Bluscren po otwarciu compactflash i innych kart

[peblo]

witam po podłączeniu do laptopa mini card reader i otwieraniu karty pamięci compakt flash 2 i 8 gb lub jakiejś innej kartu sd wywala blu screna poniżej log z combo fixa

Kod: Zaznacz wszystko

ComboFix 09-02-11.02 - piotr 2009-02-12 12:15:40.6 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1250.1.1045.18.247.95 [GMT 1:00]
Running from: d:\documents and settings\piotr\Pulpit\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\1utbfd.bat
C:\2aaxaiy.exe
C:\Autorun.inf
C:\pook.com
C:\xih9.cmd
D:\1utbfd.bat
D:\2aaxaiy.exe
D:\Autorun.inf
D:\pook.com
d:\windows\system32\ckvo.exe
d:\windows\system32\ckvo0.dll
d:\windows\system32\nmdfgds0.dll
d:\windows\system32\nmdfgds1.dll
d:\windows\system32\olhrwef.exe
D:\xih9.cmd
E:\1utbfd.bat
E:\2aaxaiy.exe
E:\autorun.inf
E:\pook.com
E:\xih9.cmd

.
(((((((((((((((((((((((((   Files Created from 2009-01-12 to 2009-02-12  )))))))))))))))))))))))))))))))
.

2009-02-10 18:05 . 2009-02-12 11:22   108,067   -r-hs----   D:\opgde.exe
2009-02-03 22:47 . 2009-02-03 22:47   <DIR>   d--------   D:\tt
2009-02-01 20:26 . 2009-02-01 19:59   109,930   -r-hs----   D:\a2h2.com
2009-01-31 20:19 . 2009-01-31 20:19   <DIR>   d--------   d:\program files\Common Files\Skype
2009-01-30 18:41 . 2009-01-31 14:31   109,127   -r-hs----   D:\hl80c6b1.com
2009-01-25 19:18 . 2009-01-25 19:18   <DIR>   d--------   d:\windows\system32\IOSUBSYS
2009-01-25 10:34 . 2009-01-25 17:57   <DIR>   d--------   d:\documents and settings\piotr\Dane aplikacji\gtk-2.0
2009-01-25 10:32 . 2009-01-25 10:32   <DIR>   d--------   d:\documents and settings\piotr\.thumbnails
2009-01-25 10:31 . 2009-01-26 20:22   <DIR>   d--------   d:\documents and settings\piotr\.gimp-2.6
2009-01-25 10:31 . 2009-01-25 10:31   <DIR>   d--------   d:\documents and settings\piotr\.gegl-0.0
2009-01-25 10:29 . 2009-01-28 19:04   <DIR>   d--------   d:\program files\GIMP-2.0
2009-01-23 20:39 . 2009-01-23 20:39   0   --a------   d:\windows\mngui.INI
2009-01-23 20:33 . 2009-01-23 20:34   <DIR>   d--------   d:\documents and settings\piotr\Dane aplikacji\Teleca
2009-01-23 20:32 . 2009-01-23 20:32   <DIR>   d--------   d:\documents and settings\All Users\Documents
2009-01-23 20:31 . 2009-01-23 20:31   <DIR>   d--------   d:\program files\Sony Ericsson
2009-01-23 20:31 . 2009-01-23 20:32   <DIR>   d--------   d:\program files\Common Files\Teleca Shared
2009-01-23 20:31 . 2009-01-23 20:32   <DIR>   d--------   d:\documents and settings\All Users\Dane aplikacji\Teleca
2009-01-23 20:31 . 2009-01-23 20:32   <DIR>   d--------   d:\documents and settings\All Users\Dane aplikacji\Sony Ericsson
2009-01-23 20:21 . 2009-01-23 20:21   54,156   --ah-----   d:\windows\QTFont.qfn
2009-01-23 20:21 . 2009-01-23 20:21   1,409   --a------   d:\windows\QTFont.for
2009-01-22 22:13 . 2009-01-22 22:13   <DIR>   d--------   d:\program files\onOne Software
2009-01-22 21:45 . 2008-07-09 05:05   129,520   ---------   d:\windows\system32\pxafs.dll
2009-01-22 20:19 . 2009-01-22 21:07   <DIR>   d--------   d:\program files\Neat Image
2009-01-22 20:12 . 2009-01-22 21:10   <DIR>   d--------   d:\program files\Common Files\Adobe
2009-01-20 22:11 . 2009-01-21 11:52   <DIR>   d--------   d:\documents and settings\piotr\Dane aplikacji\Sony Corporation
2009-01-20 22:04 . 2006-07-28 09:30   236,824   --a------   d:\windows\system32\xactengine2_3.dll
2009-01-20 22:04 . 2006-07-28 09:30   62,744   --a------   d:\windows\system32\xinput1_2.dll
2009-01-20 22:03 . 2005-05-26 15:34   2,297,552   --a------   d:\windows\system32\d3dx9_26.dll
2009-01-20 21:29 . 2008-07-09 05:05   120,568   ---------   d:\windows\system32\PxCpyI64.exe
2009-01-20 21:29 . 2008-07-09 05:05   118,256   ---------   d:\windows\system32\PxInsI64.exe
2009-01-20 21:29 . 2006-08-28 21:48   2,560   --a------   d:\windows\system32\drivers\cdralw2k.sys
2009-01-20 21:29 . 2006-08-28 21:48   2,432   --a------   d:\windows\system32\drivers\cdr4_xp.sys
2009-01-20 21:23 . 2009-01-20 22:04   <DIR>   d--------   d:\program files\Sony
2009-01-20 21:22 . 2009-01-20 21:22   <DIR>   d--------   d:\documents and settings\piotr\Dane aplikacji\InstallShield
2009-01-18 19:47 . 2009-01-18 19:47   <DIR>   d--------   d:\documents and settings\piotr\Dane aplikacji\HEXelon
2009-01-13 23:04 . 2009-01-13 23:04   <DIR>   d--------   d:\documents and settings\piotr\WINDOWS
2009-01-13 23:03 . 2009-01-13 23:03   <DIR>   d--------   d:\program files\IPSPI
2009-01-12 18:54 . 2009-01-12 18:54   <DIR>   d--------   D:\32788R22FWJFW.0.tmp

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-12 10:23   ---------   d-----w   d:\program files\Przelewy
2009-02-11 21:35   ---------   d-----w   d:\documents and settings\piotr\Dane aplikacji\Skype
2009-02-11 21:11   ---------   d-----w   d:\documents and settings\piotr\Dane aplikacji\skypePM
2009-01-31 19:20   ---------   d-----w   d:\program files\Google
2009-01-31 19:19   ---------   d-----w   d:\documents and settings\All Users\Dane aplikacji\Skype
2009-01-31 19:19   ---------   d-----r   d:\program files\Skype
2009-01-25 11:35   634,681   ----a-w   D:\Archiwum.zip
2009-01-23 19:24   ---------   d-----w   d:\program files\Common Files\InstallShield
2009-01-22 21:13   ---------   d--h--w   d:\program files\InstallShield Installation Information
2009-01-22 20:08   ---------   d---a-w   d:\documents and settings\All Users\Dane aplikacji\TEMP
2009-01-11 21:49   ---------   d-----w   d:\documents and settings\piotr\Dane aplikacji\RaimaRadioPro
2009-01-11 21:47   ---------   d-----w   d:\program files\RarmaRadio
2009-01-05 22:33   3,751,995   ----a-w   d:\windows\system32\GPhotos.scr
2009-01-02 22:16   ---------   d-----w   d:\program files\Microsoft ActiveSync
2009-01-02 22:15   ---------   d-----w   d:\program files\Driver Sweeper
2009-01-02 22:15   ---------   d-----w   d:\program files\CeRegEditor
2009-01-02 22:14   ---------   d-----w   d:\program files\FORUM Emisje
2008-12-23 21:36   ---------   d-----w   d:\program files\priv
2008-12-23 21:26   ---------   d-----w   d:\program files\net
2008-12-23 21:25   25,058   ----a-w   d:\program files\unins000.dat
2008-12-23 21:25   ---------   d-----w   d:\program files\Dane
2008-12-23 21:25   ---------   d-----w   d:\program files\Common Files\Borland Shared
2008-12-21 11:50   410,984   ----a-w   d:\windows\system32\deploytk.dll
2008-12-21 11:49   ---------   d-----w   d:\program files\Java
2008-12-20 20:32   ---------   d-----w   d:\program files\Trend Micro
2008-12-19 20:35   ---------   d-----w   d:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files
2008-12-19 12:02   697,353   ----a-w   d:\windows\unins000.exe
2008-12-18 21:00   ---------   d-----w   d:\program files\Common Files\Real
2008-12-15 19:20   ---------   d-----w   d:\program files\Common Files\snpstd
2008-12-14 10:45   ---------   d-----w   d:\program files\Realtek AC97
2008-12-13 21:06   ---------   d-----w   d:\program files\directx
2008-12-13 17:48   ---------   d-----w   d:\program files\ffdshow
2008-12-13 17:36   ---------   d-----w   d:\program files\NAPI-PROJEKT
2008-12-13 17:23   ---------   d-----w   d:\documents and settings\piotr\Dane aplikacji\vlc
2008-12-13 17:21   ---------   d-----w   d:\program files\VideoLAN
2008-12-13 17:17   ---------   d-----w   d:\program files\ALLPlayer
2008-12-13 17:01   ---------   d-----w   d:\program files\Windows Media Connect 2
2008-12-13 16:24   ---------   d-----w   d:\documents and settings\All Users\Dane aplikacji\Office Genuine Advantage
2008-12-08 11:53   57,344   ----a-w   d:\windows\system32\ff_vfw.dll
2008-06-24 13:58   238,858   ----a-w   d:\program files\Pomoc.chm
2008-06-13 04:27   3,533,824   ----a-w   d:\program files\Srodowisko2008.exe
2005-04-26 21:50   40,960   ----a-w   d:\program files\SessionCleanup.exe
2004-02-11 04:00   77,770   ----a-w   d:\program files\unins000.exe
2001-01-08 16:24   34,816   ----a-w   d:\program files\AddAlias.exe
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

[HKLM\~\startupfolder\D:^Documents and Settings^piotr^Menu Start^Programy^Autostart^Picture Motion Browser Media Check Tool.lnk]
path=d:\documents and settings\piotr\Menu Start\Programy\Autostart\Picture Motion Browser Media Check Tool.lnk
backup=d:\windows\pss\Picture Motion Browser Media Check Tool.lnkStartup

[HKLM\~\startupfolder\D:^Documents and Settings^piotr^Menu Start^Programy^Autostart^Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk]
path=d:\documents and settings\piotr\Menu Start\Programy\Autostart\Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk
backup=d:\windows\pss\Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HEXelon MAX]
c:\program files\WinRar_3.80_PL_up_by_muciek_\WinRar_3.80_PL_up_by_muciek [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ALLUpdate]
--a------ 2008-11-24 20:44 869888 d:\program files\ALLPlayer\ALLUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 13:00 15360 d:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
--a----t- 2008-12-13 17:52 133104 d:\documents and settings\piotr\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2006-10-27 00:47 31016 d:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
-ra------ 2003-12-14 17:07 118784 d:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
-ra------ 2003-12-14 17:20 155648 d:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-09-25 10:56 25565992 d:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd]
--a------ 2005-10-11 13:54 339968 d:\windows\vsnpstd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
-ra------ 2005-10-26 16:17 159744 d:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-12-21 12:50 136600 d:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
-ra------ 2003-11-19 08:41 88363 d:\windows\AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
--a------ 2004-08-04 13:00 110592 d:\windows\system32\bthprops.cpl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2007-04-16 15:28 577536 d:\windows\soundman.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Super G Wireless Service"=2 (0x2)
"odserv"=3 (0x3)
"Microsoft Office Groove Audit Service"=3 (0x3)
"ose"=3 (0x3)
"WMPNetworkSvc"=3 (0x3)
"sdCoreService"=3 (0x3)
"sdAuxService"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)
"AVP"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"d:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"d:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"d:\\Program Files\\Skype\\Phone\\Skype.exe"=

S3 AVPsys;AVPsys;d:\windows\system32\drivers\cdaudio.sys [2008-12-19 18688]
S4 Super G Wireless Service;Wireless LAN Card;d:\program files\Wireless 11bg Netowrk Utility\WLService.exe [2008-12-10 49152]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f0e85f40-e982-11dd-8ae9-0040d0712ba7}]
\Shell\AutoRun\command - I:\uvsqfgwd.cmd
\Shell\open\Com[code]mand - I:\uvsqfgwd.cmd
.
Contents of the 'Scheduled Tasks' folder

2009-02-11 d:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-329068152-688789844-1957994488-1004.job
- d:\documents and settings\piotr\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2008-12-13 17:52]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-cdoosoft - d:\windows\system32\olhrwef.exe
MSConfigStartUp-cdoosoft - d:\windows\system32\olhrwef.exe


.
------- Supplementary Scan -------
.
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - d:\windows\system32\GPhotos.scr/200
IE: E&ksportuj do programu Microsoft Excel - d:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {C3F3AE54-81AF-4616-99F7-1D2F92A9E26E} = 208.67.222.222,208.67.220.220
FF - ProfilePath - d:\documents and settings\piotr\Dane aplikacji\Mozilla\Firefox\Profiles\824e09c5.default\
FF - plugin: d:\documents and settings\piotr\Ustawienia lokalne\Dane aplikacji\Google\Update\1.2.133.33\npGoogleOneClick7.dll
FF - plugin: d:\program files\Google\Picasa3\npPicasa3.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-12 12:17:06
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-02-12 12:18:25
ComboFix-quarantined-files.txt  2009-02-12 11:18:17
ComboFix2.txt  2009-02-11 22:40:05
ComboFix3.txt  2009-02-01 11:33:58

Pre-Run: 22 278 725 632 bajtów wolnych
Post-Run: 22,267,150,336 bajtów wolnych

216[/code]

dodam jeszcze iż bez jakiej kolwiek ingerencji w sterowniki co jakiś czas traci sterowniki do drukarki choćby i wczoraj 2 godziny szukania przyczyny i bez efektu drukarka nie działała dziś włączyłem i wszystko bez problemu działa

[Okocza]

Wykonaj to co jest podane w tym temacie

Zastosuj SDFix . Po pobraniu uruchom go a rozpakuje się do C:\SDFix. Uruchom komputer w trybie awaryjnym (F8 przy stracie systemu). Będąc w awaryjnym uruchom plik RunThis.bat z folderu SDFixa. Zatwierdź czyszczenie przez Y. Poczekaj aż ukończy i komputer zresetuje

Potem wejdz do folderu C:\SDFix wrzuc zawartość pliku Report.txt + log z combofixa oraz daj loga z hijacka

[peblo]

log hijacka

Kod: Zaznacz wszystko

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:39:20, on 2009-02-12
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\wscntfy.exe
D:\WINDOWS\system32\wuauclt.exe
D:\WINDOWS\system32\msiexec.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - D:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - D:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - D:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://D:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O17 - HKLM\System\CCS\Services\Tcpip\..\{C3F3AE54-81AF-4616-99F7-1D2F92A9E26E}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

--
End of file - 3680 bytes

log sd fix

Kod: Zaznacz wszystko

[b]SDFix: Version 1.240 [/b]
Run by piotr on 2009-02-12 at 20:24

Microsoft Windows XP [Wersja 5.1.2600]
Running From: D:\Documents and Settings\piotr\Pulpit\SDFix

[b]Checking Services [/b]:


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


[b]Checking Files [/b]:

No Trojan Files Found






Removing Temp Files

[b]ADS Check [/b]:



                                 [b]Final Check [/b]:

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-12 20:29:52
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0013eff142ef]
"001e4503a562"=hex:14,1e,a4,db,4f,15,e8,c6,66,7b,9f,70,72,a7,a0,82
"001963d347ce"=hex:fe,53,29,b7,eb,75,42,e4,30,16,4e,e3,45,81,4e,e6
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0013eff142ef]
"001e4503a562"=hex:14,1e,a4,db,4f,15,e8,c6,66,7b,9f,70,72,a7,a0,82
"001963d347ce"=hex:fe,53,29,b7,eb,75,42,e4,30,16,4e,e3,45,81,4e,e6

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


[b]Remaining Services [/b]:




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="D:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"D:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="D:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"D:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="D:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"D:\\Program Files\\Skype\\Phone\\Skype.exe"="D:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[b]Remaining Files [/b]:



[b]Files with Hidden Attributes [/b]:

Sun  1 Feb 2009       109,930 ..SHR --- "D:\a2h2.com"
Sat 31 Jan 2009       109,127 ..SHR --- "D:\hl80c6b1.com"
Thu 12 Feb 2009       108,067 ..SHR --- "D:\opgde.exe"
Sun 25 Jan 2009     9,934,392 A..H. --- "D:\Program Files\Google\Picasa3\setup.exe"

[b]Finished![/b]


dodam jeszcze combofixa

Kod: Zaznacz wszystko

ComboFix 09-02-12.02 - piotr 2009-02-12 20:45:39.7 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1250.1.1045.18.247.26 [GMT 1:00]
Uruchomiony z: d:\documents and settings\piotr\Pulpit\ComboFix.exe
* Utworzono nowy punkt przywracania
.

(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.

E:\autorun.inf
E:\pook.com
E:\uvsqfgwd.cmd
E:\xih9.cmd

.
(((((((((((((((((((((((((   Pliki utworzone od 2009-01-12 do 2009-02-12  )))))))))))))))))))))))))))))))
.

2009-02-12 20:18 . 2008-11-06 02:03   <DIR>   d--------   D:\SDFix
2009-02-12 18:34 . 2009-02-12 18:39   <DIR>   d--------   d:\program files\HDCleaner
2009-02-10 18:05 . 2009-02-12 11:22   108,067   -r-hs----   D:\opgde.exe
2009-02-03 22:47 . 2009-02-03 22:47   <DIR>   d--------   D:\tt
2009-02-01 20:26 . 2009-02-01 19:59   109,930   -r-hs----   D:\a2h2.com
2009-01-31 20:19 . 2009-01-31 20:19   <DIR>   d--------   d:\program files\Common Files\Skype
2009-01-30 18:41 . 2009-01-31 14:31   109,127   -r-hs----   D:\hl80c6b1.com
2009-01-25 19:18 . 2009-01-25 19:18   <DIR>   d--------   d:\windows\system32\IOSUBSYS
2009-01-25 10:34 . 2009-01-25 17:57   <DIR>   d--------   d:\documents and settings\piotr\Dane aplikacji\gtk-2.0
2009-01-25 10:32 . 2009-01-25 10:32   <DIR>   d--------   d:\documents and settings\piotr\.thumbnails
2009-01-25 10:31 . 2009-01-26 20:22   <DIR>   d--------   d:\documents and settings\piotr\.gimp-2.6
2009-01-25 10:31 . 2009-01-25 10:31   <DIR>   d--------   d:\documents and settings\piotr\.gegl-0.0
2009-01-25 10:29 . 2009-01-28 19:04   <DIR>   d--------   d:\program files\GIMP-2.0
2009-01-23 20:39 . 2009-01-23 20:39   0   --a------   d:\windows\mngui.INI
2009-01-23 20:33 . 2009-01-23 20:34   <DIR>   d--------   d:\documents and settings\piotr\Dane aplikacji\Teleca
2009-01-23 20:32 . 2009-01-23 20:32   <DIR>   d--------   d:\documents and settings\All Users\Documents
2009-01-23 20:31 . 2009-01-23 20:31   <DIR>   d--------   d:\program files\Sony Ericsson
2009-01-23 20:31 . 2009-01-23 20:32   <DIR>   d--------   d:\program files\Common Files\Teleca Shared
2009-01-23 20:31 . 2009-01-23 20:32   <DIR>   d--------   d:\documents and settings\All Users\Dane aplikacji\Teleca
2009-01-23 20:31 . 2009-01-23 20:32   <DIR>   d--------   d:\documents and settings\All Users\Dane aplikacji\Sony Ericsson
2009-01-23 20:21 . 2009-01-23 20:21   54,156   --ah-----   d:\windows\QTFont.qfn
2009-01-23 20:21 . 2009-01-23 20:21   1,409   --a------   d:\windows\QTFont.for
2009-01-22 22:13 . 2009-01-22 22:13   <DIR>   d--------   d:\program files\onOne Software
2009-01-22 21:45 . 2008-07-09 05:05   129,520   ---------   d:\windows\system32\pxafs.dll
2009-01-22 20:19 . 2009-01-22 21:07   <DIR>   d--------   d:\program files\Neat Image
2009-01-22 20:12 . 2009-01-22 21:10   <DIR>   d--------   d:\program files\Common Files\Adobe
2009-01-20 22:11 . 2009-01-21 11:52   <DIR>   d--------   d:\documents and settings\piotr\Dane aplikacji\Sony Corporation
2009-01-20 22:04 . 2006-07-28 09:30   236,824   --a------   d:\windows\system32\xactengine2_3.dll
2009-01-20 22:04 . 2006-07-28 09:30   62,744   --a------   d:\windows\system32\xinput1_2.dll
2009-01-20 22:03 . 2005-05-26 15:34   2,297,552   --a------   d:\windows\system32\d3dx9_26.dll
2009-01-20 21:29 . 2008-07-09 05:05   120,568   ---------   d:\windows\system32\PxCpyI64.exe
2009-01-20 21:29 . 2008-07-09 05:05   118,256   ---------   d:\windows\system32\PxInsI64.exe
2009-01-20 21:29 . 2006-08-28 21:48   2,560   --a------   d:\windows\system32\drivers\cdralw2k.sys
2009-01-20 21:29 . 2006-08-28 21:48   2,432   --a------   d:\windows\system32\drivers\cdr4_xp.sys
2009-01-20 21:23 . 2009-01-20 22:04   <DIR>   d--------   d:\program files\Sony
2009-01-20 21:22 . 2009-01-20 21:22   <DIR>   d--------   d:\documents and settings\piotr\Dane aplikacji\InstallShield
2009-01-18 19:47 . 2009-01-18 19:47   <DIR>   d--------   d:\documents and settings\piotr\Dane aplikacji\HEXelon
2009-01-13 23:04 . 2009-01-13 23:04   <DIR>   d--------   d:\documents and settings\piotr\WINDOWS
2009-01-13 23:03 . 2009-01-13 23:03   <DIR>   d--------   d:\program files\IPSPI
2009-01-12 18:54 . 2009-01-12 18:54   <DIR>   d--------   D:\32788R22FWJFW.0.tmp

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-12 19:38   ---------   d-----w   d:\program files\Google
2009-02-12 18:31   ---------   d-----w   d:\documents and settings\piotr\Dane aplikacji\Skype
2009-02-12 17:31   ---------   d-----w   d:\documents and settings\piotr\Dane aplikacji\skypePM
2009-02-12 10:23   ---------   d-----w   d:\program files\Przelewy
2009-01-31 19:19   ---------   d-----w   d:\documents and settings\All Users\Dane aplikacji\Skype
2009-01-31 19:19   ---------   d-----r   d:\program files\Skype
2009-01-25 11:35   634,681   ----a-w   D:\Archiwum.zip
2009-01-23 19:24   ---------   d-----w   d:\program files\Common Files\InstallShield
2009-01-22 21:13   ---------   d--h--w   d:\program files\InstallShield Installation Information
2009-01-22 20:08   ---------   d---a-w   d:\documents and settings\All Users\Dane aplikacji\TEMP
2009-01-11 21:49   ---------   d-----w   d:\documents and settings\piotr\Dane aplikacji\RaimaRadioPro
2009-01-11 21:47   ---------   d-----w   d:\program files\RarmaRadio
2009-01-05 22:33   3,751,995   ----a-w   d:\windows\system32\GPhotos.scr
2009-01-02 22:16   ---------   d-----w   d:\program files\Microsoft ActiveSync
2009-01-02 22:15   ---------   d-----w   d:\program files\Driver Sweeper
2009-01-02 22:15   ---------   d-----w   d:\program files\CeRegEditor
2009-01-02 22:14   ---------   d-----w   d:\program files\FORUM Emisje
2008-12-23 21:36   ---------   d-----w   d:\program files\priv
2008-12-23 21:26   ---------   d-----w   d:\program files\net
2008-12-23 21:25   25,058   ----a-w   d:\program files\unins000.dat
2008-12-23 21:25   ---------   d-----w   d:\program files\Dane
2008-12-23 21:25   ---------   d-----w   d:\program files\Common Files\Borland Shared
2008-12-21 11:50   410,984   ----a-w   d:\windows\system32\deploytk.dll
2008-12-21 11:49   ---------   d-----w   d:\program files\Java
2008-12-20 20:32   ---------   d-----w   d:\program files\Trend Micro
2008-12-19 20:35   ---------   d-----w   d:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files
2008-12-19 12:02   697,353   ----a-w   d:\windows\unins000.exe
2008-12-18 21:00   ---------   d-----w   d:\program files\Common Files\Real
2008-12-15 19:20   ---------   d-----w   d:\program files\Common Files\snpstd
2008-12-14 10:45   ---------   d-----w   d:\program files\Realtek AC97
2008-12-13 21:06   ---------   d-----w   d:\program files\directx
2008-12-13 17:48   ---------   d-----w   d:\program files\ffdshow
2008-12-13 17:36   ---------   d-----w   d:\program files\NAPI-PROJEKT
2008-12-13 17:23   ---------   d-----w   d:\documents and settings\piotr\Dane aplikacji\vlc
2008-12-13 17:21   ---------   d-----w   d:\program files\VideoLAN
2008-12-13 17:17   ---------   d-----w   d:\program files\ALLPlayer
2008-12-13 17:01   ---------   d-----w   d:\program files\Windows Media Connect 2
2008-12-13 16:24   ---------   d-----w   d:\documents and settings\All Users\Dane aplikacji\Office Genuine Advantage
2008-12-08 11:53   57,344   ----a-w   d:\windows\system32\ff_vfw.dll
2008-06-24 13:58   238,858   ----a-w   d:\program files\Pomoc.chm
2008-06-13 04:27   3,533,824   ----a-w   d:\program files\Srodowisko2008.exe
2005-04-26 21:50   40,960   ----a-w   d:\program files\SessionCleanup.exe
2004-02-11 04:00   77,770   ----a-w   d:\program files\unins000.exe
2001-01-08 16:24   34,816   ----a-w   d:\program files\AddAlias.exe
.

(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane 
REGEDIT4

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

[HKLM\~\startupfolder\D:^Documents and Settings^piotr^Menu Start^Programy^Autostart^Picture Motion Browser Media Check Tool.lnk]
path=d:\documents and settings\piotr\Menu Start\Programy\Autostart\Picture Motion Browser Media Check Tool.lnk
backup=d:\windows\pss\Picture Motion Browser Media Check Tool.lnkStartup

[HKLM\~\startupfolder\D:^Documents and Settings^piotr^Menu Start^Programy^Autostart^Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk]
path=d:\documents and settings\piotr\Menu Start\Programy\Autostart\Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk
backup=d:\windows\pss\Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HEXelon MAX]
c:\program files\WinRar_3.80_PL_up_by_muciek_\WinRar_3.80_PL_up_by_muciek [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ALLUpdate]
--a------ 2008-11-24 20:44 869888 d:\program files\ALLPlayer\ALLUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 13:00 15360 d:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
--a----t- 2008-12-13 17:52 133104 d:\documents and settings\piotr\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2006-10-27 00:47 31016 d:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
-ra------ 2003-12-14 17:07 118784 d:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
-ra------ 2003-12-14 17:20 155648 d:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-09-25 10:56 25565992 d:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd]
--a------ 2005-10-11 13:54 339968 d:\windows\vsnpstd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
-ra------ 2005-10-26 16:17 159744 d:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-12-21 12:50 136600 d:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
-ra------ 2003-11-19 08:41 88363 d:\windows\AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
--a------ 2004-08-04 13:00 110592 d:\windows\system32\bthprops.cpl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2007-04-16 15:28 577536 d:\windows\soundman.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Super G Wireless Service"=2 (0x2)
"odserv"=3 (0x3)
"Microsoft Office Groove Audit Service"=3 (0x3)
"ose"=3 (0x3)
"WMPNetworkSvc"=3 (0x3)
"sdCoreService"=3 (0x3)
"sdAuxService"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)
"AVP"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"d:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"d:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"d:\\Program Files\\Skype\\Phone\\Skype.exe"=

S3 AVPsys;AVPsys;d:\windows\system32\drivers\cdaudio.sys [2008-12-19 18688]
S4 Super G Wireless Service;Wireless LAN Card;d:\program files\Wireless 11bg Netowrk Utility\WLService.exe [2008-12-10 49152]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f0e85f40-e982-11dd-8ae9-0040d0712ba7}]
\Shell\AutoRun\command - I:\uvsqfgwd.cmd
\Shell\open\Command - I:\uvsqfgwd.cmd
.
Zawartość folderu 'Zaplanowane zadania'

2009-02-12 d:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-329068152-688789844-1957994488-1004.job
- d:\documents and settings\piotr\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2008-12-13 17:52]
.
.
------- Skan uzupełniający -------
.
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - d:\windows\system32\GPhotos.scr/200
IE: E&ksportuj do programu Microsoft Excel - d:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {C3F3AE54-81AF-4616-99F7-1D2F92A9E26E} = 208.67.222.222,208.67.220.220
FF - ProfilePath - d:\documents and settings\piotr\Dane aplikacji\Mozilla\Firefox\Profiles\824e09c5.default\
FF - plugin: d:\documents and settings\piotr\Ustawienia lokalne\Dane aplikacji\Google\Update\1.2.133.33\npGoogleOneClick7.dll
FF - plugin: d:\program files\Google\Picasa3\npPicasa3.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-12 20:47:08
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

skanowanie ukrytych procesów ... 

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ... 

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
Czas ukończenia: 2009-02-12 20:48:28
ComboFix-quarantined-files.txt  2009-02-12 19:48:23
ComboFix2.txt  2009-02-12 11:18:26

Przed: 22 244 495 360 bajtów wolnych
Po: 22,237,540,352 bajtów wolnych

196

[wojtas]

Wylecz pendriva lub kartę pamięci
Perlovga Removal Tool
Flash Disinfector
lub format


Otworz notatnik i wklej w nim to:

File::
D:\opgde.exe
D:\a2h2.com
D:\hl80c6b1.com
c:\opgde.exe
c:\a2h2.com
c:\hl80c6b1.com
e:\opgde.exe
e:\a2h2.com
e:\hl80c6b1.com

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f0e85f40-e982-11dd-8ae9-0040d0712ba7}]

>>Plik>>Zapisz jako... >>> CFScript
Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe
-->
Ma się rozpocząć usuwanie. (i powstanie log).Daj ten log, który powstanie w trakcie usuwania.

[peblo]

sory że wczoraj nie mogłem dać loga podam teraz po combofixie

Kod: Zaznacz wszystko

ComboFix 09-02-12.02 - piotr 2009-02-13 22:16:55.8 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1250.1.1045.18.247.30 [GMT 1:00]
Uruchomiony z: d:\documents and settings\piotr\Pulpit\ComboFix.exe
Użyto następujących komend :: d:\documents and settings\piotr\Pulpit\CFScript.txt
* Utworzono nowy punkt przywracania

FILE ::
c:\a2h2.com
c:\hl80c6b1.com
c:\opgde.exe
D:\a2h2.com
D:\hl80c6b1.com
D:\opgde.exe
e:\a2h2.com
e:\hl80c6b1.com
e:\opgde.exe
.

(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\a2h2.com
c:\hl80c6b1.com
c:\opgde.exe
D:\a2h2.com
D:\hl80c6b1.com
D:\opgde.exe
e:\a2h2.com
e:\hl80c6b1.com
e:\opgde.exe

.
(((((((((((((((((((((((((   Pliki utworzone od 2009-01-13 do 2009-02-13  )))))))))))))))))))))))))))))))
.

2009-02-12 20:18 . 2008-11-06 02:03   <DIR>   d--------   D:\SDFix
2009-01-31 20:19 . 2009-01-31 20:19   <DIR>   d--------   d:\program files\Common Files\Skype
2009-01-25 19:18 . 2009-01-25 19:18   <DIR>   d--------   d:\windows\system32\IOSUBSYS
2009-01-25 10:34 . 2009-02-13 20:41   <DIR>   d--------   d:\documents and settings\piotr\Dane aplikacji\gtk-2.0
2009-01-25 10:32 . 2009-01-25 10:32   <DIR>   d--------   d:\documents and settings\piotr\.thumbnails
2009-01-25 10:31 . 2009-02-13 20:49   <DIR>   d--------   d:\documents and settings\piotr\.gimp-2.6
2009-01-25 10:31 . 2009-01-25 10:31   <DIR>   d--------   d:\documents and settings\piotr\.gegl-0.0
2009-01-25 10:29 . 2009-02-13 20:34   <DIR>   d--------   d:\program files\GIMP-2.0
2009-01-23 20:39 . 2009-01-23 20:39   0   --a------   d:\windows\mngui.INI
2009-01-23 20:33 . 2009-01-23 20:34   <DIR>   d--------   d:\documents and settings\piotr\Dane aplikacji\Teleca
2009-01-23 20:31 . 2009-02-12 21:04   <DIR>   d--------   d:\program files\Common Files\Teleca Shared
2009-01-23 20:21 . 2009-01-23 20:21   54,156   --ah-----   d:\windows\QTFont.qfn
2009-01-23 20:21 . 2009-01-23 20:21   1,409   --a------   d:\windows\QTFont.for
2009-01-22 21:45 . 2008-07-09 05:05   129,520   ---------   d:\windows\system32\pxafs.dll
2009-01-22 20:19 . 2009-01-22 21:07   <DIR>   d--------   d:\program files\Neat Image
2009-01-22 20:12 . 2009-01-22 21:10   <DIR>   d--------   d:\program files\Common Files\Adobe
2009-01-20 22:11 . 2009-01-21 11:52   <DIR>   d--------   d:\documents and settings\piotr\Dane aplikacji\Sony Corporation
2009-01-20 22:04 . 2006-07-28 09:30   236,824   --a------   d:\windows\system32\xactengine2_3.dll
2009-01-20 22:04 . 2006-07-28 09:30   62,744   --a------   d:\windows\system32\xinput1_2.dll
2009-01-20 22:03 . 2005-05-26 15:34   2,297,552   --a------   d:\windows\system32\d3dx9_26.dll
2009-01-20 21:29 . 2008-07-09 05:05   120,568   ---------   d:\windows\system32\PxCpyI64.exe
2009-01-20 21:29 . 2008-07-09 05:05   118,256   ---------   d:\windows\system32\PxInsI64.exe
2009-01-20 21:29 . 2006-08-28 21:48   2,560   --a------   d:\windows\system32\drivers\cdralw2k.sys
2009-01-20 21:29 . 2006-08-28 21:48   2,432   --a------   d:\windows\system32\drivers\cdr4_xp.sys
2009-01-20 21:23 . 2009-01-20 22:04   <DIR>   d--------   d:\program files\Sony
2009-01-20 21:22 . 2009-01-20 21:22   <DIR>   d--------   d:\documents and settings\piotr\Dane aplikacji\InstallShield
2009-01-18 19:47 . 2009-01-18 19:47   <DIR>   d--------   d:\documents and settings\piotr\Dane aplikacji\HEXelon
2009-01-13 23:04 . 2009-01-13 23:04   <DIR>   d--------   d:\documents and settings\piotr\WINDOWS
2009-01-13 23:03 . 2009-01-13 23:03   <DIR>   d--------   d:\program files\IPSPI

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-13 10:27   ---------   d-----w   d:\program files\Przelewy
2009-02-13 10:26   ---------   d-----w   d:\program files\Google
2009-02-12 20:02   ---------   d--h--w   d:\program files\InstallShield Installation Information
2009-02-12 18:31   ---------   d-----w   d:\documents and settings\piotr\Dane aplikacji\Skype
2009-02-12 17:31   ---------   d-----w   d:\documents and settings\piotr\Dane aplikacji\skypePM
2009-01-31 19:19   ---------   d-----w   d:\documents and settings\All Users\Dane aplikacji\Skype
2009-01-31 19:19   ---------   d-----r   d:\program files\Skype
2009-01-25 11:35   634,681   ----a-w   D:\Archiwum.zip
2009-01-23 19:24   ---------   d-----w   d:\program files\Common Files\InstallShield
2009-01-22 20:08   ---------   d---a-w   d:\documents and settings\All Users\Dane aplikacji\TEMP
2009-01-11 21:49   ---------   d-----w   d:\documents and settings\piotr\Dane aplikacji\RaimaRadioPro
2009-01-11 21:47   ---------   d-----w   d:\program files\RarmaRadio
2009-01-05 22:33   3,751,995   ----a-w   d:\windows\system32\GPhotos.scr
2009-01-02 22:16   ---------   d-----w   d:\program files\Microsoft ActiveSync
2009-01-02 22:15   ---------   d-----w   d:\program files\Driver Sweeper
2009-01-02 22:15   ---------   d-----w   d:\program files\CeRegEditor
2009-01-02 22:14   ---------   d-----w   d:\program files\FORUM Emisje
2008-12-23 21:36   ---------   d-----w   d:\program files\priv
2008-12-23 21:26   ---------   d-----w   d:\program files\net
2008-12-23 21:25   25,058   ----a-w   d:\program files\unins000.dat
2008-12-23 21:25   ---------   d-----w   d:\program files\Dane
2008-12-23 21:25   ---------   d-----w   d:\program files\Common Files\Borland Shared
2008-12-21 11:50   410,984   ----a-w   d:\windows\system32\deploytk.dll
2008-12-21 11:49   ---------   d-----w   d:\program files\Java
2008-12-20 20:32   ---------   d-----w   d:\program files\Trend Micro
2008-12-19 20:35   ---------   d-----w   d:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files
2008-12-19 12:02   697,353   ----a-w   d:\windows\unins000.exe
2008-12-18 21:00   ---------   d-----w   d:\program files\Common Files\Real
2008-12-15 19:20   ---------   d-----w   d:\program files\Common Files\snpstd
2008-12-14 10:45   ---------   d-----w   d:\program files\Realtek AC97
2008-12-13 21:06   ---------   d-----w   d:\program files\directx
2008-12-13 17:48   ---------   d-----w   d:\program files\ffdshow
2008-12-13 17:36   ---------   d-----w   d:\program files\NAPI-PROJEKT
2008-12-13 17:23   ---------   d-----w   d:\documents and settings\piotr\Dane aplikacji\vlc
2008-12-13 17:21   ---------   d-----w   d:\program files\VideoLAN
2008-12-13 17:17   ---------   d-----w   d:\program files\ALLPlayer
2008-12-13 17:01   ---------   d-----w   d:\program files\Windows Media Connect 2
2008-12-13 16:24   ---------   d-----w   d:\documents and settings\All Users\Dane aplikacji\Office Genuine Advantage
2008-12-08 11:53   57,344   ----a-w   d:\windows\system32\ff_vfw.dll
2008-06-24 13:58   238,858   ----a-w   d:\program files\Pomoc.chm
2008-06-13 04:27   3,533,824   ----a-w   d:\program files\Srodowisko2008.exe
2005-04-26 21:50   40,960   ----a-w   d:\program files\SessionCleanup.exe
2004-02-11 04:00   77,770   ----a-w   d:\program files\unins000.exe
2001-01-08 16:24   34,816   ----a-w   d:\program files\AddAlias.exe
.

(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane 
REGEDIT4

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

[HKLM\~\startupfolder\D:^Documents and Settings^piotr^Menu Start^Programy^Autostart^Picture Motion Browser Media Check Tool.lnk]
path=d:\documents and settings\piotr\Menu Start\Programy\Autostart\Picture Motion Browser Media Check Tool.lnk
backup=d:\windows\pss\Picture Motion Browser Media Check Tool.lnkStartup

[HKLM\~\startupfolder\D:^Documents and Settings^piotr^Menu Start^Programy^Autostart^Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk]
path=d:\documents and settings\piotr\Menu Start\Programy\Autostart\Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk
backup=d:\windows\pss\Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HEXelon MAX]
c:\program files\WinRar_3.80_PL_up_by_muciek_\WinRar_3.80_PL_up_by_muciek [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ALLUpdate]
--a------ 2008-11-24 20:44 869888 d:\program files\ALLPlayer\ALLUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 13:00 15360 d:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
--a----t- 2008-12-13 17:52 133104 d:\documents and settings\piotr\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2006-10-27 00:47 31016 d:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
-ra------ 2003-12-14 17:07 118784 d:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
-ra------ 2003-12-14 17:20 155648 d:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-09-25 10:56 25565992 d:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd]
--a------ 2005-10-11 13:54 339968 d:\windows\vsnpstd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-12-21 12:50 136600 d:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
-ra------ 2003-11-19 08:41 88363 d:\windows\AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
--a------ 2004-08-04 13:00 110592 d:\windows\system32\bthprops.cpl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2007-04-16 15:28 577536 d:\windows\soundman.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Super G Wireless Service"=2 (0x2)
"odserv"=3 (0x3)
"Microsoft Office Groove Audit Service"=3 (0x3)
"ose"=3 (0x3)
"WMPNetworkSvc"=3 (0x3)
"sdCoreService"=3 (0x3)
"sdAuxService"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)
"AVP"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"d:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"d:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"d:\\Program Files\\Skype\\Phone\\Skype.exe"=

S3 AVPsys;AVPsys;d:\windows\system32\drivers\cdaudio.sys [2008-12-19 18688]
S4 Super G Wireless Service;Wireless LAN Card;d:\program files\Wireless 11bg Netowrk Utility\WLService.exe [2008-12-10 49152]
.
Zawartość folderu 'Zaplanowane zadania'

2009-02-13 d:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-329068152-688789844-1957994488-1004.job
- d:\documents and settings\piotr\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2008-12-13 17:52]
.
- - - - USUNIĘTO PUSTE WPISY - - - -

MSConfigStartUp-Sony Ericsson PC Suite - d:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe


.
------- Skan uzupełniający -------
.
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - d:\windows\system32\GPhotos.scr/200
IE: E&ksportuj do programu Microsoft Excel - d:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {C3F3AE54-81AF-4616-99F7-1D2F92A9E26E} = 208.67.222.222,208.67.220.220
FF - ProfilePath - d:\documents and settings\piotr\Dane aplikacji\Mozilla\Firefox\Profiles\824e09c5.default\
FF - plugin: d:\documents and settings\piotr\Ustawienia lokalne\Dane aplikacji\Google\Update\1.2.133.33\npGoogleOneClick7.dll
FF - plugin: d:\program files\Google\Picasa3\npPicasa3.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-13 22:18:19
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

skanowanie ukrytych procesów ... 

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ... 

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
Czas ukończenia: 2009-02-13 22:19:33
ComboFix-quarantined-files.txt  2009-02-13 21:19:26
ComboFix2.txt  2009-02-12 19:48:29

Przed: 22 187 376 640 bajtów wolnych
Po: 22,190,292,992 bajtów wolnych

198



[wojtas]

1. Ściągnij OTMoveIt i go włacz i odpal go z opcji CleanUp oraz skasuj folder C:\Qoobox
2. wykonaj optymalizację windowsa
3.sciagnij ATF_Cleaner
zaznacz
Windows Temp
All users Temp
Temporary internet files
Recycle Bin
i wcisnij EMPTY SELECTED
4.Wyłącz przywracanie systemu ( właściwości mój komputer-zakładka przywracanie - wyłącz przywracanie na wszystkich dyskach). Po chwili włącz je powrotem
5. Wykonaj skan Dr. Web CureIt
6. Przeskanuj obszar mojego komputera http://www.kaspersky.pl/virusscanner.html (uruchom przez IE) Daj raport z niego na forum.

i tym:

FixIEDef.