hijackthis :
- Kod: Zaznacz wszystko
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:48:50, on 2008-10-06
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
E:\AD AWARE\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\NEOSTR~1\CnxMon.exe
E:\kasperski\kis2009\avp.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\NEOSTR~1\taskbaricon.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
E:\Bluetooth\bin\btwdins.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\VM303_STI.EXE
C:\Program Files\Lexmark 6200 Series\lxbumon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Common Files\Onet.pl\AutoUpdate.exe
C:\WINDOWS\System32\svchost.exe
E:\kasperski\kis2009\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
E:\kalkulatory\AllerCalc\AllerCalc.exe
E:\automapappc\WCESCOMM.EXE
E:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
E:\Bluetooth\BTTray.exe
C:\WINDOWS\system32\wscntfy.exe
E:\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\System32\lxbucoms.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\WINDOWS\explorer.exe
E:\opera\opera.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\Program Files\Neostrada TP\NeostradaTP.exe
C:\Program Files\Neostrada TP\ComComp.exe
C:\Program Files\Neostrada TP\Watch.exe
E:\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\reader\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - E:\kasperski\kis2009\ievkbd.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\pl-pl\msntb.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\taskbaricon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Odkurzacz-MCD] E:\Odkurzacz Pro 10.0\Odkurzacz 10.1 Pro\odk_mcd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [lxbumon.exe] "C:\Program Files\Lexmark 6200 Series\lxbumon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 6200 Series\ezprint.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Onet.pl AutoUpdate] C:\Program Files\Common Files\Onet.pl\AutoUpdate.exe /tsr
O4 - HKLM\..\Run: [el] regsvr32.exe /u /s "C:\WINDOWS\System32\el32.dll"
O4 - HKLM\..\Run: [LXBUCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBUtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [AVP] "E:\kasperski\kis2009\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AllerCalc] "E:\kalkulatory\AllerCalc\AllerCalc.exe" /i
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "E:\automapappc\WCESCOMM.EXE"
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "E:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Dodaj do listy blokowanych banerów - E:\kasperski\kis2009\ie_banner_deny.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Statystyki ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - E:\kasperski\kis2009\SCIEPlgn.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - e:\automapappc\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - e:\automapappc\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - e:\automapappc\INETREPL.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\Bluetooth\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virusscanner/kavwebscan_unicode.cab
O16 - DPF: {5A09E43F-A0A7-4ABF-AF80-11367CF1DC8F} (MainControl Class) - http://mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://E:\acad 2002\AcDcToday.ocx
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://E:\acad 2002\InstBanr.ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://E:\acad 2002\InstFred.ocx
O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://E:\acad 2002\AcPreview.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{38FE9614-E90B-4B07-ACA8-C8AD5EC959F1}: NameServer = 194.204.159.1 217.98.63.164
O17 - HKLM\System\CS2\Services\Tcpip\..\{38FE9614-E90B-4B07-ACA8-C8AD5EC959F1}: NameServer = 194.204.159.1 217.98.63.164
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - E:\AD AWARE\aawservice.exe
O23 - Service: Usługa bramy warstwy aplikacji ALGbtwdins (ALGbtwdins) - Unknown owner - .exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Kaspersky Internet Security (avp) - Kaspersky Lab - E:\kasperski\kis2009\avp.exe
O23 - Service: Usługa inteligentnego transferu w tle BITSNetDDE (BITSNetDDE) - Unknown owner - .exe (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - E:\Bluetooth\bin\btwdins.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: F-Secure BlackLight Sensor - Unknown owner - C:\WINDOWS\TEMP\F-Secure\Anti-Virus\fsblsrv.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxbu_device - Lexmark International, Inc. - C:\WINDOWS\System32\lxbucoms.exe
O23 - Service: mswmf32 - Unknown owner - C:\WINDOWS\mswmf32.exe (file missing)
O23 - Service: Rozpoznawanie lokalizacji w sieci (NLA) Nla PMSP Service (Nla PMSP Service) - Unknown owner - .exe (file missing)
O23 - Service: QoS RSVP RSVPSENS (RSVPSENS) - Unknown owner - .exe (file missing)
O23 - Service: MS Software Shadow Copy Provider SwPrvAppMgmt (SwPrvAppMgmt) - Unknown owner - .exe (file missing)
O23 - Service: MS Software Shadow Copy Provider SwPrvaspnet_state (SwPrvaspnet_state) - Unknown owner - .exe (file missing)
O23 - Service: Telefonia TapiSrvAVP (TapiSrvAVP) - Unknown owner - .exe (file missing)
O23 - Service: Windows User Mode Driver Framework (UMWdf) - Unknown owner - C:\WINDOWS\System32\wdfmgr.exe (file missing)
O23 - Service: WMDM PMSP Service - Unknown owner - C:\WINDOWS\System32\MsPMSPSv.exe (file missing)
O23 - Service: Portable Media Serial Number Service WmdmPmSNLightScribeService (WmdmPmSNLightScribeService) - Unknown owner - .exe (file missing)
O23 - Service: wxpdll32 - Unknown owner - C:\WINDOWS\wxpdll32.exe (file missing)
--
End of file - 11347 bytes
combofix :
- Kod: Zaznacz wszystko
ComboFix 08-10-01.06 - maciek 2008-10-06 15:55:07.6 - NTFSx86
Uruchomiony z: E:\ComboFix\ComboFix.exe
[color=red][b]UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !![/b][/color]
.
((((((((((((((((((((((((( Pliki utworzone od 2008-09-06 do 2008-10-06 )))))))))))))))))))))))))))))))
.
2008-10-05 13:34 . 2008-10-06 15:25 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-10-04 17:15 . 2008-10-04 17:16 <DIR> d-------- C:\!FixIEDef
2008-10-04 11:26 . 2004-08-04 00:44 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-10-04 11:20 . 2008-10-04 11:20 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-10-04 11:15 . 2005-02-25 05:36 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-10-04 11:15 . 2004-07-17 11:40 19,528 --a------ C:\WINDOWS\[u]0[/u]02373_.tmp
2008-10-04 11:10 . 2008-10-04 11:23 <DIR> d-------- C:\WINDOWS\EHome
2008-10-02 22:33 . 2008-10-06 15:31 8,961,824 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-10-02 22:33 . 2008-10-06 15:58 335,904 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-10-02 22:33 . 2008-10-06 15:31 124,520 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-10-02 22:33 . 2008-10-06 15:31 11,300 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-10-02 22:27 . 2008-10-02 22:54 96,976 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-10-02 22:27 . 2008-10-02 22:54 87,855 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-10-02 22:25 . 2008-10-02 22:25 81,465 --a------ C:\WINDOWS\system32\drivers\klif.cab
2008-10-02 22:15 . 2008-10-02 23:20 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files
2008-10-01 17:28 . 2008-10-01 17:28 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-10-01 17:28 . 2008-10-01 17:31 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Lavasoft
2008-09-29 19:38 . 2008-09-29 19:38 32 --a-s---- C:\WINDOWS\system32\3632126605.dat
2008-09-29 15:59 . 2008-09-29 17:46 0 --a------ C:\WINDOWS\system32\activeds(2)p.sys
2008-09-28 23:43 . 2008-10-02 23:18 <DIR> d-------- C:\Program Files\kijojfd
2008-09-28 23:43 . 2008-09-29 16:20 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\zynwlwxo
2008-09-28 15:34 . 2008-09-29 19:30 124,558,647 --ahs---- C:\WINDOWS\system32\actxprxyx.sys
2008-09-28 15:33 . 2008-09-29 16:03 356 --a-s---- C:\WINDOWS\system32\1990688381.dat
2008-09-09 21:26 . 2008-09-09 21:26 892,928 --a------ C:\WINDOWS\system32\iconv.dll
2008-09-09 21:26 . 2008-09-09 21:26 6,144 --ahs---- C:\WINDOWS\system32\access.ctl
2008-09-09 21:22 . 2008-09-09 21:22 634,880 --a------ C:\WINDOWS\system32\divxdec.ax
2008-09-09 21:21 . 2008-09-09 21:21 755,027 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-09-09 21:21 . 2008-09-09 21:21 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2008-09-09 20:18 . 2008-09-19 16:55 <DIR> d-------- C:\Program Files\NAPI-PROJEKT
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-06 13:53 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab
2008-10-06 13:30 --------- d-----w C:\Program Files\Neostrada TP
2008-10-05 18:51 --------- d-----w C:\Documents and Settings\maciek\Dane aplikacji\ZoomBrowser EX
2008-10-05 18:30 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\ZoomBrowser
2008-10-04 18:07 --------- d-----w C:\Program Files\Lx_cats
2008-10-04 12:41 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy
2008-10-04 09:41 --------- d-----w C:\Program Files\MSN Messenger
2008-10-04 08:21 --------- d-----w C:\Documents and Settings\maciek\Dane aplikacji\Skype
2008-10-04 06:07 --------- d-----w C:\Documents and Settings\maciek\Dane aplikacji\skypePM
2008-10-03 15:02 --------- d-----w C:\Program Files\SkanerOnline
2008-10-01 15:21 --------- d-----w C:\Documents and Settings\maciek\Dane aplikacji\Lavasoft
2008-09-11 18:29 3,126 ----a-w C:\WINDOWS\system32\tempimg.tmp
2008-09-04 16:10 --------- d-----w C:\Documents and Settings\maciek\Dane aplikacji\Nvu
2008-09-02 18:03 720,896 ----a-w C:\WINDOWS\iun6002.exe
2008-08-28 15:38 --------- d-----w C:\Documents and Settings\maciek\Dane aplikacji\JLC's Software
2008-08-13 14:14 --------- d-----w C:\Documents and Settings\maciek\Dane aplikacji\Czat
2008-07-29 18:21 218,376 ----a-w C:\WINDOWS\system32\klogon.dll
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2006-12-18 16:42 49,608 ----a-w C:\Documents and Settings\maciek\Dane aplikacji\GDIPFONTCACHEV1.DAT
2006-06-13 21:31 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2006-02-02 23:19 74 ----a-w C:\Documents and Settings\maciek\x.bat
2006-02-02 22:00 16,384 ----a-w C:\Documents and Settings\maciek\start.exe
.
((((((((((((((((((((((((((((( snapshot_2008-10-04_16.22.51.73 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-07-18 20:10:48 94,920 -c--a-w C:\WINDOWS\system32\dllcache\cdm.dll
+ 2008-07-18 20:09:44 563,912 -c--a-w C:\WINDOWS\system32\dllcache\wuapi.dll
+ 2008-07-18 20:10:42 53,448 -c--a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
+ 2008-07-18 20:09:42 1,811,656 -c--a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
+ 2008-07-18 20:09:46 325,832 -c--a-w C:\WINDOWS\system32\dllcache\wucltui.dll
+ 2008-07-18 20:10:20 36,552 -c--a-w C:\WINDOWS\system32\dllcache\wups.dll
+ 2008-07-18 20:09:44 205,000 -c--a-w C:\WINDOWS\system32\dllcache\wuweb.dll
+ 2008-07-18 20:10:20 36,552 ----a-w C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.784\wups.dll
- 2004-07-17 20:57:02 9,216 ------w C:\WINDOWS\system32\spmsg.dll
+ 2005-02-25 03:36:06 16,096 ------w C:\WINDOWS\system32\spmsg.dll
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2005-10-13 7086080]
"AllerCalc"="E:\kalkulatory\AllerCalc\AllerCalc.exe" [2000-08-23 560408]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 1667584]
"H/PC Connection Agent"="E:\automapappc\WCESCOMM.EXE" [2003-09-01 376912]
"PopUpStopperFreeEdition"="E:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe" [2005-03-17 536576]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WooCnxMon"="C:\PROGRA~1\NEOSTR~1\CnxMon.exe" [2003-10-16 24576]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 866816]
"WOOWATCH"="C:\PROGRA~1\NEOSTR~1\Watch.exe" [2003-10-16 20480]
"WOOTASKBARICON"="C:\PROGRA~1\NEOSTR~1\taskbaricon.exe" [2003-10-16 53248]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 36975]
"Odkurzacz-MCD"="E:\Odkurzacz Pro 10.0\Odkurzacz 10.1 Pro\odk_mcd.exe" [2005-12-28 245248]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-06-13 180269]
"BigDog303"="C:\WINDOWS\VM303_STI.EXE" [2005-10-25 61440]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2004-11-22 299008]
"lxbumon.exe"="C:\Program Files\Lexmark 6200 Series\lxbumon.exe" [2005-01-18 196608]
"EzPrint"="C:\Program Files\Lexmark 6200 Series\ezprint.exe" [2004-09-17 61440]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-11-24 487424]
"Onet.pl AutoUpdate"="C:\Program Files\Common Files\Onet.pl\AutoUpdate.exe" [2005-07-27 260096]
"el"="C:\WINDOWS\System32\el32.dll" [2008-03-04 38912]
"LXBUCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBUtime.dll" [2004-11-02 69632]
"AVP"="E:\kasperski\kis2009\avp.exe" [2008-07-29 206088]
"SoundMan"="SOUNDMAN.EXE" [2005-05-17 C:\WINDOWS\SOUNDMAN.EXE]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Ackom"="C:\Program Files\??sks\d?xplore.exe" [?]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 15360]
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
BTTray.lnk - E:\Bluetooth\BTTray.exe [2005-10-09 610365]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"SENTINEL"= snti386.dll
"MSACM.CEGSM"= mobilev.acm
"vidc.sccd"= E:\SOFTCAM\Driver\SCCodec.dll
"MSVideo7"= E:\SOFTCAM\Driver\SCVid32.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winfl16.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wingn05.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winnt52.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"firewalldisableoverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"E:\\AutoMapaPPC\\WCESCOMM.EXE"=
.
.
------- Skan uzupełniający -------
.
R0 -: HKCU-Main,Start Page = about:blank
O8 -: E:\Bluetooth\btsendto_ie_ctx.htm
O8 -: &Google Search - c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 -: &Translate English Word - c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 -: Backward Links - c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 -: Cached Snapshot of Page - c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 -: Dodaj do listy blokowanych banerów - E:\kasperski\kis2009\ie_banner_deny.htm
O8 -: E&ksport do programu Microsoft Excel - C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 -: Similar Pages - c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 -: Translate Page into English - c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O18 -: Handler: mctp - {d7b95390-b1c5-11d0-b111-0080c712fe82} - e:\AutoMapaPPC\AATP.DLL
O18 -: WinCE Filter: image/bmp - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - e:\AutoMapaPPC\CENETFLT.DLL
O18 -: WinCE Filter: image/gif - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - e:\AutoMapaPPC\CENETFLT.DLL
O18 -: WinCE Filter: image/jpeg - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - e:\AutoMapaPPC\CENETFLT.DLL
O18 -: WinCE Filter: image/xbm - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - e:\AutoMapaPPC\CENETFLT.DLL
O18 -: WinCE Filter: text/asp - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - e:\AutoMapaPPC\CENETFLT.DLL
O18 -: WinCE Filter: text/html - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - e:\AutoMapaPPC\CENETFLT.DLL
O16 -: DirectAnimation Java Classes - file://C:\WINDOWS\Java\classes\dajava.cab
C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd
O16 -: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab
C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd
O16 -: {5A09E43F-A0A7-4ABF-AF80-11367CF1DC8F} - hxxp://mks.com.pl/skaner/SkanerOnline.cab
C:\WINDOWS\Downloaded Program Files\SkanerOnline.inf
C:\WINDOWS\System32\SkanerOnlineUninstall.exe
C:\WINDOWS\System32\SkanerOnline.dll
O16 -: {68282C51-9459-467B-95BF-3C0E89627E55} - hxxp://www.mks.com.pl/skaner/SkanerOnline.cab
C:\WINDOWS\Downloaded Program Files\SkanerOnline.inf
C:\WINDOWS\System32\SkanerOnlineUninstall.exe
C:\WINDOWS\System32\SkanerOnline.dll
O16 -: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} - hxxp://www.mks.com.pl/skaner/SkanerOnline.cab
C:\WINDOWS\Downloaded Program Files\SkanerOnline.inf
C:\WINDOWS\System32\SkanerOnlineUninstall.exe
C:\WINDOWS\System32\SkanerOnline.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-06 16:00:00
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
skanowanie ukrytych procesów ...
skanowanie ukrytych wpisów autostartu ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
BigDog303 = C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)????????????????0?????????@??????????????
skanowanie ukrytych plików ...
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\ALGbtwdins]
"ImagePath"=" ű\[u]0[/u]6 srv"
[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\BITSNetDDE]
"ImagePath"=" ű\[u]0[/u]6 srv"
[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Nla PMSP Service]
"ImagePath"=" ű\[u]0[/u]6 srv"
[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\RSVPSENS]
"ImagePath"=" ű\[u]0[/u]6 srv"
[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\SwPrvAppMgmt]
"ImagePath"=" ű\[u]0[/u]6 srv"
[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\SwPrvaspnet_state]
"ImagePath"=" ű\[u]0[/u]6 srv"
[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\TapiSrvAVP]
"ImagePath"=" ű\[u]0[/u]6 srv"
[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\WmdmPmSNLightScribeService]
"ImagePath"=" ű\[u]0[/u]6 srv"
.
Czas ukończenia: 2008-10-06 16:02:04
ComboFix-quarantined-files.txt 2008-10-06 14:01:42
ComboFix2.txt 2008-10-04 14:23:49
ComboFix3.txt 2008-10-03 17:51:35
ComboFix4.txt 2008-10-02 21:43:55
ComboFix5.txt 2008-10-06 13:54:49
Przed: 13˙633˙277˙952 bajt˘w wolnych
Po: 13,621,592,064 bajt˘w wolnych
214 --- E O F --- 2008-10-05 11:34:41
P.S.
1. wykonałem optymalizację windowsa
2. zastosowałem atf cleaner
3. wł/wył przywracanie systemu
4. zastosowałem FixIEDef
nie znam, nawet nie wiedziałem że taki jest 
