Blue sreeny, zawiasy, błedy....

[Goturi]

Mam spory problem... Parę tygodni temu wywaliło mi Blue screena, nie przejąłem się tym myślałem ze nic ważnego. Przez okolo tydzień był spokój i znowu BS i tak mniej wiecej co tydzien. Ale ostatnio coraz częściej coś mu się dzieje. Dzis zawiesil sie 2 razy(w tym raz przy włączaniu- przy pseudo pasku pokazującym lądowanie windows.) Po włączeniu kompa ponownie, pytało czy uruchomic normalnie czy ostatnia dobra konf. itp.. a po załadowaniu windowsa wyskakiwał komunikat ze "windows odzyskał sprawność po poważnym błędzie bla bla bla". No i dzis zaczely sie problemy z kasperskym, co 5 minut wywala błąd ze kaspersky musi zostać zamknięty, po czym zamyka sie i włącza, a za 5 minut to samo. Czy to on moze bys winowajca? odinstalować go?

A może to wina sprzętu?:
[775] Procesor Intel Pentium Dual Core E2180 2GHz 1MB
[INT][775] Galaxy nForce 650i Ultra /nForce 650i/
Pamięć DDR2 2x1GB PC6400 800MHz OCZ Platinum CL4 OCZ2P8002GK
[PCIE] Karta Radeon X1950Pro PowerColor 512MB
Nagrywarka DVDR Pioneer DVR-115D OEM Ivory
[ATX] Obudowa I-BOX Orion 833S b/z
Zasilacz Amacrox Warrior 400W AX450-PNF

Dorzucę jeszcze log z ComboFixa:

Kod: Zaznacz wszystko

ComboFix 09-04-27.05 - PC 2009-04-28 19:16.2 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1250.48.1045.18.2046.1504 [GMT 2:00]
Uruchomiony z: c:\documents and settings\PC\Pulpit\ComboFix.exe
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Outdated)
FW: Kaspersky Anti-Virus *disabled*
* Utworzono nowy punkt przywracania
.

(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf
c:\documents and settings\PC\Dane aplikacji\.#
c:\windows\system32\nmdfgds0.dll
c:\windows\system32\nmdfgds1.dll
c:\windows\system32\olhrwef.exe
D:\Autorun.inf
E:\Autorun.inf
F:\Autorun.inf
G:\Autorun.inf

.
(((((((((((((((((((((((((   Pliki utworzone od 2009-05-28 do 2009-4-28  )))))))))))))))))))))))))))))))
.

2009-04-28 11:54 . 2009-04-28 11:55   106709   --sh--r   C:\eyt.exe
2009-04-24 15:39 . 2009-04-24 15:39   --------   d-----w   c:\program files\SystemRequirementsLab
2009-04-24 15:39 . 2009-04-24 15:39   --------   d-----w   c:\documents and settings\PC\SystemRequirementsLab
2009-04-24 12:06 . 2009-04-24 12:06   792   ----a-w   c:\windows\system32\ealregsnapshot1.reg
2009-04-24 12:06 . 2009-04-24 12:06   --------   d-----w   c:\documents and settings\PC\Ustawienia lokalne\Dane aplikacji\Downloaded Installations
2009-04-15 17:36 . 2009-04-15 17:36   --------   d-----w   c:\documents and settings\PC\Dane aplikacji\atitray
2009-04-15 17:30 . 2007-09-28 19:05   593920   ------w   c:\windows\system32\ati2sgag.exe
2009-04-15 17:27 . 2009-04-15 17:27   --------   d-----w   c:\program files\Driver Cleaner
2009-04-13 16:31 . 2009-04-13 16:31   0   ----a-w   c:\windows\ativpsrm.bin
2009-04-07 15:14 . 2001-08-18 04:36   8704   ----a-w   c:\windows\system32\kbdjpn.dll
2009-04-07 15:14 . 2001-08-18 04:36   8192   ----a-w   c:\windows\system32\kbdkor.dll
2009-04-07 15:14 . 2001-08-17 20:55   6144   ----a-w   c:\windows\system32\kbd101c.dll
2009-04-07 15:14 . 2001-08-17 20:55   5632   ----a-w   c:\windows\system32\kbd103.dll
2009-04-07 15:14 . 2001-08-17 20:55   6144   ----a-w   c:\windows\system32\kbd101b.dll
2009-04-07 15:14 . 2008-04-14 20:39   6144   ----a-w   c:\windows\system32\kbd106.dll

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2060-08-18 17:40 . 2008-12-15 13:42   909824   ------w   c:\windows\system32\cp3245mt.dll
2060-08-18 17:40 . 2008-12-15 13:42   24064   ------w   c:\windows\system32\borlndmm.dll
2060-08-18 17:02 . 2008-12-15 13:42   1496064   ----a-w   c:\windows\system32\CC3250MT.DLL
2009-04-28 16:03 . 2008-12-28 12:04   999456   --sha-w   c:\windows\system32\drivers\fidbox2.dat
2009-04-28 16:03 . 2008-12-28 12:04   8688   --sha-w   c:\windows\system32\drivers\fidbox2.idx
2009-04-28 16:03 . 2008-12-28 12:04   6189600   --sha-w   c:\windows\system32\drivers\fidbox.dat
2009-04-28 16:03 . 2008-12-28 12:04   53628   --sha-w   c:\windows\system32\drivers\fidbox.idx
2009-04-26 09:00 . 2009-02-16 00:57   --------   d-----w   c:\program files\ABBYY FineReader 9.0
2009-04-26 07:12 . 2008-01-09 11:58   --------   d--h--w   c:\program files\InstallShield Installation Information
2009-04-15 17:28 . 2009-04-15 17:28   --------   d-----w   c:\program files\MultiRes
2009-04-15 17:28 . 2009-04-15 17:28   472576   ----a-w   c:\windows\Radeon Omega Drivers v4.8.442 Uninstall.exe
2009-04-15 17:28 . 2009-04-15 17:28   --------   d-----w   c:\program files\Radeon Omega Drivers
2009-04-15 17:24 . 2008-01-09 11:58   --------   d-----w   c:\program files\ATI Technologies
2009-03-29 09:13 . 2001-10-26 14:15   568382   ----a-w   c:\windows\system32\perfh015.dat
2009-03-29 09:13 . 2001-10-26 14:15   114694   ----a-w   c:\windows\system32\perfc015.dat
2009-03-13 16:36 . 2009-03-10 22:48   --------   d-----w   c:\program files\Allok RM RMVB to AVI MPEG DVD Converter
2009-03-13 15:56 . 2009-03-13 15:56   --------   d-----w   c:\program files\avsysinfo
2009-03-10 12:11 . 2008-01-25 00:13   --------   d-----w   c:\program files\Ganymede
2009-03-06 22:13 . 2009-03-06 22:09   --------   d-----w   c:\program files\Directory Lister
2009-03-01 20:44 . 2008-10-31 12:37   1612432   ----a-w   c:\documents and settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat
2009-02-20 20:05 . 2008-01-09 12:05   48032   ----a-w   c:\documents and settings\PC\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
2009-02-10 10:18 . 2008-01-29 16:29   33808   ----a-w   c:\windows\system32\drivers\klbg.sys
2009-02-10 00:54 . 2008-12-04 15:28   48   ----a-w   c:\windows\EL0103.dat
2009-02-09 00:09 . 2009-02-09 00:09   4096   ----a-w   c:\windows\d3dx.dat
2009-02-05 10:57 . 2009-01-31 20:47   22328   ----a-w   c:\windows\system32\drivers\PnkBstrK.sys
2009-02-05 10:57 . 2009-01-31 20:47   22328   ----a-w   c:\documents and settings\PC\Dane aplikacji\PnkBstrK.sys
2009-02-05 10:57 . 2009-01-31 20:47   107832   ----a-w   c:\windows\system32\PnkBstrB.exe
2009-02-05 10:56 . 2009-01-31 20:47   66872   ----a-w   c:\windows\system32\PnkBstrA.exe
2009-02-05 10:56 . 2009-01-31 20:47   2250024   ----a-w   c:\windows\system32\pbsvc.exe
2009-02-03 17:40 . 2008-12-28 12:04   89601   ----a-w   c:\windows\system32\drivers\klick.dat
2009-02-03 17:40 . 2008-12-28 12:04   101287   ----a-w   c:\windows\system32\drivers\klin.dat
2009-02-01 08:01 . 2009-02-01 08:01   127   ----a-w   c:\documents and settings\PC\Ustawienia lokalne\Dane aplikacji\fusioncache.dat
2009-01-31 12:54 . 2008-01-13 19:50   717296   ----a-w   c:\windows\system32\drivers\sptd.sys
2009-01-30 18:47 . 2009-01-30 18:44   249856   ------w   c:\windows\Setup1.exe
2009-01-30 18:47 . 2009-01-30 18:44   73216   ----a-w   c:\windows\ST6UNST.EXE
.

(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2008-03-20 2127296]
"OscarEditor"="c:\program files\MouseGestures\OscarEditor.exe" [2008-07-31 2865152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-11-24 487424]
"NBKeyScan"="d:\nero 8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"AVP"="d:\kaspersky\avp.exe" [2009-02-10 206088]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2004-08-22 81920]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-06-13 16377344]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]
"AtiPTA"="atiptaxx.exe" - c:\windows\system32\atiptaxx.exe [2006-02-22 344064]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu Start\Programy\Autostart\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
NCProTray.lnk - c:\program files\SEC\Natural Color Pro\NCProTray.exe [2009-1-28 49220]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Gadu-Gadu\\gg.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"d:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\Java\\jre1.6.0_03\\bin\\java.exe"=
"c:\\Program Files\\Java\\jre1.6.0_03\\bin\\javaw.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"f:\\CounterStrike 1.6\\hl.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9987:TCP"= 9987:TCP:BitComet 9987 TCP
"9987:UDP"= 9987:UDP:BitComet 9987 UDP
"26394:TCP"= 26394:TCP:BitComet 26394 TCP
"26394:UDP"= 26394:UDP:BitComet 26394 UDP
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R2 gupdate1c989373f209da1;Google Update Service (gupdate1c989373f209da1);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-07 133104]
R3 AVPsys;AVPsys; [x]
R3 CrystalSysInfo;CrystalSysInfo;c:\program files\MediaCoder\SysInfo.sys [2007-09-25 15152]
R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\Drivers\IvtBtBus.sys [2008-07-02 26248]
R3 w200bus;Sony Ericsson W200 driver (WDM);c:\windows\system32\DRIVERS\w200bus.sys [2006-11-07 61504]
R3 w200mdfl;Sony Ericsson W200 USB WMC Modem Filter;c:\windows\system32\DRIVERS\w200mdfl.sys [2006-11-07 9328]
R3 w200mdm;Sony Ericsson W200 USB WMC Modem Driver;c:\windows\system32\DRIVERS\w200mdm.sys [2006-11-07 97056]
R3 w200mgmt;Sony Ericsson W200 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\w200mgmt.sys [2006-11-07 88560]
R3 w200obex;Sony Ericsson W200 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\w200obex.sys [2006-11-07 86368]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-07-11 47128]
R4 RsFx0102;RsFx0102 Driver;c:\windows\system32\DRIVERS\RsFx0102.sys [2008-07-10 242712]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2008-07-11 369688]
S0 BtHidBus;Bluetooth HID Bus Service;c:\windows\System32\Drivers\BtHidBus.sys [2008-01-21 21512]
S0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-02-10 33808]
S1 atitray;atitray;c:\program files\Radeon Omega Drivers\v4.8.442\ATI Tray Tools\atitray.sys [2007-11-05 17952]
S2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [2008-10-27 759072]
S3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys [2008-04-30 24592]

.
Zawartość folderu 'Zaplanowane zadania'

2009-04-28 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-07 15:17]
.
- - - - USUNIĘTO PUSTE WPISY - - - -

HKCU-Run-cdoosoft - c:\windows\system32\olhrwef.exe
HKCU-Run-AdobeBridge - (no file)


.
------- Skan uzupełniający -------
.
uStart Page = about:blank
IE: E&ksport do programu Microsoft Excel - d:\office\OFFICE11\EXCEL.EXE/3000
TCP: {DB84249A-192B-4E57-A9E1-A6A6F449A3A0} = 192.168.0.158,192.168.0.159
FF - ProfilePath - c:\documents and settings\PC\Dane aplikacji\Mozilla\Firefox\Profiles\g94l6a4m.default\
FF - plugin: c:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: d:\divx\DivX Web Player\npdivx32.dll
FF - plugin: d:\program\plugins\npdivx32.dll
FF - plugin: d:\program\plugins\npdsplay.dll
FF - plugin: d:\program\plugins\npganymedenet.dll
FF - plugin: d:\program\plugins\npwmsdrm.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-28 19:18
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

skanowanie ukrytych procesów ... 

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ... 

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------

[HKEY_USERS\S-1-5-21-1409082233-1960408961-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:a9,02,eb,f6,42,43,d4,0e,07,ef,0a,21,4a,cb,94,64,96,15,45,d1,3e,
   04,ac,5e,6b,46,fe,a2,20,4b,98,4f,c6,a9,99,84,c1,2b,8e,bc,21,9e,f9,86,a8,67,\
"rkeysecu"=hex:3a,b6,ec,b9,b2,9a,9d,d0,2e,21,51,19,69,6f,ad,72
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

- - - - - - - > 'winlogon.exe'(1072)
c:\windows\system32\Ati2evxx.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
Czas ukończenia: 2009-04-28 19:20
ComboFix-quarantined-files.txt  2009-04-28 17:19

Przed: 307 294 208 bajtów wolnych
Po: 1 880 010 752 bajtów wolnych

199   --- E O F ---   2008-04-13 10:33


Liczę na szybka pomoc, z góry dzięki:d

[Okocza]

Wykonaj to co jest podane w tym temacie

Zastosuj SDFix . Po pobraniu uruchom go a rozpakuje się do C:\SDFix. Uruchom komputer w trybie awaryjnym (F8 przy stracie systemu). Będąc w awaryjnym uruchom plik RunThis.bat z folderu SDFixa. Zatwierdź czyszczenie przez Y. Poczekaj aż ukończy i komputer zresetuje

Potem wejdz do folderu C:\SDFix wrzuc zawartość pliku Report.txt + log z combofixa oraz daj loga z hijacka

Autor postu otrzymał pochwałę

[Goturi]

Ok zrobilem

Oto log z Sdfixa:

Kod: Zaznacz wszystko

[b]SDFix: Version 1.240 [/b]
Run by PC on 2009-04-28 at 20:25

Microsoft Windows XP [Wersja 5.1.2600]
Running From: C:\SDFix

[b]Checking Services [/b]:


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


[b]Checking Files [/b]:

No Trojan Files Found






Removing Temp Files

[b]ADS Check [/b]:



                                 [b]Final Check [/b]:

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-28 20:30:01
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\2c3d4f041741]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40]
"khjeh"=hex:20,02,00,00,90,64,14,44,2f,ff,4a,7e,78,b1,05,32,f7,39,f4,03,ed,..
"hj34z0"=hex:13,97,3d,78,d7,ec,13,46,ff,74,e3,77,7c,b8,dd,47,b4,f4,60,fe,fe,..
"hj34z1"=hex:b8,97,3d,78,af,ec,13,46,fe,74,e2,77,7d,b8,dd,47,b4,f4,60,fe,fb,..
"hj34z2"=hex:b8,97,3d,78,af,ec,13,46,fe,74,e2,77,7d,b8,dd,47,b4,f4,60,fe,fb,..
"hj34z3"=hex:b8,97,3d,78,af,ec,13,46,fe,74,e2,77,7d,b8,dd,47,b4,f4,60,fe,fb,..
"hj34z4"=hex:b8,97,3d,78,af,ec,13,46,fe,74,e2,77,7d,b8,dd,47,b4,f4,60,fe,fb,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf41]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf42]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000001
"ujdew"=hex:35,c2,b4,f0,37,a4,02,0d,08,a4,5a,d0,32,91,c6,7c,9e,fd,36,4d,c8,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:58,1b,4b,34,a7,ff,9f,aa,c3,88,72,bb,ae,64,d3,ba,49,76,f5,3e,20,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000001
"ujdew"=hex:35,c2,b4,f0,37,a4,02,0d,08,a4,5a,d0,32,91,c6,7c,9e,fd,36,4d,c8,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="D:\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:b8,75,e3,8f,8c,25,3c,27,1f,34,7d,9a,34,db,51,bf,b9,ee,a4,98,e2,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,99,41,96,e2,b6,da,0a,66,f9,92,6f,f8,e7,d8,52,c2,af,..
"khjeh"=hex:34,49,5f,44,5d,f9,b1,a4,e6,34,ae,b8,6f,1b,b1,c4,a4,12,47,7e,29,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:4e,80,71,7c,10,74,61,fc,ee,ce,c6,3d,14,b1,16,22,51,8b,04,1a,f1,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:95,f2,77,1e,55,6d,c0,c1,86,2c,b2,9a,a0,e2,bb,9b,fc,19,59,32,68,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:c0,8a,92,02,f5,30,a3,30,38,ac,54,e3,79,47,0d,61,7a,f1,f9,7f,c7,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43]
"khjeh"=hex:65,e8,a2,4f,aa,1d,94,c4,66,22,91,00,fb,89,47,52,ad,6d,e0,7c,99,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\2c3d4f041741]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000001
"ujdew"=hex:35,c2,b4,f0,37,a4,02,0d,08,a4,5a,d0,32,91,c6,7c,9e,fd,36,4d,c8,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:58,1b,4b,34,a7,ff,9f,aa,c3,88,72,bb,ae,64,d3,ba,49,76,f5,3e,20,..

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:0000008e
"TracesSuccessful"=dword:00000001

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


[b]Remaining Services [/b]:




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Gadu-Gadu\\gg.exe"="C:\\Program Files\\Gadu-Gadu\\gg.exe:*:Enabled:Gadu-Gadu - program główny"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"D:\\totalcmd\\TOTALCMD.EXE"="D:\\totalcmd\\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"C:\\Program Files\\Java\\jre1.6.0_03\\bin\\java.exe"="C:\\Program Files\\Java\\jre1.6.0_03\\bin\\java.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\\Program Files\\Java\\jre1.6.0_03\\bin\\javaw.exe"="C:\\Program Files\\Java\\jre1.6.0_03\\bin\\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\\Program Files\\SopCast\\adv\\SopAdver.exe"="C:\\Program Files\\SopCast\\adv\\SopAdver.exe:*:Enabled:SopCast Adver"
"C:\\Program Files\\SopCast\\SopCast.exe"="C:\\Program Files\\SopCast\\SopCast.exe:*:Enabled:SopCast Main Application"
"C:\\Program Files\\DNA\\btdna.exe"="C:\\Program Files\\DNA\\btdna.exe:*:Enabled:DNA"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"F:\\CounterStrike 1.6\\hl.exe"="F:\\CounterStrike 1.6\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\WINDOWS\\system32\\PnkBstrA.exe"="C:\\WINDOWS\\system32\\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\\WINDOWS\\system32\\PnkBstrB.exe"="C:\\WINDOWS\\system32\\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\\Program Files\\ICQ6\\ICQ.exe"="C:\\Program Files\\ICQ6\\ICQ.exe:*:Enabled:ICQ6"
"C:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"="C:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[b]Remaining Files [/b]:



[b]Files with Hidden Attributes [/b]:

Wed 25 Feb 2009           888 ...HR --- "C:\Documents and Settings\PC\Dane aplikacji\SecuROM\UserData\securom_v7_01.bak"

[b]Finished![/b]


Dodano 28.04.2009 19:40:44:
Combofix:

Kod: Zaznacz wszystko

ComboFix 09-04-27.05 - PC 2009-04-28 20:37.3 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1250.48.1045.18.2046.1550 [GMT 2:00]
Uruchomiony z: c:\documents and settings\PC\Pulpit\ComboFix.exe
AV: Kaspersky Anti-Virus *On-access scanning enabled* (Outdated)
FW: Kaspersky Anti-Virus *disabled*
.

(((((((((((((((((((((((((   Pliki utworzone od 2009-05-28 do 2009-4-28  )))))))))))))))))))))))))))))))
.

2009-04-24 15:39 . 2009-04-24 15:39   --------   d-----w   c:\program files\SystemRequirementsLab
2009-04-24 15:39 . 2009-04-24 15:39   --------   d-----w   c:\documents and settings\PC\SystemRequirementsLab
2009-04-24 12:06 . 2009-04-24 12:06   792   ----a-w   c:\windows\system32\ealregsnapshot1.reg
2009-04-24 12:06 . 2009-04-24 12:06   --------   d-----w   c:\documents and settings\PC\Ustawienia lokalne\Dane aplikacji\Downloaded Installations
2009-04-15 17:36 . 2009-04-15 17:36   --------   d-----w   c:\documents and settings\PC\Dane aplikacji\atitray
2009-04-15 17:30 . 2007-09-28 19:05   593920   ------w   c:\windows\system32\ati2sgag.exe
2009-04-15 17:27 . 2009-04-15 17:27   --------   d-----w   c:\program files\Driver Cleaner
2009-04-13 16:31 . 2009-04-13 16:31   0   ----a-w   c:\windows\ativpsrm.bin
2009-04-07 15:14 . 2001-08-18 04:36   8704   ----a-w   c:\windows\system32\kbdjpn.dll
2009-04-07 15:14 . 2001-08-18 04:36   8192   ----a-w   c:\windows\system32\kbdkor.dll
2009-04-07 15:14 . 2001-08-17 20:55   6144   ----a-w   c:\windows\system32\kbd101c.dll
2009-04-07 15:14 . 2001-08-17 20:55   5632   ----a-w   c:\windows\system32\kbd103.dll
2009-04-07 15:14 . 2001-08-17 20:55   6144   ----a-w   c:\windows\system32\kbd101b.dll
2009-04-07 15:14 . 2008-04-14 20:39   6144   ----a-w   c:\windows\system32\kbd106.dll

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2060-08-18 17:40 . 2008-12-15 13:42   909824   ------w   c:\windows\system32\cp3245mt.dll
2060-08-18 17:40 . 2008-12-15 13:42   24064   ------w   c:\windows\system32\borlndmm.dll
2060-08-18 17:02 . 2008-12-15 13:42   1496064   ----a-w   c:\windows\system32\CC3250MT.DLL
2009-04-28 18:21 . 2008-12-28 12:04   999456   --sha-w   c:\windows\system32\drivers\fidbox2.dat
2009-04-28 18:21 . 2008-12-28 12:04   8688   --sha-w   c:\windows\system32\drivers\fidbox2.idx
2009-04-28 18:21 . 2008-12-28 12:04   6189600   --sha-w   c:\windows\system32\drivers\fidbox.dat
2009-04-28 18:21 . 2008-12-28 12:04   53628   --sha-w   c:\windows\system32\drivers\fidbox.idx
2009-04-26 09:00 . 2009-02-16 00:57   --------   d-----w   c:\program files\ABBYY FineReader 9.0
2009-04-26 07:12 . 2008-01-09 11:58   --------   d--h--w   c:\program files\InstallShield Installation Information
2009-04-15 17:28 . 2009-04-15 17:28   --------   d-----w   c:\program files\MultiRes
2009-04-15 17:28 . 2009-04-15 17:28   472576   ----a-w   c:\windows\Radeon Omega Drivers v4.8.442 Uninstall.exe
2009-04-15 17:28 . 2009-04-15 17:28   --------   d-----w   c:\program files\Radeon Omega Drivers
2009-04-15 17:24 . 2008-01-09 11:58   --------   d-----w   c:\program files\ATI Technologies
2009-03-29 09:13 . 2001-10-26 14:15   568382   ----a-w   c:\windows\system32\perfh015.dat
2009-03-29 09:13 . 2001-10-26 14:15   114694   ----a-w   c:\windows\system32\perfc015.dat
2009-03-13 16:36 . 2009-03-10 22:48   --------   d-----w   c:\program files\Allok RM RMVB to AVI MPEG DVD Converter
2009-03-13 15:56 . 2009-03-13 15:56   --------   d-----w   c:\program files\avsysinfo
2009-03-10 12:11 . 2008-01-25 00:13   --------   d-----w   c:\program files\Ganymede
2009-03-06 22:13 . 2009-03-06 22:09   --------   d-----w   c:\program files\Directory Lister
2009-03-01 20:44 . 2008-10-31 12:37   1612432   ----a-w   c:\documents and settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat
2009-02-20 20:05 . 2008-01-09 12:05   48032   ----a-w   c:\documents and settings\PC\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
2009-02-10 10:18 . 2008-01-29 16:29   33808   ----a-w   c:\windows\system32\drivers\klbg.sys
2009-02-10 00:54 . 2008-12-04 15:28   48   ----a-w   c:\windows\EL0103.dat
2009-02-09 00:09 . 2009-02-09 00:09   4096   ----a-w   c:\windows\d3dx.dat
2009-02-05 10:57 . 2009-01-31 20:47   22328   ----a-w   c:\windows\system32\drivers\PnkBstrK.sys
2009-02-05 10:57 . 2009-01-31 20:47   22328   ----a-w   c:\documents and settings\PC\Dane aplikacji\PnkBstrK.sys
2009-02-05 10:57 . 2009-01-31 20:47   107832   ----a-w   c:\windows\system32\PnkBstrB.exe
2009-02-05 10:56 . 2009-01-31 20:47   66872   ----a-w   c:\windows\system32\PnkBstrA.exe
2009-02-05 10:56 . 2009-01-31 20:47   2250024   ----a-w   c:\windows\system32\pbsvc.exe
2009-02-03 17:40 . 2008-12-28 12:04   89601   ----a-w   c:\windows\system32\drivers\klick.dat
2009-02-03 17:40 . 2008-12-28 12:04   101287   ----a-w   c:\windows\system32\drivers\klin.dat
2009-02-01 08:01 . 2009-02-01 08:01   127   ----a-w   c:\documents and settings\PC\Ustawienia lokalne\Dane aplikacji\fusioncache.dat
2009-01-31 12:54 . 2008-01-13 19:50   717296   ----a-w   c:\windows\system32\drivers\sptd.sys
2009-01-30 18:47 . 2009-01-30 18:44   249856   ------w   c:\windows\Setup1.exe
2009-01-30 18:47 . 2009-01-30 18:44   73216   ----a-w   c:\windows\ST6UNST.EXE
.

(((((((((((((((((((((((((((((   SnapShot@2009-04-28_17.18.47   )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-04-28 18:24 . 2009-04-28 18:24   580096              c:\windows\system32\dllcache\user32.dll
+ 2009-04-28 18:22 . 2009-04-28 18:22   225280              c:\windows\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000002\UsrClass.dat
+ 2009-04-28 18:22 . 2008-08-07 13:27   163328              c:\windows\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2009-04-28 18:23 . 2009-04-28 18:23   225280              c:\windows\ERUNT\SDFIX\Users\[u]0[/u]0000002\UsrClass.dat
+ 2009-04-28 18:23 . 2008-08-07 13:27   163328              c:\windows\ERUNT\SDFIX\ERDNT.EXE
+ 2009-04-28 18:22 . 2009-04-28 18:22   9056256              c:\windows\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000001\NTUSER.DAT
+ 2009-04-28 18:23 . 2009-04-28 18:23   9056256              c:\windows\ERUNT\SDFIX\Users\[u]0[/u]0000001\NTUSER.DAT
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2008-03-20 2127296]
"OscarEditor"="c:\program files\MouseGestures\OscarEditor.exe" [2008-07-31 2865152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-11-24 487424]
"NBKeyScan"="d:\nero 8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"AVP"="d:\kaspersky\avp.exe" [2009-02-10 206088]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2004-08-22 81920]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-06-13 16377344]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]
"AtiPTA"="atiptaxx.exe" - c:\windows\system32\atiptaxx.exe [2006-02-22 344064]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu Start\Programy\Autostart\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
NCProTray.lnk - c:\program files\SEC\Natural Color Pro\NCProTray.exe [2009-1-28 49220]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Gadu-Gadu\\gg.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"d:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\Java\\jre1.6.0_03\\bin\\java.exe"=
"c:\\Program Files\\Java\\jre1.6.0_03\\bin\\javaw.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"f:\\CounterStrike 1.6\\hl.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9987:TCP"= 9987:TCP:BitComet 9987 TCP
"9987:UDP"= 9987:UDP:BitComet 9987 UDP
"26394:TCP"= 26394:TCP:BitComet 26394 TCP
"26394:UDP"= 26394:UDP:BitComet 26394 UDP
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R2 gupdate1c989373f209da1;Google Update Service (gupdate1c989373f209da1);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-07 133104]
R3 AVPsys;AVPsys; [x]
R3 CrystalSysInfo;CrystalSysInfo;c:\program files\MediaCoder\SysInfo.sys [2007-09-25 15152]
R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\Drivers\IvtBtBus.sys [2008-07-02 26248]
R3 w200bus;Sony Ericsson W200 driver (WDM);c:\windows\system32\DRIVERS\w200bus.sys [2006-11-07 61504]
R3 w200mdfl;Sony Ericsson W200 USB WMC Modem Filter;c:\windows\system32\DRIVERS\w200mdfl.sys [2006-11-07 9328]
R3 w200mdm;Sony Ericsson W200 USB WMC Modem Driver;c:\windows\system32\DRIVERS\w200mdm.sys [2006-11-07 97056]
R3 w200mgmt;Sony Ericsson W200 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\w200mgmt.sys [2006-11-07 88560]
R3 w200obex;Sony Ericsson W200 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\w200obex.sys [2006-11-07 86368]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-07-11 47128]
R4 RsFx0102;RsFx0102 Driver;c:\windows\system32\DRIVERS\RsFx0102.sys [2008-07-10 242712]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2008-07-11 369688]
S0 BtHidBus;Bluetooth HID Bus Service;c:\windows\System32\Drivers\BtHidBus.sys [2008-01-21 21512]
S0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-02-10 33808]
S1 atitray;atitray;c:\program files\Radeon Omega Drivers\v4.8.442\ATI Tray Tools\atitray.sys [2007-11-05 17952]
S2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [2008-10-27 759072]
S3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys [2008-04-30 24592]

.
Zawartość folderu 'Zaplanowane zadania'

2009-04-28 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-07 15:17]
.
.
------- Skan uzupełniający -------
.
uStart Page = about:blank
IE: E&ksport do programu Microsoft Excel - d:\office\OFFICE11\EXCEL.EXE/3000
TCP: {DB84249A-192B-4E57-A9E1-A6A6F449A3A0} = 192.168.0.158,192.168.0.159
FF - ProfilePath - c:\documents and settings\PC\Dane aplikacji\Mozilla\Firefox\Profiles\g94l6a4m.default\
FF - plugin: c:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: d:\divx\DivX Web Player\npdivx32.dll
FF - plugin: d:\program\plugins\npdivx32.dll
FF - plugin: d:\program\plugins\npdsplay.dll
FF - plugin: d:\program\plugins\npganymedenet.dll
FF - plugin: d:\program\plugins\npwmsdrm.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-28 20:38
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

skanowanie ukrytych procesów ... 

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ... 

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------

[HKEY_USERS\S-1-5-21-1409082233-1960408961-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:a9,02,eb,f6,42,43,d4,0e,07,ef,0a,21,4a,cb,94,64,96,15,45,d1,3e,
   04,ac,5e,6b,46,fe,a2,20,4b,98,4f,c6,a9,99,84,c1,2b,8e,bc,21,9e,f9,86,a8,67,\
"rkeysecu"=hex:3a,b6,ec,b9,b2,9a,9d,d0,2e,21,51,19,69,6f,ad,72
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

- - - - - - - > 'winlogon.exe'(1072)
c:\windows\system32\Ati2evxx.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

- - - - - - - > 'explorer.exe'(2264)
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Czas ukończenia: 2009-04-28 20:39
ComboFix-quarantined-files.txt  2009-04-28 18:39
ComboFix2.txt  2009-04-28 17:20

Przed: 1 447 743 488 bajtów wolnych
Po: 1 440 763 904 bajtów wolnych

198   --- E O F ---   2008-04-13 10:33


Dodano 28.04.2009 19:42:17:
Hijack:

Kod: Zaznacz wszystko

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:41:31, on 2009-04-28
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
D:\Nero 8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MouseGestures\OscarEditor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\SEC\Natural Color Pro\NCProTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - D:\Kaspersky\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Catcher Class - {ADECBED6-0366-4377-A739-E69DFBA04663} - C:\Program Files\Moyea\FLV Downloader\MoyeaCth.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NBKeyScan] "D:\Nero 8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AVP] "D:\Kaspersky\avp.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe"  -lang 1033
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [OscarEditor] "C:\Program Files\MouseGestures\OscarEditor.exe" Minimum
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: NCProTray.lnk = ?
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://D:\Office\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Statystyki ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - D:\Kaspersky\SCIEPlgn.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Office\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{DB84249A-192B-4E57-A9E1-A6A6F449A3A0}: NameServer = 192.168.0.158,192.168.0.159
O23 - Service: ABBYY FineReader 9.0 PE Licensing Service (ABBYY.Licensing.FineReader.Professional.9.0) - ABBYY (BIT Software) - C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - D:\Kaspersky\avp.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c989373f209da1) (gupdate1c989373f209da1) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - D:\Nero 8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

--
End of file - 6664 bytes


[Okocza]

1. tym programem przejdź komputer)
2. wykonaj optymalizację windowsa
3.sciagnij ATF_Cleaner
zaznacz
Windows Temp
All users Temp
Temporary internet files
Recycle Bin
i wcisnij EMPTY SELECTED
4.Wyłącz przywracanie systemu ( właściwości mój komputer-zakładka przywracanie - wyłącz przywracanie na wszystkich dyskach). Po chwili włącz je powrotem
5. Przeskanuj komputer pod względem Trojanów tym programem
6. Wstaw na forum screen z zakładki uruchamianie (start – uruchom – msconfig – uruchamianie) może uda się cos wyrzucic stamtąd.

[Goturi]

Hmm właśnie jest pewien problem dotyczący msconfig i zakładki uruchomianie...

Po odznaczeniu jakichkolwiek składników nie chce zaakceptować, czytałem kiedyś ze to wina sterowników do drukarki HP ;d Co z tym zrobić?

komunikat: "Błąd odmowy dostępu został zwrócony podczas dokonywania próby zmian usługi. być może musisz się zalgować używając konta administartora, aby przeprowadzić okreslone zmiany"

- jestem na koncie administratora.

Dodano 29.04.2009 20:54:55:
Ok, znalazłem rozwiązanie problemu z msconfig:
HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Services/Pml Driver HPZ12/Start i zmienić wartość na 4.


http://i39.tinypic.com/hsp3xx.jpg - o to screen z zakładki Uruchomianie.
Zostało jeszcze:NCProTray, nie zmieściło się na screenie.