Komputer znacznie spowolnił

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:14:21, on 2009-04-10

Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

D:\gry\steam\steam.exe

C:\Program Files\Nowe Gadu-Gadu\gg.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\SAGEM WiFi manager\WLANUTL.exe

C:\Program Files\Nowe Gadu-Gadu\spellchecker_gg.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowsxlive.net

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Alcohol Toolbar Helper - {8126A4A5-BFD3-46FE-BBDF-BFB5CF78E489} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Alcohol Toolbar - {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll

O4 - HKLM…\Run: [AudioDrvEmulator] “C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe” -1 AudioDrvEmulator “C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll”

O4 - HKLM…\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM…\Run: [sSBkgdUpdate] “C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe” -Embedding -boot

O4 - HKLM…\Run: [nwiz] nwiz.exe /install

O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM…\Run: [egui] “C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe” /hide /waitservice

O4 - HKCU…\Run: [steam] “d:\gry\steam\steam.exe” -silent

O4 - HKCU…\Run: [Nowe Gadu-Gadu] “C:\Program Files\Nowe Gadu-Gadu\gg.exe”

O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: Program sieciowy dla SAGEM Wi-Fi 11g USB adapter.lnk = ?

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Open with Scansoft PDF Converter 3.0 - res://C:\Program Files\ScanSoft\OmniPage15.0\PDFConverter3\IEShellExt.dll /100

O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra ‘Tools’ menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk (file missing)

O9 - Extra ‘Tools’ menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk (file missing)

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s … wflash.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe

O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

O23 - Service: HDD Information Service (HDDSvc) - AltrixSoft (http://www.altrixsoft.com/) - C:\WINDOWS\system32\HDDSvc.exe

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

End of file - 5958 bytes

usuń HijackThisem >> Fix checked

Pobierz CCleaner http://www.filehippo.com/download_ccleaner/

przeskanuj nim i wyczyść rejestr.

zrób optymalizacje uruchamiania

http://cybertrash.netarteria.pl/cyber/i … 378.0.html

Pobierz Combofix http://www.searchengines.pl/index.php?s … ntry395642 uruchom dwuklikiem

pokaż log

Podczas pobierania i skanu Combofixem proszę wyłączyć wszelkie zapory i antywirusy

:slight_smile:

ComboFix 09-04-04.01 - Mapecisko 2009-04-10 14:48:13.3 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.2559.1984 [GMT 2:00]

Uruchomiony z: c:\documents and settings\Mapecisko\Pulpit\ComboFix.exe

AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated)

* Utworzono nowy punkt przywracania

.

((((((((((((((((((((((((( Pliki utworzone od 2009-03-10 do 2009-04-10 )))))))))))))))))))))))))))))))

.

2009-04-10 14:29 . 2009-04-10 14:29

2009-04-10 13:54 . 2009-04-10 13:54 25,992 --a------ c:\windows\system32\pgdfgsvc.exe

2009-04-10 11:01 . 2009-04-10 13:58

2009-03-31 00:36 . 2009-03-31 00:33 15,688 --a------ c:\windows\system32\lsdelete.exe

2009-03-31 00:15 . 2009-03-31 00:15

2009-03-31 00:14 . 2009-03-31 00:14

2009-03-31 00:14 . 2009-03-31 00:18

2009-03-30 20:07 . 2009-03-30 20:10

2009-03-29 16:02 . 2009-03-29 16:02

2009-03-26 14:33 . 2009-03-26 14:33

2009-03-26 02:27 . 2009-03-26 02:27

2009-03-26 02:26 . 2009-03-26 02:27

2009-03-22 23:00 . 2009-03-22 23:00

2009-03-22 22:47 . 2009-03-22 22:47

2009-03-21 00:55 . 2009-03-27 04:26 4,958,588 --------- c:\windows{00000002-00000000-00000004-00001102-00000008-10211102}.BAK

2009-03-21 00:55 . 2009-04-10 14:05 32,136 --a------ c:\windows\system32\BMXStateBkp-{00000002-00000000-00000004-00001102-00000008-10211102}.rfx

2009-03-21 00:55 . 2009-04-10 14:05 32,136 --a------ c:\windows\system32\BMXState-{00000002-00000000-00000004-00001102-00000008-10211102}.rfx

2009-03-21 00:55 . 2009-04-10 14:05 30,924 --a------ c:\windows\system32\BMXCtrlState-{00000002-00000000-00000004-00001102-00000008-10211102}.rfx

2009-03-21 00:55 . 2009-04-10 14:05 30,924 --a------ c:\windows\system32\BMXBkpCtrlState-{00000002-00000000-00000004-00001102-00000008-10211102}.rfx

2009-03-21 00:55 . 2009-04-10 14:05 11,564 --a------ c:\windows\system32\DVCState-{00000002-00000000-00000004-00001102-00000008-10211102}.rfx

2009-03-21 00:53 . 2009-03-27 04:26 4,958,588 --a------ c:\windows{00000002-00000000-00000004-00001102-00000008-10211102}.CDF

2009-03-20 14:10 . 2006-08-11 15:56 3,072 --a------ c:\windows\CTXFIRES.DLL

2009-03-20 13:14 . 2008-05-01 17:35 53,248 --a------ c:\windows\system32\CSVer.dll

2009-03-19 22:43 . 2009-03-19 22:43 107,888 --a------ c:\windows\system32\CmdLineExt.dll

2009-03-19 22:04 . 2009-03-19 12:49 23,600 --a------ c:\windows\system32\drivers\TVICHW32.SYS

2009-03-19 13:31 . 2009-03-19 13:31

2009-03-19 13:31 . 2009-02-17 00:17 453,152 --a------ c:\windows\system32\NVUNINST.EXE

2009-03-19 13:31 . 2009-02-18 15:44 453,152 --a------ c:\windows\system32\nvudisp.exe

2009-03-19 13:31 . 2009-04-10 14:07 212,973 --a------ c:\windows\system32\nvapps.xml

2009-03-19 13:31 . 2009-02-18 15:44 19,021 --a------ c:\windows\system32\nvdisp.nvu

2009-03-17 14:34 . 2009-03-17 14:34

2009-03-17 14:33 . 2009-03-17 14:33

2009-03-16 19:31 . 2009-03-29 15:59

2009-03-15 23:05 . 2009-03-15 23:05

2009-03-13 23:17 . 2009-03-16 20:36 189,784 --a------ c:\windows\system32\PnkBstrB.xtr

2009-03-12 02:36 . 2009-03-12 02:36 409,280 --a------ c:\windows\system32\HDDSvc.exe

.

(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-04-10 11:48 --------- d-----w c:\program files\Mozilla Thunderbird

2009-04-10 09:31 --------- d-s—w c:\program files\Xfire

2009-04-10 09:31 --------- d-----w c:\program files\NAPI-PROJEKT

2009-04-10 09:31 --------- d-----w c:\program files\FlashGet

2009-04-10 09:31 --------- d-----w c:\program files\DC++

2009-04-10 09:30 --------- d-----w c:\documents and settings\Mapecisko\Dane aplikacji\uTorrent

2009-03-30 16:10 --------- d-----w c:\program files\Spybot - Search & Destroy

2009-03-30 16:08 --------- d-----w c:\program files\Sytexis Software

2009-03-29 14:28 --------- d-----w c:\program files\Winamp

2009-03-29 14:23 410,984 ----a-w c:\windows\system32\deploytk.dll

2009-03-29 14:23 --------- d-----w c:\program files\Java

2009-03-27 15:48 --------- d-----w c:\documents and settings\Mapecisko\Dane aplikacji\Nowe Gadu-Gadu

2009-03-26 12:36 75,064 ----a-w c:\windows\system32\PnkBstrA.exe

2009-03-26 12:36 189,784 ----a-w c:\windows\system32\PnkBstrB.exe

2009-03-26 12:36 138,944 ----a-w c:\windows\system32\drivers\PnkBstrK.sys

2009-03-26 12:34 22,328 ----a-w c:\documents and settings\Mapecisko\Dane aplikacji\PnkBstrK.sys

2009-03-26 12:33 2,246,144 ----a-w c:\windows\system32\pbsvc.exe

2009-03-24 11:03 7,808 ----a-w c:\windows\system32\drivers\psi_mf.sys

2009-03-22 20:48 --------- d-----w c:\program files\HP

2009-03-20 22:54 --------- d–h--w c:\program files\InstallShield Installation Information

2009-03-20 22:53 444,952 ----a-w c:\windows\system32\wrap_oal.dll

2009-03-20 22:53 109,080 ----a-w c:\windows\system32\OpenAL32.dll

2009-03-19 10:57 --------- d-----w c:\documents and settings\Mapecisko\Dane aplikacji\The Creative Assembly

2009-03-16 17:43 --------- d-----w c:\program files\Google

2009-03-16 15:46 --------- d-----w c:\documents and settings\Mapecisko\Dane aplikacji\My Games

2009-03-11 16:22 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Microsoft Help

2009-03-04 17:25 --------- d-----w c:\program files\Real Alternative

2009-03-02 18:44 --------- d-----w c:\documents and settings\Mapecisko\Dane aplikacji\id Software

2009-02-27 06:04 --------- d-----w c:\program files\NOS

2009-02-27 06:04 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\NOS

2009-02-26 14:51 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\DAEMON Tools Pro

2009-02-26 11:50 --------- d-----w c:\program files\Microsoft Silverlight

2009-02-21 10:16 --------- d-----w c:\documents and settings\Mapecisko\Dane aplikacji\Sports Interactive

2009-02-12 10:37 --------- d-----w c:\program files\ESET

2009-02-09 14:07 1,847,040 ----a-w c:\windows\system32\win32k.sys

2008-04-17 08:34 1 ----a-w c:\documents and settings\Mapecisko\SI.bin

2008-07-15 18:10 32,768 --sha-w c:\windows\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\MSHist012008071520080716\index.dat

.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“Steam”=“d:\gry\steam\steam.exe” [2009-03-11 1410296]

“Nowe Gadu-Gadu”=“c:\program files\Nowe Gadu-Gadu\gg.exe” [2009-02-27 9339496]

“ctfmon.exe”=“c:\windows\system32\ctfmon.exe” [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“AudioDrvEmulator”=“c:\program files\Creative\Shared Files\Module Loader\DLLML.exe” [2005-06-16 49152]

“UpdReg”=“c:\windows\UpdReg.EXE” [2000-05-11 90112]

“SSBkgdUpdate”=“c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe” [2003-09-30 155648]

“NvMediaCenter”=“c:\windows\system32\NvMcTray.dll” [2009-02-18 86016]

“NvCplDaemon”=“c:\windows\system32\NvCpl.dll” [2009-02-18 13680640]

“egui”=“c:\program files\ESET\ESET NOD32 Antivirus\egui.exe” [2009-02-06 2021400]

“MSConfig”=“c:\windows\pchealth\helpctr\Binaries\MSCONFIG.EXE” [2008-04-14 171520]

“nwiz”=“nwiz.exe” [2009-02-18 c:\windows\system32\nwiz.exe]

c:\documents and settings\All Users\Menu Start\Programy\Autostart\

Program sieciowy dla SAGEM Wi-Fi 11g USB adapter.lnk - c:\program files\SAGEM WiFi manager\WLANUTL.exe [2008-02-21 950272]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

“NoViewOnDrive”= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

“vidc.iv31”= c:\windows\system32\ir32_32.dll

“vidc.iv32”= c:\windows\system32\ir32_32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@=“Service”

[HKLM~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk]

[HKLM~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^HP Digital Imaging Monitor.lnk]

[HKLM~\startupfolder\C:^Documents and Settings^Mapecisko^Menu Start^Programy^Autostart^MP3 Dancer.lnk]

backup=c:\windows\pss\MP3 Dancer.lnkStartup

[HKLM~\startupfolder\C:^Documents and Settings^Mapecisko^Menu Start^Programy^Autostart^OpenOffice.org 2.2.lnk]

backup=c:\windows\pss\OpenOffice.org 2.2.lnkStartup

[HKLM~\startupfolder\C:^Documents and Settings^Mapecisko^Menu Start^Programy^Autostart^Registration Assassin’s Creed.LNK]

path=c:\documents and settings\Mapecisko\Menu Start\Programy\Autostart\Registration Assassin’s Creed.LNK

backup=c:\windows\pss\Registration Assassin’s Creed.LNKStartup

[HKLM~\startupfolder\C:^Documents and Settings^Mapecisko^Menu Start^Programy^Autostart^Rejestracja FIFA 09.lnk]

path=c:\documents and settings\Mapecisko\Menu Start\Programy\Autostart\Rejestracja FIFA 09.lnk

backup=c:\windows\pss\Rejestracja FIFA 09.lnkStartup

[HKLM~\startupfolder\C:^Documents and Settings^Mapecisko^Menu Start^Programy^Autostart^Secunia PSI.lnk]

path=c:\documents and settings\Mapecisko\Menu Start\Programy\Autostart\Secunia PSI.lnk

backup=c:\windows\pss\Secunia PSI.lnkStartup

[HKLM~\startupfolder\C:^Documents and Settings^Mapecisko^Menu Start^Programy^Autostart^The Matrix_ Path of Neo Registration.lnk]

backup=c:\windows\pss\The Matrix_ Path of Neo Registration.lnkStartup

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ABRegmon

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcaCheck

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoConnect

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AvMenu

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gainward

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]

–a------ 2009-03-31 00:23 515416 c:\program files\Lavasoft\Ad-Aware\AAWTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

–a------ 2009-02-27 18:10 35696 c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]

–a------ 2008-10-26 12:23 4608 c:\program files\Alcohol Soft\Alcohol 120\AxCmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDET]

--------- 2003-06-18 02:00 45056 c:\program files\Instalki\Creative\SBAudigy4\DVDAudio\CTDVDDET.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]

--------- 2005-02-15 17:10 57344 c:\program files\Instalki\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]

–a------ 2007-09-06 15:08 136136 c:\program files\DAEMON Tools Pro\DTProAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]

–a------ 2009-02-06 20:17 3325952 c:\program files\Electronic Arts\EADM\Core.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

–a------ 2007-08-24 07:00 33648 c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

–a------ 2007-05-08 17:24 54840 c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]

–a------ 2004-04-17 13:41 196608 c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]

–a------ 2004-04-13 07:07 69632 c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Odkurzacz-MCD]

–a------ 2008-08-16 16:01 264704 c:\program files\Odkurzacz\odk_mcd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF3 Registry Controller]

–a------ 2005-04-12 10:16 106496 c:\program files\ScanSoft\OmniPage15.0\PDFConverter3\registrycontroller.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]

-ra------ 2007-06-13 08:16 528384 c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Start WingMan Profiler]

–a------ 2004-04-23 14:28 77824 c:\program files\Logitech\Profiler\LWEMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

–a------ 2009-03-29 16:23 148888 c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]

–a------ 2006-09-07 19:19 15872 c:\program files\Unlocker\UnlockerAssistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]

–a------ 2008-06-27 18:24 19456 c:\windows\system32\CtHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]

–a------ 2006-08-11 15:56 18944 c:\windows\system32\CTXFIHLP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

“NBService”=3 (0x3)

“O&O Defrag”=2 (0x2)

“Pml Driver HPZ12”=2 (0x2)

“WMPNetworkSvc”=3 (0x3)

“WLSetupSvc”=3 (0x3)

“Symantec Core LC”=3 (0x3)

“StarWindServiceAE”=2 (0x2)

“Speed Disk service”=2 (0x2)

“rpcapd”=3 (0x3)

“PnkBstrB”=2 (0x2)

“PnkBstrA”=2 (0x2)

“ose”=3 (0x3)

“odserv”=3 (0x3)

“NVSvc”=2 (0x2)

“NProtectService”=2 (0x2)

“NMIndexingService”=3 (0x3)

“Microsoft Office Groove Audit Service”=3 (0x3)

“LiveUpdate”=3 (0x3)

“JavaQuickStarterService”=2 (0x2)

“idsvc”=3 (0x3)

“IDriverT”=3 (0x3)

“gupdate1c985f67b2c458”=2 (0x2)

“CLTNetCnService”=2 (0x2)

“ccSetMgr”=2 (0x2)

“ccEvtMgr”=2 (0x2)

“Automatic LiveUpdate Scheduler”=2 (0x2)

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

“EnableFirewall”= 0 (0x0)

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

“%windir%\system32\sessmgr.exe”=

“%windir%\Network Diagnostic\xpnetdiag.exe”=

“c:\Program Files\Java\jre1.5.0_11\bin\javaw.exe”=

“c:\Program Files\Instalki\SopCast\SopCast.exe”=

“c:\Documents and Settings\Mapecisko\Dane aplikacji\SopCast\adv\SopAdver.exe”=

“c:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe”=

“c:\Program Files\HP\Digital Imaging\bin\hpqste08.exe”=

“c:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe”=

“c:\Program Files\HP\Digital Imaging\bin\hposfx08.exe”=

“c:\Program Files\HP\Digital Imaging\bin\hposid01.exe”=

“c:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe”=

“c:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe”=

“c:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe”=

“c:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe”=

“c:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe”=

“c:\Program Files\HP\Digital Imaging\bin\hpoews01.exe”=

“c:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe”=

“c:\Program Files\DC++\DCPlusPlus.exe”=

“c:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE”=

“c:\Program Files\Microsoft Office\Office12\GROOVE.EXE”=

“c:\Program Files\Microsoft Office\Office12\ONENOTE.EXE”=

“c:\Program Files\Windows Media Player\wmplayer.exe”=

“c:\WINDOWS\system32\PnkBstrA.exe”=

“c:\WINDOWS\system32\PnkBstrB.exe”=

“c:\Program Files\Instalki\SopCast\adv\SopAdver.exe”=

“d:\Gry\Command & Conquer 3\RetailExe\1.9\cnc3game.dat”=

“c:\Program Files\Instalki\uTorrent\utorrent.exe”=

“d:\Gry\Command & Conquer 3 Gniew Kane’a\RetailExe\1.1\cnc3ep1.dat”=

“c:\Program Files\Electronic Arts\EADM\Core.exe”=

“d:\Gry\FIFA 09\FIFA09.exe”=

“c:\Program Files\Java\jre6\bin\java.exe”=

“c:\Program Files\Nowe Gadu-Gadu\gg.exe”=

“c:\Program Files\Mozilla Firefox\firefox.exe”=

“d:\Gry\Steam\Steam.exe”=

“d:\Gry\Steam\steamapps\common\football manager 2009\fm.exe”=

“d:\Gry\Steam\steamapps\common\empire total war\Empire.exe”=

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

“11138:TCP”= 11138:TCP:*:Disabled:BitComet 11138 TCP

“11138:UDP”= 11138:UDP:*:Disabled:BitComet 11138 UDP

“54271:TCP”= 54271:TCP:ble

“54271:UDP”= 54271:UDP:ble2

“8461:TCP”= 8461:TCP:GoD High Port

“8462:TCP”= 8462:TCP:GoD Low Port

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-02-06 106208]

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2009-02-06 93336]

R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-02-06 727720]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 951632]

R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [2008-06-27 99352]

R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [2008-06-27 555032]

R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [2008-06-27 566296]

R3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;c:\windows\system32\drivers\WlanBZXP.sys [2008-02-21 450560]

S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [2008-06-27 99352]

S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [2008-06-27 555032]

S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [2008-06-27 100888]

S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [2008-06-27 100888]

S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [2008-06-27 566296]

S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-06 34064]

S3 PciCon;PciCon;??\e:\pcicon.sys --> e:\PciCon.sys [?]

S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2008-11-18 7808]

S3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\drivers\s115bus.sys [2008-07-23 83208]

S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\drivers\s115mdfl.sys [2008-07-23 15112]

S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\drivers\s115mdm.sys [2008-07-23 108680]

S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s115mgmt.sys [2008-07-23 100488]

S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\drivers\s115obex.sys [2008-07-23 98568]

S3 s816bus;Sony Ericsson Device 816 driver (WDM);c:\windows\system32\drivers\s816bus.sys [2008-07-23 81832]

S3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter;c:\windows\system32\drivers\s816mdfl.sys [2008-07-23 13864]

S3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver;c:\windows\system32\drivers\s816mdm.sys [2008-07-23 107304]

S3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface;c:\windows\system32\drivers\s816obex.sys [2008-07-24 97320]

S4 gupdate1c985f67b2c458;Google Update Service (gupdate1c985f67b2c458);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-03 133104]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]

\Shell\AutoRun\command - H:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{4f9e85ef-e099-11db-aca1-000e5012c466}]

\Shell\AutoRun\command - F:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{9fbd8b79-1e3d-11de-8587-0060b39c6a97}]

\Shell\AutoRun\command - H:\LaunchU3.exe -a

.

Zawartość folderu ‘Zaplanowane zadania’

2009-03-30 c:\windows\Tasks\Ad-Aware Update (Weekly).job

  • c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-31 00:24]

2009-02-12 c:\windows\Tasks\GoogleUpdateTaskMachine.job

  • c:\program files\Google\Update\GoogleUpdate.exe [2009-02-03 13:53]

.

        • USUNIĘTO PUSTE WPISY - - - -

MSConfigStartUp-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

MSConfigStartUp-Creative Detector - c:\program files\instalki\Creative\MediaSource\Detector\CTDetect.exe

MSConfigStartUp-NeroFilterCheck - c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

MSConfigStartUp-NSWosCheck - c:\program files\Norton SystemWorks\osCheck.exe

MSConfigStartUp-RivaTunerStartupDaemon - c:\program files\RivaTuner v2.24\RivaTuner.exe

MSConfigStartUp-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe

MSConfigStartUp-WinampAgent - c:\program files\Winamp\winampa.exe

.

------- Skan uzupełniający -------

.

uStart Page = hxxp://www.windowsxlive.net

IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Open with Scansoft PDF Converter 3.0 - c:\program files\ScanSoft\OmniPage15.0\PDFConverter3\IEShellExt.dll /100

FF - ProfilePath - c:\documents and settings\Mapecisko\Dane aplikacji\Mozilla\Firefox\Profiles\zsi28n3x.default\

FF - prefs.js: browser.search.selectedEngine - Wikipedia (pl)

FF - prefs.js: browser.startup.homepage - www.onet.pl

FF - plugin: c:\documents and settings\All Users\Dane aplikacji\id Software\QuakeLive\npquakezero.dll

FF - plugin: c:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll

.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-04-10 14:49:35

Windows 5.1.2600 Dodatek Service Pack 3 NTFS

skanowanie ukrytych procesów …

skanowanie ukrytych wpisów autostartu …

skanowanie ukrytych plików …

skanowanie pomyślnie ukończone

ukryte pliki: 0

**************************************************************************

.

--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------

[HKEY_USERS\S-1-5-21-1275210071-329068152-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved{F4665055-F5A6-55F8-E304-CBF57F5419EC}*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

“ialplbahommabhibgg”=hex:6b,61,68,69,6e,63,6b,6c,62,64,6b,63,64,64,62,6c,6f,69,

6f,67,61,61,00,00

“habobbeaklejghcp”=hex:6b,61,68,69,6e,63,6b,6c,62,64,6b,63,64,64,62,6c,6f,69,

6f,67,61,61,00,00

[HKEY_USERS\S-1-5-21-1275210071-329068152-725345543-1003\Software\SecuROM!CAUTION! NEVER A OR CHANGE ANY KEY*]

“??”=hex:3d,08,19,54,05,2f,9e,67,49,86,7d,61,cf,b8,84,18,47,92,cd,78,13,7d,1c,

23,38,a6,47,08,76,30,b2,ec,bb,6f,55,0d,b4,3c,12,a7,90,f3,48,92,51,64,d2,0e,\

“??”=hex:5c,f1,83,89,34,2e,c3,29,75,49,0f,ac,fc,c3,b8,aa

[HKEY_USERS\S-1-5-21-1275210071-329068152-725345543-1003\Software\SecuROM\License information*]

“datasecu”=hex:77,60,62,17,38,63,0d,1d,d4,93,2c,c5,c0,79,8a,19,4a,28,a5,32,fa,

fa,e5,5f,72,99,20,22,38,a7,72,bc,0b,2d,a6,d0,ae,e2,99,e2,f7,dc,7c,87,cd,82,\

“rkeysecu”=hex:30,52,ae,7f,ce,50,68,72,ce,fd,98,82,04,6e,4c,91

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]

“OODEFRAG08.00.00.01WORKSTATION”=“9AC9CF182A839282D3B70CBECE3F01E84CAB0515C8277F3168AC8525B59D2AC4D1825A82EE654A8127A699F103B1304EC1F37BEAC0820B7A86B73BDD53D9DCF8C67F1757E839F261B44BC867EF74F744E583AA61DFCF93D263BD556517F1154C525AD7404125B4CB1DE6FE15D564E15640DDABDB1E4122BE92A939AB528F7BE1AF80745945E57AA0E68A22631CF4B93C3F5A132F9A9D03F70837CF11FC6B7F0D7D35C731624CF371F71D1F2FC9298E6835240125163FC9E99FF5866FB0565359BE0DAFCCAEBC93059E59E44A8CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E667A6171C11EC38DE3DFEBC9E127BECC74C8EDD5E5BE2F6E667331BEBBD2FD22B0ADC559D65448669AD0D5C9BAE41B10295BF70831133493EE98171A8C2FE900E266E5F0E2A041EF95403E445E21E71DA5940798B4A651D68CF968DC029CA7815EFA94A2EDE01E83A8C61DF152A3437971CC7611B79917819543A3A77CB2081FBD26DA3FBA56CEE345A3939E6917AB92C9B3B968B339564528EC784C0EBE2A572DF28B8A9084DBAE2E730A2CA0ABD37053A1649E97222ED8B3AAD40462A46641CC9DF1E9F73FEDD3902FD0E82E81DEFFEFD67EE74153B2630366F03668F553F1369AAAA76362F6A1C18F13507680BA76C10CE40235D3BA41F8425A53208EDBD61BA35787D86607963416C1303255227934085BA9B724D822ACD7948EE62C16A085CC167B7FA6BA5DC34E26957A08CBBAE7DD49F3CDEF2DC9A5AAC4B1750D5D3F993229BDA12F98ECA4FDEBB9540A9B66BDF9974941001552A9B90D5D66C850CA04841F951AA0AD75F93FBD186CDECEA6A21C70169D9A09207A30DD110AF7CAAD78419B0B90AEEA9C5A36DB7A67770B2C39D655333704D3D56A81D6D59FA3E4AEDFABA2BE75750301A4BF7BDA2CC9D6A02D90CBD1FEF59822D05509BF98F200929FCC9A0E1A028996E76757860C4B67120F96B520C57681517B94A11F217CA0ABF84000560D5449A47B5523F77B6CC2D92C643ED9007F3AA936842C8729C3E73DFACA894544AC8EA9CBD102FB1E2C786BEB0EB2AF34747FB95588280DF8F4A70A7B324CF5EB8ADC55CE7432810E7E5EAFEC8CF6BB2C006470474EA3B544215AF2B80E677D5BA3BE9E73116CDC6CDB4492144EB547E83224E3ACA6FBD9C6C9963F39979144652909D14B9C5083A7C1A97E67DD34FBA81E6D607109693BBA9A3C1FCAA77F06CE222252A48A30509414B4D06F12C090090EEAAAC197C8AE57A5706B583121DBCB6B44E66C393B181CCD568A944B0739B6B2B16E2E1CE340640A8EF03188C6BDA7865E8F93912C5A7B61869EEB930C28D30E1EB5589D266B7C3E1403D01BFF12438A0C8895BA8B6B277C7D3E83C0A7189E1AB81A152DDBCCD”

.

Czas ukończenia: 2009-04-10 14:51:23

ComboFix-quarantined-files.txt 2009-04-10 12:51:21

Przed: 7 126 491 136 bajtów wolnych

Po: 7,703,166,976 bajtów wolnych

WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT=“Microsoft Windows Recovery Console” /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS=“Microsoft Windows XP Professional” /noexecute=optin /fastdetect

348 — E O F — 2009-03-15 21:00:52

Otwórz notatnik i wklej

zapisz jako plik.reg >> wszystkie pliki

b57f17008275c957m.jpg

powstanie plik o takiej ikonie

062aec4c9b51c033m.jpg

w który dwa razy klikniesz potwierdzisz chęć dodania do rejestru potem restart

usuń ręcznie folder C: \Qoobox usuń instalkę Combofix z dysku.

Wyłącz I włącz przywracanie systemu na wszystkich dyskach.http://support.microsoft.com/kb/310405/pl

przeskanuj obszar Mój komputer http://www.kaspersky.pl/virusscanner.html gdy będą wirusy pokaż raport

:slight_smile:

Zrobiłem wszystko co napisałeś skaner na końcu nie znalazł żadnych wirusów.