Win32/Rootkit.Agent.ODG trojan

X

Xadam

New member
As the title says i have a very serious problem with this Trojan... It slows dramaticly my operating system wich is Windows XPSP3. First i wanted to rinstal system but i've chosen another option, in my case i think best because i need my PC running everyday and its necessary. Would be great if I can find some good solution for this problem: Win32/Rootkit.Agent.ODG trojan

oh and 1 more this ESET discovers this Trojan but it says that's Unable to clean/repair

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:50:04, on 2009-08-08
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\TEMP\ylqppofahn.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\autoclk.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\ATKKBService.exe
C:\Documents and Settings\RedCloud\Ustawienia lokalne\Dane aplikacji\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\3B Software\Common\Scheduler\wcomschd.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Nowe Gadu-Gadu\gg.exe
C:\Program Files\Nowe Gadu-Gadu\spellchecker_gg.exe
C:\WINDOWS\TEMP\ylqppofahn.exe
C:\Documents and Settings\RedCloud\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\RedCloud\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\RedCloud\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\RedCloud\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\RedCloud\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe
D:\HiJackThis.exe
C:\Program Files\Java\jre6\bin\java.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Pomocnik rejestracji usługi Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Solid State Networks IE Browser Plugin - {BD08A9D5-0E5C-4f42-99A3-C0CB5E860557} - C:\WINDOWS\system32\SolidStateNetworks\SolidStateION\solidax.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: IEPluginBHO - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\RedCloud\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [autoclk] autoclk.exe
O4 - HKLM\..\Run: [MSxmlHpr] RUNDLL32.EXE C:\WINDOWS\system32\msxm192z.dll,w
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\RedCloud\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'USŁUGA SIECIOWA')
O4 - Startup: Lavasoft Ad-Aware Updater.exe
O4 - Startup: Registry Repair Pro.lnk = C:\Program Files\3B Software\Registry Repair Pro\RegistryRepairPro.exe
O4 - Startup: Scheduler.lnk = C:\Program Files\3B Software\Common\Scheduler\wcomschd.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} (CSolidBrowserObj Object) - http://www.playwhat.com/solidPlugin/solidstateion.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AE728A47-FAAC-4FC9-8C70-C05DBB07F867}: NameServer = 213.241.79.37 83.238.255.76
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Eset Trial Reset .EsetTrialResetAlerter (.esettrialresetalerter) - Unknown owner - C:\WINDOWS\TEMP\ylqppofahn.exe
O23 - Service: Eset Trial Reset .EsetTrialResetAlerter .esettrialresetalerterAlerter (.esettrialresetalerterAlerter) - Unknown owner - C:\WINDOWS\TEMP\cvieeruruy.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Usługa inteligentnego transferu w tle (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Usługa Google Update (gupdate1c98fc14bc8e74c) (gupdate1c98fc14bc8e74c) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Usługa iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Aktualizacje automatyczne (wuauserv) - Unknown owner - C:\WINDOWS\

--
End of file - 10601 bytes
 
Hi Xadam

To access the Uninstall Manager you would do the following:

1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.

You will now be presented with a screen similar to the one below:

uninstall-man.jpg


5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here on your next reply.
 
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
Adobe Acrobat 5.0
Adobe AIR
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles CS CS4
Adobe CSI CS4
Adobe Default Language CS4
Adobe ExtendScript Toolkit CS4
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Linguistics CS4
Adobe Media Player
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Shockwave Player 11
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Aktualizacja dla systemu Windows XP (KB898461)
Aktualizacja dla systemu Windows XP (KB951072-v2)
Aktualizacja dla systemu Windows XP (KB951978)
Aktualizacja dla systemu Windows XP (KB955839)
Aktualizacja dla systemu Windows XP (KB961503)
Aktualizacja dla systemu Windows XP (KB967715)
Aktualizacja krytyczna dla programu Windows Media Player 11 (KB959772)
Aktualizacja zabezpieczeń dla programu Windows Media Player (KB952069)
Aktualizacja zabezpieczeń dla programu Windows Media Player 11 (KB936782)
Aktualizacja zabezpieczeń dla programu Windows Media Player 11 (KB954154)
Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 7 (KB938127-v2)
Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 7 (KB960714)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB923561)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB938464)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB946648)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB950762)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB950974)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB951066)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB951376-v2)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB951698)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB951748)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB952004)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB952954)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB953839)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB954211)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB954459)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB954600)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB955069)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB956391)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB956572)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB956802)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB956803)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB956841)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB957095)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB957097)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB958644)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB958687)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB958690)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB959426)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB960225)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB960715)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB960803)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB961373)
Aktualizacja zabezpieczeń dla Windows XP (KB941569)
Apple Mobile Device Support
Apple Software Update
Archiwizator WinRAR
ASUS Enhanced Display Driver
Asystent rejestracji usługi Windows Live
Attansic Giga Ethernet Utility
Brother MFL-Pro Suite
Call of Duty(R) - World at War(TM) 1.2 Patch
Call of Duty(R) - World at War(TM) 1.4 Patch
Camera Driver
Choice Guard
Connect
Dev-C++ 5 beta 9 release (4.9.9.2)
DVD Solution
Google Earth
Google Update Helper
Guitar Hero World Tour
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
InCD
iTunes
Java(TM) 6 Update 14
JMB36X Raid Configurer
K-Lite Codec Pack 4.1.7 (Full)
kuler
Labtec WebCam
Left 4 Dead
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0 — pakiet języka polskiego
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0
Microsoft .NET Framework 3.0 Polish Language Pack
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Office Access MUI (Polish) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (Polish) 2007
Microsoft Office Groove MUI (Polish) 2007
Microsoft Office InfoPath MUI (Polish) 2007
Microsoft Office OneNote MUI (Polish) 2007
Microsoft Office Outlook MUI (Polish) 2007
Microsoft Office PowerPoint MUI (Polish) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Polish) 2007
Microsoft Office Proofing (Polish) 2007
Microsoft Office Publisher MUI (Polish) 2007
Microsoft Office Shared MUI (Polish) 2007
Microsoft Office Word MUI (Polish) 2007
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Motorola Driver Installation 3.4.0
Motorola Phone Tools
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6.0 Parser
Multimedia Launcher
Narzędzie do przekazywania usługi Windows Live
Nero 9
neroxml
Nowe Gadu-Gadu
NVIDIA Drivers
NVIDIA PhysX
OpenAL
Pakiet języka polskiego dla systemu Microsoft .NET Framework 3.0
PaperPort
PDF Settings CS4
Photoshop Camera Raw
Podstawowe programy Windows Live
Podstawowe programy Windows Live
Poprawka dla programu Windows Media Player 11 (KB939683)
Poprawka dla systemu Windows XP (KB952287)
PowerDVD
PowerProducer
QuickTime
Real Alternative 1.9.0 Lite
Realtek High Definition Audio Driver
Registry Repair Pro
SAGEM F@st 800-840
SAMSUNG Mobile Composite Device Software
SAMSUNG Mobile Modem Driver Set
Samsung Mobile phone USB driver Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung PC Studio 3
Samsung PC Studio 3 USB Driver Installer
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB969679)
Security Update for Microsoft Office Excel 2007 (KB969682)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office Word 2007 (KB969604)
Segoe UI
Skype™ 3.8
Solid State ION Internet Explorer Plugin
Sony Vegas Pro 8.0
Suite Shared Configuration CS4
Sword of The New World
TeamSpeak 2 RC2
Tibia
Tibia MULTI-ip changer
TibiaCam TV Lite 2.8.2
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office Outlook 2007 (KB969907)
Update for Outlook 2007 Junk Email Filter (kb970012)
Ventrilo
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Winamp
Windows Communication Foundation
Windows Internet Explorer 8
Windows Live Communications Platform
Windows Live Messenger
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Presentation Foundation
Windows Presentation Foundation Language Pack (PLK)
Windows Workflow Foundation
Windows Workflow Foundation PL Language Pack
XML Paper Specification Shared Components Language Pack 1.0
 
It appears that your ESET Smart Security isn't legit and you will have to uninstall it.

After that, please install one free antivirus from below and post back a fresh HijackThis log, please.

Anti-virus software are programs that detect, cleanse, and erase harmful virus files on a computer, Web server, or network. Unchecked, virus files can unintentionally be forwarded to others, including trading partners and thereby spreading infection. Because new viruses regularly emerge, anti-virus software should be updated frequently. Anti-virus software can scan the computer memory and disk drives for malicious code. They can alert the user if a virus is present, and will clean, delete (or quarantine) infected files or directories. Please download a free anti-virus software from one these excellent vendors NOW:

1) Antivir PersonalEdition Classic - Free anti-virus software for Windows. Free support.
2) avast! 4 Home Edition - Anti-virus program for Windows. The home edition is freeware for noncommercial users.
3) AVG Anti-Virus Free Edition - Free edition of the AVG anti-virus program for Windows.

You should run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and results in program conflicts and false virus alerts.
 
Instaled:
1) Antivir PersonalEdition Classic - Free anti-virus software for Windows. Free support.

here's fresh log


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:59:33, on 2009-08-09
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\TEMP\ylqppofahn.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\TEMP\ylqppofahn.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\ATKKBService.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\autoclk.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\dumprep.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Documents and Settings\RedCloud\Ustawienia lokalne\Dane aplikacji\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Documents and Settings\RedCloud\Menu Start\Programy\Autostart\Lavasoft Ad-Aware Updater.exe
C:\Program Files\3B Software\Common\Scheduler\wcomschd.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dwwin.exe
D:\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Pomocnik rejestracji usługi Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Solid State Networks IE Browser Plugin - {BD08A9D5-0E5C-4f42-99A3-C0CB5E860557} - C:\WINDOWS\system32\SolidStateNetworks\SolidStateION\solidax.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: IEPluginBHO - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\RedCloud\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [autoclk] autoclk.exe
O4 - HKLM\..\Run: [MSxmlHpr] RUNDLL32.EXE C:\WINDOWS\system32\msxm192z.dll,w
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\RedCloud\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'USŁUGA SIECIOWA')
O4 - Startup: Lavasoft Ad-Aware Updater.exe
O4 - Startup: Registry Repair Pro.lnk = C:\Program Files\3B Software\Registry Repair Pro\RegistryRepairPro.exe
O4 - Startup: Scheduler.lnk = C:\Program Files\3B Software\Common\Scheduler\wcomschd.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} (CSolidBrowserObj Object) - http://www.playwhat.com/solidPlugin/solidstateion.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AE728A47-FAAC-4FC9-8C70-C05DBB07F867}: NameServer = 213.241.79.37 83.238.255.76
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Eset Trial Reset .EsetTrialResetAlerter (.esettrialresetalerter) - Unknown owner - C:\WINDOWS\TEMP\ylqppofahn.exe
O23 - Service: Eset Trial Reset .EsetTrialResetAlerter .esettrialresetalerterAlerter (.esettrialresetalerterAlerter) - Unknown owner - C:\WINDOWS\TEMP\cvieeruruy.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Usługa inteligentnego transferu w tle (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Usługa Google Update (gupdate1c98fc14bc8e74c) (gupdate1c98fc14bc8e74c) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Usługa iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Aktualizacje automatyczne (wuauserv) - Unknown owner - C:\WINDOWS\

--
End of file - 10499 bytes
 
  1. Please download regsearch.zip and save it to your desktop.
  2. Right click on regsearch.zip and select Extract All....
  3. Click Next on seeing the Welcome to the Compressed (zipped) Folders Extraction Wizard.
  4. Click on the Browse button. Click on Desktop. Then click OK.
  5. Once done, check (tick) the Show extracted files box and click Finish.
  6. Double click on regsearch.exe to run it.
  7. Copy and paste fystemroot under Enter search strings (case independent) and click OK... (boxed up in red in the screenshot below).

    regsearch184.png

  8. Click OK.
  9. When done, RegSearch.txt will open. Please post the contents of this file in your next reply. This file can also be found on your desktop or wherever regsearch is extracted to.
 
Windows Registry Editor Version 5.00

; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.6.0

; Results at 2009-08-09 13:11:48 for strings:
; 'fystemroot'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS


[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BITS]
; Contents of value:
; %fystemRoot%\system32\svchost.exe -k netsvcs
"ImagePath"=hex(2):25,00,66,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
6b,00,20,00,6e,00,65,00,74,00,73,00,76,00,63,00,73,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wuauserv]
; Contents of value:
; %fystemroot%\system32\svchost.exe -k netsvcs
"ImagePath"=hex(2):25,00,66,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,00,6f,00,\
74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
6b,00,20,00,6e,00,65,00,74,00,73,00,76,00,63,00,73,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BITS]
; Contents of value:
; %fystemRoot%\system32\svchost.exe -k netsvcs
"ImagePath"=hex(2):25,00,66,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
6b,00,20,00,6e,00,65,00,74,00,73,00,76,00,63,00,73,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\wuauserv]
; Contents of value:
; %fystemroot%\system32\svchost.exe -k netsvcs
"ImagePath"=hex(2):25,00,66,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,00,6f,00,\
74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
6b,00,20,00,6e,00,65,00,74,00,73,00,76,00,63,00,73,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS]
; Contents of value:
; %fystemRoot%\system32\svchost.exe -k netsvcs
"ImagePath"=hex(2):25,00,66,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
6b,00,20,00,6e,00,65,00,74,00,73,00,76,00,63,00,73,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv]
; Contents of value:
; %fystemroot%\system32\svchost.exe -k netsvcs
"ImagePath"=hex(2):25,00,66,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,00,6f,00,\
74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
6b,00,20,00,6e,00,65,00,74,00,73,00,76,00,63,00,73,00,00,00

; End Of The Log...
 
Download ERUNT from Derfisch or MVPS and save it to your desktop.

Please follow Step 4 onwards of the Installing & Using ERUNT to back up your registry. Skip Step 19 for now.

-open registry : start -> run -> type regedit and hit enter
- Go to the top (left column) and do a search for %fystemroot% , via ctrl +f

On the open folder in the left panel : rightclick it -> select Permissions and set permissions (total control) for you (administrator) then apply and double click on the key (ImagePath), replace %fystemroot% with %SystemRoot%

Do so for every value it finds! (Use F3 to find next).

Reboot.

Post back a fresh HijackThis log, please.
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:28:57, on 2009-08-09
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\TEMP\cvieeruruy.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\TEMP\cvieeruruy.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\autoclk.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\RedCloud\Ustawienia lokalne\Dane aplikacji\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Documents and Settings\RedCloud\Menu Start\Programy\Autostart\Lavasoft Ad-Aware Updater.exe
C:\Program Files\3B Software\Registry Repair Pro\RegistryRepairPro.exe
C:\Program Files\3B Software\Common\Scheduler\wcomschd.exe
C:\WINDOWS\system32\wuauclt.exe
D:\HiJackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Pomocnik rejestracji usługi Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Solid State Networks IE Browser Plugin - {BD08A9D5-0E5C-4f42-99A3-C0CB5E860557} - C:\WINDOWS\system32\SolidStateNetworks\SolidStateION\solidax.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: IEPluginBHO - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\RedCloud\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [autoclk] autoclk.exe
O4 - HKLM\..\Run: [MSxmlHpr] RUNDLL32.EXE C:\WINDOWS\system32\msxm192z.dll,w
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\RedCloud\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'USŁUGA SIECIOWA')
O4 - Startup: Lavasoft Ad-Aware Updater.exe
O4 - Startup: Registry Repair Pro.lnk = C:\Program Files\3B Software\Registry Repair Pro\RegistryRepairPro.exe
O4 - Startup: Scheduler.lnk = C:\Program Files\3B Software\Common\Scheduler\wcomschd.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} (CSolidBrowserObj Object) - http://www.playwhat.com/solidPlugin/solidstateion.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Eset Trial Reset .EsetTrialResetAlerter (.esettrialresetalerter) - Unknown owner - C:\WINDOWS\TEMP\ylqppofahn.exe (file missing)
O23 - Service: Eset Trial Reset .EsetTrialResetAlerter .esettrialresetalerterAlerter (.esettrialresetalerterAlerter) - Unknown owner - C:\WINDOWS\TEMP\cvieeruruy.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Usługa Google Update (gupdate1c98fc14bc8e74c) (gupdate1c98fc14bc8e74c) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Usługa iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 10151 bytes
 
We will continue with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a fresh HijackThis log.
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:33:09, on 2009-08-09
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\autoclk.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\RedCloud\Ustawienia lokalne\Dane aplikacji\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\3B Software\Registry Repair Pro\RegistryRepairPro.exe
C:\Program Files\3B Software\Common\Scheduler\wcomschd.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\RedCloud\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\RedCloud\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe
D:\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Pomocnik rejestracji usługi Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Solid State Networks IE Browser Plugin - {BD08A9D5-0E5C-4f42-99A3-C0CB5E860557} - C:\WINDOWS\system32\SolidStateNetworks\SolidStateION\solidax.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: IEPluginBHO - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\RedCloud\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [autoclk] autoclk.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\RedCloud\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Registry Repair Pro.lnk = C:\Program Files\3B Software\Registry Repair Pro\RegistryRepairPro.exe
O4 - Startup: Scheduler.lnk = C:\Program Files\3B Software\Common\Scheduler\wcomschd.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} (CSolidBrowserObj Object) - http://www.playwhat.com/solidPlugin/solidstateion.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AE728A47-FAAC-4FC9-8C70-C05DBB07F867}: NameServer = 213.241.79.37 83.238.255.76
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Eset Trial Reset .EsetTrialResetAlerter (.esettrialresetalerter) - Unknown owner - C:\WINDOWS\TEMP\ylqppofahn.exe (file missing)
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Usługa Google Update (gupdate1c98fc14bc8e74c) (gupdate1c98fc14bc8e74c) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Usługa iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 9745 bytes














ComboFix 09-08-08.04 - RedCloud 2009-08-09 16:16.2.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.1023.692 [GMT 2:00]
Uruchomiony z: c:\documents and settings\RedCloud\Pulpit\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
.
ADS - WINDOWS: deleted 48 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-1601991441-287435753-2479082871-1000
c:\windows\Installer\34b2e.msp
c:\windows\system32\AVSredirect.dll
c:\windows\system32\config\systemprofile\Menu Start\Programy\System Security
c:\windows\system32\config\systemprofile\Menu Start\Programy\System Security\System Security
c:\windows\system32\drivers\kungsfxugkinet.sys
c:\windows\system32\drivers\SKYNETibapipyl.sys
c:\windows\system32\drivers\vsfocerdwxsnqm.sys
c:\windows\system32\kungsfewmexptj.dll
c:\windows\system32\kungsfkvscpxyx.dat
c:\windows\system32\kungsfmyliqukl.dat
c:\windows\system32\kungsfudjbpfmy.dll
c:\windows\system32\SKYNETqecxncbd.dll
c:\windows\system32\vsfocellptbqlf.dll
c:\windows\system32\vsfoceotpeuops.dat
c:\windows\system32\vsfoceptusaejk.dat
c:\windows\system32\vsfocepvarpodv.dll
c:\windows\TEMP\cvieeruruy.exe

.
((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_kungsfigswkwnv
-------\Legacy_kungsfigswkwnv
-------\Service_SKYNETdmduyxcd
-------\Legacy_SKYNETdmduyxcd
-------\Service_vsfocerdodjitu
-------\Legacy_vsfocerdodjitu
-------\Legacy_sfx
-------\Legacy_sfxdrv
-------\Legacy_.esettrialresetalerterAlerter
-------\Service_.esettrialresetalerterAlerter


((((((((((((((((((((((((( Pliki utworzone od 2009-07-09 do 2009-08-09 )))))))))))))))))))))))))))))))
.

2009-08-09 12:18 . 2009-08-09 12:18 -------- d-----w- c:\program files\ERUNT
2009-08-09 10:05 . 2009-08-09 10:05 -------- d-----r- c:\documents and settings\LocalService\Ulubione
2009-08-09 09:53 . 2009-07-28 14:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-08-09 09:53 . 2009-03-30 08:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-08-09 09:53 . 2009-02-13 10:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-08-09 09:53 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-08-09 09:53 . 2009-08-09 09:53 -------- d-----w- c:\program files\Avira
2009-08-09 09:53 . 2009-08-09 09:53 -------- d-----w- c:\docume~1\ALLUSE~1\DANEAP~1\Avira
2009-08-09 08:09 . 2009-08-09 12:27 4992 ----a-w- c:\documents and settings\RedCloud\sterownik.sys
2009-08-08 18:55 . 2009-08-08 18:55 -------- d-----w- c:\documents and settings\RedCloud\Ustawienia lokalne\Dane aplikacji\id Software
2009-08-07 14:35 . 2009-08-07 14:35 -------- d-----w- c:\program files\CyberLink
2009-08-07 12:10 . 2009-08-07 12:40 -------- d-----w- c:\docume~1\ALLUSE~1\DANEAP~1\13351564
2009-08-07 10:27 . 2009-08-07 10:32 -------- d-----w- c:\documents and settings\RedCloud\Dane aplikacji\Nero
2009-08-07 10:09 . 2009-08-07 10:09 -------- d-----w- c:\program files\Windows Sidebar
2009-08-07 09:56 . 2009-08-07 10:05 -------- d-----w- c:\docume~1\ALLUSE~1\DANEAP~1\Nero
2009-08-07 09:56 . 2009-08-07 10:20 -------- d-----w- c:\program files\Common Files\Nero
2009-08-05 09:54 . 2009-08-05 09:54 -------- d-----w- c:\documents and settings\RedCloud\Ustawienia lokalne\Dane aplikacji\Aspyr
2009-08-05 09:35 . 2009-08-05 09:35 -------- d-----w- c:\program files\MSXML 6.0
2009-08-04 12:43 . 2006-07-21 23:40 143360 ------r- c:\windows\system32\RtlCPAPI.dll
2009-08-04 12:42 . 2005-05-03 10:43 69632 ------r- c:\windows\Alcmtr.exe
2009-08-04 12:32 . 2009-08-04 12:32 -------- d-----w- c:\program files\Java
2009-08-04 12:10 . 2009-08-04 12:32 152576 ----a-w- c:\documents and settings\RedCloud\Dane aplikacji\Sun\Java\jre1.6.0_14\lzma.dll
2009-08-03 19:13 . 2009-08-03 19:32 -------- d-----w- c:\docume~1\ALLUSE~1\DANEAP~1\14524684
2009-08-01 17:31 . 2009-08-01 17:35 -------- d-----w- c:\program files\BitComet
2009-08-01 17:23 . 2009-08-01 17:23 -------- d-----w- c:\documents and settings\RedCloud\Ustawienia lokalne\Dane aplikacji\Ares
2009-08-01 17:04 . 2009-08-01 17:04 -------- d-----w- c:\docume~1\ALLUSE~1\DANEAP~1\3B4E
2009-07-29 17:40 . 2009-07-29 17:40 -------- d-----w- c:\program files\Argente Software
2009-07-27 07:03 . 2009-07-27 07:03 22328 ----a-w- c:\documents and settings\RedCloud\Dane aplikacji\PnkBstrK.sys
2009-07-27 07:03 . 2009-07-27 07:03 107832 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-07-27 07:03 . 2009-07-27 07:03 -------- d-----w- c:\windows\system32\LogFiles
2009-07-25 07:02 . 2009-07-25 07:02 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-07-24 15:37 . 2009-07-24 15:37 -------- d-----w- c:\docume~1\ALLUSE~1\DANEAP~1\Simply Super Software
2009-07-24 15:13 . 2004-01-28 14:42 1531904 ----a-w- c:\windows\adiras.exe
2009-07-24 15:13 . 2003-06-24 11:55 127497 ----a-w- c:\windows\system32\drivers\adiusbaw.sys
2009-07-24 15:13 . 2002-05-09 13:12 155648 ----a-w- c:\windows\system32\adadix32.dll
2009-07-24 15:13 . 2001-07-27 11:25 127456 ----a-w- c:\windows\system32\ipdetect.exe
2009-07-24 15:13 . 2002-11-15 12:33 126976 ----a-w- c:\windows\system32\coclassfast.dll
2009-07-24 15:13 . 2003-07-17 14:48 46167 ----a-w- c:\windows\system32\drivers\adildr.sys
2009-07-24 15:13 . 2001-05-24 14:24 22395 ----a-w- c:\windows\system32\drivers\fpga.bin
2009-07-24 15:13 . 2001-02-08 09:05 46892 ----a-w- c:\windows\system32\adadix16.dll
2009-07-24 15:13 . 2003-01-30 06:48 143360 ----a-w- c:\windows\autoclk.exe
2009-07-24 12:58 . 2009-07-13 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-24 12:58 . 2009-07-13 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-24 11:19 . 2009-07-24 11:19 -------- d-----w- c:\documents and settings\Administrator\Dane aplikacji\DivX
2009-07-24 11:06 . 2009-07-24 11:06 -------- d-----w- c:\documents and settings\RedCloud\Dane aplikacji\Malwarebytes
2009-07-24 11:06 . 2009-07-27 06:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-24 11:06 . 2009-07-24 11:06 -------- d-----w- c:\docume~1\ALLUSE~1\DANEAP~1\Malwarebytes
2009-07-24 10:26 . 2009-07-24 10:26 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-07-24 09:43 . 2009-07-24 09:43 199 ----a-w- c:\windows\prxid93ps.dat
2009-07-24 09:43 . 2009-07-24 12:45 0 ----a-w- c:\windows\system32\drivers\58ee5dc9.sys
2009-07-18 20:40 . 2009-07-18 20:42 -------- d-----w- c:\documents and settings\RedCloud\Dane aplikacji\Ventrilo
2009-07-18 20:39 . 2009-07-18 20:39 -------- d-----w- c:\program files\Ventrilo
2009-07-17 21:14 . 2009-08-07 22:47 -------- d-----w- c:\documents and settings\RedCloud\Ustawienia lokalne\Dane aplikacji\Temp
2009-07-16 18:09 . 2009-07-16 18:10 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2009-07-13 10:12 . 2009-08-03 16:19 -------- d-----w- c:\documents and settings\RedCloud\Dane aplikacji\Tibia
2009-07-13 10:09 . 2009-08-03 16:21 -------- d-----w- c:\program files\Tibia

.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-07 17:25 . 2009-06-17 22:02 -------- d-----w- c:\program files\TibiaCam TV Lite
2009-08-07 14:49 . 2008-09-11 16:26 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-07 14:36 . 2008-09-11 16:40 -------- d-----w- c:\program files\CyberLink DVD Solution
2009-08-04 19:35 . 2009-04-24 14:42 -------- d-----w- c:\program files\Nowe Gadu-Gadu
2009-08-04 12:42 . 2008-09-11 16:33 -------- d-----w- c:\program files\Realtek
2009-08-04 12:32 . 2008-10-22 18:45 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-24 15:14 . 2009-07-24 15:13 23 ----a-w- c:\windows\system32\drivers\adidsl.cfg
2009-07-24 10:32 . 2001-10-26 16:15 87056 ----a-w- c:\windows\system32\perfc015.dat
2009-07-24 10:32 . 2001-10-26 16:15 498526 ----a-w- c:\windows\system32\perfh015.dat
2009-07-24 09:48 . 2008-09-11 16:40 -------- d-----w- c:\program files\Ahead
2009-07-24 09:48 . 2008-09-11 16:40 -------- d-----w- c:\program files\Common Files\Ahead
2009-07-18 20:39 . 2009-01-29 13:34 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-07-11 15:00 . 2008-09-11 18:29 -------- d-----w- c:\program files\Asprate
2009-07-08 14:56 . 2009-07-08 14:53 -------- d-----w- c:\program files\Online TV Player 3
2009-07-06 13:17 . 2009-05-30 12:24 -------- d-----w- c:\docume~1\ALLUSE~1\DANEAP~1\OpenFM
2009-07-05 22:12 . 2009-07-05 22:12 -------- d-----w- c:\program files\AviSynth 2.5
2009-07-01 22:58 . 2009-07-01 22:58 -------- d-----w- c:\program files\Common Files\DirectX
2009-07-01 22:38 . 2009-01-29 13:34 -------- d-----w- c:\program files\AGEIA Technologies
2009-06-21 06:46 . 2009-05-20 15:17 485920 ----a-w- c:\windows\system32\nvuninst.exe
2009-06-19 01:03 . 2008-11-06 07:31 -------- d-----w- c:\docume~1\ALLUSE~1\DANEAP~1\Microsoft Help
2009-06-17 22:03 . 2009-06-15 09:18 -------- d-----w- c:\program files\Sword of the New World
2009-06-17 22:02 . 2009-06-17 22:02 -------- d-----w- c:\program files\Tibia2
2009-06-17 22:02 . 2009-06-17 22:02 -------- d-----w- c:\program files\Windows Live
2009-06-17 21:59 . 2008-10-17 21:11 -------- d-----w- c:\documents and settings\RedCloud\Dane aplikacji\Skype
2009-06-17 21:45 . 2008-10-17 21:14 -------- d-----w- c:\documents and settings\RedCloud\Dane aplikacji\skypePM
2009-06-15 13:24 . 2009-06-15 13:23 403456 ----a-w- c:\windows\system32\kdfinj.tmp
2009-06-10 06:28 . 2009-06-10 06:28 3510272 ----a-w- c:\windows\system32\nvgames.dll
2009-06-10 06:28 . 2009-06-10 06:28 5890048 ----a-w- c:\windows\system32\nvdispsr.dll
2009-06-10 06:28 . 2009-06-10 06:28 4022272 ----a-w- c:\windows\system32\nvdisps.dll
2009-06-10 06:28 . 2009-06-10 06:28 86016 ----a-w- c:\windows\system32\nvmctray.dll
2009-06-10 06:28 . 2009-06-10 06:28 168004 ----a-w- c:\windows\system32\nvsvc32.exe
2009-06-10 06:28 . 2009-06-10 06:28 143360 ----a-w- c:\windows\system32\nvcolor.exe
2009-06-10 06:28 . 2009-06-10 06:28 13758464 ----a-w- c:\windows\system32\nvcpl.dll
2009-06-10 06:28 . 2009-06-10 06:28 229376 ----a-w- c:\windows\system32\nvmccs.dll
2009-06-10 04:03 . 2009-06-10 04:03 671744 ----a-w- c:\windows\system32\nvcuvid.dll
2009-06-10 04:03 . 2009-06-10 04:03 1580550 ----a-w- c:\windows\system32\nvdata.bin
2009-06-10 04:03 . 2009-06-10 04:03 1310720 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-06-10 04:03 . 2009-05-20 15:17 457248 ----a-w- c:\windows\system32\nvudisp.exe
2009-06-10 04:03 . 2008-09-17 21:55 9998336 ----a-w- c:\windows\system32\nvoglnt.dll
2009-06-10 04:03 . 2008-09-17 21:55 815104 ----a-w- c:\windows\system32\nvapi.dll
2009-06-10 04:03 . 2008-09-17 21:55 1720320 ----a-w- c:\windows\system32\nvcuda.dll
2009-06-10 04:03 . 2008-09-17 21:55 151552 ----a-w- c:\windows\system32\nvcodins.dll
2009-06-10 04:03 . 2008-09-17 21:55 151552 ----a-w- c:\windows\system32\nvcod.dll
2009-06-10 04:03 . 2006-08-11 13:42 5908608 ----a-w- c:\windows\system32\nv4_disp.dll
2009-06-10 04:03 . 2006-08-11 13:42 8087712 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2009-06-04 22:17 . 2009-06-04 22:17 66560 ----a-w- c:\windows\system32\drivers\epuqfvnlqenvnnos.sys
2009-05-26 16:01 . 2009-05-26 16:01 42088 ----a-w- c:\documents and settings\RedCloud\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll
2004-10-01 13:00 . 2008-09-11 16:40 40960 ----a-w- c:\program files\Uninstall_CDS.exe
.

------- Sigcheck -------

[-] 2008-05-08 18:02 1571840 9F02C1CF7C3100E4AEA7DD8B6A86A01B c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
"Google Update"="c:\documents and settings\RedCloud\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe" [2009-04-20 133104]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 57393]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 40960]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-03-28 622592]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2006-04-10 61440]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-10 13758464]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-06-10 86016]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-04 148888]
"RemoteControl"="c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"InCD"="c:\program files\Ahead\InCD\InCD.exe" [2005-07-08 1397760]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-16 2879488]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-06-10 1657376]
"autoclk"="autoclk.exe" - c:\windows\autoclk.exe [2003-01-30 143360]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-08-01 16049664]

c:\documents and settings\RedCloud\Menu Start\Programy\Autostart\
Registry Repair Pro.lnk - c:\program files\3B Software\Registry Repair Pro\RegistryRepairPro.exe [2008-10-15 2168152]
Scheduler.lnk - c:\program files\3B Software\Common\Scheduler\wcomschd.exe [2008-10-15 464240]

c:\docume~1\ALLUSE~1\MENUST~1\Programy\AUTOST~1\
DSLMON.lnk - c:\program files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2009-7-24 962661]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 1 (0x1)

[HKLM\~\startupfolder\C:^Documents and Settings^RedCloud^Menu Start^Programy^Autostart^Ad-aware Updater.exe]
backup=c:\windows\pss\Ad-aware Updater.exeStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Nowe Gadu-Gadu\\gg.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\CallOfDuty\\CoDWaWmp.exe"=
"d:\\CallOfDuty\\CoDWaW.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"19921:TCP"= 19921:TCP:*:Disabled:SolidNetworkManager
"19921:UDP"= 19921:UDP:*:Disabled:SolidNetworkManager
"24013:TCP"= 24013:TCP:*:Disabled:SolidNetworkManager
"24013:UDP"= 24013:UDP:*:Disabled:SolidNetworkManager
"8085:TCP"= 8085:TCP:sfx
"14076:TCP"= 14076:TCP:BitComet 14076 TCP
"14076:UDP"= 14076:UDP:BitComet 14076 UDP
"53:UDP"= 53:UDP:Promo

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-08-09 108289]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Adapter;c:\windows\system32\drivers\atl01_xp.sys [2008-09-11 34944]
S1 58ee5dc9;58ee5dc9;c:\windows\system32\drivers\58ee5dc9.sys [2009-07-24 0]
S2 .esettrialresetalerter;Eset Trial Reset .EsetTrialResetAlerter;c:\windows\TEMP\ylqppofahn.exe service --> c:\windows\TEMP\ylqppofahn.exe service [?]
S2 gupdate1c98fc14bc8e74c;Usługa Google Update (gupdate1c98fc14bc8e74c);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-16 133104]
S3 sterownik;sterownik;c:\documents and settings\RedCloud\sterownik.sys [2009-08-09 4992]
S3 XDva279;XDva279;\??\c:\windows\system32\XDva279.sys --> c:\windows\system32\XDva279.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
- - - - USUNIĘTO PUSTE WPISY - - - -

WebBrowser-{A057A204-BACC-4D26-C39E-35F1D2A32EC8} - (no file)
HKLM-Run-MSxmlHpr - c:\windows\system32\msxm192z.dll


.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-09 16:24
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------

[HKEY_USERS\S-1-5-21-1078081533-1229272821-1177238915-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:d4,75,b1,52,ab,e7,98,b4,0e,ba,bb,4f,2f,37,56,db,6b,57,1b,8f,b2,fc,51,
92,ad,c3,8d,53,d4,a4,e2,08,fe,6d,18,99,e6,9f,a6,ee,ba,6d,28,72,b0,65,df,46,\
"??"=hex:9a,2e,68,87,b6,af,a5,d0,15,24,ce,fd,db,33,c2,fe

[HKEY_USERS\S-1-5-21-1078081533-1229272821-1177238915-1003\Software\SecuROM\License information*]
"datasecu"=hex:13,a7,f2,9a,e3,68,91,94,b5,90,76,03,93,7b,f9,d6,91,16,c2,61,8b,
2b,83,34,ca,e0,35,3e,4f,23,0b,51,86,09,7a,9d,62,f5,47,3e,a7,14,2f,7c,60,20,\
"rkeysecu"=hex:22,d4,1e,54,e3,4e,b8,ac,ab,c8,12,7e,ce,d5,c6,13

[HKEY_LOCAL_MACHINE\software\ESET\ESET Security\CurrentVersion\Info]
@Denied: (2) (LocalSystem)
"AppDataDir"="c:\\Documents and Settings\\All Users\\Dane aplikacji\\ESET\\ESET Smart Security\\"
"DataDir"="ESET\\ESET Smart Security\\"
"EditionName"=""
"InstallDir"="c:\\Program Files\\ESET\\ESET Smart Security\\"
"LanguageId"=dword:00000409
"PackageTag"=dword:00000000
"ProductBase"=dword:00000001
"ProductCode"="{C21C71CB-3E5C-401C-91D2-DEDACDB26BAF}"
"ProductName"="ESET Smart Security"
"ProductType"="ess"
"ProductVersion"="4.0.417.0"
"UniqueId"="0016B36649D70533"
"ScannerBuild"=dword:0000121d
"ScannerVersionId"=dword:00000f6c
"ScannerVersion"="Locked/open ESET for status."
"FixId"=dword:00000003

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="3A00143BA9CB85FA63743093AFAB9E4B47DC901763CB31D2AE894DD879390DBEACF454F2E5D6C70645D82762C227752FA0971AB14CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79335D575E7D6A3B98089DB7CE019D40AA5CC038D530D6EB345290AF1E024A3D4A5DF10381E293FDA230DC3D7BB5B79F51A6B997FCBAB10F7A12D3F78EC845AFEE1496A98B7E64A156142531BD8C6E9A2CD231A43EFDB04A8BFBB4A2A9A145CFCDD56A48A87DB745F47926443F4980CEE99F6DF6740A4A498677EE1C46AE8D78F415BD8A6C467454DAE8E588703E9B5B54CCC89F0E3A117BC31ED116EC7132876A6374669CA555BD5A0FFCCFF3213EDE2B4331F32C4DE7D18DAF41085B521FE0A57A8691B44C69F6373D19B2210A3CFD9E8AA88CA1640943A30FB22C821C906913360207E24E12F5AA67FB8E05783EE2D4D146C7F7877F47B8C2B37F89FD998D9114050809A4873761277A025D4C3EB9E7E834C46C9F2EDDF2F562C4C80C9E3AF53B4514BDAA54BA7EB97D729EC98E3267C830EAEC7C48866EF771024EBD59E309F18AF54C22578394FE0308701DD002D3898DE2A0CFD8C83ABAA9025A6D59808524AFB5332F4319ADFC1CADAD52FD612469B098DEAFB9AD585565D2E35B7F0A9BE127A5A3D89D8747DC6E94E5DA610DC1C9163EB4171C42C084934515AB0000EE5F75D6868C425ED169B130DC8B1B468AB14A4862640797DEA4B8F0C8E3E66419743120741B60313396B4B90B9E1E5050CA70705C5952C4903A6A2F13F011BE251C869D3CB8FA9742F5582D9A3133F35AE13E33CA9C29E329EA559DB821309813F6B72F61FCE72E4E4392C96CC4757FE169FE530BB80E90700337213229C9815749187619E4511318596B13923E55C2147810532D9C556E21EFE5DC2E9FB70B59FA0F5BCE51B8E9D2BA0054556716911547E3FEF699A6A2694646BB0E7FA94D7596998821056DDB298B0495AFEE50C5F83501E2DDE781566D3CD4ECE7299E62FBCDC7EDE1AA9814B714B9A9D1E3EDBBCAC181CE129FB336C32C2062045FEC68B0F2BDBD184DB34290C2FBA41FBC3053881694597140E375F695CCD0604A40034B7F35707D5D0F983727375EAED3AA71A3F87A5A122D0A4A069911332EF314D7F88EF74002AFCBD0A4F66E724DE4C57F825B0B703BAB736C650337C8544DBC12586068AC477C61A5460BB4C0F8923CE97F4D307BE965411BFAB92091EAA95DE07DD7F978A4DF9AD57E5FB46EE5629DA0688468214EEA6617A2CCBE5640BE70F5F1FCB5AAA35B1727A017ABE3FBBB4E997EDBC5CB4EAC2D26AAEF1A9FD5A8C487AFFCB68F035148DE76F3EA4C566E06CB78D0ED268282321355794EBAE067FAD12927ADB4B48B754B3CE05718C32BD03580051DA335"
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

- - - - - - - > 'explorer.exe'(2928)
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Ahead\InCD\InCDsrv.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\ATKKBService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\rundll32.exe
c:\documents and settings\RedCloud\Ustawienia lokalne\Dane aplikacji\Google\Update\1.2.183.7\GoogleCrashHandler.exe
.
**************************************************************************
.
Czas ukończenia: 2009-08-09 16:31 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt 2009-08-09 14:31
ComboFix2.txt 2008-10-15 17:29

Przed: 2*556*166*144 bajtów wolnych
Po: 14*741*114*880 bajtów wolnych

WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe
;
;Warning: Boot.ini is used on Windows XP and earlier operating systems.
;Warning: Use BCDEDIT.exe to modify Windows Vista boot options.
;
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /NOEXECUTE=OPTIN /FASTDETECT

311 --- E O F --- 2009-06-21 07:45
 
Do you recognize this folder?

c:\documents and settings\LocalService\Ulubione
 
Thanks for information :)

  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    Code: 
    File::
c:\windows\system32\kdfinj.tmp
c:\windows\autoclk.exe

DirLook::
c:\docume~1\ALLUSE~1\DANEAP~1\13351564
c:\documents and settings\RedCloud\Ustawienia lokalne\Dane aplikacji\Aspyr
c:\docume~1\ALLUSE~1\DANEAP~1\3B4E
c:\docume~1\ALLUSE~1\DANEAP~1\14524684

Folder::
c:\program files\BitComet
c:\documents and settings\RedCloud\Ustawienia lokalne\Dane aplikacji\Ares

Driver::
.esettrialresetalerter
58ee5dc9

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"14076:TCP"=-
"14076:UDP"=-
  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

    CFScriptB-4.gif

  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:54:58, on 2009-08-09
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\RedCloud\Ustawienia lokalne\Dane aplikacji\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\3B Software\Registry Repair Pro\RegistryRepairPro.exe
C:\Program Files\3B Software\Common\Scheduler\wcomschd.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
D:\HiJackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Pomocnik rejestracji usługi Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Solid State Networks IE Browser Plugin - {BD08A9D5-0E5C-4f42-99A3-C0CB5E860557} - C:\WINDOWS\system32\SolidStateNetworks\SolidStateION\solidax.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: IEPluginBHO - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\RedCloud\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\RedCloud\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Registry Repair Pro.lnk = C:\Program Files\3B Software\Registry Repair Pro\RegistryRepairPro.exe
O4 - Startup: Scheduler.lnk = C:\Program Files\3B Software\Common\Scheduler\wcomschd.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} (CSolidBrowserObj Object) - http://www.playwhat.com/solidPlugin/solidstateion.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AE728A47-FAAC-4FC9-8C70-C05DBB07F867}: NameServer = 213.241.79.37 83.238.255.76
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Usługa Google Update (gupdate1c98fc14bc8e74c) (gupdate1c98fc14bc8e74c) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Usługa iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 9321 bytes











ComboFix 09-08-09.03 - RedCloud 2009-08-09 21:41.3.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.1023.582 [GMT 2:00]
Uruchomiony z: c:\documents and settings\RedCloud\Pulpit\ComboFix.exe
Użyto następujących komend :: c:\documents and settings\RedCloud\Pulpit\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

FILE ::
"c:\windows\autoclk.exe"
"c:\windows\system32\kdfinj.tmp"
.

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\RedCloud\Ustawienia lokalne\Dane aplikacji\Ares
c:\documents and settings\RedCloud\Ustawienia lokalne\Dane aplikacji\Ares\Data\default.m3u
c:\documents and settings\RedCloud\Ustawienia lokalne\Dane aplikacji\Ares\Data\DHTnodes.dat
c:\documents and settings\RedCloud\Ustawienia lokalne\Dane aplikacji\Ares\Data\FailedSNodes.dat
c:\documents and settings\RedCloud\Ustawienia lokalne\Dane aplikacji\Ares\Data\ShareH.dat
c:\documents and settings\RedCloud\Ustawienia lokalne\Dane aplikacji\Ares\Data\ShareL.dat
c:\documents and settings\RedCloud\Ustawienia lokalne\Dane aplikacji\Ares\Data\SNodes.dat
c:\program files\BitComet
c:\program files\BitComet\BitComet.xml
c:\program files\BitComet\Downloads.xml
c:\program files\BitComet\Downloads.xml.bak
c:\program files\BitComet\rules\dhtnodes.dat
c:\windows\autoclk.exe
c:\windows\system32\kdfinj.tmp

.
((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_.esettrialresetalerter
-------\Service_.esettrialresetalerter
-------\Service_58ee5dc9


((((((((((((((((((((((((( Pliki utworzone od 2009-07-09 do 2009-08-09 )))))))))))))))))))))))))))))))
.

2009-08-09 12:18 . 2009-08-09 12:18 -------- d-----w- c:\program files\ERUNT
2009-08-09 10:05 . 2009-08-09 10:05 -------- d-----r- c:\documents and settings\LocalService\Ulubione
2009-08-09 09:53 . 2009-07-28 14:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-08-09 09:53 . 2009-03-30 08:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-08-09 09:53 . 2009-02-13 10:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-08-09 09:53 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-08-09 09:53 . 2009-08-09 09:53 -------- d-----w- c:\program files\Avira
2009-08-09 09:53 . 2009-08-09 09:53 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Avira
2009-08-09 08:09 . 2009-08-09 12:27 4992 ----a-w- c:\documents and settings\RedCloud\sterownik.sys
2009-08-08 18:55 . 2009-08-08 18:55 -------- d-----w- c:\documents and settings\RedCloud\Ustawienia lokalne\Dane aplikacji\id Software
2009-08-07 14:35 . 2009-08-07 14:35 -------- d-----w- c:\program files\CyberLink
2009-08-07 12:10 . 2009-08-07 12:40 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\13351564
2009-08-07 10:27 . 2009-08-07 10:32 -------- d-----w- c:\documents and settings\RedCloud\Dane aplikacji\Nero
2009-08-07 10:09 . 2009-08-07 10:09 -------- d-----w- c:\program files\Windows Sidebar
2009-08-07 09:56 . 2009-08-07 10:05 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Nero
2009-08-07 09:56 . 2009-08-07 10:20 -------- d-----w- c:\program files\Common Files\Nero
2009-08-05 09:54 . 2009-08-05 09:54 -------- d-----w- c:\documents and settings\RedCloud\Ustawienia lokalne\Dane aplikacji\Aspyr
2009-08-05 09:35 . 2009-08-05 09:35 -------- d-----w- c:\program files\MSXML 6.0
2009-08-04 12:43 . 2006-07-21 23:40 143360 ------r- c:\windows\system32\RtlCPAPI.dll
2009-08-04 12:42 . 2005-05-03 10:43 69632 ------r- c:\windows\Alcmtr.exe
2009-08-04 12:32 . 2009-08-04 12:32 -------- d-----w- c:\program files\Java
2009-08-04 12:10 . 2009-08-04 12:32 152576 ----a-w- c:\documents and settings\RedCloud\Dane aplikacji\Sun\Java\jre1.6.0_14\lzma.dll
2009-08-03 19:13 . 2009-08-03 19:32 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\14524684
2009-08-01 17:04 . 2009-08-01 17:04 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\3B4E
2009-07-29 17:40 . 2009-07-29 17:40 -------- d-----w- c:\program files\Argente Software
2009-07-27 07:03 . 2009-07-27 07:03 22328 ----a-w- c:\documents and settings\RedCloud\Dane aplikacji\PnkBstrK.sys
2009-07-27 07:03 . 2009-07-27 07:03 107832 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-07-27 07:03 . 2009-07-27 07:03 -------- d-----w- c:\windows\system32\LogFiles
2009-07-25 07:02 . 2009-07-25 07:02 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-07-24 15:37 . 2009-07-24 15:37 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Simply Super Software
2009-07-24 15:13 . 2004-01-28 14:42 1531904 ----a-w- c:\windows\adiras.exe
2009-07-24 15:13 . 2003-06-24 11:55 127497 ----a-w- c:\windows\system32\drivers\adiusbaw.sys
2009-07-24 15:13 . 2002-05-09 13:12 155648 ----a-w- c:\windows\system32\adadix32.dll
2009-07-24 15:13 . 2001-07-27 11:25 127456 ----a-w- c:\windows\system32\ipdetect.exe
2009-07-24 15:13 . 2002-11-15 12:33 126976 ----a-w- c:\windows\system32\coclassfast.dll
2009-07-24 15:13 . 2003-07-17 14:48 46167 ----a-w- c:\windows\system32\drivers\adildr.sys
2009-07-24 15:13 . 2001-05-24 14:24 22395 ----a-w- c:\windows\system32\drivers\fpga.bin
2009-07-24 15:13 . 2001-02-08 09:05 46892 ----a-w- c:\windows\system32\adadix16.dll
2009-07-24 12:58 . 2009-07-13 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-24 12:58 . 2009-07-13 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-24 11:19 . 2009-07-24 11:19 -------- d-----w- c:\documents and settings\Administrator\Dane aplikacji\DivX
2009-07-24 11:06 . 2009-07-24 11:06 -------- d-----w- c:\documents and settings\RedCloud\Dane aplikacji\Malwarebytes
2009-07-24 11:06 . 2009-07-27 06:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-24 11:06 . 2009-07-24 11:06 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Malwarebytes
2009-07-24 10:26 . 2009-07-24 10:26 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-07-24 09:43 . 2009-07-24 09:43 199 ----a-w- c:\windows\prxid93ps.dat
2009-07-24 09:43 . 2009-07-24 12:45 0 ----a-w- c:\windows\system32\drivers\58ee5dc9.sys
2009-07-18 20:40 . 2009-07-18 20:42 -------- d-----w- c:\documents and settings\RedCloud\Dane aplikacji\Ventrilo
2009-07-18 20:39 . 2009-07-18 20:39 -------- d-----w- c:\program files\Ventrilo
2009-07-17 21:14 . 2009-08-07 22:47 -------- d-----w- c:\documents and settings\RedCloud\Ustawienia lokalne\Dane aplikacji\Temp
2009-07-16 18:09 . 2009-07-16 18:10 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2009-07-13 10:12 . 2009-08-03 16:19 -------- d-----w- c:\documents and settings\RedCloud\Dane aplikacji\Tibia
2009-07-13 10:09 . 2009-08-03 16:21 -------- d-----w- c:\program files\Tibia

.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-07 17:25 . 2009-06-17 22:02 -------- d-----w- c:\program files\TibiaCam TV Lite
2009-08-07 14:49 . 2008-09-11 16:26 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-07 14:36 . 2008-09-11 16:40 -------- d-----w- c:\program files\CyberLink DVD Solution
2009-08-04 19:35 . 2009-04-24 14:42 -------- d-----w- c:\program files\Nowe Gadu-Gadu
2009-08-04 12:42 . 2008-09-11 16:33 -------- d-----w- c:\program files\Realtek
2009-08-04 12:32 . 2008-10-22 18:45 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-24 15:14 . 2009-07-24 15:13 23 ----a-w- c:\windows\system32\drivers\adidsl.cfg
2009-07-24 10:32 . 2001-10-26 16:15 87056 ----a-w- c:\windows\system32\perfc015.dat
2009-07-24 10:32 . 2001-10-26 16:15 498526 ----a-w- c:\windows\system32\perfh015.dat
2009-07-24 09:48 . 2008-09-11 16:40 -------- d-----w- c:\program files\Ahead
2009-07-24 09:48 . 2008-09-11 16:40 -------- d-----w- c:\program files\Common Files\Ahead
2009-07-18 20:39 . 2009-01-29 13:34 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-07-11 15:00 . 2008-09-11 18:29 -------- d-----w- c:\program files\Asprate
2009-07-08 14:56 . 2009-07-08 14:53 -------- d-----w- c:\program files\Online TV Player 3
2009-07-06 13:17 . 2009-05-30 12:24 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\OpenFM
2009-07-05 22:12 . 2009-07-05 22:12 -------- d-----w- c:\program files\AviSynth 2.5
2009-07-01 22:58 . 2009-07-01 22:58 -------- d-----w- c:\program files\Common Files\DirectX
2009-07-01 22:38 . 2009-01-29 13:34 -------- d-----w- c:\program files\AGEIA Technologies
2009-06-21 06:46 . 2009-05-20 15:17 485920 ----a-w- c:\windows\system32\nvuninst.exe
2009-06-19 01:03 . 2008-11-06 07:31 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Microsoft Help
2009-06-17 22:03 . 2009-06-15 09:18 -------- d-----w- c:\program files\Sword of the New World
2009-06-17 22:02 . 2009-06-17 22:02 -------- d-----w- c:\program files\Tibia2
2009-06-17 22:02 . 2009-06-17 22:02 -------- d-----w- c:\program files\Windows Live
2009-06-17 21:59 . 2008-10-17 21:11 -------- d-----w- c:\documents and settings\RedCloud\Dane aplikacji\Skype
2009-06-17 21:45 . 2008-10-17 21:14 -------- d-----w- c:\documents and settings\RedCloud\Dane aplikacji\skypePM
2009-06-10 06:28 . 2009-06-10 06:28 3510272 ----a-w- c:\windows\system32\nvgames.dll
2009-06-10 06:28 . 2009-06-10 06:28 5890048 ----a-w- c:\windows\system32\nvdispsr.dll
2009-06-10 06:28 . 2009-06-10 06:28 4022272 ----a-w- c:\windows\system32\nvdisps.dll
2009-06-10 06:28 . 2009-06-10 06:28 86016 ----a-w- c:\windows\system32\nvmctray.dll
2009-06-10 06:28 . 2009-06-10 06:28 168004 ----a-w- c:\windows\system32\nvsvc32.exe
2009-06-10 06:28 . 2009-06-10 06:28 143360 ----a-w- c:\windows\system32\nvcolor.exe
2009-06-10 06:28 . 2009-06-10 06:28 13758464 ----a-w- c:\windows\system32\nvcpl.dll
2009-06-10 06:28 . 2009-06-10 06:28 229376 ----a-w- c:\windows\system32\nvmccs.dll
2009-06-10 04:03 . 2009-06-10 04:03 671744 ----a-w- c:\windows\system32\nvcuvid.dll
2009-06-10 04:03 . 2009-06-10 04:03 1580550 ----a-w- c:\windows\system32\nvdata.bin
2009-06-10 04:03 . 2009-06-10 04:03 1310720 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-06-10 04:03 . 2009-05-20 15:17 457248 ----a-w- c:\windows\system32\nvudisp.exe
2009-06-10 04:03 . 2008-09-17 21:55 9998336 ----a-w- c:\windows\system32\nvoglnt.dll
2009-06-10 04:03 . 2008-09-17 21:55 815104 ----a-w- c:\windows\system32\nvapi.dll
2009-06-10 04:03 . 2008-09-17 21:55 1720320 ----a-w- c:\windows\system32\nvcuda.dll
2009-06-10 04:03 . 2008-09-17 21:55 151552 ----a-w- c:\windows\system32\nvcodins.dll
2009-06-10 04:03 . 2008-09-17 21:55 151552 ----a-w- c:\windows\system32\nvcod.dll
2009-06-10 04:03 . 2006-08-11 13:42 5908608 ----a-w- c:\windows\system32\nv4_disp.dll
2009-06-10 04:03 . 2006-08-11 13:42 8087712 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2009-06-04 22:17 . 2009-06-04 22:17 66560 ----a-w- c:\windows\system32\drivers\epuqfvnlqenvnnos.sys
2009-05-26 16:01 . 2009-05-26 16:01 42088 ----a-w- c:\documents and settings\RedCloud\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll
2004-10-01 13:00 . 2008-09-11 16:40 40960 ----a-w- c:\program files\Uninstall_CDS.exe
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\docume~1\ALLUSE~1\DANEAP~1\13351564 ----

2009-08-07 12:12 . 2009-08-07 12:12 56 ----a-w- c:\docume~1\ALLUSE~1\DANEAP~1\13351564\13351564

---- Directory of c:\docume~1\ALLUSE~1\DANEAP~1\14524684 ----

2009-08-03 19:14 . 2009-08-03 19:23 56 ----a-w- c:\docume~1\ALLUSE~1\DANEAP~1\14524684\14524684

---- Directory of c:\docume~1\ALLUSE~1\DANEAP~1\3B4E ----

2009-08-01 17:04 . 2009-02-17 16:14 2329 ----a-w- c:\docume~1\ALLUSE~1\DANEAP~1\3B4E\{E782462C-E137-43C1-87CD-DF83E712A87F}.swf

---- Directory of c:\documents and settings\RedCloud\Ustawienia lokalne\Dane aplikacji\Aspyr ----

2009-08-05 09:54 . 2009-08-05 10:07 725 ----a-w- c:\documents and settings\RedCloud\Ustawienia lokalne\Dane aplikacji\Aspyr\Guitar Hero World Tour\AspyrConfig.xml


------- Sigcheck -------

[-] 2008-05-08 18:02 1571840 9F02C1CF7C3100E4AEA7DD8B6A86A01B c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-08-09_14.25.47 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-09 19:47 . 2009-08-09 19:47 16384 c:\windows\Temp\Perflib_Perfdata_21c.dat
+ 2009-08-09 19:46 . 2009-08-09 19:46 8192 c:\windows\ERDNT\subs\Users\00000006\UsrClass.dat
+ 2009-08-09 19:45 . 2009-08-09 19:45 8192 c:\windows\ERDNT\subs\Users\00000002\UsrClass.dat
- 2009-08-09 14:22 . 2009-08-09 14:22 8192 c:\windows\ERDNT\subs\Users\00000002\UsrClass.dat
+ 2009-08-09 19:46 . 2009-08-09 19:46 241664 c:\windows\ERDNT\subs\Users\00000005\NTUSER.DAT
+ 2009-08-09 19:46 . 2009-08-09 19:46 233472 c:\windows\ERDNT\subs\Users\00000004\UsrClass.dat
- 2009-08-09 14:22 . 2009-08-09 14:22 241664 c:\windows\ERDNT\subs\Users\00000001\NTUSER.DAT
+ 2009-08-09 19:45 . 2009-08-09 19:45 241664 c:\windows\ERDNT\subs\Users\00000001\NTUSER.DAT
+ 2009-08-09 19:45 . 2009-08-09 19:46 7221248 c:\windows\ERDNT\subs\Users\00000003\ntuser.dat
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
"Google Update"="c:\documents and settings\RedCloud\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe" [2009-04-20 133104]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 57393]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 40960]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-03-28 622592]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2006-04-10 61440]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-10 13758464]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-06-10 86016]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-04 148888]
"RemoteControl"="c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"InCD"="c:\program files\Ahead\InCD\InCD.exe" [2005-07-08 1397760]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-16 2879488]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-06-10 1657376]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-08-01 16049664]

c:\documents and settings\RedCloud\Menu Start\Programy\Autostart\
Registry Repair Pro.lnk - c:\program files\3B Software\Registry Repair Pro\RegistryRepairPro.exe [2008-10-15 2168152]
Scheduler.lnk - c:\program files\3B Software\Common\Scheduler\wcomschd.exe [2008-10-15 464240]

c:\documents and settings\All Users\Menu Start\Programy\Autostart\
DSLMON.lnk - c:\program files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2009-7-24 962661]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 1 (0x1)

[HKLM\~\startupfolder\C:^Documents and Settings^RedCloud^Menu Start^Programy^Autostart^Ad-aware Updater.exe]
backup=c:\windows\pss\Ad-aware Updater.exeStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Nowe Gadu-Gadu\\gg.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\CallOfDuty\\CoDWaWmp.exe"=
"d:\\CallOfDuty\\CoDWaW.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"19921:TCP"= 19921:TCP:*:Disabled:SolidNetworkManager
"19921:UDP"= 19921:UDP:*:Disabled:SolidNetworkManager
"24013:TCP"= 24013:TCP:*:Disabled:SolidNetworkManager
"24013:UDP"= 24013:UDP:*:Disabled:SolidNetworkManager
"8085:TCP"= 8085:TCP:sfx
"53:UDP"= 53:UDP:Promo

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-08-09 108289]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Adapter;c:\windows\system32\drivers\atl01_xp.sys [2008-09-11 34944]
S2 gupdate1c98fc14bc8e74c;Usługa Google Update (gupdate1c98fc14bc8e74c);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-16 133104]
S3 sterownik;sterownik;c:\documents and settings\RedCloud\sterownik.sys [2009-08-09 4992]
S3 XDva279;XDva279;\??\c:\windows\system32\XDva279.sys --> c:\windows\system32\XDva279.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Zawartość folderu 'Zaplanowane zadania'

2009-08-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2009-08-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-15 23:01]

2009-08-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-15 23:01]

2009-08-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1078081533-1229272821-1177238915-1003Core.job
- c:\documents and settings\RedCloud\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2009-04-20 06:05]

2009-08-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1078081533-1229272821-1177238915-1003UA.job
- c:\documents and settings\RedCloud\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2009-04-20 06:05]

2009-08-09 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-05-06 20:18]
.
- - - - USUNIĘTO PUSTE WPISY - - - -

HKLM-Run-autoclk - autoclk.exe


.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-09 21:47
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------

[HKEY_USERS\S-1-5-21-1078081533-1229272821-1177238915-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:d4,75,b1,52,ab,e7,98,b4,0e,ba,bb,4f,2f,37,56,db,6b,57,1b,8f,b2,fc,51,
92,ad,c3,8d,53,d4,a4,e2,08,fe,6d,18,99,e6,9f,a6,ee,ba,6d,28,72,b0,65,df,46,\
"??"=hex:9a,2e,68,87,b6,af,a5,d0,15,24,ce,fd,db,33,c2,fe

[HKEY_USERS\S-1-5-21-1078081533-1229272821-1177238915-1003\Software\SecuROM\License information*]
"datasecu"=hex:13,a7,f2,9a,e3,68,91,94,b5,90,76,03,93,7b,f9,d6,91,16,c2,61,8b,
2b,83,34,ca,e0,35,3e,4f,23,0b,51,86,09,7a,9d,62,f5,47,3e,a7,14,2f,7c,60,20,\
"rkeysecu"=hex:22,d4,1e,54,e3,4e,b8,ac,ab,c8,12,7e,ce,d5,c6,13

[HKEY_LOCAL_MACHINE\software\ESET\ESET Security\CurrentVersion\Info]
@Denied: (2) (LocalSystem)
"AppDataDir"="c:\\Documents and Settings\\All Users\\Dane aplikacji\\ESET\\ESET Smart Security\\"
"DataDir"="ESET\\ESET Smart Security\\"
"EditionName"=""
"InstallDir"="c:\\Program Files\\ESET\\ESET Smart Security\\"
"LanguageId"=dword:00000409
"PackageTag"=dword:00000000
"ProductBase"=dword:00000001
"ProductCode"="{C21C71CB-3E5C-401C-91D2-DEDACDB26BAF}"
"ProductName"="ESET Smart Security"
"ProductType"="ess"
"ProductVersion"="4.0.417.0"
"UniqueId"="0016B36649D70533"
"ScannerBuild"=dword:0000121d
"ScannerVersionId"=dword:00000f6c
"ScannerVersion"="Locked/open ESET for status."
"FixId"=dword:00000003

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="3A00143BA9CB85FA63743093AFAB9E4B47DC901763CB31D2AE894DD879390DBEACF454F2E5D6C70645D82762C227752FA0971AB14CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79335D575E7D6A3B98089DB7CE019D40AA5CC038D530D6EB345290AF1E024A3D4A5DF10381E293FDA230DC3D7BB5B79F51A6B997FCBAB10F7A12D3F78EC845AFEE1496A98B7E64A156142531BD8C6E9A2CD231A43EFDB04A8BFBB4A2A9A145CFCDD56A48A87DB745F47926443F4980CEE99F6DF6740A4A498677EE1C46AE8D78F415BD8A6C467454DAE8E588703E9B5B54CCC89F0E3A117BC31ED116EC7132876A6374669CA555BD5A0FFCCFF3213EDE2B4331F32C4DE7D18DAF41085B521FE0A57A8691B44C69F6373D19B2210A3CFD9E8AA88CA1640943A30FB22C821C906913360207E24E12F5AA67FB8E05783EE2D4D146C7F7877F47B8C2B37F89FD998D9114050809A4873761277A025D4C3EB9E7E834C46C9F2EDDF2F562C4C80C9E3AF53B4514BDAA54BA7EB97D729EC98E3267C830EAEC7C48866EF771024EBD59E309F18AF54C22578394FE0308701DD002D3898DE2A0CFD8C83ABAA9025A6D59808524AFB5332F4319ADFC1CADAD52FD612469B098DEAFB9AD585565D2E35B7F0A9BE127A5A3D89D8747DC6E94E5DA610DC1C9163EB4171C42C084934515AB0000EE5F75D6868C425ED169B130DC8B1B468AB14A4862640797DEA4B8F0C8E3E66419743120741B60313396B4B90B9E1E5050CA70705C5952C4903A6A2F13F011BE251C869D3CB8FA9742F5582D9A3133F35AE13E33CA9C29E329EA559DB821309813F6B72F61FCE72E4E4392C96CC4757FE169FE530BB80E90700337213229C9815749187619E4511318596B13923E55C2147810532D9C556E21EFE5DC2E9FB70B59FA0F5BCE51B8E9D2BA0054556716911547E3FEF699A6A2694646BB0E7FA94D7596998821056DDB298B0495AFEE50C5F83501E2DDE781566D3CD4ECE7299E62FBCDC7EDE1AA9814B714B9A9D1E3EDBBCAC181CE129FB336C32C2062045FEC68B0F2BDBD184DB34290C2FBA41FBC3053881694597140E375F695CCD0604A40034B7F35707D5D0F983727375EAED3AA71A3F87A5A122D0A4A069911332EF314D7F88EF74002AFCBD0A4F66E724DE4C57F825B0B703BAB736C650337C8544DBC12586068AC477C61A5460BB4C0F8923CE97F4D307BE965411BFAB92091EAA95DE07DD7F978A4DF9AD57E5FB46EE5629DA0688468214EEA6617A2CCBE5640BE70F5F1FCB5AAA35B1727A017ABE3FBBB4E997EDBC5CB4EAC2D26AAEF1A9FD5A8C487AFFCB68F035148DE76F3EA4C566E06CB78D0ED268282321355794EBAE067FAD12927ADB4B48B754B3CE05718C32BD03580051DA335"
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

- - - - - - - > 'explorer.exe'(3156)
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Ahead\InCD\InCDsrv.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\ATKKBService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\rundll32.exe
c:\documents and settings\RedCloud\Ustawienia lokalne\Dane aplikacji\Google\Update\1.2.183.7\GoogleCrashHandler.exe
.
**************************************************************************
.
Czas ukończenia: 2009-08-09 21:53 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt 2009-08-09 19:53
ComboFix2.txt 2009-08-09 14:31
ComboFix3.txt 2008-10-15 17:29

Przed: 14*832*869*376 bajtów wolnych
Po: 14*786*691*072 bajtów wolnych

319 --- E O F --- 2009-06-21 07:45
 
Do you recognize these folders?

c:\docume~1\ALLUSE~1\DANEAP~1\13351564
c:\docume~1\ALLUSE~1\DANEAP~1\14524684
 
They are folders and not files.

So you don't recognize bolded folders?

c:\docume~1\ALLUSE~1\DANEAP~1\13351564
c:\docume~1\ALLUSE~1\DANEAP~1\14524684
 
You must log in or register to reply here.
Back
Top