proszę o sprawdzenie loga hijackthis i comboscana

[Szalony-Mateo]

HijackThis v1.99.1

Logfile of HijackThis v1.99.1
Scan saved at 14:28:06, on 2007-04-25
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Eset\nod32kui.exe
C:\PROGRA~1\NEOSTR~1\CnxMon.exe
C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\supervisor.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Microsoft Office\Office\1045\msoffice.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Mateusz\Pulpit\comboscan.exe
C:\DOCUME~1\Mateusz\Pulpit\Mateusz.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1557B435-8242-4686-9AA3-9265BF7525A4} - (no file)
O2 - BHO: (no name) - {99513F11-0750-45DB-8E2E-6C5FC0963561} - C:\WINDOWS\system32\geebx.dll
O2 - BHO: (no name) - {9E93A147-E3F9-47AB-BAF0-915CCAAA7034} - C:\WINDOWS\system32\cbxyabc.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [WooCnxMon] c:\PROGRA~1\NEOSTR~1\CnxMon.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1045 -lock
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [supervisor.exe] C:\WINDOWS\supervisor.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Blokuj wszystkie obrazy z tego serwera - C:\Program Files\Avant Browser\AddAllToADBlackList.htm
O8 - Extra context menu item: Dodaj do listy blokowanych reklam - C:\Program Files\Avant Browser\AddToADBlackList.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Otwórz w nowym Avant Browser - C:\Program Files\Avant Browser\OpenInNewBrowser.htm
O8 - Extra context menu item: Otwórz wszystkie adresy z tej strony... - C:\Program Files\Avant Browser\OpenAllLinks.htm
O8 - Extra context menu item: Podświetl - C:\Program Files\Avant Browser\Highlight.htm
O8 - Extra context menu item: Szukaj - C:\Program Files\Avant Browser\Search.htm
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O17 - HKLM\System\CS2\Services\Tcpip\..\{12137B10-9DF8-4061-8A1B-E6D1C730FE80}: NameServer = 194.204.152.34 217.98.63.164
O20 - Winlogon Notify: cbxyabc - C:\WINDOWS\SYSTEM32\cbxyabc.dll
O20 - Winlogon Notify: geebx - C:\WINDOWS\system32\geebx.dll
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

Comboscana

ComboScan v20070306.20 run by Mateusz on 2007-04-25 at 14:27:55
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Mateusz.exe) ---------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 14:28:06, on 2007-04-25
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Eset\nod32kui.exe
C:\PROGRA~1\NEOSTR~1\CnxMon.exe
C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\supervisor.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Microsoft Office\Office\1045\msoffice.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Mateusz\Pulpit\comboscan.exe
C:\DOCUME~1\Mateusz\Pulpit\Mateusz.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1557B435-8242-4686-9AA3-9265BF7525A4} - (no file)
O2 - BHO: (no name) - {99513F11-0750-45DB-8E2E-6C5FC0963561} - C:\WINDOWS\system32\geebx.dll
O2 - BHO: (no name) - {9E93A147-E3F9-47AB-BAF0-915CCAAA7034} - C:\WINDOWS\system32\cbxyabc.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [WooCnxMon] c:\PROGRA~1\NEOSTR~1\CnxMon.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1045 -lock
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [supervisor.exe] C:\WINDOWS\supervisor.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Blokuj wszystkie obrazy z tego serwera - C:\Program Files\Avant Browser\AddAllToADBlackList.htm
O8 - Extra context menu item: Dodaj do listy blokowanych reklam - C:\Program Files\Avant Browser\AddToADBlackList.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Otwórz w nowym Avant Browser - C:\Program Files\Avant Browser\OpenInNewBrowser.htm
O8 - Extra context menu item: Otwórz wszystkie adresy z tej strony... - C:\Program Files\Avant Browser\OpenAllLinks.htm
O8 - Extra context menu item: Podświetl - C:\Program Files\Avant Browser\Highlight.htm
O8 - Extra context menu item: Szukaj - C:\Program Files\Avant Browser\Search.htm
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O17 - HKLM\System\CS2\Services\Tcpip\..\{12137B10-9DF8-4061-8A1B-E6D1C730FE80}: NameServer = 194.204.152.34 217.98.63.164
O20 - Winlogon Notify: cbxyabc - C:\WINDOWS\SYSTEM32\cbxyabc.dll
O20 - Winlogon Notify: geebx - C:\WINDOWS\system32\geebx.dll
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe


-- Files created between 2007-03-25 and 2007-04-25 -----------------------------

2007-04-24 19:06:00 473227 ---hs---- C:\WINDOWS\system32\xbeeg.bak1<XBEEG~1.BAK>
2007-04-24 19:05:36 281172 ---hs---- C:\WINDOWS\system32\geebx.dll
2007-04-24 18:24:44 26678 --a------ C:\WINDOWS\system32\hggffcy.dll
2007-04-24 18:24:04 26678 --a------ C:\WINDOWS\system32\ddcccyy.dll
2007-04-24 18:22:42 26678 --a------ C:\WINDOWS\system32\mljjigf.dll
2007-04-24 18:21:27 26678 --a------ C:\WINDOWS\system32\cbxyabc.dll
2007-04-24 18:19:03 0 d-------- C:\Program Files\Sunbelt Software<SUNBEL~1>
2007-04-23 21:09:39 0 d-------- C:\Program Files\CodeStuff<CODEST~1>
2007-04-23 14:07:17 0 d-------- C:\Program Files\ATS2
2007-04-21 22:28:09 493590 ---hs---- C:\WINDOWS\system32\hjjlm.ini2<HJJLM~1.INI>
2007-04-18 12:21:11 0 d-------- C:\Program Files\MSXML 4.0<MSXML4~1.0>
2007-04-17 21:17:34 474321 ---hs---- C:\WINDOWS\system32\hjjlm.bak2<HJJLM~2.BAK>
2007-04-15 19:37:46 0 d-------- C:\NERO 7<NERO7~1>
2007-04-15 13:58:51 474140 ---hs---- C:\WINDOWS\system32\hjjlm.bak1<HJJLM~1.BAK>
2007-04-01 19:36:10 0 d-------- C:\DYSK F<DYSKF~1>
2007-03-31 19:06:24 0 d-------- C:\Program Files\Common Files\NSV


-- Find3M Report ---------------------------------------------------------------

2007-04-25 14:27:26 436322 --a------ C:\WINDOWS\system32\perfh015.dat
2007-04-25 14:27:26 67298 --a------ C:\WINDOWS\system32\perfc015.dat
2007-04-25 14:13:20 0 d-------- C:\Program Files\eMule
2007-04-24 20:18:00 0 d-------- C:\Program Files\a-squared Free<A-SQUA~1>
2007-04-24 16:18:39 0 d-------- C:\Program Files\DAP
2007-04-21 23:25:44 0 d-------- C:\Program Files\Winamp
2007-04-21 23:25:34 0 d---s---- C:\Documents and Settings\Mateusz\Dane aplikacji\Microsoft<MICROS~1>
2007-04-21 23:25:32 0 d-------- C:\Program Files\HDD Regenerator<HDDREG~1>
2007-04-15 23:29:02 0 d-------- C:\Program Files\RegCleaner<REGCLE~1>
2007-04-15 17:26:52 0 d-------- C:\Documents and Settings\Mateusz\Dane aplikacji\Ahead
2007-04-15 17:25:45 0 d-------- C:\Program Files\Common Files\Ahead
2007-04-08 08:15:55 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1>
2007-03-17 20:54:17 1028 --a------ C:\WINDOWS\unins001.dat
2007-03-17 15:45:36 293376 --a------ C:\WINDOWS\system32\winsrv.dll
2007-03-13 20:56:16 33634 --a------ C:\WINDOWS\DIIUnin.dat
2007-03-13 20:52:03 2829 --a------ C:\WINDOWS\DIIUnin.pif
2007-03-13 20:52:03 106496 --a------ C:\WINDOWS\DIIUnin.exe
2007-03-12 22:28:04 0 d-------- C:\Documents and Settings\Mateusz\Dane aplikacji\AdobeUM
2007-03-12 20:40:33 0 d-------- C:\Documents and Settings\Mateusz\Dane aplikacji\Real
2007-03-12 20:39:58 0 d-------- C:\Program Files\Real Alternative<REALAL~1>
2007-03-12 20:39:54 0 d-------- C:\Program Files\Media Player Classic<MEDIAP~1>
2007-03-12 13:51:08 972336 --a------ C:\WINDOWS\UNNeroMediaHome.exe<UNNERO~4.EXE>
2007-03-11 23:06:03 0 d-------- C:\Program Files\Borland
2007-03-11 23:06:02 0 d-------- C:\Program Files\Cartall
2007-03-11 22:47:49 0 d-------- C:\Program Files\D-Tools
2007-03-11 21:56:07 0 d-------- C:\Program Files\CDex_151
2007-03-11 21:39:52 0 d-------- C:\Program Files\PITy
2007-03-11 21:39:22 0 d-------- C:\Program Files\Słownik<SOWNIK~1>
2007-03-11 21:38:10 0 d-------- C:\Documents and Settings\Mateusz\Dane aplikacji\Tlen.pl
2007-03-11 21:38:06 0 d-------- C:\Program Files\Tlen.pl
2007-03-11 19:33:59 0 d-------- C:\Program Files\Avant Browser<AVANTB~1>
2007-03-11 19:14:26 0 d-------- C:\Documents and Settings\Mateusz\Dane aplikacji\Avant Profiles<AVANTP~1>
2007-03-11 19:02:28 0 d-------- C:\Documents and Settings\Mateusz\Dane aplikacji\Macromedia<MACROM~1>
2007-03-11 18:46:06 0 d-------- C:\Program Files\Lavasoft
2007-03-11 18:44:40 0 d-------- C:\Documents and Settings\Mateusz\Dane aplikacji\Lavasoft
2007-03-11 15:23:25 0 d-------- C:\Program Files\Messenger<MESSEN~1>
2007-03-11 11:40:39 0 d-------- C:\Program Files\Neostrada TP<NEOSTR~1>
2007-03-11 11:38:52 0 d-------- C:\Documents and Settings\Mateusz\Dane aplikacji\Adobe
2007-03-10 20:47:52 0 d-------- C:\Program Files\Common Files\InstallShield<INSTAL~1>
2007-03-10 19:29:23 0 d-------- C:\Documents and Settings\Mateusz\Dane aplikacji\Media Player Classic<MEDIAP~1>
2007-03-10 18:52:03 0 d-------- C:\Program Files\QuickTime<QUICKT~1>
2007-03-10 18:52:02 0 d-------- C:\Program Files\Xilisoft
2007-03-10 00:25:05 0 d-------- C:\Program Files\Common Files\Real
2007-03-09 13:24:29 0 d-------- C:\Program Files\Java Web Start<JAVAWE~1>
2007-03-09 12:37:12 50688 --a------ C:\WINDOWS\system32\wbhelp2.dll
2007-03-09 12:31:48 0 d-------- C:\Program Files\Nero
2007-03-09 11:49:36 0 d-------- C:\Program Files\Przegladarka migawek<PRZEGL~1>
2007-03-09 11:44:39 0 d-------- C:\Documents and Settings\Mateusz\Dane aplikacji\Microsoft Web Folders<MICROS~2>
2007-03-09 11:41:01 0 d--h----- C:\Program Files\WindowsUpdate<WINDOW~2>
2007-03-09 11:35:04 298104 --a------ C:\WINDOWS\system32\imon.dll
2007-03-09 11:28:25 0 d-------- C:\Program Files\Movie Maker<MOVIEM~1>
2007-03-09 11:25:45 0 d-------- C:\Program Files\Windows NT<WINDOW~1>
2007-03-09 11:16:32 0 d-------- C:\Program Files\Hewlett-Packard<HEWLET~1>
2007-03-09 11:16:20 0 d-------- C:\Program Files\hp deskjet 3320 series<HPDESK~1>
2007-03-09 10:45:05 0 d-------- C:\Program Files\aod
2007-03-09 10:35:13 0 d-------- C:\Documents and Settings\Mateusz\Dane aplikacji\Help
2007-03-09 10:29:30 0 d-------- C:\Program Files\Thomson
2007-03-09 10:28:54 0 d-------- C:\Program Files\Java
2007-03-09 10:12:55 0 d-------- C:\Program Files\K-Lite Codec Pack<K-LITE~1>
2007-03-09 10:08:20 984 --a------ C:\WINDOWS\unins000.dat
2007-03-09 10:00:49 0 d-------- C:\Program Files\Common Files\Adobe
2007-03-09 09:57:53 0 d-------- C:\Program Files\SiSLan
2007-03-09 09:56:56 0 d-------- C:\Program Files\Analog Devices<ANALOG~1>
2007-03-09 09:56:55 44 --a------ C:\WINDOWS\system32\msssc.dll
2007-03-09 01:09:52 0 d-------- C:\Documents and Settings\Mateusz\Dane aplikacji\Identities<IDENTI~1>
2007-03-09 01:04:57 0 d-------- C:\Program Files\microsoft frontpage<MICROS~1>
2007-03-09 01:04:36 0 -rahs---- C:\MSDOS.SYS
2007-03-09 01:04:36 0 -rahs---- C:\IO.SYS
2007-03-09 01:04:36 0 --a------ C:\CONFIG.SYS
2007-03-09 01:04:36 0 --a------ C:\AUTOEXEC.BAT
2007-03-09 01:03:21 0 d-------- C:\Program Files\Usługi online<USUGIO~1>
2007-03-09 01:02:15 0 d-------- C:\Program Files\Common Files\MSSoap
2007-03-09 01:01:35 21856 --a------ C:\WINDOWS\system32\emptyregdb.dat<EMPTYR~1.DAT>
2007-03-09 01:01:04 0 d-------- C:\Program Files\MSN Gaming Zone<MSNGAM~1>
2007-03-09 00:54:25 0 d-------- C:\Program Files\Common Files\ODBC
2007-03-09 00:54:22 0 d-------- C:\Program Files\Common Files\SpeechEngines<SPEECH~1>
2007-03-09 00:54:01 62 --ahs---- C:\Documents and Settings\Mateusz\Dane aplikacji\desktop.ini
2007-03-08 17:38:47 579072 --a------ C:\WINDOWS\system32\user32.dll
2007-03-08 17:38:47 40960 --a------ C:\WINDOWS\system32\mf3216.dll
2007-03-08 17:38:47 281600 --a------ C:\WINDOWS\system32\gdi32.dll
2007-03-08 17:37:33 1843840 --a------ C:\WINDOWS\system32\win32k.sys
2007-02-28 20:53:50 972336 --a------ C:\WINDOWS\UNNeroVision.exe<UNNERO~1.EXE>
2007-02-28 15:41:02 972336 --a------ C:\WINDOWS\UNNeroShowTime.exe<UNNERO~3.EXE>
2007-02-05 22:19:48 185856 --a------ C:\WINDOWS\system32\upnphost.dll
2007-01-29 10:58:06 60416 -----n--- C:\WINDOWS\system32\tzchange.exe


-- Registry Dump ---------------------------------------------------------------


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"supervisor.exe"="C:\\WINDOWS\\supervisor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Smapp"="C:\\Program Files\\Analog Devices\\SoundMAX\\SMTray.exe"
"nwiz"="nwiz.exe /install"
"SpeedTouch USB Diagnostics"="\"C:\\Program Files\\Thomson\\SpeedTouch USB\\Dragdiag.exe\" /icon"
"HPDJ Taskbar Utility"="C:\\WINDOWS\\System32\\spool\\drivers\\w32x86\\3\\hpztsb07.exe"
"nod32kui"="\"C:\\Program Files\\Eset\\nod32kui.exe\" /WAITSERVICE"
"WooCnxMon"="c:\\PROGRA~1\\NEOSTR~1\\CnxMon.exe"
"WOOWATCH"="C:\\PROGRA~1\\NEOSTR~1\\Watch.exe"
"WOOTASKBARICON"="C:\\PROGRA~1\\NEOSTR~1\\TaskbarIcon.exe"
"DAEMON Tools-1033"="\"C:\\Program Files\\D-Tools\\daemon.exe\" -lang 1045 -lock"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{6148028B-D532-4417-8C0B-5A4A0B745393}"=""
"{9E93A147-E3F9-47AB-BAF0-915CCAAA7034}"=""

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbxyabc
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\geebx

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0



-- End of ComboScan: finished at 2007-04-25 at 14:30:43 ------------------------

Ewido usunął jakieś trojany, ale po restarcie kompa włączam go od nowa i znowu są te trojany.
Anty-wira mam NOD32
Skanowałem też:
Anti-Trojan Shield
Ad-Aware SE
a-squared Free 2.0
Wykryły różne bródy i je usuneły ale nadal dziwnie się zachowuje komp.
Dzisiaj rano jak próbowałem się połączyć z netem to mi wyświetliło ekran śmierci (cały niebieski) i robiło zrzut pamięci.

[Red]

zacznij od zastosowania:

http://siri.urz.free.fr/Fix/SmitfraudFix_En.php

z opcji 2

oraz


http://securityresponse.symantec.com/avcenter/FixVundo.exe

[Szalony-Mateo]

SmitfraudFix znalazł dwa pliki z tego jednego nie mógł uaunąć.
FixVundo nic nie znalazł.
Oto nowe logi:

HijackThis v1.99.1

Logfile of HijackThis v1.99.1
Scan saved at 15:53:22, on 2007-04-25
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Eset\nod32kui.exe
C:\PROGRA~1\NEOSTR~1\CnxMon.exe
C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\supervisor.exe
C:\Program Files\Microsoft Office\Office\1045\msoffice.exe
C:\Program Files\DAP\DAP.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Avant Browser\avant.exe
C:\Documents and Settings\Mateusz\Pulpit\comboscan.exe
C:\DOCUME~1\Mateusz\Pulpit\Mateusz.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1557B435-8242-4686-9AA3-9265BF7525A4} - (no file)
O2 - BHO: (no name) - {99513F11-0750-45DB-8E2E-6C5FC0963561} - C:\WINDOWS\system32\geebx.dll
O2 - BHO: (no name) - {9E93A147-E3F9-47AB-BAF0-915CCAAA7034} - C:\WINDOWS\system32\cbxyabc.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [WooCnxMon] c:\PROGRA~1\NEOSTR~1\CnxMon.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1045 -lock
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [supervisor.exe] C:\WINDOWS\supervisor.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Blokuj wszystkie obrazy z tego serwera - C:\Program Files\Avant Browser\AddAllToADBlackList.htm
O8 - Extra context menu item: Dodaj do listy blokowanych reklam - C:\Program Files\Avant Browser\AddToADBlackList.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Otwórz w nowym Avant Browser - C:\Program Files\Avant Browser\OpenInNewBrowser.htm
O8 - Extra context menu item: Otwórz wszystkie adresy z tej strony... - C:\Program Files\Avant Browser\OpenAllLinks.htm
O8 - Extra context menu item: Podświetl - C:\Program Files\Avant Browser\Highlight.htm
O8 - Extra context menu item: Szukaj - C:\Program Files\Avant Browser\Search.htm
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{12137B10-9DF8-4061-8A1B-E6D1C730FE80}: NameServer = 194.204.152.34 217.98.63.164
O17 - HKLM\System\CS1\Services\Tcpip\..\{12137B10-9DF8-4061-8A1B-E6D1C730FE80}: NameServer = 194.204.152.34 217.98.63.164
O17 - HKLM\System\CS2\Services\Tcpip\..\{12137B10-9DF8-4061-8A1B-E6D1C730FE80}: NameServer = 194.204.152.34 217.98.63.164
O20 - Winlogon Notify: cbxyabc - C:\WINDOWS\SYSTEM32\cbxyabc.dll
O20 - Winlogon Notify: geebx - C:\WINDOWS\system32\geebx.dll
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

ComboScan

ComboScan v20070306.20 run by Mateusz on 2007-04-25 at 15:53:11
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Mateusz.exe) ---------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 15:53:22, on 2007-04-25
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Eset\nod32kui.exe
C:\PROGRA~1\NEOSTR~1\CnxMon.exe
C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\supervisor.exe
C:\Program Files\Microsoft Office\Office\1045\msoffice.exe
C:\Program Files\DAP\DAP.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Avant Browser\avant.exe
C:\Documents and Settings\Mateusz\Pulpit\comboscan.exe
C:\DOCUME~1\Mateusz\Pulpit\Mateusz.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1557B435-8242-4686-9AA3-9265BF7525A4} - (no file)
O2 - BHO: (no name) - {99513F11-0750-45DB-8E2E-6C5FC0963561} - C:\WINDOWS\system32\geebx.dll
O2 - BHO: (no name) - {9E93A147-E3F9-47AB-BAF0-915CCAAA7034} - C:\WINDOWS\system32\cbxyabc.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [WooCnxMon] c:\PROGRA~1\NEOSTR~1\CnxMon.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1045 -lock
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [supervisor.exe] C:\WINDOWS\supervisor.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Blokuj wszystkie obrazy z tego serwera - C:\Program Files\Avant Browser\AddAllToADBlackList.htm
O8 - Extra context menu item: Dodaj do listy blokowanych reklam - C:\Program Files\Avant Browser\AddToADBlackList.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Otwórz w nowym Avant Browser - C:\Program Files\Avant Browser\OpenInNewBrowser.htm
O8 - Extra context menu item: Otwórz wszystkie adresy z tej strony... - C:\Program Files\Avant Browser\OpenAllLinks.htm
O8 - Extra context menu item: Podświetl - C:\Program Files\Avant Browser\Highlight.htm
O8 - Extra context menu item: Szukaj - C:\Program Files\Avant Browser\Search.htm
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{12137B10-9DF8-4061-8A1B-E6D1C730FE80}: NameServer = 194.204.152.34 217.98.63.164
O17 - HKLM\System\CS1\Services\Tcpip\..\{12137B10-9DF8-4061-8A1B-E6D1C730FE80}: NameServer = 194.204.152.34 217.98.63.164
O17 - HKLM\System\CS2\Services\Tcpip\..\{12137B10-9DF8-4061-8A1B-E6D1C730FE80}: NameServer = 194.204.152.34 217.98.63.164
O20 - Winlogon Notify: cbxyabc - C:\WINDOWS\SYSTEM32\cbxyabc.dll
O20 - Winlogon Notify: geebx - C:\WINDOWS\system32\geebx.dll
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe


-- Files created between 2007-03-25 and 2007-04-25 -----------------------------

2007-04-25 15:25:31 2278 --a------ C:\WINDOWS\system32\tmp.reg
2007-04-25 15:23:24 79360 --a------ C:\WINDOWS\system32\swxcacls.exe
2007-04-25 15:23:24 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-04-25 15:23:24 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-04-25 15:23:23 40960 --a------ C:\WINDOWS\system32\swsc.exe
2007-04-25 15:23:23 135168 --a------ C:\WINDOWS\system32\swreg.exe
2007-04-25 15:23:23 53248 --a------ C:\WINDOWS\system32\Process.exe
2007-04-25 15:13:24 476864 ---hs---- C:\WINDOWS\system32\xbeeg.ini2<XBEEG~1.INI>
2007-04-24 19:06:00 473227 ---hs---- C:\WINDOWS\system32\xbeeg.bak1<XBEEG~1.BAK>
2007-04-24 19:05:36 281172 ---hs---- C:\WINDOWS\system32\geebx.dll
2007-04-24 18:24:44 26678 --a------ C:\WINDOWS\system32\hggffcy.dll
2007-04-24 18:24:04 26678 --a------ C:\WINDOWS\system32\ddcccyy.dll
2007-04-24 18:22:42 26678 --a------ C:\WINDOWS\system32\mljjigf.dll
2007-04-24 18:21:27 26678 --a------ C:\WINDOWS\system32\cbxyabc.dll
2007-04-24 18:19:03 0 d-------- C:\Program Files\Sunbelt Software<SUNBEL~1>
2007-04-23 21:09:39 0 d-------- C:\Program Files\CodeStuff<CODEST~1>
2007-04-23 14:07:17 0 d-------- C:\Program Files\ATS2
2007-04-21 22:28:09 493590 ---hs---- C:\WINDOWS\system32\hjjlm.ini2<HJJLM~1.INI>
2007-04-18 12:21:11 0 d-------- C:\Program Files\MSXML 4.0<MSXML4~1.0>
2007-04-17 21:17:34 474321 ---hs---- C:\WINDOWS\system32\hjjlm.bak2<HJJLM~2.BAK>
2007-04-15 19:37:46 0 d-------- C:\NERO 7<NERO7~1>
2007-04-15 13:58:51 474140 ---hs---- C:\WINDOWS\system32\hjjlm.bak1<HJJLM~1.BAK>
2007-04-01 19:36:10 0 d-------- C:\DYSK F<DYSKF~1>
2007-03-31 19:06:24 0 d-------- C:\Program Files\Common Files\NSV


-- Find3M Report ---------------------------------------------------------------

2007-04-25 14:51:06 0 d-------- C:\Program Files\a-squared Free<A-SQUA~1>
2007-04-25 14:27:26 436322 --a------ C:\WINDOWS\system32\perfh015.dat
2007-04-25 14:27:26 67298 --a------ C:\WINDOWS\system32\perfc015.dat
2007-04-25 14:13:20 0 d-------- C:\Program Files\eMule
2007-04-24 16:18:39 0 d-------- C:\Program Files\DAP
2007-04-21 23:25:44 0 d-------- C:\Program Files\Winamp
2007-04-21 23:25:34 0 d---s---- C:\Documents and Settings\Mateusz\Dane aplikacji\Microsoft<MICROS~1>
2007-04-21 23:25:32 0 d-------- C:\Program Files\HDD Regenerator<HDDREG~1>
2007-04-15 23:29:02 0 d-------- C:\Program Files\RegCleaner<REGCLE~1>
2007-04-15 17:26:52 0 d-------- C:\Documents and Settings\Mateusz\Dane aplikacji\Ahead
2007-04-15 17:25:45 0 d-------- C:\Program Files\Common Files\Ahead
2007-04-08 08:15:55 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1>
2007-03-17 20:54:17 1028 --a------ C:\WINDOWS\unins001.dat
2007-03-17 15:45:36 293376 --a------ C:\WINDOWS\system32\winsrv.dll
2007-03-13 20:56:16 33634 --a------ C:\WINDOWS\DIIUnin.dat
2007-03-13 20:52:03 2829 --a------ C:\WINDOWS\DIIUnin.pif
2007-03-13 20:52:03 106496 --a------ C:\WINDOWS\DIIUnin.exe
2007-03-12 22:28:04 0 d-------- C:\Documents and Settings\Mateusz\Dane aplikacji\AdobeUM
2007-03-12 20:40:33 0 d-------- C:\Documents and Settings\Mateusz\Dane aplikacji\Real
2007-03-12 20:39:58 0 d-------- C:\Program Files\Real Alternative<REALAL~1>
2007-03-12 20:39:54 0 d-------- C:\Program Files\Media Player Classic<MEDIAP~1>
2007-03-12 13:51:08 972336 --a------ C:\WINDOWS\UNNeroMediaHome.exe<UNNERO~4.EXE>
2007-03-11 23:06:03 0 d-------- C:\Program Files\Borland
2007-03-11 23:06:02 0 d-------- C:\Program Files\Cartall
2007-03-11 22:47:49 0 d-------- C:\Program Files\D-Tools
2007-03-11 21:56:07 0 d-------- C:\Program Files\CDex_151
2007-03-11 21:39:52 0 d-------- C:\Program Files\PITy
2007-03-11 21:39:22 0 d-------- C:\Program Files\Słownik<SOWNIK~1>
2007-03-11 21:38:10 0 d-------- C:\Documents and Settings\Mateusz\Dane aplikacji\Tlen.pl
2007-03-11 21:38:06 0 d-------- C:\Program Files\Tlen.pl
2007-03-11 19:33:59 0 d-------- C:\Program Files\Avant Browser<AVANTB~1>
2007-03-11 19:14:26 0 d-------- C:\Documents and Settings\Mateusz\Dane aplikacji\Avant Profiles<AVANTP~1>
2007-03-11 19:02:28 0 d-------- C:\Documents and Settings\Mateusz\Dane aplikacji\Macromedia<MACROM~1>
2007-03-11 18:46:06 0 d-------- C:\Program Files\Lavasoft
2007-03-11 18:44:40 0 d-------- C:\Documents and Settings\Mateusz\Dane aplikacji\Lavasoft
2007-03-11 15:23:25 0 d-------- C:\Program Files\Messenger<MESSEN~1>
2007-03-11 11:40:39 0 d-------- C:\Program Files\Neostrada TP<NEOSTR~1>
2007-03-11 11:38:52 0 d-------- C:\Documents and Settings\Mateusz\Dane aplikacji\Adobe
2007-03-10 20:47:52 0 d-------- C:\Program Files\Common Files\InstallShield<INSTAL~1>
2007-03-10 19:29:23 0 d-------- C:\Documents and Settings\Mateusz\Dane aplikacji\Media Player Classic<MEDIAP~1>
2007-03-10 18:52:03 0 d-------- C:\Program Files\QuickTime<QUICKT~1>
2007-03-10 18:52:02 0 d-------- C:\Program Files\Xilisoft
2007-03-10 00:25:05 0 d-------- C:\Program Files\Common Files\Real
2007-03-09 13:24:29 0 d-------- C:\Program Files\Java Web Start<JAVAWE~1>
2007-03-09 12:37:12 50688 --a------ C:\WINDOWS\system32\wbhelp2.dll
2007-03-09 12:31:48 0 d-------- C:\Program Files\Nero
2007-03-09 11:49:36 0 d-------- C:\Program Files\Przegladarka migawek<PRZEGL~1>
2007-03-09 11:44:39 0 d-------- C:\Documents and Settings\Mateusz\Dane aplikacji\Microsoft Web Folders<MICROS~2>
2007-03-09 11:41:01 0 d--h----- C:\Program Files\WindowsUpdate<WINDOW~2>
2007-03-09 11:35:04 298104 --a------ C:\WINDOWS\system32\imon.dll
2007-03-09 11:28:25 0 d-------- C:\Program Files\Movie Maker<MOVIEM~1>
2007-03-09 11:25:45 0 d-------- C:\Program Files\Windows NT<WINDOW~1>
2007-03-09 11:16:32 0 d-------- C:\Program Files\Hewlett-Packard<HEWLET~1>
2007-03-09 11:16:20 0 d-------- C:\Program Files\hp deskjet 3320 series<HPDESK~1>
2007-03-09 10:45:05 0 d-------- C:\Program Files\aod
2007-03-09 10:35:13 0 d-------- C:\Documents and Settings\Mateusz\Dane aplikacji\Help
2007-03-09 10:29:30 0 d-------- C:\Program Files\Thomson
2007-03-09 10:28:54 0 d-------- C:\Program Files\Java
2007-03-09 10:12:55 0 d-------- C:\Program Files\K-Lite Codec Pack<K-LITE~1>
2007-03-09 10:08:20 984 --a------ C:\WINDOWS\unins000.dat
2007-03-09 10:00:49 0 d-------- C:\Program Files\Common Files\Adobe
2007-03-09 09:57:53 0 d-------- C:\Program Files\SiSLan
2007-03-09 09:56:56 0 d-------- C:\Program Files\Analog Devices<ANALOG~1>
2007-03-09 09:56:55 44 --a------ C:\WINDOWS\system32\msssc.dll
2007-03-09 01:09:52 0 d-------- C:\Documents and Settings\Mateusz\Dane aplikacji\Identities<IDENTI~1>
2007-03-09 01:04:57 0 d-------- C:\Program Files\microsoft frontpage<MICROS~1>
2007-03-09 01:04:36 0 -rahs---- C:\MSDOS.SYS
2007-03-09 01:04:36 0 -rahs---- C:\IO.SYS
2007-03-09 01:04:36 0 --a------ C:\CONFIG.SYS
2007-03-09 01:04:36 0 --a------ C:\AUTOEXEC.BAT
2007-03-09 01:03:21 0 d-------- C:\Program Files\Usługi online<USUGIO~1>
2007-03-09 01:02:15 0 d-------- C:\Program Files\Common Files\MSSoap
2007-03-09 01:01:35 21856 --a------ C:\WINDOWS\system32\emptyregdb.dat<EMPTYR~1.DAT>
2007-03-09 01:01:04 0 d-------- C:\Program Files\MSN Gaming Zone<MSNGAM~1>
2007-03-09 00:54:25 0 d-------- C:\Program Files\Common Files\ODBC
2007-03-09 00:54:22 0 d-------- C:\Program Files\Common Files\SpeechEngines<SPEECH~1>
2007-03-09 00:54:01 62 --ahs---- C:\Documents and Settings\Mateusz\Dane aplikacji\desktop.ini
2007-03-08 17:38:47 579072 --a------ C:\WINDOWS\system32\user32.dll
2007-03-08 17:38:47 40960 --a------ C:\WINDOWS\system32\mf3216.dll
2007-03-08 17:38:47 281600 --a------ C:\WINDOWS\system32\gdi32.dll
2007-03-08 17:37:33 1843840 --a------ C:\WINDOWS\system32\win32k.sys
2007-02-28 20:53:50 972336 --a------ C:\WINDOWS\UNNeroVision.exe<UNNERO~1.EXE>
2007-02-28 15:41:02 972336 --a------ C:\WINDOWS\UNNeroShowTime.exe<UNNERO~3.EXE>
2007-02-05 22:19:48 185856 --a------ C:\WINDOWS\system32\upnphost.dll
2007-01-29 10:58:06 60416 -----n--- C:\WINDOWS\system32\tzchange.exe


-- Registry Dump ---------------------------------------------------------------


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"supervisor.exe"="C:\\WINDOWS\\supervisor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Smapp"="C:\\Program Files\\Analog Devices\\SoundMAX\\SMTray.exe"
"nwiz"="nwiz.exe /install"
"SpeedTouch USB Diagnostics"="\"C:\\Program Files\\Thomson\\SpeedTouch USB\\Dragdiag.exe\" /icon"
"HPDJ Taskbar Utility"="C:\\WINDOWS\\System32\\spool\\drivers\\w32x86\\3\\hpztsb07.exe"
"nod32kui"="\"C:\\Program Files\\Eset\\nod32kui.exe\" /WAITSERVICE"
"WooCnxMon"="c:\\PROGRA~1\\NEOSTR~1\\CnxMon.exe"
"WOOWATCH"="C:\\PROGRA~1\\NEOSTR~1\\Watch.exe"
"WOOTASKBARICON"="C:\\PROGRA~1\\NEOSTR~1\\TaskbarIcon.exe"
"DAEMON Tools-1033"="\"C:\\Program Files\\D-Tools\\daemon.exe\" -lang 1045 -lock"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{6148028B-D532-4417-8C0B-5A4A0B745393}"=""
"{9E93A147-E3F9-47AB-BAF0-915CCAAA7034}"=""

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbxyabc
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\geebx

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0



-- End of ComboScan: finished at 2007-04-25 at 15:54:29 ------------------------

[Red]

Vundo siedzi nadal.Zastosuj raz jeszcze:


http://www.atribune.org/ccount/click.php?id=4

http://securityresponse.symantec.com/avcenter/FixVundo.exe

http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe

http://download.bleepingcomputer.com/sUBs/combofix.exe

Autor postu otrzymał pochwałę

[prog]

Dodam, że po kilka razy w trybie awaryjnym

[Szalony-Mateo]

Po około 20 skanach zrobiło się czysto.
Dla pewności załączam logi:

HijackThis v1.99.1

Logfile of HijackThis v1.99.1
Scan saved at 21:59:46, on 2007-04-25
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Eset\nod32kui.exe
C:\PROGRA~1\NEOSTR~1\CnxMon.exe
C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\supervisor.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Microsoft Office\Office\1045\msoffice.exe
C:\Documents and Settings\Mateusz\Pulpit\comboscan.exe
C:\DOCUME~1\Mateusz\Pulpit\Mateusz.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1557B435-8242-4686-9AA3-9265BF7525A4} - (no file)
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [WooCnxMon] c:\PROGRA~1\NEOSTR~1\CnxMon.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1045 -lock
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [supervisor.exe] C:\WINDOWS\supervisor.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

ComboScan

ComboScan v20070306.20 run by Mateusz on 2007-04-25 at 21:59:42
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Mateusz.exe) ---------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 21:59:46, on 2007-04-25
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Eset\nod32kui.exe
C:\PROGRA~1\NEOSTR~1\CnxMon.exe
C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\supervisor.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Microsoft Office\Office\1045\msoffice.exe
C:\Documents and Settings\Mateusz\Pulpit\comboscan.exe
C:\DOCUME~1\Mateusz\Pulpit\Mateusz.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1557B435-8242-4686-9AA3-9265BF7525A4} - (no file)
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [WooCnxMon] c:\PROGRA~1\NEOSTR~1\CnxMon.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1045 -lock
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [supervisor.exe] C:\WINDOWS\supervisor.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe


-- Files created between 2007-03-25 and 2007-04-25 -----------------------------

2007-04-25 16:44:49 0 d-------- C:\VundoFix Backups<VUNDOF~1>
2007-04-25 15:25:31 2278 --a------ C:\WINDOWS\system32\tmp.reg
2007-04-25 15:23:24 79360 --a------ C:\WINDOWS\system32\swxcacls.exe
2007-04-25 15:23:24 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-04-25 15:23:24 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-04-25 15:23:23 40960 --a------ C:\WINDOWS\system32\swsc.exe
2007-04-25 15:23:23 135168 --a------ C:\WINDOWS\system32\swreg.exe
2007-04-25 15:23:23 53248 --a------ C:\WINDOWS\system32\Process.exe
2007-04-24 18:19:03 0 d-------- C:\Program Files\Sunbelt Software<SUNBEL~1>
2007-04-23 21:09:39 0 d-------- C:\Program Files\CodeStuff<CODEST~1>
2007-04-23 14:07:17 0 d-------- C:\Program Files\ATS2
2007-04-21 22:28:09 493590 ---hs---- C:\WINDOWS\system32\hjjlm.ini2<HJJLM~1.INI>
2007-04-18 12:21:11 0 d-------- C:\Program Files\MSXML 4.0<MSXML4~1.0>
2007-04-17 21:17:34 474321 ---hs---- C:\WINDOWS\system32\hjjlm.bak2<HJJLM~2.BAK>
2007-04-15 19:37:46 0 d-------- C:\NERO 7<NERO7~1>
2007-04-15 13:58:51 474140 ---hs---- C:\WINDOWS\system32\hjjlm.bak1<HJJLM~1.BAK>
2007-04-01 19:36:10 0 d-------- C:\DYSK F<DYSKF~1>
2007-03-31 19:06:24 0 d-------- C:\Program Files\Common Files\NSV


-- Find3M Report ---------------------------------------------------------------

2007-04-25 21:58:10 436322 --a------ C:\WINDOWS\system32\perfh015.dat
2007-04-25 21:58:10 67298 --a------ C:\WINDOWS\system32\perfc015.dat
2007-04-25 16:36:14 0 d-------- C:\Program Files\eMule
2007-04-25 14:51:06 0 d-------- C:\Program Files\a-squared Free<A-SQUA~1>
2007-04-24 16:18:39 0 d-------- C:\Program Files\DAP
2007-04-21 23:25:44 0 d-------- C:\Program Files\Winamp
2007-04-21 23:25:34 0 d---s---- C:\Documents and Settings\Mateusz\Dane aplikacji\Microsoft<MICROS~1>
2007-04-21 23:25:32 0 d-------- C:\Program Files\HDD Regenerator<HDDREG~1>
2007-04-15 23:29:02 0 d-------- C:\Program Files\RegCleaner<REGCLE~1>
2007-04-15 17:26:52 0 d-------- C:\Documents and Settings\Mateusz\Dane aplikacji\Ahead
2007-04-15 17:25:45 0 d-------- C:\Program Files\Common Files\Ahead
2007-04-08 08:15:55 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1>
2007-03-17 20:54:17 1028 --a------ C:\WINDOWS\unins001.dat
2007-03-17 15:45:36 293376 --a------ C:\WINDOWS\system32\winsrv.dll
2007-03-13 20:56:16 33634 --a------ C:\WINDOWS\DIIUnin.dat
2007-03-13 20:52:03 2829 --a------ C:\WINDOWS\DIIUnin.pif
2007-03-13 20:52:03 106496 --a------ C:\WINDOWS\DIIUnin.exe
2007-03-12 22:28:04 0 d-------- C:\Documents and Settings\Mateusz\Dane aplikacji\AdobeUM
2007-03-12 20:40:33 0 d-------- C:\Documents and Settings\Mateusz\Dane aplikacji\Real
2007-03-12 20:39:58 0 d-------- C:\Program Files\Real Alternative<REALAL~1>
2007-03-12 20:39:54 0 d-------- C:\Program Files\Media Player Classic<MEDIAP~1>
2007-03-12 13:51:08 972336 --a------ C:\WINDOWS\UNNeroMediaHome.exe<UNNERO~4.EXE>
2007-03-11 23:06:03 0 d-------- C:\Program Files\Borland
2007-03-11 23:06:02 0 d-------- C:\Program Files\Cartall
2007-03-11 22:47:49 0 d-------- C:\Program Files\D-Tools
2007-03-11 21:56:07 0 d-------- C:\Program Files\CDex_151
2007-03-11 21:39:52 0 d-------- C:\Program Files\PITy
2007-03-11 21:39:22 0 d-------- C:\Program Files\Słownik<SOWNIK~1>
2007-03-11 21:38:10 0 d-------- C:\Documents and Settings\Mateusz\Dane aplikacji\Tlen.pl
2007-03-11 21:38:06 0 d-------- C:\Program Files\Tlen.pl
2007-03-11 19:33:59 0 d-------- C:\Program Files\Avant Browser<AVANTB~1>
2007-03-11 19:14:26 0 d-------- C:\Documents and Settings\Mateusz\Dane aplikacji\Avant Profiles<AVANTP~1>
2007-03-11 19:02:28 0 d-------- C:\Documents and Settings\Mateusz\Dane aplikacji\Macromedia<MACROM~1>
2007-03-11 18:46:06 0 d-------- C:\Program Files\Lavasoft
2007-03-11 18:44:40 0 d-------- C:\Documents and Settings\Mateusz\Dane aplikacji\Lavasoft
2007-03-11 15:23:25 0 d-------- C:\Program Files\Messenger<MESSEN~1>
2007-03-11 11:40:39 0 d-------- C:\Program Files\Neostrada TP<NEOSTR~1>
2007-03-11 11:38:52 0 d-------- C:\Documents and Settings\Mateusz\Dane aplikacji\Adobe
2007-03-10 20:47:52 0 d-------- C:\Program Files\Common Files\InstallShield<INSTAL~1>
2007-03-10 19:29:23 0 d-------- C:\Documents and Settings\Mateusz\Dane aplikacji\Media Player Classic<MEDIAP~1>
2007-03-10 18:52:03 0 d-------- C:\Program Files\QuickTime<QUICKT~1>
2007-03-10 18:52:02 0 d-------- C:\Program Files\Xilisoft
2007-03-10 00:25:05 0 d-------- C:\Program Files\Common Files\Real
2007-03-09 13:24:29 0 d-------- C:\Program Files\Java Web Start<JAVAWE~1>
2007-03-09 12:37:12 50688 --a------ C:\WINDOWS\system32\wbhelp2.dll
2007-03-09 12:31:48 0 d-------- C:\Program Files\Nero
2007-03-09 11:49:36 0 d-------- C:\Program Files\Przegladarka migawek<PRZEGL~1>
2007-03-09 11:44:39 0 d-------- C:\Documents and Settings\Mateusz\Dane aplikacji\Microsoft Web Folders<MICROS~2>
2007-03-09 11:41:01 0 d--h----- C:\Program Files\WindowsUpdate<WINDOW~2>
2007-03-09 11:35:04 298104 --a------ C:\WINDOWS\system32\imon.dll
2007-03-09 11:28:25 0 d-------- C:\Program Files\Movie Maker<MOVIEM~1>
2007-03-09 11:25:45 0 d-------- C:\Program Files\Windows NT<WINDOW~1>
2007-03-09 11:16:32 0 d-------- C:\Program Files\Hewlett-Packard<HEWLET~1>
2007-03-09 11:16:20 0 d-------- C:\Program Files\hp deskjet 3320 series<HPDESK~1>
2007-03-09 10:45:05 0 d-------- C:\Program Files\aod
2007-03-09 10:35:13 0 d-------- C:\Documents and Settings\Mateusz\Dane aplikacji\Help
2007-03-09 10:29:30 0 d-------- C:\Program Files\Thomson
2007-03-09 10:28:54 0 d-------- C:\Program Files\Java
2007-03-09 10:12:55 0 d-------- C:\Program Files\K-Lite Codec Pack<K-LITE~1>
2007-03-09 10:08:20 984 --a------ C:\WINDOWS\unins000.dat
2007-03-09 10:00:49 0 d-------- C:\Program Files\Common Files\Adobe
2007-03-09 09:57:53 0 d-------- C:\Program Files\SiSLan
2007-03-09 09:56:56 0 d-------- C:\Program Files\Analog Devices<ANALOG~1>
2007-03-09 09:56:55 44 --a------ C:\WINDOWS\system32\msssc.dll
2007-03-09 01:09:52 0 d-------- C:\Documents and Settings\Mateusz\Dane aplikacji\Identities<IDENTI~1>
2007-03-09 01:04:57 0 d-------- C:\Program Files\microsoft frontpage<MICROS~1>
2007-03-09 01:04:36 0 -rahs---- C:\MSDOS.SYS
2007-03-09 01:04:36 0 -rahs---- C:\IO.SYS
2007-03-09 01:04:36 0 --a------ C:\CONFIG.SYS
2007-03-09 01:04:36 0 --a------ C:\AUTOEXEC.BAT
2007-03-09 01:03:21 0 d-------- C:\Program Files\Usługi online<USUGIO~1>
2007-03-09 01:02:15 0 d-------- C:\Program Files\Common Files\MSSoap
2007-03-09 01:01:35 21856 --a------ C:\WINDOWS\system32\emptyregdb.dat<EMPTYR~1.DAT>
2007-03-09 01:01:04 0 d-------- C:\Program Files\MSN Gaming Zone<MSNGAM~1>
2007-03-09 00:54:25 0 d-------- C:\Program Files\Common Files\ODBC
2007-03-09 00:54:22 0 d-------- C:\Program Files\Common Files\SpeechEngines<SPEECH~1>
2007-03-09 00:54:01 62 --ahs---- C:\Documents and Settings\Mateusz\Dane aplikacji\desktop.ini
2007-03-08 17:38:47 579072 --a------ C:\WINDOWS\system32\user32.dll
2007-03-08 17:38:47 40960 --a------ C:\WINDOWS\system32\mf3216.dll
2007-03-08 17:38:47 281600 --a------ C:\WINDOWS\system32\gdi32.dll
2007-03-08 17:37:33 1843840 --a------ C:\WINDOWS\system32\win32k.sys
2007-02-28 20:53:50 972336 --a------ C:\WINDOWS\UNNeroVision.exe<UNNERO~1.EXE>
2007-02-28 15:41:02 972336 --a------ C:\WINDOWS\UNNeroShowTime.exe<UNNERO~3.EXE>
2007-02-05 22:19:48 185856 --a------ C:\WINDOWS\system32\upnphost.dll
2007-01-29 10:58:06 60416 -----n--- C:\WINDOWS\system32\tzchange.exe


-- Registry Dump ---------------------------------------------------------------


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"supervisor.exe"="C:\\WINDOWS\\supervisor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Smapp"="C:\\Program Files\\Analog Devices\\SoundMAX\\SMTray.exe"
"nwiz"="nwiz.exe /install"
"SpeedTouch USB Diagnostics"="\"C:\\Program Files\\Thomson\\SpeedTouch USB\\Dragdiag.exe\" /icon"
"HPDJ Taskbar Utility"="C:\\WINDOWS\\System32\\spool\\drivers\\w32x86\\3\\hpztsb07.exe"
"nod32kui"="\"C:\\Program Files\\Eset\\nod32kui.exe\" /WAITSERVICE"
"WooCnxMon"="c:\\PROGRA~1\\NEOSTR~1\\CnxMon.exe"
"WOOWATCH"="C:\\PROGRA~1\\NEOSTR~1\\Watch.exe"
"WOOTASKBARICON"="C:\\PROGRA~1\\NEOSTR~1\\TaskbarIcon.exe"
"DAEMON Tools-1033"="\"C:\\Program Files\\D-Tools\\daemon.exe\" -lang 1045 -lock"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{6148028B-D532-4417-8C0B-5A4A0B745393}"=""
"{9E93A147-E3F9-47AB-BAF0-915CCAAA7034}"=""

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0



-- End of ComboScan: finished at 2007-04-25 at 22:00:51 ------------------------

[wojtas]

Pobierz i uruchom narzędzie : The Avenger
http://swandog46.geekstogo.com/avenger.zip
Zaznacz opcję Input script manually i kliknij na Lupkę z prawej strony. W okienku, które się otworzy wklejasz:

Files to delete:

C:\WINDOWS\supervisor.exe
C:\WINDOWS\system32\tmp.reg
C:\WINDOWS\system32\hjjlm.ini2
C:\WINDOWS\system32\hjjlm.bak2
C:\WINDOWS\system32\hjjlm.bak1
C:\WINDOWS\system32\msssc.dll

Folders to delete:

C:\VundoFix Backups

Klikasz Done, a następnie zielone światełko i zgadzasz się na restart klikając OK.
Po restarcie w HijackThis usuwasz wpis/y

O2 - BHO: (no name) - {1557B435-8242-4686-9AA3-9265BF7525A4} - (no file)
O4 - HKCU\..\Run: [supervisor.exe] C:\WINDOWS\supervisor.exe

uzyj:



smitfraudfix z opcji 2:

http://siri.urz.free.fr/Fix/SmitfraudFix_En.php


Kasujesz ręcznie z dysku plik: C:\Avenger\backup.zip i wklejasz na forum raport: C:\avenger.txt + log z comboscana

Autor postu otrzymał pochwałę

[Szalony-Mateo]

The Avenger version 1

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\fbycabdm

*******************

Script file located at: \??\C:\WINDOWS\system32\xqidmvba.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\supervisor.exe deleted successfully.
File C:\WINDOWS\system32\tmp.reg deleted successfully.
File C:\WINDOWS\system32\hjjlm.ini2 deleted successfully.
File C:\WINDOWS\system32\hjjlm.bak2 deleted successfully.
File C:\WINDOWS\system32\hjjlm.bak1 deleted successfully.
File C:\WINDOWS\system32\msssc.dll deleted successfully.
Folder C:\VundoFix Backups deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

ComboScan

ComboScan v20070306.20 run by Mateusz on 2007-04-25 at 22:56:20
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Mateusz.exe) ---------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 22:56:26, on 2007-04-25
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Eset\nod32kui.exe
C:\PROGRA~1\NEOSTR~1\CnxMon.exe
C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Microsoft Office\Office\1045\msoffice.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Mateusz\Pulpit\comboscan.exe
C:\DOCUME~1\Mateusz\Pulpit\Mateusz.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [WooCnxMon] c:\PROGRA~1\NEOSTR~1\CnxMon.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1045 -lock
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{12137B10-9DF8-4061-8A1B-E6D1C730FE80}: NameServer = 194.204.152.34 217.98.63.164
O17 - HKLM\System\CS1\Services\Tcpip\..\{12137B10-9DF8-4061-8A1B-E6D1C730FE80}: NameServer = 194.204.152.34 217.98.63.164
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe


-- Files created between 2007-03-25 and 2007-04-25 -----------------------------

2007-04-25 22:41:23 2278 --a------ C:\WINDOWS\system32\tmp.reg
2007-04-24 18:19:03 0 d-------- C:\Program Files\Sunbelt Software<SUNBEL~1>
2007-04-23 21:09:39 0 d-------- C:\Program Files\CodeStuff<CODEST~1>
2007-04-23 14:07:17 0 d-------- C:\Program Files\ATS2
2007-04-18 12:21:11 0 d-------- C:\Program Files\MSXML 4.0<MSXML4~1.0>
2007-04-15 19:37:46 0 d-------- C:\NERO 7<NERO7~1>
2007-04-01 19:36:10 0 d-------- C:\DYSK F<DYSKF~1>
2007-03-31 19:06:24 0 d-------- C:\Program Files\Common Files\NSV


-- Find3M Report ---------------------------------------------------------------

2007-04-25 22:40:05 436322 --a------ C:\WINDOWS\system32\perfh015.dat
2007-04-25 22:40:05 67298 --a------ C:\WINDOWS\system32\perfc015.dat
2007-04-25 16:36:14 0 d-------- C:\Program Files\eMule
2007-04-25 14:51:06 0 d-------- C:\Program Files\a-squared Free<A-SQUA~1>
2007-04-24 16:18:39 0 d-------- C:\Program Files\DAP
2007-04-21 23:25:44 0 d-------- C:\Program Files\Winamp
2007-04-21 23:25:34 0 d---s---- C:\Documents and Settings\Mateusz\Dane aplikacji\Microsoft<MICROS~1>
2007-04-21 23:25:32 0 d-------- C:\Program Files\HDD Regenerator<HDDREG~1>
2007-04-15 23:29:02 0 d-------- C:\Program Files\RegCleaner<REGCLE~1>
2007-04-15 17:26:52 0 d-------- C:\Documents and Settings\Mateusz\Dane aplikacji\Ahead
2007-04-15 17:25:45 0 d-------- C:\Program Files\Common Files\Ahead
2007-04-08 08:15:55 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1>
2007-03-17 20:54:17 1028 --a------ C:\WINDOWS\unins001.dat
2007-03-17 15:45:36 293376 --a------ C:\WINDOWS\system32\winsrv.dll
2007-03-13 20:56:16 33634 --a------ C:\WINDOWS\DIIUnin.dat
2007-03-13 20:52:03 2829 --a------ C:\WINDOWS\DIIUnin.pif
2007-03-13 20:52:03 106496 --a------ C:\WINDOWS\DIIUnin.exe
2007-03-12 22:28:04 0 d-------- C:\Documents and Settings\Mateusz\Dane aplikacji\AdobeUM
2007-03-12 20:40:33 0 d-------- C:\Documents and Settings\Mateusz\Dane aplikacji\Real
2007-03-12 20:39:58 0 d-------- C:\Program Files\Real Alternative<REALAL~1>
2007-03-12 20:39:54 0 d-------- C:\Program Files\Media Player Classic<MEDIAP~1>
2007-03-12 13:51:08 972336 --a------ C:\WINDOWS\UNNeroMediaHome.exe<UNNERO~4.EXE>
2007-03-11 23:06:03 0 d-------- C:\Program Files\Borland
2007-03-11 23:06:02 0 d-------- C:\Program Files\Cartall
2007-03-11 22:47:49 0 d-------- C:\Program Files\D-Tools
2007-03-11 21:56:07 0 d-------- C:\Program Files\CDex_151
2007-03-11 21:39:52 0 d-------- C:\Program Files\PITy
2007-03-11 21:39:22 0 d-------- C:\Program Files\Słownik<SOWNIK~1>
2007-03-11 21:38:10 0 d-------- C:\Documents and Settings\Mateusz\Dane aplikacji\Tlen.pl
2007-03-11 21:38:06 0 d-------- C:\Program Files\Tlen.pl
2007-03-11 19:33:59 0 d-------- C:\Program Files\Avant Browser<AVANTB~1>
2007-03-11 19:14:26 0 d-------- C:\Documents and Settings\Mateusz\Dane aplikacji\Avant Profiles<AVANTP~1>
2007-03-11 19:02:28 0 d-------- C:\Documents and Settings\Mateusz\Dane aplikacji\Macromedia<MACROM~1>
2007-03-11 18:46:06 0 d-------- C:\Program Files\Lavasoft
2007-03-11 18:44:40 0 d-------- C:\Documents and Settings\Mateusz\Dane aplikacji\Lavasoft
2007-03-11 15:23:25 0 d-------- C:\Program Files\Messenger<MESSEN~1>
2007-03-11 11:40:39 0 d-------- C:\Program Files\Neostrada TP<NEOSTR~1>
2007-03-11 11:38:52 0 d-------- C:\Documents and Settings\Mateusz\Dane aplikacji\Adobe
2007-03-10 20:47:52 0 d-------- C:\Program Files\Common Files\InstallShield<INSTAL~1>
2007-03-10 19:29:23 0 d-------- C:\Documents and Settings\Mateusz\Dane aplikacji\Media Player Classic<MEDIAP~1>
2007-03-10 18:52:03 0 d-------- C:\Program Files\QuickTime<QUICKT~1>
2007-03-10 18:52:02 0 d-------- C:\Program Files\Xilisoft
2007-03-10 00:25:05 0 d-------- C:\Program Files\Common Files\Real
2007-03-09 13:24:29 0 d-------- C:\Program Files\Java Web Start<JAVAWE~1>
2007-03-09 12:37:12 50688 --a------ C:\WINDOWS\system32\wbhelp2.dll
2007-03-09 12:31:48 0 d-------- C:\Program Files\Nero
2007-03-09 11:49:36 0 d-------- C:\Program Files\Przegladarka migawek<PRZEGL~1>
2007-03-09 11:44:39 0 d-------- C:\Documents and Settings\Mateusz\Dane aplikacji\Microsoft Web Folders<MICROS~2>
2007-03-09 11:41:01 0 d--h----- C:\Program Files\WindowsUpdate<WINDOW~2>
2007-03-09 11:35:04 298104 --a------ C:\WINDOWS\system32\imon.dll
2007-03-09 11:28:25 0 d-------- C:\Program Files\Movie Maker<MOVIEM~1>
2007-03-09 11:25:45 0 d-------- C:\Program Files\Windows NT<WINDOW~1>
2007-03-09 11:16:32 0 d-------- C:\Program Files\Hewlett-Packard<HEWLET~1>
2007-03-09 11:16:20 0 d-------- C:\Program Files\hp deskjet 3320 series<HPDESK~1>
2007-03-09 10:45:05 0 d-------- C:\Program Files\aod
2007-03-09 10:35:13 0 d-------- C:\Documents and Settings\Mateusz\Dane aplikacji\Help
2007-03-09 10:29:30 0 d-------- C:\Program Files\Thomson
2007-03-09 10:28:54 0 d-------- C:\Program Files\Java
2007-03-09 10:12:55 0 d-------- C:\Program Files\K-Lite Codec Pack<K-LITE~1>
2007-03-09 10:08:20 984 --a------ C:\WINDOWS\unins000.dat
2007-03-09 10:00:49 0 d-------- C:\Program Files\Common Files\Adobe
2007-03-09 09:57:53 0 d-------- C:\Program Files\SiSLan
2007-03-09 09:56:56 0 d-------- C:\Program Files\Analog Devices<ANALOG~1>
2007-03-09 01:09:52 0 d-------- C:\Documents and Settings\Mateusz\Dane aplikacji\Identities<IDENTI~1>
2007-03-09 01:04:57 0 d-------- C:\Program Files\microsoft frontpage<MICROS~1>
2007-03-09 01:04:36 0 -rahs---- C:\MSDOS.SYS
2007-03-09 01:04:36 0 -rahs---- C:\IO.SYS
2007-03-09 01:04:36 0 --a------ C:\CONFIG.SYS
2007-03-09 01:04:36 0 --a------ C:\AUTOEXEC.BAT
2007-03-09 01:03:21 0 d-------- C:\Program Files\Usługi online<USUGIO~1>
2007-03-09 01:02:15 0 d-------- C:\Program Files\Common Files\MSSoap
2007-03-09 01:01:35 21856 --a------ C:\WINDOWS\system32\emptyregdb.dat<EMPTYR~1.DAT>
2007-03-09 01:01:04 0 d-------- C:\Program Files\MSN Gaming Zone<MSNGAM~1>
2007-03-09 00:54:25 0 d-------- C:\Program Files\Common Files\ODBC
2007-03-09 00:54:22 0 d-------- C:\Program Files\Common Files\SpeechEngines<SPEECH~1>
2007-03-09 00:54:01 62 --ahs---- C:\Documents and Settings\Mateusz\Dane aplikacji\desktop.ini
2007-03-08 17:38:47 579072 --a------ C:\WINDOWS\system32\user32.dll
2007-03-08 17:38:47 40960 --a------ C:\WINDOWS\system32\mf3216.dll
2007-03-08 17:38:47 281600 --a------ C:\WINDOWS\system32\gdi32.dll
2007-03-08 17:37:33 1843840 --a------ C:\WINDOWS\system32\win32k.sys
2007-02-28 20:53:50 972336 --a------ C:\WINDOWS\UNNeroVision.exe<UNNERO~1.EXE>
2007-02-28 15:41:02 972336 --a------ C:\WINDOWS\UNNeroShowTime.exe<UNNERO~3.EXE>
2007-02-05 22:19:48 185856 --a------ C:\WINDOWS\system32\upnphost.dll
2007-01-29 10:58:06 60416 -----n--- C:\WINDOWS\system32\tzchange.exe


-- Registry Dump ---------------------------------------------------------------


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Smapp"="C:\\Program Files\\Analog Devices\\SoundMAX\\SMTray.exe"
"nwiz"="nwiz.exe /install"
"SpeedTouch USB Diagnostics"="\"C:\\Program Files\\Thomson\\SpeedTouch USB\\Dragdiag.exe\" /icon"
"HPDJ Taskbar Utility"="C:\\WINDOWS\\System32\\spool\\drivers\\w32x86\\3\\hpztsb07.exe"
"nod32kui"="\"C:\\Program Files\\Eset\\nod32kui.exe\" /WAITSERVICE"
"WooCnxMon"="c:\\PROGRA~1\\NEOSTR~1\\CnxMon.exe"
"WOOWATCH"="C:\\PROGRA~1\\NEOSTR~1\\Watch.exe"
"WOOTASKBARICON"="C:\\PROGRA~1\\NEOSTR~1\\TaskbarIcon.exe"
"DAEMON Tools-1033"="\"C:\\Program Files\\D-Tools\\daemon.exe\" -lang 1045 -lock"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{6148028B-D532-4417-8C0B-5A4A0B745393}"=""
"{9E93A147-E3F9-47AB-BAF0-915CCAAA7034}"=""

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0



-- End of ComboScan: finished at 2007-04-25 at 22:57:29 ------------------------

[prog]

Pobierz proszę i uruchom The Avenger.
Zaznacz opcję Input script manually i kliknij na Lupkę z prawej strony. W okienku, które się otworzy wklejasz:

Files to delete:

C:\WINDOWS\system32\tmp.reg

Klikasz Done, a następnie zielone światełko i zgadzasz się na restart klikając OK.

Potem otwórz notatnik i wklej w nim to:

REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{6148028B-D532-4417-8C0B-5A4A0B745393}"=-
"{9E93A147-E3F9-47AB-BAF0-915CCAAA7034}"=-

Plik -> zapisz jako -> zmień rozserzenie z txt na wszystkie pliki i zapisz pod nazwą FIX.REG

Kliknij dwa razy na powstały plik i dodaj informację do rejestru.

[Szalony-Mateo]

Logfile of HijackThis v1.99.1
Scan saved at 08:52:14, on 2007-04-26
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Eset\nod32kui.exe
C:\PROGRA~1\NEOSTR~1\CnxMon.exe
C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Microsoft Office\Office\1045\msoffice.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\system32\wuauclt.exe
\?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE
C:\Documents and Settings\Mateusz\Pulpit\comboscan.exe
C:\DOCUME~1\Mateusz\Pulpit\Mateusz.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [WooCnxMon] c:\PROGRA~1\NEOSTR~1\CnxMon.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1045 -lock
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{12137B10-9DF8-4061-8A1B-E6D1C730FE80}: NameServer = 194.204.152.34 217.98.63.164
O17 - HKLM\System\CS1\Services\Tcpip\..\{12137B10-9DF8-4061-8A1B-E6D1C730FE80}: NameServer = 194.204.152.34 217.98.63.164
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

Logfile of HijackThis v1.99.1
Scan saved at 08:52:14, on 2007-04-26
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Eset\nod32kui.exe
C:\PROGRA~1\NEOSTR~1\CnxMon.exe
C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Microsoft Office\Office\1045\msoffice.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\system32\wuauclt.exe
\?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE
C:\Documents and Settings\Mateusz\Pulpit\comboscan.exe
C:\DOCUME~1\Mateusz\Pulpit\Mateusz.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [WooCnxMon] c:\PROGRA~1\NEOSTR~1\CnxMon.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1045 -lock
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{12137B10-9DF8-4061-8A1B-E6D1C730FE80}: NameServer = 194.204.152.34 217.98.63.164
O17 - HKLM\System\CS1\Services\Tcpip\..\{12137B10-9DF8-4061-8A1B-E6D1C730FE80}: NameServer = 194.204.152.34 217.98.63.164
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

[prog]

Gdzie comboscan

Autor postu otrzymał pochwałę

[Szalony-Mateo]

Przepraszam za złeko loga

ComboScan v20070306.20 run by Mateusz on 2007-04-26 at 08:52:11
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Mateusz.exe) ---------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 08:52:14, on 2007-04-26
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Eset\nod32kui.exe
C:\PROGRA~1\NEOSTR~1\CnxMon.exe
C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Microsoft Office\Office\1045\msoffice.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\system32\wuauclt.exe
\?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE
C:\Documents and Settings\Mateusz\Pulpit\comboscan.exe
C:\DOCUME~1\Mateusz\Pulpit\Mateusz.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [WooCnxMon] c:\PROGRA~1\NEOSTR~1\CnxMon.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1045 -lock
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{12137B10-9DF8-4061-8A1B-E6D1C730FE80}: NameServer = 194.204.152.34 217.98.63.164
O17 - HKLM\System\CS1\Services\Tcpip\..\{12137B10-9DF8-4061-8A1B-E6D1C730FE80}: NameServer = 194.204.152.34 217.98.63.164
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe


-- Files created between 2007-03-26 and 2007-04-26 -----------------------------

2007-04-26 08:48:02 0 d-------- C:\avenger
2007-04-24 18:19:03 0 d-------- C:\Program Files\Sunbelt Software<SUNBEL~1>
2007-04-23 21:09:39 0 d-------- C:\Program Files\CodeStuff<CODEST~1>
2007-04-23 14:07:17 0 d-------- C:\Program Files\ATS2
2007-04-18 12:21:11 0 d-------- C:\Program Files\MSXML 4.0<MSXML4~1.0>
2007-04-15 19:37:46 0 d-------- C:\NERO 7<NERO7~1>
2007-04-01 19:36:10 0 d-------- C:\DYSK F<DYSKF~1>
2007-03-31 19:06:24 0 d-------- C:\Program Files\Common Files\NSV


-- Find3M Report ---------------------------------------------------------------

2007-04-26 08:52:15 436322 --a------ C:\WINDOWS\system32\perfh015.dat
2007-04-26 08:52:15 67298 --a------ C:\WINDOWS\system32\perfc015.dat
2007-04-25 16:36:14 0 d-------- C:\Program Files\eMule
2007-04-25 14:51:06 0 d-------- C:\Program Files\a-squared Free<A-SQUA~1>
2007-04-24 16:18:39 0 d-------- C:\Program Files\DAP
2007-04-21 23:25:44 0 d-------- C:\Program Files\Winamp
2007-04-21 23:25:34 0 d---s---- C:\Documents and Settings\Mateusz\Dane aplikacji\Microsoft<MICROS~1>
2007-04-21 23:25:32 0 d-------- C:\Program Files\HDD Regenerator<HDDREG~1>
2007-04-15 23:29:02 0 d-------- C:\Program Files\RegCleaner<REGCLE~1>
2007-04-15 17:26:52 0 d-------- C:\Documents and Settings\Mateusz\Dane aplikacji\Ahead
2007-04-15 17:25:45 0 d-------- C:\Program Files\Common Files\Ahead
2007-04-08 08:15:55 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1>
2007-03-17 20:54:17 1028 --a------ C:\WINDOWS\unins001.dat
2007-03-17 15:45:36 293376 --a------ C:\WINDOWS\system32\winsrv.dll
2007-03-13 20:56:16 33634 --a------ C:\WINDOWS\DIIUnin.dat
2007-03-13 20:52:03 2829 --a------ C:\WINDOWS\DIIUnin.pif
2007-03-13 20:52:03 106496 --a------ C:\WINDOWS\DIIUnin.exe
2007-03-12 22:28:04 0 d-------- C:\Documents and Settings\Mateusz\Dane aplikacji\AdobeUM
2007-03-12 20:40:33 0 d-------- C:\Documents and Settings\Mateusz\Dane aplikacji\Real
2007-03-12 20:39:58 0 d-------- C:\Program Files\Real Alternative<REALAL~1>
2007-03-12 20:39:54 0 d-------- C:\Program Files\Media Player Classic<MEDIAP~1>
2007-03-12 13:51:08 972336 --a------ C:\WINDOWS\UNNeroMediaHome.exe<UNNERO~4.EXE>
2007-03-11 23:06:03 0 d-------- C:\Program Files\Borland
2007-03-11 23:06:02 0 d-------- C:\Program Files\Cartall
2007-03-11 22:47:49 0 d-------- C:\Program Files\D-Tools
2007-03-11 21:56:07 0 d-------- C:\Program Files\CDex_151
2007-03-11 21:39:52 0 d-------- C:\Program Files\PITy
2007-03-11 21:39:22 0 d-------- C:\Program Files\Słownik<SOWNIK~1>
2007-03-11 21:38:10 0 d-------- C:\Documents and Settings\Mateusz\Dane aplikacji\Tlen.pl
2007-03-11 21:38:06 0 d-------- C:\Program Files\Tlen.pl
2007-03-11 19:33:59 0 d-------- C:\Program Files\Avant Browser<AVANTB~1>
2007-03-11 19:14:26 0 d-------- C:\Documents and Settings\Mateusz\Dane aplikacji\Avant Profiles<AVANTP~1>
2007-03-11 19:02:28 0 d-------- C:\Documents and Settings\Mateusz\Dane aplikacji\Macromedia<MACROM~1>
2007-03-11 18:46:06 0 d-------- C:\Program Files\Lavasoft
2007-03-11 18:44:40 0 d-------- C:\Documents and Settings\Mateusz\Dane aplikacji\Lavasoft
2007-03-11 15:23:25 0 d-------- C:\Program Files\Messenger<MESSEN~1>
2007-03-11 11:40:39 0 d-------- C:\Program Files\Neostrada TP<NEOSTR~1>
2007-03-11 11:38:52 0 d-------- C:\Documents and Settings\Mateusz\Dane aplikacji\Adobe
2007-03-10 20:47:52 0 d-------- C:\Program Files\Common Files\InstallShield<INSTAL~1>
2007-03-10 19:29:23 0 d-------- C:\Documents and Settings\Mateusz\Dane aplikacji\Media Player Classic<MEDIAP~1>
2007-03-10 18:52:03 0 d-------- C:\Program Files\QuickTime<QUICKT~1>
2007-03-10 18:52:02 0 d-------- C:\Program Files\Xilisoft
2007-03-10 00:25:05 0 d-------- C:\Program Files\Common Files\Real
2007-03-09 13:24:29 0 d-------- C:\Program Files\Java Web Start<JAVAWE~1>
2007-03-09 12:37:12 50688 --a------ C:\WINDOWS\system32\wbhelp2.dll
2007-03-09 12:31:48 0 d-------- C:\Program Files\Nero
2007-03-09 11:49:36 0 d-------- C:\Program Files\Przegladarka migawek<PRZEGL~1>
2007-03-09 11:44:39 0 d-------- C:\Documents and Settings\Mateusz\Dane aplikacji\Microsoft Web Folders<MICROS~2>
2007-03-09 11:41:01 0 d--h----- C:\Program Files\WindowsUpdate<WINDOW~2>
2007-03-09 11:35:04 298104 --a------ C:\WINDOWS\system32\imon.dll
2007-03-09 11:28:25 0 d-------- C:\Program Files\Movie Maker<MOVIEM~1>
2007-03-09 11:25:45 0 d-------- C:\Program Files\Windows NT<WINDOW~1>
2007-03-09 11:16:32 0 d-------- C:\Program Files\Hewlett-Packard<HEWLET~1>
2007-03-09 11:16:20 0 d-------- C:\Program Files\hp deskjet 3320 series<HPDESK~1>
2007-03-09 10:45:05 0 d-------- C:\Program Files\aod
2007-03-09 10:35:13 0 d-------- C:\Documents and Settings\Mateusz\Dane aplikacji\Help
2007-03-09 10:29:30 0 d-------- C:\Program Files\Thomson
2007-03-09 10:28:54 0 d-------- C:\Program Files\Java
2007-03-09 10:12:55 0 d-------- C:\Program Files\K-Lite Codec Pack<K-LITE~1>
2007-03-09 10:08:20 984 --a------ C:\WINDOWS\unins000.dat
2007-03-09 10:00:49 0 d-------- C:\Program Files\Common Files\Adobe
2007-03-09 09:57:53 0 d-------- C:\Program Files\SiSLan
2007-03-09 09:56:56 0 d-------- C:\Program Files\Analog Devices<ANALOG~1>
2007-03-09 01:09:52 0 d-------- C:\Documents and Settings\Mateusz\Dane aplikacji\Identities<IDENTI~1>
2007-03-09 01:04:57 0 d-------- C:\Program Files\microsoft frontpage<MICROS~1>
2007-03-09 01:04:36 0 -rahs---- C:\MSDOS.SYS
2007-03-09 01:04:36 0 -rahs---- C:\IO.SYS
2007-03-09 01:04:36 0 --a------ C:\CONFIG.SYS
2007-03-09 01:04:36 0 --a------ C:\AUTOEXEC.BAT
2007-03-09 01:03:21 0 d-------- C:\Program Files\Usługi online<USUGIO~1>
2007-03-09 01:02:15 0 d-------- C:\Program Files\Common Files\MSSoap
2007-03-09 01:01:35 21856 --a------ C:\WINDOWS\system32\emptyregdb.dat<EMPTYR~1.DAT>
2007-03-09 01:01:04 0 d-------- C:\Program Files\MSN Gaming Zone<MSNGAM~1>
2007-03-09 00:54:25 0 d-------- C:\Program Files\Common Files\ODBC
2007-03-09 00:54:22 0 d-------- C:\Program Files\Common Files\SpeechEngines<SPEECH~1>
2007-03-09 00:54:01 62 --ahs---- C:\Documents and Settings\Mateusz\Dane aplikacji\desktop.ini
2007-03-08 17:38:47 579072 --a------ C:\WINDOWS\system32\user32.dll
2007-03-08 17:38:47 40960 --a------ C:\WINDOWS\system32\mf3216.dll
2007-03-08 17:38:47 281600 --a------ C:\WINDOWS\system32\gdi32.dll
2007-03-08 17:37:33 1843840 --a------ C:\WINDOWS\system32\win32k.sys
2007-02-28 20:53:50 972336 --a------ C:\WINDOWS\UNNeroVision.exe<UNNERO~1.EXE>
2007-02-28 15:41:02 972336 --a------ C:\WINDOWS\UNNeroShowTime.exe<UNNERO~3.EXE>
2007-02-05 22:19:48 185856 --a------ C:\WINDOWS\system32\upnphost.dll
2007-01-29 10:58:06 60416 -----n--- C:\WINDOWS\system32\tzchange.exe


-- Registry Dump ---------------------------------------------------------------


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Smapp"="C:\\Program Files\\Analog Devices\\SoundMAX\\SMTray.exe"
"nwiz"="nwiz.exe /install"
"SpeedTouch USB Diagnostics"="\"C:\\Program Files\\Thomson\\SpeedTouch USB\\Dragdiag.exe\" /icon"
"HPDJ Taskbar Utility"="C:\\WINDOWS\\System32\\spool\\drivers\\w32x86\\3\\hpztsb07.exe"
"nod32kui"="\"C:\\Program Files\\Eset\\nod32kui.exe\" /WAITSERVICE"
"WooCnxMon"="c:\\PROGRA~1\\NEOSTR~1\\CnxMon.exe"
"WOOWATCH"="C:\\PROGRA~1\\NEOSTR~1\\Watch.exe"
"WOOTASKBARICON"="C:\\PROGRA~1\\NEOSTR~1\\TaskbarIcon.exe"
"DAEMON Tools-1033"="\"C:\\Program Files\\D-Tools\\daemon.exe\" -lang 1045 -lock"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"


[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0



-- End of ComboScan: finished at 2007-04-26 at 08:53:24 ------------------------

[prog]

Skasuj ręcznie z dysku plik: C:\Avenger\backup.zip

Wydaje mi się, że jest OK.
Promblemy ustały

[Szalony-Mateo]

Pomęczę kompa dzisiaj do wieczora i jutro dam znać czy jest ok.
Narazie jest dobrze.

[ Dodano: Dzisiaj o 20:12 ]
Nie czekam do jutra.

Mogę stwierdzić, że jest OK!

Wielkie dzięki za pomoc.

[Agęcik]

miałem taki sam problem zrobiłem wszystko z zaleceniami oto log

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 18:45:41, on 2007-06-30
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe
C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\LXSUPMON.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AutoConnect\AutoConnect.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\PC Tools AntiVirus\PCTAV.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\PROGRA~1\MICROS~2\rapimgr.exe
C:\Program Files\Gadu-Gadu\gg.exe
D:\Nieużywane skróty pulpitu\Nowy folder\eMule-0[1].47c-MorphXT-v9.2-bin\emule\eMule.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\programy\wirus\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sklep.aswo.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.pl/keyword/%s
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - J:\Program Files\BitComet\tools\BitCometBHO_1.1.4.29.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [SSC Service Utility] C:\Program Files\SSC Service Utility\ssc_serv.exe /s
O4 - HKLM\..\Run: [Outpost Firewall] C:\Program Files\Agnitum\Outpost Firewall 1.0\outpost.exe /waitservice
O4 - HKLM\..\Run: [OutpostFeedBack] C:\Program Files\Agnitum\Outpost Firewall 1.0\feedback.exe /dump:os_startup
O4 - HKLM\..\Run: [PCTAVApp] "C:\Program Files\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AutoConnect] C:\Program Files\AutoConnect\AutoConnect.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Odkurzacz-MCD] C:\Program Files\Odkurzacz\odk_mcd.exe
O4 - HKCU\..\Run: [PCTAVApp] "C:\Program Files\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: Download all links using BitComet - res://J:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://J:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://J:\Program Files\BitComet\BitComet.exe/AddLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra 'Tools' menuitem: Utwórz łącze Ulubione dla urządzenia przenośnego... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: Szybkie dostosowywanie programu Outpost Firewall Pro - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\Program Files\Agnitum\Outpost Firewall 1.0\Plugins\BrowserBar\ie_bar.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virusscanner/kavwebscan_unicode.cab
O16 - DPF: {5A09E43F-A0A7-4ABF-AF80-11367CF1DC8F} (MainControl Class) - http://mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {EF58E341-49C3-4156-A3C4-5FFCA7C1EAB7} (EURAS_Portal.Gateway) - http://www.euras.com/euras/activex2/euras.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{917B5071-92CB-44C3-9118-981D2F8EC679}: NameServer = 208.67.222.222 208.67.220.220
O20 - AppInit_DLLs: C:\Program Files\Agnitum\Outpost Firewall 1.0\wl_hook.dll
O22 - SharedTaskScheduler: Moduł wstępnego ładowania interfejsu Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Demon buforu kategorii składników - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\uvdggecb.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe
O23 - Service: PC Tools AntiVirus Engine (PCTAVSvc) - Unknown owner - C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe

--
End of file - 7410 bytes

[ Dodano: Dzisiaj o 19:10 ]
miałem taki sam problem zrobiłem wszystko z zaleceniami oto log

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 18:45:41, on 2007-06-30
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe
C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\LXSUPMON.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AutoConnect\AutoConnect.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\PC Tools AntiVirus\PCTAV.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\PROGRA~1\MICROS~2\rapimgr.exe
C:\Program Files\Gadu-Gadu\gg.exe
D:\Nieużywane skróty pulpitu\Nowy folder\eMule-0[1].47c-MorphXT-v9.2-bin\emule\eMule.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\programy\wirus\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sklep.aswo.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.pl/keyword/%s
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - J:\Program Files\BitComet\tools\BitCometBHO_1.1.4.29.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [SSC Service Utility] C:\Program Files\SSC Service Utility\ssc_serv.exe /s
O4 - HKLM\..\Run: [Outpost Firewall] C:\Program Files\Agnitum\Outpost Firewall 1.0\outpost.exe /waitservice
O4 - HKLM\..\Run: [OutpostFeedBack] C:\Program Files\Agnitum\Outpost Firewall 1.0\feedback.exe /dump:os_startup
O4 - HKLM\..\Run: [PCTAVApp] "C:\Program Files\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AutoConnect] C:\Program Files\AutoConnect\AutoConnect.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Odkurzacz-MCD] C:\Program Files\Odkurzacz\odk_mcd.exe
O4 - HKCU\..\Run: [PCTAVApp] "C:\Program Files\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: Download all links using BitComet - res://J:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://J:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://J:\Program Files\BitComet\BitComet.exe/AddLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra 'Tools' menuitem: Utwórz łącze Ulubione dla urządzenia przenośnego... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: Szybkie dostosowywanie programu Outpost Firewall Pro - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\Program Files\Agnitum\Outpost Firewall 1.0\Plugins\BrowserBar\ie_bar.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virusscanner/kavwebscan_unicode.cab
O16 - DPF: {5A09E43F-A0A7-4ABF-AF80-11367CF1DC8F} (MainControl Class) - http://mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {EF58E341-49C3-4156-A3C4-5FFCA7C1EAB7} (EURAS_Portal.Gateway) - http://www.euras.com/euras/activex2/euras.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{917B5071-92CB-44C3-9118-981D2F8EC679}: NameServer = 208.67.222.222 208.67.220.220
O20 - AppInit_DLLs: C:\Program Files\Agnitum\Outpost Firewall 1.0\wl_hook.dll
O22 - SharedTaskScheduler: Moduł wstępnego ładowania interfejsu Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Demon buforu kategorii składników - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\uvdggecb.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe
O23 - Service: PC Tools AntiVirus Engine (PCTAVSvc) - Unknown owner - C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe

--
End of file - 7410 bytes

[Shooter]

Zaznacz i usun te wpisy

O16 - DPF: {EF58E341-49C3-4156-A3C4-5FFCA7C1EAB7} (EURAS_Portal.Gateway) - http://www.euras.com/euras/activex2/euras.CAB

Później daj log z =ComboFix

Poprawilem sie - mam nadzieje, że dobrze

[jeff]

nic nie usuwaj co podał shooter