problem z explorer.exe

[noomouse]

Wiec sprawa wyglada tak:
Gdy probuje wejść w jaki kol wiek folder na pulpicie w tym w Moj Komputer czy inne foldery systemowe wyskakuje blad EXPLORER.EXE, problem tez powtarza sie również przy próbie wejścia np. do Panelu sterowania przez Start->ustawienia tak samo jest przy próbie odpalenia przez Uruchom. Jedyny sposób dostania sie do jakiegoś pliku to skopiowanie go na pulpit, udało mi sie to zrobić po przez opcje "otwórz" np. w Allplayerze
Niestety format w obecnej chwili nie wchodzi w grę wiec jak ktoś zna jakieś inne rozwiązanie prosił bym o pomoc.

[wojtas]

daj loga w tagach z hijack this wg.opisu


http://forum.programosy.pl/hijackthis-amp-silent-runners-gtobsuga-i-umieszczanie-vt9452.html

[noomouse]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:41:08, on 2007-12-29
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
c:\program files\winamp toolbar\WinampTbServer.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\V0250Mon.exe
C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\carpserv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Documents and Settings\noomouse\Pulpit\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/pl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [V0250Mon.exe] C:\WINDOWS\V0250Mon.exe
O4 - HKLM\..\Run: [AVFX Engine] C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

--
End of file - 7312 bytes

Mam nadzieje ze wszystko dobrze czekam na odpowiedz.

[Dzi@dek]

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/pl
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL
O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL

Usuń wpisy w hijackthis stawiając V przy nich i naciśnij Fix Checked.
Pogrubiony folder wywal z dysku ręcznie po zabiegach.

Daj log z Combofix.
http://www.programosy.pl/program,combofix.html

[noomouse]

ComboFix 07-12-21.4 - noomouse 2007-12-30 13:34:47.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.110 [GMT 0:00]
Running from: C:\Documents and Settings\noomouse\Pulpit\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2007-11-28 to 2007-12-30 )))))))))))))))))))))))))))))))
.

2007-12-30 07:32 . 2007-12-30 07:32 <DIR> d-------- C:\WINDOWS\Sun
2007-12-25 14:51 . 2007-12-25 14:51 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2007-12-25 14:25 . 2007-12-25 14:25 <DIR> d-------- C:\Documents and Settings\noomouse\Dane aplikacji\Media Player Classic
2007-12-24 12:39 . 2007-12-24 20:53 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy
2007-12-22 18:45 . 2007-10-10 23:52 6,065,664 --------- C:\WINDOWS\system32\DllCache\ieframe.dll
2007-12-22 18:45 . 2007-07-01 03:31 2,455,488 --------- C:\WINDOWS\system32\DllCache\ieapfltr.dat
2007-12-22 18:45 . 2007-07-01 03:36 1,036,288 --------- C:\WINDOWS\system32\DllCache\ieframe.dll.mui
2007-12-22 18:45 . 2007-10-10 23:52 459,264 --------- C:\WINDOWS\system32\DllCache\msfeeds.dll
2007-12-22 18:45 . 2007-10-10 23:52 383,488 --------- C:\WINDOWS\system32\DllCache\ieapfltr.dll
2007-12-22 18:45 . 2007-10-10 23:52 267,776 --------- C:\WINDOWS\system32\DllCache\iertutil.dll
2007-12-22 18:45 . 2007-10-10 23:52 63,488 --------- C:\WINDOWS\system32\DllCache\icardie.dll
2007-12-22 18:45 . 2007-10-10 23:52 52,224 --------- C:\WINDOWS\system32\DllCache\msfeedsbs.dll
2007-12-22 18:45 . 2007-10-10 10:59 13,824 --------- C:\WINDOWS\system32\DllCache\ieudinit.exe
2007-12-22 18:44 . 2007-12-22 18:46 <DIR> d-------- C:\WINDOWS\system32\pl-pl
2007-12-22 18:37 . 2007-08-13 18:54 33,792 --a------ C:\WINDOWS\system32\DllCache\custsat.dll
2007-12-22 18:24 . 2001-08-17 21:57 16,128 --a------ C:\WINDOWS\system32\drivers\MODEMCSA.sys
2007-12-22 06:14 . 2004-08-03 22:44 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-12-22 06:04 . 2007-12-22 06:04 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-12-19 23:27 . 2007-12-19 23:27 <DIR> d-------- C:\Documents and Settings\noomouse\Dane aplikacji\Gadu-Gadu
2007-12-19 20:05 . 2007-12-25 03:25 <DIR> d-------- C:\WINDOWS\system32\DllCache
2007-12-19 19:37 . 2007-07-09 13:11 584,192 --------- C:\WINDOWS\system32\DllCache\rpcrt4.dll
2007-12-19 19:28 . 2006-12-07 05:29 2,374,472 --------- C:\WINDOWS\system32\DllCache\wmvcore.dll
2007-12-19 18:58 . 2006-09-06 17:43 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-12-19 18:42 . 2007-12-29 21:09 <DIR> d-------- C:\Documents and Settings\noomouse\Gadu-Gadu
2007-12-19 18:41 . 2007-12-19 18:42 <DIR> d-------- C:\Program Files\Gadu-Gadu
2007-12-19 14:46 . 2007-12-19 14:57 139,264 --a------ C:\WINDOWS\War3Unin.exe
2007-12-19 14:46 . 2007-12-19 15:11 76,046 --a------ C:\WINDOWS\War3Unin.dat
2007-12-19 14:46 . 2007-12-19 14:57 2,829 --a------ C:\WINDOWS\War3Unin.pif
2007-12-19 14:43 . 2007-12-22 22:05 <DIR> d-------- C:\Program Files\Warcraft III
2007-12-18 18:09 . 2007-12-18 18:08 502,208 --a------ C:\WINDOWS\system32\drivers\amon.sys
2007-12-18 18:09 . 2007-12-18 18:08 270,336 --a------ C:\WINDOWS\system32\imon.dll
2007-12-18 17:01 . 2007-12-18 17:01 <DIR> d-------- C:\Program Files\uTorrent
2007-12-18 17:01 . 2007-12-29 14:41 <DIR> d-------- C:\Documents and Settings\noomouse\Dane aplikacji\uTorrent
2007-12-12 21:18 . 2007-12-12 21:19 <DIR> d-------- C:\Program Files\Google
2007-12-11 16:19 . 2004-08-04 00:44 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2007-12-11 16:19 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-12-11 16:19 . 2001-10-26 17:29 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2007-12-09 21:08 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2007-12-09 21:06 . 2007-12-09 21:08 <DIR> d-------- C:\Program Files\Java
2007-12-09 21:06 . 2007-12-09 21:06 <DIR> d-------- C:\Program Files\Common Files\Java
2007-12-09 20:46 . 2007-12-09 21:09 1,469 --a------ C:\WINDOWS\mozver.dat
2007-12-09 20:11 . 2007-12-09 20:11 <DIR> d-------- C:\Program Files\DFX
2007-12-09 20:11 . 2007-12-09 20:11 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\DFX
2007-12-09 17:20 . 2005-04-11 17:13 29,006 --a------ C:\WINDOWS\system32\oeminfo.ini
2007-12-09 15:09 . 2007-12-29 00:01 69 --a------ C:\WINDOWS\NeroDigital.ini
2007-12-09 14:24 . 2007-12-09 14:25 <DIR> d-------- C:\Program Files\CDex_170b2
2007-12-09 13:07 . 2007-12-09 13:07 <DIR> d-------- C:\Documents and Settings\noomouse\Dane aplikacji\Nero
2007-12-09 13:04 . 2007-12-09 13:04 <DIR> d-------- C:\Program Files\Nero
2007-12-09 13:04 . 2007-12-09 13:06 <DIR> d-------- C:\Program Files\Common Files\Nero
2007-12-09 13:04 . 2007-12-09 13:04 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Nero
2007-12-09 12:19 . 2007-12-09 19:24 <DIR> d-------- C:\Program Files\Konnekt
2007-12-09 12:19 . 2007-12-09 12:19 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\stamina
2007-12-09 12:18 . 2007-12-10 16:20 <DIR> d-------- C:\Program Files\BearShare
2007-12-09 12:18 . 2007-12-25 12:39 <DIR> d-------- C:\My Downloads
2007-12-09 12:11 . 2007-12-09 15:49 <DIR> d-------- C:\Documents and Settings\noomouse\Dane aplikacji\Ahead
2007-12-09 00:29 . 2007-12-30 13:29 <DIR> d-------- C:\Program Files\AskTBar
2007-12-08 23:02 . 2007-12-08 23:02 98,304 --a------ C:\WINDOWS\system32\qttask.exe
2007-12-08 22:55 . 2007-12-08 22:55 <DIR> d-------- C:\Program Files\Winamp Toolbar
2007-12-08 22:55 . 2007-12-08 22:55 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar
2007-12-08 22:53 . 2007-12-23 17:22 <DIR> d-------- C:\Program Files\Winamp
2007-12-08 22:50 . 2007-12-08 22:50 <DIR> d-------- C:\Program Files\MarBit
2007-12-08 22:37 . 2007-12-08 22:37 <DIR> d-------- C:\Program Files\Alcohol Soft
2007-12-08 22:37 . 2004-04-30 09:37 160,640 --a------ C:\WINDOWS\system32\drivers\a347bus.sys
2007-12-08 22:37 . 2004-05-06 12:11 40,448 --a------ C:\Program Files\trial_setup.exe
2007-12-08 22:37 . 2004-04-30 09:33 5,248 --a------ C:\WINDOWS\system32\drivers\a347scsi.sys
2007-12-08 22:34 . 2007-12-08 22:34 <DIR> d-------- C:\Program Files\Creative
2007-12-08 22:34 . 2003-03-19 13:19 1,060,864 --------- C:\WINDOWS\system32\MFC71.DLL
2007-12-08 22:34 . 2003-03-18 20:14 499,712 --------- C:\WINDOWS\system32\msvcp71.dll
2007-12-08 22:34 . 2003-02-21 04:42 348,160 --------- C:\WINDOWS\system32\msvcr71.dll
2007-12-08 22:18 . 2007-12-26 16:31 <DIR> d-------- C:\Documents and Settings\noomouse\Dane aplikacji\skypePM
2007-12-08 22:18 . 2007-12-26 17:51 <DIR> d-------- C:\Documents and Settings\noomouse\Dane aplikacji\Skype
2007-12-08 22:18 . 2007-12-08 22:18 32 --a------ C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat
2007-12-08 22:17 . 2007-12-08 22:17 <DIR> d-------- C:\Program Files\Skype
2007-12-08 22:17 . 2007-12-08 22:17 <DIR> d-------- C:\Program Files\Common Files\Skype
2007-12-08 22:17 . 2007-12-08 22:17 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Skype
2007-12-08 22:14 . 2007-12-08 22:14 <DIR> d-------- C:\Documents and Settings\noomouse\Dane aplikacji\Talkback

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-30 13:35 --------- d---a-w C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2007-12-22 18:23 --------- d-----w C:\Program Files\CONEXANT
2007-12-09 17:17 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-09 17:17 --------- d-----w C:\Program Files\HPQ
2007-12-08 21:30 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-12-08 21:29 20,747 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
2007-12-08 21:29 --------- d-----w C:\Program Files\Belkin
2007-12-08 21:28 --------- d-----w C:\Program Files\Synaptics
2007-12-08 21:26 --------- d-----w C:\Program Files\SP23455
2007-12-08 21:15 --------- d-----w C:\Program Files\Usługi online
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-10-31 04:56 3,590,656 ------w C:\WINDOWS\system32\DllCache\mshtml.dll
2007-10-29 22:44 1,291,264 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 22:44 1,291,264 ------w C:\WINDOWS\system32\DllCache\quartz.dll
2007-10-25 16:44 8,488,960 ----a-w C:\WINDOWS\system32\DllCache\shell32.dll
2007-10-23 14:20 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe
2007-10-22 08:51 972,072 ----a-w C:\WINDOWS\UNRecode.exe
2007-10-20 06:01 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-20 06:01 227,328 ------w C:\WINDOWS\system32\DllCache\wmasf.dll
2007-10-11 06:11 474,112 ------w C:\WINDOWS\system32\DllCache\shlwapi.dll
2007-10-11 06:11 1,498,112 ------w C:\WINDOWS\system32\DllCache\shdocvw.dll
2007-10-11 06:10 151,552 ------w C:\WINDOWS\system32\DllCache\cdfview.dll
2007-10-11 06:10 1,055,744 ------w C:\WINDOWS\system32\DllCache\danim.dll
2007-10-11 06:10 1,024,000 ------w C:\WINDOWS\system32\DllCache\browseui.dll
2007-10-10 23:52 824,832 ------w C:\WINDOWS\system32\DllCache\wininet.dll
2007-10-10 23:52 671,232 ------w C:\WINDOWS\system32\DllCache\mstime.dll
2007-10-10 23:52 478,208 ------w C:\WINDOWS\system32\DllCache\mshtmled.dll
2007-10-10 23:52 44,544 ------w C:\WINDOWS\system32\DllCache\iernonce.dll
2007-10-10 23:52 384,512 ------w C:\WINDOWS\system32\DllCache\iedkcs32.dll
2007-10-10 23:52 27,648 ------w C:\WINDOWS\system32\DllCache\jsproxy.dll
2007-10-10 23:52 232,960 ------w C:\WINDOWS\system32\DllCache\webcheck.dll
2007-10-10 23:52 230,400 ------w C:\WINDOWS\system32\DllCache\ieaksie.dll
2007-10-10 23:52 214,528 ------w C:\WINDOWS\system32\DllCache\dxtrans.dll
2007-10-10 23:52 193,024 ------w C:\WINDOWS\system32\DllCache\msrating.dll
2007-10-10 23:52 153,088 ------w C:\WINDOWS\system32\DllCache\ieakeng.dll
2007-10-10 23:52 132,608 ------w C:\WINDOWS\system32\DllCache\extmgr.dll
2007-10-10 23:52 124,928 ------w C:\WINDOWS\system32\DllCache\advpack.dll
2007-10-10 23:52 105,984 ------w C:\WINDOWS\system32\DllCache\url.dll
2007-10-10 23:52 102,400 ------w C:\WINDOWS\system32\DllCache\occache.dll
2007-10-10 23:52 1,159,680 ------w C:\WINDOWS\system32\DllCache\urlmon.dll
2007-10-10 11:03 625,152 ------w C:\WINDOWS\system32\DllCache\iexplore.exe
2007-10-10 11:02 70,656 ------w C:\WINDOWS\system32\DllCache\ie4uinit.exe
2007-10-10 05:46 161,792 ------w C:\WINDOWS\system32\DllCache\ieakui.dll
2007-09-28 17:07 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-09-28 17:05 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-09-28 17:05 739,840 ----a-w C:\WINDOWS\system32\divx.dll
2007-09-20 08:55 95,600 ----a-w C:\WINDOWS\system32\NeroCo.dll
2007-09-04 17:56 164,352 ----a-w C:\WINDOWS\system32\unrar.dll
2004-05-06 12:11 777 ----a-w C:\Program Files\trial_setup.ini
2004-05-06 12:11 4,289,024 ----a-w C:\Program Files\trial_setup.msi
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
2007-10-04 20:06 1135968 --a------ C:\Program Files\Winamp Toolbar\winamptb.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
{2318C2B1-4965-11D4-9B18-009027A5CD4F}
{37B85A29-692B-4205-9CAD-2626E4993404}

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-10-04 20:06 1135968]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 22:44]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-10-23 14:18]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-12-12 21:19]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-11-14 10:54]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 16:24 C:\WINDOWS\system32\Ati2mdxx.exe]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-04 18:40]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-04 18:38]
"V0250Mon.exe"="C:\WINDOWS\V0250Mon.exe" [2006-06-08 01:00]
"AVFX Engine"="C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe" [2006-06-09 01:11]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 08:51]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-12-18 18:08]
"CARPService"="carpserv.exe" [2003-05-21 15:35 C:\WINDOWS\system32\carpserv.exe]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-03 22:44]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 22:44]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyDocs"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyDocs"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare]
C:\Program Files\BearShare\BearShare.exe /pause

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Konnekt]
C:\Program Files\Konnekt\konnekt.exe /autostart

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 14:57 153136 --a------ C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe /nosplash /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe

R2 Belkin Wireless USB Network Adapter Service;Belkin Wireless USB Network Adapter;C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe [2004-03-29 16:08]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3;C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2007-09-20 08:51]
R2 NetCM;Network Connection Manager;C:\Program Files\Common Files\Microsoft Shared\Speech\svchost.exe [2002-12-19 14:41]
R3 CALIAUD;Conexant AMC 3D ENVIRONMENTAL AUDIO;C:\WINDOWS\system32\drivers\caliaud.sys [2002-11-05 15:04]
R3 CALIHALA;CALIHALA;C:\WINDOWS\system32\drivers\calihal.sys [2002-11-05 15:04]
R3 FA312;Sterownik karty NETGEAR FA330/FA312/FA311 Fast Ethernet;C:\WINDOWS\system32\DRIVERS\FA312nd5.sys [2001-08-17 20:12]
S3 V0250Dev;Live! Cam Notebook Pro;C:\WINDOWS\system32\DRIVERS\V0250Dev.sys [2006-06-27 11:25]
S3 V0250Vfx;V0250Vfx;C:\WINDOWS\system32\DRIVERS\V0250Vfx.sys [2006-03-24 16:24]

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-30 13:38:44
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

C:\Program Files\Common Files\Microsoft Shared\Speech\svchost.exe [292] 0x840AAA58
C:\Program Files\Internet Explorer\iexplore.exe [1308] 0x83FBD768
scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
-> C:\Program Files\Eset\pr_imon.dll
.
Completion time: 2007-12-30 13:40:10
.
2007-12-25 03:25:20 --- E O F ---

[wojtas]

Wykonaj to co jest podane w tym temacie

skasuj ten folder:

C:\Program Files\AskTBar

juz jest czysto

[noomouse]

Dziala dziekuje bardzo za pomoc.