prosze o sprawdzenia loga

[4lyn]

Siemka.Ostatnio mam problemy z kompem, a dokladniej to:
a)gdy wlaczam kompa pokazuje mi sie komunikat "mouse not found click F1" jak potem klikam to idzie normalnie
b)przy każdym odświerzaniu strony, ogladaniu filmiku zawiesza mi sie FF (reinstall nie pomógł;w IE jest to samo)
c)Jak wchodze na dysk C komp mi sie zawiesza mi kilka minut
d)w temportary files(lub jakos tak) avast wykrył mi 2 trojany
Daje logi:

HJ

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:17:26, on 2008-02-06
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\program files\zte corporation\zxdsl852\CnxDslTb.exe
C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Program Files\Kalendarz XP\Kalendarz.exe
C:\WINDOWS\services.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Wisdom-soft ScreenHunter\ScreenHunter.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\NEOSTR~1\NeostradaTP.exe
C:\PROGRA~1\NEOSTR~1\ComComp.exe
C:\PROGRA~1\NEOSTR~1\Watch.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Rodzina\Pulpit\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MegauploadToolbar\megauploadtoolbar.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MegauploadToolbar\megauploadtoolbar.dll (file missing)
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [CnxDslTaskBar] "c:\program files\zte corporation\zxdsl852\CnxDslTb.exe" "ZTE Corporation\ZXDSL852"
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UpdateService\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Kalendarz XP] "D:\Program Files\Kalendarz XP\Kalendarz.exe"
O4 - HKLM\..\Run: [Windows] C:\WINDOWS\services.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: ScreenHunter 4.0 Free.lnk = C:\Program Files\Wisdom-soft ScreenHunter\ScreenHunter.exe
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Ściągnij przez IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Ściągnij wszystkie linki przez IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Ściągnij zawartość wideo FLV przez IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool - http://67.15.101.33/g_bin/pl/billard8_2_0_0_35.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6B88F40A-A07A-4048-8843-4D30009EDC13}: NameServer = 194.204.159.1 217.98.63.164
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IEAgentSvc - Unknown owner - C:\Documents and Settings\Rodzina\Pulpit\KaBOOM\IEAgentSvc.exe (file missing)
O23 - Service: ipfw_helper (ipfw) - Unknown owner - C:\Program Files\MCS Studios\MCS Firewall 6\system\ipfw.exe (file missing)

--
End of file - 8612 bytes

Silent Runners:

"Silent Runners.vbs", revision 55, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" = ""C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"" [file not found]
"Gadu-Gadu" = ""C:\Program Files\Gadu-Gadu\gg.exe" /tray" ["Gadu-Gadu S.A."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"ATICCC" = ""C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"" [null data]
"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]
"CnxDslTaskBar" = ""c:\program files\zte corporation\zxdsl852\CnxDslTb.exe" "ZTE Corporation\ZXDSL852"" ["Conexant Systems, Inc."]
"WOOWATCH" = "C:\PROGRA~1\NEOSTR~1\Watch.exe" ["France Télécom R&D"]
"WOOTASKBARICON" = "C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe" ["France Télécom R&D"]
"SunJavaUpdateSched" = ""C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"" ["Sun Microsystems, Inc."]
"PWRISOVM.EXE" = "C:\Program Files\PowerISO\PWRISOVM.EXE" [file not found]
"ISUSPM Startup" = "C:\PROGRA~1\COMMON~1\INSTAL~1\UpdateService\ISUSPM.exe -startup" ["InstallShield Software Corporation"]
"ISUSScheduler" = ""C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start" ["InstallShield Software Corporation"]
"DAEMON Tools-1033" = ""C:\Program Files\D-Tools\daemon.exe" -lang 1033" ["DAEMON'S HOME"]
"avast!" = "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [null data]
"Kalendarz XP" = ""D:\Program Files\Kalendarz XP\Kalendarz.exe"" [empty string]
"Windows" = "C:\WINDOWS\services.exe" [null data]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{0055C089-8582-441B-A0BF-17B458C2A3A8}\(Default) = "IDM Helper"
-> {HKLM...CLSID} = "IDMIEHlprObj Class"
\InProcServer32\(Default) = "C:\Program Files\Internet Download Manager\IDMIECC.dll" ["Tonec Inc."]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "AcroIEHlprObj Class"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{22BF413B-C6D2-4d91-82A9-A0F997BA588C}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Skype add-on (mastermind)"
\InProcServer32\(Default) = "C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll" ["Skype Technologies S.A."]
{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Winamp Toolbar BHO"
\InProcServer32\(Default) = "C:\Program Files\Winamp Toolbar\winamptb.dll" ["AOL LLC"]
{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Megaupload Toolbar"
\InProcServer32\(Default) = "C:\PROGRA~1\MegauploadToolbar\megauploadtoolbar.dll" [file not found]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll" ["Safer Networking Limited"]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll" ["Sun Microsystems, Inc."]
{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Google Toolbar Helper"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Google Toolbar Notifier BHO"
\InProcServer32\(Default) = "C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll" ["Google Inc."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
-> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{5E2121EE-0300-11D4-8D3B-444553540000}" = "Catalyst Context Menu extension"
-> {HKLM...CLSID} = "SimpleShlExt Class"
\InProcServer32\(Default) = "C:\Program Files\ATI Technologies\ATI.ACE\atiacmxx.dll" [empty string]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}" = "PowerISO"
-> {HKLM...CLSID} = "PowerISO"
\InProcServer32\(Default) = "C:\Program Files\PowerISO\PWRISOSH.DLL" ["PowerISO Computing, Inc."]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\PROGRA~1\Microsoft Office\OFFICE11\msohev.dll" [MS]
"{AD392E40-428C-459F-961E-9B147782D099}" = "UltraISO"
-> {HKLM...CLSID} = "UIContextMenu Class"
\InProcServer32\(Default) = "C:\Program Files\UltraISO\isoshell.dll" ["EZB Systems, Inc."]
"{B82D2E7F-B425-466A-B447-942771545628}" = "cm_Main"
-> {HKLM...CLSID} = "FolderMarker menu extension"
\InProcServer32\(Default) = "C:\PROGRA~1\Folder Marker\ShellExt.dll" ["ArcticLine Software"]
"{B089FE88-FB52-11D3-BDF1-0050DA34150D}" = "NOD32 Context Menu Shell Extension"
-> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Eset\nodshex.dll" [null data]
"{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
"{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}" = "UnlockerShellExtension"
-> {HKLM...CLSID} = "UnlockerShellExtension"
\InProcServer32\(Default) = "C:\Program Files\Unlocker\UnlockerCOM.dll" [null data]
"{2C49B5D0-ACE7-4D17-9DF0-A254A6C5A0C5}" = "dBpoweramp Music Converter"
-> {HKLM...CLSID} = "dMCIShell Class"
\InProcServer32\(Default) = "C:\Program Files\dBpoweramp\dMCShell.dll" ["Illustrate"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
"WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
-> {HKLM...CLSID} = "WPDShServiceObj Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS]

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\
"AppInit_DLLs" = (value not set)

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<<!>> AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]

HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]
{FED7043D-346A-414D-ACD7-550D052499A7}\(Default) = "dBpoweramp Column Handler"
-> {HKLM...CLSID} = "dBpShell Class"
\InProcServer32\(Default) = "C:\Program Files\dBpoweramp\dBShell.dll" ["Illustrate"]

HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
MagicISO\(Default) = "{DB85C504-C730-49DD-BEC1-7B39C6103B7A}"
-> {HKLM...CLSID} = "MShellExtMenu Class"
\InProcServer32\(Default) = "C:\Program Files\MagicISO\misosh.dll" ["MagicISO, Inc."]
NOD32 Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}"
-> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Eset\nodshex.dll" [null data]
PowerISO\(Default) = "{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}"
-> {HKLM...CLSID} = "PowerISO"
\InProcServer32\(Default) = "C:\Program Files\PowerISO\PWRISOSH.DLL" ["PowerISO Computing, Inc."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\
cm_Main\(Default) = "{B82D2E7F-B425-466A-B447-942771545628}"
-> {HKLM...CLSID} = "FolderMarker menu extension"
\InProcServer32\(Default) = "C:\PROGRA~1\Folder Marker\ShellExt.dll" ["ArcticLine Software"]
MagicISO\(Default) = "{DB85C504-C730-49DD-BEC1-7B39C6103B7A}"
-> {HKLM...CLSID} = "MShellExtMenu Class"
\InProcServer32\(Default) = "C:\Program Files\MagicISO\misosh.dll" ["MagicISO, Inc."]
PowerISO\(Default) = "{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}"
-> {HKLM...CLSID} = "PowerISO"
\InProcServer32\(Default) = "C:\Program Files\PowerISO\PWRISOSH.DLL" ["PowerISO Computing, Inc."]
UltraISO\(Default) = "{AD392E40-428C-459F-961E-9B147782D099}"
-> {HKLM...CLSID} = "UIContextMenu Class"
\InProcServer32\(Default) = "C:\Program Files\UltraISO\isoshell.dll" ["EZB Systems, Inc."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\
AAAAImageConvertContext\(Default) = "{C7E1EFC0-0C97-4F5C-81C4-790C9A299F8A}"
-> {HKLM...CLSID} = "ConvertImageContext.clsContextMenu"
\InProcServer32\(Default) = "C:\Program Files\Convert Image\ConvertImageContext.dll" ["SoftInterface, Inc. and Cypress Technology Solutions, Inc."]
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
MagicISO\(Default) = "{DB85C504-C730-49DD-BEC1-7B39C6103B7A}"
-> {HKLM...CLSID} = "MShellExtMenu Class"
\InProcServer32\(Default) = "C:\Program Files\MagicISO\misosh.dll" ["MagicISO, Inc."]
NOD32 Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}"
-> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Eset\nodshex.dll" [null data]
PowerISO\(Default) = "{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}"
-> {HKLM...CLSID} = "PowerISO"
\InProcServer32\(Default) = "C:\Program Files\PowerISO\PWRISOSH.DLL" ["PowerISO Computing, Inc."]
UltraISO\(Default) = "{AD392E40-428C-459F-961E-9B147782D099}"
-> {HKLM...CLSID} = "UIContextMenu Class"
\InProcServer32\(Default) = "C:\Program Files\UltraISO\isoshell.dll" ["EZB Systems, Inc."]
UnlockerShellExtension\(Default) = "{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}"
-> {HKLM...CLSID} = "UnlockerShellExtension"
\InProcServer32\(Default) = "C:\Program Files\Unlocker\UnlockerCOM.dll" [null data]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\
AAAAImageConvertContext\(Default) = "{C7E1EFC0-0C97-4F5C-81C4-790C9A299F8A}"
-> {HKLM...CLSID} = "ConvertImageContext.clsContextMenu"
\InProcServer32\(Default) = "C:\Program Files\Convert Image\ConvertImageContext.dll" ["SoftInterface, Inc. and Cypress Technology Solutions, Inc."]
UnlockerShellExtension\(Default) = "{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}"
-> {HKLM...CLSID} = "UnlockerShellExtension"
\InProcServer32\(Default) = "C:\Program Files\Unlocker\UnlockerCOM.dll" [null data]


Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\

"MemCheckBoxInRunDlg" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"NoStrCmpLogical" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\

"NoChangeAnimation" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"NoStrCmpLogical" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\

"shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}

"RunStartupScriptSync" = (REG_DWORD) dword:0x00000001
{unrecognized setting}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Rodzina\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"


Startup items in "Rodzina" & "All Users" startup folders:
---------------------------------------------------------

C:\Documents and Settings\Rodzina\Menu Start\Programy\Autostart
"ScreenHunter 4.0 Free" -> shortcut to: "C:\Program Files\Wisdom-soft ScreenHunter\ScreenHunter.exe" ["Wisdom Software Inc. "]


Enabled Scheduled Tasks:
------------------------

"Rodzina backup" -> launches: "C:\Program Files\AMUST\Registry Cleaner\RegCleaner.exe -BACKUP" [file not found]
"Rodzina scan and fix" -> launches: "C:\Program Files\AMUST\Registry Cleaner\RegCleaner.exe -SCANFIX" [file not found]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000004\LibraryPath = "C:\Program Files\Bonjour\mdnsNSP.dll" ["Apple Computer, Inc."]

Transport Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
C:\WINDOWS\system32\imon.dll ["Eset "], 01 - 05, 24
%SystemRoot%\system32\mswsock.dll [MS], 06 - 08, 11 - 23
%SystemRoot%\system32\rsvpsp.dll [MS], 09 - 10


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}"
-> {HKLM...CLSID} = "Megaupload Toolbar"
\InProcServer32\(Default) = "C:\PROGRA~1\MegauploadToolbar\megauploadtoolbar.dll" [file not found]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"
-> {HKLM...CLSID} = "Winamp Toolbar"
\InProcServer32\(Default) = "C:\Program Files\Winamp Toolbar\winamptb.dll" ["AOL LLC"]

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided)
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]
"{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}" = (no title provided)
-> {HKLM...CLSID} = "Megaupload Toolbar"
\InProcServer32\(Default) = "C:\PROGRA~1\MegauploadToolbar\megauploadtoolbar.dll" [file not found]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}" = "Winamp Toolbar"
-> {HKLM...CLSID} = "Winamp Toolbar"
\InProcServer32\(Default) = "C:\Program Files\Winamp Toolbar\winamptb.dll" ["AOL LLC"]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}"
-> {HKCU...CLSID} = "Java Plug-in 1.6.0_03"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll" ["Sun Microsystems, Inc."]
-> {HKLM...CLSID} = "Java Plug-in 1.6.0_03"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll" ["Sun Microsystems, Inc."]

{77BF5300-1474-4EC7-9980-D32B190E9B07}\
"ButtonText" = "Skype"
"CLSIDExtension" = "{77BF5300-1474-4EC7-9980-D32B190E9B07}"
-> {HKLM...CLSID} = "Skype add-on (button)"
\InProcServer32\(Default) = "C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll" ["Skype Technologies S.A."]


Miscellaneous IE Hijack Points
------------------------------

HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\
<<H>> "{08C06D61-F1F3-4799-86F8-BE1A89362C85}" = (no title provided)
-> {HKLM...CLSID} = "Search Class"
\InProcServer32\(Default) = "C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL" [empty string]

HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\
<<H>> "Tabs" = "C:\Documents and Settings\Rodzina\Dane aplikacji\MEGAUPLOADTOOLBAR\tabwelcome.html" [null data]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##, Bonjour Service, ""C:\Program Files\Bonjour\mDNSResponder.exe"" ["Apple Computer, Inc."]
avast! Antivirus, avast! Antivirus, ""C:\Program Files\Alwil Software\Avast4\ashServ.exe"" [null data]
avast! iAVS4 Control Service, aswUpdSv, ""C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"" [null data]
avast! Mail Scanner, avast! Mail Scanner, ""C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service" ["ALWIL Software"]
avast! Web Scanner, avast! Web Scanner, ""C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service" ["ALWIL Software"]
C-DillaCdaC11BA, C-DillaCdaC11BA, "C:\WINDOWS\system32\drivers\CDAC11BA.EXE" ["Macrovision"]


---------- (launch time: 2008-02-06 09:20:13)
<<!>>: Suspicious data at a malware launch point.
<<H>>: Suspicious data at a browser hijack point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 323 seconds.
---------- (total run time: 373 seconds)

SDfix:

System Report
*************

Run on 2008-02-06 at 09:34

Microsoft Windows XP [Wersja 5.1.2600]

Current user is an administrator

Running Processes:

\SystemRoot\System32\smss.exe [628]
\??\C:\WINDOWS\system32\csrss.exe [676]
\??\C:\WINDOWS\system32\winlogon.exe [704]
C:\WINDOWS\system32\services.exe [752]
C:\WINDOWS\system32\lsass.exe [764]
C:\WINDOWS\system32\svchost.exe [948]
C:\WINDOWS\system32\svchost.exe [1004]
C:\WINDOWS\System32\svchost.exe [1036]
C:\WINDOWS\system32\svchost.exe [1072]
C:\WINDOWS\system32\spoolsv.exe [1352]
C:\WINDOWS\system32\svchost.exe [1428]
C:\WINDOWS\Explorer.EXE [1660]
C:\WINDOWS\SOUNDMAN.EXE [1756]
C:\program files\zte corporation\zxdsl852\CnxDslTb.exe [1764]
C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe [1780]
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [1788]
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [1804]
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE [1820]
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [1828]
D:\Program Files\Kalendarz XP\Kalendarz.exe [1852]
C:\WINDOWS\services.exe [1936]
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [1996]
C:\Program Files\Gadu-Gadu\gg.exe [2004]
C:\Program Files\Alwil Software\Avast4\ashServ.exe [2028]
C:\Program Files\Wisdom-soft ScreenHunter\ScreenHunter.exe [2040]
C:\Program Files\Bonjour\mDNSResponder.exe [264]
C:\WINDOWS\system32\drivers\CDAC11BA.EXE [284]
C:\WINDOWS\system32\wscntfy.exe [1524]
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2300]
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2336]
C:\WINDOWS\System32\alg.exe [2484]
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe [2776]
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe [2784]
C:\PROGRA~1\NEOSTR~1\NeostradaTP.exe [3196]
C:\PROGRA~1\NEOSTR~1\ComComp.exe [3056]
C:\PROGRA~1\NEOSTR~1\Watch.exe [844]
C:\Program Files\Mozilla Firefox\firefox.exe [3364]


Drivers - Running:

Aavmker4
ACPI
AFD
ALCXWDM
AmdK8
Arp1394
aswMon2
aswRdr
aswTdi
atapi
ati2mtag
audstub
Beep
catchme
CdaC15BA
Cdfs
Cdrom
CnxEtP
CnxEtU
CnxTgNW
d347bus
d347prt
Disk
dmio
dmload
Fdc
Fips
Flpydisk
FltMgr
Ftdisk
Gpc
HidUsb
i8042prt
Imapi
IpNat
IPSec
irda
isapnp
Kbdclass
kmixer
KSecDD
Mouclass
mouhid
MountMgr
MRxDAV
MRxSmb
Msfs
mssmbios
Mup
NDIS
NdisTapi
Ndisuio
NdisWan
NDProxy
NetBIOS
NIC1394
nod32drv
Npfs
Ntfs
Null
ohci1394
papycpu2
Parport
PartMgr
ParVdm
PCI
PCIIde
PptpMiniport
PSched
Ptilink
PxHelp20
RasAcd
Rasirda
Rasl2tp
RasPppoe
Raspti
Rdbss
RDPCDD
rdpdr
redbook
RTL8023xp
SCDEmu
Secdrv
serenum
Serial
sfdrv01
sfhlp02
sfvfs02
sptd
Srv
swenum
sysaudio
Tcpip
TermDD
Update
usbehci
usbhub
usbohci
VgaSave
VolSnap
Wanarp
wdmaud
WS2IFSL


Drivers - Stopped:

Abiosdsk
abp480n5
ACPIEC
adpu160m
aec
Aha154x
aic78u2
aic78xx
AliIde
AMON
amsint
asc
asc3350p
asc3550
AsyncMac
Atdisk
Atmarpc
cbidf2k
cd20xrnt
Cdaudio
Changer
CmdIde
Cpqarray
dac960nt
dmboot
DMusic
dpti2o
drmkaud
Fastfat
hamachi
hpn
HTTP
i2omgmt
i2omp
ini910u
IntelIde
Ip6Fw
IpFilterDriver
IpInIp
ip_fw
IRENUM
lbrtfdc
MA-620
Modem
mraid35x
MSKSSRV
MSPCLOCK
MSPQM
NetBT
PCIDump
Pcmcia
PDCOMP
PDFRAME
PDRELI
PDRFRAME
perc2
perc2hib
Processor
ql1080
Ql10wnt
ql12160
ql1240
ql1280
RDPWD
rtl8139
Sfloppy
Simbad
Sparrow
splitter
sr
swmidi
symc810
symc8xx
sym_hi
sym_u3
TDPIPE
TDTCP
TosIde
Udfs
ultra
usbccgp
USBSTOR
ViaIde
WDICA
WudfPf
WudfRd


Services - Running:

ALG
aswUpdSv
AudioSrv
avast!
avast!
avast!
Bonjour
Browser
C-DillaCdaC11BA
CryptSvc
DcomLaunch
Dnscache
Eventlog
EventSystem
FastUserSwitchingCompatibility
helpsvc
Irmon
lanmanserver
lanmanworkstation
Netman
Nla
PlugPlay
ProtectedStorage
RasMan
RpcSs
SamSs
Schedule
seclogon
SENS
SharedAccess
ShellHWDetection
Spooler
TapiSrv
TermService
Themes
TrkWks
W32Time
WebClient
winmgmt
wscsvc
wuauserv
WZCSVC


Services - Stopped:

AppMgmt
aspnet_state
Ati
BITS
CiSvc
ClipSrv
clr_optimization_v2.0.50727_32
COMSysApp
Dhcp
dmadmin
dmserver
ERSvc
FLEXnet
gusvc
HidServ
HTTPFilter
IDriverT
IEAgentSvc
ImapiService
ipfw
LmHosts
MSDTC
MSIServer
NetDDE
NetDDEdsdm
Netlogon
NtLmSsp
NtmsSvc
ose
PolicyAgent
RasAuto
RDSessMgr
RemoteAccess
RemoteRegistry
RpcLocator
RSVP
SCardSvr
srservice
SSDPSRV
stisvc
SwPrv
SysmonLog
TlntSvr
upnphost
UPS
VSS
WmdmPmSN
Wmi
WmiApSrv
WMPNetworkSvc
WudfSvc
xmlprov


Files Created/Modified - 60 Days :


C:\

R´eŠÂ»˙˙ą ş˙˙Í!ZYX.‹]
.ŽECC,€&×_[ĂP.€Ő“€.€&Ő“ý.Š<+t
<-u - 1250,
Jan 25 2008 12:00:02p 458 A.... "C:\memory.txt"
Feb 6 2008 6:53:36a 703,635,456 A.SH. "C:\pagefile.sys"


C:\WINDOWS\

Feb 6 2008 6:53:40a 0 A.... "C:\WINDOWS\0.log"
Feb 6 2008 6:53:40a 2,048 A.S.. "C:\WINDOWS\bootstat.dat"
Jan 9 2008 9:42:46a 394 A.... "C:\WINDOWS\capture.ini"
Feb 4 2008 12:52:34p 714 A.... "C:\WINDOWS\CnxDslWz.log"
Feb 4 2008 12:53:24p 10,412 A.... "C:\WINDOWS\comsetup.log"
Feb 4 2008 6:58:32a 144,328 A.... "C:\WINDOWS\Directx.log"
Feb 4 2008 12:53:24p 30,914 A.... "C:\WINDOWS\FaxSetup.log"
Dec 12 2007 4:55:48p 987 A.... "C:\WINDOWS\IE4 Error Log.txt"
Feb 4 2008 12:53:24p 5,290 A.... "C:\WINDOWS\KB926239.log"
Feb 4 2008 12:53:24p 2,125 A.... "C:\WINDOWS\MedCtrOC.log"
Feb 4 2008 12:53:16p 3,323 A.... "C:\WINDOWS\MSCompPackV1.log"
Feb 4 2008 12:53:24p 9,552 A.... "C:\WINDOWS\msmqinst.log"
Feb 4 2008 12:53:24p 5,415 A.... "C:\WINDOWS\netfxocm.log"
Feb 4 2008 12:53:24p 6,307 A.... "C:\WINDOWS\ntdtcsetup.log"
Feb 4 2008 12:53:24p 13,300 A.... "C:\WINDOWS\ocgen.log"
Feb 4 2008 12:53:24p 1,930 A.... "C:\WINDOWS\ocmsn.log"
Feb 6 2008 6:04:48a 32,554 A.... "C:\WINDOWS\SchedLgU.Txt"
Feb 4 2008 1:11:26p 148,795 A.... "C:\WINDOWS\setupapi.log"
Feb 4 2008 3:11:42p 35,580 A.... "C:\WINDOWS\spupdsvc.log"
Dec 7 2007 2:59:48p 364 A.... "C:\WINDOWS\system.ini"
Feb 4 2008 12:53:24p 12,855 A.... "C:\WINDOWS\tsoc.log"
Feb 4 2008 12:53:22p 2,125 A.... "C:\WINDOWS\updspapi.log"
Feb 4 2008 3:09:18p 215 A.... "C:\WINDOWS\wiadebug.log"
Feb 4 2008 3:09:18p 50 A.... "C:\WINDOWS\wiaservc.log"
Feb 4 2008 12:52:58p 577 A.... "C:\WINDOWS\win.ini"
Feb 6 2008 6:53:58a 1,005,071 A.... "C:\WINDOWS\WindowsUpdate.log"
Feb 4 2008 12:52:14p 21,556 A.... "C:\WINDOWS\WMFDist11.log"
Feb 4 2008 12:53:08p 14,179 A.... "C:\WINDOWS\wmp11.log"
Feb 4 2008 6:02:50p 35,291 A.... "C:\WINDOWS\wmsetup.log"
Feb 4 2008 1:11:28p 3,425 A.... "C:\WINDOWS\wmsetup10.log"
Feb 4 2008 12:52:08p 316,640 A.... "C:\WINDOWS\WMSysPr9.prx"
Feb 4 2008 12:51:28p 7,430 A.... "C:\WINDOWS\Wudf01000Inst.log"
Feb 4 2008 12:51:54p 8,192 A.... "C:\WINDOWS\$NtUninstallWMFDist11$\reg00019"
Feb 4 2008 12:52:38p 8,192 A.... "C:\WINDOWS\$NtUninstallwmp11$\reg00003"
Feb 4 2008 12:52:38p 8,192 A.... "C:\WINDOWS\$NtUninstallwmp11$\reg00004"
Feb 4 2008 12:52:38p 8,192 A.... "C:\WINDOWS\$NtUninstallwmp11$\reg00005"
Feb 4 2008 12:52:38p 8,192 A.... "C:\WINDOWS\$NtUninstallwmp11$\reg00006"
Feb 4 2008 12:52:38p 8,192 A.... "C:\WINDOWS\$NtUninstallwmp11$\reg00011"
Feb 4 2008 12:52:38p 8,192 A.... "C:\WINDOWS\$NtUninstallwmp11$\reg00012"
Feb 4 2008 12:52:38p 8,192 A.... "C:\WINDOWS\$NtUninstallwmp11$\reg00013"
Feb 4 2008 12:52:38p 8,192 A.... "C:\WINDOWS\$NtUninstallwmp11$\reg00014"
Feb 4 2008 12:52:38p 8,192 A.... "C:\WINDOWS\$NtUninstallwmp11$\reg00016"
Feb 4 2008 12:52:38p 8,192 A.... "C:\WINDOWS\$NtUninstallwmp11$\reg00017"
Feb 4 2008 12:52:38p 8,192 A.... "C:\WINDOWS\$NtUninstallwmp11$\reg00018"
Feb 4 2008 12:52:38p 8,192 A.... "C:\WINDOWS\$NtUninstallwmp11$\reg00019"
Feb 4 2008 12:52:38p 8,192 A.... "C:\WINDOWS\$NtUninstallwmp11$\reg00020"
Feb 4 2008 12:52:38p 8,192 A.... "C:\WINDOWS\$NtUninstallwmp11$\reg00021"
Feb 4 2008 12:52:38p 8,192 A.... "C:\WINDOWS\$NtUninstallwmp11$\reg00022"
Feb 4 2008 12:52:40p 8,192 A.... "C:\WINDOWS\$NtUninstallwmp11$\reg00028"
Feb 4 2008 12:52:40p 8,192 A.... "C:\WINDOWS\$NtUninstallwmp11$\reg00029"
Feb 4 2008 12:52:40p 8,192 A.... "C:\WINDOWS\$NtUninstallwmp11$\reg00030"
Feb 4 2008 12:52:40p 8,192 A.... "C:\WINDOWS\$NtUninstallwmp11$\reg00031"
Feb 4 2008 12:52:40p 8,192 A.... "C:\WINDOWS\$NtUninstallwmp11$\reg00032"
Feb 4 2008 12:52:40p 8,192 A.... "C:\WINDOWS\$NtUninstallwmp11$\reg00033"
Feb 4 2008 12:52:40p 8,192 A.... "C:\WINDOWS\$NtUninstallwmp11$\reg00034"
Feb 4 2008 12:52:40p 8,192 A.... "C:\WINDOWS\$NtUninstallwmp11$\reg00035"
Feb 4 2008 12:52:40p 8,192 A.... "C:\WINDOWS\$NtUninstallwmp11$\reg00036"
Feb 4 2008 12:52:40p 8,192 A.... "C:\WINDOWS\$NtUninstallwmp11$\reg00037"
Feb 4 2008 12:52:40p 8,192 A.... "C:\WINDOWS\$NtUninstallwmp11$\reg00038"
Feb 4 2008 12:52:40p 8,192 A.... "C:\WINDOWS\$NtUninstallwmp11$\reg00039"
Feb 4 2008 12:52:40p 8,192 A.... "C:\WINDOWS\$NtUninstallwmp11$\reg00041"
Feb 4 2008 12:52:40p 8,192 A.... "C:\WINDOWS\$NtUninstallwmp11$\reg00042"
Feb 4 2008 12:52:40p 8,192 A.... "C:\WINDOWS\$NtUninstallwmp11$\reg00043"
Feb 4 2008 12:52:40p 8,192 A.... "C:\WINDOWS\$NtUninstallwmp11$\reg00044"
Feb 4 2008 12:52:40p 8,192 A.... "C:\WINDOWS\$NtUninstallwmp11$\reg00045"
Feb 4 2008 12:52:40p 12,288 A.... "C:\WINDOWS\$NtUninstallwmp11$\reg00060"
Feb 4 2008 12:52:40p 8,192 A.... "C:\WINDOWS\$NtUninstallwmp11$\reg00061"
Feb 4 2008 12:52:42p 8,192 A.... "C:\WINDOWS\$NtUninstallwmp11$\reg00062"
Feb 4 2008 12:52:42p 8,192 A.... "C:\WINDOWS\$NtUninstallwmp11$\reg00063"
Feb 4 2008 12:52:42p 8,192 A.... "C:\WINDOWS\$NtUninstallwmp11$\reg00064"
Feb 4 2008 12:52:42p 8,192 A.... "C:\WINDOWS\$NtUninstallwmp11$\reg00065"
Feb 4 2008 12:52:42p 8,192 A.... "C:\WINDOWS\$NtUninstallwmp11$\reg00066"
Feb 4 2008 12:52:42p 8,192 A.... "C:\WINDOWS\$NtUninstallwmp11$\reg00067"
Feb 4 2008 12:52:42p 8,192 A.... "C:\WINDOWS\$NtUninstallwmp11$\reg00068"
Feb 4 2008 12:52:42p 8,192 A.... "C:\WINDOWS\$NtUninstallwmp11$\reg00069"
Feb 4 2008 12:52:42p 8,192 A.... "C:\WINDOWS\$NtUninstallwmp11$\reg00071"
Dec 6 2007 5:22:04p 110,723 A.... "C:\WINDOWS\038A524F58DB438A83918F7F0CA14B9E.TMP\WiseCustomCalla.dll"
Dec 6 2007 5:22:04p 110,963 A.... "C:\WINDOWS\038A524F58DB438A83918F7F0CA14B9E.TMP\WiseCustomCalla1.dll"
Feb 6 2008 6:53:40a 0 A.... "C:\WINDOWS\Debug\PASSWD.LOG"
Jan 29 2008 5:33:58p 1,694,488 A.... "C:\WINDOWS\inf\INFCACHE.1"
Jan 29 2008 5:33:56p 6,496 A.... "C:\WINDOWS\inf\pxhelp20.PNF"
Feb 4 2008 6:02:46p 8,012 A.... "C:\WINDOWS\inf\wmp11.PNF"
Feb 4 2008 12:53:04p 16,832 A.... "C:\WINDOWS\system32\amcompat.tlb"
Dec 22 2007 7:03:28p 9,728 A.... "C:\WINDOWS\system32\BASSMOD.dll"
Feb 4 2008 6:56:58a 107,888 A.... "C:\WINDOWS\system32\CmdLineExt.dll"
Jan 9 2008 3:39:44p 1,390,280 A.... "C:\WINDOWS\system32\FNTCACHE.DAT"
Jan 15 2008 8:54:48a 5,387 A.... "C:\WINDOWS\system32\jupdate-1.6.0_03-b05.log"
Feb 4 2008 12:53:04p 23,392 A.... "C:\WINDOWS\system32\nscompat.tlb"
Feb 4 2008 3:12:44p 2,206 A.... "C:\WINDOWS\system32\wpa.dbl"
Feb 6 2008 6:53:42a 6 A..H. "C:\WINDOWS\Tasks\SA.DAT"
Feb 4 2008 12:53:24p 7,068 A.... "C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.inf"
Feb 4 2008 12:53:22p 577 A.... "C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.txt"
Feb 4 2008 12:51:28p 6,904 A.... "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.inf"
Feb 4 2008 12:51:22p 430 A.... "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.txt"
Feb 4 2008 12:52:12p 22,211 A.... "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.inf"
Feb 4 2008 12:51:54p 5,085 A.... "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.txt"
Feb 4 2008 12:53:04p 23,723 A.... "C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.inf"
Feb 4 2008 12:52:42p 5,127 A.... "C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.txt"
Feb 4 2008 12:53:16p 6,010 A.... "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.inf"
Feb 4 2008 12:53:16p 170 A.... "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.txt"
Jan 31 2008 8:54:08p 309,590 A.... "C:\WINDOWS\Debug\UserMode\userenv.bak"
Feb 6 2008 8:30:18a 33,624 A.... "C:\WINDOWS\Debug\UserMode\userenv.log"
Feb 4 2008 12:53:24p 8 A.... "C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\TimeStamp"
Feb 4 2008 12:51:28p 0 A..H. "C:\WINDOWS\system32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf"
Feb 4 2008 6:58:38a 20,316 A.... "C:\WINDOWS\system32\Macromed\Flash\install.log"
Feb 4 2008 6:58:36a 48,749 A.... "C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe"


C:\Program Files\

Feb 4 2008 3:09:02p 8,770 A.... "C:\Program Files\BearFlix\BearFlix.dat"
Jan 20 2008 4:03:46p 433,729 A.... "C:\Program Files\Crashday\unins000.dat"
Jan 20 2008 4:00:28p 674,885 A.... "C:\Program Files\Crashday\unins000.exe"
Dec 10 2007 5:20:34p 87,472 A.... "C:\Program Files\Internet Download Manager\downlWithIDM.dll"
Dec 22 2007 7:03:38p 2,573,744 A.... "C:\Program Files\Internet Download Manager\IDMan.exe"
Jan 27 2008 2:35:18p 4,909,072 ...H. "C:\Program Files\Picasa2\setup.exe"
Jan 27 2008 2:54:12p 126,406 A.... "C:\Program Files\Picasa2\Uninstall.exe"
Jan 25 2008 11:59:58a 18 A.... "C:\Program Files\Crashday\savegame\lastuser.dat"
Jan 21 2008 8:10:06p 109,712 A.... "C:\Program Files\InstallShield Installation Information\{9ABFB92D-93DA-49EE-8ABF-F8195DE45CA9}\setup.exe"
Jan 21 2008 8:10:06p 380,928 A.... "C:\Program Files\InstallShield Installation Information\{9ABFB92D-93DA-49EE-8ABF-F8195DE45CA9}\_setup.dll"
Dec 10 2007 5:40:10p 368,640 A.... "C:\Program Files\InstallShield Installation Information\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}\_setup.dll"
Feb 6 2008 6:53:56a 384,000 A.... "C:\Program Files\Alwil Software\Avast4\DATA\clnr0.dll"
Feb 6 2008 6:53:56a 156,184 A.... "C:\Program Files\Alwil Software\Avast4\DATA\dllcc0.dat"
Jan 9 2008 9:44:02a 626,688 A.... "C:\Program Files\Common Files\InstallShield\Driver\7\Intel 32\IDriver.exe"
Jan 9 2008 9:44:04a 233,472 A.... "C:\Program Files\Common Files\InstallShield\Driver\7\Intel 32\IScript7.dll"
Jan 9 2008 9:44:04a 335,872 A.... "C:\Program Files\Common Files\InstallShield\Driver\7\Intel 32\ISRT.dll"
Jan 9 2008 9:44:04a 188,416 A.... "C:\Program Files\Common Files\InstallShield\Driver\7\Intel 32\IUser7.dll"
Jan 9 2008 9:44:04a 32,768 A.... "C:\Program Files\Common Files\InstallShield\Driver\7\Intel 32\objps7.dll"
Jan 9 2008 9:44:02a 290,816 A.... "C:\Program Files\Common Files\InstallShield\Driver\7\Intel 32\_ISRES1033.dll"
Jan 21 2008 8:10:06p 184,452 A.... "C:\Program Files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iGdi.dll"
Jan 21 2008 8:10:06p 311,428 A.... "C:\Program Files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\Setup.dll"


Files with hidden attributes:

Mon 6 Feb 2006 8 A.SHR --- "C:\WINDOWS\neoqaz2.dll"
Sun 27 Jan 2008 4,909,072 ...H. --- "C:\Program Files\Picasa2\setup.exe"
Thu 15 Nov 2007 3,350 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
Fri 9 Nov 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Mon 4 Feb 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Mon 4 Feb 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
Sat 19 May 2007 4,348 A..H. --- "C:\Documents and Settings\Bracia\Moje dokumenty\Moja muzyka\Kopia zapasowa licencji\drmv1key.bak"
Sat 19 May 2007 20 A..H. --- "C:\Documents and Settings\Bracia\Moje dokumenty\Moja muzyka\Kopia zapasowa licencji\drmv1lic.bak"
Sat 19 May 2007 9,656 A.SH. --- "C:\Documents and Settings\Bracia\Moje dokumenty\Moja muzyka\Kopia zapasowa licencji\drmv2key.bak"


Catchme:

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-06 09:30:29
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40]
"khjeh"=hex:20,02,00,00,36,3d,a0,44,1e,e9,37,ef,12,b9,e9,83,5d,5f,a5,a8,16,..
"hj34z0"=hex:b1,30,18,1e,ad,e5,ff,f7,5d,03,b2,dc,82,66,e4,7d,42,3d,d0,f6,c7,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf41]
"khjeh"=hex:20,02,00,00,8e,26,a0,44,f1,33,d4,37,0a,a6,88,82,e6,53,11,e4,ce,..
"hj34z0"=hex:7a,eb,58,a6,b5,fa,9e,f6,95,0f,06,90,5a,bc,58,3d,3a,07,52,39,82,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf42]
"khjeh"=hex:20,02,00,00,ea,24,a0,44,80,1b,1e,d0,4e,6a,ee,f1,cd,28,14,93,e2,..
"hj34z0"=hex:b1,00,6d,d7,f1,36,f8,85,a1,74,03,e7,76,f4,ae,e3,26,33,ce,03,69,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Reinstall\D\n\21]
"DisplayName"="\xb973\x7791"
"DeviceDesc"="\xb973\x7791"
"ProviderName"="\x27fc\21\xee18\x7c90\x286c\21\b"
"MFG"="\xc1bf\b\xe12b\x1803\x698"
"ReinstallString"=".10.1000.7"
"DeviceInstanceIds"=str(7):"d:\stery do ms-7145\ati_system_drive_mb\atidrv\sbdrv\smbus\smbusati.inf"
source file error: C:\Documents and Settings\Rodzina\ntuser.dat

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0



Program Folders:

C:\Program Files\

Adobe
Alwil Software
AMD
Ashampoo
Aspyr Media, Inc
Atari
ATI Technologies
Azureus
BearFlix
Bonjour
CDex_150
Common Files
ComPlus Applications
Convert Image
Coolcolor Text Generator
Crashday
dBpoweramp
DIFX
directx
DivX
D-Tools
EA Sports
EACom
Eset
FLVPlayer
Folder Marker
Gadu-Gadu
GameSpy Arcade
Ganymede
Google
Grupa IMAGE
Halflife Logo Creator
Hamachi
InstallShield Installation Information
Internet Download Manager
Internet Explorer
IrfanView
IsoBuster
Java
Lavalys
MagicISO
MarBit
Mass Downloader
Media Player Classic
microsoft frontpage
Microsoft Office
Movie Maker
Mozilla Firefox
MSN Gaming Zone
Neostrada TP
netmeeting
Outlook Express
PAN Vision
Picasa2
PowerISO
Real Alternative
Realtek AC97
ReflexiveArcade
Re-Volt
rFactor
Sierra On-Line
Skype
SoundSpectrum
SprintCars 2007
Spybot - Search & Destroy
Steam
SubEdit-Player
SystemRequirementsLab
Team17
TrackMania Nations ESWC
UltraISO
Uninstall Information
Unlocker
Video mp3 Extractor
VideoLAN
Winamp
Winamp Toolbar
Windows Media Connect 2
Windows Media Player
Windows NT
WindowsUpdate
WinRAR
Winter Fun Pack 2004 for Windows XP
WinUAE
Wisdom-soft ScreenHunter
Worms 3D
Worms 4 Mayhem
Worms Blast
Worms Forts Under Siege
xerox
Xvid
zabkat
ZTE Corporation

C:\Program Files\Common Files\

Adobe
EZB Systems
InstallShield
Java
Macrovision Shared
Microsoft Shared
MSSoap
ODBC
Services
Skype
SpeechEngines
SWF Studio
System
Wise Installation Wizard


Add/Remove Programs:

18 Wheels of Steel Across America
3D Driving-School
Pakiet sterowników systemu Windows - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
Revolt wfr
AC3Filter (remove only)
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Shockwave Player
Adobe Photoshop CS3
Narzędzie Software Uninstall Utility firmy ATI
ALLPlayer V3.X
Amazing Photo Editor V6.8
Animated Waterfalls
Ashampoo Burning Studio 6
ATI Display Driver
avast! Antivirus
Azureus
Azureus Vuze
BearFlix
BearShare
SafeCast Shared Components
CDex extraction audio
Convert Image
Coolcolor Text Generator 1.0
Counter-Strike 1.6
Crashday v1.1
dBpoweramp Music Converter
Electronic Arts Game Updater
EVEREST Home Edition v2.20
Extręme Tools Manager 1.2.3
FLV Player 1.3.3
Folder Marker Pro v 2.0
Fraps
G-Force
Gadu-Gadu 7.7
GameDesire-Pool & Snooker
getPlus(R)_ocx
GTA III Real
GTAViceCarEditor 1.0.0
Hamachi 1.0.0.51
HijackThis 2.0.2
Internet Download Manager
IrfanView (remove only)
IsoBuster 2.0
IVONA - syntezator mowy, wersja rehabilitacyjna
Język Polski dla Red Faction
Windows Installer 3.1 (KB893803)
Hotfix for Windows XP (KB926239)
Mad Tracks PL 1.2
Magic ISO Maker v5.4 (build 0248)
Megaupload Toolbar
MetaProducts Mass Downloader
Microsoft .NET Framework 2.0
mIRC
Motorama 1.0
Mozilla Firefox (2.0.0.11)
Microsoft Compression Client Pack 1.0 for Windows XP
Neostrada TP
System Antywirusowy NOD32
Overspeed: High Performance Street Racing
Picasa 2
PowerISO
Print Screen Deluxe
Re-Volt - www.classic-gaming.net
Re-Volt Level Renamer 1.0.3
Real Alternative 1.52
rFactor (remove only)
Car Manager
RV House 0.90.8
Re-Volt Track Manager 1.5.6
RVTT Ladder Editor 1.2.1
Sierra Utilities
Spread
Spybot - Search & Destroy 1.4
HLTooLz
SubEdit-Player
System Requirements Lab
Testy B 2007
TrackMania Nations ESWC 1.7.9
UltraISO Premium V8.62
Unlocker 1.8.5
Video mp3 Extractor
VideoLAN VLC media player 0.8.6c
Winamp
Winamp 5.35 PL
Winamp Toolbar
Windows Media Format 11 runtime
Windows Media Player 11
Archiwizator WinRAR
Wisdom-soft ScreenHunter 4.0 Free
Windows Media Format 11 runtime
Windows Media Player 11
Microsoft User-Mode Driver Framework Feature Pack 1.0
xplorer˛ professional
Xvid 1.1.3 final uninstall
ZTE ZXDSL852
Microsoft® Winter Fun Pack 2004 for Windows® XP
Adobe Help Viewer CS3
Adobe Bridge Start Meeting
Celebrity Deathmatch
FIFA 08
Adobe WinSoft Linguistics Plugin
Gothic
Google Toolbar for Internet Explorer
PDF Settings
GTA2
Adobe Stock Photos CS3
Java(TM) SE Runtime Environment 6
Java(TM) SE Runtime Environment 6 Update 1
Java(TM) 6 Update 2
Java(TM) 6 Update 3
ATI Parental Control & Encoder
DAEMON Tools
SpPhones
Adobe Linguistics CS3
Sp5
Skype™ 3.2
Adobe Color NA Extra Settings
Tony Hawk's American Wasteland
Adobe Fonts All
SpCommon
Adobe Asset Services CS3
Microsoft .NET Framework 2.0
Microsoft Visual C++ 2005 Redistributable
Adobe Photoshop CS3
Adobe XMP Panels CS3
Sprint Cars - Road to Knoxville
Adobe Device Central CS3
Adobe Type Support
Adobe Anchor Service CS3
Rollercoaster Tycoon 3 ZE
Microsoft Office Word Viewer 2003
Counter-Strike 1.6
Adobe Bridge CS3
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Reader 7.0.5 - Polish
Adobe Camera Raw 4.0
Adobe Default Language CS3
Adobe Color EU Recommended Settings
Pivot Stickfigure Animator
AMD Processor Driver
Adobe ExtendScript Toolkit 2
Adobe Setup
Adobe Version Cue CS3 Client
Adobe PDF Library Files
GTA San Andreas
Adobe Color JA Extra Settings
Adobe Color Common Settings
Google Toolbar for Internet Explorer
Nosferatu
Sp5TTInt
ATI Catalyst Control Center
Adobe Update Manager CS3
KaBoom! Popup Blocker
Realtek AC'97 Audio
Sp5Intl
Worms World Party


Run Values:

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ATICCC"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\CLIStart.exe\""
"SoundMan"="SOUNDMAN.EXE"
"CnxDslTaskBar"="\"c:\\program files\\zte corporation\\zxdsl852\\CnxDslTb.exe\" \"ZTE Corporation\\ZXDSL852\""
"WOOWATCH"="C:\\PROGRA~1\\NEOSTR~1\\Watch.exe"
"WOOTASKBARICON"="C:\\PROGRA~1\\NEOSTR~1\\TaskbarIcon.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_03\\bin\\jusched.exe\""
"PWRISOVM.EXE"="C:\\Program Files\\PowerISO\\PWRISOVM.EXE"
"ISUSPM Startup"="C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\UpdateService\\ISUSPM.exe -startup"
"ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
"DAEMON Tools-1033"="\"C:\\Program Files\\D-Tools\\daemon.exe\" -lang 1033"
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"Kalendarz XP"="\"D:\\Program Files\\Kalendarz XP\\Kalendarz.exe\""
"Windows"="C:\\WINDOWS\\services.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe\""
"Gadu-Gadu"="\"C:\\Program Files\\Gadu-Gadu\\gg.exe\" /tray"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\AdobeUpdater]
@=""


Bot Check:

SERVICE_NAME: wscsvc
DISPLAY_NAME : Centrum zabezpiecze
START_TYPE : 2 AUTO_START

SERVICE_NAME: sharedaccess
DISPLAY_NAME : Zapora systemu Windows/Udost
START_TYPE : 2 AUTO_START

SERVICE_NAME: wuauserv
DISPLAY_NAME : Aktualizacje automatyczne
START_TYPE : 2 AUTO_START

SERVICE_NAME: srservice
DISPLAY_NAME : Us
START_TYPE : 2 AUTO_START

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole]
"EnableDCOM"="Y"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"restrictanonymous"=dword:00000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update]
"AUOptions"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify"=dword:00000000
"FirewallDisableNotify"=dword:00000000
"UpdatesDisableNotify"=dword:00000000
"AntiVirusOverride"=dword:00000000
"FirewallOverride"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control]
"WaitToKillServiceTimeout"="20000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"SfcDisable"=dword:00000000
"Shell"="Explorer.exe"
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shell extensions]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters]
"TransportBindName"="\\Device\\"


ShellExecuteHooks:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""



Environment:


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\environment
ComSpec REG_EXPAND_SZ %SystemRoot%\system32\cmd.exe
Path REG_EXPAND_SZ %systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\ATI Technologies\ATI.ACE
windir REG_EXPAND_SZ %SystemRoot%
OS REG_SZ Windows_NT
TEMP REG_EXPAND_SZ %USERPROFILE%\Ustawienia lokalne\Temp
TMP REG_EXPAND_SZ %USERPROFILE%\Ustawienia lokalne\Temp
PATHEXT REG_SZ .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

SecurityProviders:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders
SecurityProviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll


Authentication Packages:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0


Subsystem Startup:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems]
"Windows"="%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16"


Non-Default IFEO Debugger:


Non-Default Installed Components:


Non-Default Safeboot Minimal:


File Associations:


[HKEY_CLASSES_ROOT\batfile\shell\open\command]
@="\"%1\" %*"

[HKEY_CLASSES_ROOT\cmdfile\shell\open\command]
@="\"%1\" %*"

[HKEY_CLASSES_ROOT\comfile\shell\open\command]
@="\"%1\" %*"

[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"

[HKEY_CLASSES_ROOT\htafile\shell\open\command]
@="C:\\WINDOWS\\system32\\mshta.exe \"%1\" %*"

[HKEY_CLASSES_ROOT\http\shell\open\command]
@="C:\\PROGRA~1\\MOZILLA FIREFOX\\FIREFOX.EXE -requestPending -osint -url \"%1\""

[HKEY_CLASSES_ROOT\https\shell\open\command]
@="C:\\PROGRA~1\\MOZILLA FIREFOX\\FIREFOX.EXE -requestPending -osint -url \"%1\""

[HKEY_CLASSES_ROOT\htmlfile\shell\open\command]
@="\"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE\" -nohome"

[HKEY_CLASSES_ROOT\regedit\shell\open\command]
@="regedit.exe %1"

[HKEY_CLASSES_ROOT\regfile\shell\open\command]
@="regedit.exe \"%1\""

[HKEY_CLASSES_ROOT\scrfile\shell\open\command]
@="\"%1\" /S"

[HKEY_CLASSES_ROOT\txtfile\shell\open\command]
@="%SystemRoot%\system32\NOTEPAD.EXE %1"


Finished!

Bardzo prosze o pomoc

[wojtas]

Wykonaj to co jest podane w tym temacie


Wyłącz przywracanie systemu ( właściwości mój komputer-zakładka przywracanie - wyłącz przywracanie na wszystkich dyskach). po chwili wlacz je spowrotem


Zastosuj SDFix . Po pobraniu uruchom go a rozpakuje się do C:\SDFix. Uruchom komputer w trybie awaryjnym (F8 przy stracie systemu). Będąc w awaryjnym uruchom plik RunThis.bat z folderu SDFixa. Zatwierdź czyszczenie przez Y. Poczekaj aż ukończy i komputer zresetuje

Potem wejdz do folderu C:\SDFix wrzuc zawartość pliku Report.txt + log z combofixa oraz z hijacka

[4lyn]

[ Dodano: Dzisiaj o 18:17 ]

ComboFix 08-02.05.3 - Administrator 2008-02-06 17:12:25.5 - NTFSx86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.294 [GMT 1:00]
Running from: C:\Documents and Settings\Rodzina\Pulpit\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Dane aplikacji\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Dane aplikacji\Microsoft\Network\Downloader\qmgr1.dat

----- BITS: Possible infected sites -----

hxxp://www.download.windowsupdate.com
.
((((((((((((((((((((((((( Files Created from 2008-01-06 to 2008-02-06 )))))))))))))))))))))))))))))))
.

2008-02-06 17:02 . 2004-08-04 00:44 395,776 --a------ C:\kmd.exe
2008-02-06 16:38 . 2004-08-04 00:44 578,560 --a------ C:\WINDOWS\system32\dllcache\user32.dll
2008-02-04 12:53 . 2006-10-04 15:06 1,197,294 --------- C:\WINDOWS\system32\dllcache\sysmain.sdb
2008-02-04 12:53 . 2006-10-04 15:06 764,868 --------- C:\WINDOWS\system32\dllcache\apph_sp.sdb
2008-02-04 12:53 . 2006-10-04 15:06 217,118 --------- C:\WINDOWS\system32\dllcache\apphelp.sdb
2008-02-04 12:52 . 2008-02-04 12:52 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-02-04 12:51 . 2008-02-04 12:51 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-02-04 12:51 . 2008-02-04 12:52 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-02-04 12:51 . 2006-09-25 17:58 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-02-04 06:58 . 2008-02-04 06:58 <DIR> d-------- C:\Program Files\EA Sports
2008-02-04 06:56 . 2008-02-04 06:56 <DIR> dr-h----- C:\Documents and Settings\Rodzina\Dane aplikacji\SecuROM
2008-02-01 13:39 . 2008-02-01 13:39 <DIR> d-------- C:\Program Files\Aspyr Media, Inc
2008-02-01 13:38 . 2008-02-01 13:38 <DIR> d-------- C:\Program File
2008-01-27 14:54 . 2008-01-27 14:54 <DIR> d-------- C:\Program Files\Picasa2
2008-01-27 14:53 . 2008-01-27 14:53 <DIR> d-------- C:\WINDOWS\Google Toolbar
2008-01-27 14:53 . 2008-01-27 14:53 <DIR> d-------- C:\WINDOWS\__SkypeIEToolbar_Cache
2008-01-21 18:54 . 2008-02-06 17:04 <DIR> d-------- C:\Documents and Settings\Rodzina\Dane aplikacji\IDM
2008-01-21 18:54 . 2008-02-06 17:04 <DIR> d-------- C:\Documents and Settings\Rodzina\Dane aplikacji\DMCache
2008-01-20 16:01 . 2008-01-20 19:51 <DIR> d-------- C:\Program Files\Crashday

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-06 16:05 --------- d-----w C:\Program Files\Neostrada TP
2008-02-05 21:39 --------- d-----w C:\Documents and Settings\Rodzina\Dane aplikacji\Azureus
2008-02-04 11:31 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\WhiteCap (Holiday Edition)
2008-02-04 05:56 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-02-02 18:49 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-02 17:44 --------- d-----w C:\Documents and Settings\Rodzina\Dane aplikacji\Skype
2008-02-02 14:56 --------- d-----w C:\Program Files\SystemRequirementsLab
2008-02-01 12:39 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-31 17:42 --------- d-----w C:\Documents and Settings\Bracia\Dane aplikacji\Azureus
2008-01-21 19:22 --------- d-----w C:\Program Files\Internet Download Manager
2008-01-18 19:06 --------- d-----w C:\Program Files\Halflife Logo Creator
2008-01-16 16:45 --------- d-----w C:\Program Files\TrackMania Nations ESWC
2008-01-15 07:54 --------- d-----w C:\Program Files\Java
2008-01-04 16:49 --------- d-----w C:\Program Files\Gadu-Gadu
2007-12-23 10:56 --------- d-----w C:\Program Files\Azureus
2007-12-23 07:58 --------- d-----w C:\Program Files\Mass Downloader
2007-12-22 18:57 --------- d-----w C:\Documents and Settings\Bracia\Dane aplikacji\DMCache
2007-12-22 18:05 --------- d-----w C:\Documents and Settings\Bracia\Dane aplikacji\IDM
2007-12-22 17:34 --------- d-----w C:\Program Files\Wisdom-soft ScreenHunter
2007-12-17 14:18 --------- d-----w C:\Program Files\IsoBuster
2007-12-17 12:43 --------- d-----w C:\Documents and Settings\Bracia\Dane aplikacji\Nero
2007-12-06 15:36 --------- d-----w C:\Documents and Settings\Bracia\Dane aplikacji\Winamp
2007-11-21 18:23 81,920 ----a-w C:\WINDOWS\system32\frapsvid.dll
2007-11-15 17:53 3,350 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2007-11-10 17:58 4,229,496 ----a-w C:\WINDOWS\system32\SpoonUninstall.exe
2006-02-06 07:53 8 --sha-r C:\WINDOWS\neoqaz2.dll
2007-08-04 15:21 23 --sha-w C:\WINDOWS\system32\defedbbb2_r.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
2007-10-04 21:06 1135968 --a------ C:\Program Files\Winamp Toolbar\winamptb.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11D4-9B18-009027A5CD4F}
{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}
{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 10:12 90112]
"SoundMan"="SOUNDMAN.EXE" [2006-11-17 05:42 577536 C:\WINDOWS\soundman.exe]
"CnxDslTaskBar"="c:\program files\zte corporation\zxdsl852\CnxDslTb.exe" [2005-07-21 19:52 278528]
"WOOWATCH"="C:\PROGRA~1\NEOSTR~1\Watch.exe" [2005-07-21 07:33 28672]
"WOOTASKBARICON"="C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe" [2005-07-21 07:33 61440]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [ ]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UpdateService\ISUSPM.exe" [2004-06-16 05:03 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 05:03 81920]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 16:05 81920]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2006-05-31 11:02 108160]
"Kalendarz XP"="D:\Program Files\Kalendarz XP\Kalendarz.exe" [2007-05-06 16:41 1194496]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:44 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide3"="cmd.exe" [2004-08-04 00:44 395776 C:\WINDOWS\system32\cmd.exe]

C:\Documents and Settings\Rodzina\Menu Start\Programy\Autostart\
ScreenHunter 4.0 Free.lnk - C:\Program Files\Wisdom-soft ScreenHunter\ScreenHunter.exe [2007-08-25 13:05:24 409600]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"RunStartupScriptSync"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoChangeAnimation"= 0 (0x0)
"NoStrCmpLogical"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCS Firewall 6]
C:\Program Files\MCS Studios\MCS Firewall 6\mcsfw.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCPerf]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-08-15 18:37 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sXe Injected]
C:\Program Files\sXe Injected\sXe Injected.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2007-10-10 06:28 36352 C:\Program Files\Winamp\winampa.exe

S2 IEAgentSvc;IEAgentSvc;C:\Documents and Settings\Rodzina\Pulpit\KaBOOM\IEAgentSvc.exe []
S2 ipfw;ipfw_helper;C:\Program Files\MCS Studios\MCS Firewall 6\system\ipfw.exe []
S3 CnxEtP;ZTE ZXDSL852 Adapter Filter Driver;C:\WINDOWS\system32\DRIVERS\CnxEtP.sys [2005-05-20 17:27]
S3 CnxEtU;ZTE ZXDSL852 Interface Device Driver;C:\WINDOWS\system32\DRIVERS\CnxEtU.sys [2005-05-20 17:27]
S3 CnxTgNW;ZTE ZXDSL852 WAN PPPoA Adapter Driver;C:\WINDOWS\system32\DRIVERS\CnxTgNW.sys [2005-05-20 17:28]
S3 ip_fw;ipfw kernel-mode driver;C:\Program []

.
Contents of the 'Scheduled Tasks' folder
"2007-09-14 23:00:00 C:\WINDOWS\Tasks\Rodzina backup.job"
- C:\Program Files\AMUST\Registry Cleaner\RegCleaner.exe
"2007-07-20 23:20:00 C:\WINDOWS\Tasks\Rodzina scan and fix.job"
- C:\Program Files\AMUST\Registry Cleaner\RegCleaner.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-06 17:18:56
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-06 17:21:05
ComboFix-quarantined-files.txt 2008-02-06 16:20:50
ComboFix2.txt 2007-11-04 20:01:42

SDFix: Version 1.137

Run by Administrator on 2008-02-06 at 16:39

Microsoft Windows XP [Wersja 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

Trojan Files Found:

C:\WINDOWS\services.exe - Deleted





Removing Temp Files...

ADS Check:

C:\WINDOWS
: 8
Total size: 8 bytes.
WINDOWS: Odmowa dostępu.

Checking for remaining Streams

C:\WINDOWS
: 8
Total size: 8 bytes.




Final Check:

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-06 16:51:39
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Reinstall\D\n\21]
"DisplayName"="\xb973\x7791"
"DeviceDesc"="\xb973\x7791"
"ProviderName"="\x27fc\21\xee18\x7c90\x286c\21\b"
"MFG"="\xc1bf\b\xe12b\x1803\x698"
"ReinstallString"=".10.1000.7"
"DeviceInstanceIds"=str(7):"d:\stery do ms-7145\ati_system_drive_mb\atidrv\sbdrv\smbus\smbusati.inf"
source file error: C:\Documents and Settings\Rodzina\ntuser.dat

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\Gadu-Gadu\\gg.exe"="C:\\Program Files\\Gadu-Gadu\\gg.exe:*:Enabled:Gadu-Gadu - program główny"
"E:\\Super Gry\\Elasto Mania\\Belma 2 bez leveli\\belma.exe"="E:\\Super Gry\\Elasto Mania\\Belma 2 bez leveli\\belma.exe:*:Enabled:belma"
"C:\\Program Files\\Counter-Strike 1.6\\hl.exe"="C:\\Program Files\\Counter-Strike 1.6\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"C:\\Program Files\\BearFlix\\bearflix.exe"="C:\\Program Files\\BearFlix\\bearflix.exe:*:Enabled:BearFlix"
"D:\\Program Files\\Quake III Arena\\quake3.exe"="D:\\Program Files\\Quake III Arena\\quake3.exe:*:Enabled:quake3"
"C:\\Program Files\\Worms 4 Mayhem\\WORMS 4 MAYHEM.EXE"="C:\\Program Files\\Worms 4 Mayhem\\WORMS 4 MAYHEM.EXE:*:Enabled:Worms 4 Mayhem"
"C:\\Documents and Settings\\Rodzina\\Pulpit\\mIRC\\mirc.exe"="C:\\Documents and Settings\\Rodzina\\Pulpit\\mIRC\\mirc.exe:*:Enabled:mIRC"
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"="C:\\Program Files\\VideoLAN\\VLC\\vlc.exe:*:Enabled:VLC media player"
"D:\\Program Files\\Counter-Strike 1.6\\hl.exe"="D:\\Program Files\\Counter-Strike 1.6\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"="C:\\Program Files\\Winamp Remote\\bin\\Orb.exe:*:Enabled:Orb"
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe:*:Enabled:OrbTray"
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"C:\\Program Files\\Windows Media Player\\wmplayer.exe"="C:\\Program Files\\Windows Media Player\\wmplayer.exe:*:Enabled:Windows Media Player"
"C:\\Program Files\\Acclaim Entertainment\\RV House\\rv_house.exe"="C:\\Program Files\\Acclaim Entertainment\\RV House\\rv_house.exe:*:Enabled:rv_house"
"F:\\Quake III Arena\\quake3.exe"="F:\\Quake III Arena\\quake3.exe:*:Enabled:quake3"
"C:\\Program Files\\TrackMania Nations ESWC\\TmNationsESWC.exe"="C:\\Program Files\\TrackMania Nations ESWC\\TmNationsESWC.exe:*:Enabled:TmNationsESWC"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype. Take a deep breath "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

Remaining Files:
---------------

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes:

Mon 6 Feb 2006 8 A.SHR --- "C:\WINDOWS\neoqaz2.dll"
Sun 27 Jan 2008 4,909,072 ...H. --- "C:\Program Files\Picasa2\setup.exe"
Thu 15 Nov 2007 3,350 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
Fri 9 Nov 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Mon 4 Feb 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Mon 4 Feb 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
Sat 19 May 2007 4,348 A..H. --- "C:\Documents and Settings\Bracia\Moje dokumenty\Moja muzyka\Kopia zapasowa licencji\drmv1key.bak"
Sat 19 May 2007 20 A..H. --- "C:\Documents and Settings\Bracia\Moje dokumenty\Moja muzyka\Kopia zapasowa licencji\drmv1lic.bak"
Sat 19 May 2007 9,656 A.SH. --- "C:\Documents and Settings\Bracia\Moje dokumenty\Moja muzyka\Kopia zapasowa licencji\drmv2key.bak"

Finished!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:16, on 2008-02-06
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\program files\zte corporation\zxdsl852\CnxDslTb.exe
C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\D-Tools\daemon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Program Files\Kalendarz XP\Kalendarz.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Wisdom-soft ScreenHunter\ScreenHunter.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\NEOSTR~1\NeostradaTP.exe
C:\PROGRA~1\NEOSTR~1\ComComp.exe
C:\PROGRA~1\NEOSTR~1\Watch.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Rodzina\Pulpit\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MegauploadToolbar\megauploadtoolbar.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MegauploadToolbar\megauploadtoolbar.dll (file missing)
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [CnxDslTaskBar] "c:\program files\zte corporation\zxdsl852\CnxDslTb.exe" "ZTE Corporation\ZXDSL852"
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UpdateService\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Kalendarz XP] "D:\Program Files\Kalendarz XP\Kalendarz.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: ScreenHunter 4.0 Free.lnk = C:\Program Files\Wisdom-soft ScreenHunter\ScreenHunter.exe
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Ściągnij przez IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Ściągnij wszystkie linki przez IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Ściągnij zawartość wideo FLV przez IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool - http://67.15.101.33/g_bin/pl/billard8_2_0_0_35.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6B88F40A-A07A-4048-8843-4D30009EDC13}: NameServer = 194.204.159.1 217.98.63.164
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IEAgentSvc - Unknown owner - C:\Documents and Settings\Rodzina\Pulpit\KaBOOM\IEAgentSvc.exe (file missing)
O23 - Service: ipfw_helper (ipfw) - Unknown owner - C:\Program Files\MCS Studios\MCS Firewall 6\system\ipfw.exe (file missing)

--
End of file - 8568 bytes

[wojtas]

C:\kmd.exe

skasuj te plik

[4lyn]

Skasowalem, cos jeszcze jak z logami

[wojtas]

powinno byc ok czysto juz