Mulacy system, zawiechy itd. duze problemy

[Wojtasgls]

Jestem u znajomych i co sie dzieje z ich kompem to jakas masakra.. prawym myszki na dysk zero reakcji, chce wejsc dodaj usun programy czekam 15 minut i nic. Komp jest strasznie zasyfiony i raczej bez formatu sie nie obejdzie ale musze na nim popracowac jeszcze troche a sie nie da i mysle ze rowniez jest to wina wirusow i innych. Prosze o sprawdzenie:

Kod: Zaznacz wszystko

Logfile of HijackThis v1.99.1
Scan saved at 19:46:13, on 2008-11-11
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\ja\Menu Start\Programy\Autostart\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
C:\Documents and Settings\ja\Pulpit\systemowe\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: UrlHelper Class - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BSMediaBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [LoadPowerProfile] C:\WINDOWS\SYSTEM\SystemTray.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [InstantTray] C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: ctfmon.exe
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Wyslij SMS'a - {215940F1-E7E0-4801-BEE3-44D045534106} - C:\Program Files\Common Files\moje.js
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O20 - AppInit_DLLs: pushow30.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

Kod: Zaznacz wszystko

ComboFix 07-08-14.4 - "ja" 2008-11-11 19:47:11.3 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1250.1.1045.18.144 [GMT 1:00]


(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Autorun.inf
C:\Program Files\myglobalsearch
C:\Program Files\myglobalsearch\bar\History\search
D:\Autorun.inf


(((((((((((((((((((((((((   Files Created from 2008-10-11 to 2008-11-11  )))))))))))))))))))))))))))))))


2008-11-09 18:51   85,376   --a------   C:\WINDOWS\system32\drivers\NABTSFEC.sys
2008-11-09 18:51   5,504   --a------   C:\WINDOWS\system32\drivers\MSTEE.sys
2008-11-09 18:51   19,328   --a------   C:\WINDOWS\system32\drivers\WSTCODEC.SYS
2008-11-09 18:51   17,024   --a------   C:\WINDOWS\system32\drivers\CCDECODE.sys
2008-11-09 18:51   15,360   --a------   C:\WINDOWS\system32\drivers\StreamIP.sys
2008-11-09 18:51   11,136   --a------   C:\WINDOWS\system32\drivers\SLIP.sys
2008-11-09 18:51   10,880   --a------   C:\WINDOWS\system32\drivers\NdisIP.sys
2008-11-09 18:50   54,784   --a------   C:\WINDOWS\system32\vfwwdm32.dll
2008-11-09 18:50   <DIR>   d--------   C:\DOCUME~1\ja\DANEAP~1\ArcSoft
2008-11-09 18:49   245,408   -ra------   C:\WINDOWS\system32\unicows.dll
2008-11-09 18:49   11,776   --a------   C:\WINDOWS\system32\drivers\afc.sys
2008-11-09 18:49   <DIR>   d--------   C:\Program Files\Common Files\ArcSoft
2008-11-09 18:48   212,480   --a------   C:\WINDOWS\PCDLIB32.DLL
2008-11-09 18:48   <DIR>   d--------   C:\Program Files\ArcSoft
2008-11-09 18:45   59,264   --a------   C:\WINDOWS\system32\drivers\USBAUDIO.sys
2008-11-09 18:45   163,840   --a------   C:\WINDOWS\AMCap.exe
2008-11-09 18:43   31,616   --a------   C:\WINDOWS\system32\drivers\usbccgp.sys
2008-10-24 19:51   <DIR>   d--------   C:\WINDOWS\A01872BE21234F1BB295E3D1774DC0C9.TMP


((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

2008-11-11 19:47   ---------   d--------   C:\DOCUME~1\ja\DANEAP~1\Skype
2008-11-09 18:48   ---------   d--h-----   C:\Program Files\InstallShield Installation Information
2008-10-16 14:13   202776   --a--c---   C:\WINDOWS\system32\dllcache\wuweb.dll
2008-10-16 14:13   202776   --a------   C:\WINDOWS\system32\wuweb.dll
2008-10-16 14:13   1809944   --a--c---   C:\WINDOWS\system32\dllcache\wuaueng.dll
2008-10-16 14:13   1809944   --a------   C:\WINDOWS\system32\wuaueng.dll
2008-10-16 14:12   561688   --a--c---   C:\WINDOWS\system32\dllcache\wuapi.dll
2008-10-16 14:12   561688   --a------   C:\WINDOWS\system32\wuapi.dll
2008-10-16 14:12   323608   --a--c---   C:\WINDOWS\system32\dllcache\wucltui.dll
2008-10-16 14:12   323608   --a------   C:\WINDOWS\system32\wucltui.dll
2008-10-16 14:09   92696   --a--c---   C:\WINDOWS\system32\dllcache\cdm.dll
2008-10-16 14:09   92696   --a------   C:\WINDOWS\system32\cdm.dll
2008-10-16 14:09   51224   --a--c---   C:\WINDOWS\system32\dllcache\wuauclt.exe
2008-10-16 14:09   51224   --a------   C:\WINDOWS\system32\wuauclt.exe
2008-10-16 14:09   43544   --a------   C:\WINDOWS\system32\wups2.dll
2008-10-16 14:08   34328   --a--c---   C:\WINDOWS\system32\dllcache\wups.dll
2008-10-16 14:08   34328   --a------   C:\WINDOWS\system32\wups.dll
2008-10-15 18:00   332800   -----c---   C:\WINDOWS\system32\dllcache\netapi32.dll
2008-10-07 17:38   136192   --a------   C:\WINDOWS\system32\pushow30.dll
2008-10-07 17:33   ---------   d--------   C:\Program Files\VCW VicMan's Photo Editor
2008-10-03 18:26   6066176   -----c---   C:\WINDOWS\system32\dllcache\ieframe.dll
2008-09-26 15:01   ---------   d--------   C:\Program Files\Web Photo Album
2008-09-25 12:31   ---------   d--------   C:\Program Files\Picasa2
2008-09-15 16:40   1846272   --a------   C:\WINDOWS\system32\win32k.sys
2008-09-15 16:40   1846272   -----c---   C:\WINDOWS\system32\dllcache\win32k.sys
2008-08-28 11:04   333056   -----c---   C:\WINDOWS\system32\dllcache\srv.sys
2008-08-28 09:05   74752   --a------   C:\WINDOWS\system32\msw3prt.dll
2008-08-28 09:05   74752   -----c---   C:\WINDOWS\system32\dllcache\msw3prt.dll
2008-08-28 09:05   104960   --a------   C:\WINDOWS\system32\win32spl.dll
2008-08-28 09:05   104960   -----c---   C:\WINDOWS\system32\dllcache\win32spl.dll
2008-08-27 10:27   3593216   --a--c---   C:\WINDOWS\system32\dllcache\mshtml.dll
2008-08-26 09:27   826368   --a--c---   C:\WINDOWS\system32\dllcache\wininet.dll
2008-08-26 09:27   671232   --a--c---   C:\WINDOWS\system32\dllcache\mstime.dll
2008-08-26 09:27   477696   --a--c---   C:\WINDOWS\system32\dllcache\mshtmled.dll
2008-08-26 09:27   44544   --a--c---   C:\WINDOWS\system32\dllcache\pngfilt.dll
2008-08-26 09:27   233472   -----c---   C:\WINDOWS\system32\dllcache\webcheck.dll
2008-08-26 09:27   193024   --a--c---   C:\WINDOWS\system32\dllcache\msrating.dll
2008-08-26 09:27   1159680   --a--c---   C:\WINDOWS\system32\dllcache\urlmon.dll
2008-08-26 09:27   105984   -----c---   C:\WINDOWS\system32\dllcache\url.dll
2008-08-26 09:27   102912   -----c---   C:\WINDOWS\system32\dllcache\occache.dll
2008-08-26 09:26   63488   -----c---   C:\WINDOWS\system32\dllcache\icardie.dll
2008-08-26 09:26   52224   -----c---   C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-08-26 09:26   459264   -----c---   C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-08-26 09:26   44544   -----c---   C:\WINDOWS\system32\dllcache\iernonce.dll
2008-08-26 09:26   384512   -----c---   C:\WINDOWS\system32\dllcache\iedkcs32.dll
2008-08-26 09:26   383488   -----c---   C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-08-26 09:26   347136   --a--c---   C:\WINDOWS\system32\dllcache\dxtmsft.dll
2008-08-26 09:26   27648   --a--c---   C:\WINDOWS\system32\dllcache\jsproxy.dll
2008-08-26 09:26   267776   -----c---   C:\WINDOWS\system32\dllcache\iertutil.dll
2008-08-26 09:26   230400   -----c---   C:\WINDOWS\system32\dllcache\ieaksie.dll
2008-08-26 09:26   214528   --a--c---   C:\WINDOWS\system32\dllcache\dxtrans.dll
2008-08-26 09:26   153088   -----c---   C:\WINDOWS\system32\dllcache\ieakeng.dll
2008-08-26 09:26   133120   --a--c---   C:\WINDOWS\system32\dllcache\extmgr.dll
2008-08-26 09:26   124928   -----c---   C:\WINDOWS\system32\dllcache\advpack.dll
2008-08-25 09:42   70656   -----c---   C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-08-25 09:38   13824   -----c---   C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-08-23 06:56   635848   -----c---   C:\WINDOWS\system32\dllcache\iexplore.exe
2008-08-23 06:54   161792   -----c---   C:\WINDOWS\system32\dllcache\ieakui.dll
2008-08-14 14:46   2181632   -----c---   C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-08-14 14:46   2137600   -----c---   C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-08-14 14:46   2059008   -----c---   C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-08-14 14:46   2017280   -----c---   C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-08-14 10:51   138368   -----c---   C:\WINDOWS\system32\dllcache\afd.sys
2008-06-27 20:03   7680   --ahsc---   C:\Program Files\Common Files\Thumbs.db
2005-09-16 15:52   766   --a--c---   C:\Program Files\Common Files\sms.ico
2005-09-16 15:52   70   --a--c---   C:\Program Files\Common Files\moje.js


(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
2008-03-19 23:36   1267040   --a------   C:\Program Files\Winamp Toolbar\winamptb.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]
2007-12-02 15:13   394680   --a------   C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2008-03-19 23:36 1267040]

[HKEY_CLASSES_ROOT\CLSID\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 03:25]
"LoadPowerProfile"="C:\WINDOWS\SYSTEM\SystemTray.exe" []
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2003-11-10 16:06]
"PAC7302_Monitor"="C:\WINDOWS\PixArt\PAC7302\Monitor.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-05-10 15:36]
"InstantTray"="C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe" [2004-09-02 10:37]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-13 16:52]

C:\Documents and Settings\ja\Menu Start\Programy\Autostart\
ctfmon.exe [2007-01-29 13:22:34]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=pushow30.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]
ALCWZRD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
"C:\Program Files\Ares\Ares.exe" -h

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare]
"C:\Program Files\BearShare\BearShare.exe" /pause

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy-PrintToolBox]
C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ezrbzhax]
C:\Program Files\Hqzymb\Ufsq.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Download Manager]
E:\Free Download Manager\fdm.exe -autorun

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Globe7]
"C:\Documents and Settings\ja\Pulpit\Globe7.exe" /hide

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GoD]
"C:\Program Files\GoD\GoD.exe" /tray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstantTray]
C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IW_Drop_Icon]
C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe /DropDisc

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Komunikator]
C:\Program Files\Tlen.pl\tlen.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
C:\Program Files\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]
C:\WINDOWS\system32\PSDrvCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\qup1ihfj]
C:\WINDOWS\system32\qup1ihfj.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Shareaza]
"C:\Program Files\Shareaza\Shareaza.exe" -tray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skrót do strony właściwości High Definition Audio]
HDAudPropShortcut.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"C:\Skyp Beta\Skype.exe" /nosplash /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySpotter System Defender]
C:\Program Files\SpySpotter3\Defender.exe -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoipBuster]
"C:\program files\voipbuster.com\voipbuster\voipbuster.exe" -nosplash -minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
D:\Winamp\winampa.exe

R0 VOBID;VOBID;C:\WINDOWS\system32\DRIVERS\vobid.sys
R1 vobiw;vobiw;C:\WINDOWS\system32\drivers\vobiw.sys
R3 cdrdrv;Cdrdrv;C:\WINDOWS\system32\Drivers\Cdrdrv.sys
R3 PAC7302;PAC7302 VGA USB Camera;C:\WINDOWS\system32\DRIVERS\PAC7302.SYS


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5a45d0a4-6ddb-11dc-9525-0008540e7b9d}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
Open(&0)\command- H:\Recycled\ctfmon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8bd69e5a-e35c-11db-9410-0008540e7b9d}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
Open(&0)\command- H:\Recycled\ctfmon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ec5b5970-7bbc-11dc-9543-0008540e7b9d}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
Open(&0)\command- H:\Recycled\ctfmon.exe


**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-11 19:50:12
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2008-11-11 19:51:00
C:\ComboFix-quarantined-files.txt ... 2008-11-11 19:50
C:\ComboFix2.txt ... 2007-12-11 19:00

   --- E O F ---

[djarta]

Masz starego ComboFixa więc pobierz go z tego źródła ---> ComboFix



==================
K.

[Wojtasgls]

Kod: Zaznacz wszystko

ComboFix 08-11-10.01 - ja 2008-11-11 20:41:00.4 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1250.1.1045.18.205 [GMT 1:00]
Uruchomiony z: c:\documents and settings\ja\Pulpit\ComboFix.exe
* Utworzono nowy punkt przywracania

[COLOR=RED][B]UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !![/B][/COLOR]
.

(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf
c:\documents and settings\ja\Menu Start\Programy\Autostart\ctfmon.exe
c:\recycled\Recycled
c:\recycled\Recycled\ctfmon.exe
c:\windows\tmlpcert2007
D:\Autorun.inf

.
(((((((((((((((((((((((((   Pliki utworzone od 2008-10-11 do 2008-11-11  )))))))))))))))))))))))))))))))
.

2008-11-11 20:33 . 2008-11-11 20:33   <DIR>   d--------   c:\windows\PixArt
2008-11-11 20:27 . 2008-11-11 20:27   <DIR>   d--------   c:\program files\Trust
2008-11-11 20:27 . 2008-11-11 20:27   <DIR>   d--------   c:\documents and settings\ja\Dane aplikacji\InstallShield
2008-11-11 20:27 . 2007-06-14 15:29   457,856   --a------   c:\windows\system32\drivers\PAC7302.SYS
2008-11-11 20:27 . 2006-11-20 09:04   6,656   --a------   c:\windows\system32\CoInst.dll
2008-11-09 18:51 . 2004-08-03 23:10   85,376   --a------   c:\windows\system32\drivers\NABTSFEC.sys
2008-11-09 18:51 . 2004-08-03 23:10   19,328   --a------   c:\windows\system32\drivers\WSTCODEC.SYS
2008-11-09 18:51 . 2004-08-03 23:10   17,024   --a------   c:\windows\system32\drivers\CCDECODE.sys
2008-11-09 18:51 . 2004-08-04 00:44   16,384   --a------   c:\windows\system32\ipsink.ax
2008-11-09 18:51 . 2004-08-03 23:10   15,360   --a------   c:\windows\system32\drivers\StreamIP.sys
2008-11-09 18:51 . 2004-08-03 23:10   11,136   --a------   c:\windows\system32\drivers\SLIP.sys
2008-11-09 18:51 . 2004-08-03 23:10   10,880   --a------   c:\windows\system32\drivers\NdisIP.sys
2008-11-09 18:51 . 2004-08-03 22:58   5,504   --a------   c:\windows\system32\drivers\MSTEE.sys
2008-11-09 18:50 . 2008-11-09 18:50   <DIR>   d--------   c:\documents and settings\ja\Dane aplikacji\ArcSoft
2008-11-09 18:50 . 2004-08-04 00:44   294,912   --a------   c:\windows\system32\msh263.drv
2008-11-09 18:50 . 2004-08-04 00:44   91,136   --a------   c:\windows\system32\kswdmcap.ax
2008-11-09 18:50 . 2004-08-04 00:44   61,952   --a------   c:\windows\system32\kstvtune.ax
2008-11-09 18:50 . 2004-08-04 00:44   54,784   --a------   c:\windows\system32\vfwwdm32.dll
2008-11-09 18:50 . 2004-08-04 00:44   43,008   --a------   c:\windows\system32\ksxbar.ax
2008-11-09 18:50 . 2004-08-04 00:44   28,672   --a------   c:\windows\system32\vidcap.ax
2008-11-09 18:49 . 2008-11-09 18:49   <DIR>   d--------   c:\program files\Common Files\ArcSoft
2008-11-09 18:49 . 2005-04-27 16:36   245,408   -ra------   c:\windows\system32\unicows.dll
2008-11-09 18:49 . 2005-02-23 14:58   11,776   --a------   c:\windows\system32\drivers\afc.sys
2008-11-09 18:48 . 2008-11-09 18:48   <DIR>   d--------   c:\program files\ArcSoft
2008-11-09 18:48 . 1995-08-01 04:44   212,480   --a------   c:\windows\PCDLIB32.DLL
2008-11-09 18:45 . 2006-11-20 09:01   163,840   --a------   c:\windows\AMCap.exe
2008-11-09 18:45 . 2007-05-17 15:50   129,024   --a------   c:\windows\system32\SP7302.AX
2008-11-09 18:45 . 2004-08-03 23:07   59,264   --a------   c:\windows\system32\drivers\USBAUDIO.sys
2008-11-09 18:45 . 2007-04-09 17:32   566   --a------   c:\windows\system32\SP7302.INI
2008-11-09 18:43 . 2004-08-03 23:08   31,616   --a------   c:\windows\system32\drivers\usbccgp.sys
2008-10-24 19:51 . 2008-10-24 19:51   <DIR>   d--------   c:\windows\A01872BE21234F1BB295E3D1774DC0C9.TMP

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-11 19:31   ---------   d-----w   c:\documents and settings\ja\Dane aplikacji\Skype
2008-11-09 17:48   ---------   d--h--w   c:\program files\InstallShield Installation Information
2008-10-16 13:13   202,776   ----a-w   c:\windows\system32\wuweb.dll
2008-10-16 13:13   1,809,944   ----a-w   c:\windows\system32\wuaueng.dll
2008-10-16 13:12   561,688   ----a-w   c:\windows\system32\wuapi.dll
2008-10-16 13:12   323,608   ----a-w   c:\windows\system32\wucltui.dll
2008-10-16 13:09   92,696   ----a-w   c:\windows\system32\cdm.dll
2008-10-16 13:09   51,224   ----a-w   c:\windows\system32\wuauclt.exe
2008-10-16 13:09   43,544   ----a-w   c:\windows\system32\wups2.dll
2008-10-16 13:08   34,328   ----a-w   c:\windows\system32\wups.dll
2008-10-07 16:38   136,192   ----a-w   c:\windows\system32\pushow30.dll
2008-10-07 16:33   ---------   d-----w   c:\program files\VCW VicMan's Photo Editor
2008-09-26 14:01   ---------   d-----w   c:\program files\Web Photo Album
2008-09-25 11:31   ---------   d-----w   c:\program files\Picasa2
2008-09-15 15:40   1,846,272   ----a-w   c:\windows\system32\win32k.sys
2008-08-28 08:05   74,752   ----a-w   c:\windows\system32\msw3prt.dll
2008-08-28 08:05   104,960   ----a-w   c:\windows\system32\win32spl.dll
2008-08-26 08:27   826,368   ----a-w   c:\windows\system32\wininet.dll
2008-08-14 13:46   2,137,600   ----a-w   c:\windows\system32\ntoskrnl.exe
2008-08-14 13:46   2,017,280   ----a-w   c:\windows\system32\ntkrnlpa.exe
2008-06-27 19:03   7,680   -csha-w   c:\program files\Common Files\Thumbs.db
2005-09-16 14:52   766   -c--a-w   c:\program files\Common Files\sms.ico
2005-09-16 14:52   70   -c--a-w   c:\program files\Common Files\moje.js
2000-02-23 23:10   109   ----a-w   c:\documents and settings\ja\UNPACK.BAT
2000-02-03 08:51   13,032   ----a-w   c:\documents and settings\ja\TRAINER.EXE
2000-02-02 12:33   350   ----a-w   c:\documents and settings\ja\SIMS.REG
2000-01-05 18:39   31,744   ----a-w   c:\documents and settings\ja\Drvmgt.dll
2000-01-05 18:39   10,848   ----a-w   c:\documents and settings\ja\Secdrv.sys
1999-10-29 22:33   835,628   ----a-w   c:\documents and settings\ja\gimex.dll
1999-09-18 09:17   7,960   ----a-w   c:\documents and settings\ja\WUNPACK.EXE
1999-04-08 11:00   229,344   ----a-w   c:\documents and settings\ja\4DOS.COM
1999-02-09 08:46   137,728   ----a-w   c:\documents and settings\ja\ijl10.dll
.

(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2008-03-19 1267040]

[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]
2007-12-02 15:13   394680   --a------   c:\program files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2007-05-10 2111176]
"InstantTray"="c:\program files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe" [2004-09-02 770048]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-13 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2003-11-10 406016]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=pushow30.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
--a------ 2004-09-29 07:15 344064 c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare]
--a------ 2006-08-01 16:04 3313664 c:\program files\BearShare\BearShare.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2007-04-03 23:29 165784 c:\program files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy-PrintToolBox]
--a------ 2004-01-14 03:10 409600 c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstantTray]
--a------ 2004-09-02 10:37 770048 c:\program files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IW_Drop_Icon]
--a------ 2004-07-30 15:10 1123840 c:\program files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 17:24 1694208 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
--a------ 2008-08-21 02:18 443968 c:\program files\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]
--a------ 2003-11-10 16:06 406016 c:\windows\system32\PSDrvCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
--a--c--- 2005-10-24 19:37 14892072 c:\skyp beta\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2008-04-13 16:52 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2008-04-01 19:49 36352 d:\winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--a--c--- 2004-10-13 16:00 57344 c:\windows\ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]
--a--c--- 2004-10-21 17:44 2744832 c:\windows\ALCWZRD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skrót do strony właściwości High Definition Audio]
--a------ 2004-08-12 17:45 61952 c:\windows\system32\Hdaudpropshortcut.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a--c--- 2004-10-21 14:20 77824 c:\windows\SOUNDMAN.EXE

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Gadu-Gadu\\gg.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 VOBID;VOBID;c:\windows\system32\DRIVERS\vobid.sys [2003-08-01 29239]
R1 vobiw;vobiw;c:\windows\system32\drivers\vobiw.sys [2004-09-01 188416]
R3 cdrdrv;Cdrdrv;c:\windows\system32\Drivers\Cdrdrv.sys [2004-08-03 62976]
R3 PAC7302;PAC7302 VGA USB Camera;c:\windows\system32\DRIVERS\PAC7302.SYS [2007-06-14 457856]
.
- - - - USUNIĘTO PUSTE WPISY - - - -

HKLM-Run-LoadPowerProfile - c:\windows\SYSTEM\SystemTray.exe
MSConfigStartUp-ares - c:\program files\Ares\Ares.exe
MSConfigStartUp-Ezrbzhax - c:\program files\Hqzymb\Ufsq.exe
MSConfigStartUp-Free Download Manager - e:\free download manager\fdm.exe
MSConfigStartUp-Globe7 - c:\documents and settings\ja\Pulpit\Globe7.exe
MSConfigStartUp-GoD - c:\program files\GoD\GoD.exe
MSConfigStartUp-Komunikator - c:\program files\Tlen.pl\tlen.exe
MSConfigStartUp-qup1ihfj - c:\windows\system32\qup1ihfj.exe
MSConfigStartUp-Shareaza - c:\program files\Shareaza\Shareaza.exe
MSConfigStartUp-SpySpotter System Defender - c:\program files\SpySpotter3\Defender.exe
MSConfigStartUp-VoipBuster - c:\program files\voipbuster.com\voipbuster\voipbuster.exe


.
------- Skan uzupełniający -------
.
FireFox -: Profile - c:\documents and settings\ja\Dane aplikacji\Mozilla\Firefox\Profiles\nw8d5mna.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=
FireFox -: prefs.js - STARTUP.HOMEPAGE - about:blank
FF -: plugin - c:\program files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - c:\program files\Picasa2\npPicasa2.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-11 20:43:03
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
Czas ukończenia: 2008-11-11 20:44:02
ComboFix-quarantined-files.txt  2008-11-11 19:43:52
ComboFix2.txt  2008-11-11 18:51:00

Przed: 3 349 983 232 bajtów wolnych
Po: 3,356,151,808 bajtów wolnych

196   --- E O F ---   2008-10-24 09:51:32


[Magik]

ogolnie smiech

zadnego antywirusa i firewall'a

jedyna ochrona Ewido AS



1. wykonaj optymalizację windowsa

2.sciagnij ATF_Cleaner

zaznacz

Windows Temp

All users Temp

Temporary internet files

Recycle Bin

i wcisnij EMPTY SELECTED

3.Wyłšcz przywracanie systemu ( właœciwoœci mój komputer-zakładka przywracanie - wyłšcz przywracanie na wszystkich dyskach). Po chwili włšcz je powrotem


wyczysc katalog prefetch i dllcache

Zastosuj SDFix . Po pobraniu uruchom go a rozpakuje się do C:\SDFix. Uruchom komputer w trybie awaryjnym (F8 przy stracie systemu). Będšc w awaryjnym uruchom plik RunThis.bat z folderu SDFixa. ZatwierdŸ czyszczenie przez Y. Poczekaj aż ukończy i komputer zresetuje



Potem wejdz do folderu C:\SDFix wrzuc zawartoœć pliku Report.txt


i powroc z nowym logiem z combofix