Logi - Antyvirus krzyczy o wirusie

witam. posiadam nod32 eset smart security i kaspersky anti hacker
ale wydaje mi sie zemam jakiegos vira system mi sie bardzo tnie

log z hijackshit


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:05:32, on 2008-05-19
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\MyPortal\Speed-X\SpeedX.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe
C:\Program Files\WLAN\WConfig\WConfig.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\mIRC\mirc.exe
C:\Documents and Settings\fritzz\Pulpit\etmin.exe
E:\pulpit\RAPGET\rapget.exe
C:\Program Files\CBS Software\SpeedConnect Internet Accelerator\SpeedConnectStartUp.exe
C:\Program Files\Teamspeak2_RC2\TeamSpeak.exe
C:\Program Files\Hamachi\hamachi.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Lacza
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: PK IE Plugin - {1E1B2879-88FF-11D3-8D96-D7ACAC95951A} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.09\RivaTuner.exe" /S
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [svchost] C:\WINDOWS\svchost\svchost.exe
O4 - HKLM\..\Run: [Rapget] E:\pulpit\RAPGET\rapget.exe
O4 - HKCU\..\Run: [SpeedX] C:\PROGRA~1\MyPortal\Speed-X\SpeedX.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Odkurzacz-MCD] C:\Program Files\Odkurzacz\odk_mcd.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USLUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USLUGA SIECIOWA')
O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Global Startup: Kaspersky Anti-Hacker.lnk = C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe
O4 - Global Startup: WConfig.lnk = C:\Program Files\WLAN\WConfig\WConfig.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{4A1D58FC-077F-45BB-BF2F-791BB8CDCC9F}: NameServer = 174.138.200.1,194.204.152.34
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 5623 bytes



log combofix

ComboFix 08-05-15.3 - fritzz 2008-05-19 13:08:30.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.408 [GMT 2:00]
Running from: C:\Documents and Settings\fritzz\Pulpit\ComboFix.exe
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED
.
ADS - WINDOWS: deleted 246322 bytes in 2 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\fritzz\Dane aplikacji\addon.dat
C:\WINDOWS\system32\inst.dat
C:\WINDOWS\system32\pk.bin

.
((((((((((((((((((((((((( Files Created from 2008-04-19 to 2008-05-19 )))))))))))))))))))))))))))))))
.

2008-05-19 13:08 . 2008-05-19 13:08 1,024 --ah----- C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
2008-05-19 13:04 . 2008-05-19 13:04 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-17 10:18 . 2008-05-17 10:18 <DIR> d-------- C:\WINDOWS\FIIIIX
2008-05-15 18:23 . 2008-05-19 13:06 <DIR> d-------- C:\Documents and Settings\fritzz\Dane aplikacji\Hamachi
2008-05-15 18:22 . 2008-05-15 18:23 <DIR> d-------- C:\Program Files\Hamachi
2008-05-15 18:22 . 2008-05-15 18:22 25,280 --a------ C:\WINDOWS\system32\drivers\hamachi.sys
2008-05-15 16:05 . 2008-05-15 16:05 233,488 --a------ C:\WINDOWS\May_15_2008__15_44_59.jpg
2008-05-15 16:05 . 2008-05-15 16:05 232,734 --a------ C:\WINDOWS\May_15_2008__15_54_59.jpg
2008-05-15 16:05 . 2008-05-15 16:05 216,902 --a------ C:\WINDOWS\May_15_2008__16_00_00.jpg
2008-05-15 16:05 . 2008-05-15 16:05 149,682 --a------ C:\WINDOWS\May_15_2008__15_49_59.jpg
2008-05-15 16:05 . 2008-05-15 16:05 144,645 --a------ C:\WINDOWS\May_15_2008__15_34_58.jpg
2008-05-15 16:05 . 2008-05-15 16:05 62,076 --a------ C:\WINDOWS\May_15_2008__15_39_58.jpg
2008-05-15 16:04 . 2008-05-15 16:04 185,848 --a------ C:\WINDOWS\May_15_2008__15_24_58.jpg
2008-05-15 16:04 . 2008-05-15 16:04 177,524 --a------ C:\WINDOWS\May_15_2008__15_29_58.jpg
2008-05-15 16:04 . 2008-05-15 16:04 164,545 --a------ C:\WINDOWS\May_15_2008__15_14_58.jpg
2008-05-15 16:04 . 2008-05-15 16:04 158,549 --a------ C:\WINDOWS\May_15_2008__14_59_58.jpg
2008-05-15 16:04 . 2008-05-15 16:04 124,378 --a------ C:\WINDOWS\May_15_2008__14_49_57.jpg
2008-05-15 16:04 . 2008-05-15 16:04 122,277 --a------ C:\WINDOWS\May_15_2008__15_09_58.jpg
2008-05-15 16:04 . 2008-05-15 16:04 70,861 --a------ C:\WINDOWS\May_15_2008__15_19_58.jpg
2008-05-15 16:04 . 2008-05-15 16:04 68,118 --a------ C:\WINDOWS\May_15_2008__14_54_57.jpg
2008-05-15 16:04 . 2008-05-15 16:04 53,708 --a------ C:\WINDOWS\May_15_2008__15_04_58.jpg
2008-05-15 15:19 . 2008-05-15 16:17 <DIR> d--h----- C:\WINDOWS\svchost
2008-05-15 14:49 . 2008-05-15 16:00 1,261,363 --a------ C:\WINDOWS\system32BACD.009
2008-05-15 14:44 . 2008-05-15 14:44 538 --a------ C:\WINDOWS\system32BOTU.002
2008-05-15 14:44 . 2008-05-15 14:44 266 --a------ C:\WINDOWS\system32BOTU.005
2008-05-15 14:43 . 2008-05-15 16:02 87,912 --a------ C:\WINDOWS\system32BACD.005
2008-05-15 14:43 . 2008-05-15 16:03 33,484 --a------ C:\WINDOWS\system32BACD.002
2008-05-15 14:43 . 2008-05-15 14:44 504 --a------ C:\WINDOWS\system32BOTU.001
2008-05-15 14:43 . 2008-05-15 14:44 504 --a------ C:\WINDOWS\system32BACD.001
2008-05-15 03:54 . 2007-10-07 11:27 1,077,344 --a------ C:\WINDOWS\system32\MSCOMCTL.OCX
2008-05-15 03:54 . 2004-09-03 00:00 124,688 --a------ C:\WINDOWS\system32\MSWINSCK.OCX
2008-05-15 03:54 . 2007-10-07 11:27 10,752 --a------ C:\WINDOWS\system32\aamd532.dll
2008-05-15 03:38 . 2008-05-15 03:38 <DIR> d-------- C:\Documents and Settings\fritzz\Dane aplikacji\DivX
2008-05-15 03:37 . 2008-05-15 03:37 <DIR> d-------- C:\Documents and Settings\fritzz\Dane aplikacji\Thinstall
2008-05-15 03:14 . 2008-05-15 03:14 <DIR> d-------- C:\Program Files\srobot
2008-05-15 02:49 . 2008-05-17 16:14 <DIR> d-------- C:\WINDOWS\Dump
2008-05-15 02:49 . 2008-05-15 02:57 9,367,552 --a------ C:\WINDOWS\sro_client.exe
2008-05-14 19:44 . 2008-05-14 19:44 8 --a------ C:\WINDOWS\system32\nvModes.dat
2008-05-14 19:43 . 2008-05-14 19:43 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\nView_Profiles
2008-05-14 18:21 . 2008-05-14 18:21 479,298 --a------ C:\WINDOWS\system32\wbocx.ocx
2008-05-14 18:21 . 2008-05-14 18:21 172,032 --a------ C:\WINDOWS\system32\AniGIF.ocx
2008-05-14 18:21 . 2008-05-14 18:21 50,688 --a------ C:\WINDOWS\system32\wbhelp2.dll
2008-05-14 16:24 . 2008-05-14 16:24 <DIR> d-------- C:\nVidia Forceware
2008-05-14 16:16 . 2008-05-15 18:08 <DIR> d-a------ C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2008-05-14 16:15 . 2008-05-14 18:24 <DIR> d-------- C:\Program Files\DAP
2008-05-14 09:49 . 2008-05-14 09:49 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2008-05-14 09:49 . 2007-11-29 23:30 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-05-13 18:11 . 2008-05-13 18:11 290,816 --a------ C:\WINDOWS\system32\l3codeca.acm
2008-05-13 18:10 . 2008-05-13 18:10 921,600 --a------ C:\WINDOWS\system32\vorbisenc.dll
2008-05-13 18:10 . 2008-05-13 18:10 892,928 --a------ C:\WINDOWS\system32\iconv.dll
2008-05-13 18:10 . 2008-05-13 18:10 577,536 --a------ C:\WINDOWS\system32\ac3filter.ax
2008-05-13 18:10 . 2008-05-13 18:10 237,568 --a------ C:\WINDOWS\system32\OggDS.dll
2008-05-13 18:09 . 2008-05-13 18:09 1,415,680 --a------ C:\WINDOWS\system32\WMV9VCM.dll
2008-05-13 18:09 . 2008-05-13 18:09 245,760 --a------ C:\WINDOWS\system32\mplvpx.dll
2008-05-13 18:09 . 2008-05-13 18:09 188,416 --a------ C:\WINDOWS\system32\vorbis.dll
2008-05-13 18:09 . 2008-05-13 18:09 106,496 --a------ C:\WINDOWS\system32\lmpgspl.ax
2008-05-13 18:09 . 2008-05-13 18:09 94,208 --a------ C:\WINDOWS\system32\lmpgvd.ax
2008-05-13 18:09 . 2008-05-13 18:09 86,528 --a------ C:\WINDOWS\system32\DVDVideo.ax
2008-05-13 18:09 . 2008-05-13 18:09 45,056 --a------ C:\WINDOWS\system32\ogg.dll
2008-05-13 18:09 . 2008-05-13 18:09 9,216 --a------ C:\WINDOWS\system32\cpuinf32.dll
2008-05-13 18:08 . 2007-07-25 14:24 1,559,040 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-05-13 18:08 . 2008-05-13 18:08 630,784 --a------ C:\WINDOWS\system32\divxdec.ax
2008-05-13 18:08 . 2008-05-13 18:08 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2008-05-13 18:08 . 2008-05-13 18:08 391,168 --a------ C:\WINDOWS\system32\i263_32.drv
2008-05-13 18:08 . 2008-05-13 18:08 352,401 --a------ C:\WINDOWS\system32\DivXMedia.ax
2008-05-13 18:08 . 2008-05-13 18:08 344,394 --a------ C:\WINDOWS\system32\xvid.ax
2008-05-13 15:03 . 2008-05-13 17:53 <DIR> d-------- C:\Program Files\Project64 1.6
2008-05-13 07:13 . 2008-05-13 07:13 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-05-13 07:13 . 2008-05-13 07:13 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Adobe Systems
2008-05-12 19:37 . 2008-05-12 19:37 <DIR> d-------- C:\WINDOWS\system32\Sys52Data
2008-05-12 19:37 . 2008-05-15 16:05 <DIR> d-------- C:\Program Files\A8GSdsApp
2008-05-12 19:37 . 2008-05-12 19:37 36 ---h----- C:\WINDOWS\system32\LHGSYFE
2008-05-12 19:36 . 2008-05-12 19:36 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-05-12 18:57 . 2008-05-12 18:57 <DIR> d-------- C:\WINDOWS\Sun
2008-05-11 07:53 . 2008-05-13 07:15 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-05-09 09:42 . 2008-05-09 09:42 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-05-08 14:49 . 2008-05-08 14:49 <DIR> d-------- C:\Program Files\Common Files\Thraex Software
2008-05-08 06:42 . 2006-03-02 14:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-05-08 03:33 . 2008-05-08 03:33 <DIR> d-------- C:\Program Files\NT Registry Optimizer
2008-05-08 03:13 . 2008-05-08 03:21 <DIR> d-------- C:\Program Files\Microsoft Bootvis
2008-05-08 01:45 . 2008-05-08 01:46 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2008-05-08 01:45 . 2008-05-08 01:45 <DIR> d-------- C:\Program Files\Reference Assemblies
2008-05-08 01:45 . 2008-05-08 01:45 <DIR> d-------- C:\Program Files\MSBuild
2008-05-08 01:45 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2008-05-08 01:36 . 2008-05-08 01:36 <DIR> d-------- C:\Program Files\CBS Software
2008-05-07 20:42 . 2008-05-07 20:42 <DIR> d-------- C:\Program Files\Java
2008-05-07 20:42 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-05-07 20:38 . 2008-05-07 20:38 <DIR> d-------- C:\Program Files\Common Files\Java
2008-05-07 20:04 . 2008-05-07 20:04 <DIR> d--hs---- C:\found.000
2008-05-07 01:28 . 2008-05-07 01:28 <DIR> d-------- C:\Program Files\Winamp
2008-05-07 01:28 . 2008-05-07 01:28 <DIR> d-------- C:\Documents and Settings\fritzz\Dane aplikacji\Winamp
2008-05-06 20:53 . 2008-05-06 20:53 <DIR> d-------- C:\Program Files\Ulead Systems
2008-05-06 20:53 . 2008-05-06 20:53 <DIR> d-------- C:\Program Files\Common Files\Ulead Systems
2008-05-06 20:53 . 2008-05-06 20:53 <DIR> d-------- C:\Documents and Settings\fritzz\Dane aplikacji\Ulead Systems
2008-05-06 20:53 . 2008-05-06 20:53 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Ulead Systems
2008-05-06 20:53 . 2008-05-06 20:53 74 --ah----- C:\WINDOWS\Dmftw.sfq
2008-05-06 13:10 . 2008-05-18 20:43 <DIR> d-------- C:\Program Files\Odkurzacz
2008-05-05 21:45 . 2008-05-09 09:45 <DIR> d-------- C:\WINDOWS\system32\pl-pl
2008-05-05 21:45 . 2008-05-09 09:45 <DIR> d-------- C:\WINDOWS\system32\pl
2008-05-05 21:38 . 2008-04-14 22:00 2,190,336 --a------ C:\WINDOWS\system32\ntoskrnl.exe
2008-05-05 17:33 . 2008-05-05 17:33 <DIR> d-------- C:\WINDOWS\system32\Lang
2008-05-05 17:33 . 2008-05-05 17:33 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav
2008-05-05 17:33 . 2008-05-05 17:33 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav
2008-05-05 17:33 . 2008-05-05 22:24 60,416 --a------ C:\WINDOWS\ALCFDRTM.VER
2008-05-05 17:33 . 2008-05-05 17:33 60,416 --a------ C:\WINDOWS\ALCFDRTM.EXE
2008-05-05 13:15 . 2008-05-05 13:15 <DIR> d-------- C:\WINDOWS\system32\DRM
2008-05-05 13:07 . 2008-05-08 06:42 23,392 --a------ C:\WINDOWS\system32\nscompat.tlb
2008-05-05 13:07 . 2008-05-08 06:42 16,832 --a------ C:\WINDOWS\system32\amcompat.tlb
2008-05-05 13:06 . 2008-05-05 13:06 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-05-05 13:03 . 2008-05-05 13:03 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-05-05 13:02 . 2008-05-05 13:07 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-05-05 13:01 . 2008-05-05 13:01 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-05-05 13:01 . 2008-05-05 13:01 <DIR> d-------- C:\Program Files\HighMAT CD Writing Wizard
2008-05-05 12:56 . 2008-05-05 12:56 <DIR> d-------- C:\Program Files\SGJ
2008-05-05 08:52 . 2008-05-05 08:52 <DIR> d-------- C:\Program Files\SubEdit-Player
2008-05-05 07:08 . 2008-05-05 07:08 <DIR> d-------- C:\Documents and Settings\fritzz\Dane aplikacji\Media Player Classic
2008-05-05 07:07 . 2008-05-05 07:07 <DIR> d-------- C:\Program Files\Real Alternative
2008-05-05 06:01 . 2008-05-05 06:01 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-05-05 06:01 . 2008-05-05 06:01 <DIR> d-------- C:\Program Files\Common Files\Kaspersky Lab
2008-05-04 14:10 . 2008-05-18 21:10 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-05-04 12:59 . 2008-05-04 12:59 <DIR> d-------- C:\Documents and Settings\fritzz\Dane aplikacji\Nero
2008-05-04 12:57 . 2008-05-04 12:57 <DIR> d-------- C:\Program Files\Nero
2008-05-04 12:57 . 2008-05-04 12:59 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-05-04 12:57 . 2008-05-04 12:57 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Nero
2008-05-04 08:13 . 2008-05-04 08:39 <DIR> d-------- C:\Program Files\Ultra RM Converter

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-19 02:19 --------- d-----w C:\Documents and Settings\fritzz\Dane aplikacji\mIRC
2008-05-18 21:14 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-05-18 21:13 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-05-18 21:07 --------- d-----w C:\Program Files\mIRC
2008-05-14 23:24 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-13 16:09 755,200 ----a-w C:\WINDOWS\system32\ir50_32.dll
2008-05-06 11:34 --------- d-----w C:\Documents and Settings\fritzz\Dane aplikacji\Uniblue
2008-05-06 11:33 --------- d-----w C:\Program Files\Uniblue
2008-05-05 15:05 --------- d-----w C:\Documents and Settings\fritzz\Dane aplikacji\teamspeak2
2008-05-03 21:33 --------- d-----w C:\Program Files\MyPortal
2008-05-03 10:32 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-05-03 10:08 --------- d-----w C:\Program Files\Teamspeak2_RC2
2008-05-03 09:00 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-05-03 08:55 25,992 ----a-w C:\WINDOWS\system32\pgdfgsvc.exe
2008-05-03 08:51 --------- d-----w C:\Program Files\WLAN
2008-05-03 08:47 --------- d-----w C:\Program Files\microsoft frontpage
2008-05-03 08:46 --------- d-----w C:\Program Files\Uslugi online
2008-04-23 15:19 442,368 ----a-w C:\WINDOWS\system32\NVUNINST.EXE
2008-04-14 21:16 1,804 ----a-w C:\WINDOWS\system32\dcache.bin
2008-04-14 20:56 332,288 ----a-w C:\WINDOWS\system32\netsetup.exe
2008-04-14 20:52 92,424 ----a-w C:\WINDOWS\system32\rdpdd.dll
2008-04-14 20:52 87,176 ----a-w C:\WINDOWS\system32\rdpwsx.dll
2008-04-14 20:52 40,840 ----a-w C:\WINDOWS\system32\drivers\termdd.sys
2008-04-14 20:52 21,896 ----a-w C:\WINDOWS\system32\drivers\tdtcp.sys
2008-04-14 20:52 139,656 ----a-w C:\WINDOWS\system32\drivers\rdpwd.sys
2008-04-14 20:52 12,168 ----a-w C:\WINDOWS\system32\tsddd.dll
2008-04-14 20:52 12,040 ----a-w C:\WINDOWS\system32\drivers\tdpipe.sys
2008-04-14 20:50 999,936 ----a-w C:\WINDOWS\system32\syssetup.dll
2008-04-14 20:49 98,304 ----a-w C:\WINDOWS\system32\actxprxy.dll
2008-04-14 20:48 5,632 ----a-w C:\WINDOWS\system32\wmi.dll
2008-04-14 20:48 1,449,472 ----a-w C:\WINDOWS\system32\winntbbu.dll
2008-04-14 20:47 57,375 ----a-w C:\WINDOWS\system32\odbcji32.dll
2008-04-14 20:43 4,126 ----a-w C:\WINDOWS\system32\msdxmlc.dll
2008-04-14 20:42 3,584 ----a-w C:\WINDOWS\system32\msafd.dll
2008-04-14 20:36 3,584 ----a-w C:\WINDOWS\system32\icmp.dll
2008-04-14 20:35 9,344 ----a-w C:\WINDOWS\system32\framebuf.dll
2008-04-14 20:33 3,072 ----a-w C:\WINDOWS\system32\dpnlobby.dll
2008-04-14 20:33 3,072 ----a-w C:\WINDOWS\system32\dpnaddr.dll
2008-04-14 20:31 16,896 ----a-w C:\WINDOWS\system32\cfgmgr32.dll
2008-04-14 20:30 285,696 ----a-w C:\WINDOWS\system32\atmfd.dll
2008-04-14 20:04 73,472 ----a-w C:\WINDOWS\system32\drivers\sr.sys
2008-04-14 20:03 80,256 ----a-w C:\WINDOWS\system32\drivers\parport.sys
2008-04-14 20:03 68,608 ----a-w C:\WINDOWS\system32\drivers\pci.sys
2008-04-14 20:03 46,848 ----a-w C:\WINDOWS\system32\drivers\p3.sys
2008-04-14 20:03 120,320 ----a-w C:\WINDOWS\system32\drivers\pcmcia.sys
2008-04-14 19:59 2,067,200 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-04-14 19:55 4,096 ----a-w C:\WINDOWS\system32\dsprpres.dll
2008-04-14 19:52 89,600 ----a-w C:\WINDOWS\system32\msxml6r.dll
2008-04-14 19:52 800,000 ----a-w C:\WINDOWS\system32\drivers\dmboot.sys
2008-04-14 19:52 153,856 ----a-w C:\WINDOWS\system32\drivers\dmio.sys
2008-04-14 19:50 80,896 ------w C:\WINDOWS\system32\msshavmsg.dll
2008-04-14 19:50 24,960 ----a-w C:\WINDOWS\system32\drivers\kbdclass.sys
2008-04-14 19:48 37,632 ----a-w C:\WINDOWS\system32\drivers\isapnp.sys
2008-04-14 19:47 40,832 ----a-w C:\WINDOWS\system32\drivers\crusoe.sys
2008-04-14 19:46 40,448 ----a-w C:\WINDOWS\system32\drivers\intelppm.sys
2008-04-14 19:45 49,664 ----a-w C:\WINDOWS\system32\inetres.dll
2008-04-14 19:43 563,200 ----a-w C:\WINDOWS\system32\shdoclc.dll
2008-04-14 19:41 65,280 ----a-w C:\WINDOWS\system32\drivers\serial.sys
2008-04-14 19:41 53,248 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys
2008-04-14 19:39 25,728 ------w C:\WINDOWS\system32\drivers\hidbth.sys
2008-04-14 19:37 10,240 ----a-w C:\WINDOWS\system32\gpkrsrc.dll
2008-04-14 19:35 67,584 ----a-w C:\WINDOWS\system32\browselc.dll
2008-04-14 19:35 58,880 ----a-w C:\WINDOWS\system32\drivers\redbook.sys
2008-04-14 19:35 273,920 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-04-14 19:35 1,845,888 ----a-w C:\WINDOWS\system32\win32k.sys
2008-04-14 19:33 44,672 ----a-w C:\WINDOWS\system32\drivers\fips.sys
2008-04-14 19:32 57,344 ----a-w C:\WINDOWS\system32\mshtmler.dll
2008-04-14 19:31 52,864 ----a-w C:\WINDOWS\system32\drivers\volsnap.sys
2008-04-14 19:30 701,440 ------w C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-04-14 19:30 39,936 ----a-w C:\WINDOWS\system32\drivers\processr.sys
2008-04-14 19:30 327,040 ------w C:\WINDOWS\system32\drivers\ati2mtaa.sys
2008-04-14 19:29 103,936 ----a-w C:\WINDOWS\system32\dpcdll.dll
2008-04-14 19:28 41,856 ----a-w C:\WINDOWS\system32\drivers\amdk7.sys
2008-04-14 19:28 41,472 ----a-w C:\WINDOWS\system32\drivers\amdk6.sys
2008-04-14 19:25 23,296 ----a-w C:\WINDOWS\system32\drivers\mouclass.sys
2008-04-14 19:24 30,208 ----a-w C:\WINDOWS\system32\drivers\modem.sys
2008-04-14 19:24 188,544 ----a-w C:\WINDOWS\system32\drivers\acpi.sys
2008-04-13 22:58 175,744 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys
2008-04-13 22:51 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys
2008-04-13 22:50 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys
2008-04-13 22:50 361,344 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-04-13 22:50 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys
2008-04-13 22:49 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys
2008-04-13 22:49 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys
2008-04-13 22:49 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys
2008-04-13 22:49 146,048 ----a-w C:\WINDOWS\system32\drivers\portcls.sys
2008-04-13 22:49 138,112 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-04-13 22:47 83,072 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys
2008-04-13 22:47 456,576 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys
2008-04-13 22:47 105,344 ----a-w C:\WINDOWS\system32\drivers\mup.sys
2008-04-13 22:46 49,536 ----a-w C:\WINDOWS\system32\drivers\classpnp.sys
2008-04-13 22:46 141,056 ----a-w C:\WINDOWS\system32\drivers\ks.sys
2008-04-13 22:45 60,800 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys
2008-04-13 22:45 574,976 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys
2008-04-13 22:45 334,848 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-04-13 22:44 63,744 ----a-w C:\WINDOWS\system32\drivers\cdfs.sys
2008-04-13 22:44 143,744 ----a-w C:\WINDOWS\system32\drivers\fastfat.sys
2008-04-13 22:30 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-04-13 22:30 19,072 ----a-w C:\WINDOWS\system32\drivers\tdi.sys
2008-04-13 22:27 41,472 ----a-w C:\WINDOWS\system32\drivers\raspppoe.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1E1B2879-88FF-11D3-8D96-D7ACAC95951A}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpeedX"="C:\PROGRA~1\MyPortal\Speed-X\SpeedX.exe" [2006-06-27 14:11 46718]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-10-23 14:18 202024]
"Odkurzacz-MCD"="C:\Program Files\Odkurzacz\odk_mcd.exe" [2008-03-03 14:44 266240]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-12-01 11:46 204288]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [2007-10-22 10:12 1885464]
"SpeedConnectStartUp"="" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 15:28 577536 C:\WINDOWS\soundman.exe]
"RivaTunerStartupDaemon"="C:\Program Files\RivaTuner v2.09\RivaTuner.exe" [2008-04-28 20:25 2707456]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 08:51 1836328]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2008-03-13 16:48 1443072]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 13:06 40048]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-04-26 13:00 13529088]
"nwiz"="nwiz.exe" [2008-04-26 13:00 1630208 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-04-26 13:00 86016]
"Rapget"="E:\pulpit\RAPGET\rapget.exe" [2007-12-25 16:56 171008]

C:\Documents and Settings\fritzz\Menu Start\Programy\Autostart\
hamachi.lnk - C:\Program Files\Hamachi\hamachi.exe [5/15/2008 6:22:35 PM 624416]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Kaspersky Anti-Hacker.lnk - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe [5/11/2006 4:05:33 PM 2195583]
WConfig.lnk - C:\Program Files\WLAN\WConfig\WConfig.exe [5/3/2008 10:51:31 AM 385024]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)
"NoStrCmpLogical"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 1 (0x1)
"MemCheckBoxInRunDlg"= 0 (0x0)
"NoAutoTrayNotify"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoResolveSearch"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
"NoRecentDocsNetHood"= 1 (0x1)
"NoDesktopCleanupWizard"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i263_32.drv
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"msacm.l3fhg"= mp3fhg.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"VIDC.YV12"= yv12vfw.dll
"msacm.divxa32"= divxa32.acm

[HKLM\~\startupfolder\C:^Documents and Settings^fritzz^Menu Start^Programy^Autostart^Adobe Gamma.lnk]
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ALi5289]
--------- 2005-03-10 14:56 405504 C:\Program Files\ULI5289\ALi5289.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-02-14 01:09 486856 C:\Program Files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]
--a------ 2008-04-04 22:12 6930432 C:\Program Files\DAP\DAP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 14:57 153136 C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Rapget]
--a------ 2007-12-25 16:56 171008 E:\pulpit\RAPGET\rapget.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2]
--a------ 2007-10-22 10:12 1885464 C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue SpeedUpMyPC]
--a------ 2007-10-22 10:13 9438488 C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiHacker]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"E:\\Program Files\\The All-Seeing Eye\\eye.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Gadu-Gadu\\gg.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R0 JAHCI;JAHCI;C:\WINDOWS\system32\DRIVERS\JAHCI.sys [2005-05-12 15:12]
R0 Klpf;Klpf;C:\WINDOWS\system32\drivers\Klpf.sys [2006-05-11 16:05]
R0 Klpid;Klpid;C:\WINDOWS\system32\drivers\Klpid.sys [2006-05-11 16:06]
R0 m5289;m5289;C:\WINDOWS\system32\DRIVERS\m5289.sys [2004-12-01 10:49]
R0 uliagpkx;ULi AGP Bus Filter Driver;C:\WINDOWS\system32\DRIVERS\agpkx.sys [2005-05-03 17:31]
R3 Revolution1;Revolution1;E:\revolutionengine\SHAK3.sys []
R3 RT2400PCI;802.11b WLAN PCI;C:\WINDOWS\system32\DRIVERS\RT2400.sys [2003-10-31 09:47]
S3 msloop;Sterownik karty Microsoft Loopback;C:\WINDOWS\system32\DRIVERS\loop.sys [2001-08-17 21:53]
S3 ULI5261XP;ULi M526X Ethernet NT Driver;C:\WINDOWS\system32\DRIVERS\ULILAN51.SYS [2005-03-22 20:36]

*Newly Created Service* - CATCHME
*Newly Created Service* - REVOLUTION1

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{BFD62928-5D03-3BAA-2D30-817406266D1D}]
C:\Program Files\config32\system.exe s

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D6DE7BC8-1073-1166-C02B-75233DF1724B}]
C:\WINDOWS:svchost.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-05-06 11:34:02 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-05-06 11:34:01 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-19 13:10:50
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\C:\DOCUME~1\fritzz\USTAWI~1\Temp\mc2222.tmp"
.
Completion time: 2008-05-19 13:11:28
ComboFix-quarantined-files.txt 2008-05-19 11:11:25

Pre-Run: 6,624,944,128 bajtów wolnych
Post-Run: 6,617,120,768 bajtów wolnych

367 --- E O F --- 2008-05-18 09:37:47

2008-05-12 19:37 . 2008-05-12 19:37 <DIR> d-------- C:\WINDOWS\system32\Sys52Data
2008-05-12 19:37 . 2008-05-15 16:05 <DIR> d-------- C:\Program Files\A8GSdsApp
2008-05-12 19:37 . 2008-05-12 19:37 36 ---h----- C:\WINDOWS\system32\LHGSYFE

Czy sam zainstalowałeś to "GoldenEye", by zapisywało każde naciśnięcie na klawiaturze i wysyłyłało gdzieś w "siną dal"?
>http://www.symantec.com/security_response/...-99&tabid=2

2008-05-15 15:19 . 2008-05-15 16:17 <DIR> d--h----- C:\WINDOWS\svchost
2008-05-15 14:49 . 2008-05-15 16:00 1,261,363 --a------ C:\WINDOWS\system32BACD.009
2008-05-15 14:44 . 2008-05-15 14:44 538 --a------ C:\WINDOWS\system32BOTU.002
2008-05-15 14:44 . 2008-05-15 14:44 266 --a------ C:\WINDOWS\system32BOTU.005
2008-05-15 14:43 . 2008-05-15 16:02 87,912 --a------ C:\WINDOWS\system32BACD.005
2008-05-15 14:43 . 2008-05-15 16:03 33,484 --a------ C:\WINDOWS\system32BACD.002
2008-05-15 14:43 . 2008-05-15 14:44 504 --a------ C:\WINDOWS\system32BOTU.001
2008-05-15 14:43 . 2008-05-15 14:44 504 --a------ C:\WINDOWS\system32BACD.001

Czerwony folder na pewno do usunięcia.
W oczekiwaniu na konkretną pomoc np. @wncvirusa sprawdź te różowe "dziwadła" na --> http://virusscan.jotti.org/
albo na http://www.virustotal.com/en/indexf.html.

Masz też jeszcze gorsze "rzeczy":

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{BFD62928-5D03-3BAA-2D30-817406266D1D}]
C:\Program Files\config32\system.exe s

Znasz ten różowy program? Czerwony plik na pewno do usunięcia, klucz Rejestru też do usunięcia.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D6DE7BC8-1073-1166-C02B-75233DF1724B}]
C:\WINDOWS:svchost.exe

A z tym będziesz mieć największy problem. Wszystkie poprzednio wymienione obiekty można usunąć np. Scriptem ComboFixa, natomiast usunięcie tego szkodliwego strumienia podpiętego pod folder WINDOWS - przy pomocy ComboFixa jest bardzo ryzykowne!
Klucz natomiast trzeba bezwględnie usunąć.

Ja podam usuwanie, ale nie wymagam, byś z mojego zalecenia skorzystał. Możesz poczekać na jakieś lepsze porady.

Ściągnij GMER
Uruchom go>>gmer.zip>>gmer.exe
Rozwiń>>>zakładka CMD>>zaznacz REGEDIT.EXE ---w górne czarne pole wklej to:

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{BFD62928-5D03-3BAA-2D30-817406266D1D}]

[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D6DE7BC8-1073-1166-C02B-75233DF1724B}]

[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1E1B2879-88FF-11D3-8D96-D7ACAC95951A}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpeedConnectStartUp"=-

Kliknij po prawej "Uruchom".
Potem znów GMER>
>Rozwiń>>>zakładka CMD>>zaznacz CMD ---w górne czarne pole wklej to:

gmer -del file C:\WINDOWS:svchost.exe
gmer -del file C:\Program Files\config32\system.exe
gmer -del file C:\WINDOWS\svchost
gmer -del file C:\WINDOWS\system32BACD.009
gmer -del file C:\WINDOWS\system32BOTU.002
gmer -del file C:\WINDOWS\system32BOTU.005
gmer -del file C:\WINDOWS\system32BACD.002
gmer -del file C:\WINDOWS\system32BOTU.001
gmer -del file C:\WINDOWS\system32BACD.001
gmer -del file C:\WINDOWS\system32\Sys52Data
gmer -del file C:\Program Files\A8GSdsApp
gmer -del file C:\WINDOWS\system32\LHGSYFE
gmer -reboot

Kliknij "Uruchom" z prawej strony. Komputer powinien się samoczynnie wyłączyć i włączyć.

Podaję też usuwanie Scriptem, (ale bez usuwania podpiętego strumienia!) - na wypadek, gdyby GMER nie chciał usuwać.

Wklej do Notatnika:

File::
C:\Program Files\config32\system.exe
C:\WINDOWS\system32BACD.009
C:\WINDOWS\system32BOTU.002
C:\WINDOWS\system32BOTU.005
C:\WINDOWS\system32BACD.002
C:\WINDOWS\system32BOTU.001
C:\WINDOWS\system32BACD.001
C:\WINDOWS\system32\LHGSYFE

Folder::
C:\WINDOWS\svchost
C:\WINDOWS\system32\Sys52Data
C:\Program Files\A8GSdsApp

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{BFD62928-5D03-3BAA-2D30-817406266D1D}]
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D6DE7BC8-1073-1166-C02B-75233DF1724B}]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1E1B2879-88FF-11D3-8D96-D7ACAC95951A}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpeedConnectStartUp"=-

>>Plik>>Zapisz jako... >>> CFScript
Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe
-->
Ma się rozpocząć usuwanie. (i powstanie log). Daj ten log, który powstanie w trakcie usuwania.
Jeśli pójdzie dobrze, to: Po restarcie usuń ręcznie folder C:\Qoobox.

Powtarzam: moich zaleceń nie musisz wykonywać - możesz poczekać na zalecenia innych.
Na "swoim" forum tak bym zalecił, ale na tym forum jestem tylko gościem.

ordynat

tu jest problem bo Folder windows mi znikł dawalem zeby ppokazywalo ukryte foldery i nie pokazuje mi C:Windows ...
a ten svchost czerwony moze byc od Service pack 3 bo jak go zainstalowalem to Nod32 spammował ze zostal zmieniony cos tam
nowe logi

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:12:40, on 2008-05-19
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\MyPortal\Speed-X\SpeedX.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe
C:\Program Files\WLAN\WConfig\WConfig.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Lacza
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.09\RivaTuner.exe" /S
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Rapget] E:\pulpit\RAPGET\rapget.exe
O4 - HKCU\..\Run: [SpeedX] C:\PROGRA~1\MyPortal\Speed-X\SpeedX.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Odkurzacz-MCD] C:\Program Files\Odkurzacz\odk_mcd.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USLUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USLUGA SIECIOWA')
O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Global Startup: Kaspersky Anti-Hacker.lnk = C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe
O4 - Global Startup: WConfig.lnk = C:\Program Files\WLAN\WConfig\WConfig.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{4A1D58FC-077F-45BB-BF2F-791BB8CDCC9F}: NameServer = 174.138.200.1,194.204.152.34
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 5470 bytes



combofix

ComboFix 08-05-15.3 - fritzz 2008-05-19 21:19:25.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.462 [GMT 2:00]
Running from: C:\Documents and Settings\fritzz\Pulpit\ComboFix.exe
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED
.

((((((((((((((((((((((((( Files Created from 2008-04-19 to 2008-05-19 )))))))))))))))))))))))))))))))
.

2008-05-19 21:09 . 2008-05-19 21:09 250 --a------ C:\WINDOWS\gmer.ini
2008-05-19 15:47 . 2003-03-19 05:14 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2008-05-19 13:08 . 2008-05-19 13:08 1,024 --ah----- C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
2008-05-19 13:04 . 2008-05-19 13:04 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-17 10:18 . 2008-05-17 10:18 <DIR> d-------- C:\WINDOWS\FIIIIX
2008-05-15 18:23 . 2008-05-19 21:12 <DIR> d-------- C:\Documents and Settings\fritzz\Dane aplikacji\Hamachi
2008-05-15 18:22 . 2008-05-15 18:23 <DIR> d-------- C:\Program Files\Hamachi
2008-05-15 18:22 . 2008-05-15 18:22 25,280 --a------ C:\WINDOWS\system32\drivers\hamachi.sys
2008-05-15 16:05 . 2008-05-15 16:05 233,488 --a------ C:\WINDOWS\May_15_2008__15_44_59.jpg
2008-05-15 16:05 . 2008-05-15 16:05 232,734 --a------ C:\WINDOWS\May_15_2008__15_54_59.jpg
2008-05-15 16:05 . 2008-05-15 16:05 216,902 --a------ C:\WINDOWS\May_15_2008__16_00_00.jpg
2008-05-15 16:05 . 2008-05-15 16:05 149,682 --a------ C:\WINDOWS\May_15_2008__15_49_59.jpg
2008-05-15 16:05 . 2008-05-15 16:05 144,645 --a------ C:\WINDOWS\May_15_2008__15_34_58.jpg
2008-05-15 16:05 . 2008-05-15 16:05 62,076 --a------ C:\WINDOWS\May_15_2008__15_39_58.jpg
2008-05-15 16:04 . 2008-05-15 16:04 185,848 --a------ C:\WINDOWS\May_15_2008__15_24_58.jpg
2008-05-15 16:04 . 2008-05-15 16:04 177,524 --a------ C:\WINDOWS\May_15_2008__15_29_58.jpg
2008-05-15 16:04 . 2008-05-15 16:04 164,545 --a------ C:\WINDOWS\May_15_2008__15_14_58.jpg
2008-05-15 16:04 . 2008-05-15 16:04 158,549 --a------ C:\WINDOWS\May_15_2008__14_59_58.jpg
2008-05-15 16:04 . 2008-05-15 16:04 124,378 --a------ C:\WINDOWS\May_15_2008__14_49_57.jpg
2008-05-15 16:04 . 2008-05-15 16:04 122,277 --a------ C:\WINDOWS\May_15_2008__15_09_58.jpg
2008-05-15 16:04 . 2008-05-15 16:04 70,861 --a------ C:\WINDOWS\May_15_2008__15_19_58.jpg
2008-05-15 16:04 . 2008-05-15 16:04 68,118 --a------ C:\WINDOWS\May_15_2008__14_54_57.jpg
2008-05-15 16:04 . 2008-05-15 16:04 53,708 --a------ C:\WINDOWS\May_15_2008__15_04_58.jpg
2008-05-15 14:43 . 2008-05-15 16:02 87,912 --a------ C:\WINDOWS\system32BACD.005
2008-05-15 03:54 . 2007-10-07 11:27 1,077,344 --a------ C:\WINDOWS\system32\MSCOMCTL.OCX
2008-05-15 03:54 . 2004-09-03 00:00 124,688 --a------ C:\WINDOWS\system32\MSWINSCK.OCX
2008-05-15 03:54 . 2007-10-07 11:27 10,752 --a------ C:\WINDOWS\system32\aamd532.dll
2008-05-15 03:38 . 2008-05-15 03:38 <DIR> d-------- C:\Documents and Settings\fritzz\Dane aplikacji\DivX
2008-05-15 03:37 . 2008-05-15 03:37 <DIR> d-------- C:\Documents and Settings\fritzz\Dane aplikacji\Thinstall
2008-05-15 03:14 . 2008-05-15 03:14 <DIR> d-------- C:\Program Files\srobot
2008-05-15 02:49 . 2008-05-17 16:14 <DIR> d-------- C:\WINDOWS\Dump
2008-05-15 02:49 . 2008-05-15 02:57 9,367,552 --a------ C:\WINDOWS\sro_client.exe
2008-05-14 19:44 . 2008-05-14 19:44 8 --a------ C:\WINDOWS\system32\nvModes.dat
2008-05-14 19:43 . 2008-05-14 19:43 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\nView_Profiles
2008-05-14 18:21 . 2008-05-14 18:21 479,298 --a------ C:\WINDOWS\system32\wbocx.ocx
2008-05-14 18:21 . 2008-05-14 18:21 172,032 --a------ C:\WINDOWS\system32\AniGIF.ocx
2008-05-14 18:21 . 2008-05-14 18:21 50,688 --a------ C:\WINDOWS\system32\wbhelp2.dll
2008-05-14 16:24 . 2008-05-14 16:24 <DIR> d-------- C:\nVidia Forceware
2008-05-14 16:16 . 2008-05-15 18:08 <DIR> d-a------ C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2008-05-14 16:15 . 2008-05-14 18:24 <DIR> d-------- C:\Program Files\DAP
2008-05-14 09:49 . 2008-05-14 09:49 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2008-05-14 09:49 . 2007-11-29 23:30 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-05-13 18:11 . 2008-05-13 18:11 290,816 --a------ C:\WINDOWS\system32\l3codeca.acm
2008-05-13 18:10 . 2008-05-13 18:10 921,600 --a------ C:\WINDOWS\system32\vorbisenc.dll
2008-05-13 18:10 . 2008-05-13 18:10 892,928 --a------ C:\WINDOWS\system32\iconv.dll
2008-05-13 18:10 . 2008-05-13 18:10 577,536 --a------ C:\WINDOWS\system32\ac3filter.ax
2008-05-13 18:10 . 2008-05-13 18:10 237,568 --a------ C:\WINDOWS\system32\OggDS.dll
2008-05-13 18:09 . 2008-05-13 18:09 1,415,680 --a------ C:\WINDOWS\system32\WMV9VCM.dll
2008-05-13 18:09 . 2008-05-13 18:09 245,760 --a------ C:\WINDOWS\system32\mplvpx.dll
2008-05-13 18:09 . 2008-05-13 18:09 188,416 --a------ C:\WINDOWS\system32\vorbis.dll
2008-05-13 18:09 . 2008-05-13 18:09 106,496 --a------ C:\WINDOWS\system32\lmpgspl.ax
2008-05-13 18:09 . 2008-05-13 18:09 94,208 --a------ C:\WINDOWS\system32\lmpgvd.ax
2008-05-13 18:09 . 2008-05-13 18:09 86,528 --a------ C:\WINDOWS\system32\DVDVideo.ax
2008-05-13 18:09 . 2008-05-13 18:09 45,056 --a------ C:\WINDOWS\system32\ogg.dll
2008-05-13 18:09 . 2008-05-13 18:09 9,216 --a------ C:\WINDOWS\system32\cpuinf32.dll
2008-05-13 18:08 . 2007-07-25 14:24 1,559,040 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-05-13 18:08 . 2008-05-13 18:08 630,784 --a------ C:\WINDOWS\system32\divxdec.ax
2008-05-13 18:08 . 2008-05-13 18:08 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2008-05-13 18:08 . 2008-05-13 18:08 391,168 --a------ C:\WINDOWS\system32\i263_32.drv
2008-05-13 18:08 . 2008-05-13 18:08 352,401 --a------ C:\WINDOWS\system32\DivXMedia.ax
2008-05-13 18:08 . 2008-05-13 18:08 344,394 --a------ C:\WINDOWS\system32\xvid.ax
2008-05-13 15:03 . 2008-05-13 17:53 <DIR> d-------- C:\Program Files\Project64 1.6
2008-05-13 07:13 . 2008-05-13 07:13 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-05-13 07:13 . 2008-05-13 07:13 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Adobe Systems
2008-05-12 19:36 . 2008-05-12 19:36 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-05-12 18:57 . 2008-05-12 18:57 <DIR> d-------- C:\WINDOWS\Sun
2008-05-11 07:53 . 2008-05-13 07:15 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-05-09 09:42 . 2008-05-09 09:42 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-05-08 14:49 . 2008-05-08 14:49 <DIR> d-------- C:\Program Files\Common Files\Thraex Software
2008-05-08 06:42 . 2006-03-02 14:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-05-08 03:33 . 2008-05-08 03:33 <DIR> d-------- C:\Program Files\NT Registry Optimizer
2008-05-08 03:13 . 2008-05-08 03:21 <DIR> d-------- C:\Program Files\Microsoft Bootvis
2008-05-08 01:45 . 2008-05-08 01:46 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2008-05-08 01:45 . 2008-05-08 01:45 <DIR> d-------- C:\Program Files\Reference Assemblies
2008-05-08 01:45 . 2008-05-08 01:45 <DIR> d-------- C:\Program Files\MSBuild
2008-05-08 01:45 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2008-05-08 01:36 . 2008-05-08 01:36 <DIR> d-------- C:\Program Files\CBS Software
2008-05-07 20:42 . 2008-05-07 20:42 <DIR> d-------- C:\Program Files\Java
2008-05-07 20:42 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-05-07 20:38 . 2008-05-07 20:38 <DIR> d-------- C:\Program Files\Common Files\Java
2008-05-07 20:04 . 2008-05-07 20:04 <DIR> d--hs---- C:\found.000
2008-05-07 01:28 . 2008-05-07 01:28 <DIR> d-------- C:\Program Files\Winamp
2008-05-07 01:28 . 2008-05-07 01:28 <DIR> d-------- C:\Documents and Settings\fritzz\Dane aplikacji\Winamp
2008-05-06 20:53 . 2008-05-06 20:53 <DIR> d-------- C:\Program Files\Ulead Systems
2008-05-06 20:53 . 2008-05-06 20:53 <DIR> d-------- C:\Program Files\Common Files\Ulead Systems
2008-05-06 20:53 . 2008-05-06 20:53 <DIR> d-------- C:\Documents and Settings\fritzz\Dane aplikacji\Ulead Systems
2008-05-06 20:53 . 2008-05-06 20:53 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Ulead Systems
2008-05-06 20:53 . 2008-05-06 20:53 74 --ah----- C:\WINDOWS\Dmftw.sfq
2008-05-06 13:10 . 2008-05-18 20:43 <DIR> d-------- C:\Program Files\Odkurzacz
2008-05-05 21:45 . 2008-05-09 09:45 <DIR> d-------- C:\WINDOWS\system32\pl-pl
2008-05-05 21:45 . 2008-05-09 09:45 <DIR> d-------- C:\WINDOWS\system32\pl
2008-05-05 21:38 . 2008-04-14 22:00 2,190,336 --a------ C:\WINDOWS\system32\ntoskrnl.exe
2008-05-05 17:33 . 2008-05-05 17:33 <DIR> d-------- C:\WINDOWS\system32\Lang
2008-05-05 17:33 . 2008-05-05 17:33 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav
2008-05-05 17:33 . 2008-05-05 17:33 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav
2008-05-05 17:33 . 2008-05-05 22:24 60,416 --a------ C:\WINDOWS\ALCFDRTM.VER
2008-05-05 17:33 . 2008-05-05 17:33 60,416 --a------ C:\WINDOWS\ALCFDRTM.EXE
2008-05-05 13:15 . 2008-05-05 13:15 <DIR> d-------- C:\WINDOWS\system32\DRM
2008-05-05 13:07 . 2008-05-08 06:42 23,392 --a------ C:\WINDOWS\system32\nscompat.tlb
2008-05-05 13:07 . 2008-05-08 06:42 16,832 --a------ C:\WINDOWS\system32\amcompat.tlb
2008-05-05 13:06 . 2008-05-05 13:06 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-05-05 13:03 . 2008-05-05 13:03 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-05-05 13:02 . 2008-05-05 13:07 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-05-05 13:01 . 2008-05-05 13:01 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-05-05 13:01 . 2008-05-05 13:01 <DIR> d-------- C:\Program Files\HighMAT CD Writing Wizard
2008-05-05 12:56 . 2008-05-05 12:56 <DIR> d-------- C:\Program Files\SGJ
2008-05-05 08:52 . 2008-05-05 08:52 <DIR> d-------- C:\Program Files\SubEdit-Player
2008-05-05 07:08 . 2008-05-05 07:08 <DIR> d-------- C:\Documents and Settings\fritzz\Dane aplikacji\Media Player Classic
2008-05-05 07:07 . 2008-05-19 15:48 <DIR> d-------- C:\Program Files\Real Alternative
2008-05-05 06:01 . 2008-05-05 06:01 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-05-05 06:01 . 2008-05-05 06:01 <DIR> d-------- C:\Program Files\Common Files\Kaspersky Lab
2008-05-04 14:10 . 2008-05-19 21:00 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-05-04 12:59 . 2008-05-04 12:59 <DIR> d-------- C:\Documents and Settings\fritzz\Dane aplikacji\Nero
2008-05-04 12:57 . 2008-05-04 12:57 <DIR> d-------- C:\Program Files\Nero
2008-05-04 12:57 . 2008-05-04 12:59 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-05-04 12:57 . 2008-05-04 12:57 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Nero
2008-05-04 08:13 . 2008-05-04 08:39 <DIR> d-------- C:\Program Files\Ultra RM Converter
2008-05-04 08:08 . 2008-05-06 13:14 <DIR> d-------- C:\Program Files\NAPI-PROJEKT
2008-05-04 03:35 . 2008-05-04 03:35 <DIR> d-------- C:\Documents and Settings\fritzz\Dane aplikacji\Gadu-Gadu
2008-05-04 02:13 . 2008-05-17 10:02 <DIR> d-------- C:\Program Files\Gadu-Gadu
2008-05-04 02:13 . 2008-05-18 21:11 <DIR> d-------- C:\Documents and Settings\fritzz\Gadu-Gadu
2008-05-03 23:59 . 2001-08-17 21:53 4,992 --a------ C:\WINDOWS\system32\drivers\loop.sys
2008-05-03 23:59 . 2001-08-17 21:53 4,992 --a--c--- C:\WINDOWS\system32\dllcache\loop.sys
2008-05-03 23:23 . 2008-05-03 23:23 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Office Genuine Advantage
2008-05-03 23:21 . 2008-05-09 09:50 1,024 --ah----- C:\Documents and Settings\Default User\NTUSER.DAT.LOG

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-19 16:59 --------- d-----w C:\Program Files\Uniblue
2008-05-19 16:59 --------- d-----w C:\Documents and Settings\fritzz\Dane aplikacji\Uniblue
2008-05-19 15:05 --------- d-----w C:\Documents and Settings\fritzz\Dane aplikacji\mIRC
2008-05-19 12:21 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-05-19 12:21 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-05-18 21:07 --------- d-----w C:\Program Files\mIRC
2008-05-14 23:24 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-13 16:09 755,200 ----a-w C:\WINDOWS\system32\ir50_32.dll
2008-05-05 15:05 --------- d-----w C:\Documents and Settings\fritzz\Dane aplikacji\teamspeak2
2008-05-03 21:33 --------- d-----w C:\Program Files\MyPortal
2008-05-03 10:32 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-05-03 10:08 --------- d-----w C:\Program Files\Teamspeak2_RC2
2008-05-03 09:00 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-05-03 08:55 25,992 ----a-w C:\WINDOWS\system32\pgdfgsvc.exe
2008-05-03 08:51 --------- d-----w C:\Program Files\WLAN
2008-05-03 08:47 --------- d-----w C:\Program Files\microsoft frontpage
2008-05-03 08:46 --------- d-----w C:\Program Files\Uslugi online
2008-04-23 15:19 442,368 ----a-w C:\WINDOWS\system32\NVUNINST.EXE
2008-04-14 21:16 1,804 ----a-w C:\WINDOWS\system32\dcache.bin
2008-04-14 20:56 332,288 ----a-w C:\WINDOWS\system32\netsetup.exe
2008-04-14 20:52 92,424 ----a-w C:\WINDOWS\system32\rdpdd.dll
2008-04-14 20:52 87,176 ----a-w C:\WINDOWS\system32\rdpwsx.dll
2008-04-14 20:52 40,840 ----a-w C:\WINDOWS\system32\drivers\termdd.sys
2008-04-14 20:52 21,896 ----a-w C:\WINDOWS\system32\drivers\tdtcp.sys
2008-04-14 20:52 139,656 ----a-w C:\WINDOWS\system32\drivers\rdpwd.sys
2008-04-14 20:52 12,168 ----a-w C:\WINDOWS\system32\tsddd.dll
2008-04-14 20:52 12,040 ----a-w C:\WINDOWS\system32\drivers\tdpipe.sys
2008-04-14 20:50 999,936 ----a-w C:\WINDOWS\system32\syssetup.dll
2008-04-14 20:49 98,304 ----a-w C:\WINDOWS\system32\actxprxy.dll
2008-04-14 20:48 5,632 ----a-w C:\WINDOWS\system32\wmi.dll
2008-04-14 20:48 1,449,472 ----a-w C:\WINDOWS\system32\winntbbu.dll
2008-04-14 20:47 57,375 ----a-w C:\WINDOWS\system32\odbcji32.dll
2008-04-14 20:43 4,126 ----a-w C:\WINDOWS\system32\msdxmlc.dll
2008-04-14 20:42 3,584 ----a-w C:\WINDOWS\system32\msafd.dll
2008-04-14 20:36 3,584 ----a-w C:\WINDOWS\system32\icmp.dll
2008-04-14 20:35 9,344 ----a-w C:\WINDOWS\system32\framebuf.dll
2008-04-14 20:33 3,072 ----a-w C:\WINDOWS\system32\dpnlobby.dll
2008-04-14 20:33 3,072 ----a-w C:\WINDOWS\system32\dpnaddr.dll
2008-04-14 20:31 16,896 ----a-w C:\WINDOWS\system32\cfgmgr32.dll
2008-04-14 20:30 285,696 ----a-w C:\WINDOWS\system32\atmfd.dll
2008-04-14 20:04 73,472 ----a-w C:\WINDOWS\system32\drivers\sr.sys
2008-04-14 20:03 80,256 ----a-w C:\WINDOWS\system32\drivers\parport.sys
2008-04-14 20:03 68,608 ----a-w C:\WINDOWS\system32\drivers\pci.sys
2008-04-14 20:03 46,848 ----a-w C:\WINDOWS\system32\drivers\p3.sys
2008-04-14 20:03 120,320 ----a-w C:\WINDOWS\system32\drivers\pcmcia.sys
2008-04-14 19:59 2,067,200 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-04-14 19:55 4,096 ----a-w C:\WINDOWS\system32\dsprpres.dll
2008-04-14 19:52 89,600 ----a-w C:\WINDOWS\system32\msxml6r.dll
2008-04-14 19:52 800,000 ----a-w C:\WINDOWS\system32\drivers\dmboot.sys
2008-04-14 19:52 153,856 ----a-w C:\WINDOWS\system32\drivers\dmio.sys
2008-04-14 19:50 80,896 ------w C:\WINDOWS\system32\msshavmsg.dll
2008-04-14 19:50 24,960 ----a-w C:\WINDOWS\system32\drivers\kbdclass.sys
2008-04-14 19:48 37,632 ----a-w C:\WINDOWS\system32\drivers\isapnp.sys
2008-04-14 19:47 40,832 ----a-w C:\WINDOWS\system32\drivers\crusoe.sys
2008-04-14 19:46 40,448 ----a-w C:\WINDOWS\system32\drivers\intelppm.sys
2008-04-14 19:45 49,664 ----a-w C:\WINDOWS\system32\inetres.dll
2008-04-14 19:43 563,200 ----a-w C:\WINDOWS\system32\shdoclc.dll
2008-04-14 19:41 65,280 ----a-w C:\WINDOWS\system32\drivers\serial.sys
2008-04-14 19:41 53,248 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys
2008-04-14 19:39 25,728 ------w C:\WINDOWS\system32\drivers\hidbth.sys
2008-04-14 19:37 10,240 ----a-w C:\WINDOWS\system32\gpkrsrc.dll
2008-04-14 19:35 67,584 ----a-w C:\WINDOWS\system32\browselc.dll
2008-04-14 19:35 58,880 ----a-w C:\WINDOWS\system32\drivers\redbook.sys
2008-04-14 19:35 273,920 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-04-14 19:35 1,845,888 ----a-w C:\WINDOWS\system32\win32k.sys
2008-04-14 19:33 44,672 ----a-w C:\WINDOWS\system32\drivers\fips.sys
2008-04-14 19:32 57,344 ----a-w C:\WINDOWS\system32\mshtmler.dll
2008-04-14 19:31 52,864 ----a-w C:\WINDOWS\system32\drivers\volsnap.sys
2008-04-14 19:30 701,440 ------w C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-04-14 19:30 39,936 ----a-w C:\WINDOWS\system32\drivers\processr.sys
2008-04-14 19:30 327,040 ------w C:\WINDOWS\system32\drivers\ati2mtaa.sys
2008-04-14 19:29 103,936 ----a-w C:\WINDOWS\system32\dpcdll.dll
2008-04-14 19:28 41,856 ----a-w C:\WINDOWS\system32\drivers\amdk7.sys
2008-04-14 19:28 41,472 ----a-w C:\WINDOWS\system32\drivers\amdk6.sys
2008-04-14 19:25 23,296 ----a-w C:\WINDOWS\system32\drivers\mouclass.sys
2008-04-14 19:24 30,208 ----a-w C:\WINDOWS\system32\drivers\modem.sys
2008-04-14 19:24 188,544 ----a-w C:\WINDOWS\system32\drivers\acpi.sys
2008-04-13 22:58 175,744 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys
2008-04-13 22:51 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys
2008-04-13 22:50 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys
2008-04-13 22:50 361,344 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-04-13 22:50 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys
2008-04-13 22:49 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys
2008-04-13 22:49 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys
2008-04-13 22:49 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys
2008-04-13 22:49 146,048 ----a-w C:\WINDOWS\system32\drivers\portcls.sys
2008-04-13 22:49 138,112 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-04-13 22:47 83,072 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys
2008-04-13 22:47 456,576 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys
2008-04-13 22:47 105,344 ----a-w C:\WINDOWS\system32\drivers\mup.sys
2008-04-13 22:46 49,536 ----a-w C:\WINDOWS\system32\drivers\classpnp.sys
2008-04-13 22:46 141,056 ----a-w C:\WINDOWS\system32\drivers\ks.sys
2008-04-13 22:45 60,800 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys
2008-04-13 22:45 574,976 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys
2008-04-13 22:45 334,848 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-04-13 22:44 63,744 ----a-w C:\WINDOWS\system32\drivers\cdfs.sys
2008-04-13 22:44 143,744 ----a-w C:\WINDOWS\system32\drivers\fastfat.sys
2008-04-13 22:30 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-04-13 22:30 19,072 ----a-w C:\WINDOWS\system32\drivers\tdi.sys
2008-04-13 22:27 41,472 ----a-w C:\WINDOWS\system32\drivers\raspppoe.sys
.

((((((((((((((((((((((((((((( snapshot@2008-05-19_21.06.23,37 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-19 16:50:22 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-19 19:11:39 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-19 19:09:24 823,296 ----a-w C:\WINDOWS\gmer.dll
+ 2008-03-27 11:49:38 761,856 ----a-w C:\WINDOWS\gmer.exe
+ 2008-05-19 19:09:24 85,905 ----a-w C:\WINDOWS\system32\drivers\gmer.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpeedX"="C:\PROGRA~1\MyPortal\Speed-X\SpeedX.exe" [2006-06-27 14:11 46718]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-10-23 14:18 202024]
"Odkurzacz-MCD"="C:\Program Files\Odkurzacz\odk_mcd.exe" [2008-03-03 14:44 266240]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-12-01 11:46 204288]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [2007-10-22 10:12 1885464]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 15:28 577536 C:\WINDOWS\soundman.exe]
"RivaTunerStartupDaemon"="C:\Program Files\RivaTuner v2.09\RivaTuner.exe" [2008-04-28 20:25 2707456]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 08:51 1836328]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2008-03-13 16:48 1443072]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 13:06 40048]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-04-26 13:00 13529088]
"nwiz"="nwiz.exe" [2008-04-26 13:00 1630208 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-04-26 13:00 86016]
"Rapget"="E:\pulpit\RAPGET\rapget.exe" [2007-12-25 16:56 171008]

C:\Documents and Settings\fritzz\Menu Start\Programy\Autostart\
hamachi.lnk - C:\Program Files\Hamachi\hamachi.exe [5/15/2008 6:22:35 PM 624416]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Kaspersky Anti-Hacker.lnk - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe [5/11/2006 4:05:33 PM 2195583]
WConfig.lnk - C:\Program Files\WLAN\WConfig\WConfig.exe [5/3/2008 10:51:31 AM 385024]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)
"NoStrCmpLogical"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 1 (0x1)
"MemCheckBoxInRunDlg"= 0 (0x0)
"NoAutoTrayNotify"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoResolveSearch"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
"NoRecentDocsNetHood"= 1 (0x1)
"NoDesktopCleanupWizard"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i263_32.drv
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"msacm.l3fhg"= mp3fhg.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"VIDC.YV12"= yv12vfw.dll
"msacm.divxa32"= divxa32.acm

[HKLM\~\startupfolder\C:^Documents and Settings^fritzz^Menu Start^Programy^Autostart^Adobe Gamma.lnk]
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ALi5289]
--------- 2005-03-10 14:56 405504 C:\Program Files\ULI5289\ALi5289.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-02-14 01:09 486856 C:\Program Files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]
--a------ 2008-04-04 22:12 6930432 C:\Program Files\DAP\DAP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 14:57 153136 C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Rapget]
--a------ 2007-12-25 16:56 171008 E:\pulpit\RAPGET\rapget.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2]
--a------ 2007-10-22 10:12 1885464 C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue SpeedUpMyPC]
C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiHacker]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"E:\\Program Files\\The All-Seeing Eye\\eye.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Gadu-Gadu\\gg.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R0 JAHCI;JAHCI;C:\WINDOWS\system32\DRIVERS\JAHCI.sys [2005-05-12 15:12]
R0 Klpf;Klpf;C:\WINDOWS\system32\drivers\Klpf.sys [2006-05-11 16:05]
R0 Klpid;Klpid;C:\WINDOWS\system32\drivers\Klpid.sys [2006-05-11 16:06]
R0 m5289;m5289;C:\WINDOWS\system32\DRIVERS\m5289.sys [2004-12-01 10:49]
R0 uliagpkx;ULi AGP Bus Filter Driver;C:\WINDOWS\system32\DRIVERS\agpkx.sys [2005-05-03 17:31]
R3 RT2400PCI;802.11b WLAN PCI;C:\WINDOWS\system32\DRIVERS\RT2400.sys [2003-10-31 09:47]
S3 msloop;Sterownik karty Microsoft Loopback;C:\WINDOWS\system32\DRIVERS\loop.sys [2001-08-17 21:53]
S3 Revolution1;Revolution1;E:\revolutionengine\SHAK3.sys []
S3 ULI5261XP;ULi M526X Ethernet NT Driver;C:\WINDOWS\system32\DRIVERS\ULILAN51.SYS [2005-03-22 20:36]

.
Contents of the 'Scheduled Tasks' folder
"2008-05-06 11:34:02 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-05-06 11:34:01 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-19 21:21:23
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


folder error: C:\WINDOWS\TEMP\

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-05-19 21:21:57
ComboFix-quarantined-files.txt 2008-05-19 19:21:54
ComboFix2.txt 2008-05-19 19:06:39

Pre-Run: 5,156,880,384 bajtów wolnych
Post-Run: 5,138,595,840 bajtów wolnych

359 --- E O F --- 2008-05-18 09:37:47

2008-05-15 16:05 . 2008-05-15 16:05 233,488 --a------ C:\WINDOWS\May_15_2008__15_44_59.jpg
2008-05-15 16:05 . 2008-05-15 16:05 232,734 --a------ C:\WINDOWS\May_15_2008__15_54_59.jpg
2008-05-15 16:05 . 2008-05-15 16:05 216,902 --a------ C:\WINDOWS\May_15_2008__16_00_00.jpg
2008-05-15 16:05 . 2008-05-15 16:05 149,682 --a------ C:\WINDOWS\May_15_2008__15_49_59.jpg
2008-05-15 16:05 . 2008-05-15 16:05 144,645 --a------ C:\WINDOWS\May_15_2008__15_34_58.jpg
2008-05-15 16:05 . 2008-05-15 16:05 62,076 --a------ C:\WINDOWS\May_15_2008__15_39_58.jpg
2008-05-15 16:04 . 2008-05-15 16:04 185,848 --a------ C:\WINDOWS\May_15_2008__15_24_58.jpg
2008-05-15 16:04 . 2008-05-15 16:04 177,524 --a------ C:\WINDOWS\May_15_2008__15_29_58.jpg
2008-05-15 16:04 . 2008-05-15 16:04 164,545 --a------ C:\WINDOWS\May_15_2008__15_14_58.jpg
2008-05-15 16:04 . 2008-05-15 16:04 158,549 --a------ C:\WINDOWS\May_15_2008__14_59_58.jpg
2008-05-15 16:04 . 2008-05-15 16:04 124,378 --a------ C:\WINDOWS\May_15_2008__14_49_57.jpg
2008-05-15 16:04 . 2008-05-15 16:04 122,277 --a------ C:\WINDOWS\May_15_2008__15_09_58.jpg
2008-05-15 16:04 . 2008-05-15 16:04 70,861 --a------ C:\WINDOWS\May_15_2008__15_19_58.jpg
2008-05-15 16:04 . 2008-05-15 16:04 68,118 --a------ C:\WINDOWS\May_15_2008__14_54_57.jpg
2008-05-15 16:04 . 2008-05-15 16:04 53,708 --a------ C:\WINDOWS\May_15_2008__15_04_58.jpg

Wychodzę z założenia, że znasz te obrazki?

Wszystko się ładnie usunęło, ale jeden obiekt przeoczyłem przy układaniu usuwania, więc go teraz usuń:
>gmer.exe
Rozwiń>>>zakładka CMD>>zaznacz CMD ---w górne czarne pole wklej to:

gmer -del C:\WINDOWS\system32BACD.005
gmer -reboot

Kliknij „Uruchom” z prawej strony. Komputer powinien się samoczynnie wyłączyć i włączyć.

Jak widać, folder "WINDOWS" dalej istnieje - być może tylko ComboFix pozmieniał Twoje ustawienia, więc:

Jeśli nie będą widoczne, to najpierw usuń atrybuty ochronne:
>>Start>>Panel Sterowania>>Opcje Folderów>>Widok>>usuń zaznaczenie przy "Ukryj chronione pliki systemowe">
>zaznacz przy "Pokaż ukryte pliki">>Zastosuj>>OK

Powinno być OK.

ordynat

niestety Windows dalej nie widoczny (FOLDER) jak daje naprzyklad w uruchom wpisuje C:\WINDOWS\

to normalnei mi sie wlacza

nie znam tych obrazkow

ale usunołem je juz

a i przy wlaczeniu combofixa wykrywalo mi Vira jakiegos chyba to virus nie wiem jakis Eitect czy jakos tak

powiem tyle niewiem jak ci dziekowac komputer juz nie tnie sie co chwile i przy Crysisie jak wczesniej;) Wielkie dzieki