Problem z odinstalowaniem spyware doctor

[zielona]

hej! Próbowałam zainstalować Kasperky'ego ale nie dało się bo mam Spyware Doctora i nie mogę go odinstalować (ani przez panel sterowania, ani poprzez CCleaner) - wyświetla mi komunikat: "Plik dziennika dezinstalacji C:/ProgramFiles?SpywareDoctor?unins000.dat Daję logi do sprawdzenia może coś pomożecie..

Kod: Zaznacz wszystko

ComboFix 08-12-21.02 - xp 2008-12-21 23:15:20.7 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1250.1.1045.18.447.149 [GMT 1:00]
Uruchomiony z: c:\program files\ComboFix.exe
* Utworzono nowy punkt przywracania

[COLOR=RED][B]UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !![/B][/COLOR]
.

(((((((((((((((((((((((((   Pliki utworzone od 2008-11-21 do 2008-12-21  )))))))))))))))))))))))))))))))
.

2008-12-21 23:02 . 2008-12-21 23:02   <DIR>   d--------   C:\ERDNT
2008-12-21 22:43 . 2008-12-21 22:43   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\Yahoo! Companion
2008-12-21 22:26 . 2008-12-21 22:26   <DIR>   d--------   c:\program files\Yahoo!
2008-12-21 22:26 . 2008-12-21 22:26   <DIR>   d--------   c:\program files\CCleaner
2008-12-21 22:25 . 2008-12-21 22:25   2,972,904   --a------   c:\program files\ccsetup214.exe
2008-12-21 22:11 . 2008-12-21 22:11   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files
2008-12-21 20:08 . 2008-12-21 20:08   38,279,184   --a------   c:\program files\kav8.0.0.506pl.exe
2008-12-20 18:10 . 2008-12-20 18:10   7,217,599   --a------   c:\program files\odk11.3.0808setup.exe
2008-12-08 17:57 . 2008-12-08 17:57   10   --a------   c:\windows\popcinfo.dat
2008-12-08 17:45 . 2008-12-08 17:45   <DIR>   d--------   c:\program files\Zylom Games
2008-12-08 17:45 . 2008-12-08 17:45   <DIR>   d--------   c:\documents and settings\xp\Dane aplikacji\Zylom
2008-12-08 17:45 . 2008-12-08 17:45   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\Zylom
2008-11-29 17:40 . 2008-11-10 05:43   410,984   --a------   c:\windows\system32\deploytk.dll
2008-11-22 17:35 . 2008-11-22 17:35   <DIR>   d--------   c:\documents and settings\xp\Dane aplikacji\ACD Systems
2008-11-22 17:34 . 2008-11-22 17:34   <DIR>   d--------   c:\program files\Common Files\ACD Systems
2008-11-22 17:34 . 2008-11-22 17:34   <DIR>   d--------   c:\program files\ACD Systems
2008-11-22 17:34 . 2008-11-22 17:34   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\ACD Systems
2008-11-22 17:28 . 2008-11-22 17:31   89,118,864   --a------   c:\program files\photoeditor2008-5-0-286-en.exe

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-21 22:14   2,885,486   ----a-r   c:\program files\ComboFix.exe
2008-12-21 21:10   ---------   d-----w   c:\program files\Alwil Software
2008-12-21 19:15   ---------   d---a-w   c:\documents and settings\All Users\Dane aplikacji\TEMP
2008-12-21 17:43   ---------   d-----w   c:\documents and settings\xp\Dane aplikacji\Skype
2008-12-21 17:23   ---------   d-----w   c:\documents and settings\xp\Dane aplikacji\skypePM
2008-12-20 17:17   ---------   d-----w   c:\program files\Odkurzacz
2008-12-19 18:47   ---------   d-----w   c:\program files\Java
2008-11-18 17:41   ---------   d-----w   c:\program files\NAPI-PROJEKT
2008-11-18 17:07   ---------   d-----w   c:\program files\DivX
2008-11-18 17:03   695,350   ----a-w   c:\program files\gmer.zip
2008-11-09 18:09   ---------   d-----w   c:\program files\ALLPlayer
2008-11-09 18:08   892,928   ----a-w   c:\windows\system32\iconv.dll
2008-11-09 18:08   79,360   ----a-w   c:\windows\system32\mkzlib.dll
2008-11-09 18:08   258,048   ----a-w   c:\windows\system32\libFLAC.dll
2008-11-09 18:08   23,552   ----a-w   c:\windows\system32\mkunicode.dll
2008-11-09 18:08   163,840   ----a-w   c:\windows\system32\ts.dll
2008-11-09 18:08   159,744   ----a-w   c:\windows\system32\mmfinfo.dll
2008-11-09 18:08   148,992   ----a-w   c:\windows\system32\mkx.dll
2008-11-09 18:08   141,312   ----a-w   c:\windows\system32\mp4.dll
2008-11-09 18:08   120,832   ----a-w   c:\windows\system32\ogm.dll
2008-11-09 18:08   108,032   ----a-w   c:\windows\system32\avi.dll
2008-11-09 18:07   56,832   ----a-w   c:\windows\system32\ff_unrar.dll
2008-11-09 18:07   52,224   ----a-w   c:\windows\system32\ff_liba52.dll
2008-11-09 18:07   456,192   ----a-w   c:\windows\system32\libmplayer.dll
2008-11-09 18:07   397,312   ----a-w   c:\windows\system32\ff_libfaad2.dll
2008-11-09 18:07   3,569,152   ----a-w   c:\windows\system32\libavcodec.dll
2008-11-09 18:07   23,552   ----a-w   c:\windows\system32\ff_wmv9.dll
2008-11-09 18:07   172,032   ----a-w   c:\windows\system32\ff_libdts.dll
2008-11-09 18:07   143,360   ----a-w   c:\windows\system32\ff_libmad.dll
2008-11-09 18:07   135,168   ----a-w   c:\windows\system32\ff_samplerate.dll
2008-11-09 18:07   119,296   ----a-w   c:\windows\system32\libmpeg2_ff.dll
2008-11-09 18:07   118,784   ----a-w   c:\windows\system32\ff_realaac.dll
2008-11-09 18:07   102,912   ----a-w   c:\windows\system32\ff_tremor.dll
2008-11-09 18:06   921,600   ----a-w   c:\windows\system32\vorbisenc.dll
2008-11-09 18:06   45,056   ----a-w   c:\windows\system32\ogg.dll
2008-11-09 18:06   237,568   ----a-w   c:\windows\system32\OggDS.dll
2008-11-09 18:06   2,041,363   ----a-w   c:\windows\system32\x264vfw.dll
2008-11-09 18:06   188,416   ----a-w   c:\windows\system32\vorbis.dll
2008-11-09 18:06   1,415,680   ----a-w   c:\windows\system32\WMV9VCM.dll
2008-11-09 18:05   9,216   ----a-w   c:\windows\system32\cpuinf32.dll
2008-11-09 18:05   245,760   ----a-w   c:\windows\system32\mplvpx.dll
2008-11-09 18:04   755,027   ----a-w   c:\windows\system32\xvidcore.dll
2008-11-09 18:04   524,288   ----a-w   c:\windows\system32\DivXsm.exe
2008-11-09 18:04   159,839   ----a-w   c:\windows\system32\xvidvfw.dll
2008-11-09 18:04   ---------   d-----w   c:\program files\Real Alternative
2008-11-09 17:49   ---------   d-----w   c:\documents and settings\xp\Dane aplikacji\CyberLink
2008-11-09 17:49   ---------   d-----w   c:\documents and settings\All Users\Dane aplikacji\CyberLink
2008-11-09 17:47   ---------   d--h--w   c:\program files\InstallShield Installation Information
2008-11-09 17:44   79,718,568   ----a-w   c:\program files\CyberLink.2217D_TaRe38_On_DVD080924-02.exe
2008-11-09 17:42   2,589,362   ----a-w   c:\program files\ALLPlayer.exe
2008-11-09 09:38   ---------   d-----w   c:\documents and settings\xp\Dane aplikacji\KlipFolio
2008-10-26 20:58   7,169   ----a-w   c:\program files\hijackthis.log
2008-10-26 19:18   478,719   ----a-w   c:\program files\FixIEDef.exe
2008-09-18 21:06   1,821,923   ----a-w   c:\program files\IBANator.(www.bwportal.pl).zip
2008-07-25 13:54   1,330,904   ----a-w   c:\program files\ZENStone_PCFW_US_1_06_01.exe
2008-07-25 13:51   13,048,400   ----a-w   c:\program files\ZENStone_PCApp_CLE_L6_1_51_03.exe
2008-07-16 06:22   7,252,937   ----a-w   c:\program files\odk11.2.0308setup_[www.programosy.pl].exe
2008-07-15 18:55   1,054,680   ----a-w   c:\program files\KlipFolio-Install.exe
2008-06-18 18:35   881,896   ----a-w   c:\program files\cafenews.exe
2008-06-17 21:08   22,411,048   ----a-w   c:\program files\SkypeSetup.exe
2008-05-01 10:11   812,344   ----a-w   c:\program files\HJTInstall.exe
2008-05-01 10:11   401,720   ----a-w   c:\program files\HiJackThis.exe
2008-05-01 10:11   318,369   ----a-w   c:\program files\HiJackThis.zip
2008-01-03 16:48   6,575,800   ----a-w   c:\program files\Sunbelt-Personal-Firewall.exe
2007-11-21 19:14   38,899   ----a-w   c:\program files\SeconfigXP.zip
2007-11-21 18:51   51,232   ----a-w   c:\program files\wwdc.exe
2007-11-19 20:57   15,374,248   ----a-w   c:\program files\sdstart.exe
2007-11-19 20:17   5,361,888   ----a-w   c:\program files\kerio.exe
2007-11-16 12:52   7,037,304   ----a-w   c:\program files\DjVuBrowserPlugin.exe
2007-11-05 15:39   4,346,704   ----a-w   c:\program files\gg77.exe
2007-02-15 03:51   56   --sh--r   c:\windows\system32\59C80DF989.sys
2007-02-15 03:51   1,890   --sha-w   c:\windows\system32\KGyGaAvL.sys
.

(((((((((((((((((((((((((((((   snapshot@2008-10-26_20.37.12,07   )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-20 16:00:28   157,696   ----a-w   c:\windows\ERUNT\ERUNT.EXE
+ 2008-11-18 17:04:19   819,200   ----a-w   c:\windows\gmer.dll
+ 2008-01-18 19:31:10   757,760   ----a-w   c:\windows\gmer.exe
+ 2008-11-22 16:34:54   212,992   ----a-r   c:\windows\Installer\{A6142247-58B1-40C7-B8E0-965C1A8026A5}\ARPPRODUCTICON.exe
+ 2008-11-22 16:34:54   212,992   ----a-r   c:\windows\Installer\{A6142247-58B1-40C7-B8E0-965C1A8026A5}\NewShortcut1_9DC61B581DF64FA3938D548609601668.exe
+ 2008-11-22 16:34:54   212,992   ----a-r   c:\windows\Installer\{A6142247-58B1-40C7-B8E0-965C1A8026A5}\NewShortcut2_9DC61B581DF64FA3938D548609601668.exe
+ 2008-11-22 16:34:54   196,608   ----a-r   c:\windows\Installer\{A6142247-58B1-40C7-B8E0-965C1A8026A5}\NewShortcut3_FD0718A46CB642E2A5E52C13777FCB4A.exe
+ 2008-11-22 16:34:54   196,608   ----a-r   c:\windows\Installer\{A6142247-58B1-40C7-B8E0-965C1A8026A5}\NewShortcut4_FD0718A46CB642E2A5E52C13777FCB4A.exe
+ 2008-11-18 17:04:20   85,713   ----a-w   c:\windows\system32\drivers\gmer.sys
- 2008-06-09 23:21:01   135,168   ----a-w   c:\windows\system32\java.exe
+ 2008-11-10 04:43:37   144,792   ----a-w   c:\windows\system32\java.exe
- 2008-06-09 23:21:04   135,168   ----a-w   c:\windows\system32\javaw.exe
+ 2008-11-10 04:43:38   144,792   ----a-w   c:\windows\system32\javaw.exe
- 2008-06-10 00:32:34   139,264   ----a-w   c:\windows\system32\javaws.exe
+ 2008-11-10 04:43:39   148,888   ----a-w   c:\windows\system32\javaws.exe
+ 2005-01-20 16:25:34   339,968   ----a-w   c:\windows\system32\msvcr70.dll
- 2008-10-26 16:59:47   40,326   ----a-w   c:\windows\system32\perfc009.dat
+ 2008-12-16 16:34:43   40,326   ----a-w   c:\windows\system32\perfc009.dat
- 2008-10-26 16:59:47   49,910   ----a-w   c:\windows\system32\perfc015.dat
+ 2008-12-16 16:34:43   49,910   ----a-w   c:\windows\system32\perfc015.dat
- 2008-10-26 16:59:47   311,938   ----a-w   c:\windows\system32\perfh009.dat
+ 2008-12-16 16:34:43   311,938   ----a-w   c:\windows\system32\perfh009.dat
- 2008-10-26 16:59:47   356,068   ----a-w   c:\windows\system32\perfh015.dat
+ 2008-12-16 16:34:44   356,068   ----a-w   c:\windows\system32\perfh015.dat
+ 2008-07-30 03:00:00   278,528   ----a-w   c:\windows\system32\pncrt.dll
+ 2008-07-30 03:00:00   6,656   ----a-w   c:\windows\system32\pndx5016.dll
+ 2008-07-30 03:00:00   5,632   ----a-w   c:\windows\system32\pndx5032.dll
+ 2008-07-30 03:00:00   185,944   ----a-w   c:\windows\system32\rmoc3260.dll
+ 2008-12-21 21:40:56   16,384   ----atw   c:\windows\TEMP\Perflib_Perfdata_488.dat
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{61DB16C5-B733-43F4-872E-B20DC9E72740}]
2008-10-10 23:57   444416   --a------   c:\progra~1\ALLPLA~1\YOUTUB~1.DLL

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-04 1667584]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-14 68856]
"Odkurzacz-MCD"="c:\program files\Odkurzacz\odk_mcd.exe" [2008-03-03 266240]
"CTZDetec.exe"="c:\program files\Creative\Creative Media Lite\CTZDetec.exe" [2008-04-24 368640]
"SoftAuto.exe"="c:\program files\Creative\Software Update 3\SoftAuto.exe" [2008-05-28 401408]
"Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2007-07-09 2119104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControl"="c:\windows\ATK0100\HControl.exe" [2006-08-23 110592]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-04-27 7561216]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-04-27 86016]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-10-21 761945]
"Wireless Console 2"="c:\program files\Wireless Console 2\wcourier.exe" [2005-10-17 987136]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"RTHDCPL"="RTHDCPL.EXE" [2006-09-12 c:\windows\RTHDCPL.EXE]
"SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe]
"SMSERIAL"="sm56hlpr.exe" [2006-01-20 c:\windows\sm56hlpr.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

c:\documents and settings\All Users\Menu Start\Programy\Autostart\
InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2007-02-15 278528]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KlipFolio]
--a------ 2008-07-15 19:55 1054680 c:\program files\KlipFolio\KlipFolio.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2006-04-27 19:48 1519616 c:\windows\system32\nwiz.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Gadu-Gadu\\gg.exe"=
"c:\\Program Files\\InterVideo\\DVD7\\WinDVD.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R3 ASNDIS5;ASNDIS5 Protocol Driver;\??\c:\windows\system32\ASNDIS5.SYS [2007-02-15 16269]
R3 SynMini;USB2.0 1.3M Web Cam;c:\windows\system32\Drivers\SynMini.sys [2007-02-15 720470]
R3 SynScan;USB2.0 1.3M Web Cam Still Image;c:\windows\system32\Drivers\SynScan.sys [2007-02-15 8278]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\svcntaux.exe [2007-11-19 311112]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{375ec348-c1e7-11db-adf8-0018f3ed90c0}]
\Shell\AutoRun\command - g:\restore\S-1-5-21-1482476501-1644491937-682003330-1013\lin32.exe
\Shell\open\command - g:\restore\S-1-5-21-1482476501-1644491937-682003330-1013\lin32.exe
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://onet.pl/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd

c:\windows\system32\ArcaMicroScanUpdater.exe - c:\windows\system32\ArcaOnlineUninstall.exe
c:\windows\system32\ArcaOnline.dll
O16 -: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D}
hxxp://slimak.onet.pl/_m/wirusy/ArcaOnline.cab
c:\windows\Downloaded Program Files\ArcaOnline.inf
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-21 23:16:23
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
Czas ukończenia: 2008-12-21 23:17:00
ComboFix-quarantined-files.txt  2008-12-21 22:16:50
ComboFix2.txt  2008-11-18 16:49:48
ComboFix3.txt  2008-10-26 20:57:15
ComboFix4.txt  2008-10-26 19:38:47

Przed: 18 800 742 400 bajtów wolnych
Po: 18,884,268,032 bajtów wolnych

215


Kod: Zaznacz wszystko

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:19:07, on 2008-12-21
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Creative\Shared Files\CTDevSrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\xp\USTAWI~1\Temp\Rar$EX00.719\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://onet.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: YouTube To ALLPlayer - {61DB16C5-B733-43F4-872E-B20DC9E72740} - C:\PROGRA~1\ALLPLA~1\YOUTUB~1.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Odkurzacz-MCD] C:\Program Files\Odkurzacz\odk_mcd.exe
O4 - HKCU\..\Run: [CTZDetec.exe] "C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe"
O4 - HKCU\..\Run: [SoftAuto.exe] "C:\Program Files\Creative\Software Update 3\SoftAuto.exe"
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} - http://slimak.onet.pl/_m/wirusy/ArcaOnline.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe

--
End of file - 6562 bytes


[wojtas]

Otworz notatnik i wklej w nim to:

Driver::
sdAuxService
sdCoreService

Folder::
c:\program files\Spyware Doctor

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{375ec348-c1e7-11db-adf8-0018f3ed90c0}]

>>Plik>>Zapisz jako... >>> CFScript
Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe
-->
Ma się rozpocząć usuwanie. (i powstanie log).Daj ten log, który powstanie w trakcie usuwania.

[zielona]

Kod: Zaznacz wszystko

ComboFix 08-12-21.02 - xp 2008-12-22 17:38:38.8 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1250.1.1045.18.447.137 [GMT 1:00]
Uruchomiony z: c:\program files\ComboFix.exe
Użyto następujących komend :: c:\documents and settings\xp\Pulpit\CFScript.txt
* Utworzono nowy punkt przywracania

[COLOR=RED][B]UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !![/B][/COLOR]
.

(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Spyware Doctor
c:\program files\Spyware Doctor\alert.wav
c:\program files\Spyware Doctor\avdb\vdb.xml
c:\program files\Spyware Doctor\BH.dll
c:\program files\Spyware Doctor\bpo-sdhelp.chm
c:\program files\Spyware Doctor\bugreport.txt
c:\program files\Spyware Doctor\cdialogs.dll
c:\program files\Spyware Doctor\commhlpr.dll
c:\program files\Spyware Doctor\commlib.dll
c:\program files\Spyware Doctor\commom.dll
c:\program files\Spyware Doctor\csi-sdhelp.chm
c:\program files\Spyware Doctor\ctr-sdhelp.chm
c:\program files\Spyware Doctor\cze-sdhelp.chm
c:\program files\Spyware Doctor\Czech.lng
c:\program files\Spyware Doctor\dan-sdhelp.chm
c:\program files\Spyware Doctor\Danish.lng
c:\program files\Spyware Doctor\deu-sdhelp.chm
c:\program files\Spyware Doctor\Deutsch.lng
c:\program files\Spyware Doctor\drvctl.exe
c:\program files\Spyware Doctor\Dutch.lng
c:\program files\Spyware Doctor\eng-sdhelp.chm
c:\program files\Spyware Doctor\English.lng
c:\program files\Spyware Doctor\EnglishBritish.lng
c:\program files\Spyware Doctor\esp-sdhelp.chm
c:\program files\Spyware Doctor\euk-sdhelp.chm
c:\program files\Spyware Doctor\filehlpr.dll
c:\program files\Spyware Doctor\FileStorage.sdp
c:\program files\Spyware Doctor\fin-sdhelp.chm
c:\program files\Spyware Doctor\Finnish.lng
c:\program files\Spyware Doctor\fre-sdhelp.chm
c:\program files\Spyware Doctor\French.lng
c:\program files\Spyware Doctor\gre-sdhelp.chm
c:\program files\Spyware Doctor\history\syslog.dad
c:\program files\Spyware Doctor\history\syslog.das
c:\program files\Spyware Doctor\history\userlog.dad
c:\program files\Spyware Doctor\history\userlog.das
c:\program files\Spyware Doctor\homepage.url
c:\program files\Spyware Doctor\IDBLib.sdp
c:\program files\Spyware Doctor\ikdll.dll
c:\program files\Spyware Doctor\Immunizer.sdp
c:\program files\Spyware Doctor\inethlpr.dll
c:\program files\Spyware Doctor\ita-sdhelp.chm
c:\program files\Spyware Doctor\Italian.lng
c:\program files\Spyware Doctor\jap-sdhelp.chm
c:\program files\Spyware Doctor\klg.dat
c:\program files\Spyware Doctor\kor-sdhelp.chm
c:\program files\Spyware Doctor\Languages.xml
c:\program files\Spyware Doctor\Localizer.sdp
c:\program files\Spyware Doctor\LuLng\Czech.lng
c:\program files\Spyware Doctor\LuLng\Danish.lng
c:\program files\Spyware Doctor\LuLng\Deutsch.lng
c:\program files\Spyware Doctor\LuLng\Dutch.lng
c:\program files\Spyware Doctor\LuLng\English.lng
c:\program files\Spyware Doctor\LuLng\EnglishBritish.lng
c:\program files\Spyware Doctor\LuLng\Finnish.lng
c:\program files\Spyware Doctor\LuLng\French.lng
c:\program files\Spyware Doctor\LuLng\Italian.lng
c:\program files\Spyware Doctor\LuLng\Norwegian.lng
c:\program files\Spyware Doctor\LuLng\Polski.lng
c:\program files\Spyware Doctor\LuLng\Russian.lng
c:\program files\Spyware Doctor\LuLng\Spanish.lng
c:\program files\Spyware Doctor\LuLng\Swedish.lng
c:\program files\Spyware Doctor\msvcr80.dll
c:\program files\Spyware Doctor\ned-sdhelp.chm
c:\program files\Spyware Doctor\NfyMan.sdp
c:\program files\Spyware Doctor\nor-sdhelp.chm
c:\program files\Spyware Doctor\Norwegian.lng
c:\program files\Spyware Doctor\pbr-sdhelp.chm
c:\program files\Spyware Doctor\PCToolsComponents.bpl
c:\program files\Spyware Doctor\PCTWSC.dll
c:\program files\Spyware Doctor\plugins\Browsers.SDP
c:\program files\Spyware Doctor\plugins\cookie.sdp
c:\program files\Spyware Doctor\plugins\grAV.sdp
c:\program files\Spyware Doctor\plugins\grfiles.SDP
c:\program files\Spyware Doctor\plugins\grImmunizer.SDP
c:\program files\Spyware Doctor\plugins\grregistry.SDP
c:\program files\Spyware Doctor\plugins\KLGuard.SDP
c:\program files\Spyware Doctor\plugins\Network.SDP
c:\program files\Spyware Doctor\plugins\Process.SDP
c:\program files\Spyware Doctor\plugins\ScriptEngine.SDP
c:\program files\Spyware Doctor\plugins\SDNET.SDP
c:\program files\Spyware Doctor\plugins\StartUp.SDP
c:\program files\Spyware Doctor\pol-sdhelp.chm
c:\program files\Spyware Doctor\Polski.lng
c:\program files\Spyware Doctor\por-sdhelp.chm
c:\program files\Spyware Doctor\PWindow.dll
c:\program files\Spyware Doctor\quarantine.sdp
c:\program files\Spyware Doctor\RebootManager.sdp
c:\program files\Spyware Doctor\refdb.bin3
c:\program files\Spyware Doctor\RefDB.old
c:\program files\Spyware Doctor\RegHelper.dll
c:\program files\Spyware Doctor\rtl100.bpl
c:\program files\Spyware Doctor\rus-sdhelp.chm
c:\program files\Spyware Doctor\Russian.lng
c:\program files\Spyware Doctor\scaneng.sdp
c:\program files\Spyware Doctor\sdcore.dll
c:\program files\Spyware Doctor\sdextra.sdp
c:\program files\Spyware Doctor\sdinvoker.exe
c:\program files\Spyware Doctor\sdloader.exe
c:\program files\Spyware Doctor\sdnet\MANIFEST.1
c:\program files\Spyware Doctor\sdSTasks.def
c:\program files\Spyware Doctor\SDTrayApp.exe
c:\program files\Spyware Doctor\sdwvhlp.dll
c:\program files\Spyware Doctor\Settings.cfg
c:\program files\Spyware Doctor\Settings.sdp
c:\program files\Spyware Doctor\SH.dll
c:\program files\Spyware Doctor\smumhook(2).dll
c:\program files\Spyware Doctor\smumhook.dll
c:\program files\Spyware Doctor\Spanish.lng
c:\program files\Spyware Doctor\sporder.dll
c:\program files\Spyware Doctor\stasks.sdp
c:\program files\Spyware Doctor\svcntaux.exe
c:\program files\Spyware Doctor\swdoctor.exe
c:\program files\Spyware Doctor\swdsvc.exe
c:\program files\Spyware Doctor\swe-sdhelp.chm
c:\program files\Spyware Doctor\Swedish.lng
c:\program files\Spyware Doctor\SysAccess.dll
c:\program files\Spyware Doctor\SystemMonitor.sdp
c:\program files\Spyware Doctor\tha-sdhelp.chm
c:\program files\Spyware Doctor\tur-sdhelp.chm
c:\program files\Spyware Doctor\ugLng\Czech.lng
c:\program files\Spyware Doctor\ugLng\Danish.lng
c:\program files\Spyware Doctor\ugLng\Deutsch.lng
c:\program files\Spyware Doctor\ugLng\Dutch.lng
c:\program files\Spyware Doctor\ugLng\English.lng
c:\program files\Spyware Doctor\ugLng\EnglishBritish.lng
c:\program files\Spyware Doctor\ugLng\Finnish.lng
c:\program files\Spyware Doctor\ugLng\French.lng
c:\program files\Spyware Doctor\ugLng\Italian.lng
c:\program files\Spyware Doctor\ugLng\Norwegian.lng
c:\program files\Spyware Doctor\ugLng\Polski.lng
c:\program files\Spyware Doctor\ugLng\Russian.lng
c:\program files\Spyware Doctor\ugLng\Spanish.lng
c:\program files\Spyware Doctor\ugLng\Swedish.lng
c:\program files\Spyware Doctor\unins000.dat
c:\program files\Spyware Doctor\unins000.exe
c:\program files\Spyware Doctor\unins000.msg
c:\program files\Spyware Doctor\Update.exe
c:\program files\Spyware Doctor\Upgrade.exe
c:\program files\Spyware Doctor\upgrade.ini
c:\program files\Spyware Doctor\vcl100.bpl
c:\program files\Spyware Doctor\whitelist.sdp
c:\program files\Spyware Doctor\wlDefines.cfg

.
(((((((((((((((((((((((((((((((((((((((   Sterowniki/Usługi   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SDAUXSERVICE
-------\Legacy_SDCORESERVICE
-------\Service_sdAuxService
-------\Service_sdCoreService


(((((((((((((((((((((((((   Pliki utworzone od 2008-11-22 do 2008-12-22  )))))))))))))))))))))))))))))))
.

2008-12-21 23:02 . 2008-12-21 23:02   <DIR>   d--------   C:\ERDNT
2008-12-21 22:43 . 2008-12-21 22:43   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\Yahoo! Companion
2008-12-21 22:26 . 2008-12-21 22:26   <DIR>   d--------   c:\program files\Yahoo!
2008-12-21 22:26 . 2008-12-21 22:26   <DIR>   d--------   c:\program files\CCleaner
2008-12-21 22:25 . 2008-12-21 22:25   2,972,904   --a------   c:\program files\ccsetup214.exe
2008-12-21 22:11 . 2008-12-21 22:11   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files
2008-12-21 20:08 . 2008-12-21 20:08   38,279,184   --a------   c:\program files\kav8.0.0.506pl.exe
2008-12-20 18:10 . 2008-12-20 18:10   7,217,599   --a------   c:\program files\odk11.3.0808setup.exe
2008-12-08 17:57 . 2008-12-08 17:57   10   --a------   c:\windows\popcinfo.dat
2008-12-08 17:45 . 2008-12-08 17:45   <DIR>   d--------   c:\program files\Zylom Games
2008-12-08 17:45 . 2008-12-08 17:45   <DIR>   d--------   c:\documents and settings\xp\Dane aplikacji\Zylom
2008-12-08 17:45 . 2008-12-08 17:45   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\Zylom
2008-11-29 17:40 . 2008-11-10 05:43   410,984   --a------   c:\windows\system32\deploytk.dll
2008-11-22 17:35 . 2008-11-22 17:35   <DIR>   d--------   c:\documents and settings\xp\Dane aplikacji\ACD Systems
2008-11-22 17:34 . 2008-11-22 17:34   <DIR>   d--------   c:\program files\Common Files\ACD Systems
2008-11-22 17:34 . 2008-11-22 17:34   <DIR>   d--------   c:\program files\ACD Systems
2008-11-22 17:34 . 2008-11-22 17:34   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\ACD Systems
2008-11-22 17:28 . 2008-11-22 17:31   89,118,864   --a------   c:\program files\photoeditor2008-5-0-286-en.exe

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-21 22:14   2,885,486   ----a-r   c:\program files\ComboFix.exe
2008-12-21 21:10   ---------   d-----w   c:\program files\Alwil Software
2008-12-21 19:15   ---------   d---a-w   c:\documents and settings\All Users\Dane aplikacji\TEMP
2008-12-21 17:43   ---------   d-----w   c:\documents and settings\xp\Dane aplikacji\Skype
2008-12-21 17:23   ---------   d-----w   c:\documents and settings\xp\Dane aplikacji\skypePM
2008-12-20 17:17   ---------   d-----w   c:\program files\Odkurzacz
2008-12-19 18:47   ---------   d-----w   c:\program files\Java
2008-11-18 17:41   ---------   d-----w   c:\program files\NAPI-PROJEKT
2008-11-18 17:07   ---------   d-----w   c:\program files\DivX
2008-11-18 17:03   695,350   ----a-w   c:\program files\gmer.zip
2008-11-09 18:09   ---------   d-----w   c:\program files\ALLPlayer
2008-11-09 18:08   892,928   ----a-w   c:\windows\system32\iconv.dll
2008-11-09 18:08   79,360   ----a-w   c:\windows\system32\mkzlib.dll
2008-11-09 18:08   258,048   ----a-w   c:\windows\system32\libFLAC.dll
2008-11-09 18:08   23,552   ----a-w   c:\windows\system32\mkunicode.dll
2008-11-09 18:08   163,840   ----a-w   c:\windows\system32\ts.dll
2008-11-09 18:08   159,744   ----a-w   c:\windows\system32\mmfinfo.dll
2008-11-09 18:08   148,992   ----a-w   c:\windows\system32\mkx.dll
2008-11-09 18:08   141,312   ----a-w   c:\windows\system32\mp4.dll
2008-11-09 18:08   120,832   ----a-w   c:\windows\system32\ogm.dll
2008-11-09 18:08   108,032   ----a-w   c:\windows\system32\avi.dll
2008-11-09 18:07   56,832   ----a-w   c:\windows\system32\ff_unrar.dll
2008-11-09 18:07   52,224   ----a-w   c:\windows\system32\ff_liba52.dll
2008-11-09 18:07   456,192   ----a-w   c:\windows\system32\libmplayer.dll
2008-11-09 18:07   397,312   ----a-w   c:\windows\system32\ff_libfaad2.dll
2008-11-09 18:07   3,569,152   ----a-w   c:\windows\system32\libavcodec.dll
2008-11-09 18:07   23,552   ----a-w   c:\windows\system32\ff_wmv9.dll
2008-11-09 18:07   172,032   ----a-w   c:\windows\system32\ff_libdts.dll
2008-11-09 18:07   143,360   ----a-w   c:\windows\system32\ff_libmad.dll
2008-11-09 18:07   135,168   ----a-w   c:\windows\system32\ff_samplerate.dll
2008-11-09 18:07   119,296   ----a-w   c:\windows\system32\libmpeg2_ff.dll
2008-11-09 18:07   118,784   ----a-w   c:\windows\system32\ff_realaac.dll
2008-11-09 18:07   102,912   ----a-w   c:\windows\system32\ff_tremor.dll
2008-11-09 18:06   921,600   ----a-w   c:\windows\system32\vorbisenc.dll
2008-11-09 18:06   45,056   ----a-w   c:\windows\system32\ogg.dll
2008-11-09 18:06   237,568   ----a-w   c:\windows\system32\OggDS.dll
2008-11-09 18:06   2,041,363   ----a-w   c:\windows\system32\x264vfw.dll
2008-11-09 18:06   188,416   ----a-w   c:\windows\system32\vorbis.dll
2008-11-09 18:06   1,415,680   ----a-w   c:\windows\system32\WMV9VCM.dll
2008-11-09 18:05   9,216   ----a-w   c:\windows\system32\cpuinf32.dll
2008-11-09 18:05   245,760   ----a-w   c:\windows\system32\mplvpx.dll
2008-11-09 18:04   755,027   ----a-w   c:\windows\system32\xvidcore.dll
2008-11-09 18:04   524,288   ----a-w   c:\windows\system32\DivXsm.exe
2008-11-09 18:04   159,839   ----a-w   c:\windows\system32\xvidvfw.dll
2008-11-09 18:04   ---------   d-----w   c:\program files\Real Alternative
2008-11-09 17:49   ---------   d-----w   c:\documents and settings\xp\Dane aplikacji\CyberLink
2008-11-09 17:49   ---------   d-----w   c:\documents and settings\All Users\Dane aplikacji\CyberLink
2008-11-09 17:47   ---------   d--h--w   c:\program files\InstallShield Installation Information
2008-11-09 17:44   79,718,568   ----a-w   c:\program files\CyberLink.2217D_TaRe38_On_DVD080924-02.exe
2008-11-09 17:42   2,589,362   ----a-w   c:\program files\ALLPlayer.exe
2008-11-09 09:38   ---------   d-----w   c:\documents and settings\xp\Dane aplikacji\KlipFolio
2008-10-26 20:58   7,169   ----a-w   c:\program files\hijackthis.log
2008-10-26 19:18   478,719   ----a-w   c:\program files\FixIEDef.exe
2008-09-18 21:06   1,821,923   ----a-w   c:\program files\IBANator.(www.bwportal.pl).zip
2008-07-25 13:54   1,330,904   ----a-w   c:\program files\ZENStone_PCFW_US_1_06_01.exe
2008-07-25 13:51   13,048,400   ----a-w   c:\program files\ZENStone_PCApp_CLE_L6_1_51_03.exe
2008-07-16 06:22   7,252,937   ----a-w   c:\program files\odk11.2.0308setup_[www.programosy.pl].exe
2008-07-15 18:55   1,054,680   ----a-w   c:\program files\KlipFolio-Install.exe
2008-06-18 18:35   881,896   ----a-w   c:\program files\cafenews.exe
2008-06-17 21:08   22,411,048   ----a-w   c:\program files\SkypeSetup.exe
2008-05-01 10:11   812,344   ----a-w   c:\program files\HJTInstall.exe
2008-05-01 10:11   401,720   ----a-w   c:\program files\HiJackThis.exe
2008-05-01 10:11   318,369   ----a-w   c:\program files\HiJackThis.zip
2008-01-03 16:48   6,575,800   ----a-w   c:\program files\Sunbelt-Personal-Firewall.exe
2007-11-21 19:14   38,899   ----a-w   c:\program files\SeconfigXP.zip
2007-11-21 18:51   51,232   ----a-w   c:\program files\wwdc.exe
2007-11-19 20:57   15,374,248   ----a-w   c:\program files\sdstart.exe
2007-11-19 20:17   5,361,888   ----a-w   c:\program files\kerio.exe
2007-11-16 12:52   7,037,304   ----a-w   c:\program files\DjVuBrowserPlugin.exe
2007-11-05 15:39   4,346,704   ----a-w   c:\program files\gg77.exe
2007-02-15 03:51   56   --sh--r   c:\windows\system32\59C80DF989.sys
2007-02-15 03:51   1,890   --sha-w   c:\windows\system32\KGyGaAvL.sys
.

(((((((((((((((((((((((((((((   snapshot@2008-10-26_20.37.12,07   )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-20 19:02:28   163,328   ----a-w   c:\windows\ERDNT\subs\ERDNT.EXE
+ 2005-10-20 16:00:28   157,696   ----a-w   c:\windows\ERUNT\ERUNT.EXE
+ 2008-11-18 17:04:19   819,200   ----a-w   c:\windows\gmer.dll
+ 2008-01-18 19:31:10   757,760   ----a-w   c:\windows\gmer.exe
+ 2008-11-22 16:34:54   212,992   ----a-r   c:\windows\Installer\{A6142247-58B1-40C7-B8E0-965C1A8026A5}\ARPPRODUCTICON.exe
+ 2008-11-22 16:34:54   212,992   ----a-r   c:\windows\Installer\{A6142247-58B1-40C7-B8E0-965C1A8026A5}\NewShortcut1_9DC61B581DF64FA3938D548609601668.exe
+ 2008-11-22 16:34:54   212,992   ----a-r   c:\windows\Installer\{A6142247-58B1-40C7-B8E0-965C1A8026A5}\NewShortcut2_9DC61B581DF64FA3938D548609601668.exe
+ 2008-11-22 16:34:54   196,608   ----a-r   c:\windows\Installer\{A6142247-58B1-40C7-B8E0-965C1A8026A5}\NewShortcut3_FD0718A46CB642E2A5E52C13777FCB4A.exe
+ 2008-11-22 16:34:54   196,608   ----a-r   c:\windows\Installer\{A6142247-58B1-40C7-B8E0-965C1A8026A5}\NewShortcut4_FD0718A46CB642E2A5E52C13777FCB4A.exe
+ 2008-11-18 17:04:20   85,713   ----a-w   c:\windows\system32\drivers\gmer.sys
- 2008-06-09 23:21:01   135,168   ----a-w   c:\windows\system32\java.exe
+ 2008-11-10 04:43:37   144,792   ----a-w   c:\windows\system32\java.exe
- 2008-06-09 23:21:04   135,168   ----a-w   c:\windows\system32\javaw.exe
+ 2008-11-10 04:43:38   144,792   ----a-w   c:\windows\system32\javaw.exe
- 2008-06-10 00:32:34   139,264   ----a-w   c:\windows\system32\javaws.exe
+ 2008-11-10 04:43:39   148,888   ----a-w   c:\windows\system32\javaws.exe
+ 2005-01-20 16:25:34   339,968   ----a-w   c:\windows\system32\msvcr70.dll
- 2008-10-26 16:59:47   40,326   ----a-w   c:\windows\system32\perfc009.dat
+ 2008-12-16 16:34:43   40,326   ----a-w   c:\windows\system32\perfc009.dat
- 2008-10-26 16:59:47   49,910   ----a-w   c:\windows\system32\perfc015.dat
+ 2008-12-16 16:34:43   49,910   ----a-w   c:\windows\system32\perfc015.dat
- 2008-10-26 16:59:47   311,938   ----a-w   c:\windows\system32\perfh009.dat
+ 2008-12-16 16:34:43   311,938   ----a-w   c:\windows\system32\perfh009.dat
- 2008-10-26 16:59:47   356,068   ----a-w   c:\windows\system32\perfh015.dat
+ 2008-12-16 16:34:44   356,068   ----a-w   c:\windows\system32\perfh015.dat
+ 2008-07-30 03:00:00   278,528   ----a-w   c:\windows\system32\pncrt.dll
+ 2008-07-30 03:00:00   6,656   ----a-w   c:\windows\system32\pndx5016.dll
+ 2008-07-30 03:00:00   5,632   ----a-w   c:\windows\system32\pndx5032.dll
+ 2008-07-30 03:00:00   185,944   ----a-w   c:\windows\system32\rmoc3260.dll
+ 2008-12-22 16:41:05   16,384   ----atw   c:\windows\TEMP\Perflib_Perfdata_1b8.dat
.
-- Migawka wyzerowana --
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{61DB16C5-B733-43F4-872E-B20DC9E72740}]
2008-10-10 23:57   444416   --a------   c:\progra~1\ALLPLA~1\YOUTUB~1.DLL

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-04 1667584]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-14 68856]
"Odkurzacz-MCD"="c:\program files\Odkurzacz\odk_mcd.exe" [2008-03-03 266240]
"CTZDetec.exe"="c:\program files\Creative\Creative Media Lite\CTZDetec.exe" [2008-04-24 368640]
"SoftAuto.exe"="c:\program files\Creative\Software Update 3\SoftAuto.exe" [2008-05-28 401408]
"Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2007-07-09 2119104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControl"="c:\windows\ATK0100\HControl.exe" [2006-08-23 110592]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-04-27 7561216]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-04-27 86016]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-10-21 761945]
"Wireless Console 2"="c:\program files\Wireless Console 2\wcourier.exe" [2005-10-17 987136]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"RTHDCPL"="RTHDCPL.EXE" [2006-09-12 c:\windows\RTHDCPL.EXE]
"SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe]
"SMSERIAL"="sm56hlpr.exe" [2006-01-20 c:\windows\sm56hlpr.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

c:\documents and settings\All Users\Menu Start\Programy\Autostart\
InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2007-02-15 278528]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KlipFolio]
--a------ 2008-07-15 19:55 1054680 c:\program files\KlipFolio\KlipFolio.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2006-04-27 19:48 1519616 c:\windows\system32\nwiz.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Gadu-Gadu\\gg.exe"=
"c:\\Program Files\\InterVideo\\DVD7\\WinDVD.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R3 ASNDIS5;ASNDIS5 Protocol Driver;\??\c:\windows\system32\ASNDIS5.SYS [2007-02-15 16269]
R3 SynMini;USB2.0 1.3M Web Cam;c:\windows\system32\Drivers\SynMini.sys [2007-02-15 720470]
R3 SynScan;USB2.0 1.3M Web Cam Still Image;c:\windows\system32\Drivers\SynScan.sys [2007-02-15 8278]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://onet.pl/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie

O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd

c:\windows\system32\ArcaMicroScanUpdater.exe - c:\windows\system32\ArcaOnlineUninstall.exe
c:\windows\system32\ArcaOnline.dll
O16 -: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D}
hxxp://slimak.onet.pl/_m/wirusy/ArcaOnline.cab
c:\windows\Downloaded Program Files\ArcaOnline.inf
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-22 17:40:58
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\windows\system32\CTSVCCDA.EXE
c:\program files\Creative\Shared Files\CTDevSrv.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
c:\windows\ATK0100\ATKOSD.exe
.
**************************************************************************
.
Czas ukończenia: 2008-12-22 17:42:32 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt  2008-12-22 16:42:27
ComboFix2.txt  2008-12-21 22:17:01
ComboFix3.txt  2008-11-18 16:49:48
ComboFix4.txt  2008-10-26 20:57:15
ComboFix5.txt  2008-12-22 16:38:02

Przed: 18 854 395 904 bajtów wolnych
Po: 18,818,330,624 bajtów wolnych

384


[wojtas]

poczysc kompa tym:

http://www.programosy.pl/program,odkurzacz.html
i
http://www.programosy.pl/program,jv16-powertools.html