[wierzynek]

Logfile of HijackThis v1.99.1
Scan saved at 13:52:57, on 2008-10-27
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\LifeView DTV\RemoteControl.exe
C:\DOCUME~1\WAWRZY~1\USTAWI~1\Temp\svchost.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\NCLAUNCH.EXe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\DOCUME~1\WAWRZY~1\USTAWI~1\Temp\RtkBtMnt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\DOCUME~1\WAWRZY~1\USTAWI~1\Temp\cc.exe
C:\Documents and Settings\Wawrzynki\Pulpit\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.aceradvantage.com/stdreg
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: WebManager Class - {D5792AA9-D373-4039-8670-2CDAB6A71F15} - C:\Program Files\Get-Torrent\TorrentManager.dll (file missing)
O2 - BHO: FastRX - {E09962E7-A39E-4F60-8003-66D57BED27B7} - C:\WINDOWS\system32\fastRX.dll (file missing)
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [tasa] C:\DOCUME~1\WAWRZY~1\USTAWI~1\Temp\taso.exe
O4 - HKLM\..\Run: [DTVRemote] "C:\Program Files\LifeView DTV\RemoteControl.exe"
O4 - HKLM\..\Run: [WindowsServicesStartup] C:\DOCUME~1\WAWRZY~1\USTAWI~1\Temp\svchost.exe 1
O4 - HKLM\..\Run: [kpx] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\fastRX.dll DllInitApp
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [bend logo clock film] C:\Documents and Settings\All Users\Dane aplikacji\Frag great bend logo\active dale.exe
O4 - HKLM\..\Run: [OBSWATCH] C:\PROGRA~1\ORANGEBS\Watch.exe
O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
O4 - HKLM\..\Run: [Base frag grid bows] C:\Documents and Settings\All Users\Dane aplikacji\Cast ping base frag\User slow.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [kava] C:\WINDOWS\system32\kavo.exe
O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
O4 - HKCU\..\Run: [tava] C:\WINDOWS\system32\tavo.exe
O4 - HKCU\..\Run: [kamsoft] C:\WINDOWS\system32\ckvo.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O8 - Extra context menu item: Wyślij do urządzenia &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {5A09E43F-A0A7-4ABF-AF80-11367CF1DC8F} (MainControl Class) - http://mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.c...b?1169753946359
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macrom...ash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: DirectX Service (Pejud) - Unknown owner - C:\WINDOWS\system32\directx.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: USBest Service Zero (UTSCSI) - Unknown owner - C:\WINDOWS\system32\UTSCSI.EXE

[Asdef]

tryb awaryjny, wylaczasz przywracanie systemu
tu ,asz opis jak to zrobić
http://support.microsoft.com/kb/310405/pl

dalej kasujesz wszystkie wpisy ktore wymienie nizej...
czyli zaznaczasz i FIX w trybie awaryjnym....

zaczynamy
aha... katalog temp tu jest ścieżka C:\DOCUME~1\WAWRZY~1\USTAWI~1\Temp\
ma być pusty, aby sie do niego dostać musisz ustawić, aby pokazywał system pliki ukryte i systemowe
jak pokazać ukryte pliki? otwó¶z jakkis folder i Z menu narzędzie wybieram opcje folderów i zakładkę widok. Tam gdy kliknę Pokaż ukryte pliki i foldery następnie OK

FIX:
C:\DOCUME~1\WAWRZY~1\USTAWI~1\Temp\svchost.exe

C:\DOCUME~1\WAWRZY~1\USTAWI~1\Temp\cc.exe

R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll

O2 - BHO: WebManager Class - {D5792AA9-D373-4039-8670-2CDAB6A71F15} - C:\Program Files\Get-Torrent\TorrentManager.dll (file missing)

O2 - BHO: FastRX - {E09962E7-A39E-4F60-8003-66D57BED27B7} - C:\WINDOWS\system32\fastRX.dll (file missing)

O4 - HKLM\..\Run: [tasa] C:\DOCUME~1\WAWRZY~1\USTAWI~1\Temp\taso.exe

O4 - HKLM\..\Run: [WindowsServicesStartup] C:\DOCUME~1\WAWRZY~1\USTAWI~1\Temp\svchost.exe 1

O4 - HKLM\..\Run: [kpx] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\fastRX.dll DllInitApp

O4 - HKLM\..\Run: [Base frag grid bows] C:\Documents and Settings\All Users\Dane aplikacji\Cast ping base frag\User slow.exe

O4 - HKCU\..\Run: [kava] C:\WINDOWS\system32\kavo.exe

O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html

O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)

O23 - Service: DirectX Service (Pejud) - Unknown owner - C:\WINDOWS\system32\directx.exe (file missing)

Pobierz ComboFix, ale nie uruchamiaj
http://download.bleepingc...Bs/ComboFix.exe
Wklej do notatnika:

Kod:

File:: C:\WINDOWS\system32\kavo.exe

Plik zapisz jako CFScript.txt (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe)
Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe tak jak tu
Rozpocznie się usuwanie i powstanie log, daj ten log na forum.

[wierzynek]

ComboFix 08-10-27.02 - Wawrzynki 2008-10-28 0:26:16.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.1.1045.18.1100 [GMT 1:00]
Uruchomiony z: C:\Documents and Settings\Wawrzynki\Pulpit\ComboFix.exe
Użyto następujących komend :: C:\Documents and Settings\Wawrzynki\Pulpit\CFScript.txt
* Utworzono nowy punkt przywracania

UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA

FILE ::
C:\WINDOWS\system32\kavo.exe
.

((((((((((((((((((((((((( Pliki utworzone od 2008-09-27 do 2008-10-27 )))))))))))))))))))))))))))))))
.

2008-10-27 17:43 . 2008-10-27 17:43 438 --a------ C:\WINDOWS\OLIGO.INI
2008-10-27 17:40 . 2008-10-27 17:40 <DIR> d-------- C:\Program Files\FastPCR
2008-10-25 21:27 . 2008-10-27 09:20 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-10-25 21:27 . 2008-10-25 21:27 1,409 --a------ C:\WINDOWS\QTFont.for
2008-10-22 08:44 . 2008-10-22 16:08 104,123 -r-hs---- C:\xlk9.com
2008-10-17 19:12 . 2008-10-21 22:49 103,973 -r-hs---- C:\2fiji.com
2008-10-17 13:19 . 2008-10-17 13:19 579,072 --a------ C:\WINDOWS\system32\dllcache\user32.dll
2008-10-17 13:16 . 2008-10-17 13:16 <DIR> d-------- C:\WINDOWS\ERUNT
2008-10-17 13:13 . 2008-10-16 12:17 <DIR> d-------- C:\SDFix
2008-10-15 20:55 . 2008-10-15 20:55 <DIR> d-------- C:\Program Files\IKEA HomePlanner
2008-10-15 19:42 . 2008-10-15 19:42 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-10-15 16:47 . 2008-10-16 22:02 111,590 -r-hs---- C:\gx.com
2008-10-15 16:47 . 2008-10-15 16:38 102,278 -r-hs---- C:\pnt.com
2008-10-14 14:23 . 2008-10-14 14:23 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Bluetooth Software
2008-10-09 18:55 . 2008-10-10 17:07 101,500 -r-hs---- C:\08dgu.com
2008-10-09 17:56 . 2008-10-09 17:56 <DIR> d-------- C:\WINDOWS\system32\pl
2008-10-09 17:56 . 2008-10-09 17:56 <DIR> d-------- C:\WINDOWS\system32\bits
2008-10-09 17:56 . 2008-10-09 17:56 <DIR> d-------- C:\WINDOWS\l2schemas
2008-10-09 17:55 . 2008-10-09 17:55 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-10-09 17:50 . 2008-10-09 17:50 <DIR> d-------- C:\WINDOWS\EHome
2008-10-07 02:43 . 2008-10-09 12:00 1,079,908 --a------ C:\WINDOWS\setupapi.log.16.old
2008-10-05 13:11 . 2008-10-05 13:11 119,960 -r-hs---- C:\o6pq1n8.com
2008-09-29 10:28 . 2008-09-29 10:28 100,108 -r-hs---- C:\nfdmg.com

.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-11 02:27 96,047 --sh--r C:\39lpji.com
2008-09-11 02:12 115,992 --sh--r C:\iwjj.com
2008-09-02 07:01 109,992 --sh--r C:\rjx0.exe
2008-08-29 09:04 89,828 --sh--r C:\ph.com
2008-08-27 08:25 109,020 --sh--r C:\dpu1.exe
2007-03-05 22:18 81,920 ----a-w C:\Documents and Settings\Wawrzynki\Dane aplikacji\ezpinst.exe
2007-03-05 22:18 47,360 ----a-w C:\Documents and Settings\Wawrzynki\Dane aplikacji\pcouffin.sys
2004-08-11 21:32 2,051,072 ----a-w C:\Program Files\SWFDecompiler.exe
.

------- Sigcheck -------

2007-03-08 17:38 579072 a37a4637f84f8dd771274eaf8d17fa65 C:\WINDOWS\system32\user32.dll
2008-10-17 13:19 579072 a37a4637f84f8dd771274eaf8d17fa65 C:\WINDOWS\system32\dllcache\user32.dll
2005-03-02 20:21 578560 6a93565be9b8422eb7538c66ac732d76 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
2007-03-08 17:51 579584 11abdecc02efc1d2b6a6a0fa46c26594 C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
2005-03-02 20:18 578560 b7eeb1a1af740306049241ddf61f21ff C:\WINDOWS\$NtUninstallKB925902$\user32.dll
2004-08-04 20:00 578560 0c81764f50f32d376e6e4b9e9f4b01a0 C:\WINDOWS\$NtUninstallKB890859$\user32.dll
2007-03-08 17:38 579072 a37a4637f84f8dd771274eaf8d17fa65 C:\WINDOWS\$NtServicePackUninstall$\user32.dll
2008-04-14 19:20 580096 a435c5c069afd901751ac323ad238793 C:\WINDOWS\ServicePackFiles\i386\user32.dll

2007-06-13 15:23 1034752 029a562e81bbee088c61d418bf408f44 C:\WINDOWS\explorer.exe
2005-11-19 08:06 64000 a5ab1d2c9e15d956a8ba22a81a1eab6c C:\WINDOWS\Downloaded Program Files\explorer.exe
2007-06-13 15:12 1034752 8db0650b211425b9cdb7d1c4a8f6b482 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2004-08-04 20:00 1033728 379098a96e6c165b659de7e4328010ea C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2007-06-13 15:23 1034752 029a562e81bbee088c61d418bf408f44 C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
2008-04-14 19:21 1035264 c791ed9eac5e76d9525e157b1d7a599a C:\WINDOWS\ServicePackFiles\i386\explorer.exe

2005-06-11 01:53 57856 da81ec57acd4cdc3d4c51cf3d409af9f C:\WINDOWS\system32\spoolsv.exe
2005-06-11 02:17 57856 ad3d9d191aea7b5445fe1d82ffbb4788 C:\WINDOWS\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
2004-08-04 20:00 57856 bebe8a85954ff460374fd5a0cd21e19b C:\WINDOWS\$NtUninstallKB896423$\spoolsv.exe
2005-06-11 01:53 57856 da81ec57acd4cdc3d4c51cf3d409af9f C:\WINDOWS\$NtServicePackUninstall$\spoolsv.exe
2008-04-14 19:21 57856 dd69ec597ab942c39b950d9c3ce1375d C:\WINDOWS\ServicePackFiles\i386\spoolsv.exe
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2}"= "C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL" [2008-06-01 66912]

[HKEY_CLASSES_ROOT\clsid\{0579b4b6-0293-4d73-b02d-5ebb0ba0f0a2}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
2008-06-01 22:39 66912 --a------ C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\RXOverlay]
@="{921D05D3-1298-40CC-856C-910F8C16E1D9}"
[HKEY_CLASSES_ROOT\CLSID\{921D05D3-1298-40CC-856C-910F8C16E1D9}]
C:\WINDOWS\system32\fastRX.dll [BU]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-06 68856]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2005-02-10 1937408]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-05-10 2111176]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-06-20 1207080]
"NCLaunch"="C:\WINDOWS\NCLAUNCH.EXe" [2007-12-02 40960]
"kamsoft"="C:\WINDOWS\system32\ckvo.exe" [BU]
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-02-28 2321600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2005-12-21 53248]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-11-28 98304]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-11-28 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-11-28 118784]
"LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2006-07-20 593920]
"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\Monitor.exe" [2006-01-24 397312]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-05 282624]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2004-03-11 406016]
"DTVRemote"="C:\Program Files\LifeView DTV\RemoteControl.exe" [2005-12-06 53248]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"bend logo clock film"="C:\Documents and Settings\All Users\Dane aplikacji\Frag great bend logo\active dale.exe" [BU]
"OBSWATCH"="C:\PROGRA~1\ORANGEBS\Watch.exe" [2005-04-21 20480]
"NSLauncher"="C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe" [2007-11-06 3096576]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-27 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 C:\WINDOWS\SkyTel.exe]
"CorelDRAW Graphics Suite 11b"="" [BU]
"AASecuUFD"="" [BU]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 443968]
"kava"="C:\WINDOWS\system32\kavo.exe" [BU]
"kamsoft"="C:\WINDOWS\system32\ckvo.exe" [BU]
"tava"="C:\WINDOWS\system32\tavo.exe" [BU]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-02-27 561213]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{C5F43BEF-CE2F-46D8-AFE6-A647BACD1F09}"= "C:\WINDOWS\system32\Bitkv1.dll" [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= Pvmjpg30.dll
"VIDC.PIM1"= pclepim1.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Gadu-Gadu\\gg.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\System32\\fxsclnt.exe"=
"C:\\Program Files\\NAPI-PROJEKT\\napisy.exe"=
"C:\\WINDOWS\\Downloaded Program Files\\explorer.exe"=
"C:\\Program Files\\SopCast\\SopCast.exe"=
"C:\\Program Files\\totalcmd\\TOTALCMD.EXE"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"C:\\WINDOWS\\System32\\igfxsrvc.exe"=
"C:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"C:\\WINDOWS\\System32\\dpvsetup.exe"=
"C:\\WINDOWS\\System32\\mmc.exe"=
"C:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"C:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 AFPAnsi;G-DATA Ukrywacz Ansi;C:\WINDOWS\system32\Drivers\AFPAnsi.sys [2002-10-09 43904]
S0 FO_PAnt;FotoOffice VirtualDisc Driver;C:\WINDOWS\system32\Drivers\FO_PAnt.sys [ ]
S2 int15.sys;int15.sys;X:\int15.sys [ ]
S2 Kmm4xNT;Kmm4xNT;C:\WINDOWS\system32\drivers\Kmm4xNT.sys [2002-04-26 95484]
S2 Pejud;DirectX Service;C:\WINDOWS\system32\directx.exe [ ]
S3 GTF32BUS;GT F32 BUS;C:\WINDOWS\system32\DRIVERS\gtf32bus.sys [2005-09-01 32000]
S3 GTPTSER;GT PT SER;C:\WINDOWS\system32\DRIVERS\gtptser.sys [2005-09-01 7936]
S3 GTSCSER;GT SC SER;C:\WINDOWS\system32\DRIVERS\gtscser.sys [2005-08-29 18944]
S3 LVHybrid;LVHybrid service;C:\WINDOWS\system32\DRIVERS\LVHybrid.sys [2007-09-04 660992]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;C:\WINDOWS\system32\drivers\nmwcdnsu.sys [2008-02-01 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;C:\WINDOWS\system32\drivers\nmwcdnsuc.sys [2008-02-01 8320]
S3 usbscan;Sterownik skanera USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
\Shell\AutoRun\command - J:\cfv90h.com
\Shell\explore\Command - J:\cfv90h.com
\Shell\open\Command - J:\cfv90h.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\O]
\Shell\AutoRun\command - O:\ntdelect.com
\Shell\explore\Command - O:\ntdelect.com
\Shell\open\Command - O:\ntdelect.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\P]
\Shell\AutoRun\command - P:\ntdelect.com
\Shell\explore\Command - P:\ntdelect.com
\Shell\open\Command - P:\ntdelect.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\X]
\Shell\AutoRun\command - X:\8uot.exe
\Shell\explore\Command - X:\8uot.exe
\Shell\open\Command - X:\8uot.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\Y]
\Shell\AutoRun\command - Y:\8uot.exe
\Shell\explore\Command - Y:\8uot.exe
\Shell\open\Command - Y:\8uot.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\Z]
\Shell\AutoRun\command - Z:\8uot.exe
\Shell\explore\Command - Z:\8uot.exe
\Shell\open\Command - Z:\8uot.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{00867fe6-db36-11dc-966b-001167000000}]
\Shell\AutoRun\command - U:\cubp.bat
\Shell\explore\Command - U:\cubp.bat
\Shell\open\Command - U:\cubp.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{06711b76-906a-11dc-95fe-001167000000}]
\Shell\AutoRun\command - G:\ntdelect.com
\Shell\explore\Command - G:\ntdelect.com
\Shell\open\Command - G:\ntdelect.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{161f73ea-58aa-11db-9377-0016d41c4a89}]
\Shell\AutoRun\command - F:\n6j.com
\Shell\explore\Command - F:\n6j.com
\Shell\open\Command - F:\n6j.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2bf6b330-c70a-11db-949e-001167000000}]
\Shell\AutoRun\command - G:\o2yf0w.bat
\Shell\explore\Command - G:\o2yf0w.bat
\Shell\open\Command - G:\o2yf0w.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{48c10276-ea5b-11db-9501-001167000000}]
\Shell\AutoRun\command - F:\30ed3.exe
\Shell\explore\Command - F:\30ed3.exe
\Shell\open\Command - F:\30ed3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5a40f1de-e15c-11dc-9672-001167000000}]
\Shell\AutoRun\command - Q:\xih9.cmd
\Shell\explore\Command - Q:\xih9.cmd
\Shell\open\Command - Q:\xih9.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{60c06fb1-8bb1-11dc-95f0-001167000000}]
\Shell\AutoRun\command - G:\ntdelect.com
\Shell\explore\Command - G:\ntdelect.com
\Shell\open\Command - G:\ntdelect.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6f4c5d54-f8e3-11dc-969b-001167000000}]
\Shell\AutoRun\command - F:\spq.bat
\Shell\explore\Command - F:\spq.bat
\Shell\open\Command - F:\spq.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{92e8477a-5cb5-11db-9385-001167000000}]
\Shell\AutoRun\command - H:\ntdelect.com
\Shell\explore\Command - H:\ntdelect.com
\Shell\open\Command - H:\ntdelect.com

*Newly Created Service* - PROCEXP90
.
- - - - USUNIĘTO PUSTE WPISY - - - -

HKLM-Run-kpx - C:\WINDOWS\system32\fastRX.dll
HKLM-Run-Base frag grid bows - C:\Documents and Settings\All Users\Dane aplikacji\Cast ping base frag\User slow.exe



**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-28 00:29:07
Windows 5.1.2600 Dodatek Service Pack 3 FAT NTAPI

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
Czas ukończenia: 2008-10-28 0:29:49
ComboFix-quarantined-files.txt 2008-10-27 23:29:46
ComboFix2.txt 2008-10-27 23:15:54

Przed: 2 523 070 464 bajtów wolnych
Po: 2,505,588,736 bajtów wolnych

254 --- E O F --- 2008-10-15 18:34:07

[Adf]

spoko, jeszcze raz hijackthisa pokaz i pelny log combofixa...

przeskanuj ad-avare czy czyms podobnym... i bedziemy wiedziec na 100%

[wierzynek]

Logfile of HijackThis v1.99.1
Scan saved at 15:23:25, on 2008-10-28
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\LifeView DTV\RemoteControl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\NCLAUNCH.EXe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\WINDOWS\system32\igfxext.exe
C:\DOCUME~1\WAWRZY~1\USTAWI~1\Temp\RtkBtMnt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Wawrzynki\Pulpit\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll (file missing)
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [DTVRemote] "C:\Program Files\LifeView DTV\RemoteControl.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [bend logo clock film] C:\Documents and Settings\All Users\Dane aplikacji\Frag great bend logo\active dale.exe
O4 - HKLM\..\Run: [OBSWATCH] C:\PROGRA~1\ORANGEBS\Watch.exe
O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
O4 - HKCU\..\Run: [kamsoft] C:\WINDOWS\system32\ckvo.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O8 - Extra context menu item: Wyślij do urządzenia &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {5A09E43F-A0A7-4ABF-AF80-11367CF1DC8F} (MainControl Class) - http://mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.c...b?1169753946359
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macrom...ash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: DirectX Service (Pejud) - Unknown owner - C:\WINDOWS\system32\directx.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: USBest Service Zero (UTSCSI) - Unknown owner - C:\WINDOWS\system32\UTSCSI.EXE

[Asdef]

zaczynamy

FIX w hijackthis


R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll (file missing)

O4 - HKLM\..\Run: [bend logo clock film] C:\Documents and Settings\All Users\Dane aplikacji\Frag great bend logo\active dale.exe

O4 - HKCU\..\Run: [kamsoft] C:\WINDOWS\system32\ckvo.exe

O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html

O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)

O23 - Service: DirectX Service (Pejud) - Unknown owner - C:\WINDOWS\system32\directx.exe (file missing)

..............................
w notatniku

Kod:

Folder:: C:\Program Files\AskSBar C:\Documents and Settings\All Users\Dane aplikacji\Frag great bend logo C:\WINDOWS\system32\ckvo.exe

zapisz jako CFScript.txt (zapisz by ikonka CFScript.txt była obok ikonki ComboFix.exe) >> Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe
http://img.wklej.org/imag...yMiekiemoes.gif
Powinno rozpocząć się usuwanie
Potem log z usuwania Combofix

skasuj folder C:\Qoobox i zresetuj stan przywracania systemu przez chwilowe jego wyłączenie.

PS// chyba masz zakwaszczonego pendriva, dobrze go sprawdzic!
jak zabezpieczyć się? prosze
http://www.searchengines....id=476016&st=0&

[wierzynek]

ComboFix 08-10-27.02 - Wawrzynki 2008-10-30 19:34:06.2 - FAT32x86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.3.1250.1.1045.18.1260 [GMT 1:00]
Uruchomiony z: C:\Documents and Settings\Wawrzynki\Pulpit\ComboFix.exe
Użyto następujących komend :: C:\Documents and Settings\Wawrzynki\Pulpit\CFScript.txt

UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA
.

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf
C:\DOCUME~1\WAWRZY~1\USTAWI~1\Temp\svchost.exe
C:\Documents and Settings\All Users\Dane aplikacji\Frag great bend logo
C:\e.exe
C:\Program Files\AskSBar
C:\Program Files\AskSBar\bar\1.bin\A2FFXTBR.JAR
C:\Program Files\AskSBar\bar\1.bin\A2FFXTBR.MANIFEST
C:\Program Files\AskSBar\bar\1.bin\A2HIGHIN.EXE
C:\Program Files\AskSBar\bar\1.bin\A2NTSTBR.JAR
C:\Program Files\AskSBar\bar\1.bin\A2NTSTBR.MANIFEST
C:\Program Files\AskSBar\bar\1.bin\A2PLUGIN.DLL
C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
C:\Program Files\AskSBar\bar\1.bin\NPASKSBR.DLL
C:\Program Files\AskSBar\bar\1.bin\V2RSSMNU.DLL
C:\Program Files\AskSBar\bar\Cache\0026017E
C:\Program Files\AskSBar\bar\Cache\00260C8A
C:\Program Files\AskSBar\bar\Cache\00260F39.bin
C:\Program Files\AskSBar\bar\Cache\00261256.bin
C:\Program Files\AskSBar\bar\Cache\00261506.bin
C:\Program Files\AskSBar\bar\Cache\003675E5
C:\Program Files\AskSBar\bar\Cache\003DFFC3
C:\Program Files\AskSBar\bar\Cache\00F52284
C:\Program Files\AskSBar\bar\Cache\files.ini
C:\Program Files\AskSBar\bar\History\search2
C:\Program Files\AskSBar\bar\Settings\prevcfg2.htm
C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
C:\WINDOWS\system32\ckvo.exe
C:\WINDOWS\system32\ckvo1.dll
C:\WINDOWS\system32\kavo.exe
C:\WINDOWS\system32\kavo0.dll
C:\WINDOWS\system32\kavo1.dll
C:\WINDOWS\system32\tavo.exe
C:\WINDOWS\system32\tavo0.dll
C:\xih9.cmd
D:\Autorun.inf
D:\xih9.cmd

.
((((((((((((((((((((((((( Pliki utworzone od 2008-09-28 do 2008-10-30 )))))))))))))))))))))))))))))))
.

2008-10-30 14:48 . 2008-10-30 14:48 112,420 -r-hs---- C:\2go30q.com
2008-10-29 22:22 . 2008-10-29 22:22 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-10-29 22:22 . 2008-10-29 22:22 1,409 --a------ C:\WINDOWS\QTFont.for
2008-10-28 16:29 . 2008-10-28 16:29 <DIR> d-------- C:\Program Files\Lavasoft
2008-10-28 16:29 . 2008-10-28 16:29 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Lavasoft
2008-10-27 17:43 . 2008-10-27 17:43 438 --a------ C:\WINDOWS\OLIGO.INI
2008-10-22 08:44 . 2008-10-22 16:08 104,123 -r-hs---- C:\xlk9.com
2008-10-17 19:12 . 2008-10-21 22:49 103,973 -r-hs---- C:\2fiji.com
2008-10-17 13:19 . 2008-10-17 13:19 579,072 --a------ C:\WINDOWS\system32\dllcache\user32.dll
2008-10-17 13:16 . 2008-10-17 13:16 <DIR> d-------- C:\WINDOWS\ERUNT
2008-10-17 13:13 . 2008-10-16 12:17 <DIR> d-------- C:\SDFix
2008-10-15 16:47 . 2008-10-16 22:02 111,590 -r-hs---- C:\gx.com
2008-10-15 16:47 . 2008-10-15 16:38 102,278 -r-hs---- C:\pnt.com
2008-10-14 14:23 . 2008-10-14 14:23 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Bluetooth Software
2008-10-09 18:55 . 2008-10-10 17:07 101,500 -r-hs---- C:\08dgu.com
2008-10-09 17:56 . 2008-10-09 17:56 <DIR> d-------- C:\WINDOWS\system32\pl
2008-10-09 17:56 . 2008-10-09 17:56 <DIR> d-------- C:\WINDOWS\system32\bits
2008-10-09 17:56 . 2008-10-09 17:56 <DIR> d-------- C:\WINDOWS\l2schemas
2008-10-09 17:55 . 2008-10-09 17:55 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-10-09 17:50 . 2008-10-09 17:50 <DIR> d-------- C:\WINDOWS\EHome
2008-10-07 02:43 . 2008-10-09 12:00 1,079,908 --a------ C:\WINDOWS\setupapi.log.16.old
2008-10-05 13:11 . 2008-10-05 13:11 119,960 -r-hs---- C:\o6pq1n8.com
2008-09-29 10:28 . 2008-09-29 10:28 100,108 -r-hs---- C:\nfdmg.com
2008-09-16 09:10 . 2008-10-06 22:10 4,118,702 --a------ C:\WINDOWS\setupapi.log.15.old
2008-09-16 09:07 . 2004-08-03 22:29 104,960 --------- C:\WINDOWS\system32\drivers\atinrvxx.sys
2008-09-16 09:07 . 2004-08-03 22:29 36,463 --------- C:\WINDOWS\system32\drivers\ati1tuxx.sys
2008-09-16 09:07 . 2004-08-03 22:41 13,240 --------- C:\WINDOWS\system32\drivers\slwdmsup.sys
2008-09-16 09:07 . 2004-08-03 22:29 11,935 --------- C:\WINDOWS\system32\drivers\wadv11nt.sys
2008-09-10 15:39 . 2008-09-11 03:27 96,047 -r-hs---- C:\39lpji.com
2008-09-05 06:53 . 2008-09-11 03:12 115,992 -r-hs---- C:\iwjj.com
2008-09-02 08:01 . 2008-09-02 08:01 109,992 -r-hs---- C:\rjx0.exe

.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-29 09:04 89,828 --sh--r C:\ph.com
2008-08-27 08:25 109,020 --sh--r C:\dpu1.exe
2008-07-18 21:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2008-07-18 21:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 21:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 21:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2008-07-18 21:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 21:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 21:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
2008-07-18 21:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 21:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2008-07-18 21:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 21:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2008-07-18 21:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 21:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2008-07-18 21:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 21:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
2008-07-18 21:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 21:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-07 21:33 253,952 ------w C:\WINDOWS\system32\es.dll
2008-07-07 21:29 253,952 ------w C:\WINDOWS\system32\SET11A8.tmp
2008-07-07 21:29 253,952 ------w C:\WINDOWS\system32\dllcache\es.dll
2007-03-05 22:18 81,920 ----a-w C:\Documents and Settings\Wawrzynki\Dane aplikacji\ezpinst.exe
2007-03-05 22:18 47,360 ----a-w C:\Documents and Settings\Wawrzynki\Dane aplikacji\pcouffin.sys
2004-08-11 21:32 2,051,072 ----a-w C:\Program Files\SWFDecompiler.exe
.

------- Sigcheck -------

2007-03-08 17:38 579072 a37a4637f84f8dd771274eaf8d17fa65 C:\WINDOWS\system32\user32.dll
2008-10-17 13:19 579072 a37a4637f84f8dd771274eaf8d17fa65 C:\WINDOWS\system32\dllcache\user32.dll
2005-03-02 20:21 578560 6a93565be9b8422eb7538c66ac732d76 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
2007-03-08 17:51 579584 11abdecc02efc1d2b6a6a0fa46c26594 C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
2005-03-02 20:18 578560 b7eeb1a1af740306049241ddf61f21ff C:\WINDOWS\$NtUninstallKB925902$\user32.dll
2004-08-04 20:00 578560 0c81764f50f32d376e6e4b9e9f4b01a0 C:\WINDOWS\$NtUninstallKB890859$\user32.dll
2007-03-08 17:38 579072 a37a4637f84f8dd771274eaf8d17fa65 C:\WINDOWS\$NtServicePackUninstall$\user32.dll
2008-04-14 19:20 580096 a435c5c069afd901751ac323ad238793 C:\WINDOWS\ServicePackFiles\i386\user32.dll

2007-06-13 15:23 1034752 029a562e81bbee088c61d418bf408f44 C:\WINDOWS\explorer.exe
2005-11-19 08:06 64000 a5ab1d2c9e15d956a8ba22a81a1eab6c C:\WINDOWS\Downloaded Program Files\explorer.exe
2007-06-13 15:12 1034752 8db0650b211425b9cdb7d1c4a8f6b482 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2004-08-04 20:00 1033728 379098a96e6c165b659de7e4328010ea C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2007-06-13 15:23 1034752 029a562e81bbee088c61d418bf408f44 C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
2008-04-14 19:21 1035264 c791ed9eac5e76d9525e157b1d7a599a C:\WINDOWS\ServicePackFiles\i386\explorer.exe

2005-06-11 01:53 57856 da81ec57acd4cdc3d4c51cf3d409af9f C:\WINDOWS\system32\spoolsv.exe
2005-06-11 02:17 57856 ad3d9d191aea7b5445fe1d82ffbb4788 C:\WINDOWS\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
2004-08-04 20:00 57856 bebe8a85954ff460374fd5a0cd21e19b C:\WINDOWS\$NtUninstallKB896423$\spoolsv.exe
2005-06-11 01:53 57856 da81ec57acd4cdc3d4c51cf3d409af9f C:\WINDOWS\$NtServicePackUninstall$\spoolsv.exe
2008-04-14 19:21 57856 dd69ec597ab942c39b950d9c3ce1375d C:\WINDOWS\ServicePackFiles\i386\spoolsv.exe
.
((((((((((((((((((((((((((((( snapshot@2008-10-28_ 0.29.27,42 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-10-27 23:23:54 73,158 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-10-30 18:31:06 72,824 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-10-27 23:23:54 91,366 ----a-w C:\WINDOWS\system32\perfc015.dat
+ 2008-10-30 18:31:06 90,948 ----a-w C:\WINDOWS\system32\perfc015.dat
- 2008-10-27 23:23:54 446,204 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-10-30 18:31:06 445,870 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2008-10-27 23:23:54 505,776 ----a-w C:\WINDOWS\system32\perfh015.dat
+ 2008-10-30 18:31:06 505,194 ----a-w C:\WINDOWS\system32\perfh015.dat
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\RXOverlay]
@="{921D05D3-1298-40CC-856C-910F8C16E1D9}"
[HKEY_CLASSES_ROOT\CLSID\{921D05D3-1298-40CC-856C-910F8C16E1D9}]
C:\WINDOWS\system32\fastRX.dll [BU]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-06 68856]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2005-02-10 1937408]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-05-10 2111176]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-06-20 1207080]
"NCLaunch"="C:\WINDOWS\NCLAUNCH.EXe" [2007-12-02 40960]
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-02-28 2321600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2005-12-21 53248]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-11-28 98304]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-11-28 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-11-28 118784]
"LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2006-07-20 593920]
"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\Monitor.exe" [2006-01-24 397312]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-05 282624]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2004-03-11 406016]
"DTVRemote"="C:\Program Files\LifeView DTV\RemoteControl.exe" [2005-12-06 53248]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"OBSWATCH"="C:\PROGRA~1\ORANGEBS\Watch.exe" [2005-04-21 20480]
"NSLauncher"="C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe" [2007-11-06 3096576]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-27 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 C:\WINDOWS\SkyTel.exe]
"CorelDRAW Graphics Suite 11b"="" [BU]
"AASecuUFD"="" [BU]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 443968]
"kava"="C:\WINDOWS\system32\kavo.exe" [BU]
"kamsoft"="C:\WINDOWS\system32\ckvo.exe" [BU]
"tava"="C:\WINDOWS\system32\tavo.exe" [BU]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-02-27 561213]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{C5F43BEF-CE2F-46D8-AFE6-A647BACD1F09}"= "C:\WINDOWS\system32\Bitkv0.dll" [2007-06-13 69632]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= Pvmjpg30.dll
"VIDC.PIM1"= pclepim1.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Gadu-Gadu\\gg.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\System32\\fxsclnt.exe"=
"C:\\Program Files\\NAPI-PROJEKT\\napisy.exe"=
"C:\\WINDOWS\\Downloaded Program Files\\explorer.exe"=
"C:\\Program Files\\SopCast\\SopCast.exe"=
"C:\\Program Files\\totalcmd\\TOTALCMD.EXE"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"C:\\WINDOWS\\System32\\igfxsrvc.exe"=
"C:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"C:\\WINDOWS\\System32\\dpvsetup.exe"=
"C:\\WINDOWS\\System32\\mmc.exe"=
"C:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"C:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 AFPAnsi;G-DATA Ukrywacz Ansi;C:\WINDOWS\system32\Drivers\AFPAnsi.sys [2002-10-09 43904]
S0 FO_PAnt;FotoOffice VirtualDisc Driver;C:\WINDOWS\system32\Drivers\FO_PAnt.sys [ ]
S2 int15.sys;int15.sys;X:\int15.sys [ ]
S2 Kmm4xNT;Kmm4xNT;C:\WINDOWS\system32\drivers\Kmm4xNT.sys [2002-04-26 95484]
S2 Pejud;DirectX Service;C:\WINDOWS\system32\directx.exe [ ]
S3 GTF32BUS;GT F32 BUS;C:\WINDOWS\system32\DRIVERS\gtf32bus.sys [2005-09-01 32000]
S3 GTPTSER;GT PT SER;C:\WINDOWS\system32\DRIVERS\gtptser.sys [2005-09-01 7936]
S3 GTSCSER;GT SC SER;C:\WINDOWS\system32\DRIVERS\gtscser.sys [2005-08-29 18944]
S3 LVHybrid;LVHybrid service;C:\WINDOWS\system32\DRIVERS\LVHybrid.sys [2007-09-04 660992]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;C:\WINDOWS\system32\drivers\nmwcdnsu.sys [2008-02-01 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;C:\WINDOWS\system32\drivers\nmwcdnsuc.sys [2008-02-01 8320]
S3 usbscan;Sterownik skanera USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
\Shell\AutoRun\command - J:\cfv90h.com
\Shell\explore\Command - J:\cfv90h.com
\Shell\open\Command - J:\cfv90h.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\O]
\Shell\AutoRun\command - O:\ntdelect.com
\Shell\explore\Command - O:\ntdelect.com
\Shell\open\Command - O:\ntdelect.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\P]
\Shell\AutoRun\command - P:\ntdelect.com
\Shell\explore\Command - P:\ntdelect.com
\Shell\open\Command - P:\ntdelect.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\X]
\Shell\AutoRun\command - X:\8uot.exe
\Shell\explore\Command - X:\8uot.exe
\Shell\open\Command - X:\8uot.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\Y]
\Shell\AutoRun\command - Y:\8uot.exe
\Shell\explore\Command - Y:\8uot.exe
\Shell\open\Command - Y:\8uot.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\Z]
\Shell\AutoRun\command - Z:\8uot.exe
\Shell\explore\Command - Z:\8uot.exe
\Shell\open\Command - Z:\8uot.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{00867fe6-db36-11dc-966b-001167000000}]
\Shell\AutoRun\command - U:\cubp.bat
\Shell\explore\Command - U:\cubp.bat
\Shell\open\Command - U:\cubp.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{06711b76-906a-11dc-95fe-001167000000}]
\Shell\AutoRun\command - G:\ntdelect.com
\Shell\explore\Command - G:\ntdelect.com
\Shell\open\Command - G:\ntdelect.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{161f73ea-58aa-11db-9377-0016d41c4a89}]
\Shell\AutoRun\command - F:\n6j.com
\Shell\explore\Command - F:\n6j.com
\Shell\open\Command - F:\n6j.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2bf6b330-c70a-11db-949e-001167000000}]
\Shell\AutoRun\command - G:\o2yf0w.bat
\Shell\explore\Command - G:\o2yf0w.bat
\Shell\open\Command - G:\o2yf0w.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{48c10276-ea5b-11db-9501-001167000000}]
\Shell\AutoRun\command - F:\30ed3.exe
\Shell\explore\Command - F:\30ed3.exe
\Shell\open\Command - F:\30ed3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5a40f1de-e15c-11dc-9672-001167000000}]
\Shell\AutoRun\command - Q:\2go30q.com
\Shell\explore\Command - Q:\2go30q.com
\Shell\open\Command - Q:\2go30q.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5a40f1e0-e15c-11dc-9672-001167000000}]
\Shell\AutoRun\command - I:\2go30q.com
\Shell\explore\Command - I:\2go30q.com
\Shell\open\Command - I:\2go30q.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{60c06fb1-8bb1-11dc-95f0-001167000000}]
\Shell\AutoRun\command - G:\ntdelect.com
\Shell\explore\Command - G:\ntdelect.com
\Shell\open\Command - G:\ntdelect.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6f4c5d54-f8e3-11dc-969b-001167000000}]
\Shell\AutoRun\command - F:\spq.bat
\Shell\explore\Command - F:\spq.bat
\Shell\open\Command - F:\spq.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{92e8477a-5cb5-11db-9385-001167000000}]
\Shell\AutoRun\command - H:\ntdelect.com
\Shell\explore\Command - H:\ntdelect.com
\Shell\open\Command - H:\ntdelect.com

*Newly Created Service* - MDMXSDK
.
- - - - USUNIĘTO PUSTE WPISY - - - -

BHO-{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL



**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-30 19:37:07
Windows 5.1.2600 Dodatek Service Pack 3 FAT NTAPI

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone
ukryte pliki:

**************************************************************************
.
Czas ukończenia: 2008-10-30 19:37:57
ComboFix-quarantined-files.txt 2008-10-30 18:37:54
ComboFix3.txt 2008-10-27 23:15:54
ComboFix2.txt 2008-10-27 23:29:52

Przed: 4 242 997 248 bajtów wolnych
Po: 4,384,653,312 bajtów wolnych

323 --- E O F --- 2008-10-15 18:34:07

[wierzynek]

mam jeszcze jeden problem. ikonki przypisane do skrutów, czy plików danego programu czasem się wyświetlają a czasem nie. dodam, że jak się niewyświetlają i się kliknie to otwiera się wszystko tak jak powinno.

[adf]

co musialo sie namieszac w rejestrze...
przeleć tym
http://www.idg.pl/ftp/pobierz/pc/18185.html

nie pokazales hijack-sa - sorry ze tak truje

[wierzynek]

Logfile of HijackThis v1.99.1
Scan saved at 19:39:48, on 2008-10-31
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\LifeView DTV\RemoteControl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\NCLAUNCH.EXe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\system32\igfxext.exe
C:\DOCUME~1\WAWRZY~1\USTAWI~1\Temp\RtkBtMnt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Documents and Settings\Wawrzynki\Pulpit\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL (file missing)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll (file missing)
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [DTVRemote] "C:\Program Files\LifeView DTV\RemoteControl.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [bend logo clock film] C:\Documents and Settings\All Users\Dane aplikacji\Frag great bend logo\active dale.exe
O4 - HKLM\..\Run: [OBSWATCH] C:\PROGRA~1\ORANGEBS\Watch.exe
O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
O4 - HKLM\..\Run: [WindowsServicesStartup] C:\DOCUME~1\WAWRZY~1\USTAWI~1\Temp\svchost.exe 1
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
O4 - HKCU\..\Run: [kamsoft] C:\WINDOWS\system32\ckvo.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [kava] C:\WINDOWS\system32\kavo.exe
O4 - HKCU\..\Run: [tava] C:\WINDOWS\system32\tavo.exe
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O8 - Extra context menu item: Wyślij do urządzenia &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware....s/as2stubie.cab
O16 - DPF: {5A09E43F-A0A7-4ABF-AF80-11367CF1DC8F} (MainControl Class) - http://mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.c...b?1169753946359
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macrom...ash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: DirectX Service (Pejud) - Unknown owner - C:\WINDOWS\system32\directx.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PsExec (PSEXESVC) - Unknown owner - C:\WINDOWS\PSEXESVC.EXE (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: USBest Service Zero (UTSCSI) - Unknown owner - C:\WINDOWS\system32\UTSCSI.EXE

[Asdef]

Użyj tego
http://www.spywareedge.net/nolop/NoLop.exe
tego
http://home.hetnet.nl/~stefsmeenk/deljob.exe
i tego
http://metallica.geekstogo.com/findlop.zip