 . 2007-07-18 12:26   4,547,584   -r-------   C:\WINDOWS\system32\drivers\RtkHDAud.sys
2008-01-09 20:29 . 2006-05-04 09:26   2,808,832   -r-------   C:\WINDOWS\alcwzrd.exe
2008-01-09 20:29 . 2007-06-28 09:44   2,165,760   -r-------   C:\WINDOWS\MicCal.exe
2008-01-09 20:29 . 2007-01-12 09:54   520,192   -r-------   C:\WINDOWS\RtlExUpd.dll
2008-01-09 20:29 . 2005-09-21 03:25   299,008   -r-------   C:\WINDOWS\system32\ALSndMgr.cpl
2008-01-09 20:29 . 2005-05-03 11:43   69,632   -r-------   C:\WINDOWS\Alcmtr.exe
2008-01-09 20:29 . 2006-06-18 23:51   43,520   --a------   C:\WINDOWS\system32\drivers\AmdK8.sys
2008-01-09 20:29 . 2004-11-18 10:42   22,752   --a------   C:\WINDOWS\system32\spupdsvc.exe
2008-01-09 20:22 . 2006-11-07 14:58   356,352   --a------   C:\WINDOWS\system32\nvunrm.exe
2008-01-09 20:22 . 2006-10-05 16:35   356,352   ---------   C:\WINDOWS\system32\nvuide.exe
2008-01-09 20:22 . 2006-10-19 09:36   3,903   --a------   C:\WINDOWS\system32\nvnrm.nvu
2008-01-09 20:22 . 2006-10-24 13:13   1,732   --a------   C:\WINDOWS\system32\drivers\nvphy.bin
2008-01-09 20:22 . 2006-09-11 15:14   1,570   ---------   C:\WINDOWS\system32\nvide.nvu
2008-01-09 20:21 . 2008-01-09 20:31   15,600   --a------   C:\WINDOWS\gdrv.sys
2008-01-09 20:13 . 2008-01-25 17:33   559   --a------   C:\WINDOWS\DFC.INI
2008-01-09 20:10 . 2008-01-09 20:10   <DIR>   d--------   C:\WINDOWS\nview
2008-01-09 20:10 . 2007-09-16 18:07   356,352   --a------   C:\WINDOWS\system32\nvudisp.exe
2008-01-09 20:10 . 2008-01-09 20:13   138,893   --a------   C:\WINDOWS\system32\nvapps.xml
2008-01-09 20:10 . 2007-09-16 18:07   17,525   --a------   C:\WINDOWS\system32\nvdisp.nvu
2008-01-09 20:09 . 2008-01-09 20:09   <DIR>   d--------   C:\Program Files\Common Files\InstallShield
2008-01-09 20:08 . 2007-10-12 15:14   3,734,536   --a------   C:\WINDOWS\system32\d3dx9_36.dll
2008-01-09 20:07 . 2008-01-09 20:07   <DIR>   d--------   C:\Program Files\VDOTool
2008-01-09 20:07 . 2007-03-16 10:11   12,256   --a------   C:\WINDOWS\system32\drivers\TBPanel.sys
2008-01-09 20:06 . 2008-01-09 20:06   <DIR>   d--hs----   C:\Recycled
2008-01-09 20:01 . 2008-01-09 20:01   <DIR>   d--h-----   C:\Program Files\Uninstall Information
2008-01-09 20:00 . 2008-01-09 20:00   <DIR>   d---s----   C:\WINDOWS\system32\Microsoft

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-13 15:27   9,216   ----a-w   C:\WINDOWS\system32\clipsrv.exe
2008-01-09 18:55   ---------   d-----w   C:\Program Files\microsoft frontpage
2008-01-09 18:54   ---------   d-----w   C:\Program Files\Usługi online
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44 15360]
"Gadu-Gadu"="E:\Gadu-Gadu\gg.exe" [2007-11-14 11:54 2131392]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 00:55 1667584]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [ ]
"DAEMON Tools Lite"="e:\DAEMON Tools Lite\daemon.exe" [2008-01-03 14:54 486856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gainward"="C:\Program Files\VDOTool\TBPanel.exe" [2007-11-01 13:25 2165272]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-09-16 18:07 8491008]
"nwiz"="nwiz.exe" [2007-09-16 18:07 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-09-16 18:07 81920]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-05 09:08 16380416 C:\WINDOWS\RTHDCPL.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"Flashget"="e:\FlashGet\FlashGet.exe" [ ]
"NBKeyScan"="E:\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [ ]
"lxccmon.exe"="C:\Program Files\Lexmark 3300 Series\lxccmon.exe" [2005-07-21 01:17 192512]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2005-07-12 10:36 299008]
"WinFast Schedule"="e:\TV\WFWIZ.exe" [ ]
"WinampAgent"="E:\Winamp\winampa.exe" [2007-12-20 16:16 37376]
"BearShare"="E:\BearShare\BearShare.exe" [2006-08-01 17:04 3313664]
"LXCCCATS"="C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\LXCCtime.dll" [2005-07-20 14:44 73728]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:44 15360]
"win32"="C:\WINDOWS\System32\drivers\win32.exe" [ ]
"nv"="C:\Documents and Settings\LocalService\desktop.exe" [ ]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 21:05:56 65588]

R2 WF23880;WinFast TV2000/DV2000 WDM Video Capture.;C:\WINDOWS\system32\drivers\wf88vcap.sys [2004-10-18 11:25]
R2 WF88XBAR;WinFast TV2000/DV2000 WDM Crossbar.;C:\WINDOWS\system32\drivers\WF88XBAR.sys [2004-10-18 11:25]
R2 WFTUNE;WinFast TV2000/DV2000 WDM Tuner.;C:\WINDOWS\system32\drivers\WF88TUNE.sys [2004-10-18 11:25]
S3 gdrv;gdrv;C:\WINDOWS\gdrv.sys [2008-01-09 20:31]
S3 WFIOCTL;WFIOCTL;e:\TV\WFIOCTL.SYS [2005-01-06 16:55]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-25 17:36:31
Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  LXCCCATS = rundll32 C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.

ej a skąd takie gówno sie bierze?

[pp3088]

Wyjątkowo złośliwe dziadostwo nie chce się usunąć.

Zrób tak. start>>uruchom>>msconfig>>zakładka boot.ini>>wybierz safeboot>>robisz reset ręcznie.

Wchodzisz do:
C:\WINDOWS\System32\drivers i usuwasz plik- win32.exe
C:\WINDOWS\mmhr.exe
C:\WINDOWS\system32\2360078
C:\WINDOWS\system32\drivers\ntio922.sys

Piliki usuwasz ręcznie(PPM>>usuń)

ej a skąd takie gówno sie bierze?

Wszędzie już jest. W mailach, na stronach, w plikach.

[Jagla]

Weszłem w system awaryjny twoim sposobem i nie wiem czy dobrze z niego wyszłem. Zaznaczyłem w ogólne żeby właczyło ze wszystkimi usługami i sterownikami i odznaczyłem to co wcześniej dałem. I teraz nie działa mi flash get i wszystkie zakładki znikneły...narazie tyle znalazłem... no ale dobra. Usunołem 3 pliki ale tego win32.exe nie mogłęm znaleść, patrzyłem też na ukrytych i go nie widziałem. Co teraz??loga dać z kąś??I nie wiem jeszcze czy czasem nie usunelas mi czegos z telewizora na kompie (winfast) bo pilot nie dziala xD Chyba że zepsułem coś ja xD



i jeszcze jedno...nie wiem czy to przez usunięcietych badziewi czy coś ale wydaje mi się że komp odużo lepiej chodzi xD

[pp3088]

Tak po krótce, to jestem facetem.

Następna sprawa to Flsahget w tej wersji ma spyware, radziłbym użyć czegoś innego.

e:\TV\WFWIZ.exe wygladał na zawirusowany, więc przeinstaluj ten program do TV.

No i oczywiście nie wiem co z zakładkami i z jakimi.

Logi kontrolne, najlepiej 2.

[Jagla]

aha, to sorry za tą kobiete...


logi(combofix)

Kod: Zaznacz wszystko

ComboFix 08-01-23.1C - Maciekk 2008-01-26  6:51:49.7 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Professional  5.1.2600.2.1250.1.1045.18.1601 [GMT 1:00]
Running from: C:\Documents and Settings\Maciekk\Pulpit\ComboFix.exe

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

(((((((((((((((((((((((((   Files Created from 2007-12-26 to 2008-01-26  )))))))))))))))))))))))))))))))
.

2008-01-25 18:05 . 2008-01-25 18:05   <DIR>   d--------   C:\Program Files\Common Files\LightScribe
2008-01-25 18:02 . 2008-01-25 18:02   <DIR>   d--------   C:\Program Files\Common Files\Ahead
2008-01-24 21:30 . 2008-01-24 21:30   3,348   --a------   C:\WINDOWS\nero.INI
2008-01-24 20:22 . 2008-01-24 20:22   0   --a------   C:\WINDOWS\Irremote.ini
2008-01-24 15:43 . 2000-08-31 08:00   51,200   --a------   C:\WINDOWS\Nircmd.exe
2008-01-17 10:47 . 2008-01-17 10:47   427   --a------   C:\WINDOWS\ODBC.INI
2008-01-17 10:44 . 2008-01-17 10:44   <DIR>   d--------   C:\WINDOWS\ShellNew
2008-01-16 19:40 . 2008-01-16 19:40   <DIR>   d--------   C:\Program Files\Ulead Systems
2008-01-16 19:40 . 2008-01-16 19:40   <DIR>   d--------   C:\Program Files\Common Files\Ulead Systems
2008-01-16 19:40 . 2001-12-19 15:47   49,152   ---------   C:\WINDOWS\system32\TempDel.EXE
2008-01-16 19:40 . 2005-01-06 16:55   9,446   --a------   C:\WINDOWS\system32\drivers\WFIOCTL.sys
2008-01-16 19:40 . 2002-06-03 23:01   8,734   --a------   C:\WINDOWS\system32\WFSch.ICO
2008-01-16 19:35 . 2008-01-16 19:35   <DIR>   d--------   C:\WINDOWS\system32\WinFox
2008-01-16 19:35 . 2008-01-16 19:35   <DIR>   d--------   C:\WINDOWS\system32\WinFast
2008-01-16 19:35 . 2003-09-05 09:57   9,469   --a------   C:\WINDOWS\system32\drivers\WINFOXIO.sys
2008-01-15 22:49 . 2008-01-15 22:49   <DIR>   d--------   C:\WINDOWS\ERUNT
2008-01-14 22:03 . 2008-01-14 22:03   <DIR>   d--------   C:\Program Files\Abbyy FineReader 6.0 Sprint
2008-01-14 22:02 . 2008-01-14 22:02   <DIR>   d--------   C:\Program Files\Lx_cats
2008-01-14 22:02 . 2008-01-14 22:02   <DIR>   d--------   C:\Program Files\Lexmark Fax Solutions
2008-01-14 22:02 . 2003-03-11 18:26   339,968   --a------   C:\WINDOWS\system32\IMGMAN32.DLL
2008-01-14 22:02 . 2003-03-11 18:26   98,345   --a------   C:\WINDOWS\system32\IMHOST32.DLL
2008-01-14 22:02 . 2003-03-11 18:26   98,304   --a------   C:\WINDOWS\system32\IM31XPNG.DEL
2008-01-14 22:02 . 2003-03-11 18:26   69,632   --a------   C:\WINDOWS\system32\IM31XTIF.DEL
2008-01-14 22:02 . 2003-03-11 18:26   49,152   --a------   C:\WINDOWS\system32\IM31IMG.DIL
2008-01-14 22:02 . 2005-07-12 10:33   32,768   --a------   C:\WINDOWS\system32\LXPRMON.DLL
2008-01-14 22:02 . 2008-01-14 22:03   23,029   --a------   C:\WINDOWS\system32\LexFiles.ulf
2008-01-14 22:02 . 2005-07-12 10:33   20,480   --a------   C:\WINDOWS\system32\LXPMONUI.DLL
2008-01-14 22:02 . 2005-07-12 10:37   12,288   --a------   C:\WINDOWS\system32\LXPMONRC.DLL
2008-01-14 22:01 . 2004-08-03 23:08   31,616   --a------   C:\WINDOWS\system32\drivers\usbccgp.sys
2008-01-14 22:01 . 2004-08-03 23:08   31,616   --a------   C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-01-14 22:01 . 2004-08-03 23:01   25,856   --a------   C:\WINDOWS\system32\drivers\usbprint.sys
2008-01-14 22:01 . 2004-08-03 23:01   25,856   --a------   C:\WINDOWS\system32\dllcache\usbprint.sys
2008-01-14 21:56 . 2008-01-14 21:56   <DIR>   d--------   C:\Program Files\Lexmark 3300 Series
2008-01-14 21:56 . 2001-10-26 17:29   87,040   --a------   C:\WINDOWS\system32\wiafbdrv.dll
2008-01-14 21:56 . 2001-10-26 17:29   87,040   --a------   C:\WINDOWS\system32\dllcache\wiafbdrv.dll
2008-01-14 21:56 . 2004-08-03 22:58   15,104   --a------   C:\WINDOWS\system32\drivers\usbscan.sys
2008-01-14 21:56 . 2004-08-03 22:58   15,104   --a------   C:\WINDOWS\system32\dllcache\usbscan.sys
2008-01-13 17:38 . 2008-01-13 17:38   <DIR>   d--------   C:\Program Files\Common Files\Wise Installation Wizard
2008-01-13 17:26 . 2008-01-13 17:26   <DIR>   d--------   C:\Program Files\Common Files\Nero
2008-01-13 17:23 . 2008-01-13 17:23   <DIR>   d--------   C:\WINDOWS\system32\LogFiles
2008-01-13 16:15 . 2008-01-14 22:00   4   --a------   C:\WINDOWS\c.pid
2008-01-13 16:14 . 2008-01-13 16:14   7,040   --a------   C:\WINDOWS\system32\drivers\ndisaluo.sys
2008-01-13 15:18 . 2008-01-13 15:34   715,248   --a------   C:\WINDOWS\system32\drivers\sptd.sys
2008-01-13 15:04 . 2008-01-13 15:04   278,984   --a------   C:\WINDOWS\system32\drivers\atksgt.sys
2008-01-13 15:04 . 2008-01-13 15:04   25,416   --a------   C:\WINDOWS\system32\drivers\lirsgt.sys
2008-01-11 17:36 . 2004-08-03 23:10   61,056   --a------   C:\WINDOWS\system32\drivers\ohci1394.sys
2008-01-11 17:36 . 2004-08-03 23:10   61,056   --a------   C:\WINDOWS\system32\dllcache\ohci1394.sys
2008-01-11 17:36 . 2004-08-03 23:10   53,248   --a------   C:\WINDOWS\system32\drivers\1394bus.sys
2008-01-11 17:36 . 2004-08-03 23:10   53,248   --a------   C:\WINDOWS\system32\dllcache\1394bus.sys
2008-01-11 17:36 . 2001-08-17 21:46   6,400   --a------   C:\WINDOWS\system32\drivers\enum1394.sys
2008-01-11 17:36 . 2001-08-17 21:46   6,400   --a------   C:\WINDOWS\system32\dllcache\enum1394.sys
2008-01-11 13:34 . 2008-01-11 13:34   <DIR>   d--------   C:\Program Files\Common Files\Adobe
2008-01-11 13:33 . 2008-01-11 13:33   <DIR>   d--------   C:\WINDOWS\Cache
2008-01-10 18:22 . 2004-08-03 23:08   26,496   --a------   C:\WINDOWS\system32\dllcache\usbstor.sys
2008-01-10 15:52 . 2004-08-03 23:14   359,040   --a------   C:\WINDOWS\system32\drivers\tcpip.sys.flg
2008-01-10 08:38 . 2008-01-10 08:38   108,144   --a------   C:\WINDOWS\system32\CmdLineExt.dll
2008-01-09 21:41 . 2008-01-09 21:41   <DIR>   d--------   C:\WINDOWS\Sun
2008-01-09 21:41 . 2007-09-24 23:31   69,632   --a------   C:\WINDOWS\system32\javacpl.cpl
2008-01-09 21:40 . 2008-01-09 21:41   <DIR>   d--------   C:\Program Files\Java
2008-01-09 21:39 . 2008-01-09 21:39   <DIR>   d--------   C:\Program Files\Common Files\Java
2008-01-09 21:33 . 2008-01-19 20:02   1,477   --a------   C:\WINDOWS\mozver.dat
2008-01-09 20:40 . 2008-01-09 20:40   0   --a------   C:\WINDOWS\nsreg.dat
2008-01-09 20:31 . 2008-01-09 20:31   <DIR>   d--------   C:\WINDOWS\system32\Lang
2008-01-09 20:31 . 2008-01-09 20:31   940,794   --a------   C:\WINDOWS\system32\LoopyMusic.wav
2008-01-09 20:31 . 2008-01-09 20:31   146,650   --a------   C:\WINDOWS\system32\BuzzingBee.wav
2008-01-09 20:29 . 2008-01-09 20:29   <DIR>   d--------   C:\WINDOWS\system32\DRVSTORE
2008-01-09 20:29 . 2008-01-09 20:29   <DIR>   d--------   C:\Program Files\Realtek
2008-01-09 20:29 . 2008-01-09 20:29   <DIR>   d--h-----   C:\Program Files\InstallShield Installation Information
2008-01-09 20:29 . 2008-01-09 20:29   <DIR>   d--------   C:\Program Files\DIFX
2008-01-09 20:29 . 2007-07-05 09:08   16,380,416   -r-------   C:\WINDOWS\RTHDCPL.exe
2008-01-09 20:29 . 2007-07-18 12:26   4,547,584   -r-------   C:\WINDOWS\system32\drivers\RtkHDAud.sys
2008-01-09 20:29 . 2006-05-04 09:26   2,808,832   -r-------   C:\WINDOWS\alcwzrd.exe
2008-01-09 20:29 . 2007-06-28 09:44   2,165,760   -r-------   C:\WINDOWS\MicCal.exe
2008-01-09 20:29 . 2007-01-12 09:54   520,192   -r-------   C:\WINDOWS\RtlExUpd.dll
2008-01-09 20:29 . 2005-09-21 03:25   299,008   -r-------   C:\WINDOWS\system32\ALSndMgr.cpl
2008-01-09 20:29 . 2005-05-03 11:43   69,632   -r-------   C:\WINDOWS\Alcmtr.exe
2008-01-09 20:29 . 2006-06-18 23:51   43,520   --a------   C:\WINDOWS\system32\drivers\AmdK8.sys
2008-01-09 20:29 . 2004-11-18 10:42   22,752   --a------   C:\WINDOWS\system32\spupdsvc.exe
2008-01-09 20:28 . 2008-01-09 20:28   <DIR>   d--hs----   C:\FOUND.000
2008-01-09 20:22 . 2006-11-07 14:58   356,352   --a------   C:\WINDOWS\system32\nvunrm.exe
2008-01-09 20:22 . 2006-10-05 16:35   356,352   ---------   C:\WINDOWS\system32\nvuide.exe
2008-01-09 20:22 . 2006-10-19 09:36   3,903   --a------   C:\WINDOWS\system32\nvnrm.nvu
2008-01-09 20:22 . 2006-10-24 13:13   1,732   --a------   C:\WINDOWS\system32\drivers\nvphy.bin
2008-01-09 20:22 . 2006-09-11 15:14   1,570   ---------   C:\WINDOWS\system32\nvide.nvu
2008-01-09 20:21 . 2008-01-09 20:31   15,600   --a------   C:\WINDOWS\gdrv.sys
2008-01-09 20:13 . 2008-01-26 06:51   559   --a------   C:\WINDOWS\DFC.INI
2008-01-09 20:10 . 2008-01-09 20:10   <DIR>   d--------   C:\WINDOWS\nview
2008-01-09 20:10 . 2007-09-16 18:07   356,352   --a------   C:\WINDOWS\system32\nvudisp.exe
2008-01-09 20:10 . 2008-01-09 20:13   138,893   --a------   C:\WINDOWS\system32\nvapps.xml
2008-01-09 20:10 . 2007-09-16 18:07   17,525   --a------   C:\WINDOWS\system32\nvdisp.nvu
2008-01-09 20:09 . 2008-01-09 20:09   <DIR>   d--------   C:\Program Files\Common Files\InstallShield
2008-01-09 20:08 . 2007-10-12 15:14   3,734,536   --a------   C:\WINDOWS\system32\d3dx9_36.dll
2008-01-09 20:07 . 2008-01-09 20:07   <DIR>   d--------   C:\Program Files\VDOTool
2008-01-09 20:07 . 2007-03-16 10:11   12,256   --a------   C:\WINDOWS\system32\drivers\TBPanel.sys
2008-01-09 20:06 . 2008-01-09 20:06   <DIR>   d--hs----   C:\Recycled
2008-01-09 20:01 . 2008-01-09 20:01   <DIR>   d--h-----   C:\Program Files\Uninstall Information
2008-01-09 20:00 . 2008-01-09 20:00   <DIR>   d---s----   C:\WINDOWS\system32\Microsoft

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-13 15:27   9,216   ----a-w   C:\WINDOWS\system32\clipsrv.exe
2008-01-09 18:55   ---------   d-----w   C:\Program Files\microsoft frontpage
2008-01-09 18:54   ---------   d-----w   C:\Program Files\Usługi online
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44 15360]
"Gadu-Gadu"="E:\Gadu-Gadu\gg.exe" [2007-11-14 11:54 2131392]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 00:55 1667584]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [ ]
"DAEMON Tools Lite"="e:\DAEMON Tools Lite\daemon.exe" [2008-01-03 14:54 486856]
"LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-07-18 17:55 451872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gainward"="C:\Program Files\VDOTool\TBPanel.exe" [2007-11-01 13:25 2165272]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-09-16 18:07 8491008]
"nwiz"="nwiz.exe" [2007-09-16 18:07 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-09-16 18:07 81920]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-05 09:08 16380416 C:\WINDOWS\RTHDCPL.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"Flashget"="e:\FlashGet\FlashGet.exe" [ ]
"NBKeyScan"="E:\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [ ]
"lxccmon.exe"="C:\Program Files\Lexmark 3300 Series\lxccmon.exe" [2005-07-21 01:17 192512]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2005-07-12 10:36 299008]
"WinFast Schedule"="e:\TV\WFWIZ.exe" [ ]
"WinampAgent"="E:\Winamp\winampa.exe" [2007-12-20 16:16 37376]
"BearShare"="E:\BearShare\BearShare.exe" [2006-08-01 17:04 3313664]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"LXCCCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll" [2005-07-20 14:44 73728]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:44 15360]
"win32"="C:\WINDOWS\System32\drivers\win32.exe" [ ]
"nv"="C:\Documents and Settings\LocalService\desktop.exe" [ ]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 21:05:56 65588]

R2 WF23880;WinFast TV2000/DV2000 WDM Video Capture.;C:\WINDOWS\system32\drivers\wf88vcap.sys [2004-10-18 11:25]
R2 WF88XBAR;WinFast TV2000/DV2000 WDM Crossbar.;C:\WINDOWS\system32\drivers\WF88XBAR.sys [2004-10-18 11:25]
R2 WFTUNE;WinFast TV2000/DV2000 WDM Tuner.;C:\WINDOWS\system32\drivers\WF88TUNE.sys [2004-10-18 11:25]
S3 gdrv;gdrv;C:\WINDOWS\gdrv.sys [2008-01-09 20:31]
S3 WFIOCTL;WFIOCTL;e:\TV\WFIOCTL.SYS [2005-01-06 16:55]


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-26 06:52:22
Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  LXCCCATS = rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-26  6:52:34


log nr2(hijackthis)

Kod: Zaznacz wszystko

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 06:53:53, on 2008-01-26
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
E:\Ad-Aware 2007\aawservice.exe
C:\Program Files\VDOTool\TBPanel.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Lexmark 3300 Series\lxccmon.exe
E:\Winamp\winampa.exe
C:\WINDOWS\system32\ctfmon.exe
E:\Gadu-Gadu\gg.exe
C:\Program Files\Messenger\msmsgs.exe
E:\DAEMON Tools Lite\daemon.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\lxcccoms.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
E:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.bearshare.com/pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - e:\FlashGet\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - e:\FlashGet\getflash.dll
O4 - HKLM\..\Run: [Gainward] C:\Program Files\VDOTool\TBPanel.exe /A
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Flashget] "e:\FlashGet\FlashGet.exe" /min
O4 - HKLM\..\Run: [NBKeyScan] "E:\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [lxccmon.exe] "C:\Program Files\Lexmark 3300 Series\lxccmon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [WinFast Schedule] e:\TV\WFWIZ.exe
O4 - HKLM\..\Run: [WinampAgent] E:\Winamp\winampa.exe
O4 - HKLM\..\Run: [BearShare] "E:\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [LXCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "E:\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [DAEMON Tools Lite] "e:\DAEMON Tools Lite\daemon.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Download All with FlashGet - E:\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - E:\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - e:\FlashGet\FlashGet.exe (file missing)
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - e:\FlashGet\FlashGet.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O21 - SSODL: PdcoywRN - {203D7CBB-8A97-D611-55FB-C76659B4C12F} - (no file)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - E:\Ad-Aware 2007\aawservice.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxcc_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcccoms.exe
O23 - Service: NBService - Nero AG - E:\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 5846 bytes


[pp3088]

W HJT usuń
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.bearshare.com/pl/
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O21 - SSODL: PdcoywRN - {203D7CBB-8A97-D611-55FB-C76659B4C12F} - (no file) [/quote]

2.Odinstaluj Flashgeta.

3.To dziadostwo nadal siedzi C:\WINDOWS\System32\drivers\win32.exe
start uruchom>>regedit>>przechodzisz do tego klucza po kolei
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run
usuwasz pozycje z:
win32

4.Zastosuj [url=ATF Cleaner]http://www.atribune.org/ccount/click.php?id=1[/url]

[Jagla]

usunolem flashgeta, usunolem tego win32, uzylem tego clenera, a nie wiem jak w hijackthis usunac te pliki wiec poprostu tylko puscilem go

log z hijackthis:

Kod: Zaznacz wszystko

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:09:39, on 2008-01-26
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
E:\Ad-Aware 2007\aawservice.exe
C:\Program Files\VDOTool\TBPanel.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Lexmark 3300 Series\lxccmon.exe
E:\Winamp\winampa.exe
C:\WINDOWS\system32\ctfmon.exe
E:\Gadu-Gadu\gg.exe
C:\Program Files\Messenger\msmsgs.exe
E:\DAEMON Tools Lite\daemon.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\lxcccoms.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
e:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.bearshare.com/pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [Gainward] C:\Program Files\VDOTool\TBPanel.exe /A
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Flashget] "e:\FlashGet\FlashGet.exe" /min
O4 - HKLM\..\Run: [NBKeyScan] "E:\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [lxccmon.exe] "C:\Program Files\Lexmark 3300 Series\lxccmon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [WinFast Schedule] e:\TV\WFWIZ.exe
O4 - HKLM\..\Run: [WinampAgent] E:\Winamp\winampa.exe
O4 - HKLM\..\Run: [BearShare] "E:\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [LXCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "E:\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [DAEMON Tools Lite] "e:\DAEMON Tools Lite\daemon.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Download All with FlashGet - E:\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - E:\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - e:\FlashGet\FlashGet.exe (file missing)
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - e:\FlashGet\FlashGet.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O21 - SSODL: PdcoywRN - {203D7CBB-8A97-D611-55FB-C76659B4C12F} - (no file)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - E:\Ad-Aware 2007\aawservice.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxcc_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcccoms.exe
O23 - Service: NBService - Nero AG - E:\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 5710 bytes


i z combo

Kod: Zaznacz wszystko

ComboFix 08-01-23.1C - Maciekk 2008-01-26 14:08:41.8 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Professional  5.1.2600.2.1250.1.1045.18.1627 [GMT 1:00]
Running from: C:\Documents and Settings\Maciekk\Pulpit\ComboFix.exe

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

(((((((((((((((((((((((((   Files Created from 2007-12-26 to 2008-01-26  )))))))))))))))))))))))))))))))
.

2008-01-26 14:04 . 2008-01-26 14:04   69   --a------   C:\WINDOWS\NeroDigital.ini
2008-01-25 18:05 . 2008-01-25 18:05   <DIR>   d--------   C:\Program Files\Common Files\LightScribe
2008-01-25 18:02 . 2008-01-25 18:02   <DIR>   d--------   C:\Program Files\Common Files\Ahead
2008-01-24 21:30 . 2008-01-24 21:30   3,348   --a------   C:\WINDOWS\nero.INI
2008-01-24 20:22 . 2008-01-24 20:22   0   --a------   C:\WINDOWS\Irremote.ini
2008-01-24 15:43 . 2000-08-31 08:00   51,200   --a------   C:\WINDOWS\Nircmd.exe
2008-01-17 10:47 . 2008-01-17 10:47   427   --a------   C:\WINDOWS\ODBC.INI
2008-01-17 10:44 . 2008-01-17 10:44   <DIR>   d--------   C:\WINDOWS\ShellNew
2008-01-16 19:40 . 2008-01-16 19:40   <DIR>   d--------   C:\Program Files\Ulead Systems
2008-01-16 19:40 . 2008-01-16 19:40   <DIR>   d--------   C:\Program Files\Common Files\Ulead Systems
2008-01-16 19:40 . 2001-12-19 15:47   49,152   ---------   C:\WINDOWS\system32\TempDel.EXE
2008-01-16 19:40 . 2005-01-06 16:55   9,446   --a------   C:\WINDOWS\system32\drivers\WFIOCTL.sys
2008-01-16 19:40 . 2002-06-03 23:01   8,734   --a------   C:\WINDOWS\system32\WFSch.ICO
2008-01-16 19:35 . 2008-01-16 19:35   <DIR>   d--------   C:\WINDOWS\system32\WinFox
2008-01-16 19:35 . 2008-01-16 19:35   <DIR>   d--------   C:\WINDOWS\system32\WinFast
2008-01-16 19:35 . 2003-09-05 09:57   9,469   --a------   C:\WINDOWS\system32\drivers\WINFOXIO.sys
2008-01-15 22:49 . 2008-01-15 22:49   <DIR>   d--------   C:\WINDOWS\ERUNT
2008-01-14 22:03 . 2008-01-14 22:03   <DIR>   d--------   C:\Program Files\Abbyy FineReader 6.0 Sprint
2008-01-14 22:02 . 2008-01-14 22:02   <DIR>   d--------   C:\Program Files\Lx_cats
2008-01-14 22:02 . 2008-01-14 22:02   <DIR>   d--------   C:\Program Files\Lexmark Fax Solutions
2008-01-14 22:02 . 2003-03-11 18:26   339,968   --a------   C:\WINDOWS\system32\IMGMAN32.DLL
2008-01-14 22:02 . 2003-03-11 18:26   98,345   --a------   C:\WINDOWS\system32\IMHOST32.DLL
2008-01-14 22:02 . 2003-03-11 18:26   98,304   --a------   C:\WINDOWS\system32\IM31XPNG.DEL
2008-01-14 22:02 . 2003-03-11 18:26   69,632   --a------   C:\WINDOWS\system32\IM31XTIF.DEL
2008-01-14 22:02 . 2003-03-11 18:26   49,152   --a------   C:\WINDOWS\system32\IM31IMG.DIL
2008-01-14 22:02 . 2005-07-12 10:33   32,768   --a------   C:\WINDOWS\system32\LXPRMON.DLL
2008-01-14 22:02 . 2008-01-14 22:03   23,029   --a------   C:\WINDOWS\system32\LexFiles.ulf
2008-01-14 22:02 . 2005-07-12 10:33   20,480   --a------   C:\WINDOWS\system32\LXPMONUI.DLL
2008-01-14 22:02 . 2005-07-12 10:37   12,288   --a------   C:\WINDOWS\system32\LXPMONRC.DLL
2008-01-14 22:01 . 2004-08-03 23:08   31,616   --a------   C:\WINDOWS\system32\drivers\usbccgp.sys
2008-01-14 22:01 . 2004-08-03 23:08   31,616   --a------   C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-01-14 22:01 . 2004-08-03 23:01   25,856   --a------   C:\WINDOWS\system32\drivers\usbprint.sys
2008-01-14 22:01 . 2004-08-03 23:01   25,856   --a------   C:\WINDOWS\system32\dllcache\usbprint.sys
2008-01-14 21:56 . 2008-01-14 21:56   <DIR>   d--------   C:\Program Files\Lexmark 3300 Series
2008-01-14 21:56 . 2001-10-26 17:29   87,040   --a------   C:\WINDOWS\system32\wiafbdrv.dll
2008-01-14 21:56 . 2001-10-26 17:29   87,040   --a------   C:\WINDOWS\system32\dllcache\wiafbdrv.dll
2008-01-14 21:56 . 2004-08-03 22:58   15,104   --a------   C:\WINDOWS\system32\drivers\usbscan.sys
2008-01-14 21:56 . 2004-08-03 22:58   15,104   --a------   C:\WINDOWS\system32\dllcache\usbscan.sys
2008-01-13 17:38 . 2008-01-13 17:38   <DIR>   d--------   C:\Program Files\Common Files\Wise Installation Wizard
2008-01-13 17:26 . 2008-01-13 17:26   <DIR>   d--------   C:\Program Files\Common Files\Nero
2008-01-13 17:23 . 2008-01-13 17:23   <DIR>   d--------   C:\WINDOWS\system32\LogFiles
2008-01-13 16:15 . 2008-01-14 22:00   4   --a------   C:\WINDOWS\c.pid
2008-01-13 16:14 . 2008-01-13 16:14   7,040   --a------   C:\WINDOWS\system32\drivers\ndisaluo.sys
2008-01-13 15:18 . 2008-01-13 15:34   715,248   --a------   C:\WINDOWS\system32\drivers\sptd.sys
2008-01-13 15:04 . 2008-01-13 15:04   278,984   --a------   C:\WINDOWS\system32\drivers\atksgt.sys
2008-01-13 15:04 . 2008-01-13 15:04   25,416   --a------   C:\WINDOWS\system32\drivers\lirsgt.sys
2008-01-11 17:36 . 2004-08-03 23:10   61,056   --a------   C:\WINDOWS\system32\drivers\ohci1394.sys
2008-01-11 17:36 . 2004-08-03 23:10   61,056   --a------   C:\WINDOWS\system32\dllcache\ohci1394.sys
2008-01-11 17:36 . 2004-08-03 23:10   53,248   --a------   C:\WINDOWS\system32\drivers\1394bus.sys
2008-01-11 17:36 . 2004-08-03 23:10   53,248   --a------   C:\WINDOWS\system32\dllcache\1394bus.sys
2008-01-11 17:36 . 2001-08-17 21:46   6,400   --a------   C:\WINDOWS\system32\drivers\enum1394.sys
2008-01-11 17:36 . 2001-08-17 21:46   6,400   --a------   C:\WINDOWS\system32\dllcache\enum1394.sys
2008-01-11 13:34 . 2008-01-11 13:34   <DIR>   d--------   C:\Program Files\Common Files\Adobe
2008-01-11 13:33 . 2008-01-11 13:33   <DIR>   d--------   C:\WINDOWS\Cache
2008-01-10 18:22 . 2004-08-03 23:08   26,496   --a------   C:\WINDOWS\system32\dllcache\usbstor.sys
2008-01-10 15:52 . 2004-08-03 23:14   359,040   --a------   C:\WINDOWS\system32\drivers\tcpip.sys.flg
2008-01-10 08:38 . 2008-01-10 08:38   108,144   --a------   C:\WINDOWS\system32\CmdLineExt.dll
2008-01-09 21:41 . 2008-01-09 21:41   <DIR>   d--------   C:\WINDOWS\Sun
2008-01-09 21:41 . 2007-09-24 23:31   69,632   --a------   C:\WINDOWS\system32\javacpl.cpl
2008-01-09 21:40 . 2008-01-09 21:41   <DIR>   d--------   C:\Program Files\Java
2008-01-09 21:39 . 2008-01-09 21:39   <DIR>   d--------   C:\Program Files\Common Files\Java
2008-01-09 21:33 . 2008-01-19 20:02   1,477   --a------   C:\WINDOWS\mozver.dat
2008-01-09 20:40 . 2008-01-09 20:40   0   --a------   C:\WINDOWS\nsreg.dat
2008-01-09 20:31 . 2008-01-09 20:31   <DIR>   d--------   C:\WINDOWS\system32\Lang
2008-01-09 20:31 . 2008-01-09 20:31   940,794   --a------   C:\WINDOWS\system32\LoopyMusic.wav
2008-01-09 20:31 . 2008-01-09 20:31   146,650   --a------   C:\WINDOWS\system32\BuzzingBee.wav
2008-01-09 20:29 . 2008-01-09 20:29   <DIR>   d--------   C:\WINDOWS\system32\DRVSTORE
2008-01-09 20:29 . 2008-01-09 20:29   <DIR>   d--------   C:\Program Files\Realtek
2008-01-09 20:29 . 2008-01-09 20:29   <DIR>   d--h-----   C:\Program Files\InstallShield Installation Information
2008-01-09 20:29 . 2008-01-09 20:29   <DIR>   d--------   C:\Program Files\DIFX
2008-01-09 20:29 . 2007-07-05 09:08   16,380,416   -r-------   C:\WINDOWS\RTHDCPL.exe
2008-01-09 20:29 . 2007-07-18 12:26   4,547,584   -r-------   C:\WINDOWS\system32\drivers\RtkHDAud.sys
2008-01-09 20:29 . 2006-05-04 09:26   2,808,832   -r-------   C:\WINDOWS\alcwzrd.exe
2008-01-09 20:29 . 2007-06-28 09:44   2,165,760   -r-------   C:\WINDOWS\MicCal.exe
2008-01-09 20:29 . 2007-01-12 09:54   520,192   -r-------   C:\WINDOWS\RtlExUpd.dll
2008-01-09 20:29 . 2005-09-21 03:25   299,008   -r-------   C:\WINDOWS\system32\ALSndMgr.cpl
2008-01-09 20:29 . 2005-05-03 11:43   69,632   -r-------   C:\WINDOWS\Alcmtr.exe
2008-01-09 20:29 . 2006-06-18 23:51   43,520   --a------   C:\WINDOWS\system32\drivers\AmdK8.sys
2008-01-09 20:29 . 2004-11-18 10:42   22,752   --a------   C:\WINDOWS\system32\spupdsvc.exe
2008-01-09 20:28 . 2008-01-09 20:28   <DIR>   d--hs----   C:\FOUND.000
2008-01-09 20:22 . 2006-11-07 14:58   356,352   --a------   C:\WINDOWS\system32\nvunrm.exe
2008-01-09 20:22 . 2006-10-05 16:35   356,352   ---------   C:\WINDOWS\system32\nvuide.exe
2008-01-09 20:22 . 2006-10-19 09:36   3,903   --a------   C:\WINDOWS\system32\nvnrm.nvu
2008-01-09 20:22 . 2006-10-24 13:13   1,732   --a------   C:\WINDOWS\system32\drivers\nvphy.bin
2008-01-09 20:22 . 2006-09-11 15:14   1,570   ---------   C:\WINDOWS\system32\nvide.nvu
2008-01-09 20:21 . 2008-01-09 20:31   15,600   --a------   C:\WINDOWS\gdrv.sys
2008-01-09 20:13 . 2008-01-26 14:06   559   --a------   C:\WINDOWS\DFC.INI
2008-01-09 20:10 . 2008-01-09 20:10   <DIR>   d--------   C:\WINDOWS\nview
2008-01-09 20:10 . 2007-09-16 18:07   356,352   --a------   C:\WINDOWS\system32\nvudisp.exe
2008-01-09 20:10 . 2008-01-09 20:13   138,893   --a------   C:\WINDOWS\system32\nvapps.xml
2008-01-09 20:10 . 2007-09-16 18:07   17,525   --a------   C:\WINDOWS\system32\nvdisp.nvu
2008-01-09 20:09 . 2008-01-09 20:09   <DIR>   d--------   C:\Program Files\Common Files\InstallShield
2008-01-09 20:08 . 2007-10-12 15:14   3,734,536   --a------   C:\WINDOWS\system32\d3dx9_36.dll
2008-01-09 20:07 . 2008-01-09 20:07   <DIR>   d--------   C:\Program Files\VDOTool
2008-01-09 20:07 . 2007-03-16 10:11   12,256   --a------   C:\WINDOWS\system32\drivers\TBPanel.sys
2008-01-09 20:06 . 2008-01-09 20:06   <DIR>   d--hs----   C:\Recycled
2008-01-09 20:01 . 2008-01-09 20:01   <DIR>   d--h-----   C:\Program Files\Uninstall Information
2008-01-09 20:00 . 2008-01-09 20:00   <DIR>   d---s----   C:\WINDOWS\system32\Microsoft

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-13 15:27   9,216   ----a-w   C:\WINDOWS\system32\clipsrv.exe
2008-01-09 18:55   ---------   d-----w   C:\Program Files\microsoft frontpage
2008-01-09 18:54   ---------   d-----w   C:\Program Files\Usługi online
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44 15360]
"Gadu-Gadu"="E:\Gadu-Gadu\gg.exe" [2007-11-14 11:54 2131392]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 00:55 1667584]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [ ]
"DAEMON Tools Lite"="e:\DAEMON Tools Lite\daemon.exe" [2008-01-03 14:54 486856]
"LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-07-18 17:55 451872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gainward"="C:\Program Files\VDOTool\TBPanel.exe" [2007-11-01 13:25 2165272]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-09-16 18:07 8491008]
"nwiz"="nwiz.exe" [2007-09-16 18:07 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-09-16 18:07 81920]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-05 09:08 16380416 C:\WINDOWS\RTHDCPL.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"Flashget"="e:\FlashGet\FlashGet.exe" [ ]
"NBKeyScan"="E:\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [ ]
"lxccmon.exe"="C:\Program Files\Lexmark 3300 Series\lxccmon.exe" [2005-07-21 01:17 192512]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2005-07-12 10:36 299008]
"WinFast Schedule"="e:\TV\WFWIZ.exe" [ ]
"WinampAgent"="E:\Winamp\winampa.exe" [2007-12-20 16:16 37376]
"BearShare"="E:\BearShare\BearShare.exe" [2006-08-01 17:04 3313664]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"LXCCCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll" [2005-07-20 14:44 73728]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:44 15360]
"nv"="C:\Documents and Settings\LocalService\desktop.exe" [ ]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 21:05:56 65588]

R2 WF23880;WinFast TV2000/DV2000 WDM Video Capture.;C:\WINDOWS\system32\drivers\wf88vcap.sys [2004-10-18 11:25]
R2 WF88XBAR;WinFast TV2000/DV2000 WDM Crossbar.;C:\WINDOWS\system32\drivers\WF88XBAR.sys [2004-10-18 11:25]
R2 WFTUNE;WinFast TV2000/DV2000 WDM Tuner.;C:\WINDOWS\system32\drivers\WF88TUNE.sys [2004-10-18 11:25]
S3 gdrv;gdrv;C:\WINDOWS\gdrv.sys [2008-01-09 20:31]
S3 WFIOCTL;WFIOCTL;e:\TV\WFIOCTL.SYS [2005-01-06 16:55]


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-26 14:09:09
Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  LXCCCATS = rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-26 14:09:21


[pp3088]

Jest czysto.

[Jagla]

dzięki za pomoc. Dam ci +