auto na dysku pisze

**Posty:** 35 · przez **spiacy** 10 Gru 2007, 08:30

witam mam problem jak bore prawym przyciskiem to mam jakies auto
a pod tym wyszukaj i otworz

Dlaczego takie cos mam ?
I nie moge jednej gry tera odtworzyc nie wiem jaka ot przyczyna ?
a i na kazdym dysku tak mam

**Posty:** 18165 · przez **wojtas** 10 Gru 2007, 17:45

Wykonaj to co jest podane w tym temacie

Zastosuj SDFix . Po pobraniu uruchom go a rozpakuje się do C:\SDFix. Uruchom komputer w trybie awaryjnym (F8 przy stracie systemu). Będąc w awaryjnym uruchom plik RunThis.bat z folderu SDFixa. Zatwierdź czyszczenie przez Y. Poczekaj aż ukończy i komputer zresetuje

Potem wejdz do folderu SDFix wrzuc zawartość pliku Report.txt + log z combofixa oraz z hijack this :

http://forum.programosy.pl/hijackthis-amp-silent-runners-gtobsuga-i-umieszczanie-vt9452.html

Autor postu otrzymał pochwałę

**Posty:** 35 · przez **spiacy** 10 Gru 2007, 20:21

[ Dodano: Dzisiaj o 19:51 ]
SDFIX

Kod: Zaznacz wszystko: SDFix: Version 1.117 Run by fdffd on 2007-12-10 at 19:34 Microsoft Windows XP [Wersja 5.1.2600] Running From: C:\SDFix Safe Mode: Checking Services: Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting... Normal Mode: Checking Files: Trojan Files Found: C:\WINDOWS\system32\explorer.exe - Deleted Removing Temp Files... ADS Check: C:\WINDOWS No streams found. C:\WINDOWS\system32 No streams found. C:\WINDOWS\system32\svchost.exe No streams found. C:\WINDOWS\system32\ntoskrnl.exe No streams found. Final Check: catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-10 19:37:40 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg] "s1"=dword:2df9c43f "s2"=dword:110480d0 "h0"=dword:00000003 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04] "h0"=dword:00000002 "ujdew"=hex:0c,a5,77,1d,f2,88,7c,fd,cb,40,9e,35,7b,64,c0,c1,b7,39,e3,77,b4,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC] "h0"=dword:00000001 "hdf12"=hex:1a,83,b8,27,2e,f8,fb,a4,a9,db,ad,2d,af,55,04,8f,f0,1d,26,b2,4c,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "h0"=dword:00000000 "khjeh"=hex:78,d0,0a,73,49,7d,3a,52,39,3a,8f,eb,03,f8,7a,bf,6e,e9,ee,a5,0c,.. "p0"="C:\Program Files\DAEMON Tools\" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] "a0"=hex:20,01,00,00,f6,64,e6,38,1f,1a,20,5c,22,a6,0c,05,a6,59,29,1e,f8,.. "khjeh"=hex:ff,f6,76,77,64,7f,3f,a3,31,e3,ad,ca,32,81,aa,9a,17,90,89,33,31,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] "khjeh"=hex:bc,8a,5f,2a,e7,aa,e6,0a,60,5d,10,fb,af,59,12,79,66,34,d0,dd,12,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04] "h0"=dword:00000002 "ujdew"=hex:0c,a5,77,1d,f2,88,7c,fd,cb,40,9e,35,7b,64,c0,c1,b7,39,e3,77,b4,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC] "h0"=dword:00000001 "hdf12"=hex:1a,83,b8,27,2e,f8,fb,a4,a9,db,ad,2d,af,55,04,8f,f0,1d,26,b2,4c,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "h0"=dword:00000000 "khjeh"=hex:78,d0,0a,73,49,7d,3a,52,39,3a,8f,eb,03,f8,7a,bf,6e,e9,ee,a5,0c,.. "p0"="C:\Program Files\DAEMON Tools\" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] "a0"=hex:20,01,00,00,f6,64,e6,38,1f,1a,20,5c,22,a6,0c,05,a6,59,29,1e,f8,.. "khjeh"=hex:ff,f6,76,77,64,7f,3f,a3,31,e3,ad,ca,32,81,aa,9a,17,90,89,33,31,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] "khjeh"=hex:bc,8a,5f,2a,e7,aa,e6,0a,60,5d,10,fb,af,59,12,79,66,34,d0,dd,12,.. scanning hidden registry entries ... [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComputerDescriptions] "A\1U?K?A?S?Z?"="" scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services: ------------------ Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "E:\\Gry\\cs\\hl.exe"="E:\\Gry\\cs\\hl.exe:*:Enabled:Half-Life Launcher" "C:\\Program Files\\Gadu-Gadu\\gg.exe"="C:\\Program Files\\Gadu-Gadu\\gg.exe:*:Enabled:Gadu-Gadu - program glowny" "C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"="C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe:*:Enabled:BearShare" "E:\\Program Files\\Steam\\steamapps\\deamon323\\counter-strike\\hl.exe"="E:\\Program Files\\Steam\\steamapps\\deamon323\\counter-strike\\hl.exe:*:Enabled:Half-Life Launcher" "E:\\Gry\\cs\\hlds.exe"="E:\\Gry\\cs\\hlds.exe:*:Enabled:HLDS Launcher" "C:\\PacSteam\\SteamApps\\norbertmichaluk6\\counter-strike\\hl.exe"="C:\\PacSteam\\SteamApps\\norbertmichaluk6\\counter-strike\\hl.exe:*:Enabled:Half-Life Launcher" "C:\\PacSteam\\SteamApps\\norbertmichaluk6\\dedicated server\\hlds.exe"="C:\\PacSteam\\SteamApps\\norbertmichaluk6\\dedicated server\\hlds.exe:*:Enabled:HLDS Launcher" "C:\\Program Files\\mIRC\\mirc.exe"="C:\\Program Files\\mIRC\\mirc.exe:*:Enabled:mIRC" "C:\\Program Files\\BitTorrent_DNA\\dna.exe"="C:\\Program Files\\BitTorrent_DNA\\dna.exe:*:Enabled:DNA" "E:\\BitTorrent\\bittorrent.exe"="E:\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent" "C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule" "C:\\Program Files\\BearFlix\\bearflix.exe"="C:\\Program Files\\BearFlix\\bearflix.exe:*:Enabled:BearFlix" "E:\\GG\\Gadu-Gadu\\gg.exe"="E:\\GG\\Gadu-Gadu\\gg.exe:*:Enabled:Gadu-Gadu - program g˘wny" "E:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"="E:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe:*:Enabled:BearShare" "E:\\Ares\\Ares.exe"="E:\\Ares\\Ares.exe:*:Enabled:Ares p2p for windows" "C:\\Documents and Settings\\fdffd\\Pulpit\\DCPlusPlus.exe"="C:\\Documents and Settings\\fdffd\\Pulpit\\DCPlusPlus.exe:*:Enabled:DC++" "E:\\Kazaa Lite Rewolucja\\kazaalite.kpp"="E:\\Kazaa Lite Rewolucja\\kazaalite.kpp:*:Enabled:kazaalite" "E:\\Azureus\\Azureus.exe"="E:\\Azureus\\Azureus.exe:*:Enabled:Azureus" "E:\\Program Files\\Steam\\steamapps\\hubertbiegajlo\\counter-strike\\hl.exe"="E:\\Program Files\\Steam\\steamapps\\hubertbiegajlo\\counter-strike\\hl.exe:*:Enabled:Half-Life Launcher" "E:\\Program Files\\Steam\\Steam.exe"="E:\\Program Files\\Steam\\Steam.exe:*:Enabled:Steam" "E:\\Program Files\\Steam\\steamapps\\hubertbiegajlo\\condition zero deleted scenes\\hl.exe"="E:\\Program Files\\Steam\\steamapps\\hubertbiegajlo\\condition zero deleted scenes\\hl.exe:*:Enabled:Half-Life Launcher" "E:\\eMule\\emule.exe"="E:\\eMule\\emule.exe:*:Enabled:eMule" "D:\\NFSU\\Speed.exe"="D:\\NFSU\\Speed.exe:*:Enabled:Speed" "D:\\Program Files\\EA GAMES\\Need for Speed Most Wanted\\speed.exe"="D:\\Program Files\\EA GAMES\\Need for Speed Most Wanted\\speed.exe:*:Enabled:speed" "D:\\Program Files\\NovaLogic\\Delta Force Xtreme\\dfx.exe"="D:\\Program Files\\NovaLogic\\Delta Force Xtreme\\dfx.exe:*:Enabled:dfx" "C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype. Take a deep breath " [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] Remaining Files: --------------- File Backups: - C:\SDFix\backups\backups.zip Files with Hidden Attributes: Sun 9 Dec 2007 49,152 ..SH. --- "C:\fun.xls.exe" Tue 9 Oct 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak" Finished!

HijackThis

Kod: Zaznacz wszystko: Logfile of HijackThis v1.99.1 Scan saved at 19:44:13, on 2007-12-10 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe E:\Avast\aswUpdSv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\WgaTray.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\algsrvs.exe C:\Program Files\A4Tech\Mouse\Amoumain.exe C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe C:\Program Files\Common Files\Onet.pl\AutoUpdate.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\VM_STI.EXE E:\GG\Gadu-Gadu\gg.exe C:\Program Files\Messenger\msmsgs.exe C:\Documents and Settings\fdffd\Pulpit\Zegarynka\Zegarynka.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\Opera\Opera.exe C:\WINDOWS\system32\NOTEPAD.EXE E:\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.bearshare.com/sidebar.html?src=ssb R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.eu.microsoft.com/poland/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {140BD8E3-C167-11D4-B4A3-080000180323} - (no file) O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll O2 - BHO: Alcohol Toolbar Helper - {8126A4A5-BFD3-46FE-BBDF-BFB5CF78E489} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Alcohol Toolbar - {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [IMJPMIG8.2] msime82.exe O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe O4 - HKLM\..\Run: [Onet.pl AutoUpdate] C:\Program Files\Common Files\Onet.pl\AutoUpdate.exe /tsr O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE BenQ Web Camera O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause O4 - HKCU\..\Run: [Gadu-Gadu] "E:\GG\Gadu-Gadu\gg.exe" /tray O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [wsctf.exe] wsctf.exe O4 - HKCU\..\Run: [EXPLORER.EXE] EXPLORER.EXE O4 - HKCU\..\Run: [MsServer] msfun80.exe O4 - HKCU\..\Run: [Zegarynka] C:\Documents and Settings\fdffd\Pulpit\Zegarynka\Zegarynka.exe O4 - HKCU\..\Run: [Stefan] C:\Program Files\INTERIAPL\Stefan\Stefan.exe O4 - HKCU\..\Run: [Steam] "E:\Program Files\Steam\Steam.exe" -silent O4 - HKCU\..\Run: [SRS Audio Sandbox] "E:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe" /hideme O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: OpenOffice.ux.pl 2.1.0.lnk = C:\Program Files\OpenOffice.ux.pl 2.1.0\program\quickstart.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: RaConfig.lnk = C:\WINDOWS\system32\RaConfig.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} - http://www.mks.com.pl/skaner/SkanerOnline.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{23BA6566-3066-4C9E-A755-77CE7C2D67A9}: NameServer = 217.17.34.10,195.116.217.32 O17 - HKLM\System\CCS\Services\Tcpip\..\{2FB63434-3201-4E1A-92B4-B305F3F6ED58}: NameServer = 194.204.159.1 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - E:\Avast\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - E:\Avast\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - E:\Avast\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - E:\Avast\ashWebSv.exe" /service (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

ComboFix

ComboFix 07-12-09.1 - fdffd 2007-12-10 19:47:22.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.207 [GMT 1:00]
Running from: E:\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
C:\WINDOWS\hosts
C:\WINDOWS\ufdata2000.log
D:\Autorun.inf
E:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2007-11-10 to 2007-12-10 )))))))))))))))))))))))))))))))
.

2007-12-10 19:34 . 2007-12-10 19:34 <DIR> d-------- C:\WINDOWS\ERUNT
2007-12-09 20:10 . 2007-12-09 20:10 49,152 --a------ C:\WINDOWS\system32\msime82.exe
2007-12-09 20:10 . 2007-12-09 20:10 49,152 --a------ C:\WINDOWS\system32\msfun80.exe
2007-12-09 20:10 . 2007-12-09 20:10 49,152 --a------ C:\WINDOWS\system32\algsrvs.exe
2007-12-09 20:10 . 2007-12-09 20:10 49,152 ---hs---- C:\fun.xls.exe
2007-12-04 19:17 . 2007-12-10 16:33 <DIR> d-------- C:\My Downloads
2007-12-03 19:51 . 2007-12-03 19:51 <DIR> d-------- C:\Documents and Settings\fdffd\Dane aplikacji\AdobeUM
2007-11-30 17:05 . 2007-11-30 17:05 <DIR> d-------- C:\Program Files\Common Files\eSellerate
2007-11-30 17:05 . 2007-11-30 17:05 <DIR> d-------- C:\Program Files\AnswersThatWork
2007-11-30 17:05 . 2007-06-08 13:53 1,753,088 --a------ C:\WINDOWS\system32\ExGrid.dll
2007-11-30 17:05 . 2001-03-13 14:51 1,066,176 --a------ C:\WINDOWS\system32\MSCOMCTL.OCX
2007-11-30 17:05 . 2007-04-03 16:51 614,400 --a------ C:\WINDOWS\system32\ExButton.dll
2007-11-30 17:05 . 2007-06-05 10:20 602,112 --a------ C:\WINDOWS\system32\ExMenu.dll
2007-11-30 17:05 . 2007-06-05 10:19 516,096 --a------ C:\WINDOWS\system32\ExTab.dll
2007-11-30 17:05 . 2005-10-11 14:40 356,352 --a------ C:\WINDOWS\system32\eSellerateEngine.dll
2007-11-30 17:05 . 2007-04-03 16:51 307,200 --a------ C:\WINDOWS\system32\ExPMenu.dll
2007-11-30 17:05 . 2005-06-18 11:44 212,240 --a------ C:\WINDOWS\system32\RichTx32.ocx
2007-11-30 17:05 . 2004-03-09 01:00 124,688 --a------ C:\WINDOWS\system32\MSWinSck.ocx
2007-11-30 17:05 . 2005-10-04 08:11 118,784 --a------ C:\WINDOWS\system32\eWebControl.dll
2007-11-26 16:48 . 2007-11-26 16:48 <DIR> d-------- C:\Documents and Settings\adsad\Dane aplikacji\Listonosz
2007-11-26 16:48 . 2007-11-26 16:48 <DIR> d-------- C:\Documents and Settings\adsad\Dane aplikacji\AutoUpdate
2007-11-24 18:38 . 2007-11-24 18:38 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Yahoo! Companion
2007-11-23 20:12 . 2007-11-23 20:12 <DIR> dr-h----- C:\Documents and Settings\fdffd\Dane aplikacji\SecuROM
2007-11-23 20:12 . 2007-11-23 20:12 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2007-11-22 14:40 . 2007-11-22 14:40 <DIR> d-------- C:\Documents and Settings\fdffd\SystemRequirementsLab
2007-11-21 19:36 . 2007-11-21 19:36 <DIR> d-------- C:\Documents and Settings\adsad\Dane aplikacji\vlc
2007-11-18 17:12 . 2007-03-08 00:51 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2007-11-18 17:12 . 2007-03-08 00:51 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-11-18 17:12 . 2007-03-08 00:51 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-11-17 17:17 . 2007-11-17 17:17 <DIR> d-------- C:\Program Files\DAEMON Tools
2007-11-17 16:35 . 2004-08-18 09:34 442,368 -ra------ C:\WINDOWS\system32\vp6vfw.dll
2007-11-16 18:46 . 2007-11-17 18:07 <DIR> d-------- C:\Program Files\EA GAMES
2007-11-16 15:15 . 2007-11-16 15:15 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2007-11-16 15:10 . 2007-11-16 15:10 <DIR> d-------- C:\Program Files\Canopus
2007-11-16 15:10 . 2007-11-16 15:10 <DIR> d-------- C:\Documents and Settings\fdffd\WINDOWS
2007-11-16 15:10 . 1999-05-19 09:52 149,504 --a------ C:\WINDOWS\system32\CSEDV.DLL
2007-11-16 15:10 . 1999-05-05 19:36 93,696 --a------ C:\WINDOWS\system32\CSCCDVC.DLL
2007-11-16 15:10 . 1998-10-22 21:41 32,256 --a------ C:\WINDOWS\system32\CDVCCODC.DLL
2007-11-16 15:10 . 1999-04-27 23:09 30,208 --a------ C:\WINDOWS\system32\DECCDVC.DLL
2007-11-16 15:03 . 2007-11-16 15:03 <DIR> d-------- C:\Program Files\Real Alternative
2007-11-15 17:31 . 2007-11-15 17:31 <DIR> d-------- C:\Program Files\Alcohol Toolbar
2007-11-15 17:31 . 2007-11-15 17:31 229,057 --a------ C:\WINDOWS\Alcohol_Toolbar_Uninstaller_1843.exe
2007-11-15 16:33 . 2007-11-17 17:12 <DIR> d-------- C:\Program Files\DAEMON Tools Pro
2007-11-15 16:31 . 2007-11-15 16:34 <DIR> d-------- C:\Program Files\DaemonTools_WhenUSave_Installer
2007-11-15 16:30 . 2007-11-15 16:31 <DIR> d-------- C:\Documents and Settings\fdffd\Dane aplikacji\DAEMON Tools Pro
2007-11-15 16:19 . 2007-11-15 16:19 <DIR> d-------- C:\Program Files\Common Files\WhenU
2007-11-15 16:18 . 2007-11-15 16:19 <DIR> d-------- C:\Program Files\DAEMON Tools SearchBar
2007-11-15 15:56 . 2007-11-15 15:56 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2007-11-15 14:09 . 2007-11-15 14:33 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\NFS Underground
2007-11-14 16:57 . 2007-11-14 16:57 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\SRS Labs
2007-11-14 16:57 . 2007-07-26 09:25 47,360 -ra------ C:\WINDOWS\system32\drivers\Surroundhp_kern_i386.sys
2007-11-14 16:57 . 2007-07-26 09:25 47,104 -ra------ C:\WINDOWS\system32\drivers\tshd4_kern_i386.sys
2007-11-14 16:57 . 2007-07-26 09:25 42,112 -ra------ C:\WINDOWS\system32\drivers\csiidecoder_kern_i386.sys
2007-11-14 16:57 . 2007-07-26 09:25 39,808 -ra------ C:\WINDOWS\system32\drivers\SRS_SSCFilter_i386.sys
2007-11-14 16:57 . 2007-07-26 09:25 32,000 -ra------ C:\WINDOWS\system32\drivers\wowhd_kern_i386.sys
2007-11-11 16:03 . 2007-05-16 16:45 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll
2007-11-11 16:03 . 2007-03-12 16:42 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll
2007-11-11 16:03 . 2007-05-16 16:45 1,124,720 --a------ C:\WINDOWS\system32\D3DCompiler_34.dll
2007-11-11 16:03 . 2007-03-12 16:42 1,123,696 --a------ C:\WINDOWS\system32\D3DCompiler_33.dll
2007-11-11 16:03 . 2007-05-16 16:45 443,752 --a------ C:\WINDOWS\system32\d3dx10_34.dll
2007-11-11 16:03 . 2007-03-15 16:57 443,752 --a------ C:\WINDOWS\system32\d3dx10_33.dll
2007-11-11 16:03 . 2007-06-20 20:46 266,088 --a------ C:\WINDOWS\system32\xactengine2_8.dll
2007-11-11 16:03 . 2007-04-04 18:55 261,480 --a------ C:\WINDOWS\system32\xactengine2_7.dll
2007-11-11 16:03 . 2007-04-04 18:53 81,768 --a------ C:\WINDOWS\system32\xinput1_3.dll
2007-11-11 16:03 . 2007-06-20 20:45 18,280 --a------ C:\WINDOWS\system32\x3daudio1_2.dll
2007-11-11 16:02 . 2007-01-24 15:27 255,848 --a------ C:\WINDOWS\system32\xactengine2_6.dll
2007-11-11 16:02 . 2007-03-05 12:42 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-10 18:40 --------- d-----w C:\Documents and Settings\fdffd\Dane aplikacji\Skype
2007-12-10 18:40 --------- d-----w C:\Documents and Settings\fdffd\Dane aplikacji\OpenOffice.ux.pl2
2007-12-09 10:41 --------- d-----w C:\Documents and Settings\fdffd\Dane aplikacji\BearShare
2007-12-04 12:19 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-27 19:02 --------- d-----w C:\Documents and Settings\fdffd\Dane aplikacji\MEGAUPLOADTOOLBAR
2007-11-15 12:57 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-11-09 17:24 --------- d-----w C:\Program Files\mozilla.org
2007-11-07 19:52 --------- d-----w C:\Documents and Settings\adsad\Dane aplikacji\DivX
2007-11-06 15:28 --------- d-----w C:\Program Files\DivX
2007-11-06 15:06 --------- d-----w C:\Documents and Settings\fdffd\Dane aplikacji\DivX
2007-11-06 14:34 --------- d-----w C:\Program Files\Yahoo!
2007-11-05 19:56 --------- d-----w C:\Documents and Settings\fdffd\Dane aplikacji\vlc
2007-11-05 17:11 --------- d-----w C:\Documents and Settings\xsdasd\Dane aplikacji\MEGAUPLOADTOOLBAR
2007-11-02 06:28 --------- d-----w C:\Documents and Settings\fdffd\Dane aplikacji\Media Player Classic
2007-10-31 18:57 737,280 ----a-w C:\WINDOWS\iun6002.exe
2007-10-22 19:02 --------- d-----w C:\Program Files\Opera
2007-10-20 09:05 --------- d-----w C:\Documents and Settings\fdffd\Dane aplikacji\teamspeak2
2007-10-20 00:56 43,528 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys
2007-10-19 14:30 --------- d-----w C:\Documents and Settings\xsdasd\Dane aplikacji\Skype
2007-10-18 09:06 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-10-17 06:41 --------- d-----w C:\Program Files\Samsung
2007-10-16 13:24 --------- d-----w C:\Documents and Settings\xsdasd\Dane aplikacji\Talkback
2007-10-16 13:03 --------- d-----w C:\Documents and Settings\fdffd\Dane aplikacji\InstallShield
2007-10-14 15:59 --------- d-----w C:\Documents and Settings\fdffd\Dane aplikacji\Azureus
2007-10-12 16:50 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Azureus
2007-09-29 11:46 315,392 ----a-w C:\WINDOWS\HideWin.exe
2007-09-19 16:14 16,844,800 ----a-w C:\WINDOWS\RTHDCPL.exe
2007-09-19 15:23 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2007-09-19 15:23 249,856 ------w C:\WINDOWS\Setup1.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{140BD8E3-C167-11D4-B4A3-080000180323}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadu-Gadu"="E:\GG\Gadu-Gadu\gg.exe" [2007-07-09 08:39]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24]
"wsctf.exe"="wsctf.exe" []
"EXPLORER.EXE"="EXPLORER.EXE" [2007-06-13 14:23 C:\WINDOWS\explorer.exe]
"MsServer"="msfun80.exe" [2007-12-09 20:10 C:\WINDOWS\system32\msfun80.exe]
"Zegarynka"="C:\Documents and Settings\fdffd\Pulpit\Zegarynka\Zegarynka.exe" [2005-02-25 22:02]
"Stefan"="C:\Program Files\INTERIAPL\Stefan\Stefan.exe" []
"Steam"="E:\Program Files\Steam\Steam.exe" [2007-12-10 07:19]
"SRS Audio Sandbox"="E:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe" [2007-10-26 16:04]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-08-31 16:40]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-09-18 15:16]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:44]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2006-07-21 15:14 C:\WINDOWS\SoundMan.exe]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-03 23:44 C:\WINDOWS\system32\rundll32.exe]
"IMJPMIG8.2"="msime82.exe" [2007-12-09 20:10 C:\WINDOWS\system32\msime82.exe]
"WheelMouse"="C:\Program Files\A4Tech\Mouse\Amoumain.exe" [2006-12-26 08:08]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe" [2006-05-03 01:56]
"Onet.pl AutoUpdate"="C:\Program Files\Common Files\Onet.pl\AutoUpdate.exe" [2006-02-08 15:40]
"nwiz"="nwiz.exe" [2005-07-20 20:07 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-03 23:44 C:\WINDOWS\system32\rundll32.exe]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2002-11-03 21:02]
"BigDogPath"="C:\WINDOWS\VM_STI.exe" [2003-01-21 14:19]
"BearShare"="C:\Program Files\BearShare\BearShare.exe" []

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:44]
"Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" [2007-04-12 08:30]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nlsf"="cmd.exe" [2004-08-03 23:44 C:\WINDOWS\system32\cmd.exe]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-03 23:33]

C:\Documents and Settings\fdffd\Menu Start\Programy\Autostart\
OpenOffice.ux.pl 2.1.0.lnk - C:\Program Files\OpenOffice.ux.pl 2.1.0\program\quickstart.exe [2006-12-30 04:32:40]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-09-27 06:14:53]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 14:44:06]
RaConfig.lnk - C:\WINDOWS\system32\RaConfig.exe [2006-06-24 10:05:48]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2006-06-24 10:09:06]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsMenu"= 0 (0x0)
"ForceClassicControlPanel"= 0 (0x0)
"NoInstrumentation"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="LogonUI.EXE"

R3 Amps2prt;A4Tech PS/2 Port Mouse Driver;C:\WINDOWS\system32\DRIVERS\Amps2prt.sys
R3 SRS_SSCFilter;SRS Labs Audio Sandbox (WDM);C:\WINDOWS\system32\drivers\srs_sscfilter_i386.sys
R3 ZSMC302;BenQ Web Camera;C:\WINDOWS\system32\Drivers\usbvm302.sys
S3 ADM8511;Konwerter z USB na Fast Ethernet ADMtek ADM8511/AN986;C:\WINDOWS\system32\DRIVERS\ADM8511.SYS
S3 ddsxeiservice;ddsxeiservice2;\??\E:\sXe Injected\ddsxei.sys
S3 RT2400;RT2400 Wireless Driver;C:\WINDOWS\system32\DRIVERS\RT2400.sys
S3 trial;trial;\??\C:\Documents and Settings\asdasda\Pulpit\r0 League Cheat\aeq_suxx.sys
S3 Z302Mic;BenQ Web Camera Mic Audio Filter Driver;C:\WINDOWS\system32\drivers\UsbMicfilt.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C]
\Shell\Auto\command - C:\fun.xls.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\Auto\command - D:\fun.xls.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\Auto\command - E:\fun.xls.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b8c41946-a62a-11dc-bc8b-0004616f6ccc}]
\Shell\Auto\command - H:\fun.xls.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe

.
Contents of the 'Scheduled Tasks' folder
"2007-12-10 18:37:46 C:\WINDOWS\Tasks\hl.job"
- C:\Program Files\Valve\hl.exe
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]
-> C:\DOCUME~1\fdffd\USTAWI~1\Temp\fhfxjvqc90C84D3.dll
.
**************************************************************************

catchme 0.3.1331 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-10 19:48:40
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
IMJPMIG8.2 = msime82.exe???.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
MsServer = msfun80.exe???.

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-10 19:49:13
C:\ComboFix-quarantined-files.txt ... 2007-07-11 09:31
C:\ComboFix2.txt ... 2007-07-11 09:32
.
--- E O F ---

[ Dodano: Dzisiaj o 19:56 ]
jea jestes boski wszystko dziala i nawet CS dzieki

**Posty:** 3854 · przez **Dzi@dek** 10 Gru 2007, 21:43

Otwórz notatnik i wklej:

Windows Registry Editor Version 5.00

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b8c41946-a62a-11dc-bc8b-0004616f6ccc}]

Plik zapisz jako-zmień na wszystkie pliki - pod nazwa FIX.REG
Klikasz dwukrotnie na powstały plik i potwierdzasz dodanie do rejestru.

Nowy log z combofix-a

W hijackthis usuwasz wpisy:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.bearshare.com/sidebar.html?src=ssb
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
O2 - BHO: (no name) - {140BD8E3-C167-11D4-B4A3-080000180323} - (no file)
O4 - HKCU\..\Run: [EXPLORER.EXE] EXPLORER.EXE
O4 - HKCU\..\Run: [wsctf.exe] wsctf.exe
O4 - HKLM\..\Run: [IMJPMIG8.2] msime82.exe
O4 - HKCU\..\Run: [MsServer] msfun80.exe

**Posty:** 35 · przez **spiacy** 12 Gru 2007, 16:37

ejj i jeszcze nie mam widoku klasycznego w panel sterowania nie wiem czemu? i nie moge wlaczyc przywracania systemu ? a moge bez tego i tylko tryb awaryjny ?

**Posty:** 18165 · przez **wojtas** 12 Gru 2007, 17:18

wykonaj co kazal Dzi@dek wroc z logami z hijacka oraz combofixa

**Posty:** 35 · przez **spiacy** 12 Gru 2007, 21:22

HijackThis New

Kod: Zaznacz wszystko: Logfile of HijackThis v1.99.1 Scan saved at 20:12:46, on 2007-12-12 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe E:\Avast\aswUpdSv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\algsrvs.exe C:\Program Files\Messenger\msmsgs.exe E:\GG\Gadu-Gadu\gg.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe E:\gamaa adjuster\GammaAdjuster.exe C:\WINDOWS\system32\WgaTray.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Winamp\Winamp.exe C:\Program Files\Opera\Opera.exe E:\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.eu.microsoft.com/poland/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {140BD8E3-C167-11D4-B4A3-080000180323} - (no file) O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll O2 - BHO: Alcohol Toolbar Helper - {8126A4A5-BFD3-46FE-BBDF-BFB5CF78E489} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Alcohol Toolbar - {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [IMJPMIG8.2] msime82.exe O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKCU\..\Run: [wsctf.exe] wsctf.exe O4 - HKCU\..\Run: [MsServer] msfun80.exe O4 - HKCU\..\Run: [Gadu-Gadu] "E:\GG\Gadu-Gadu\gg.exe" /tray O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} - http://www.mks.com.pl/skaner/SkanerOnline.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{23BA6566-3066-4C9E-A755-77CE7C2D67A9}: NameServer = 217.17.34.10,195.116.217.32 O17 - HKLM\System\CCS\Services\Tcpip\..\{2FB63434-3201-4E1A-92B4-B305F3F6ED58}: NameServer = 194.204.159.1 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - E:\Avast\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - E:\Avast\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - E:\Avast\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - E:\Avast\ashWebSv.exe" /service (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Combofix

Kod: Zaznacz wszystko: ComboFix 07-12-09.1 - fdffd 2007-12-12 20:17:37.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.246 [GMT 1:00] Running from: E:\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Autorun.inf C:\WINDOWS\ufdata2000.log D:\Autorun.inf E:\Autorun.inf . ((((((((((((((((((((((((( Files Created from 2007-11-12 to 2007-12-12 ))))))))))))))))))))))))))))))) . 2007-12-12 15:29 . 2007-12-12 15:29 <DIR> d-------- C:\WINDOWS\LastGood 2007-12-11 16:43 . 2007-12-11 16:43 <DIR> d-------- C:\Program Files\SubEdit-Player 2007-12-10 19:34 . 2007-12-10 19:34 <DIR> d-------- C:\WINDOWS\ERUNT 2007-12-09 20:10 . 2007-12-09 20:10 49,152 --a------ C:\WINDOWS\system32\msime82.exe 2007-12-09 20:10 . 2007-12-09 20:10 49,152 --a------ C:\WINDOWS\system32\msfun80.exe 2007-12-09 20:10 . 2007-12-09 20:10 49,152 --a------ C:\WINDOWS\system32\algsrvs.exe 2007-12-09 20:10 . 2007-12-09 20:10 49,152 ---hs---- C:\fun.xls.exe 2007-12-09 20:10 . 2007-12-12 20:18 129 ---hs---- C:\AUTORUN.INF 2007-12-04 19:17 . 2007-12-10 16:33 <DIR> d-------- C:\My Downloads 2007-12-03 19:51 . 2007-12-03 19:51 <DIR> d-------- C:\Documents and Settings\fdffd\Dane aplikacji\AdobeUM 2007-11-30 17:05 . 2007-11-30 17:05 <DIR> d-------- C:\Program Files\Common Files\eSellerate 2007-11-30 17:05 . 2007-11-30 17:05 <DIR> d-------- C:\Program Files\AnswersThatWork 2007-11-30 17:05 . 2007-06-08 13:53 1,753,088 --a------ C:\WINDOWS\system32\ExGrid.dll 2007-11-30 17:05 . 2001-03-13 14:51 1,066,176 --a------ C:\WINDOWS\system32\MSCOMCTL.OCX 2007-11-30 17:05 . 2007-04-03 16:51 614,400 --a------ C:\WINDOWS\system32\ExButton.dll 2007-11-30 17:05 . 2007-06-05 10:20 602,112 --a------ C:\WINDOWS\system32\ExMenu.dll 2007-11-30 17:05 . 2007-06-05 10:19 516,096 --a------ C:\WINDOWS\system32\ExTab.dll 2007-11-30 17:05 . 2005-10-11 14:40 356,352 --a------ C:\WINDOWS\system32\eSellerateEngine.dll 2007-11-30 17:05 . 2007-04-03 16:51 307,200 --a------ C:\WINDOWS\system32\ExPMenu.dll 2007-11-30 17:05 . 2005-06-18 11:44 212,240 --a------ C:\WINDOWS\system32\RichTx32.ocx 2007-11-30 17:05 . 2004-03-09 01:00 124,688 --a------ C:\WINDOWS\system32\MSWinSck.ocx 2007-11-30 17:05 . 2005-10-04 08:11 118,784 --a------ C:\WINDOWS\system32\eWebControl.dll 2007-11-26 16:48 . 2007-11-26 16:48 <DIR> d-------- C:\Documents and Settings\adsad\Dane aplikacji\Listonosz 2007-11-26 16:48 . 2007-11-26 16:48 <DIR> d-------- C:\Documents and Settings\adsad\Dane aplikacji\AutoUpdate 2007-11-24 18:38 . 2007-11-24 18:38 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Yahoo! Companion 2007-11-23 20:12 . 2007-11-23 20:12 <DIR> dr-h----- C:\Documents and Settings\fdffd\Dane aplikacji\SecuROM 2007-11-23 20:12 . 2007-11-23 20:12 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll 2007-11-22 14:40 . 2007-11-22 14:40 <DIR> d-------- C:\Documents and Settings\fdffd\SystemRequirementsLab 2007-11-21 19:36 . 2007-11-21 19:36 <DIR> d-------- C:\Documents and Settings\adsad\Dane aplikacji\vlc 2007-11-18 17:12 . 2007-03-08 00:51 129,784 --------- C:\WINDOWS\system32\pxafs.dll 2007-11-18 17:12 . 2007-03-08 00:51 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys 2007-11-18 17:12 . 2007-03-08 00:51 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys 2007-11-17 16:35 . 2004-08-18 09:34 442,368 -ra------ C:\WINDOWS\system32\vp6vfw.dll 2007-11-16 18:46 . 2007-11-17 18:07 <DIR> d-------- C:\Program Files\EA GAMES 2007-11-16 15:15 . 2007-11-16 15:15 <DIR> d-------- C:\Program Files\K-Lite Codec Pack 2007-11-16 15:10 . 2007-11-16 15:10 <DIR> d-------- C:\Program Files\Canopus 2007-11-16 15:10 . 2007-11-16 15:10 <DIR> d-------- C:\Documents and Settings\fdffd\WINDOWS 2007-11-16 15:10 . 1999-05-19 09:52 149,504 --a------ C:\WINDOWS\system32\CSEDV.DLL 2007-11-16 15:10 . 1999-05-05 19:36 93,696 --a------ C:\WINDOWS\system32\CSCCDVC.DLL 2007-11-16 15:10 . 1998-10-22 21:41 32,256 --a------ C:\WINDOWS\system32\CDVCCODC.DLL 2007-11-16 15:10 . 1999-04-27 23:09 30,208 --a------ C:\WINDOWS\system32\DECCDVC.DLL 2007-11-16 15:03 . 2007-11-16 15:03 <DIR> d-------- C:\Program Files\Real Alternative 2007-11-15 17:31 . 2007-11-15 17:31 <DIR> d-------- C:\Program Files\Alcohol Toolbar 2007-11-15 17:31 . 2007-11-15 17:31 229,057 --a------ C:\WINDOWS\Alcohol_Toolbar_Uninstaller_1843.exe 2007-11-15 16:31 . 2007-11-15 16:34 <DIR> d-------- C:\Program Files\DaemonTools_WhenUSave_Installer 2007-11-15 16:30 . 2007-11-15 16:31 <DIR> d-------- C:\Documents and Settings\fdffd\Dane aplikacji\DAEMON Tools Pro 2007-11-15 16:19 . 2007-11-15 16:19 <DIR> d-------- C:\Program Files\Common Files\WhenU 2007-11-15 16:18 . 2007-11-15 16:19 <DIR> d-------- C:\Program Files\DAEMON Tools SearchBar 2007-11-15 15:56 . 2007-11-15 15:56 <DIR> d-------- C:\WINDOWS\Downloaded Installations 2007-11-15 14:09 . 2007-11-15 14:33 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\NFS Underground 2007-11-14 16:57 . 2007-11-14 16:57 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\SRS Labs 2007-11-14 16:57 . 2007-07-26 09:25 47,360 -ra------ C:\WINDOWS\system32\drivers\Surroundhp_kern_i386.sys 2007-11-14 16:57 . 2007-07-26 09:25 47,104 -ra------ C:\WINDOWS\system32\drivers\tshd4_kern_i386.sys 2007-11-14 16:57 . 2007-07-26 09:25 42,112 -ra------ C:\WINDOWS\system32\drivers\csiidecoder_kern_i386.sys 2007-11-14 16:57 . 2007-07-26 09:25 39,808 -ra------ C:\WINDOWS\system32\drivers\SRS_SSCFilter_i386.sys 2007-11-14 16:57 . 2007-07-26 09:25 32,000 -ra------ C:\WINDOWS\system32\drivers\wowhd_kern_i386.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-10 18:54 --------- d-----w C:\Documents and Settings\fdffd\Dane aplikacji\MEGAUPLOADTOOLBAR 2007-12-10 18:40 --------- d-----w C:\Documents and Settings\fdffd\Dane aplikacji\Skype 2007-12-10 18:40 --------- d-----w C:\Documents and Settings\fdffd\Dane aplikacji\OpenOffice.ux.pl2 2007-12-09 10:41 --------- d-----w C:\Documents and Settings\fdffd\Dane aplikacji\BearShare 2007-12-04 12:19 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-11-15 12:57 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2007-11-09 17:24 --------- d-----w C:\Program Files\mozilla.org 2007-11-07 19:52 --------- d-----w C:\Documents and Settings\adsad\Dane aplikacji\DivX 2007-11-06 15:28 --------- d-----w C:\Program Files\DivX 2007-11-06 15:06 --------- d-----w C:\Documents and Settings\fdffd\Dane aplikacji\DivX 2007-11-06 14:34 --------- d-----w C:\Program Files\Yahoo! 2007-11-05 19:56 --------- d-----w C:\Documents and Settings\fdffd\Dane aplikacji\vlc 2007-11-05 17:11 --------- d-----w C:\Documents and Settings\xsdasd\Dane aplikacji\MEGAUPLOADTOOLBAR 2007-11-02 06:28 --------- d-----w C:\Documents and Settings\fdffd\Dane aplikacji\Media Player Classic 2007-10-31 18:57 737,280 ----a-w C:\WINDOWS\iun6002.exe 2007-10-22 19:02 --------- d-----w C:\Program Files\Opera 2007-10-20 09:05 --------- d-----w C:\Documents and Settings\fdffd\Dane aplikacji\teamspeak2 2007-10-20 00:56 43,528 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys 2007-10-19 14:30 --------- d-----w C:\Documents and Settings\xsdasd\Dane aplikacji\Skype 2007-10-18 09:06 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe 2007-10-17 06:41 --------- d-----w C:\Program Files\Samsung 2007-10-16 13:24 --------- d-----w C:\Documents and Settings\xsdasd\Dane aplikacji\Talkback 2007-10-16 13:03 --------- d-----w C:\Documents and Settings\fdffd\Dane aplikacji\InstallShield 2007-10-14 15:59 --------- d-----w C:\Documents and Settings\fdffd\Dane aplikacji\Azureus 2007-10-12 16:50 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Azureus 2007-09-29 11:46 315,392 ----a-w C:\WINDOWS\HideWin.exe 2007-09-19 16:14 16,844,800 ----a-w C:\WINDOWS\RTHDCPL.exe 2007-09-19 15:23 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE 2007-09-19 15:23 249,856 ------w C:\WINDOWS\Setup1.exe . ((((((((((((((((((((((((((((( snapshot@2007-12-10_19.48.45,04 ))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{140BD8E3-C167-11D4-B4A3-080000180323}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "wsctf.exe"="wsctf.exe" [] "MsServer"="msfun80.exe" [2007-12-09 20:10 C:\WINDOWS\system32\msfun80.exe] "Gadu-Gadu"="E:\GG\Gadu-Gadu\gg.exe" [2007-07-09 08:39] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="SOUNDMAN.EXE" [2006-07-21 15:14 C:\WINDOWS\SoundMan.exe] "NvCplDaemon"="RUNDLL32.exe" [2004-08-03 23:44 C:\WINDOWS\system32\rundll32.exe] "IMJPMIG8.2"="msime82.exe" [2007-12-09 20:10 C:\WINDOWS\system32\msime82.exe] "NvMediaCenter"="RUNDLL32.exe" [2004-08-03 23:44 C:\WINDOWS\system32\rundll32.exe] "MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-03 23:44] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:44] "Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" [2007-04-12 08:30] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nlsf"="cmd.exe" [2004-08-03 23:44 C:\WINDOWS\system32\cmd.exe] "tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-03 23:33] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoWelcomeScreen"= 0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoRecentDocsMenu"= 0 (0x0) "ForceClassicControlPanel"= 0 (0x0) "NoInstrumentation"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "UIHost"="LogonUI.EXE" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Gamma Loader.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Gamma Loader.lnk backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^RaConfig.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\RaConfig.lnk backup=C:\WINDOWS\pss\RaConfig.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^WinZip Quick Pick.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\WinZip Quick Pick.lnk backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^fdffd^Menu Start^Programy^Autostart^OpenOffice.ux.pl 2.1.0.lnk] path=C:\Documents and Settings\fdffd\Menu Start\Programy\Autostart\OpenOffice.ux.pl 2.1.0.lnk backup=C:\WINDOWS\pss\OpenOffice.ux.pl 2.1.0.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare] C:\Program Files\BearShare\BearShare.exe /pause [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDogPath] C:\WINDOWS\VM_STI.EXE BenQ Web Camera [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] 2004-08-03 23:44 15360 --a------ C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EXPLORER.EXE] EXPLORER.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu] E:\GG\Gadu-Gadu\gg.exe /tray [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility] 2002-11-03 21:02 188416 --a------ C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] C:\Program Files\Messenger\msmsgs.exe /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2001-07-09 09:50 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] nwiz.exe /install [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Onet.pl AutoUpdate] C:\Program Files\Common Files\Onet.pl\AutoUpdate.exe /tsr [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] C:\Program Files\Skype\Phone\Skype.exe /nosplash /minimized [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SRS Audio Sandbox] E:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe /hideme [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] E:\Program Files\Steam\Steam.exe -silent [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Stefan] C:\Program Files\INTERIAPL\Stefan\Stefan.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2006-05-03 01:56 36975 --a------ C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WheelMouse] 2006-12-26 08:08 196608 --a------ C:\Program Files\A4Tech\Mouse\Amoumain.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zegarynka] 2005-02-25 22:02 1930240 --a------ C:\Documents and Settings\fdffd\Pulpit\Zegarynka\Zegarynka.exe R3 Amps2prt;A4Tech PS/2 Port Mouse Driver;C:\WINDOWS\system32\DRIVERS\Amps2prt.sys R3 SRS_SSCFilter;SRS Labs Audio Sandbox (WDM);C:\WINDOWS\system32\drivers\srs_sscfilter_i386.sys R3 ZSMC302;BenQ Web Camera;C:\WINDOWS\system32\Drivers\usbvm302.sys S3 ADM8511;Konwerter z USB na Fast Ethernet ADMtek ADM8511/AN986;C:\WINDOWS\system32\DRIVERS\ADM8511.SYS S3 ddsxeiservice;ddsxeiservice2;\??\E:\sXe Injected\ddsxei.sys S3 RT2400;RT2400 Wireless Driver;C:\WINDOWS\system32\DRIVERS\RT2400.sys S3 trial;trial;\??\C:\Documents and Settings\asdasda\Pulpit\r0 League Cheat\aeq_suxx.sys S3 Z302Mic;BenQ Web Camera Mic Audio Filter Driver;C:\WINDOWS\system32\drivers\UsbMicfilt.sys . Contents of the 'Scheduled Tasks' folder "2007-12-12 14:27:24 C:\WINDOWS\Tasks\hl.job" - C:\Program Files\Valve\hl.exe . ************************************************************************** catchme 0.3.1331 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-12 20:18:34 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run IMJPMIG8.2 = msime82.exe???. HKCU\Software\Microsoft\Windows\CurrentVersion\Run MsServer = msfun80.exe???. scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-12-12 20:19:05 C:\ComboFix-quarantined-files.txt ... 2007-07-11 09:31 C:\ComboFix2.txt ... 2007-12-12 20:16 C:\ComboFix3.txt ... 2007-12-10 19:49 . --- E O F ---

**Posty:** 18165 · przez **wojtas** 12 Gru 2007, 21:50

O2 - BHO: (no name) - {140BD8E3-C167-11D4-B4A3-080000180323} - (no file)
O4 - HKLM\..\Run: [IMJPMIG8.2] msime82.exe
O4 - HKCU\..\Run: [wsctf.exe] wsctf.exe
O4 - HKCU\..\Run: [MsServer] msfun80.exe

skasuj te wpisy w hijacku

Otworz notatnik i wklej w nim to:

File::
C:\WINDOWS\system32\msime82.exe
C:\WINDOWS\system32\msfun80.exe
C:\WINDOWS\system32\algsrvs.exe
C:\fun.xls.exe
C:\AUTORUN.INF

Folder::
Files\Common Files\WhenU
Files\DAEMON Tools SearchBar

Plik >>> zapisz jako CFScript.txt .Plik przeciągnij i upuść na ikonę ComboFixa (tak jak tu ) . Potwierdz >>> zresetuje sie komputer

(jeśli pojawi się pytanie "1 or 2" - to wpisz 1 i naciśnij ENTER). Rozpocznie się proces usuwania
Potem nowy log z hijacka oraz combofixa

**Posty:** 35 · przez **spiacy** 13 Gru 2007, 15:48

ComboFix

Kod: Zaznacz wszystko: ComboFix 07-12-09.1 - fdffd 2007-12-13 14:42:45.4 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.278 [GMT 1:00] Running from: E:\ComboFix.exe Command switches used :: E:\CFScript.txt * Created a new restore point FILE C:\AUTORUN.INF C:\fun.xls.exe C:\WINDOWS\system32\algsrvs.exe C:\WINDOWS\system32\msfun80.exe C:\WINDOWS\system32\msime82.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Autorun.inf C:\fun.xls.exe C:\WINDOWS\system32\algsrvs.exe C:\WINDOWS\system32\msfun80.exe C:\WINDOWS\system32\msime82.exe C:\WINDOWS\ufdata2000.log D:\Autorun.inf E:\Autorun.inf . ((((((((((((((((((((((((( Files Created from 2007-11-13 to 2007-12-13 ))))))))))))))))))))))))))))))) . 2007-12-12 21:17 . 2007-12-12 21:19 1,393 --a------ C:\WINDOWS\imsins.BAK 2007-12-11 16:43 . 2007-12-11 16:43 <DIR> d-------- C:\Program Files\SubEdit-Player 2007-12-10 19:34 . 2007-12-10 19:34 <DIR> d-------- C:\WINDOWS\ERUNT 2007-12-04 19:17 . 2007-12-10 16:33 <DIR> d-------- C:\My Downloads 2007-12-03 19:51 . 2007-12-03 19:51 <DIR> d-------- C:\Documents and Settings\fdffd\Dane aplikacji\AdobeUM 2007-11-30 17:05 . 2007-11-30 17:05 <DIR> d-------- C:\Program Files\Common Files\eSellerate 2007-11-30 17:05 . 2007-11-30 17:05 <DIR> d-------- C:\Program Files\AnswersThatWork 2007-11-30 17:05 . 2007-06-08 13:53 1,753,088 --a------ C:\WINDOWS\system32\ExGrid.dll 2007-11-30 17:05 . 2001-03-13 14:51 1,066,176 --a------ C:\WINDOWS\system32\MSCOMCTL.OCX 2007-11-30 17:05 . 2007-04-03 16:51 614,400 --a------ C:\WINDOWS\system32\ExButton.dll 2007-11-30 17:05 . 2007-06-05 10:20 602,112 --a------ C:\WINDOWS\system32\ExMenu.dll 2007-11-30 17:05 . 2007-06-05 10:19 516,096 --a------ C:\WINDOWS\system32\ExTab.dll 2007-11-30 17:05 . 2005-10-11 14:40 356,352 --a------ C:\WINDOWS\system32\eSellerateEngine.dll 2007-11-30 17:05 . 2007-04-03 16:51 307,200 --a------ C:\WINDOWS\system32\ExPMenu.dll 2007-11-30 17:05 . 2005-06-18 11:44 212,240 --a------ C:\WINDOWS\system32\RichTx32.ocx 2007-11-30 17:05 . 2004-03-09 01:00 124,688 --a------ C:\WINDOWS\system32\MSWinSck.ocx 2007-11-30 17:05 . 2005-10-04 08:11 118,784 --a------ C:\WINDOWS\system32\eWebControl.dll 2007-11-26 16:48 . 2007-11-26 16:48 <DIR> d-------- C:\Documents and Settings\adsad\Dane aplikacji\Listonosz 2007-11-26 16:48 . 2007-11-26 16:48 <DIR> d-------- C:\Documents and Settings\adsad\Dane aplikacji\AutoUpdate 2007-11-24 18:38 . 2007-11-24 18:38 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Yahoo! Companion 2007-11-23 20:12 . 2007-11-23 20:12 <DIR> dr-h----- C:\Documents and Settings\fdffd\Dane aplikacji\SecuROM 2007-11-23 20:12 . 2007-11-23 20:12 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll 2007-11-22 14:40 . 2007-11-22 14:40 <DIR> d-------- C:\Documents and Settings\fdffd\SystemRequirementsLab 2007-11-21 19:36 . 2007-11-21 19:36 <DIR> d-------- C:\Documents and Settings\adsad\Dane aplikacji\vlc 2007-11-18 17:12 . 2007-03-08 00:51 129,784 --------- C:\WINDOWS\system32\pxafs.dll 2007-11-18 17:12 . 2007-03-08 00:51 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys 2007-11-18 17:12 . 2007-03-08 00:51 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys 2007-11-17 16:35 . 2004-08-18 09:34 442,368 -ra------ C:\WINDOWS\system32\vp6vfw.dll 2007-11-16 18:46 . 2007-11-17 18:07 <DIR> d-------- C:\Program Files\EA GAMES 2007-11-16 15:15 . 2007-11-16 15:15 <DIR> d-------- C:\Program Files\K-Lite Codec Pack 2007-11-16 15:10 . 2007-11-16 15:10 <DIR> d-------- C:\Program Files\Canopus 2007-11-16 15:10 . 2007-11-16 15:10 <DIR> d-------- C:\Documents and Settings\fdffd\WINDOWS 2007-11-16 15:10 . 1999-05-19 09:52 149,504 --a------ C:\WINDOWS\system32\CSEDV.DLL 2007-11-16 15:10 . 1999-05-05 19:36 93,696 --a------ C:\WINDOWS\system32\CSCCDVC.DLL 2007-11-16 15:10 . 1998-10-22 21:41 32,256 --a------ C:\WINDOWS\system32\CDVCCODC.DLL 2007-11-16 15:10 . 1999-04-27 23:09 30,208 --a------ C:\WINDOWS\system32\DECCDVC.DLL 2007-11-16 15:03 . 2007-11-16 15:03 <DIR> d-------- C:\Program Files\Real Alternative 2007-11-15 17:31 . 2007-11-15 17:31 <DIR> d-------- C:\Program Files\Alcohol Toolbar 2007-11-15 17:31 . 2007-11-15 17:31 229,057 --a------ C:\WINDOWS\Alcohol_Toolbar_Uninstaller_1843.exe 2007-11-15 16:31 . 2007-11-15 16:34 <DIR> d-------- C:\Program Files\DaemonTools_WhenUSave_Installer 2007-11-15 16:30 . 2007-11-15 16:31 <DIR> d-------- C:\Documents and Settings\fdffd\Dane aplikacji\DAEMON Tools Pro 2007-11-15 16:19 . 2007-11-15 16:19 <DIR> d-------- C:\Program Files\Common Files\WhenU 2007-11-15 16:18 . 2007-11-15 16:19 <DIR> d-------- C:\Program Files\DAEMON Tools SearchBar 2007-11-15 15:56 . 2007-11-15 15:56 <DIR> d-------- C:\WINDOWS\Downloaded Installations 2007-11-15 14:09 . 2007-11-15 14:33 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\NFS Underground 2007-11-14 16:57 . 2007-11-14 16:57 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\SRS Labs 2007-11-14 16:57 . 2007-07-26 09:25 47,360 -ra------ C:\WINDOWS\system32\drivers\Surroundhp_kern_i386.sys 2007-11-14 16:57 . 2007-07-26 09:25 47,104 -ra------ C:\WINDOWS\system32\drivers\tshd4_kern_i386.sys 2007-11-14 16:57 . 2007-07-26 09:25 42,112 -ra------ C:\WINDOWS\system32\drivers\csiidecoder_kern_i386.sys 2007-11-14 16:57 . 2007-07-26 09:25 39,808 -ra------ C:\WINDOWS\system32\drivers\SRS_SSCFilter_i386.sys 2007-11-14 16:57 . 2007-07-26 09:25 32,000 -ra------ C:\WINDOWS\system32\drivers\wowhd_kern_i386.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-10 18:54 --------- d-----w C:\Documents and Settings\fdffd\Dane aplikacji\MEGAUPLOADTOOLBAR 2007-12-10 18:40 --------- d-----w C:\Documents and Settings\fdffd\Dane aplikacji\Skype 2007-12-10 18:40 --------- d-----w C:\Documents and Settings\fdffd\Dane aplikacji\OpenOffice.ux.pl2 2007-12-09 10:41 --------- d-----w C:\Documents and Settings\fdffd\Dane aplikacji\BearShare 2007-12-04 12:19 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-11-15 12:57 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-11-09 17:24 --------- d-----w C:\Program Files\mozilla.org 2007-11-07 19:52 --------- d-----w C:\Documents and Settings\adsad\Dane aplikacji\DivX 2007-11-06 15:28 --------- d-----w C:\Program Files\DivX 2007-11-06 15:06 --------- d-----w C:\Documents and Settings\fdffd\Dane aplikacji\DivX 2007-11-06 14:34 --------- d-----w C:\Program Files\Yahoo! 2007-11-05 19:56 --------- d-----w C:\Documents and Settings\fdffd\Dane aplikacji\vlc 2007-11-05 17:11 --------- d-----w C:\Documents and Settings\xsdasd\Dane aplikacji\MEGAUPLOADTOOLBAR 2007-11-02 06:28 --------- d-----w C:\Documents and Settings\fdffd\Dane aplikacji\Media Player Classic 2007-10-31 18:57 737,280 ----a-w C:\WINDOWS\iun6002.exe 2007-10-29 22:44 1,291,264 ----a-w C:\WINDOWS\system32\quartz.dll 2007-10-25 09:00 230,912 ----a-w C:\WINDOWS\system32\wmasf.dll 2007-10-22 19:02 --------- d-----w C:\Program Files\Opera 2007-10-20 09:05 --------- d-----w C:\Documents and Settings\fdffd\Dane aplikacji\teamspeak2 2007-10-20 00:56 43,528 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys 2007-10-19 14:30 --------- d-----w C:\Documents and Settings\xsdasd\Dane aplikacji\Skype 2007-10-18 09:06 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe 2007-10-17 06:41 --------- d-----w C:\Program Files\Samsung 2007-10-16 13:24 --------- d-----w C:\Documents and Settings\xsdasd\Dane aplikacji\Talkback 2007-10-16 13:03 --------- d-----w C:\Documents and Settings\fdffd\Dane aplikacji\InstallShield 2007-10-14 15:59 --------- d-----w C:\Documents and Settings\fdffd\Dane aplikacji\Azureus 2007-09-29 11:46 315,392 ----a-w C:\WINDOWS\HideWin.exe 2007-09-19 16:14 16,844,800 ----a-w C:\WINDOWS\RTHDCPL.exe 2007-09-19 15:23 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE 2007-09-19 15:23 249,856 ------w C:\WINDOWS\Setup1.exe . ((((((((((((((((((((((((((((( snapshot@2007-12-10_19.48.45,04 ))))))))))))))))))))))))))))))))))))))))) . - 2007-08-22 13:19:16 1,022,976 ----a-w C:\WINDOWS\system32\browseui.dll + 2007-10-11 06:14:30 1,023,488 ----a-w C:\WINDOWS\system32\browseui.dll - 2007-08-22 13:19:16 151,552 ----a-w C:\WINDOWS\system32\cdfview.dll + 2007-10-11 06:14:30 151,552 ----a-w C:\WINDOWS\system32\cdfview.dll - 2007-08-22 13:19:16 1,055,744 ----a-w C:\WINDOWS\system32\danim.dll + 2007-10-11 06:14:30 1,055,744 ----a-w C:\WINDOWS\system32\danim.dll - 2007-08-22 13:19:16 1,022,976 -c--a-w C:\WINDOWS\system32\dllcache\browseui.dll + 2007-10-11 06:14:30 1,023,488 -c--a-w C:\WINDOWS\system32\dllcache\browseui.dll - 2007-08-22 13:19:16 151,552 -c--a-w C:\WINDOWS\system32\dllcache\cdfview.dll + 2007-10-11 06:14:30 151,552 -c--a-w C:\WINDOWS\system32\dllcache\cdfview.dll - 2007-08-22 13:19:16 1,055,744 -c--a-w C:\WINDOWS\system32\dllcache\danim.dll + 2007-10-11 06:14:30 1,055,744 -c--a-w C:\WINDOWS\system32\dllcache\danim.dll - 2007-08-22 13:19:17 357,888 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll + 2007-10-11 06:14:30 357,888 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll - 2007-08-22 13:19:17 205,312 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll + 2007-10-11 06:14:30 205,312 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll - 2007-08-22 13:19:17 55,808 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll + 2007-10-11 06:14:30 55,808 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll - 2007-08-21 10:30:45 18,432 -c--a-w C:\WINDOWS\system32\dllcache\iedw.exe + 2007-10-10 11:16:27 18,432 -c--a-w C:\WINDOWS\system32\dllcache\iedw.exe - 2007-08-22 13:19:17 251,392 -c--a-w C:\WINDOWS\system32\dllcache\iepeers.dll + 2007-10-11 06:14:30 251,392 -c--a-w C:\WINDOWS\system32\dllcache\iepeers.dll - 2007-08-22 13:19:17 96,768 -c--a-w C:\WINDOWS\system32\dllcache\inseng.dll + 2007-10-11 06:14:30 96,768 -c--a-w C:\WINDOWS\system32\dllcache\inseng.dll - 2006-05-18 05:43:42 450,560 -c--a-w C:\WINDOWS\system32\dllcache\jscript.dll + 2007-11-14 07:28:56 450,560 -c--a-w C:\WINDOWS\system32\dllcache\jscript.dll - 2007-08-22 13:19:17 16,384 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll + 2007-10-11 06:14:30 16,384 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll - 2004-08-03 20:58:22 72,960 -c--a-w C:\WINDOWS\system32\dllcache\mqac.sys + 2007-07-06 10:05:47 72,960 -c--a-w C:\WINDOWS\system32\dllcache\mqac.sys - 2004-08-03 22:44:04 138,240 -c--a-w C:\WINDOWS\system32\dllcache\mqad.dll + 2007-07-06 12:51:40 138,240 -c--a-w C:\WINDOWS\system32\dllcache\mqad.dll - 2004-08-03 22:44:04 47,104 -c--a-w C:\WINDOWS\system32\dllcache\mqdscli.dll + 2007-07-06 12:51:40 47,104 -c--a-w C:\WINDOWS\system32\dllcache\mqdscli.dll - 2004-08-03 22:44:04 16,896 -c--a-w C:\WINDOWS\system32\dllcache\mqise.dll + 2007-07-06 12:51:40 16,896 -c--a-w C:\WINDOWS\system32\dllcache\mqise.dll - 2004-08-03 22:44:04 660,992 -c--a-w C:\WINDOWS\system32\dllcache\mqqm.dll + 2007-07-06 12:51:40 660,992 -c--a-w C:\WINDOWS\system32\dllcache\mqqm.dll - 2004-08-03 22:44:04 177,152 -c--a-w C:\WINDOWS\system32\dllcache\mqrt.dll + 2007-07-06 12:51:40 177,152 -c--a-w C:\WINDOWS\system32\dllcache\mqrt.dll - 2004-08-03 22:44:04 95,744 -c--a-w C:\WINDOWS\system32\dllcache\mqsec.dll + 2007-07-06 12:51:40 95,744 -c--a-w C:\WINDOWS\system32\dllcache\mqsec.dll - 2004-08-03 22:44:04 48,640 -c--a-w C:\WINDOWS\system32\dllcache\mqupgrd.dll + 2007-07-06 12:51:40 48,640 -c--a-w C:\WINDOWS\system32\dllcache\mqupgrd.dll - 2004-08-03 22:44:04 512,000 -c--a-w C:\WINDOWS\system32\dllcache\mqutil.dll + 2007-07-06 12:51:40 512,000 -c--a-w C:\WINDOWS\system32\dllcache\mqutil.dll - 2007-08-22 13:19:18 3,079,168 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll + 2007-10-30 10:19:06 3,079,680 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll - 2007-08-22 13:19:18 449,024 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll + 2007-10-11 06:14:31 449,024 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll - 2007-08-22 13:19:18 146,432 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll + 2007-10-11 06:14:31 146,432 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll - 2007-08-22 13:19:19 532,480 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll + 2007-10-11 06:14:31 532,480 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll - 2007-08-22 13:19:19 39,424 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll + 2007-10-11 06:14:31 39,424 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll - 2005-08-30 03:56:13 1,290,752 -c--a-w C:\WINDOWS\system32\dllcache\quartz.dll + 2007-10-29 22:44:30 1,291,264 -c--a-w C:\WINDOWS\system32\dllcache\quartz.dll - 2007-08-22 13:19:19 1,494,528 -c--a-w C:\WINDOWS\system32\dllcache\shdocvw.dll + 2007-10-11 06:14:31 1,494,528 -c--a-w C:\WINDOWS\system32\dllcache\shdocvw.dll - 2007-08-22 13:19:19 474,112 -c--a-w C:\WINDOWS\system32\dllcache\shlwapi.dll + 2007-10-11 06:14:31 474,112 -c--a-w C:\WINDOWS\system32\dllcache\shlwapi.dll - 2007-08-22 13:19:19 616,448 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll + 2007-10-11 06:14:32 616,448 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll - 2007-08-22 13:19:20 661,504 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll + 2007-10-11 06:14:32 662,016 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll - 2004-08-03 22:44:16 230,400 -c--a-w C:\WINDOWS\system32\dllcache\wmasf.dll + 2007-10-25 09:00:50 230,912 -c--a-w C:\WINDOWS\system32\dllcache\wmasf.dll - 2006-12-07 16:02:24 2,174,976 -c--a-w C:\WINDOWS\system32\dllcache\wmvcore.dll + 2007-10-25 09:01:10 2,109,440 -c--a-w C:\WINDOWS\system32\dllcache\wmvcore.dll - 2004-08-03 20:58:22 72,960 ----a-w C:\WINDOWS\system32\drivers\mqac.sys + 2007-07-06 10:05:47 72,960 ----a-w C:\WINDOWS\system32\drivers\mqac.sys - 2007-08-22 13:19:17 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll + 2007-10-11 06:14:30 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll - 2007-08-22 13:19:17 205,312 ----a-w C:\WINDOWS\system32\dxtrans.dll + 2007-10-11 06:14:30 205,312 ----a-w C:\WINDOWS\system32\dxtrans.dll - 2007-08-22 13:19:17 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll + 2007-10-11 06:14:30 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll - 2007-08-22 13:19:17 251,392 ----a-w C:\WINDOWS\system32\iepeers.dll + 2007-10-11 06:14:30 251,392 ----a-w C:\WINDOWS\system32\iepeers.dll - 2007-08-22 13:19:17 96,768 ----a-w C:\WINDOWS\system32\inseng.dll + 2007-10-11 06:14:30 96,768 ----a-w C:\WINDOWS\system32\inseng.dll - 2006-05-18 05:43:42 450,560 ----a-w C:\WINDOWS\system32\jscript.dll + 2007-11-14 07:28:56 450,560 ----a-w C:\WINDOWS\system32\jscript.dll - 2007-08-22 13:19:17 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll + 2007-10-11 06:14:30 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll - 2004-08-03 22:44:04 138,240 ----a-w C:\WINDOWS\system32\mqad.dll + 2007-07-06 12:51:40 138,240 ----a-w C:\WINDOWS\system32\mqad.dll - 2004-08-03 22:44:04 47,104 ----a-w C:\WINDOWS\system32\mqdscli.dll + 2007-07-06 12:51:40 47,104 ----a-w C:\WINDOWS\system32\mqdscli.dll - 2004-08-03 22:44:04 16,896 ----a-w C:\WINDOWS\system32\mqise.dll + 2007-07-06 12:51:40 16,896 ----a-w C:\WINDOWS\system32\mqise.dll - 2004-08-03 22:44:04 660,992 ----a-w C:\WINDOWS\system32\mqqm.dll + 2007-07-06 12:51:40 660,992 ----a-w C:\WINDOWS\system32\mqqm.dll - 2004-08-03 22:44:04 177,152 ----a-w C:\WINDOWS\system32\mqrt.dll + 2007-07-06 12:51:40 177,152 ----a-w C:\WINDOWS\system32\mqrt.dll - 2004-08-03 22:44:04 95,744 ----a-w C:\WINDOWS\system32\mqsec.dll + 2007-07-06 12:51:40 95,744 ----a-w C:\WINDOWS\system32\mqsec.dll - 2004-08-03 22:44:04 48,640 ----a-w C:\WINDOWS\system32\mqupgrd.dll + 2007-07-06 12:51:40 48,640 ----a-w C:\WINDOWS\system32\mqupgrd.dll - 2004-08-03 22:44:04 512,000 ----a-w C:\WINDOWS\system32\mqutil.dll + 2007-07-06 12:51:40 512,000 ----a-w C:\WINDOWS\system32\mqutil.dll - 2007-11-02 07:12:57 18,238,072 ----a-w C:\WINDOWS\system32\MRT.exe + 2007-12-02 23:00:05 18,684,536 ----a-w C:\WINDOWS\system32\MRT.exe - 2007-08-22 13:19:18 3,079,168 ----a-w C:\WINDOWS\system32\mshtml.dll + 2007-10-30 10:19:06 3,079,680 ----a-w C:\WINDOWS\system32\mshtml.dll - 2007-08-22 13:19:18 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll + 2007-10-11 06:14:31 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll - 2007-08-22 13:19:18 146,432 ----a-w C:\WINDOWS\system32\msrating.dll + 2007-10-11 06:14:31 146,432 ----a-w C:\WINDOWS\system32\msrating.dll - 2007-08-22 13:19:19 532,480 ----a-w C:\WINDOWS\system32\mstime.dll + 2007-10-11 06:14:31 532,480 ----a-w C:\WINDOWS\system32\mstime.dll - 2007-08-22 13:19:19 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll + 2007-10-11 06:14:31 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll - 2007-08-22 13:19:19 1,494,528 ----a-w C:\WINDOWS\system32\shdocvw.dll + 2007-10-11 06:14:31 1,494,528 ----a-w C:\WINDOWS\system32\shdocvw.dll - 2007-08-22 13:19:19 474,112 ----a-w C:\WINDOWS\system32\shlwapi.dll + 2007-10-11 06:14:31 474,112 ----a-w C:\WINDOWS\system32\shlwapi.dll - 2007-03-06 03:28:33 16,096 ------w C:\WINDOWS\system32\spmsg.dll + 2005-10-12 23:21:28 16,096 ------w C:\WINDOWS\system32\spmsg.dll - 2007-07-18 12:42:22 60,416 ------w C:\WINDOWS\system32\tzchange.exe + 2007-11-13 11:31:11 60,416 ------w C:\WINDOWS\system32\tzchange.exe - 2007-08-22 13:19:19 616,448 ----a-w C:\WINDOWS\system32\urlmon.dll + 2007-10-11 06:14:32 616,448 ----a-w C:\WINDOWS\system32\urlmon.dll - 2007-08-22 13:19:20 661,504 ----a-w C:\WINDOWS\system32\wininet.dll + 2007-10-11 06:14:32 662,016 ----a-w C:\WINDOWS\system32\wininet.dll - 2006-12-07 16:02:24 2,174,976 ----a-w C:\WINDOWS\system32\wmvcore.dll + 2007-10-25 09:01:10 2,109,440 ----a-w C:\WINDOWS\system32\wmvcore.dll . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:44] "Gadu-Gadu"="E:\GG\Gadu-Gadu\gg.exe" [2007-07-09 08:39] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-03 23:44] "NvMediaCenter"="RUNDLL32.exe" [2004-08-03 23:44 C:\WINDOWS\system32\rundll32.exe] "NvCplDaemon"="RUNDLL32.exe" [2004-08-03 23:44 C:\WINDOWS\system32\rundll32.exe] "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2002-11-03 21:02] "BigDogPath"="C:\WINDOWS\VM_STI.exe" [2003-01-21 14:19] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:44] "Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" [2007-04-12 08:30] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nlsf"="cmd.exe" [2004-08-03 23:44 C:\WINDOWS\system32\cmd.exe] "tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-03 23:33] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoWelcomeScreen"= 0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoRecentDocsMenu"= 0 (0x0) "ForceClassicControlPanel"= 0 (0x0) "NoInstrumentation"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "UIHost"="LogonUI.EXE" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Gamma Loader.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Gamma Loader.lnk backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^RaConfig.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\RaConfig.lnk backup=C:\WINDOWS\pss\RaConfig.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^WinZip Quick Pick.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\WinZip Quick Pick.lnk backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^fdffd^Menu Start^Programy^Autostart^OpenOffice.ux.pl 2.1.0.lnk] path=C:\Documents and Settings\fdffd\Menu Start\Programy\Autostart\OpenOffice.ux.pl 2.1.0.lnk backup=C:\WINDOWS\pss\OpenOffice.ux.pl 2.1.0.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare] C:\Program Files\BearShare\BearShare.exe /pause [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EXPLORER.EXE] EXPLORER.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu] E:\GG\Gadu-Gadu\gg.exe /tray [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] C:\Program Files\Messenger\msmsgs.exe /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2001-07-09 09:50 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] nwiz.exe /install [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Onet.pl AutoUpdate] C:\Program Files\Common Files\Onet.pl\AutoUpdate.exe /tsr [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] C:\Program Files\Skype\Phone\Skype.exe /nosplash /minimized [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] SOUNDMAN.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SRS Audio Sandbox] E:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe /hideme [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] E:\Program Files\Steam\Steam.exe -silent [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Stefan] C:\Program Files\INTERIAPL\Stefan\Stefan.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2006-05-03 01:56 36975 --a------ C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WheelMouse] 2006-12-26 08:08 196608 --a------ C:\Program Files\A4Tech\Mouse\Amoumain.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zegarynka] 2005-02-25 22:02 1930240 --a------ C:\Documents and Settings\fdffd\Pulpit\Zegarynka\Zegarynka.exe R3 Amps2prt;A4Tech PS/2 Port Mouse Driver;C:\WINDOWS\system32\DRIVERS\Amps2prt.sys R3 SRS_SSCFilter;SRS Labs Audio Sandbox (WDM);C:\WINDOWS\system32\drivers\srs_sscfilter_i386.sys R3 ZSMC302;BenQ Web Camera;C:\WINDOWS\system32\Drivers\usbvm302.sys S3 ADM8511;Konwerter z USB na Fast Ethernet ADMtek ADM8511/AN986;C:\WINDOWS\system32\DRIVERS\ADM8511.SYS S3 ddsxeiservice;ddsxeiservice2;\??\E:\sXe Injected\ddsxei.sys S3 RT2400;RT2400 Wireless Driver;C:\WINDOWS\system32\DRIVERS\RT2400.sys S3 trial;trial;\??\C:\Documents and Settings\asdasda\Pulpit\r0 League Cheat\aeq_suxx.sys S3 Z302Mic;BenQ Web Camera Mic Audio Filter Driver;C:\WINDOWS\system32\drivers\UsbMicfilt.sys . Contents of the 'Scheduled Tasks' folder "2007-12-13 13:40:09 C:\WINDOWS\Tasks\hl.job" - C:\Program Files\Valve\hl.exe . ************************************************************************** catchme 0.3.1331 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-13 14:43:58 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-12-13 14:44:27 C:\ComboFix-quarantined-files.txt ... 2007-07-11 09:31 C:\ComboFix2.txt ... 2007-12-12 20:19 C:\ComboFix3.txt ... 2007-12-12 20:16 . --- E O F ---

Hijack

Kod: Zaznacz wszystko: Logfile of HijackThis v1.99.1 Scan saved at 14:47:25, on 2007-12-13 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe E:\Avast\aswUpdSv.exe C:\WINDOWS\VM_STI.EXE C:\WINDOWS\system32\ctfmon.exe E:\GG\Gadu-Gadu\gg.exe C:\Program Files\Opera\Opera.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\WgaTray.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\explorer.exe E:\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.eu.microsoft.com/poland/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll O2 - BHO: Alcohol Toolbar Helper - {8126A4A5-BFD3-46FE-BBDF-BFB5CF78E489} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Alcohol Toolbar - {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE BenQ Web Camera O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Gadu-Gadu] "E:\GG\Gadu-Gadu\gg.exe" /tray O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} - http://www.mks.com.pl/skaner/SkanerOnline.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{23BA6566-3066-4C9E-A755-77CE7C2D67A9}: NameServer = 217.17.34.10,195.116.217.32 O17 - HKLM\System\CCS\Services\Tcpip\..\{2FB63434-3201-4E1A-92B4-B305F3F6ED58}: NameServer = 194.204.159.1 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - E:\Avast\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - E:\Avast\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - E:\Avast\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - E:\Avast\ashWebSv.exe" /service (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Ejj i nie wiem czemu nie mam stylu klasycznego w panelu sterowania bo nie moge zrobic kilku rzeczy

**Posty:** 18165 · przez **wojtas** 13 Gru 2007, 18:30

start>uruchom>regedit>przejdz do klucza:

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

zmien:

"NoRecentDocsMenu"= 0 (0x0)
"ForceClassicControlPanel"= 0 (0x0)
"NoInstrumentation"= 0 (0x0

na:

"NoRecentDocsMenu"= 1
"ForceClassicControlPanel"= 1
"NoInstrumentation"= 1

Otworz notatnik i wklej w nim to:

File::
C:\WINDOWS\imsins.BAK

Folder::
C:\Program Files\DAEMON Tools SearchBar
C:\Program Files\Common Files\WhenU
C:\Program Files\DaemonTools_WhenUSave_Installer

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EXPLORER.EXE]

Plik >>> zapisz jako CFScript.txt .Plik przeciągnij i upuść na ikonę ComboFixa (tak jak tu ) . Potwierdz >>> zresetuje sie komputer

(jeśli pojawi się pytanie "1 or 2" - to wpisz 1 i naciśnij ENTER). Rozpocznie się proces usuwania
Potem nowy log z hijacka oraz combofixa

**Posty:** 35 · przez **spiacy** 13 Gru 2007, 20:12

Combofix

ComboFix 07-12-09.1 - fdffd 2007-12-13 19:07:05.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.189 [GMT 1:00]
Running from: E:\ComboFix.exe
Command switches used :: E:\CFScript.txt
* Created a new restore point

FILE
C:\WINDOWS\imsins.BAK
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Common Files\WhenU
C:\Program Files\Common Files\WhenU\DTAdapter.exe
C:\Program Files\Common Files\WhenU\DTPlugin.dll
C:\Program Files\DAEMON Tools SearchBar
C:\Program Files\DAEMON Tools SearchBar\search.cab
C:\Program Files\DaemonTools_WhenUSave_Installer
C:\WINDOWS\imsins.BAK

.
((((((((((((((((((((((((( Files Created from 2007-11-13 to 2007-12-13 )))))))))))))))))))))))))))))))
.

2007-12-11 16:43 . 2007-12-13 16:10 <DIR> d-------- C:\Program Files\SubEdit-Player
2007-12-10 19:34 . 2007-12-10 19:34 <DIR> d-------- C:\WINDOWS\ERUNT
2007-12-04 19:17 . 2007-12-10 16:33 <DIR> d-------- C:\My Downloads
2007-12-03 19:51 . 2007-12-03 19:51 <DIR> d-------- C:\Documents and Settings\fdffd\Dane aplikacji\AdobeUM
2007-11-30 17:05 . 2007-11-30 17:05 <DIR> d-------- C:\Program Files\Common Files\eSellerate
2007-11-30 17:05 . 2007-11-30 17:05 <DIR> d-------- C:\Program Files\AnswersThatWork
2007-11-30 17:05 . 2007-06-08 13:53 1,753,088 --a------ C:\WINDOWS\system32\ExGrid.dll
2007-11-30 17:05 . 2001-03-13 14:51 1,066,176 --a------ C:\WINDOWS\system32\MSCOMCTL.OCX
2007-11-30 17:05 . 2007-04-03 16:51 614,400 --a------ C:\WINDOWS\system32\ExButton.dll
2007-11-30 17:05 . 2007-06-05 10:20 602,112 --a------ C:\WINDOWS\system32\ExMenu.dll
2007-11-30 17:05 . 2007-06-05 10:19 516,096 --a------ C:\WINDOWS\system32\ExTab.dll
2007-11-30 17:05 . 2005-10-11 14:40 356,352 --a------ C:\WINDOWS\system32\eSellerateEngine.dll
2007-11-30 17:05 . 2007-04-03 16:51 307,200 --a------ C:\WINDOWS\system32\ExPMenu.dll
2007-11-30 17:05 . 2005-06-18 11:44 212,240 --a------ C:\WINDOWS\system32\RichTx32.ocx
2007-11-30 17:05 . 2004-03-09 01:00 124,688 --a------ C:\WINDOWS\system32\MSWinSck.ocx
2007-11-30 17:05 . 2005-10-04 08:11 118,784 --a------ C:\WINDOWS\system32\eWebControl.dll
2007-11-26 16:48 . 2007-11-26 16:48 <DIR> d-------- C:\Documents and Settings\adsad\Dane aplikacji\Listonosz
2007-11-26 16:48 . 2007-11-26 16:48 <DIR> d-------- C:\Documents and Settings\adsad\Dane aplikacji\AutoUpdate
2007-11-24 18:38 . 2007-11-24 18:38 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Yahoo! Companion
2007-11-23 20:12 . 2007-11-23 20:12 <DIR> dr-h----- C:\Documents and Settings\fdffd\Dane aplikacji\SecuROM
2007-11-23 20:12 . 2007-11-23 20:12 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2007-11-22 14:40 . 2007-11-22 14:40 <DIR> d-------- C:\Documents and Settings\fdffd\SystemRequirementsLab
2007-11-21 19:36 . 2007-11-21 19:36 <DIR> d-------- C:\Documents and Settings\adsad\Dane aplikacji\vlc
2007-11-18 17:12 . 2007-03-08 00:51 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2007-11-18 17:12 . 2007-03-08 00:51 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-11-18 17:12 . 2007-03-08 00:51 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-11-17 16:35 . 2004-08-18 09:34 442,368 -ra------ C:\WINDOWS\system32\vp6vfw.dll
2007-11-16 18:46 . 2007-11-17 18:07 <DIR> d-------- C:\Program Files\EA GAMES
2007-11-16 15:15 . 2007-11-16 15:15 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2007-11-16 15:10 . 2007-11-16 15:10 <DIR> d-------- C:\Program Files\Canopus
2007-11-16 15:10 . 2007-11-16 15:10 <DIR> d-------- C:\Documents and Settings\fdffd\WINDOWS
2007-11-16 15:10 . 1999-05-19 09:52 149,504 --a------ C:\WINDOWS\system32\CSEDV.DLL
2007-11-16 15:10 . 1999-05-05 19:36 93,696 --a------ C:\WINDOWS\system32\CSCCDVC.DLL
2007-11-16 15:10 . 1998-10-22 21:41 32,256 --a------ C:\WINDOWS\system32\CDVCCODC.DLL
2007-11-16 15:10 . 1999-04-27 23:09 30,208 --a------ C:\WINDOWS\system32\DECCDVC.DLL
2007-11-16 15:03 . 2007-11-16 15:03 <DIR> d-------- C:\Program Files\Real Alternative
2007-11-15 17:31 . 2007-11-15 17:31 <DIR> d-------- C:\Program Files\Alcohol Toolbar
2007-11-15 17:31 . 2007-11-15 17:31 229,057 --a------ C:\WINDOWS\Alcohol_Toolbar_Uninstaller_1843.exe
2007-11-15 16:30 . 2007-11-15 16:31 <DIR> d-------- C:\Documents and Settings\fdffd\Dane aplikacji\DAEMON Tools Pro
2007-11-15 15:56 . 2007-11-15 15:56 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2007-11-15 14:09 . 2007-11-15 14:33 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\NFS Underground
2007-11-14 16:57 . 2007-11-14 16:57 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\SRS Labs
2007-11-14 16:57 . 2007-07-26 09:25 47,360 -ra------ C:\WINDOWS\system32\drivers\Surroundhp_kern_i386.sys
2007-11-14 16:57 . 2007-07-26 09:25 47,104 -ra------ C:\WINDOWS\system32\drivers\tshd4_kern_i386.sys
2007-11-14 16:57 . 2007-07-26 09:25 42,112 -ra------ C:\WINDOWS\system32\drivers\csiidecoder_kern_i386.sys
2007-11-14 16:57 . 2007-07-26 09:25 39,808 -ra------ C:\WINDOWS\system32\drivers\SRS_SSCFilter_i386.sys
2007-11-14 16:57 . 2007-07-26 09:25 32,000 -ra------ C:\WINDOWS\system32\drivers\wowhd_kern_i386.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-13 18:06 --------- d-----w C:\Documents and Settings\fdffd\Dane aplikacji\Skype
2007-12-10 18:54 --------- d-----w C:\Documents and Settings\fdffd\Dane aplikacji\MEGAUPLOADTOOLBAR
2007-12-10 18:40 --------- d-----w C:\Documents and Settings\fdffd\Dane aplikacji\OpenOffice.ux.pl2
2007-12-09 10:41 --------- d-----w C:\Documents and Settings\fdffd\Dane aplikacji\BearShare
2007-12-04 12:19 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-15 12:57 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-09 17:24 --------- d-----w C:\Program Files\mozilla.org
2007-11-07 19:52 --------- d-----w C:\Documents and Settings\adsad\Dane aplikacji\DivX
2007-11-06 15:28 --------- d-----w C:\Program Files\DivX
2007-11-06 15:06 --------- d-----w C:\Documents and Settings\fdffd\Dane aplikacji\DivX
2007-11-06 14:34 --------- d-----w C:\Program Files\Yahoo!
2007-11-05 19:56 --------- d-----w C:\Documents and Settings\fdffd\Dane aplikacji\vlc
2007-11-05 17:11 --------- d-----w C:\Documents and Settings\xsdasd\Dane aplikacji\MEGAUPLOADTOOLBAR
2007-11-02 06:28 --------- d-----w C:\Documents and Settings\fdffd\Dane aplikacji\Media Player Classic
2007-10-31 18:57 737,280 ----a-w C:\WINDOWS\iun6002.exe
2007-10-22 19:02 --------- d-----w C:\Program Files\Opera
2007-10-20 09:05 --------- d-----w C:\Documents and Settings\fdffd\Dane aplikacji\teamspeak2
2007-10-20 00:56 43,528 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys
2007-10-19 14:30 --------- d-----w C:\Documents and Settings\xsdasd\Dane aplikacji\Skype
2007-10-17 06:41 --------- d-----w C:\Program Files\Samsung
2007-10-16 13:24 --------- d-----w C:\Documents and Settings\xsdasd\Dane aplikacji\Talkback
2007-10-16 13:03 --------- d-----w C:\Documents and Settings\fdffd\Dane aplikacji\InstallShield
2007-10-14 15:59 --------- d-----w C:\Documents and Settings\fdffd\Dane aplikacji\Azureus
2007-09-29 11:46 315,392 ----a-w C:\WINDOWS\HideWin.exe
2007-09-19 16:14 16,844,800 ----a-w C:\WINDOWS\RTHDCPL.exe
2007-09-19 15:23 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2007-09-19 15:23 249,856 ------w C:\WINDOWS\Setup1.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:44]
"Gadu-Gadu"="E:\GG\Gadu-Gadu\gg.exe" [2007-07-09 08:39]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-03 23:44]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-03 23:44 C:\WINDOWS\system32\rundll32.exe]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-03 23:44 C:\WINDOWS\system32\rundll32.exe]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2002-11-03 21:02]
"BigDogPath"="C:\WINDOWS\VM_STI.exe" [2003-01-21 14:19]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:44]
"Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" [2007-04-12 08:30]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nlsf"="cmd.exe" [2004-08-03 23:44 C:\WINDOWS\system32\cmd.exe]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-03 23:33]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsMenu"= 1 (0x1)
"ForceClassicControlPanel"= 1 (0x1)
"NoInstrumentation"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="LogonUI.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^RaConfig.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\RaConfig.lnk
backup=C:\WINDOWS\pss\RaConfig.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^fdffd^Menu Start^Programy^Autostart^OpenOffice.ux.pl 2.1.0.lnk]
path=C:\Documents and Settings\fdffd\Menu Start\Programy\Autostart\OpenOffice.ux.pl 2.1.0.lnk
backup=C:\WINDOWS\pss\OpenOffice.ux.pl 2.1.0.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare]
C:\Program Files\BearShare\BearShare.exe /pause

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu]
E:\GG\Gadu-Gadu\gg.exe /tray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 09:50 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Onet.pl AutoUpdate]
C:\Program Files\Common Files\Onet.pl\AutoUpdate.exe /tsr

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe /nosplash /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SRS Audio Sandbox]
E:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe /hideme

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
E:\Program Files\Steam\Steam.exe -silent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Stefan]
C:\Program Files\INTERIAPL\Stefan\Stefan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2006-05-03 01:56 36975 --a------ C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WheelMouse]
2006-12-26 08:08 196608 --a------ C:\Program Files\A4Tech\Mouse\Amoumain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zegarynka]
2005-02-25 22:02 1930240 --a------ C:\Documents and Settings\fdffd\Pulpit\Zegarynka\Zegarynka.exe

R3 Amps2prt;A4Tech PS/2 Port Mouse Driver;C:\WINDOWS\system32\DRIVERS\Amps2prt.sys
R3 SRS_SSCFilter;SRS Labs Audio Sandbox (WDM);C:\WINDOWS\system32\drivers\srs_sscfilter_i386.sys
R3 ZSMC302;BenQ Web Camera;C:\WINDOWS\system32\Drivers\usbvm302.sys
S3 ADM8511;Konwerter z USB na Fast Ethernet ADMtek ADM8511/AN986;C:\WINDOWS\system32\DRIVERS\ADM8511.SYS
S3 ddsxeiservice;ddsxeiservice2;\??\E:\sXe Injected\ddsxei.sys
S3 RT2400;RT2400 Wireless Driver;C:\WINDOWS\system32\DRIVERS\RT2400.sys
S3 trial;trial;\??\C:\Documents and Settings\asdasda\Pulpit\r0 League Cheat\aeq_suxx.sys
S3 Z302Mic;BenQ Web Camera Mic Audio Filter Driver;C:\WINDOWS\system32\drivers\UsbMicfilt.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-12-13 18:10:07 C:\WINDOWS\Tasks\hl.job"
- C:\Program Files\Valve\hl.exe
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
-> C:\DOCUME~1\fdffd\USTAWI~1\Temp\fhfxjvqc90C84D3.dll
.
**************************************************************************

catchme 0.3.1331 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-13 19:09:57
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-13 19:10:47 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-07-11 09:31
C:\ComboFix2.txt ... 2007-12-13 14:44
C:\ComboFix3.txt ... 2007-12-12 20:19
.
--- E O F ---

Hijack

Logfile of HijackThis v1.99.1
Scan saved at 19:11:54, on 2007-12-13
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
E:\Avast\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\VM_STI.EXE
C:\WINDOWS\system32\ctfmon.exe
E:\GG\Gadu-Gadu\gg.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Opera\Opera.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32Info.exe
E:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.eu.microsoft.com/poland/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: Alcohol Toolbar Helper - {8126A4A5-BFD3-46FE-BBDF-BFB5CF78E489} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Alcohol Toolbar - {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE BenQ Web Camera
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "E:\GG\Gadu-Gadu\gg.exe" /tray
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} - http://www.mks.com.pl/skaner/SkanerOnline.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{23BA6566-3066-4C9E-A755-77CE7C2D67A9}: NameServer = 217.17.34.10,195.116.217.32
O17 - HKLM\System\CCS\Services\Tcpip\..\{2FB63434-3201-4E1A-92B4-B305F3F6ED58}: NameServer = 194.204.159.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - E:\Avast\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - E:\Avast\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - E:\Avast\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - E:\Avast\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

**Posty:** 18165 · przez **wojtas** 13 Gru 2007, 20:14

sciagnij ATF_Cleaner
zaznacz
Windows Temp
Temporary internet files
i wcisnij EMPTY SELECTED

w logu nic wiecej nie widze

auto na dysku pisze

auto na dysku pisze

Kto jest na forum