Logi - drastyczne spowolnienie komputera

Witam. posiadam antyvirusa Nod32v3 ale komputer mi naprawde przez ostatnie 2 dni zwolnil i to bardzo tu daje loga prosze go sprawdzic



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:38:21, on 2008-03-26
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINXP\System32\smss.exe
C:\WINXP\system32\winlogon.exe
C:\WINXP\system32\services.exe
C:\WINXP\system32\lsass.exe
C:\WINXP\system32\svchost.exe
C:\WINXP\System32\svchost.exe
C:\WINXP\system32\spoolsv.exe
C:\WINXP\Explorer.EXE
C:\Program Files\VDOTool\TBPanel.exe
C:\Program Files\GridService\peer.exe
C:\WINXP\SOUNDMAN.EXE
C:\DocumentyXP\CHEJS\Pulpit\RAPGET\rapget.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINXP\system32\RUNDLL32.EXE
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\PROGRA~1\MyPortal\Speed-X\SpeedX.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\DNA\btdna.exe
C:\WINXP\system32\nvsvc32.exe
C:\WINXP\system32\PnkBstrA.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\WLAN\WConfig\WConfig.exe
C:\Program Files\Teamspeak2_RC2\TeamSpeak.exe
C:\WINXP\system32\IoctlSvc.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\DAP\DAP.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com
O1 - Hosts: 222.111.150.111 gwg3project512.de
O1 - Hosts: 222.111.150.111 gwg4project512.de
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [Gainward] C:\Program Files\VDOTool\TBPanel.exe /A
O4 - HKLM\..\Run: [Grid Service] "C:\Program Files\GridService\peer.exe" -n Grid
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Rapget] C:\DocumentyXP\CHEJS\Pulpit\RAPGET\rapget.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINXP\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINXP\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.08\RivaTuner.exe" /S
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [SpeedX] C:\PROGRA~1\MyPortal\Speed-X\SpeedX.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Odkurzacz-MCD] C:\Program Files\Odkurzacz\odk_mcd.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\RunOnce: [NeroHomeFirstStart] "C:\Program Files\Common Files\Nero\Lib\NMFirstStart.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINXP\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetupo.dll" "%SystemRoot%\System32\syssetup.dll" (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINXP\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetupo.dll" "%SystemRoot%\System32\syssetup.dll" (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetupo.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetupo.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: WConfig.lnk = C:\Program Files\WLAN\WConfig\WConfig.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINXP\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINXP\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\winxp\system32\gamelink.dll
O10 - Unknown file in Winsock LSP: c:\winxp\system32\gamelink.dll
O10 - Unknown file in Winsock LSP: c:\winxp\system32\gamelink.dll
O10 - Unknown file in Winsock LSP: c:\winxp\system32\gamelink.dll
O10 - Unknown file in Winsock LSP: c:\winxp\system32\gamelink.dll
O10 - Unknown file in Winsock LSP: c:\winxp\system32\gamelink.dll
O10 - Unknown file in Winsock LSP: c:\winxp\system32\gamelink.dll
O10 - Unknown file in Winsock LSP: c:\winxp\system32\gamelink.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{B75200B4-4432-4177-8F8D-709FF55799A1}: NameServer = 174.138.200.1,194.204.152.34
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINXP\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINXP\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINXP\system32\PnkBstrA.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 7396 bytes


i log combofixa





ComboFix 08-03-25.4 - CHEJS 2008-03-26 11:43:03.1 - NTFSx86
Running from: D:\ahmed\ComboFix.exe
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED
.

((((((((((((((((((((((((( Files Created from 2008-02-26 to 2008-03-26 )))))))))))))))))))))))))))))))
.

2008-03-26 11:38 . 2008-03-26 11:38 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-26 11:26 . 2008-03-26 11:26 <DIR> d-------- C:\Program Files\NeroInstall.bak
2008-03-26 11:23 . 2008-03-26 11:23 <DIR> d-------- C:\Program Files\Nero
2008-03-26 11:23 . 2008-03-26 11:24 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-03-26 09:10 . 2008-03-26 09:10 <DIR> d-------- C:\Program Files\UltraISO
2008-03-26 09:01 . 2008-03-26 09:03 24 ---hs---- C:\WINXP\S8E51BD04.tmp
2008-03-26 09:00 . 2008-03-26 09:00 <DIR> d-------- C:\Program Files\SlySoft
2008-03-24 17:54 . 2008-03-26 09:02 <DIR> d-------- C:\DocumentyXP\CHEJS\Dane aplikacji\skypePM
2008-03-24 17:54 . 2008-03-24 17:54 32 --a------ C:\DocumentyXP\All Users\Dane aplikacji\ezsid.dat
2008-03-24 17:52 . 2008-03-24 22:55 <DIR> d-------- C:\Program Files\Skype
2008-03-24 17:52 . 2008-03-24 17:52 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-03-24 17:52 . 2008-03-26 11:18 <DIR> d-------- C:\DocumentyXP\CHEJS\Dane aplikacji\Skype
2008-03-24 17:52 . 2008-03-24 17:52 <DIR> d-------- C:\DocumentyXP\All Users\Dane aplikacji\Skype
2008-03-24 15:27 . 2008-03-24 15:27 <DIR> d-------- C:\Program Files\Eltima Software
2008-03-24 15:27 . 2008-03-24 15:27 <DIR> d-------- C:\Program Files\Common Files\Eltima Shared
2008-03-24 15:27 . 2008-03-24 15:27 <DIR> d-------- C:\DocumentyXP\CHEJS\Dane aplikacji\Eltima Software
2008-03-24 15:27 . 2007-12-02 14:14 3,345,408 --a------ C:\WINXP\system32\avcodec-51.dll
2008-03-24 15:27 . 2007-12-02 14:14 448,512 --a------ C:\WINXP\system32\avformat-50.dll
2008-03-24 15:27 . 2007-12-02 14:13 40,960 --a------ C:\WINXP\wavdest.ax
2008-03-24 15:27 . 2007-12-02 14:14 19,968 --a------ C:\WINXP\system32\avutil-49.dll
2008-03-24 07:27 . 2008-03-25 12:56 <DIR> d-------- C:\DocumentyXP\CHEJS\Dane aplikacji\BitTorrent
2008-03-24 07:26 . 2008-03-24 07:26 <DIR> d-------- C:\Program Files\DNA
2008-03-24 07:26 . 2008-03-24 07:27 <DIR> d-------- C:\Program Files\BitTorrent
2008-03-24 07:26 . 2008-03-26 11:37 <DIR> d-------- C:\DocumentyXP\CHEJS\Dane aplikacji\DNA
2008-03-23 14:03 . 2008-03-23 14:03 <DIR> d-------- C:\DocumentyXP\CHEJS\Dane aplikacji\GanymedeNet
2008-03-23 14:03 . 2008-03-23 14:03 4 --a------ C:\WINXP\system32\proc1395793746.bin
2008-03-23 11:17 . 2008-03-25 22:39 <DIR> d-------- C:\Program Files\Silkroad
2008-03-21 18:34 . 2008-03-21 18:34 <DIR> d-------- C:\vcs5BGEffects
2008-03-21 18:02 . 2005-05-04 13:39 94,208 --a------ C:\WINXP\system32\China.dll
2008-03-21 17:48 . 2008-03-21 17:48 <DIR> d-------- C:\Program Files\Fic_Products
2008-03-21 16:29 . 2008-03-21 16:29 <DIR> d--h----- C:\WINXP\system32\GroupPolicy
2008-03-21 12:09 . 2007-12-05 01:41 356,352 --a------ C:\WINXP\system32\nvudisp.exe
2008-03-21 12:09 . 2007-12-05 01:41 17,737 --a------ C:\WINXP\system32\nvdisp.nvu
2008-03-21 12:08 . 2008-03-21 12:08 <DIR> d-------- C:\NVIDIA
2008-03-21 12:08 . 2008-03-21 12:08 1,364,362 --a------ C:\adada.pdf
2008-03-21 12:06 . 2007-12-05 01:41 7,435,392 --a------ C:\WINXP\system32\drivers\nv4_mini.sys
2008-03-21 12:06 . 2007-12-05 01:41 7,435,392 --a--c--- C:\WINXP\system32\dllcache\nv4_mini.sys
2008-03-21 11:29 . 2008-03-21 11:29 <DIR> d-------- C:\Program Files\Common Files\DirectX
2008-03-20 21:33 . 2008-03-20 21:33 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-03-20 12:55 . 2008-03-24 14:06 <DIR> d-------- C:\Program Files\Common Files\Kaspersky Lab
2008-03-20 11:52 . 2008-03-21 12:33 8 --a------ C:\WINXP\system32\nvModes.dat
2008-03-20 11:51 . 2008-03-20 11:51 <DIR> d-------- C:\DocumentyXP\All Users\Dane aplikacji\nView_Profiles
2008-03-19 20:32 . 2008-03-10 09:10 4,224 --a------ C:\WINXP\system32\drivers\NVStrap.sys
2008-03-19 18:14 . 2008-03-19 18:14 496,051 --a------ C:\WINXP\system32\xvidcore.dll
2008-03-19 17:21 . 2008-03-19 17:21 <DIR> d-------- C:\Program Files\WinAVI Video Converter
2008-03-19 13:51 . 2008-03-19 13:51 <DIR> d-------- C:\DocumentyXP\All Users\Dane aplikacji\Diskeeper Corporation
2008-03-19 12:59 . 2008-03-21 18:10 <DIR> d-------- C:\Program Files\SpeedFan
2008-03-18 23:30 . 2007-12-07 18:28 6,144 --a------ C:\WINXP\system32\ff_acm.acm
2008-03-18 19:01 . 2008-03-19 20:24 <DIR> d-------- C:\Program Files\RivaTuner v2.08
2008-03-17 20:00 . 2003-03-18 21:20 1,060,864 --a------ C:\WINXP\system32\MFC71.dll
2008-03-17 19:59 . 2008-03-17 19:59 <DIR> d-------- C:\Program Files\Alwil Software
2008-03-15 16:38 . 2008-03-26 11:37 <DIR> d-a------ C:\DocumentyXP\All Users\Dane aplikacji\TEMP
2008-03-15 16:37 . 2008-03-15 16:52 <DIR> d-------- C:\Program Files\DAP
2008-03-15 16:37 . 2008-03-15 16:37 479,298 --a------ C:\WINXP\system32\wbocx.ocx
2008-03-15 16:37 . 2008-03-15 16:37 172,032 --a------ C:\WINXP\system32\AniGIF.ocx
2008-03-15 16:37 . 2008-03-15 16:37 50,688 --a------ C:\WINXP\system32\wbhelp2.dll
2008-03-15 14:15 . 2008-03-05 15:56 3,786,760 --a------ C:\WINXP\system32\D3DX9_37.dll
2008-03-15 14:15 . 2008-03-05 15:56 1,420,824 --a------ C:\WINXP\system32\D3DCompiler_37.dll
2008-03-15 14:15 . 2008-03-05 16:03 479,752 --a------ C:\WINXP\system32\XAudio2_0.dll
2008-03-15 14:15 . 2008-02-05 23:07 462,864 --a------ C:\WINXP\system32\d3dx10_37.dll
2008-03-15 14:15 . 2008-03-05 16:03 238,088 --a------ C:\WINXP\system32\xactengine3_0.dll
2008-03-15 14:15 . 2008-03-05 16:00 25,608 --a------ C:\WINXP\system32\X3DAudio1_3.dll
2008-03-14 22:22 . 2008-03-14 22:25 <DIR> d-------- C:\Program Files\HDD Regenerator
2008-03-14 22:20 . 2008-03-14 22:20 <DIR> d-------- C:\Program Files\Lavalys
2008-03-13 11:15 . 2008-03-26 09:05 <DIR> d-------- C:\Program Files\Odkurzacz
2008-03-11 15:15 . 2008-03-11 15:15 1 --a------ C:\WINXP\system32\SI.bin
2008-03-11 13:49 . 2008-03-11 14:01 <DIR> d-------- C:\Program Files\NKProds
2008-03-09 09:06 . 2008-03-09 09:06 <DIR> d-------- C:\WINXP\wt
2008-03-09 08:11 . 2008-03-09 08:11 <DIR> d-------- C:\Program Files\SubEdit-Player
2008-03-09 00:08 . 2008-03-09 00:12 <DIR> d-------- C:\Program Files\Ultra RM Converter
2008-03-08 22:15 . 2008-03-08 22:15 3,082 --a------ C:\WINXP\system32\affv208325p1now.sys
2008-03-08 20:45 . 2008-03-08 23:45 <DIR> d-------- C:\Program Files\RM Converter
2008-03-08 14:15 . 2007-12-29 13:52 229,376 --a------ C:\WINXP\system32\GameLink.dll
2008-03-08 11:57 . 2007-10-07 15:38 26,496 --a--c--- C:\WINXP\system32\dllcache\usbstor.sys
2008-03-07 13:10 . 2008-03-07 13:10 319 --a------ C:\WINXP\game.ini
2008-03-07 12:58 . 2008-03-07 12:58 <DIR> d--hs---- C:\WINXP\ftpcache
2008-03-06 21:51 . 2008-03-06 21:51 <DIR> d-------- C:\DocumentyXP\All Users\Dane aplikacji\Trymedia
2008-03-06 20:57 . 2008-03-06 20:57 <DIR> d-------- C:\WINXP\system32\QVJGTGljZW5zZUluZm8=
2008-03-06 20:57 . 2008-03-06 21:04 <DIR> d-------- C:\Program Files\Advanced Registry Fix
2008-03-05 13:49 . 2008-03-05 13:49 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2008-03-05 13:49 . 2008-03-05 13:49 <DIR> d-------- C:\DocumentyXP\CHEJS\Dane aplikacji\DAEMON Tools
2008-03-05 13:39 . 2008-03-05 13:39 <DIR> d-------- C:\Program Files\Alcohol Soft
2008-03-04 17:29 . 2008-03-04 17:29 <DIR> d-------- C:\WINXP\system32\Futuremark
2008-03-04 17:29 . 2004-10-25 20:02 21,664 --a------ C:\WINXP\system32\drivers\Entech.sys
2008-03-04 17:29 . 2001-11-19 18:05 3,972 --------- C:\WINXP\system32\drivers\PciBus.sys
2008-03-04 13:20 . 2008-03-19 20:44 45 --a------ C:\WINXP\system32\initdebug.nfo
2008-03-03 14:37 . 2008-03-05 15:00 <DIR> d-------- C:\Program Files\ESET
2008-03-01 21:18 . 2008-03-20 11:07 <DIR> d-------- C:\WINXP\speech
2008-03-01 21:17 . 2008-03-19 17:17 <DIR> d-------- C:\Program Files\ivo
2008-03-01 20:34 . 2008-03-01 20:34 <DIR> d-------- C:\WINXP\system32\Lang
2008-03-01 20:34 . 2008-03-01 20:34 940,794 --a------ C:\WINXP\system32\LoopyMusic.wav
2008-03-01 20:34 . 2008-03-01 20:34 146,650 --a------ C:\WINXP\system32\BuzzingBee.wav
2008-03-01 20:34 . 2008-03-20 15:54 60,416 --a------ C:\WINXP\ALCFDRTM.VER
2008-03-01 20:34 . 2008-03-01 20:34 60,416 --a------ C:\WINXP\ALCFDRTM.EXE
2008-03-01 16:52 . 2008-03-19 08:41 <DIR> d-------- C:\Program Files\SocksCapV2
2008-03-01 16:44 . 2008-03-01 16:44 <DIR> d-------- C:\DocumentyXP\CHEJS\WINDOWS
2008-03-01 16:44 . 1998-02-06 22:37 299,520 --a------ C:\WINXP\uninst.exe
2008-03-01 16:19 . 2008-03-01 16:19 <DIR> d-------- C:\DocumentyXP\All Users\Dane aplikacji\ESET
2008-02-29 16:47 . 2008-02-29 16:47 <DIR> d-------- C:\DocumentyXP\CHEJS\Dane aplikacji\InstallShield
2008-02-29 15:27 . 2008-03-18 13:14 <DIR> d-------- C:\WINXP\system32\oodag

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-26 10:28 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-26 10:23 --------- d-----w C:\DocumentyXP\All Users\Dane aplikacji\Nero
2008-03-26 09:12 22,328 ----a-w C:\WINXP\system32\drivers\PnkBstrK.sys
2008-03-26 09:12 107,832 ----a-w C:\WINXP\system32\PnkBstrB.exe
2008-03-25 19:58 --------- d-----w C:\DocumentyXP\CHEJS\Dane aplikacji\teamspeak2
2008-03-24 17:59 --------- d-----w C:\Program Files\The All-Seeing Eye
2008-03-23 22:16 --------- d-----w C:\Program Files\mIRC
2008-03-23 13:27 --------- d-----w C:\Program Files\NAPI-PROJEKT
2008-03-22 13:42 --------- d-----w C:\DocumentyXP\CHEJS\Dane aplikacji\Winamp
2008-03-19 23:59 25,992 ----a-w C:\WINXP\system32\pgdfgsvc.exe
2008-03-05 12:22 716,272 ----a-w C:\WINXP\system32\drivers\sptd.sys
2008-03-05 11:34 --------- d-----w C:\Program Files\sXe Injected
2008-03-05 11:33 --------- d-----w C:\Program Files\Futuremark
2008-02-27 07:06 --------- d-----w C:\Program Files\MyPortal
2008-02-25 16:21 22,328 ----a-w C:\DocumentyXP\CHEJS\Dane aplikacji\PnkBstrK.sys
2008-02-25 16:20 669,184 ----a-w C:\WINXP\system32\pbsvc.exe
2008-02-23 07:00 720,896 ----a-w C:\WINXP\iun6002.exe
2008-02-22 20:27 --------- d-----w C:\DocumentyXP\CHEJS\Dane aplikacji\Nero
2008-02-22 20:18 --------- d-----w C:\Program Files\Ahead
2008-02-22 05:36 --------- d-----w C:\Program Files\Microsoft DirectX SDK (November 2007)
2008-02-21 19:07 --------- d-----w C:\DocumentyXP\CHEJS\Dane aplikacji\Teewars
2008-02-20 10:11 33,800 ----a-w C:\WINXP\system32\drivers\epfwtdir.sys
2008-02-20 10:02 29,704 ----a-w C:\WINXP\system32\drivers\easdrv.sys
2008-02-20 10:01 39,944 ----a-w C:\WINXP\system32\drivers\eamon.sys
2008-02-19 08:32 --------- d-----w C:\Program Files\MSXML 6.0
2008-02-19 08:08 --------- d-----w C:\Program Files\Java
2008-02-18 15:21 132,904 ----a-w C:\WINXP\system32\drivers\imagesrv.sys
2008-02-18 15:21 11,304 ----a-w C:\WINXP\system32\drivers\imagedrv.sys
2008-02-18 15:04 95,600 ----a-w C:\WINXP\system32\NeroCo.dll
2008-02-15 18:42 21,840 ----atw C:\WINXP\system32\SIntfNT.dll
2008-02-15 18:42 17,212 ----atw C:\WINXP\system32\SIntf32.dll
2008-02-15 18:42 12,067 ----atw C:\WINXP\system32\SIntf16.dll
2008-02-15 02:45 --------- d-----w C:\DocumentyXP\CHEJS\Dane aplikacji\AdobeUM
2008-02-13 09:39 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-11 14:46 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-02-11 14:46 --------- d-----w C:\DocumentyXP\CHEJS\Dane aplikacji\Ventrilo
2008-02-10 14:36 --------- d-----w C:\DocumentyXP\CHEJS\Dane aplikacji\DAEMON Tools Pro
2008-02-10 14:10 278,984 ----a-w C:\WINXP\system32\drivers\atksgt.sys
2008-02-10 14:10 25,416 ----a-w C:\WINXP\system32\drivers\lirsgt.sys
2008-02-10 04:27 --------- d-----w C:\DocumentyXP\CHEJS\Dane aplikacji\Media Player Classic
2008-02-10 04:23 --------- d-----w C:\DocumentyXP\CHEJS\Dane aplikacji\DivX
2008-02-09 18:33 --------- d-----w C:\Program Files\Common Files\Java
2008-02-09 18:31 --------- d-----w C:\Program Files\MSXML 4.0
2008-02-09 18:21 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-02-09 18:20 --------- d-----w C:\Program Files\MSBuild
2008-02-09 18:16 --------- d-----w C:\Program Files\Reference Assemblies
2008-02-09 18:09 921,600 ----a-w C:\WINXP\system32\vorbisenc.dll
2008-02-09 18:09 892,928 ----a-w C:\WINXP\system32\iconv.dll
2008-02-09 18:09 237,568 ----a-w C:\WINXP\system32\OggDS.dll
2008-02-09 18:08 45,056 ----a-w C:\WINXP\system32\ogg.dll
2008-02-09 18:08 188,416 ----a-w C:\WINXP\system32\vorbis.dll
2008-02-09 18:08 1,415,680 ----a-w C:\WINXP\system32\WMV9VCM.dll
2008-02-09 18:07 9,216 ----a-w C:\WINXP\system32\cpuinf32.dll
2008-02-09 18:07 245,760 ----a-w C:\WINXP\system32\mplvpx.dll
2008-02-09 18:07 --------- d-----w C:\Program Files\HighMAT CD Writing Wizard
2008-02-09 18:07 --------- d-----w C:\Program Files\AutoPatcher Tools
2008-02-09 18:06 755,200 ----a-w C:\WINXP\system32\ir50_32.dll
2008-02-09 18:05 391,168 ----a-w C:\WINXP\system32\i263_32.drv
2008-02-09 11:03 --------- d-----w C:\DocumentyXP\CHEJS\Dane aplikacji\Ahead
2008-02-09 10:52 --------- d-----w C:\Program Files\Common Files\Ahead
2008-02-09 10:52 --------- d-----w C:\DocumentyXP\All Users\Dane aplikacji\Ahead
2008-02-09 06:59 --------- d-----w C:\Program Files\MarBit
2008-02-09 03:42 --------- d-----w C:\DocumentyXP\All Users\Dane aplikacji\Tiger Install
2008-02-09 02:52 --------- d-----w C:\DocumentyXP\All Users\Dane aplikacji\Grid
2008-02-09 02:07 66,872 ----a-w C:\WINXP\system32\PnkBstrA.exe
2008-02-09 01:48 86,016 ------w C:\WINXP\system32\pxwma.dll
2008-02-09 01:30 --------- d-----w C:\DocumentyXP\CHEJS\Dane aplikacji\Gadu-Gadu
2008-02-09 00:41 --------- d-----w C:\DocumentyXP\CHEJS\Dane aplikacji\Talkback
2008-02-09 00:29 --------- d-----w C:\Program Files\WLAN
2008-02-09 00:25 --------- d-----w C:\Program Files\AMD
2008-02-09 00:19 --------- d-----w C:\Program Files\microsoft frontpage
2008-02-09 00:18 --------- d-----w C:\Program Files\Usługi online
2008-01-18 20:19 607,744 ----a-w C:\WINXP\system32\x264vfw.dll
2008-01-14 12:15 81,920 ----a-w C:\WINXP\system32\frapsvid.dll
2008-01-09 11:18 200,704 ----a-w C:\WINXP\system32\ssldivx.dll
2008-01-09 11:18 129,784 ------w C:\WINXP\system32\pxafs.dll
2008-01-09 11:18 120,056 ------w C:\WINXP\system32\pxcpyi64.exe
2008-01-09 11:18 118,520 ------w C:\WINXP\system32\pxinsi64.exe
2008-01-09 11:18 1,044,480 ----a-w C:\WINXP\system32\libdivx.dll
2008-01-09 11:16 196,608 ----a-w C:\WINXP\system32\dtu100.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Rapget"="C:\DocumentyXP\CHEJS\Pulpit\RAPGET\rapget.exe" [2007-12-25 15:56 171008]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="C:\WINXP\system32\tscupgrd.exe" [2004-08-04 01:33 44544]

C:\DocumentyXP\All Users\Menu Start\Programy\Autostart\
WConfig.lnk - C:\Program Files\WLAN\WConfig\WConfig.exe [2008-02-09 01:29:35 385024]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoStrCmpLogical"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoChangeKeyboardNavigationIndicators"= 0 (0x0)
"NoSMConfigurePrograms"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"MemCheckBoxInRunDlg"= 0 (0x0)
"NoAutoTrayNotify"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoResolveSearch"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
"NoRecentDocsNetHood"= 1 (0x1)
"NoDesktopCleanupWizard"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINXP\\system32\\dpvsetup.exe"=
"C:\\WINXP\\system32\\rundll32.exe"=
"C:\\Program Files\\Gadu-Gadu\\gg.exe"=
"C:\\Program Files\\The All-Seeing Eye\\eye.exe"=
"C:\\Program Files\\mIRC\\mirc.exe"=
"E:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe"=
"C:\\Program Files\\GridService\\peer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"E:\\Program Files\\MHTC\\SilkErrSender.exe"=
"E:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"E:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"C:\\WINXP\\system32\\PnkBstrA.exe"=
"C:\\WINXP\\system32\\PnkBstrB.exe"=
"E:\\Program Files\\EA GAMES\\Need for Speed Most Wanted\\speed.exe"=
"E:\\Program Files\\Sierra\\FEAR\\FEAR.exe"=
"E:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 JAHCI;JAHCI;C:\WINXP\system32\DRIVERS\JAHCI.sys [2005-05-12 14:12]
R0 uliagpkx;ULi AGP Bus Filter Driver;C:\WINXP\system32\DRIVERS\agpkx.sys [2005-05-03 17:31]
R1 epfwtdir;epfwtdir;C:\WINXP\system32\DRIVERS\epfwtdir.sys [2008-02-20 11:11]
R3 RT2400PCI;802.11b WLAN PCI;C:\WINXP\system32\DRIVERS\RT2400.sys [2003-10-31 09:47]
S0 NVStrap;NVStrap;C:\WINXP\system32\drivers\NVStrap.sys [2008-03-10 09:10]
S3 ULI5261XP;ULi M526X Ethernet NT Driver;C:\WINXP\system32\DRIVERS\ULILAN51.SYS [2005-03-22 20:36]
S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINXP\system32\DRIVERS\USBSTOR.SYS [2007-10-07 15:38]

*Newly Created Service* - NMINDEXINGSERVICE
*Newly Created Service* - PLFLASH_DEVICEIOCONTROL_SERVICE
.
Contents of the 'Scheduled Tasks' folder
"2008-03-14 16:34:56 C:\WINXP\Tasks\Advanced Registry Fix.job"
- C:\Program Files\Advanced Registry Fix\AdvancedRegistryFix.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-26 11:44:33
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-26 11:45:05
ComboFix-quarantined-files.txt 2008-03-26 10:44:57

Co do loga z hjt:

Odpal hjt.Wybierz opcję do a system scan only.Zrobi Ci się log i zaznacz kwadraty obok poniższych wpisów i daj fix

O1 - Hosts: 222.111.150.111 gwg3project512.de
O1 - Hosts: 222.111.150.111 gwg4project512.de
O10 - Unknown file in Winsock LSP: c:\winxp\system32\gamelink.dll
O10 - Unknown file in Winsock LSP: c:\winxp\system32\gamelink.dll
O10 - Unknown file in Winsock LSP: c:\winxp\system32\gamelink.dll
O10 - Unknown file in Winsock LSP: c:\winxp\system32\gamelink.dll
O10 - Unknown file in Winsock LSP: c:\winxp\system32\gamelink.dll
O10 - Unknown file in Winsock LSP: c:\winxp\system32\gamelink.dll
O10 - Unknown file in Winsock LSP: c:\winxp\system32\gamelink.dll
O10 - Unknown file in Winsock LSP: c:\winxp\system32\gamelink.dll

Wklej do notatnika

File::
C:\WINXP\S8E51BD04.tmp
 C:\WINXP\system32\QVJGTGljZW5zZUluZm8=

>>Plik>>Zapisz jako... >>> CFScript (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe)
Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe (czyli ikonkę CFScript.txt na ikonkę ComboFix.exe)
– podobnie jak na tym obrazku -->
(jeśli pojawi się pytanie "1 or 2" - to wpisz 1 i naciśnij ENTER) Ma się rozpocząć usuwanie. (i powstanie log)
Po restarcie usuń ręcznie folder C: \Qoobox.

Po wykoaniu tego daj nowego loga.
znasz ten plik?:
C:\WINDOWS\system32\nvModes.dat