Proszę o sprawdzenie loga z ComboFix

[matias55555]

ComboFix 08-07-17.4 - Matias 2008-07-18 14:17:08.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.198 [GMT 2:00]
Running from: C:\Documents and Settings\Matias\Pulpit\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BMbbcfd717.txt
C:\WINDOWS\system32\aabaKkkj.ini
C:\WINDOWS\system32\aabaKkkj.ini2
C:\WINDOWS\system32\AHPVFfhk.ini
C:\WINDOWS\system32\AHPVFfhk.ini2
C:\WINDOWS\system32\bjatxtwx.ini
C:\WINDOWS\system32\btvqsrga.ini
C:\WINDOWS\system32\clffcdfj.ini
C:\WINDOWS\system32\cqkyyhix.ini
C:\WINDOWS\system32\dnhydjxs.ini
C:\WINDOWS\system32\dviircfy.ini
C:\WINDOWS\system32\dwdatgwf.ini
C:\WINDOWS\system32\faygtelh.ini
C:\WINDOWS\system32\fklxvsta.ini
C:\WINDOWS\system32\fmeqlqph.ini
C:\WINDOWS\system32\gfeeg.ini
C:\WINDOWS\system32\gfeeg.ini2
C:\WINDOWS\system32\hfefiatw.ini
C:\WINDOWS\system32\Hjlnonpo.ini
C:\WINDOWS\system32\Hjlnonpo.ini2
C:\WINDOWS\system32\icaxesjg.ini
C:\WINDOWS\system32\jdnalsgf.ini
C:\WINDOWS\system32\jfooknpe.ini
C:\WINDOWS\system32\joqowuuf.ini
C:\WINDOWS\system32\jqpnchvt.ini
C:\WINDOWS\system32\kbktdajl.ini
C:\WINDOWS\system32\kodttney.ini
C:\WINDOWS\system32\mhkilhiw.ini
C:\WINDOWS\system32\mrydbbkc.ini
C:\WINDOWS\system32\nfpbofmc.ini
C:\WINDOWS\system32\nmmnohee.ini
C:\WINDOWS\system32\nqvbwqfp.ini
C:\WINDOWS\system32\pjlrwxtt.ini
C:\WINDOWS\system32\pvwejkvw.ini
C:\WINDOWS\system32\QsYIkUvw.ini
C:\WINDOWS\system32\QsYIkUvw.ini2
C:\WINDOWS\system32\qwfyohvx.ini
C:\WINDOWS\system32\rekjemkw.ini
C:\WINDOWS\system32\rvbfoocf.ini
C:\WINDOWS\system32\SAJiPqru.ini
C:\WINDOWS\system32\SAJiPqru.ini2
C:\WINDOWS\system32\thvxxxmw.ini
C:\WINDOWS\system32\ubnmogor.ini
C:\WINDOWS\system32\umknfgtq.ini
C:\WINDOWS\system32\umyphkno.ini
C:\WINDOWS\system32\uocpfgpw.ini
C:\WINDOWS\system32\uscihkii.ini
C:\WINDOWS\system32\vetjdvbs.ini
C:\WINDOWS\system32\xurnyhdi.ini
C:\WINDOWS\system32\ynejyamy.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_POWERMANAGER


((((((((((((((((((((((((( Files Created from 2008-06-18 to 2008-07-18 )))))))))))))))))))))))))))))))
.

2008-07-18 14:14 . 2008-07-18 14:14 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-18 13:44 . 2008-07-18 13:44 <DIR> d-------- C:\Program Files\Stardock
2008-07-18 13:44 . 2008-07-18 13:44 <DIR> d-------- C:\Program Files\Common Files\Stardock
2008-07-18 13:44 . 2008-07-18 13:46 162,432 --a------ C:\WINDOWS\system32\drivers\vidstub.sys
2008-07-18 11:13 . 2008-07-18 11:14 <DIR> d-------- C:\WINDOWS\sysutils
2008-07-18 11:09 . 2008-07-18 11:09 19,968 --a------ C:\WINDOWS\system32\tbsrch.dll
2008-07-17 15:49 . 2008-07-17 15:49 5,694 --a------ C:\Sdicon32.ico
2008-07-17 15:45 . 2008-07-17 15:48 <DIR> d-------- C:\Haulin
2008-07-17 11:33 . 2008-07-17 11:35 <DIR> d-------- C:\Documents and Settings\Matias\Dane aplikacji\NewzToolz-EZ
2008-07-15 19:23 . 2008-07-15 19:23 <DIR> d-------- C:\Program Files\Opera
2008-07-15 19:12 . 2008-07-15 19:12 <DIR> d-------- C:\Program Files\SAGEM WiFi manager
2008-07-15 19:12 . 2008-07-15 19:12 <DIR> d-------- C:\Program Files\SAGEM
2008-07-15 13:10 . 2008-07-15 13:11 <DIR> d-------- C:\Program Files\Ares
2008-07-15 10:17 . 2008-07-15 12:32 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-07-15 10:17 . 2007-12-10 13:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-07-15 10:17 . 2007-12-10 13:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-07-15 10:17 . 2008-02-01 11:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-07-15 10:17 . 2007-12-10 13:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-07-14 11:50 . 2008-07-15 09:50 <DIR> d-------- C:\Program Files\Trojan Remover
2008-07-14 11:42 . 2008-07-14 11:51 <DIR> d-------- C:\Documents and Settings\Matias\Dane aplikacji\Simply Super Software
2008-07-14 11:42 . 2008-07-14 11:42 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Simply Super Software
2008-07-14 11:42 . 2006-05-25 15:52 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
2008-07-14 11:42 . 2003-02-02 20:06 153,088 --a------ C:\WINDOWS\system32\unrar3.dll
2008-07-14 11:42 . 2005-08-26 01:50 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll
2008-07-14 11:42 . 2002-03-06 01:00 75,264 --a------ C:\WINDOWS\system32\unacev2.dll
2008-07-14 11:42 . 2006-06-19 13:01 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll
2008-07-13 18:16 . 2008-07-13 18:16 <DIR> d-------- C:\Program Files\ESET
2008-07-13 18:16 . 2008-07-13 18:16 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\ESET
2008-07-12 13:23 . 2008-07-12 14:29 28 --a------ C:\WINDOWS\as.INI
2008-07-11 12:03 . 2008-07-11 12:03 <DIR> d-------- C:\Program Files\Lavasoft
2008-07-11 11:41 . 2008-07-11 11:41 355,584 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe
2008-07-11 11:41 . 2008-05-29 09:28 28,416 --a------ C:\WINDOWS\system32\uxtuneup.dll
2008-07-10 16:46 . 2008-07-10 16:46 259 --a------ C:\WINDOWS\game.ini
2008-07-09 15:34 . 2007-12-04 16:44 23,600 --a------ C:\WINDOWS\system32\drivers\TVICHW32.SYS
2008-07-09 11:52 . 2008-07-09 11:52 <DIR> d-------- C:\Program Files\AskSBar
2008-07-09 11:44 . 2008-07-11 11:23 <DIR> d-------- C:\Program Files\SpeedBit Video Accelerator
2008-07-09 11:44 . 2008-07-09 11:44 172,032 --a------ C:\WINDOWS\system32\AniGIF.ocx
2008-07-08 16:56 . 2008-07-17 11:50 <DIR> d-------- C:\Program Files\GoD
2008-07-08 12:35 . 2008-07-11 11:34 <DIR> d-------- C:\Program Files\AVIcodec
2008-07-08 12:22 . 2008-07-08 12:36 <DIR> d-------- C:\Program Files\Ultra RM Converter
2008-07-08 12:22 . 2007-04-12 14:19 129,024 --a------ C:\WINDOWS\system32\AVERM.dll
2008-07-08 12:08 . 2008-07-08 12:08 50 --a------ C:\WINDOWS\MegaManager.INI
2008-07-08 11:15 . 2008-07-08 11:15 <DIR> d-------- C:\Documents and Settings\Matias\Dane aplikacji\Megaupload
2008-07-07 12:40 . 2007-07-30 19:19 38,232 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-07-07 12:40 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-07-07 12:40 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-07-07 12:40 . 2007-07-30 19:18 21,336 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-07-07 12:21 . 2008-07-07 12:21 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-07-06 16:34 . 2008-07-13 15:30 <DIR> d-------- C:\Program Files\a-squared Anti-Malware
2008-07-06 16:16 . 2008-07-06 16:16 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Adsl Software Ltd
2008-06-24 12:22 . 2008-06-24 12:22 <DIR> d-------- C:\Program Files\SystemRequirementsLab
2008-06-24 12:22 . 2008-06-24 12:22 <DIR> d-------- C:\Documents and Settings\Matias\SystemRequirementsLab
2008-06-23 17:29 . 2008-06-23 17:48 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\FLEXnet
2008-06-22 20:06 . 2000-07-03 11:36 <DIR> d-------- C:\MP3 (www.empe3.net)
2008-06-22 17:07 . 2008-06-22 17:07 <DIR> d-------- C:\Program Files\A-Ray Scanner
2008-06-21 16:18 . 2008-06-21 16:18 58,904 --a------ C:\WINDOWS\system32\azipcontmn.dll
2008-06-21 16:17 . 2008-06-21 16:19 <DIR> d-------- C:\Program Files\AlphaZIP
2008-06-21 16:17 . 2004-03-16 12:02 352,256 --a------ C:\WINDOWS\system32\eSellerateEngine.dll
2008-06-21 16:17 . 2002-07-26 17:02 153,088 --a------ C:\WINDOWS\UNWISE.EXE
2008-06-21 16:17 . 2004-01-28 15:48 43,520 --a------ C:\WINDOWS\system32\ztv_Bh.SFX
2008-06-21 16:17 . 2004-01-28 15:48 39,424 --a------ C:\WINDOWS\system32\ztv_Zip.SFX
2008-06-21 16:17 . 2004-01-28 15:48 39,424 --a------ C:\WINDOWS\system32\ztv_Jar.SFX
2008-06-21 16:17 . 2004-01-28 15:48 38,400 --a------ C:\WINDOWS\system32\ztv_Arj.SFX
2008-06-21 16:17 . 2004-01-28 15:48 37,888 --a------ C:\WINDOWS\system32\ztv_lha.SFX
2008-06-21 16:17 . 2004-01-28 15:48 34,816 --a------ C:\WINDOWS\system32\ztv_ace.SFX
2008-06-21 16:17 . 2004-01-28 15:48 33,792 --a------ C:\WINDOWS\system32\ztv_rar.SFX
2008-06-21 14:17 . 2008-06-21 14:17 <DIR> d-------- C:\WINDOWS\nvidia icons
2008-06-21 14:15 . 2008-05-03 05:46 442,368 --a------ C:\WINDOWS\system32\nvudisp.exe
2008-06-21 14:13 . 2008-04-30 17:27 442,368 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2008-06-18 12:11 . 2008-07-14 18:24 <DIR> d-------- C:\Program Files\TuneUp Utilities 2008
2008-06-18 12:11 . 2008-06-18 12:11 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\TuneUp Software
2008-06-18 11:58 . 2008-06-18 11:58 <DIR> d-------- C:\Program Files\FastStone Image Viewer
2008-06-18 11:57 . 2008-06-18 11:57 <DIR> d-------- C:\Program Files\GIMP-2.0
2008-06-18 11:56 . 2008-06-18 11:56 45 ---h----- C:\WINDOWS\dsez3191.dat
2008-06-18 11:55 . 2008-06-18 11:56 <DIR> d-------- C:\Program Files\PhotoFiltre Studio
2008-06-18 11:54 . 2008-06-18 11:55 <DIR> d-------- C:\Program Files\Hamachi
2008-06-18 11:52 . 2008-06-18 11:52 <DIR> d-------- C:\Program Files\Peer2Mail
2008-06-18 11:52 . 2008-07-12 14:40 <DIR> d-------- C:\Program Files\MoorHunt
2008-06-18 11:51 . 2008-06-18 11:51 <DIR> d-------- C:\Program Files\ToniArts
2008-06-18 11:50 . 2008-06-18 11:50 <DIR> d-------- C:\Program Files\Total Commander
2008-06-18 11:49 . 2008-06-18 11:49 <DIR> d-------- C:\Program Files\uTorrent
2008-06-18 11:48 . 2008-06-18 11:49 <DIR> d-------- C:\Program Files\BitTorrent
2008-06-18 11:48 . 2008-06-18 17:05 <DIR> d-------- C:\Program Files\BitComet
2008-06-18 11:47 . 2008-06-18 11:47 <DIR> d-------- C:\Program Files\MarBit
2008-06-18 11:35 . 2008-06-18 11:35 <DIR> d-------- C:\Program Files\Ashampoo

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-18 12:22 --------- d-----w C:\Documents and Settings\Matias\Dane aplikacji\DNA
2008-07-18 09:53 --------- d---a-w C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2008-07-17 18:22 --------- d-----w C:\Documents and Settings\Matias\Dane aplikacji\MegauploadToolbar
2008-07-17 17:30 --------- d-----w C:\Documents and Settings\Matias\Dane aplikacji\uTorrent
2008-07-15 17:11 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-11 10:03 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Lavasoft
2008-07-11 10:02 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-07-11 09:34 --------- d-----w C:\Program Files\eMule
2008-07-10 18:55 --------- d-----w C:\Program Files\DivX
2008-07-10 08:37 --------- d-----w C:\Program Files\Winamp
2008-07-10 08:36 --------- d-----w C:\Documents and Settings\Matias\Dane aplikacji\Winamp
2008-07-08 10:16 --------- d-----w C:\Program Files\McFunSoft Video Solution
2008-07-08 10:11 --------- d-----w C:\Program Files\Real Alternative
2008-07-08 09:14 --------- d-----w C:\Program Files\MegauploadToolbar
2008-06-24 09:44 --------- d-----w C:\Program Files\Common Files\Adobe
2008-06-20 14:48 11,973 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2008-06-18 15:05 --------- d-----w C:\Documents and Settings\Matias\Dane aplikacji\skypePM
2008-06-18 09:56 --------- d-----w C:\Program Files\Odkurzacz
2008-06-18 09:54 25,280 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
2008-06-18 09:49 --------- d-----w C:\Program Files\DNA
2008-06-18 09:38 --------- d-----w C:\Documents and Settings\Matias\Dane aplikacji\Ashampoo
2008-06-18 08:56 --------- d-----w C:\Program Files\Livebox Reconnect 2.0 Pro
2008-06-18 07:55 --------- d-----w C:\Documents and Settings\Matias\Dane aplikacji\Vso
2008-06-18 07:52 --------- d-----w C:\Documents and Settings\Matias\Dane aplikacji\Skype
2008-06-18 07:25 --------- d-----w C:\Program Files\worldTVRT
2008-06-18 07:25 --------- d-----w C:\Program Files\Winamp Toolbar
2008-06-18 07:23 --------- d-----w C:\Program Files\The All-Seeing Eye
2008-06-18 07:23 --------- d-----w C:\Program Files\Teamspeak2_RC2
2008-06-18 07:23 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-06-18 07:22 --------- d-----w C:\Program Files\San Andreas Mod Installer
2008-06-18 07:22 --------- d-----w C:\Program Files\RDM+
2008-06-18 07:22 --------- d-----w C:\Program Files\PhotoFiltre
2008-06-18 07:20 --------- d-----w C:\Program Files\NAPI-PROJEKT
2008-06-18 07:16 --------- d-----w C:\Program Files\Media Player Classic
2008-06-18 07:14 --------- d-----w C:\Program Files\Gadu-Gadu
2008-06-18 07:09 --------- d-----w C:\Program Files\ArcaMicroScan
2008-06-18 07:08 --------- d-----w C:\Program Files\7-Zip
2008-06-13 19:01 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\vsosdk
2008-06-13 16:19 87,608 ----a-w C:\Documents and Settings\Matias\Dane aplikacji\inst.exe
2008-06-13 16:19 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys
2008-06-13 16:19 47,360 ----a-w C:\Documents and Settings\Matias\Dane aplikacji\pcouffin.sys
2008-06-13 16:19 --------- d-----w C:\Program Files\VSO
2008-06-10 16:56 34,312 ----a-w C:\WINDOWS\system32\drivers\epfwtdir.sys
2008-06-10 16:48 53,256 ----a-w C:\WINDOWS\system32\drivers\easdrv.sys
2008-06-10 16:47 39,944 ----a-w C:\WINDOWS\system32\drivers\eamon.sys
2008-06-08 11:36 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-06-08 11:36 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_ggsemc_01005.Wdf
2008-06-08 11:30 21,672 ----a-w C:\WINDOWS\system32\drivers\ggsemc.sys
2008-06-08 11:30 13,352 ----a-w C:\WINDOWS\system32\drivers\ggflt.sys
2008-06-08 11:27 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Sony Ericsson
2008-06-08 11:17 --------- d-----w C:\Program Files\Sony Ericsson
2008-06-07 13:25 --------- d-----w C:\Program Files\Common Files\DirectX
2008-06-05 17:16 --------- d-----w C:\Documents and Settings\Matias\Dane aplikacji\GetRightToGo
2008-06-03 13:02 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab
2008-06-02 14:35 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy
2008-05-31 10:45 --------- d-----w C:\Documents and Settings\Matias\Dane aplikacji\PC Tools
2008-05-31 07:54 --------- d-----w C:\Documents and Settings\Matias\Dane aplikacji\CyberLink
2008-05-31 07:53 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\CyberLink
2008-05-31 07:18 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\DVD Shrink
2008-01-10 15:12 81,920 ----a-w C:\Documents and Settings\Matias\Dane aplikacji\ezpinst.exe
2008-01-08 13:44 32 ----a-w C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat
2008-01-31 12:31 88 --sh--r C:\WINDOWS\system32\1409BDC7CA.sys
2008-01-31 12:33 2,516 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

------- Sigcheck -------

2004-08-03 23:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\system32\dllcache\tcpip.sys
2004-08-03 23:14 359040 6a603809f598332dbedd535bdbce313e C:\WINDOWS\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{19B8572F-894F-41E0-9309-00091B688905}]
2008-07-18 11:09 19968 --a------ C:\WINDOWS\system32\tbsrch.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\NBHShellExt]
@="{8D2223A2-B3C6-4e32-B096-CDD11F628C60}"
[HKEY_CLASSES_ROOT\CLSID\{8D2223A2-B3C6-4e32-B096-CDD11F628C60}]
2007-12-13 23:02 96552 --a------ C:\Program Files\Nero\Nero8\InCD\NBHShx.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44 15360]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-06-18 11:49 289088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-03 05:46 13529088]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"VirtualCloneDrive"="C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2006-04-29 15:21 94208]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-06-10 18:52 1447168]
"nwiz"="nwiz.exe" [2008-05-03 05:46 1630208 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:44 15360]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Program sieciowy dla SAGEM Wi-Fi 11g USB adapter.lnk - C:\Program Files\SAGEM WiFi manager\WLANUTL.exe [2008-07-15 19:12:38 950272]

[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\winlogon]
"Shell"="C:\\WINDOWS\\sysutils\\sysutil.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= divxa32.acm
"msacm.avis"= ff_acm.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Program sieciowy dla SAGEM Wi-Fi 11g USB adapter.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Program sieciowy dla SAGEM Wi-Fi 11g USB adapter.lnk
backup=C:\WINDOWS\pss\Program sieciowy dla SAGEM Wi-Fi 11g USB adapter.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Matias^Menu Start^Programy^Autostart^Bux.to Autoclicker.lnk]
path=C:\Documents and Settings\Matias\Menu Start\Programy\Autostart\Bux.to Autoclicker.lnk
backup=C:\WINDOWS\pss\Bux.to Autoclicker.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Matias^Menu Start^Programy^Autostart^hamachi.lnk]
path=C:\Documents and Settings\Matias\Menu Start\Programy\Autostart\hamachi.lnk
backup=C:\WINDOWS\pss\hamachi.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Matias^Menu Start^Programy^Autostart^livebox tp.lnk]
path=C:\Documents and Settings\Matias\Menu Start\Programy\Autostart\livebox tp.lnk
backup=C:\WINDOWS\pss\livebox tp.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\advap32
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DelayLoad

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\a-squared]
--a------ 2008-07-13 12:56 2694800 C:\Program Files\a-squared Anti-Malware\a2guard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
--a------ 2007-05-04 02:32 961024 C:\Program Files\Ares\Ares.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AS]
--a------ 2008-07-08 17:44 492032 C:\Documents and Settings\Matias\Moje dokumenty\AS\as.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
--a------ 2008-06-18 11:49 289088 C:\Program Files\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu]
--a------ 2008-03-20 12:04 2127296 C:\Program Files\Gadu-Gadu\gg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2006-10-27 01:47 31016 C:\Program Files\Microsoft Office Enterprise 2007\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray]
--a------ 2008-04-10 15:14 1107848 C:\Program Files\Spyware Doctor\pctsTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2007-12-03 15:21 2213160 C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2008-05-03 05:46 86016 C:\WINDOWS\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Odkurzacz-MCD]
--a------ 2008-03-03 14:44 266240 C:\Program Files\Odkurzacz\odk_mcd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]
--a------ 2007-12-13 23:02 2048808 C:\Program Files\Nero\Nero8\InCD\NBHGui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-02-01 18:22 21898024 C:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedBitVideoAccelerator]
--a------ 2008-07-09 11:44 2705008 C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner]
--a------ 2008-06-03 20:33 878672 C:\Program Files\Trojan Remover\Trjscan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
--a------ 2006-04-29 15:21 94208 C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoipDiscount]
--a------ 2007-05-31 17:22 7419456 C:\Program Files\VoipDiscount.com\VoipDiscount\VoipDiscount.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Gadu-Gadu\\gg.exe"=
"C:\\Program Files\\Ares\\Ares.exe"=
"C:\\Program Files\\BitComet\\BitComet.exe"=
"C:\\Program Files\\VoipDiscount.com\\VoipDiscount\\VoipDiscount.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\WINDOWS\\system32\\dpnsvr.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Opera\\Opera.exe"=
"C:\\Program Files\\Common Files\\Nero\\Nero Web\\SetupX.exe"=
"C:\\WINDOWS\\system32\\dplaysvr.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"D:\\Gry\\Counter-Strike 1.6\\hl.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"D:\\Gry\\Sniper Elite\\SniperElite.exe"=
"D:\\Gry\\Counter-Strike Source\\hl2.exe"=
"C:\\Program Files\\SpeedBit Video Accelerator\\VideoAccelerator.exe"=
"C:\\WINDOWS\\system32\\winver.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"22015:TCP"= 22015:TCP:BitCometBeta 22015 TCP
"22015:UDP"= 22015:UDP:BitCometBeta 22015 UDP
"27015:TCP"= 27015:TCP:hlds
"27016:TCP"= 27016:TCP:hlds
"27066:TCP"= 27066:TCP:hlds
"8461:TCP"= 8461:TCP:GoD High Port
"8462:TCP"= 8462:TCP:GoD Low Port

R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-06-10 18:56]
R2 NeroRegInCDSrv;Nero Registry InCD Service;C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe [2007-12-13 23:02]
R2 sbbotdi;sbbotdi;C:\PROGRA~1\SPEEDB~1\sbbotdi.sys [2008-07-09 11:44]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-04 00:44]
R2 VideoAcceleratorService;VideoAcceleratorService;C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe [2008-07-09 11:44]
R3 dfmirage;dfmirage;C:\WINDOWS\system32\DRIVERS\dfmirage.sys [2008-04-15 13:49]
R3 SiS7012;Service for AC'97 Sample Driver (WDM);C:\WINDOWS\system32\drivers\sis7012.sys [2004-11-03 15:14]
S2 RDMPLocalService;RDM+ Local Service;C:\Program Files\RDM+\rdmpserv.exe []
S3 ggflt;SEMC USB Flash Driver Filter;C:\WINDOWS\system32\DRIVERS\ggflt.sys [2008-06-08 13:30]
S3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;C:\WINDOWS\system32\DRIVERS\WlanBZXP.sys [2007-01-10 10:14]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-07-11 11:41]
S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\system32\ZDCndis5.SYS []

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
- - - - ORPHANS REMOVED - - - -

BHO-{49276BC0-E4E4-4983-8F09-F12A440BFA3C} - (no file)
BHO-{5F72C180-0E03-444A-914D-01095A5CBE54} - (no file)
BHO-{BC728C13-5691-4529-A1C2-E662A9AD1C87} - (no file)
HKU-Default-RunOnce-SIAPRO7 - C:\Program Files\Steganos Internet Anonym Pro 7\SIAPRO7.exe
HKLM-Explorer_Run-this - C:\Program Files\Web Technologies\wcs.exe
Notify-jkkLEUNf - (no file)
MSConfigStartUp-b8fce48b - C:\WINDOWS\system32\ymayjeny.dll
MSConfigStartUp-BearShare - C:\Program Files\BearShare\BearShare.exe
MSConfigStartUp-BMbbcfd717 - C:\WINDOWS\system32\snqdfakr.dll
MSConfigStartUp-DAEMON Tools Lite - C:\Program Files\DAEMON Tools Lite\daemon.exe
MSConfigStartUp-InCD - C:\Program Files\Nero\Nero8\InCD\InCD.exe
MSConfigStartUp-LanguageShortcut - C:\Program Files\CyberLink\PowerDVD\Language\Language.exe
MSConfigStartUp-MSMSGS - C:\Program Files\Messenger\msmsgs.exe
MSConfigStartUp-NeroFilterCheck - C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
MSConfigStartUp-Orb - C:\Program Files\Winamp Remote\bin\OrbTray.exe
MSConfigStartUp-RemoteControl - C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
MSConfigStartUp-SDTray - C:\Program Files\Spyware Doctor\SDTrayApp.exe
MSConfigStartUp-SIAPRO7 - C:\Program Files\Steganos Internet Anonym Pro 7\SIAPRO7.exe
MSConfigStartUp-SpybotSD TeaTimer - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-18 14:25:38
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\lsass.exe
C:\Program Files\Secure Surfing Engine\sselsp.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
C:\WINDOWS\sysutils\winsystip.exe
.
**************************************************************************
.
Completion time: 2008-07-18 14:33:59 - machine was rebooted [Matias]
ComboFix-quarantined-files.txt 2008-07-18 12:32:50

Pre-Run: 1,454,604,288 bajtów wolnych
Post-Run: 1,320,009,728 bajt˘w wolnych

403

[huber2t]

Pobierz ComboFix, ale nie uruchamiaj
Wklej do notatnika:

Kod: Zaznacz wszystko

File::
C:\WINDOWS\system32\tbsrch.dll

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{19B8572F-894F-41E0-9309-00091B688905}]


Plik zapisz jako CFScript.txt (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe)
Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe tak jak tu

Rozpocznie się usuwanie i powstanie log, daj ten log na forum.

Logi dajesz na http://www.wklej.eu/ a w poście dajesz tylko link

[matias55555]

po usuwaniu:

http://www.wklejto.pl/6092

[huber2t]

Log wyglada na czysty

usuń ręcznie folder C: \Qoobox , usuń instalkę Combofix z dysku.

Przeczyść komputer Ccleanerem

Wykonaj optymalizację autostartu

Wyłącz i włącz przywracanie systemu na wszystkich dyskach. Instrukcja

Przeskanuj obszar mojego komputera http://www.kaspersky.pl/virusscanner.html (uruchom przez IE) Daj raport z niego na forum

lub

Dr.WEB CureIt!

[matias55555]

Programem Dr.WEB CureIt! wykryło 2 wirusy które usunąłem

[huber2t]

Przeskanuj dla pewności jeszcze Kasperskim

[matias55555]

Jutro z rana przeskanuję i dam log z kasperskyego

[matias55555]

Oto raport ze skanowania kasperskym:
http://www.wklejto.pl/6172

[huber2t]

Pobierz The Avenger

wklej do niego ten tekst:

Kod: Zaznacz wszystko

Files to delete:
C:\Documents and Settings\Matias\Pulpit\hacki do css\perfectaim_software_public\release\perfectaim.exe
C:\Program Files\Mozilla Firefox\plugins\NPMyGlSh.dll   


kopiuj to i klikasz na Paste Script from Clipboard wybierasz Execute oraz Potwierdzasz i zgadzasz się na restart klikając OK.
Kasujesz ręcznie z dysku plik: C:\Avenger\backup.zip i wklejasz na forum raport: C:\avenger.txt

[matias55555]

Log z programu The Avenger:

http://www.wklejto.pl/6173

[huber2t]

Pliki się pousuwali

Powinno być ok

[matias55555]

Wielkie dzięki wszystko działa jak powinno