Zamulanie kompa, znikające ikony:)

[szczoti]

Witam, zwracam się z prośbą o sprawdzenie log, gdyż po roku użytkowania kompa bez żadnego czyszczenia, skanów, format itp, komp zaczał zamulać a także zaczęły znikać ikony.
Prosze o sprawdzenie log:

RSIT:

Kod: Zaznacz wszystko

Logfile of random's system information tool 1.06 (written by random/random)
Run by Mój komputer at 2009-06-12 10:11:12
Microsoft Windows XP Professional Dodatek Service Pack 3
System drive C: has 32 GB (32%) free of 100 GB
Total RAM: 3327 MB (77% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:11:14, on 2009-06-12
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe
D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Microsoft LifeChat\LifeChat.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Internet Download Manager\IDMan.exe
D:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Winamp\winamp.exe
C:\PROGRAM FILES\STREAMRIPPER\wstreamripper.exe
C:\Documents and Settings\Mój komputer\Pulpit\RSIT.exe
C:\Documents and Settings\Mój komputer\Pulpit\Zabezpieczenia\Mój komputer.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.ati.com/online/cccwelcome/drivers.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - D:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O2 - BHO: IEPluginBHO - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\Mój komputer\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [Six Engine] "C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe" -r
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe"
O4 - HKLM\..\Run: [QFan Help] "C:\Program Files\ASUS\AI Suite\QFan3\QFanHelp.exe"
O4 - HKLM\..\Run: [Cpu Level Up help] C:\Program Files\ASUS\AI Suite\CpuLevelUpHelp.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [LifeChat] "C:\Program Files\Microsoft LifeChat\LifeChat.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [winsvc32] winsvc32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "D:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [RGSC] E:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
O4 - HKCU\..\Run: [IDMan] D:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [amva] C:\WINDOWS\system32\amvo.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZKfox000
O8 - Extra context menu item: Ściągnij przez IDM - D:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Ściągnij wszystkie linki przez IDM - D:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Ściągnij zawartość wideo FLV przez IDM - D:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1222236355343
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: 9-ay rota Drivers Auto Removal (pr2armgb) (pr2armgb) - Techland - C:\WINDOWS\system32\pr2armgb.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 8105 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}]
IDMIEHlprObj Class - D:\Program Files\Internet Download Manager\IDMIECC.dll [2008-12-23 161200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-03-01 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-01 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-01 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
ZoneAlarm Spy Blocker BHO - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [2008-11-29 262144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D}]
IEPluginBHO Class - C:\Documents and Settings\Mój komputer\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll [2009-05-26 42088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - ZoneAlarm Spy Blocker - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [2008-11-29 262144]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Six Engine"=C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe [2008-06-25 5625344]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-01-21 61440]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-01 136600]
"Ai Nap"=C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe [2008-05-26 1423360]
"QFan Help"=C:\Program Files\ASUS\AI Suite\QFan3\QFanHelp.exe [2008-05-06 594432]
"Cpu Level Up help"=C:\Program Files\ASUS\AI Suite\CpuLevelUpHelp.exe [2007-11-30 881152]
"ZoneAlarm Client"=D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2008-07-09 919016]
"LifeChat"=C:\Program Files\Microsoft LifeChat\LifeChat.exe [2008-08-21 267296]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-06-13 16871936]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"P17Helper"=Rundll32 P17.dll,P17Helper []
"HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe [2001-11-01 196608]
"winsvc32"=C:\WINDOWS\winsvc32.exe [2009-06-03 75776]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"Gadu-Gadu"=D:\Program Files\Gadu-Gadu\gg.exe [2008-03-20 2127296]
"RGSC"=E:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent []
"IDMan"=D:\Program Files\Internet Download Manager\IDMan.exe [2009-01-03 2745776]
"amva"=C:\WINDOWS\system32\amvo.exe [2008-03-09 101009]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ChrisTV Agent]
C:\Program Files\ChrisTV PVR Standard\ChrisTV_Agent.exe /SILENT []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
C:\Program Files\Electronic Arts\EADM\Core.exe [2008-07-22 2772992]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-09 153136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2008-09-29 21755688]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
E:\steam\Steam.exe -silent []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe [2008-08-04 36352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFast Schedule]
C:\Program Files\WinFast\WFDTV\WFWIZ.exe [2008-06-20 2887680]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFastDTV]
C:\Program Files\WinFast\WFDTV\DTVSchdl.exe [2008-07-11 90112]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\READER~1.0\Reader\READER~1.EXE [2008-01-11 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Synchronizer.lnk]
C:\PROGRA~1\Adobe\READER~1.0\Reader\ADOBEC~1.EXE [2007-05-11 738968]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Mój komputer^Menu Start^Programy^Autostart^hamachi.lnk]
C:\PROGRA~1\Hamachi\hamachi.exe [2009-06-05 599592]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Mój komputer^Menu Start^Programy^Autostart^OpenOffice.org 3.0.lnk]
C:\PROGRA~1\OPENOF~1.ORG\program\QUICKS~1.EXE [2008-09-12 384000]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Mój komputer^Menu Start^Programy^Autostart^OpenOffice.ux.pl 2.3.1.lnk]
C:\PROGRA~1\OPENOF~1.1\program\QUICKS~1.EXE  []

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2009-04-29 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
nwprovau

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"NoDrives"=
"NoDriveAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\Program Files\Pro Evolution Soccer 2008\PES2008.exe"="D:\Program Files\Pro Evolution Soccer 2008\PES2008.exe:*:Enabled:Pro Evolution Soccer 2008"
"C:\Program Files\Electronic Arts\EADM\Core.exe"="C:\Program Files\Electronic Arts\EADM\Core.exe:*:Disabled:EA Download Manager"
"D:\Program Files\KONAMI\Pro Evolution Soccer 2009\pes2009.exe"="D:\Program Files\KONAMI\Pro Evolution Soccer 2009\pes2009.exe:*:Enabled:Pro Evolution Soccer 2009"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"D:\Program Files\Ubisoft\Gearbox Software\Brothers in Arms - Hell's Highway\Binaries\biahh.exe"="D:\Program Files\Ubisoft\Gearbox Software\Brothers in Arms - Hell's Highway\Binaries\biahh.exe:*:Enabled:biahh"
"C:\Program Files\mIRC\mirc.exe"="C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\FlashGet Network\FlashGet universal\FlashGet.exe"="C:\Program Files\FlashGet Network\FlashGet universal\FlashGet.exe:*:Enabled:Flashget2"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"D:\Program Files\KONAMI\Pro Evolution Soccer 2009\GCP2009.exe"="D:\Program Files\KONAMI\Pro Evolution Soccer 2009\GCP2009.exe:*:Enabled:Pro Evolution Soccer 2009"
"C:\Program Files\Activision\Call of Duty - World at War\CoDWaWmp.exe"="C:\Program Files\Activision\Call of Duty - World at War\CoDWaWmp.exe:*:Enabled:Call of Duty(R) - World at War(TM)"
"C:\Program Files\Activision\Call of Duty - World at War\CoDWaW.exe"="C:\Program Files\Activision\Call of Duty - World at War\CoDWaW.exe:*:Enabled:Call of Duty(R) - World at War(TM)"
"E:\Program Files\EA Sports\FIFA Online 2\FF2Client.exe"="E:\Program Files\EA Sports\FIFA Online 2\FF2Client.exe:*:Enabled:FIFA ONLINE"
"C:\Documents and Settings\All Users\Dane aplikacji\NexonEU\NGM\NGM.exe"="C:\Documents and Settings\All Users\Dane aplikacji\NexonEU\NGM\NGM.exe:*:Enabled:Nexon Game Manager"
"E:\Combat Arms EU\CombatArms.exe"="E:\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe"
"E:\Combat Arms EU\Engine.exe"="E:\Combat Arms EU\Engine.exe:*Enabled:Engine.exe"
"E:\Combat Arms EU\NMService.exe"="E:\Combat Arms EU\NMService.exe:*:Enabled:Nexon Messenger Core"
"C:\WINDOWS\system32\MicrosoftUpdate.exe"="C:\WINDOWS\system32\MicrosoftUpdate.exe:*:Enabled:MICROSOFTUPDATE"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"E:\Combat Arms EU\CombatArms.exe"="E:\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe"
"E:\Combat Arms EU\Engine.exe"="E:\Combat Arms EU\Engine.exe:*Enabled:Engine.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5b017e0a-4148-11de-92af-002215a17e96}]
shell\AutoRun\command - H:\b.com
shell\explore\command - H:\b.com
shell\open\command - H:\b.com


======List of files/folders created in the last 1 months======

2009-06-12 10:11:12 ----D---- C:\rsit
2009-06-12 09:45:58 ----D---- C:\WINDOWS\LastGood
2009-06-12 09:25:47 ----A---- C:\WINDOWS\_MSRSTRT.EXE
2009-06-06 13:59:08 ----A---- C:\WINDOWS\GunzLauncher.INI
2009-06-06 13:56:45 ----HD---- C:\Documents and Settings\Mój komputer\Dane aplikacji\ijjigame
2009-06-06 13:54:57 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\ijjigame
2009-06-05 18:24:39 ----D---- C:\Documents and Settings\Mój komputer\Dane aplikacji\Hamachi
2009-06-05 18:18:00 ----D---- C:\Program Files\Hamachi
2009-06-04 21:45:00 ----A---- C:\example.txt
2009-06-03 15:30:55 ----RSH---- C:\WINDOWS\winsvc32.exe
2009-06-03 15:30:33 ----A---- C:\WINDOWS\system32\c_dll.dll
2009-06-02 13:37:07 ----A---- C:\WINDOWS\PhotoSnapViewer.INI
2009-06-01 20:12:01 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\NexonEU
2009-06-01 15:05:26 ----A---- C:\WINDOWS\ARCHPR.INI
2009-06-01 15:05:14 ----D---- C:\Program Files\ARCHPR
2009-06-01 14:57:58 ----D---- C:\Program Files\ElcomSoft
2009-05-31 11:46:37 ----A---- C:\WINDOWS\FOE2.ini
2009-05-28 14:39:25 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\OpenFM
2009-05-28 14:39:02 ----D---- C:\Documents and Settings\Mój komputer\Dane aplikacji\OpenFM
2009-05-28 07:13:39 ----D---- C:\Documents and Settings\Mój komputer\Dane aplikacji\Nowe Gadu-Gadu
2009-05-23 16:06:39 ----A---- C:\WINDOWS\system32\CMStarterCore.exe
2009-05-23 16:06:39 ----A---- C:\WINDOWS\system32\CMStarter_Kor.dll
2009-05-23 16:06:39 ----A---- C:\WINDOWS\system32\CMStarter_Eng.dll
2009-05-20 12:06:08 ----D---- C:\Documents and Settings\Mój komputer\Dane aplikacji\Wypas
2009-05-15 14:08:00 ----RSH---- C:\WINDOWS\system32\amvo0.dll
2009-05-15 14:08:00 ----RSH---- C:\WINDOWS\system32\amvo.exe

======List of files/folders modified in the last 1 months======

2009-06-12 10:05:03 ----D---- C:\WINDOWS\Internet Logs
2009-06-12 09:57:08 ----RD---- C:\Program Files
2009-06-12 09:49:41 ----D---- C:\WINDOWS\system32
2009-06-12 09:46:23 ----D---- C:\WINDOWS\Prefetch
2009-06-12 09:46:23 ----D---- C:\Program Files\Mozilla Firefox
2009-06-12 09:46:10 ----D---- C:\Program Files\Asprate
2009-06-12 09:45:58 ----D---- C:\WINDOWS\Temp
2009-06-12 09:45:58 ----D---- C:\WINDOWS\system32\drivers
2009-06-12 09:45:58 ----D---- C:\WINDOWS
2009-06-12 09:45:38 ----HD---- C:\Program Files\InstallShield Installation Information
2009-06-12 09:45:33 ----D---- C:\Program Files\Samsung
2009-06-12 09:45:23 ----SHD---- C:\WINDOWS\Installer
2009-06-12 09:43:35 ----D---- C:\Program Files\PowerShot Pinball
2009-06-12 09:42:41 ----SD---- C:\WINDOWS\Tasks
2009-06-12 09:40:50 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-06-12 09:39:35 ----D---- C:\Program Files\Ganymede
2009-06-12 09:36:24 ----D---- C:\Documents and Settings\Mój komputer\Dane aplikacji\AidMaker
2009-06-12 09:31:26 ----A---- C:\WINDOWS\system32\PerfStringBackup.TMP
2009-06-12 09:27:36 ----D---- C:\Documents and Settings\Mój komputer\Dane aplikacji\DMCache
2009-06-12 09:25:58 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-06-12 09:25:25 ----D---- C:\Program Files\Winamp
2009-06-12 06:36:33 ----D---- C:\WINDOWS\system32\config
2009-06-11 01:32:11 ----D---- C:\WINDOWS\system32\CatRoot2
2009-06-10 22:48:25 ----HD---- C:\WINDOWS\inf
2009-06-10 18:00:58 ----D---- C:\Program Files\Common Files\Symantec Shared
2009-06-10 08:59:23 ----HD---- C:\ASUS.000
2009-06-05 19:51:31 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-06-05 19:42:16 ----D---- C:\WINDOWS\Minidump
2009-06-05 19:24:42 ----D---- C:\Program Files\DAEMON Tools Lite
2009-06-05 19:14:58 ----D---- C:\WINDOWS\system32\DirectX
2009-06-05 19:14:42 ----RSD---- C:\WINDOWS\assembly
2009-06-05 18:22:14 ----D---- C:\Documents and Settings\Mój komputer\Dane aplikacji\HamachiBackup

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AsIO;AsIO; C:\WINDOWS\system32\drivers\AsIO.sys [2007-12-17 12400]
R1 intelppm;Sterownik procesora Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 40320]
R1 kbdhid;Sterownik klawiatury HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-04 14848]
R1 KLIF;KLIF; C:\WINDOWS\system32\DRIVERS\klif.sys [2007-07-19 127768]
R1 oreans32;oreans32; \??\C:\WINDOWS\system32\drivers\oreans32.sys []
R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2006-07-24 5632]
R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2008-07-09 394952]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2008-09-26 271360]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2008-09-26 18048]
R2 NwlnkIpx;Protokół transportowy zgodny z NWLink IPX/SPX/NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2004-08-03 88448]
R2 NwlnkNb;System NetBIOS NWLink; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2001-08-17 63232]
R2 NwlnkSpx;Protokół NWLink SPX/SPXII; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2001-08-17 55936]
R2 rspndr;Responder odnajdywania topologii warstwy łącza; C:\WINDOWS\system32\DRIVERS\rspndr.sys [2006-11-08 62336]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2009-04-29 3643904]
R3 AtiHdmiService;ATI Function Driver for HDMI Service; C:\WINDOWS\system32\drivers\AtiHdmi.sys [2008-05-21 93696]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys [2005-01-10 138752]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 HidUsb;Sterownik Microsoft klasy HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-06-13 4754944]
R3 L1e;Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller; C:\WINDOWS\system32\DRIVERS\l1e51x86.sys [2008-06-25 36864]
R3 mouhid;Sterownik myszy HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-26 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 NWRDR;NetWare Rdr; C:\WINDOWS\system32\DRIVERS\nwrdr.sys [2006-10-13 163584]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\DRIVERS\ctoss2k.sys [2005-01-10 106496]
R3 P17;Sound Blaster Audigy; C:\WINDOWS\system32\drivers\P17.sys [2005-07-07 1389056]
R3 usbehci;Sterownik Miniport rozszerzonego kontrolera hosta USB 2.0 Microsoft; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2006-10-23 30208]
R3 usbhub;Koncentrator z obsługą USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2006-10-23 59264]
R3 usbprint;Klasa PRINTER USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]
R3 usbuhci;Sterownik Miniport uniwersalnego kontrolera hosta USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2006-10-23 20608]
S2 CX23880;WinFast CX2388x WDM Video Capture.; C:\WINDOWS\system32\drivers\cx88vid.sys [2006-10-18 162944]
S2 CXAVXBAR;WinFast CX2388x WDM Crossbar.; C:\WINDOWS\system32\drivers\cxavxbar.sys [2006-10-18 9728]
S2 CXTUNE;WinFast CX2388x WDM TVTuner.; C:\WINDOWS\system32\drivers\CX88TUNE.sys [2006-10-18 50816]
S3 aeuupiyk;aeuupiyk; C:\WINDOWS\system32\drivers\aeuupiyk.sys []
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CCDECODE;Dekoder napisów; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 DAEDriver54;DAEDriver54; \??\C:\Documents and Settings\Mój komputer\Pulpit\Hack Gunz\Hack Gunz\HACK for Gunz privates\dak32.sys []
S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-06-05 17480]
S3 MSTEE;Konwerter strumieni Tee/Sink-to-Sink Microsoft Streaming; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;Koder-dekoder NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Połączenie TV/wideo firmy Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 NPPTNT2;NPPTNT2; \??\C:\WINDOWS\system32\npptNT2.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 ssm_bus;SAMSUNG Mobile USB Device II 1.0 driver (WDM); C:\WINDOWS\system32\DRIVERS\ssm_bus.sys [2007-05-02 83592]
S3 ssm_mdfl;SAMSUNG Mobile USB Modem II 1.0 Filter; C:\WINDOWS\system32\DRIVERS\ssm_mdfl.sys [2007-05-02 15112]
S3 ssm_mdm;SAMSUNG Mobile USB Modem II 1.0 Drivers; C:\WINDOWS\system32\DRIVERS\ssm_mdm.sys [2007-05-02 109704]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 usbaudio;Sterownik audio USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-04 59264]
S3 usbccgp;Rodzajowy sterownik nadrzędny USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
S3 USBSTOR;Sterownik magazynu masowego USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 WFIOCTL;WFIOCTL; \??\C:\Program Files\WinFast\WFDTV\WFIOCTL.SYS []
S3 WSTCODEC;Kodery-dekodery teletekstu w standardzie światowym; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-10-15 611664]
R2 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2008-11-19 109056]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2009-04-29 602112]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-03-01 152984]
R2 NWCWorkstation;Usługa klienta dla systemu NetWare; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-03-27 66872]
R2 ProtexisLicensing;ProtexisLicensing; C:\WINDOWS\system32\PSIService.exe [2007-06-05 177704]
R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2004-12-13 49152]
R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2008-07-09 75304]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2009-04-28 593920]
S2 pr2armgb;9-ay rota Drivers Auto Removal (pr2armgb); C:\WINDOWS\system32\pr2armgb.exe [2008-05-30 415088]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-01-15 774144]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-03-12 271920]
S3 npggsvc;nProtect GameGuard Service; C:\WINDOWS\system32\GameMon.des [2009-03-30 2735133]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
S3 WMPNetworkSvc;Usługa udostępniania w sieci programu Windows Media Player; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-12-01 918016]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]
S4 Prime95 Service;Prime95 Service; C:\Program Files\Prime95\prime95.exe []

-----------------EOF-----------------


[Okocza]

Wykonaj to co jest podane w tym temacie

Zastosuj SDFix . Po pobraniu uruchom go a rozpakuje się do C:\SDFix. Uruchom komputer w trybie awaryjnym (F8 przy stracie systemu). Będąc w awaryjnym uruchom plik RunThis.bat z folderu SDFixa. Zatwierdź czyszczenie przez Y. Poczekaj aż ukończy i komputer zresetuje

Potem wejdz do folderu C:\SDFix wrzuc zawartość pliku Report.txt + log z rsit'a lub dss'a

[szczoti]

Niestety podczas próby zrobienia tej czynności z SDFixem napotkałem błąd o następującej treści
C:\SDFix\apps\locate.com

Parametr jest niepoprawny.

Wiesz może co mam zrobić?

[Okocza]

szczoti, pobierz inną wersję programu

[szczoti]

Ściągnąłem tą wersję z twojego linku, mam spróbować inną?

[Okocza]

szczoti, tak, pobierz inną wersję programu.

[szczoti]

Inna wersja pobrana i zainstalowana i nadal to samo... można wykonać jakąś inną operacje?Teraz sprawa nabiera już kolorów, sypiące się procesy windowsa... itp. Może ten OTL by coś zdziałał?

[wojtas]

tak daj loga z OTL

[szczoti]

Log był długi dlatego w takiej postaci http://www.wklej.eu/index.php?id=1ac02b833f

Proszę o szybką pomoc, jest coraz gorzej, np teraz utworzyły mi się na pulpicie jakieś .jpg, które zapewne są zainfekowane.

[wojtas]

Daj loga z combofixa ale zainstaluj wraz z nim konsolę odzyskiwania ( instrukcja programu )

[szczoti]

Kod: Zaznacz wszystko

ComboFix 09-06-15.06 - Mój komputer 2009-06-16 10:30.4 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1250.48.1045.18.3327.2905 [GMT 2:00]
Uruchomiony z: c:\documents and settings\Mój komputer\Pulpit\ComboFix.exe
FW: COMODO Firewall Pro *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!
.
[i] ADS - svchost.exe: deleted 32768 bytes in 1 streams. [/i]

(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\lsass.exe
c:\program files\FlashGet Network
c:\program files\Manson\liser.dll
c:\program files\podmena
c:\windows\system32\drivers\4361cdb1.sys
c:\windows\system32\drivers\854b831c.sys
c:\windows\system32\drivers\da95ad00.sys
c:\windows\system32\drivers\e2d082f2.sys
C:\borjfqv.exe
c:\documents and settings\Mój komputer\Mój komputer.exe
c:\program files\FlashGet Network\FlashGet universal\dbtrans_verbose.log
c:\program files\FlashGet Network\FlashGet universal\fgoption.ini
c:\program files\FlashGet Network\FlashGet universal\P2PCfg.ini
c:\program files\FlashGet Network\FlashGet universal\p2spmgr.ini
c:\program files\FlashGet Network\FlashGet universal\p4spmgr.ini
c:\program files\FlashGet Network\FlashGet universal\Profiles\config.dat
c:\program files\FlashGet Network\FlashGet universal\Profiles\tasks.dat
c:\program files\FlashGet Network\FlashGet universal\transaction.log
c:\program files\Manson\liser.exe
c:\program files\podmena\podmena.dll
c:\program files\podmena\podmena.sys
c:\recycler\S-1-5-21-2681467274-2703129540-295591502-6191\wnzip32.exe
c:\windows\ld09.exe
c:\windows\system\svchost.exe
c:\windows\system32\AutoRun.inf
c:\windows\system32\csrcs.exe
c:\windows\system32\drivers\fips32cup.sys
c:\windows\system32\drivers\nicsk32.sys

.
(((((((((((((((((((((((((((((((((((((((   Sterowniki/Usługi   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_fips32cup
-------\Legacy_icf
-------\Legacy_NICSK32
-------\Legacy_OREANS32
-------\Legacy_podmena
-------\Legacy_podmenadrv
-------\Service_4361cdb1
-------\Service_854b831c
-------\Service_da95ad00
-------\Service_e2d082f24361cdb1
-------\Service_fips32cup
-------\Service_ICF
-------\Service_nicsk32
-------\Service_oreans32
-------\Service_podmena
-------\Service_podmenadrv
-------\Legacy_Darkness
-------\Service_Darkness
-------\Service_e2d082f2


(((((((((((((((((((((((((   Pliki utworzone od 2009-05-16 do 2009-06-16  )))))))))))))))))))))))))))))))
.

2009-06-16 06:36 . 2009-06-16 07:04   --------   d-----w-   c:\documents and settings\All Users\Dane aplikacji\comodo
2009-06-16 06:36 . 2009-06-16 06:36   87056   ----a-w-   c:\windows\system32\drivers\cmdguard.sys
2009-06-16 06:36 . 2009-06-16 06:36   79760   ----a-w-   c:\windows\system32\drivers\inspect.sys
2009-06-16 06:36 . 2009-06-16 06:36   24208   ----a-w-   c:\windows\system32\drivers\cmdhlp.sys
2009-06-16 06:36 . 2009-06-16 06:36   143104   ----a-w-   c:\windows\system32\guard32.dll
2009-06-16 06:36 . 2009-06-16 06:36   --------   d-----w-   c:\program files\COMODO
2009-06-16 06:19 . 2009-06-16 06:19   8704   ----a-w-   C:\qiol.exe
2009-06-12 08:36 . 2009-06-12 08:18   15688   ----a-w-   c:\windows\system32\lsdelete.exe
2009-06-12 08:35 . 2009-06-12 08:35   --------   d-----w-   c:\documents and settings\LocalService\Pulpit
2009-06-12 08:17 . 2009-06-12 08:17   540536   ----a-w-   c:\documents and settings\All Users\Dane aplikacji\Lavasoft\Ad-Aware\update\Ad-AwareCommand.exe
2009-06-12 08:17 . 2009-06-12 08:17   559464   ----a-w-   c:\documents and settings\All Users\Dane aplikacji\Lavasoft\Ad-Aware\update\Ad-AwareAdmin.exe
2009-06-12 08:17 . 2009-06-12 08:17   2352456   ----a-w-   c:\documents and settings\All Users\Dane aplikacji\Lavasoft\Ad-Aware\update\Ad-Aware.exe
2009-06-12 08:17 . 2009-06-12 08:17   627536   ----a-w-   c:\documents and settings\All Users\Dane aplikacji\Lavasoft\Ad-Aware\update\AAWWSC.exe
2009-06-12 08:17 . 2009-06-12 08:17   518488   ----a-w-   c:\documents and settings\All Users\Dane aplikacji\Lavasoft\Ad-Aware\update\AAWTray.exe
2009-06-12 08:17 . 2009-06-12 08:17   1005904   ----a-w-   c:\documents and settings\All Users\Dane aplikacji\Lavasoft\Ad-Aware\update\AAWService.exe
2009-06-12 08:15 . 2009-06-12 08:15   --------   dc-h--w-   c:\documents and settings\All Users\Dane aplikacji\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-06-12 08:15 . 2009-01-18 21:43   2892112   -c--a-w-   c:\documents and settings\All Users\Dane aplikacji\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.exe
2009-06-12 08:15 . 2009-06-12 08:15   --------   d-----w-   c:\program files\Lavasoft
2009-06-01 12:57 . 2009-06-01 12:57   --------   d-----w-   c:\program files\ElcomSoft
2009-05-28 12:39 . 2009-06-03 14:14   --------   d-----w-   c:\documents and settings\All Users\Dane aplikacji\OpenFM
2009-05-23 14:06 . 2009-05-21 09:48   323584   ----a-w-   c:\windows\system32\CMStarterCore.exe
2009-05-23 14:06 . 2009-05-21 09:48   49152   ----a-w-   c:\windows\system32\CMStarter_Kor.dll
2009-05-23 14:06 . 2009-05-21 09:48   49152   ----a-w-   c:\windows\system32\CMStarter_Eng.dll

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-16 08:34 . 2009-06-16 06:13   --------   d-sh--r-   c:\program files\Manson
2009-06-16 07:32 . 2008-09-24 18:32   4000   ----a-w-   C:\ao.dat
2009-06-16 07:17 . 2009-06-13 06:56   4724   ----a-w-   c:\windows\system32\PerfStringBackup.TMP
2009-06-16 07:17 . 2001-10-26 16:15   89260   ----a-w-   c:\windows\system32\perfc015.dat
2009-06-16 07:17 . 2001-10-26 16:15   500702   ----a-w-   c:\windows\system32\perfh015.dat
2009-06-16 07:01 . 2008-11-29 19:22   962348   --sha-w-   c:\windows\system32\drivers\fidbox.idx
2009-06-16 07:01 . 2008-11-29 19:22   71463200   --sha-w-   c:\windows\system32\drivers\fidbox.dat
2009-06-16 06:59 . 2009-06-15 16:05   40960   ----a-w-   C:\wguicwky.exe
2009-06-16 06:59 . 2009-06-15 16:05   219675   ----a-w-   C:\kmvu.exe
2009-06-16 06:59 . 2009-06-15 19:22   37888   ----a-w-   C:\hdwf.exe
2009-06-16 06:58 . 2009-06-15 16:05   96768   ----a-w-   C:\smxa.exe
2009-06-16 06:35 . 2009-06-16 06:35   51491   ----a-w-   c:\windows\Internet Logs\zlclient_2nd_2009_06_16_08_19_52_small.dmp.zip
2009-06-16 06:19 . 2009-06-15 16:05   213338   ----a-w-   C:\cdbh.exe
2009-06-16 06:19 . 2009-06-15 16:05   96768   ----a-w-   C:\akvcy.exe
2009-06-16 06:19 . 2009-06-16 06:19   11776   ----a-w-   c:\windows\system32\ubb.exe
2009-06-16 06:16 . 2009-06-16 06:16   444744   ----a-w-   c:\windows\system32\cftu.exe
2009-06-16 06:14 . 2009-06-16 06:14   12288   ----a-w-   c:\windows\jmnhhgrtja35ujghuykj6r8io9iujg81.exe
2009-06-16 06:13 . 2009-06-16 06:13   2   ---h--w-   c:\windows\zaponce53652.dat
2009-06-15 16:49 . 2004-08-03 22:44   14336   ----a-w-   c:\windows\system32\svchost.exe
2009-06-15 16:05 . 2009-06-15 16:05   2   ---h--w-   c:\windows\zaponce53623.dat
2009-06-15 16:05 . 2009-06-15 16:05   2   ---h--w-   c:\windows\zaponce53173.dat
2009-06-15 16:05 . 2009-06-15 16:05   2   ---h--w-   c:\windows\zaponce53290.dat
2009-06-12 09:02 . 2009-04-18 17:06   --------   d-----w-   c:\program files\SopCast
2009-06-12 08:21 . 2009-04-15 16:57   --------   d-----w-   c:\program files\Common Files\Symantec Shared
2009-06-12 08:15 . 2008-10-10 17:41   --------   d-----w-   c:\program files\Common Files\Wise Installation Wizard
2009-06-12 07:46 . 2008-10-21 13:09   --------   d-----w-   c:\program files\Asprate
2009-06-12 07:45 . 2008-09-23 15:12   --------   d--h--w-   c:\program files\InstallShield Installation Information
2009-06-12 07:45 . 2008-10-11 13:25   --------   d-----w-   c:\program files\Samsung
2009-06-12 07:43 . 2008-12-20 10:55   --------   d-----w-   c:\program files\PowerShot Pinball
2009-06-12 07:40 . 2009-06-06 11:54   --------   d-----w-   c:\documents and settings\All Users\Dane aplikacji\ijjigame
2009-06-12 07:39 . 2009-02-04 21:16   --------   d-----w-   c:\program files\Ganymede
2009-06-12 07:25 . 2009-06-01 13:05   --------   d-----w-   c:\program files\ARCHPR
2009-06-12 07:25 . 2009-06-12 07:25   2560   ----a-w-   c:\windows\_MSRSTRT.EXE
2009-06-12 07:25 . 2008-10-14 09:09   --------   d-----w-   c:\program files\Winamp
2009-06-05 17:24 . 2008-09-24 18:36   --------   d-----w-   c:\program files\DAEMON Tools Lite
2009-06-05 16:18 . 2009-06-05 16:18   --------   d-----w-   c:\program files\Hamachi
2009-06-05 16:18 . 2008-10-13 17:52   17480   ----a-w-   c:\windows\system32\drivers\hamachi.sys
2009-06-03 13:30 . 2009-06-03 13:30   105984   ----a-w-   c:\windows\system32\c_dll.dll
2009-06-03 11:32 . 2009-06-03 11:32   33824   ----a-w-   c:\windows\system32\drivers\oreans32.sys
2009-06-02 11:43 . 2009-06-01 18:12   98304   ----a-w-   c:\documents and settings\All Users\Dane aplikacji\NexonEU\NGM\nxgameeu.dll
2009-06-02 11:43 . 2009-06-01 18:12   81920   ----a-w-   c:\documents and settings\All Users\Dane aplikacji\NexonEU\NGM\npNxGameeu.dll
2009-06-02 11:43 . 2009-06-01 18:12   532480   ----a-w-   c:\documents and settings\All Users\Dane aplikacji\NexonEU\NGM\NGMDll.dll
2009-06-02 11:43 . 2009-06-01 18:12   331776   ----a-w-   c:\documents and settings\All Users\Dane aplikacji\NexonEU\NGM\NGMResource.dll
2009-06-02 11:43 . 2009-06-01 18:12   258352   ----a-w-   c:\documents and settings\All Users\Dane aplikacji\NexonEU\NGM\unicows.dll
2009-06-02 11:43 . 2009-06-01 18:12   155648   ----a-w-   c:\documents and settings\All Users\Dane aplikacji\NexonEU\NGM\NGM.exe
2009-06-01 19:00 . 2009-06-01 18:12   --------   d-----w-   c:\documents and settings\All Users\Dane aplikacji\NexonEU
2009-05-13 11:38 . 2008-09-23 15:41   798448   ----a-w-   c:\documents and settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat
2009-05-12 17:01 . 2009-05-12 17:01   --------   d-----w-   c:\program files\Convert FLV to MP3
2009-05-10 12:45 . 2008-11-29 19:19   4212   ---h--w-   c:\windows\system32\zllictbl.dat
2009-05-10 07:49 . 2008-12-07 12:48   --------   d-----w-   c:\program files\Common Files\Blizzard Entertainment
2009-05-07 18:18 . 2008-10-04 09:30   --------   d-----w-   c:\program files\mIrc
2009-04-29 06:13 . 2008-09-27 11:45   --------   d-----w-   c:\program files\Common Files\Adobe
2009-04-29 03:30 . 2008-06-03 06:20   3643904   ----a-w-   c:\windows\system32\drivers\ati2mtag.sys
2009-04-29 02:18 . 2008-09-23 15:18   442368   ----a-w-   c:\windows\system32\ATIDEMGX.dll
2009-04-29 02:17 . 2008-06-03 03:21   335872   ----a-w-   c:\windows\system32\ati2dvag.dll
2009-04-29 02:07 . 2008-06-03 03:11   204800   ----a-w-   c:\windows\system32\atipdlxx.dll
2009-04-29 02:06 . 2008-06-03 03:11   155648   ----a-w-   c:\windows\system32\Oemdspif.dll
2009-04-29 02:06 . 2008-06-03 03:11   26112   ----a-w-   c:\windows\system32\Ati2mdxx.exe
2009-04-29 02:06 . 2008-06-03 03:11   43520   ----a-w-   c:\windows\system32\ati2edxx.dll
2009-04-29 02:06 . 2008-06-03 03:11   155648   ----a-w-   c:\windows\system32\ati2evxx.dll
2009-04-29 02:04 . 2008-06-03 03:09   602112   ----a-w-   c:\windows\system32\ati2evxx.exe
2009-04-29 02:03 . 2008-06-03 03:08   53248   ----a-w-   c:\windows\system32\ATIDDC.DLL
2009-04-29 02:00 . 2008-09-23 15:18   311296   ----a-w-   c:\windows\system32\atiiiexx.dll
2009-04-29 01:56 . 2008-06-03 02:59   2997536   ----a-w-   c:\windows\system32\ati3duag.dll
2009-04-29 01:45 . 2008-12-01 20:46   11603968   ----a-w-   c:\windows\system32\atioglxx.dll
2009-04-29 01:42 . 2008-06-03 02:48   2687872   ----a-w-   c:\windows\system32\ativvaxx.dll
2009-04-29 01:26 . 2009-04-29 01:26   49664   ----a-w-   c:\windows\system32\atimpc32.dll
2009-04-29 01:26 . 2008-06-03 02:33   49664   ----a-w-   c:\windows\system32\amdpcom32.dll
2009-04-29 01:22 . 2008-06-03 02:29   479232   ----a-w-   c:\windows\system32\atikvmag.dll
2009-04-29 01:20 . 2009-04-29 01:20   45056   ----a-w-   c:\windows\system32\aticalrt.dll
2009-04-29 01:20 . 2009-04-29 01:20   45056   ----a-w-   c:\windows\system32\aticalcl.dll
2009-04-29 01:20 . 2008-06-03 02:28   135168   ----a-w-   c:\windows\system32\atiadlxx.dll
2009-04-29 01:19 . 2008-06-03 02:28   17408   ----a-w-   c:\windows\system32\atitvo32.dll
2009-04-29 01:19 . 2008-06-03 02:27   53248   ----a-w-   c:\windows\system32\drivers\ati2erec.dll
2009-04-29 01:18 . 2009-04-29 01:18   3280896   ----a-w-   c:\windows\system32\aticaldd.dll
2009-04-29 01:17 . 2008-06-03 03:04   303104   ----a-w-   c:\windows\system32\atiok3x2.dll
2009-04-29 01:13 . 2008-06-03 02:21   630784   ----a-w-   c:\windows\system32\ati2cqag.dll
2009-04-28 19:05 . 2008-09-23 15:18   593920   ------w-   c:\windows\system32\ati2sgag.exe
2009-04-07 17:09 . 2008-12-11 19:22   664   ----a-w-   c:\windows\system32\d3d9caps.dat
2009-04-01 19:59 . 2008-09-23 15:18   188348   ----a-w-   c:\windows\system32\atiicdxx.dat
2009-03-27 18:37 . 2008-09-24 21:33   139280   ----a-w-   c:\windows\system32\drivers\PnkBstrK.sys
2009-03-27 18:36 . 2008-09-24 21:33   202000   ----a-w-   c:\windows\system32\PnkBstrB.exe
2009-03-27 18:26 . 2008-09-24 21:33   66872   ----a-w-   c:\windows\system32\PnkBstrA.exe
2009-01-27 13:22 . 2009-01-27 13:22   8   --sh--r-   c:\windows\system32\[u]0[/u]6528ACC16.sys
2009-01-27 13:22 . 2009-01-27 13:22   2828   --sha-w-   c:\windows\system32\KGyGaAvL.sys
.

(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadu-Gadu"="d:\program files\Gadu-Gadu\gg.exe" [2008-03-20 2127296]
"IDMan"="d:\program files\Internet Download Manager\IDMan.exe" [2009-01-03 2745776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"1163"="C:\hdwf.exe" [2009-06-16 37888]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

c:\documents and settings\All Users\Menu Start\Programy\Autostart\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-4-29 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages   REG_MULTI_SZ      msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Synchronizer.lnk]
path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Mój komputer^Menu Start^Programy^Autostart^hamachi.lnk]
path=c:\documents and settings\Mój komputer\Menu Start\Programy\Autostart\hamachi.lnk
backup=c:\windows\pss\hamachi.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Mój komputer^Menu Start^Programy^Autostart^OpenOffice.org 3.0.lnk]
path=c:\documents and settings\Mój komputer\Menu Start\Programy\Autostart\OpenOffice.org 3.0.lnk
backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Mój komputer^Menu Start^Programy^Autostart^OpenOffice.ux.pl 2.3.1.lnk]
path=c:\documents and settings\Mój komputer\Menu Start\Programy\Autostart\OpenOffice.ux.pl 2.3.1.lnk
backup=c:\windows\pss\OpenOffice.ux.pl 2.3.1.lnkStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"d:\\Program Files\\KONAMI\\Pro Evolution Soccer 2009\\pes2009.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"d:\\Program Files\\KONAMI\\Pro Evolution Soccer 2009\\GCP2009.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
"c:\\Documents and Settings\\All Users\\Dane aplikacji\\NexonEU\\NGM\\NGM.exe"=
"c:\\WINDOWS\\system32\\MicrosoftUpdate.exe"=
"\\"= c:\\hdwf.exe
"d:\\Program Files\\Gadu-Gadu\\gg.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"23465:TCP"= 23465:TCP:BitComet 23465 TCP
"23465:UDP"= 23465:UDP:BitComet 23465 UDP
"55457:TCP"= 55457:TCP:*:Disabled:SolidNetworkManager
"55457:UDP"= 55457:UDP:*:Disabled:SolidNetworkManager
"8085:TCP"= 8085:TCP:podmena

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-06-12 64160]
R0 pe3armgb;9-ay rota Environment Driver (pe3armgb);c:\windows\system32\drivers\pe3armgb.sys [2008-05-30 68728]
R0 ps7armgb;9-ay rota Synchronization Driver (ps7armgb);c:\windows\system32\drivers\ps7armgb.sys [2008-05-30 67712]
R1 cmdguard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2009-06-16 87056]
R1 cmdhlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2009-06-16 24208]
R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [2008-09-23 93696]
R3 L1e;Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1e51x86.sys [2008-09-23 36864]
S2 jmnhhgrtja35ujghuykj6r8io9iujg80;jmnhhgrtja35ujghuykj6r8io9iujg80;c:\windows\jmnhhgrtja35ujghuykj6r8io9iujg81.exe [2009-06-16 12288]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 1005904]
S2 pr2armgb;9-ay rota Drivers Auto Removal (pr2armgb);c:\windows\system32\pr2armgb.exe svc --> c:\windows\system32\pr2armgb.exe svc [?]
S3 DAEDriver54;DAEDriver54;\??\c:\documents and settings\Mój komputer\Pulpit\Hack Gunz\Hack Gunz\HACK for Gunz privates\dak32.sys --> c:\documents and settings\Mój komputer\Pulpit\Hack Gunz\Hack Gunz\HACK for Gunz privates\dak32.sys [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 WFIOCTL;WFIOCTL;\??\c:\program files\WinFast\WFDTV\WFIOCTL.SYS --> c:\program files\WinFast\WFDTV\WFIOCTL.SYS [?]
.
Zawartość folderu 'Zaplanowane zadania'

2009-06-15 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 08:17]
.
- - - - USUNIĘTO PUSTE WPISY - - - -

HKU-Default-Run-kell - c:\program files\Manson\liser.exe
HKLM-Explorer_Run-csrcs - c:\windows\system32\csrcs.exe
Notify-winmmt32 - winmmt32.dll


.
------- Skan uzupełniający -------
.
uInternet Connection Wizard,ShellNext = hxxp://www.ati.com/online/cccwelcome/drivers.html
IE: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZKfox000
IE: Ściągnij przez IDM - d:\program files\Internet Download Manager\IEExt.htm
IE: Ściągnij wszystkie linki przez IDM - d:\program files\Internet Download Manager\IEGetAll.htm
IE: Ściągnij zawartość wideo FLV przez IDM - d:\program files\Internet Download Manager\IEGetVL.htm
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-16 10:34
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

detected NTDLL code modification:
ZwClose

skanowanie ukrytych procesów ... 

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ... 

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------

[HKEY_USERS\S-1-5-21-1292428093-1614895754-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:db,81,6b,45,5d,df,7e,50,66,28,9e,05,ab,42,af,86,5b,24,ef,d1,8f,29,d1,
   15,ab,f6,50,0f,4d,73,35,57,b2,e8,8b,41,4b,ef,a3,6a,9f,de,eb,0c,d7,31,6e,3a,\
"??"=hex:b8,fb,a9,6c,28,99,4a,59,3e,08,2a,71,09,ad,6a,67

[HKEY_USERS\S-1-5-21-1292428093-1614895754-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:0a,74,c1,c5,2a,2b,25,97,43,5b,6e,5b,3d,f2,88,74,14,58,83,8f,d5,
   63,0f,9d,03,7d,a9,1f,59,bf,f4,97,99,30,25,64,76,39,e3,ec,f6,2a,ee,88,d4,f8,\
"rkeysecu"=hex:9a,af,12,f1,69,36,e4,8c,af,5f,b4,7a,08,2b,11,62

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{25cb9724-dd0a-4b8b-af78-c8e6e23b3d58}]
@Denied: (Full) (Everyone)
"Model"=dword:00000057
"Therad"=dword:0000001d
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,98,07,ff,fc,5d,
   df,1c,2f,3b,8a,0a,32,11,89,01,b5,eb,45,16,0e,61,6c,ef,96,66,33,f3,8d,75,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):e3,66,2f,b3,7c,b5,30,94,de,bd,ab,72,60,54,1d,0e,9e,5b,ee,47,80,
   43,67,68,b1,db,dc,a4,41,8e,5a,0a,7f,bd,5c,56,4a,8a,d2,6f,00,00,00,00,00,00,\
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

- - - - - - - > 'winlogon.exe'(788)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3656)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\COMODO\Firewall\cmdagent.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PSIService.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Czas ukończenia: 2009-06-16 10:36 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt  2009-06-16 08:36

Przed: 27 319 308 288 bajtów wolnych
Po: 27 943 153 664 bajtów wolnych

326   --- E O F ---   2009-02-05 08:51


[wojtas]

Otworz notatnik i wklej w nim to:

File::
C:\qiol.exe
C:\ao.dat
C:\wguicwky.exe
C:\kmvu.exe
C:\hdwf.exe
C:\smxa.exe
C:\cdbh.exe
C:\akvcy.exe
c:\windows\system32\ubb.exe
c:\windows\system32\cftu.exe
c:\windows\jmnhhgrtja35ujghuykj6r8io9iujg81.exe
c:\windows\zaponce53652.dat
c:\windows\zaponce53623.dat
c:\windows\zaponce53173.dat
c:\windows\zaponce53290.dat

Folder::
c:\program files\Manson

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"1163"=-

Driver::
jmnhhgrtja35ujghuykj6r8io9iujg80

>>Plik>>Zapisz jako... >>> CFScript
Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe
-->
Ma się rozpocząć usuwanie. (i powstanie log).Daj ten log, który powstanie w trakcie usuwania.

[szczoti]

Kod: Zaznacz wszystko

ComboFix 09-06-15.06 - Mój komputer 2009-06-16 11:19.5 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1250.48.1045.18.3327.2740 [GMT 2:00]
Uruchomiony z: c:\documents and settings\Mój komputer\Pulpit\ComboFix.exe
Użyto następujących komend :: c:\documents and settings\Mój komputer\Pulpit\CFScript.txt
FW: COMODO Firewall Pro *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

FILE ::
"C:\akvcy.exe"
"C:\ao.dat"
"C:\cdbh.exe"
"C:\hdwf.exe"
"C:\kmvu.exe"
"C:\qiol.exe"
"C:\smxa.exe"
"C:\wguicwky.exe"
"c:\windows\jmnhhgrtja35ujghuykj6r8io9iujg81.exe"
"c:\windows\system32\cftu.exe"
"c:\windows\system32\ubb.exe"
"c:\windows\zaponce53173.dat"
"c:\windows\zaponce53290.dat"
"c:\windows\zaponce53623.dat"
"c:\windows\zaponce53652.dat"
.

(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Manson
C:\akvcy.exe
C:\ao.dat
C:\cdbh.exe
C:\hdwf.exe
C:\kmvu.exe
C:\qiol.exe
C:\smxa.exe
C:\wguicwky.exe
c:\windows\jmnhhgrtja35ujghuykj6r8io9iujg81.exe
c:\windows\system32\cftu.exe
c:\windows\system32\ubb.exe
c:\windows\zaponce53173.dat
c:\windows\zaponce53290.dat
c:\windows\zaponce53623.dat
c:\windows\zaponce53652.dat

.
(((((((((((((((((((((((((((((((((((((((   Sterowniki/Usługi   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_jmnhhgrtja35ujghuykj6r8io9iujg80
-------\Service_jmnhhgrtja35ujghuykj6r8io9iujg80


(((((((((((((((((((((((((   Pliki utworzone od 2009-05-16 do 2009-06-16  )))))))))))))))))))))))))))))))
.

2009-06-16 06:36 . 2009-06-16 07:04   --------   d-----w-   c:\documents and settings\All Users\Dane aplikacji\comodo
2009-06-16 06:36 . 2009-06-16 06:36   87056   ----a-w-   c:\windows\system32\drivers\cmdguard.sys
2009-06-16 06:36 . 2009-06-16 06:36   79760   ----a-w-   c:\windows\system32\drivers\inspect.sys
2009-06-16 06:36 . 2009-06-16 06:36   24208   ----a-w-   c:\windows\system32\drivers\cmdhlp.sys
2009-06-16 06:36 . 2009-06-16 06:36   143104   ----a-w-   c:\windows\system32\guard32.dll
2009-06-16 06:36 . 2009-06-16 06:36   --------   d-----w-   c:\program files\COMODO
2009-06-12 08:36 . 2009-06-12 08:18   15688   ----a-w-   c:\windows\system32\lsdelete.exe
2009-06-12 08:35 . 2009-06-12 08:35   --------   d-----w-   c:\documents and settings\LocalService\Pulpit
2009-06-12 08:17 . 2009-06-12 08:17 540536   ----a-w-   c:\documents and settings\All Users\Dane aplikacji\Lavasoft\Ad-Aware\update\Ad-AwareCommand.exe
2009-06-12 08:17 . 2009-06-12 08:17 559464   ----a-w-   c:\documents and settings\All Users\Dane aplikacji\Lavasoft\Ad-Aware\update\Ad-AwareAdmin.exe
2009-06-12 08:17 . 2009-06-12 08:17 2352456   ----a-w-   c:\documents and settings\All Users\Dane aplikacji\Lavasoft\Ad-Aware\update\Ad-Aware.exe
2009-06-12 08:17 . 2009-06-12 08:17 627536   ----a-w-   c:\documents and settings\All Users\Dane aplikacji\Lavasoft\Ad-Aware\update\AAWWSC.exe
2009-06-12 08:17 . 2009-06-12 08:17 518488   ----a-w-   c:\documents and settings\All Users\Dane aplikacji\Lavasoft\Ad-Aware\update\AAWTray.exe
2009-06-12 08:17 . 2009-06-12 08:17 1005904   ----a-w-   c:\documents and settings\All Users\Dane aplikacji\Lavasoft\Ad-Aware\update\AAWService.exe
2009-06-12 08:15 . 2009-06-12 08:15   --------   dc-h--w-   c:\documents and settings\All Users\Dane aplikacji\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-06-12 08:15 . 2009-01-18 21:43 2892112   -c--a-w-   c:\documents and settings\All Users\Dane aplikacji\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.exe
2009-06-12 08:15 . 2009-06-12 08:15   --------   d-----w-   c:\program files\Lavasoft
2009-06-01 12:57 . 2009-06-01 12:57   --------   d-----w-   c:\program files\ElcomSoft
2009-05-28 12:39 . 2009-06-03 14:14   --------   d-----w-   c:\documents and settings\All Users\Dane aplikacji\OpenFM
2009-05-23 14:06 . 2009-05-21 09:48 323584   ----a-w-   c:\windows\system32\CMStarterCore.exe
2009-05-23 14:06 . 2009-05-21 09:48   49152   ----a-w-   c:\windows\system32\CMStarter_Kor.dll
2009-05-23 14:06 . 2009-05-21 09:48   49152   ----a-w-   c:\windows\system32\CMStarter_Eng.dll

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-16 08:38 . 2009-06-13 06:56   4724   ----a-w-   c:\windows\system32\PerfStringBackup.TMP
2009-06-16 08:38 . 2001-10-26 16:15   89144   ----a-w-   c:\windows\system32\perfc015.dat
2009-06-16 08:38 . 2001-10-26 16:15 500702   ----a-w-   c:\windows\system32\perfh015.dat
2009-06-16 07:01 . 2008-11-29 19:22 962348   --sha-w-   c:\windows\system32\drivers\fidbox.idx
2009-06-16 07:01 . 2008-11-29 19:22   71463200   --sha-w-   c:\windows\system32\drivers\fidbox.dat
2009-06-16 06:35 . 2009-06-16 06:35   51491   ----a-w-   c:\windows\Internet Logs\zlclient_2nd_2009_06_16_08_19_52_small.dmp.zip
2009-06-15 16:49 . 2004-08-03 22:44   14336   ----a-w-   c:\windows\system32\svchost.exe
2009-06-12 09:02 . 2009-04-18 17:06   --------   d-----w-   c:\program files\SopCast
2009-06-12 08:21 . 2009-04-15 16:57   --------   d-----w-   c:\program files\Common Files\Symantec Shared
2009-06-12 08:15 . 2008-10-10 17:41   --------   d-----w-   c:\program files\Common Files\Wise Installation Wizard
2009-06-12 07:46 . 2008-10-21 13:09   --------   d-----w-   c:\program files\Asprate
2009-06-12 07:45 . 2008-09-23 15:12   --------   d--h--w-   c:\program files\InstallShield Installation Information
2009-06-12 07:45 . 2008-10-11 13:25   --------   d-----w-   c:\program files\Samsung
2009-06-12 07:43 . 2008-12-20 10:55   --------   d-----w-   c:\program files\PowerShot Pinball
2009-06-12 07:40 . 2009-06-06 11:54   --------   d-----w-   c:\documents and settings\All Users\Dane aplikacji\ijjigame
2009-06-12 07:39 . 2009-02-04 21:16   --------   d-----w-   c:\program files\Ganymede
2009-06-12 07:25 . 2009-06-01 13:05   --------   d-----w-   c:\program files\ARCHPR
2009-06-12 07:25 . 2009-06-12 07:25   2560   ----a-w-   c:\windows\_MSRSTRT.EXE
2009-06-12 07:25 . 2008-10-14 09:09   --------   d-----w-   c:\program files\Winamp
2009-06-05 17:24 . 2008-09-24 18:36   --------   d-----w-   c:\program files\DAEMON Tools Lite
2009-06-05 16:18 . 2009-06-05 16:18   --------   d-----w-   c:\program files\Hamachi
2009-06-05 16:18 . 2008-10-13 17:52   17480   ----a-w-   c:\windows\system32\drivers\hamachi.sys
2009-06-03 13:30 . 2009-06-03 13:30   105984   ----a-w-   c:\windows\system32\c_dll.dll
2009-06-03 11:32 . 2009-06-03 11:32   33824   ----a-w-   c:\windows\system32\drivers\oreans32.sys
2009-06-02 11:43 . 2009-06-01 18:12   98304   ----a-w-   c:\documents and settings\All Users\Dane aplikacji\NexonEU\NGM\nxgameeu.dll
2009-06-02 11:43 . 2009-06-01 18:12   81920   ----a-w-   c:\documents and settings\All Users\Dane aplikacji\NexonEU\NGM\npNxGameeu.dll
2009-06-02 11:43 . 2009-06-01 18:12   532480   ----a-w-   c:\documents and settings\All Users\Dane aplikacji\NexonEU\NGM\NGMDll.dll
2009-06-02 11:43 . 2009-06-01 18:12   331776   ----a-w-   c:\documents and settings\All Users\Dane aplikacji\NexonEU\NGM\NGMResource.dll
2009-06-02 11:43 . 2009-06-01 18:12   258352   ----a-w-   c:\documents and settings\All Users\Dane aplikacji\NexonEU\NGM\unicows.dll
2009-06-02 11:43 . 2009-06-01 18:12   155648   ----a-w-   c:\documents and settings\All Users\Dane aplikacji\NexonEU\NGM\NGM.exe
2009-06-01 19:00 . 2009-06-01 18:12   --------   d-----w-   c:\documents and settings\All Users\Dane aplikacji\NexonEU
2009-05-13 11:38 . 2008-09-23 15:41   798448   ----a-w-   c:\documents and settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat
2009-05-12 17:01 . 2009-05-12 17:01   --------   d-----w-   c:\program files\Convert FLV to MP3
2009-05-10 12:45 . 2008-11-29 19:19   4212   ---h--w-   c:\windows\system32\zllictbl.dat
2009-05-10 07:49 . 2008-12-07 12:48   --------   d-----w-   c:\program files\Common Files\Blizzard Entertainment
2009-05-07 18:18 . 2008-10-04 09:30   --------   d-----w-   c:\program files\mIrc
2009-04-29 06:13 . 2008-09-27 11:45   --------   d-----w-   c:\program files\Common Files\Adobe
2009-04-29 03:30 . 2008-06-03 06:20   3643904   ----a-w-   c:\windows\system32\drivers\ati2mtag.sys
2009-04-29 02:18 . 2008-09-23 15:18   442368   ----a-w-   c:\windows\system32\ATIDEMGX.dll
2009-04-29 02:17 . 2008-06-03 03:21   335872   ----a-w-   c:\windows\system32\ati2dvag.dll
2009-04-29 02:07 . 2008-06-03 03:11   204800   ----a-w-   c:\windows\system32\atipdlxx.dll
2009-04-29 02:06 . 2008-06-03 03:11   155648   ----a-w-   c:\windows\system32\Oemdspif.dll
2009-04-29 02:06 . 2008-06-03 03:11   26112   ----a-w-   c:\windows\system32\Ati2mdxx.exe
2009-04-29 02:06 . 2008-06-03 03:11   43520   ----a-w-   c:\windows\system32\ati2edxx.dll
2009-04-29 02:06 . 2008-06-03 03:11   155648   ----a-w-   c:\windows\system32\ati2evxx.dll
2009-04-29 02:04 . 2008-06-03 03:09   602112   ----a-w-   c:\windows\system32\ati2evxx.exe
2009-04-29 02:03 . 2008-06-03 03:08   53248   ----a-w-   c:\windows\system32\ATIDDC.DLL
2009-04-29 02:00 . 2008-09-23 15:18   311296   ----a-w-   c:\windows\system32\atiiiexx.dll
2009-04-29 01:56 . 2008-06-03 02:59   2997536   ----a-w-   c:\windows\system32\ati3duag.dll
2009-04-29 01:45 . 2008-12-01 20:46   11603968   ----a-w-   c:\windows\system32\atioglxx.dll
2009-04-29 01:42 . 2008-06-03 02:48   2687872   ----a-w-   c:\windows\system32\ativvaxx.dll
2009-04-29 01:26 . 2009-04-29 01:26   49664   ----a-w-   c:\windows\system32\atimpc32.dll
2009-04-29 01:26 . 2008-06-03 02:33   49664   ----a-w-   c:\windows\system32\amdpcom32.dll
2009-04-29 01:22 . 2008-06-03 02:29   479232   ----a-w-   c:\windows\system32\atikvmag.dll
2009-04-29 01:20 . 2009-04-29 01:20   45056   ----a-w-   c:\windows\system32\aticalrt.dll
2009-04-29 01:20 . 2009-04-29 01:20   45056   ----a-w-   c:\windows\system32\aticalcl.dll
2009-04-29 01:20 . 2008-06-03 02:28   135168   ----a-w-   c:\windows\system32\atiadlxx.dll
2009-04-29 01:19 . 2008-06-03 02:28   17408   ----a-w-   c:\windows\system32\atitvo32.dll
2009-04-29 01:19 . 2008-06-03 02:27   53248   ----a-w-   c:\windows\system32\drivers\ati2erec.dll
2009-04-29 01:18 . 2009-04-29 01:18   3280896   ----a-w-   c:\windows\system32\aticaldd.dll
2009-04-29 01:17 . 2008-06-03 03:04   303104   ----a-w-   c:\windows\system32\atiok3x2.dll
2009-04-29 01:13 . 2008-06-03 02:21   630784   ----a-w-   c:\windows\system32\ati2cqag.dll
2009-04-28 19:05 . 2008-09-23 15:18   593920   ------w-   c:\windows\system32\ati2sgag.exe
2009-04-07 17:09 . 2008-12-11 19:22   664   ----a-w-   c:\windows\system32\d3d9caps.dat
2009-04-01 19:59 . 2008-09-23 15:18   188348   ----a-w-   c:\windows\system32\atiicdxx.dat
2009-03-27 18:37 . 2008-09-24 21:33   139280   ----a-w-   c:\windows\system32\drivers\PnkBstrK.sys
2009-03-27 18:36 . 2008-09-24 21:33   202000   ----a-w-   c:\windows\system32\PnkBstrB.exe
2009-03-27 18:26 . 2008-09-24 21:33   66872   ----a-w-   c:\windows\system32\PnkBstrA.exe
2009-01-27 13:22 . 2009-01-27 13:22   8   --sh--r-   c:\windows\system32\[u]0[/u]6528ACC16.sys
2009-01-27 13:22 . 2009-01-27 13:22   2828   --sha-w-   c:\windows\system32\KGyGaAvL.sys
.

(((((((((((((((((((((((((((((   SnapShot@2009-06-16_08.35.03   )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-16 09:22 . 2009-06-16 09:22   16384              c:\windows\Temp\Perflib_Perfdata_570.dat
+ 2001-08-17 21:30 . 2009-06-16 08:38   80414              c:\windows\system32\perfc009.dat
+ 2001-08-17 21:30 . 2009-06-16 08:38   465516              c:\windows\system32\perfh009.dat
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadu-Gadu"="d:\program files\Gadu-Gadu\gg.exe" [2008-03-20 2127296]
"IDMan"="d:\program files\Internet Download Manager\IDMan.exe" [2009-01-03 2745776]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

c:\documents and settings\All Users\Menu Start\Programy\Autostart\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-4-29 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages   REG_MULTI_SZ      msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Synchronizer.lnk]
path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Mój komputer^Menu Start^Programy^Autostart^hamachi.lnk]
path=c:\documents and settings\Mój komputer\Menu Start\Programy\Autostart\hamachi.lnk
backup=c:\windows\pss\hamachi.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Mój komputer^Menu Start^Programy^Autostart^OpenOffice.org 3.0.lnk]
path=c:\documents and settings\Mój komputer\Menu Start\Programy\Autostart\OpenOffice.org 3.0.lnk
backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Mój komputer^Menu Start^Programy^Autostart^OpenOffice.ux.pl 2.3.1.lnk]
path=c:\documents and settings\Mój komputer\Menu Start\Programy\Autostart\OpenOffice.ux.pl 2.3.1.lnk
backup=c:\windows\pss\OpenOffice.ux.pl 2.3.1.lnkStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"d:\\Program Files\\KONAMI\\Pro Evolution Soccer 2009\\pes2009.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"d:\\Program Files\\KONAMI\\Pro Evolution Soccer 2009\\GCP2009.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
"c:\\Documents and Settings\\All Users\\Dane aplikacji\\NexonEU\\NGM\\NGM.exe"=
"c:\\WINDOWS\\system32\\MicrosoftUpdate.exe"=
"\\"= c:\\hdwf.exe
"d:\\Program Files\\Gadu-Gadu\\gg.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"23465:TCP"= 23465:TCP:BitComet 23465 TCP
"23465:UDP"= 23465:UDP:BitComet 23465 UDP
"55457:TCP"= 55457:TCP:*:Disabled:SolidNetworkManager
"55457:UDP"= 55457:UDP:*:Disabled:SolidNetworkManager
"8085:TCP"= 8085:TCP:podmena

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-06-12 64160]
R0 pe3armgb;9-ay rota Environment Driver (pe3armgb);c:\windows\system32\drivers\pe3armgb.sys [2008-05-30 68728]
R0 ps7armgb;9-ay rota Synchronization Driver (ps7armgb);c:\windows\system32\drivers\ps7armgb.sys [2008-05-30 67712]
R1 cmdguard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2009-06-16 87056]
R1 cmdhlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2009-06-16 24208]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 1005904]
R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [2008-09-23 93696]
R3 L1e;Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1e51x86.sys [2008-09-23 36864]
S2 pr2armgb;9-ay rota Drivers Auto Removal (pr2armgb);c:\windows\system32\pr2armgb.exe svc --> c:\windows\system32\pr2armgb.exe svc [?]
S3 DAEDriver54;DAEDriver54;\??\c:\documents and settings\Mój komputer\Pulpit\Hack Gunz\Hack Gunz\HACK for Gunz privates\dak32.sys --> c:\documents and settings\Mój komputer\Pulpit\Hack Gunz\Hack Gunz\HACK for Gunz privates\dak32.sys [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 WFIOCTL;WFIOCTL;\??\c:\program files\WinFast\WFDTV\WFIOCTL.SYS --> c:\program files\WinFast\WFDTV\WFIOCTL.SYS [?]
.
Zawartość folderu 'Zaplanowane zadania'

2009-06-15 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 08:17]
.
.
------- Skan uzupełniający -------
.
uInternet Connection Wizard,ShellNext = hxxp://www.ati.com/online/cccwelcome/drivers.html
IE: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZKfox000
IE: Ściągnij przez IDM - d:\program files\Internet Download Manager\IEExt.htm
IE: Ściągnij wszystkie linki przez IDM - d:\program files\Internet Download Manager\IEGetAll.htm
IE: Ściągnij zawartość wideo FLV przez IDM - d:\program files\Internet Download Manager\IEGetVL.htm
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-16 11:23
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

detected NTDLL code modification:
ZwClose

skanowanie ukrytych procesów ... 

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ... 

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

- - - - - - - > 'winlogon.exe'(784)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3140)
d:\program files\Gadu-Gadu\ggwhook.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\COMODO\Firewall\cmdagent.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PSIService.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\wscntfy.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
.
**************************************************************************
.
Czas ukończenia: 2009-06-16 11:25 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt  2009-06-16 09:25
ComboFix2.txt  2009-06-16 08:36

Przed: 27 974 868 992 bajtów wolnych
Po: 27 957 067 776 bajtów wolnych

279   --- E O F ---   2009-02-05 08:51


[wojtas]

1.Uruchom OTL z opcji CleanUp
2. wykonaj optymalizację windowsa
3.Wyłącz przywracanie systemu ( właściwości mój komputer-zakładka przywracanie - wyłącz przywracanie na wszystkich dyskach). Po chwili włącz je powrotem
4. Wykonaj skan Dr. Web CureIt
5. Przeskanuj obszar mojego komputera http://www.kaspersky.pl/virusscanner.html (uruchom przez IE) Daj raport z niego na forum.

i tym (skasuj co znajdzie)

Malwarebytes Anti-Malware

Jeśli masz Adobe Reader to zaaktualizuj go do najnowszej wersji