Dziwny wirus

[dresik]

witam!!
od pewnego czasu nod pokazuje mi takie cos


o to logi

Kod: Zaznacz wszystko

Logfile of HijackThis v1.99.1
Scan saved at 14:11:32, on 2008-11-10
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\Explorer.EXE
F:\Program Files\ESET\ESET Smart Security\egui.exe
F:\WINDOWS\system32\LVCOMSX.EXE
F:\WINDOWS\system\CMGxMon.exe
F:\WINDOWS\system32\RUNDLL32.EXE
F:\Program Files\Analog Devices\Core\smax4pnp.exe
F:\Program Files\Logitech\Video\LogiTray.exe
F:\WINDOWS\system32\ctfmon.exe
F:\Program Files\Logitech\Video\FxSvr2.exe
F:\Program Files\Logitech\SetPoint\SetPoint.exe
F:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
F:\Program Files\Bonjour\mDNSResponder.exe
F:\Program Files\ESET\ESET Smart Security\ekrn.exe
F:\WINDOWS\system32\nvsvc32.exe
F:\WINDOWS\system32\PnkBstrA.exe
F:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
F:\WINDOWS\system32\svchost.exe
F:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
F:\WINDOWS\system32\wscntfy.exe
F:\Program Files\Internet Download Manager\IEMonitor.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\Google\Gmail Notifier\gnotify.exe
F:\Program Files\Gadu-Gadu\gg.exe
F:\Program Files\Mozilla Firefox\firefox.exe
F:\Program Files\Internet Download Manager\IDMan.exe
F:\Program Files\Winamp\winamp.exe
H:\PROGRAMY\Nowy folder\instalacja\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://pl.youtube.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - F:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - F:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - F:\Program Files\FlashGet\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - F:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [egui] "F:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [LVCOMSX] F:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] F:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Cmaudio8788GX] F:\WINDOWS\system\CMGxMon.exe Envoke
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMAXPnP] F:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMax] "F:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [LogitechVideoTray] F:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] F:\Program Files\Logitech\Video\ISStart.exe
O4 - HKCU\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] F:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - Global Startup: Logitech SetPoint.lnk = F:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Ściągnij przy pomocy FlashGet'a - F:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Ściągnij wszystko przy pomocy FlashGet'a - F:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://F:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Ściągnij przez IDM - F:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Ściągnij wszystkie linki przez IDM - F:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Ściągnij zawartość wideo FLV przez IDM - F:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - F:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - F:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - F:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: f:\program files\bonjour\mdnsnsp.dll
O10 - Unknown file in Winsock LSP: f:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: f:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: f:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: f:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: f:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: f:\windows\system32\idmmbc.dll
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1206390783171
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - F:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: LBTWlgn - f:\program files\common files\logitech\bluetooth\LBTWlgn.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - F:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - F:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - F:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - F:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - F:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - F:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - F:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - F:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - F:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - F:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - F:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe



Kod: Zaznacz wszystko

ComboFix 08-11-09.04 - doemk 2008-11-10 14:16:20.8 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1250.1.1045.18.1391 [GMT 1:00]
Uruchomiony z: f:\documents and settings\doemk\Pulpit\ComboFix.exe
* Utworzono nowy punkt przywracania
* Resident AV is active

.

(((((((((((((((((((((((((   Pliki utworzone od 2008-10-10 do 2008-11-10  )))))))))))))))))))))))))))))))
.

2008-11-09 23:11 . 2008-11-09 23:11   <DIR>   d--------   f:\documents and settings\doemk\Dane aplikacji\DivX
2008-11-09 22:42 . 2008-09-19 22:57   120,056   ---------   f:\windows\system32\pxcpyi64.exe
2008-11-09 22:42 . 2008-09-19 22:57   118,520   ---------   f:\windows\system32\pxinsi64.exe
2008-11-09 18:46 . 2008-11-09 18:46   <DIR>   d--------   f:\documents and settings\doemk\Dane aplikacji\CyberLink
2008-11-09 09:54 . 2008-11-09 09:54   <DIR>   d--------   f:\program files\Internet Download Manager
2008-11-09 09:54 . 2008-11-09 15:02   <DIR>   d--------   f:\documents and settings\doemk\Dane aplikacji\IDM
2008-11-06 11:38 . 2008-11-06 11:38   <DIR>   d--------   f:\program files\MSECache
2008-11-06 11:26 . 2008-11-06 11:26   <DIR>   d--------   f:\windows\ShellNew
2008-11-03 22:44 . 2008-11-03 22:44   <DIR>   d--------   f:\program files\Skype
2008-11-03 22:44 . 2008-11-03 22:44   <DIR>   d--------   f:\program files\Common Files\Skype
2008-11-03 22:44 . 2008-11-03 23:58   <DIR>   d--------   f:\documents and settings\doemk\Dane aplikacji\Skype
2008-11-02 18:03 . 2008-11-02 18:03   <DIR>   d--------   f:\program files\CyberLink
2008-11-02 14:06 . 2008-11-02 14:06   <DIR>   d--------   f:\program files\SubEdit-Player
2008-10-30 17:19 . 2008-10-30 17:19   <DIR>   d--------   f:\program files\LizardTech
2008-10-28 23:36 . 2008-10-28 23:36   823,296   --a------   f:\windows\system32\divx_xx0c.dll
2008-10-28 23:36 . 2008-10-28 23:36   823,296   --a------   f:\windows\system32\divx_xx07.dll
2008-10-28 23:35 . 2008-10-28 23:35   815,104   --a------   f:\windows\system32\divx_xx0a.dll
2008-10-28 23:35 . 2008-10-28 23:35   802,816   --a------   f:\windows\system32\divx_xx11.dll
2008-10-28 23:35 . 2008-10-28 23:35   729,088   --a------   f:\windows\system32\divxdec.ax
2008-10-28 23:35 . 2008-10-28 23:35   684,032   --a------   f:\windows\system32\DivX.dll
2008-10-20 22:07 . 2008-10-20 22:07   <DIR>   d--------   f:\documents and settings\All Users\Dane aplikacji\KONAMI
2008-10-20 13:58 . 2008-10-20 13:58   <DIR>   d--------   f:\windows\system32\xlive
2008-10-20 13:40 . 2008-10-20 14:12   <DIR>   d--------   f:\documents and settings\doemk\Dane aplikacji\Microsoft Games
2008-10-12 17:49 . 2008-10-12 17:50   <DIR>   d--------   f:\program files\AltoMP3 Gold
2008-10-12 17:16 . 2008-10-12 17:16   <DIR>   d--------   f:\program files\Valve
2008-10-11 19:40 . 2008-10-11 19:40   <DIR>   d--------   f:\program files\Ventrilo

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-10 13:11   ---------   d-----w   f:\documents and settings\doemk\Dane aplikacji\DMCache
2008-11-09 21:42   ---------   d-----w   f:\program files\DivX
2008-11-09 09:01   ---------   d-----w   f:\documents and settings\doemk\Dane aplikacji\Xfire
2008-11-09 08:59   ---------   d-----w   f:\program files\FlashGet
2008-11-06 10:24   ---------   d-----w   f:\program files\microsoft frontpage
2008-11-06 10:21   ---------   d-----w   f:\documents and settings\All Users\Dane aplikacji\Microsoft Help
2008-11-03 21:55   ---------   d-----w   f:\documents and settings\doemk\Dane aplikacji\skypePM
2008-11-03 21:44   ---------   d-----w   f:\documents and settings\All Users\Dane aplikacji\Skype
2008-11-02 20:26   ---------   d-----w   f:\documents and settings\doemk\Dane aplikacji\uTorrent
2008-11-02 17:03   ---------   d--h--w   f:\program files\InstallShield Installation Information
2008-11-01 22:45   ---------   d---a-w   f:\documents and settings\All Users\Dane aplikacji\TEMP
2008-10-30 15:17   ---------   d-----w   f:\documents and settings\doemk\Dane aplikacji\MyPhoneExplorer
2008-10-27 15:52   ---------   d-----w   f:\program files\Common Files\Wise Installation Wizard
2008-10-27 15:52   ---------   d-----w   f:\program files\AGEIA Technologies
2008-10-26 22:03   ---------   d-----w   f:\program files\SystemRequirementsLab
2008-10-16 10:35   66,872   ----a-w   f:\windows\system32\PnkBstrA.exe
2008-10-13 09:28   ---------   d-----w   f:\documents and settings\doemk\Dane aplikacji\mIRC
2008-10-04 17:11   ---------   d-----w   f:\program files\WinFast
2008-10-02 19:47   ---------   d-----w   f:\documents and settings\doemk\Dane aplikacji\Leadertech
2008-10-02 19:37   107,888   ----a-w   f:\windows\system32\CmdLineExt.dll
2008-09-26 22:01   ---------   d-----w   f:\documents and settings\doemk\Dane aplikacji\Hamachi
2008-09-26 21:46   25,280   ----a-w   f:\windows\system32\drivers\hamachi.sys
2008-09-25 08:03   81,920   ----a-w   f:\windows\system32\dpl100.dll
2008-09-25 08:03   593,920   ----a-w   f:\windows\system32\dpuGUI11.dll
2008-09-25 08:03   57,344   ----a-w   f:\windows\system32\dpv11.dll
2008-09-25 08:03   53,248   ----a-w   f:\windows\system32\dpuGUI10.dll
2008-09-25 08:03   524,288   ----a-w   f:\windows\system32\DivXsm.exe
2008-09-25 08:03   344,064   ----a-w   f:\windows\system32\dpus11.dll
2008-09-25 08:03   294,912   ----a-w   f:\windows\system32\dpu11.dll
2008-09-25 08:03   294,912   ----a-w   f:\windows\system32\dpu10.dll
2008-09-25 08:03   196,608   ----a-w   f:\windows\system32\dtu100.dll
2008-09-25 08:03   161,096   ----a-w   f:\windows\system32\DivXCodecVersionChecker.exe
2008-09-23 20:54   ---------   d-----w   f:\documents and settings\LocalService\Dane aplikacji\Xfire
2008-09-23 11:16   ---------   d-----w   f:\program files\Xfire
2008-09-20 15:02   ---------   d-----w   f:\program files\Gadu-Gadu
2008-09-20 12:08   ---------   d-----w   f:\program files\Panda Security
2008-09-19 21:57   3,596,288   ----a-w   f:\windows\system32\qt-dx331.dll
2008-09-19 21:57   129,784   ------w   f:\windows\system32\pxafs.dll
2008-09-19 21:55   200,704   ----a-w   f:\windows\system32\ssldivx.dll
2008-09-19 21:55   1,044,480   ----a-w   f:\windows\system32\libdivx.dll
2008-09-19 21:54   12,288   ----a-w   f:\windows\system32\DivXWMPExtType.dll
2008-09-19 13:04   ---------   d-----w   f:\program files\Analog Devices
2008-09-18 00:40   42,320   ----a-w   f:\windows\system32\xfcodec.dll
2008-09-16 13:27   ---------   d-----w   f:\program files\NAPI-PROJEKT
2008-09-14 13:24   107,832   ----a-w   f:\windows\system32\PnkBstrB.exe
2008-09-10 19:26   ---------   d-----w   f:\program files\ASUS Xonar DX Audio
2008-09-10 19:24   ---------   d-----w   f:\program files\ASUS
2008-08-12 15:31   21,840   ----atw   f:\windows\system32\SIntfNT.dll
2008-08-12 15:31   17,212   ----atw   f:\windows\system32\SIntf32.dll
2008-08-12 15:31   12,067   ----atw   f:\windows\system32\SIntf16.dll
2008-08-12 15:24   2,829   ----a-w   f:\windows\DIIUnin.pif
2008-08-12 15:24   106,496   ----a-w   f:\windows\DIIUnin.exe
2008-05-05 15:57   22,328   ----a-w   f:\documents and settings\doemk\Dane aplikacji\PnkBstrK.sys
.

------- Sigcheck -------

2004-08-03 22:14  359040  9f4b36614a0fc234525ba224957de55c   f:\windows\system32\dllcache\tcpip.sys
2004-08-03 22:14  359040  6a603809f598332dbedd535bdbce313e   f:\windows\system32\drivers\tcpip.sys
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="f:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"IDMan"="f:\program files\Internet Download Manager\IDMan.exe" [2008-02-06 2586032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="f:\program files\ESET\ESET Smart Security\egui.exe" [2008-02-20 1443072]
"LVCOMSX"="f:\windows\system32\LVCOMSX.EXE" [2005-01-19 221184]
"NeroFilterCheck"="f:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Cmaudio8788GX"="f:\windows\system\CMGxMon.exe" [2007-12-19 20480]
"NvCplDaemon"="f:\windows\system32\NvCpl.dll" [2007-11-13 8523776]
"NvMediaCenter"="f:\windows\system32\NvMcTray.dll" [2007-11-13 81920]
"SoundMAXPnP"="f:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"LogitechVideoTray"="f:\program files\Logitech\Video\LogiTray.exe" [2005-01-19 217088]
"LogitechVideoRepair"="f:\program files\Logitech\Video\ISStart.exe" [2005-01-19 458752]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 f:\windows\KHALMNPR.Exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 f:\windows\KHALMNPR.Exe]
"nwiz"="nwiz.exe" [2007-11-13 f:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="f:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

f:\documents and settings\All Users\Menu Start\Programy\Autostart\
Logitech SetPoint.lnk - f:\program files\Logitech\SetPoint\SetPoint.exe [2008-08-10 805392]
Microsoft Office.lnk - f:\program files\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 01:42 72208 f:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\F:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk]
path=f:\documents and settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk
backup=f:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\F:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Synchronizer.lnk]
path=f:\documents and settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Synchronizer.lnk
backup=f:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\F:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Logitech Desktop Messenger.lnk]
path=f:\documents and settings\All Users\Menu Start\Programy\Autostart\Logitech Desktop Messenger.lnk
backup=f:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\F:^Documents and Settings^All Users^Menu Start^Programy^Autostart^LUMIX Simple Viewer.lnk]
path=f:\documents and settings\All Users\Menu Start\Programy\Autostart\LUMIX Simple Viewer.lnk
backup=f:\windows\pss\LUMIX Simple Viewer.lnkCommon Startup

[HKLM\~\startupfolder\F:^Documents and Settings^doemk^Menu Start^Programy^Autostart^HDDlife.lnk]
path=f:\documents and settings\doemk\Menu Start\Programy\Autostart\HDDlife.lnk
backup=f:\windows\pss\HDDlife.lnkStartup

[HKLM\~\startupfolder\F:^Documents and Settings^doemk^Menu Start^Programy^Autostart^YouTube Uploader.lnk]
path=f:\documents and settings\doemk\Menu Start\Programy\Autostart\YouTube Uploader.lnk
backup=f:\windows\pss\YouTube Uploader.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
--a----t- 2008-06-10 11:25 51184 f:\documents and settings\doemk\Ustawienia lokalne\Dane aplikacji\Google\Update\1.1.25.0\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-09-01 14:57 282624 f:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
-ra------ 2005-10-26 17:17 159744 f:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2008-10-08 13:01 1410296 g:\steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 04:25 144784 f:\program files\Java\jre1.6.0_05\bin\jusched.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"f:\\Program Files\\FlashGet\\flashget.exe"=
"f:\\Program Files\\uTorrent\\uTorrent.exe"=
"g:\\gers of war\\Binaries\\WarGame-G4WLive.exe"=
"g:\\PES2009\\pes2009.exe"=
"f:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 mv61xx;mv61xx;f:\windows\system32\DRIVERS\mv61xx.sys [2007-06-15 143256]
R0 nvgts;nvgts;f:\windows\system32\DRIVERS\nvgts.sys [2007-08-09 102400]
R0 pavboot;pavboot;f:\windows\system32\drivers\pavboot.sys [2008-06-19 28544]
S2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);f:\windows\system32\Drivers\e4ldr.sys [ ]
S2 NOD32FiXTemDono;Eset Nod32 Boot;f:\windows\system32\regedt32.exe [2001-10-26 3584]
S3 cmudaxp;ASUS Xonar DX Audio Interface;f:\windows\system32\drivers\cmudaxp.sys [2008-01-14 1867840]
S3 e4usbaw;USB ADSL2 WAN Adapter;f:\windows\system32\DRIVERS\e4usbaw.sys [ ]
S3 WFIOCTL;WFIOCTL;f:\program files\WinFast\WFDTV\WFIOCTL.SYS [ ]
.
Zawartość folderu 'Zaplanowane zadania'

2008-09-26 f:\windows\Tasks\AppleSoftwareUpdate.job
- f:\program files\Apple Software Update\SoftwareUpdate.exe [2006-08-29 13:21]
.
- - - - USUNIĘTO PUSTE WPISY - - - -

MSConfigStartUp-WinFast Schedule - f:\program files\WinFast\WFDTV\WFWIZ.exe
MSConfigStartUp-WinFastDTV - f:\program files\WinFast\WFDTV\DTVSchdl.exe


.
------- Skan uzupełniający -------
.
FireFox -: Profile - f:\documents and settings\doemk\Dane aplikacji\Mozilla\Firefox\Profiles\vbugcpy3.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.interia.pl/
FF -: plugin - f:\program files\Mozilla Firefox\plugins\npdjvu.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-10 14:17:22
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
Czas ukończenia: 2008-11-10 14:17:44
ComboFix-quarantined-files.txt  2008-11-10 13:17:42

Przed: 5 761 175 552 bajtów wolnych
Po: 5,954,215,936 bajtów wolnych

WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(1)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(1)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

211


przeskanowalem panda i kasperskim przez internet i nic nie wykrylo czyzby nod sie pomylil??

[wojtas]

1. Ściągnij OTMoveIt i go włacz i odpal go z opcji CleanUp
2. wykonaj optymalizację windowsa
3.sciagnij ATF_Cleaner
zaznacz
Windows Temp
All users Temp
Temporary internet files
Recycle Bin
i wcisnij EMPTY SELECTED
4.Wyłącz przywracanie systemu ( właściwości mój komputer-zakładka przywracanie - wyłącz przywracanie na wszystkich dyskach). Po chwili włącz je powrotem
5.Przeskanuj obszar mojego komputera http://www.kaspersky.pl/virusscanner.html (uruchom przez IE) Daj raport z niego na forum.

i tym:

FixIEDef.

[dresik]

Kod: Zaznacz wszystko

********************************************************************************
*                                                                              *
*                                 FixIEDef Log                                 *
*                              Version 1.7.20.6759                             *
*                                                                              *
********************************************************************************

Created at 16:17:35 on Monday, November 10, 2008

Time Zone            :

Logged On User       : doemk

Operating System     : Microsoft Windows XP Professional Dodatek Service Pack 2
OS Version           : 5.1.2600
System Langauge      : Polish
Keyboard Layout      : Polish
Processor            : X86 Intel(R) Core(TM)2 Duo CPU     E6850  @ 3.00GHz

System Drive         : F:\
Windows Directory    : F:\WINDOWS
System Directory     : F:\WINDOWS\system32

System Drive Type    : Fixed
System Drive Status  : READY
System Drive Label   : system
System Drive Size    : 20 GB
System Drive Free    : 7.55 GB

Total Physical Memory: 2046 MB
Free Physical Memory : 1502 MB
Total Page File      : 2046 MB
Free Page File       : 3584 MB
Total Virtual Memory : 2048 MB
Free Virtual Memory  : 1971 MB

Boot State           : Normal boot

--------------------------------------------------------------------------------

!!! userinit.exe is Clean !!!

--------------------------------------------------------------------------------

!!! Files that have been deleted !!!

No malicious files found

--------------------------------------------------------------------------------

!!! Directories that have been removed !!!

No malicious directories to be removed

--------------------------------------------------------------------------------

!!! Registry entries that have been removed !!!

No malicious Registry entries found

================================================================================

All Done :)

ShadowPuterDude

Safe Surfing!!!

a kasperski

Kod: Zaznacz wszystko

Nazwa pliku    Nazwa zagrożenia    Liczba zagrożeń
F:\Program Files\FlashGet\updates.exe   Zainfekowany: Trojan.Win32.Agent.aloj   

wirus usunelem recznie...