prosze o sprawdzenie loga i wskazowki :(

[kr0p3k]

oto log:

Logfile of HijackThis v1.99.1
Scan saved at 18:37:56, on 2007-11-03
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\AVENGINE.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.EXE
C:\WINDOWS\windivx32.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Common Files\PCSecureSystem\bm.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Terminator\TV7131 Utilities\P3XRCtl.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\WebProxy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\NTT\USTAWI~1\Temp\Rar$EX00.562\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: MSVPS System - {CF368FC4-3241-409B-B1D6-0EA4FE33A555} - C:\WINDOWS\advrepdow.dll
O3 - Toolbar: The sdrmod - {210F79EC-C4B8-4AD5-B5B7-2B228F4376E9} - C:\WINDOWS\sdrmod.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [DivXCodec] C:\WINDOWS\windivx32.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Common Files\PCSecureSystem\bm.exe" dm=http://pcsecuresystem.com; ad=http://pcsecuresystem.com
O4 - HKLM\..\Run: [rtasks] C:\Program Files\PCSecureSystem\rtasks.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [Odkurzacz-QC] C:\Program Files\Odkurzacz\odk_qc.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: TV Remote Control.lnk = C:\Program Files\Terminator\TV7131 Utilities\P3XRCtl.exe
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{DDA9DE95-159C-43A6-94B2-8A357C6A2124}: NameServer = 83.238.20.22 83.238.20.20
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll
O21 - SSODL: hupsrv - {34076147-52FF-4E6B-B336-8975AF0D7807} - C:\WINDOWS\hupsrv.dll
O21 - SSODL: bindmod - {B75EC532-8455-45FC-ACCF-48C48ECB4474} - C:\WINDOWS\bindmod.dll
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe

[wojtas]

log wklejamy gdy podejzewamy infekcje masz jakis problem z kompem?

[kr0p3k]

tzn. czerwona tapeta i trzy dodatkowe ikonki + alert windowsa + spyware alert i samo otwierajacy sie IE

[wojtas]

Wykonaj to co jest podane w tym temacie

zastosuj:

smitfraudfix z opcji 2


Zastosuj rowniez SDFix . Po pobraniu uruchom go a rozpakuje się do C:\SDFix. Uruchom komputer w trybie awaryjnym (F8 przy stracie systemu). Będąc w awaryjnym uruchom plik RunThis.bat z folderu SDFixa. Zatwierdź czyszczenie przez Y. Poczekaj aż ukończy i komputer zresetuje

Potem wejdz do folderu SDFix wrzuc zawartość pliku Report.txt + log z combofixa oraz z hijacka

[kr0p3k]

Report.txt:

SDFix: Version 1.113

Run by Administrator on 2007-11-03 at 19:14

Microsoft Windows XP [Wersja 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

Trojan Files Found:

C:\WINDOWS\dat.txt - Deleted
C:\WINDOWS\wtopmod.exe - Deleted



Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

catchme 0.3.1253 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-03 19:19:05
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\A\1\5\1c]
"Order"=hex:08,00,00,00,02,00,00,00,b8,01,00,00,01,00,00,00,04,00,00,00,8c,..

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

Remaining Files:
---------------

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes:

Tue 3 Aug 2004 93,184 A.SH. --- "C:\Program Files\Internet Explorer\iexplore.exe"
Tue 3 Aug 2004 1,667,584 ...H. --- "C:\Program Files\Messenger\msmsgs.exe"
Tue 3 Aug 2004 60,928 A.SH. --- "C:\Program Files\Outlook Express\msimn.exe"
Thu 25 Oct 2007 0 A..H. --- "C:\WINDOWS\Temp\Panda Antivirus 2008\BIT4F.tmp"

Finished!

Log z combofixa:

ComboFix 07-11-01.1 - NTT 2007-11-03 19:24:40.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.523 [GMT 1:00]
Running from: C:\Documents and Settings\NTT\Pulpit\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\NTT\Dane aplikacji\install_en[1].exe
C:\UGA6P

.
((((((((((((((((((((((((( Files Created from 2007-10-03 to 2007-11-03 )))))))))))))))))))))))))))))))
.

2007-11-03 19:24 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-03 19:14 <DIR> d-------- C:\WINDOWS\ERUNT
2007-11-03 19:13 <DIR> d--h----- C:\Documents and Settings\Administrator\Ustawienia lokalne
2007-11-03 19:13 <DIR> d-------- C:\Documents and Settings\Administrator\Ulubione
2007-11-03 19:13 <DIR> d--h----- C:\Documents and Settings\Administrator\Szablony
2007-11-03 19:13 <DIR> d-------- C:\Documents and Settings\Administrator\Pulpit
2007-11-03 19:13 <DIR> d-------- C:\Documents and Settings\Administrator\Moje dokumenty
2007-11-03 19:13 <DIR> dr------- C:\Documents and Settings\Administrator\Menu Start
2007-11-03 19:13 <DIR> dr-h----- C:\Documents and Settings\Administrator\Dane aplikacji
2007-11-03 12:30 1,736 --a------ C:\WINDOWS\system32\tmp.reg
2007-11-03 11:19 <DIR> d-------- C:\Program Files\PCSecureSystem
2007-11-03 11:19 <DIR> d-------- C:\Program Files\Common Files\PCSecureSystem
2007-11-03 11:19 <DIR> d-------- C:\Documents and Settings\NTT\Dane aplikacji\PCSecureSystem
2007-11-03 10:15 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Grisoft
2007-11-03 10:13 <DIR> d-------- C:\Documents and Settings\NTT\Dane aplikacji\Grisoft
2007-11-03 10:13 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-11-03 09:55 <DIR> d-------- C:\Documents and Settings\NTT\Dane aplikacji\MksVir2007
2007-11-02 21:21 <DIR> d-------- C:\Program Files\SlySoft
2007-11-02 21:01 <DIR> d-------- C:\Program Files\EACOM
2007-11-02 21:01 737 --a------ C:\WINDOWS\eReg.dat
2007-11-02 12:08 86,016 --a------ C:\WINDOWS\unvise32.exe
2007-11-02 12:02 <DIR> d-------- C:\Program Files\Mplayer
2007-10-30 19:40 <DIR> d-------- C:\MAGIX
2007-10-29 19:50 238,080 --a------ C:\WINDOWS\windivx32.exe
2007-10-28 16:20 <DIR> d-------- C:\Documents and Settings\NTT\Dane aplikacji\Sports Interactive
2007-10-28 14:54 <DIR> d-------- C:\Program Files\Skype
2007-10-28 14:54 <DIR> d-------- C:\Program Files\Common Files\Skype
2007-10-28 14:54 <DIR> d-------- C:\Documents and Settings\NTT\Dane aplikacji\Skype
2007-10-28 14:54 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Skype
2007-10-27 17:51 <DIR> d-------- C:\Documents and Settings\NTT\Dane aplikacji\Apple Computer
2007-10-27 13:53 <DIR> d-------- C:\Program Files\Common Files\Enterbrain
2007-10-27 13:37 <DIR> d-------- C:\WINDOWS\system32\BWKDLogs
2007-10-27 13:37 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Apple Computer
2007-10-27 13:36 <DIR> d-------- C:\Program Files\Common Files\Kodak
2007-10-27 13:36 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2007-10-27 13:36 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2007-10-27 13:35 <DIR> d-------- C:\Program Files\Kodak
2007-10-27 13:32 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Kodak
2007-10-21 12:06 <DIR> d-------- C:\Documents and Settings\NTT\Dane aplikacji\uTorrent
2007-10-20 13:38 2,560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2007-10-20 12:52 <DIR> d-------- C:\Program Files\ImTOO
2007-10-19 21:51 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\sentinel
2007-10-19 21:50 <DIR> d-------- C:\WINDOWS\system32\PAV
2007-10-19 21:50 <DIR> d-------- C:\Program Files\Panda Security
2007-10-19 21:50 83,640 --a------ C:\WINDOWS\system32\drivers\pavdrv51.sys
2007-10-19 21:50 50,736 --a------ C:\WINDOWS\system32\avldr.dll
2007-10-19 21:50 248 --a------ C:\WINDOWS\system32\PavCPL.dat
2007-10-19 19:43 <DIR> d-------- C:\Program Files\Dealio
2007-10-19 19:42 <DIR> d-------- C:\Program Files\FDRLab
2007-10-19 19:41 <DIR> d-------- C:\Program Files\Mobile Video Converter
2007-10-19 19:41 6,928,497 --a------ C:\WINDOWS\system32\jcodec.dll
2007-10-19 19:41 18,165 --a------ C:\WINDOWS\system32\jcodecsh.dll
2007-10-19 15:56 <DIR> d-------- C:\Program Files\Common Files\DirectX
2007-10-19 15:55 <DIR> dr-h----- C:\Documents and Settings\NTT\Dane aplikacji\SecuROM
2007-10-19 15:55 <DIR> d-------- C:\Documents and Settings\NTT\Dane aplikacji\AdobeUM
2007-10-19 15:54 <DIR> d-------- C:\WINDOWS\Easy CD-DA Extractor
2007-10-19 15:54 <DIR> d-a------ C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2007-10-17 19:15 176,128 --a------ C:\WINDOWS\system32\mgxoschk.dll
2007-10-16 17:57 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2007-10-15 15:31 420,240 --a------ C:\WINDOWS\system32\mpg4c32.dll
2007-10-06 09:26 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-03 15:15 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-02 22:00 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-11-02 22:00 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2007-11-02 19:59 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-10-30 18:56 --------- d-----w C:\Program Files\Winamp
2007-10-27 20:39 --------- d-----w C:\Program Files\Java
2007-10-20 12:38 --------- d-----w C:\Program Files\Common Files\Agnitum Shared
2007-10-19 14:54 --------- d-----w C:\Program Files\CDex_151
2007-10-19 14:53 --------- d-----w C:\Program Files\mp3DirectCut
2007-10-19 14:53 --------- d-----w C:\Program Files\GoldWave
2007-10-19 14:53 --------- d-----w C:\Program Files\CDex_150
2007-10-19 14:52 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help
2007-10-19 14:25 --------- d-----w C:\Program Files\Gadu-Gadu
2007-09-28 14:04 --------- d-----w C:\Documents and Settings\NTT\Dane aplikacji\FileZilla
2007-09-23 09:43 --------- d-----w C:\Program Files\Techland
2007-09-21 18:05 --------- d-----w C:\Program Files\Common Files\Adobe
2007-09-14 14:30 --------- d-----w C:\Program Files\Common Files\Nero
2007-09-14 14:29 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Ahead
2007-09-14 10:18 --------- d-----w C:\Documents and Settings\NTT\Dane aplikacji\Media Player Classic
2007-09-14 09:38 --------- d-----w C:\Program Files\Real Alternative
2007-09-13 18:40 --------- d-----w C:\Program Files\totalcmd
2007-09-11 10:19 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-09-11 10:10 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Symantec
2007-09-11 09:56 108,330 ----a-w C:\Documents and Settings\All Users\Dane aplikacji\firstlsp.reg.dat
2007-09-07 13:00 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2007-09-07 12:39 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\BVRP Software
2007-09-07 12:17 24,192 ----a-w C:\Documents and Settings\NTT\usbsermptxp.sys
2007-09-07 12:17 22,768 ----a-w C:\Documents and Settings\NTT\usbsermpt.sys
2007-09-06 16:42 --------- d-----w C:\Program Files\Common Files\Motorola Shared
2007-09-06 09:37 --------- d-----w C:\Program Files\RegCleaner
2007-09-06 08:35 --------- d-----w C:\Program Files\Microsoft Works
2007-09-05 13:34 --------- d-----w C:\Documents and Settings\NTT\Dane aplikacji\Thinstall
2007-09-04 17:06 3,567 ----a-w C:\WINDOWS\system32\drivers\PortTalk.sys
2007-09-01 13:32 769,536 ----a-w C:\Documents and Settings\NTT\Dane aplikacji\sfdnwin.dll
2007-08-31 16:25 4,608 ----a-w C:\WINDOWS\system32\w95inf32.dll
2007-08-29 11:42 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2007-08-27 13:30 720,896 ----a-w C:\WINDOWS\iun6002.exe
2007-08-27 13:11 219,648 ----a-w C:\WINDOWS\system32\uxtheme.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2007-04-19 23:05]
"nwiz"="nwiz.exe" [2007-04-19 23:05 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2007-04-19 23:05]
"RTHDCPL"="RTHDCPL.EXE" [2006-11-14 10:21 C:\WINDOWS\RTHDCPL.exe]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 22:12]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"APVXDWIN"="C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.exe" [2007-07-19 14:23]
"DivXCodec"="C:\WINDOWS\windivx32.exe" [2007-10-29 19:50]
"CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 20:21]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-11-03 10:14]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 18:04]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-07-09 08:39]
"Odkurzacz-QC"="C:\Program Files\Odkurzacz\odk_qc.exe" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:44]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
TV Remote Control.lnk - C:\Program Files\Terminator\TV7131 Utilities\P3XRCtl.exe [2007-08-24 15:40:43]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
avldr.dll 2007-02-15 19:02 50736 C:\WINDOWS\system32\avldr.dll

R0 St320hg;St320hg;C:\WINDOWS\system32\DRIVERS\st320hg.sys
R3 Cap713x;Philips Cap713x Video Capture;C:\WINDOWS\system32\DRIVERS\Cap713x.sys
S3 DynCal;Dynamic Calibration Service;C:\WINDOWS\system32\Drivers\DynCal.sys
S3 k510bus;Sony Ericsson K510 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\k510bus.sys
S3 PortTalk;PortTalk;C:\WINDOWS\system32\drivers\PortTalk.sys

*Newly Created Service* - CATCHME
.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-03 19:25:25
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-03 19:25:45
.
--- E O F ---

Log z hijacka:

Logfile of HijackThis v1.99.1
Scan saved at 19:27:38, on 2007-11-03
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\AVENGINE.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\windivx32.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Terminator\TV7131 Utilities\P3XRCtl.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\DOCUME~1\NTT\USTAWI~1\Temp\Rar$EX00.468\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [DivXCodec] C:\WINDOWS\windivx32.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [Odkurzacz-QC] C:\Program Files\Odkurzacz\odk_qc.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: TV Remote Control.lnk = C:\Program Files\Terminator\TV7131 Utilities\P3XRCtl.exe
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{DDA9DE95-159C-43A6-94B2-8A357C6A2124}: NameServer = 83.238.20.22 83.238.20.20
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe

[wojtas]

O4 - HKLM\..\Run: [DivXCodec] C:\WINDOWS\windivx32.exe

Uruchamiasz HijackThis => klikasz Do a system scan only => pokaże się lista wpisów => stawiasz ptaszek przy wpisie, który wymieniłem => klikasz Fix checked i potwierdzasz usunięcie

sciagnij killbox’a

Odpalasz Killboxa zaznacz opcję Delete on Reboot następnie w polu Full Path of File to Delete wklej ścieżkę

C:\WINDOWS\windivx32.exe

i nacisnij x
Program będzie pytał o restart (oczywiście zgadzasz się)

[kr0p3k]

zrobione... to wszystko ?

[wojtas]

daj jeszcze nowe logi z hijacka i combofixa

[kr0p3k]

Combofix:

ComboFix 07-11-01.1 - NTT 2007-11-03 20:20:10.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.485 [GMT 1:00]
Running from: C:\Documents and Settings\NTT\Pulpit\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2007-10-03 to 2007-11-03 )))))))))))))))))))))))))))))))
.

2007-11-03 19:24 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-03 19:14 <DIR> d-------- C:\WINDOWS\ERUNT
2007-11-03 19:13 <DIR> d--h----- C:\Documents and Settings\Administrator\Ustawienia lokalne
2007-11-03 19:13 <DIR> d-------- C:\Documents and Settings\Administrator\Ulubione
2007-11-03 19:13 <DIR> d--h----- C:\Documents and Settings\Administrator\Szablony
2007-11-03 19:13 <DIR> d-------- C:\Documents and Settings\Administrator\Pulpit
2007-11-03 19:13 <DIR> d-------- C:\Documents and Settings\Administrator\Moje dokumenty
2007-11-03 19:13 <DIR> dr------- C:\Documents and Settings\Administrator\Menu Start
2007-11-03 19:13 <DIR> dr-h----- C:\Documents and Settings\Administrator\Dane aplikacji
2007-11-03 12:30 1,736 --a------ C:\WINDOWS\system32\tmp.reg
2007-11-03 11:19 <DIR> d-------- C:\Program Files\PCSecureSystem
2007-11-03 11:19 <DIR> d-------- C:\Program Files\Common Files\PCSecureSystem
2007-11-03 11:19 <DIR> d-------- C:\Documents and Settings\NTT\Dane aplikacji\PCSecureSystem
2007-11-03 10:15 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Grisoft
2007-11-03 10:13 <DIR> d-------- C:\Documents and Settings\NTT\Dane aplikacji\Grisoft
2007-11-03 10:13 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-11-03 09:55 <DIR> d-------- C:\Documents and Settings\NTT\Dane aplikacji\MksVir2007
2007-11-02 21:21 <DIR> d-------- C:\Program Files\SlySoft
2007-11-02 21:01 <DIR> d-------- C:\Program Files\EACOM
2007-11-02 21:01 737 --a------ C:\WINDOWS\eReg.dat
2007-11-02 12:08 86,016 --a------ C:\WINDOWS\unvise32.exe
2007-11-02 12:02 <DIR> d-------- C:\Program Files\Mplayer
2007-10-30 19:40 <DIR> d-------- C:\MAGIX
2007-10-28 16:20 <DIR> d-------- C:\Documents and Settings\NTT\Dane aplikacji\Sports Interactive
2007-10-28 14:54 <DIR> d-------- C:\Program Files\Skype
2007-10-28 14:54 <DIR> d-------- C:\Program Files\Common Files\Skype
2007-10-28 14:54 <DIR> d-------- C:\Documents and Settings\NTT\Dane aplikacji\Skype
2007-10-28 14:54 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Skype
2007-10-27 17:51 <DIR> d-------- C:\Documents and Settings\NTT\Dane aplikacji\Apple Computer
2007-10-27 13:53 <DIR> d-------- C:\Program Files\Common Files\Enterbrain
2007-10-27 13:37 <DIR> d-------- C:\WINDOWS\system32\BWKDLogs
2007-10-27 13:37 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Apple Computer
2007-10-27 13:36 <DIR> d-------- C:\Program Files\Common Files\Kodak
2007-10-27 13:36 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2007-10-27 13:36 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2007-10-27 13:35 <DIR> d-------- C:\Program Files\Kodak
2007-10-27 13:32 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Kodak
2007-10-21 12:06 <DIR> d-------- C:\Documents and Settings\NTT\Dane aplikacji\uTorrent
2007-10-20 13:38 2,560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2007-10-20 12:52 <DIR> d-------- C:\Program Files\ImTOO
2007-10-19 21:51 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\sentinel
2007-10-19 21:50 <DIR> d-------- C:\WINDOWS\system32\PAV
2007-10-19 21:50 <DIR> d-------- C:\Program Files\Panda Security
2007-10-19 21:50 83,640 --a------ C:\WINDOWS\system32\drivers\pavdrv51.sys
2007-10-19 21:50 50,736 --a------ C:\WINDOWS\system32\avldr.dll
2007-10-19 21:50 248 --a------ C:\WINDOWS\system32\PavCPL.dat
2007-10-19 19:43 <DIR> d-------- C:\Program Files\Dealio
2007-10-19 19:42 <DIR> d-------- C:\Program Files\FDRLab
2007-10-19 19:41 <DIR> d-------- C:\Program Files\Mobile Video Converter
2007-10-19 19:41 6,928,497 --a------ C:\WINDOWS\system32\jcodec.dll
2007-10-19 19:41 18,165 --a------ C:\WINDOWS\system32\jcodecsh.dll
2007-10-19 15:56 <DIR> d-------- C:\Program Files\Common Files\DirectX
2007-10-19 15:55 <DIR> dr-h----- C:\Documents and Settings\NTT\Dane aplikacji\SecuROM
2007-10-19 15:55 <DIR> d-------- C:\Documents and Settings\NTT\Dane aplikacji\AdobeUM
2007-10-19 15:54 <DIR> d-------- C:\WINDOWS\Easy CD-DA Extractor
2007-10-19 15:54 <DIR> d-a------ C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2007-10-17 19:15 176,128 --a------ C:\WINDOWS\system32\mgxoschk.dll
2007-10-16 17:57 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2007-10-15 15:31 420,240 --a------ C:\WINDOWS\system32\mpg4c32.dll
2007-10-06 09:26 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-03 15:15 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-02 22:00 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-11-02 22:00 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2007-11-02 19:59 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-10-30 18:56 --------- d-----w C:\Program Files\Winamp
2007-10-27 20:39 --------- d-----w C:\Program Files\Java
2007-10-20 12:38 --------- d-----w C:\Program Files\Common Files\Agnitum Shared
2007-10-19 14:54 --------- d-----w C:\Program Files\CDex_151
2007-10-19 14:53 --------- d-----w C:\Program Files\mp3DirectCut
2007-10-19 14:53 --------- d-----w C:\Program Files\GoldWave
2007-10-19 14:53 --------- d-----w C:\Program Files\CDex_150
2007-10-19 14:52 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help
2007-10-19 14:25 --------- d-----w C:\Program Files\Gadu-Gadu
2007-09-28 14:04 --------- d-----w C:\Documents and Settings\NTT\Dane aplikacji\FileZilla
2007-09-23 09:43 --------- d-----w C:\Program Files\Techland
2007-09-21 18:05 --------- d-----w C:\Program Files\Common Files\Adobe
2007-09-14 14:30 --------- d-----w C:\Program Files\Common Files\Nero
2007-09-14 14:29 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Ahead
2007-09-14 10:18 --------- d-----w C:\Documents and Settings\NTT\Dane aplikacji\Media Player Classic
2007-09-14 09:38 --------- d-----w C:\Program Files\Real Alternative
2007-09-13 18:40 --------- d-----w C:\Program Files\totalcmd
2007-09-11 10:19 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-09-11 10:10 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Symantec
2007-09-11 09:56 108,330 ----a-w C:\Documents and Settings\All Users\Dane aplikacji\firstlsp.reg.dat
2007-09-07 13:00 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2007-09-07 12:39 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\BVRP Software
2007-09-07 12:17 24,192 ----a-w C:\Documents and Settings\NTT\usbsermptxp.sys
2007-09-07 12:17 22,768 ----a-w C:\Documents and Settings\NTT\usbsermpt.sys
2007-09-06 16:42 --------- d-----w C:\Program Files\Common Files\Motorola Shared
2007-09-06 09:37 --------- d-----w C:\Program Files\RegCleaner
2007-09-06 08:35 --------- d-----w C:\Program Files\Microsoft Works
2007-09-05 13:34 --------- d-----w C:\Documents and Settings\NTT\Dane aplikacji\Thinstall
2007-09-04 17:06 3,567 ----a-w C:\WINDOWS\system32\drivers\PortTalk.sys
2007-09-01 13:32 769,536 ----a-w C:\Documents and Settings\NTT\Dane aplikacji\sfdnwin.dll
2007-08-31 16:25 4,608 ----a-w C:\WINDOWS\system32\w95inf32.dll
2007-08-29 11:42 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2007-08-27 13:30 720,896 ----a-w C:\WINDOWS\iun6002.exe
2007-08-27 13:11 219,648 ----a-w C:\WINDOWS\system32\uxtheme.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2007-04-19 23:05]
"nwiz"="nwiz.exe" [2007-04-19 23:05 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2007-04-19 23:05]
"RTHDCPL"="RTHDCPL.EXE" [2006-11-14 10:21 C:\WINDOWS\RTHDCPL.exe]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 22:12]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"APVXDWIN"="C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.exe" [2007-07-19 14:23]
"CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 20:21]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-11-03 10:14]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 18:04]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-07-09 08:39]
"Odkurzacz-QC"="C:\Program Files\Odkurzacz\odk_qc.exe" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:44]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
TV Remote Control.lnk - C:\Program Files\Terminator\TV7131 Utilities\P3XRCtl.exe [2007-08-24 15:40:43]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
avldr.dll 2007-02-15 19:02 50736 C:\WINDOWS\system32\avldr.dll

R0 St320hg;St320hg;C:\WINDOWS\system32\DRIVERS\st320hg.sys
R3 Cap713x;Philips Cap713x Video Capture;C:\WINDOWS\system32\DRIVERS\Cap713x.sys
S3 DynCal;Dynamic Calibration Service;C:\WINDOWS\system32\Drivers\DynCal.sys
S3 k510bus;Sony Ericsson K510 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\k510bus.sys
S3 PortTalk;PortTalk;C:\WINDOWS\system32\drivers\PortTalk.sys

.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-03 20:20:35
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-03 20:20:57
.
--- E O F ---

Hijacka:

Logfile of HijackThis v1.99.1
Scan saved at 20:22:46, on 2007-11-03
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\AVENGINE.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Terminator\TV7131 Utilities\P3XRCtl.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Terminator\Quick TV\QuickTV.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\avciman.exe
C:\WINDOWS\explorer.exe
C:\DOCUME~1\NTT\USTAWI~1\Temp\Rar$EX00.266\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [Odkurzacz-QC] C:\Program Files\Odkurzacz\odk_qc.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: TV Remote Control.lnk = C:\Program Files\Terminator\TV7131 Utilities\P3XRCtl.exe
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{DDA9DE95-159C-43A6-94B2-8A357C6A2124}: NameServer = 83.238.20.22 83.238.20.20
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe

[wojtas]

czysto

[kr0p3k]

dzieki za wszytsko