Prosze o sprawdzenie loga (migajacy pasek narzedzi i pulpit)

[nesti]

Witam. Jestem tu nowy i bardzo bym prosil o sprawdzenie loga z Combo-fixa i HiJack'a. Mam troche trojanow. Co kilka sekund miga mi caly pasek narzedzi wraz zz ikonami na pulpicie a po jakims czasie calkiem znika. Mam antywira Kaspersky'ego 2009, probowalem programem Trojan Remover ale dalej sa jakies syfy( Bardzo prosze o pomoc!!

Kod: Zaznacz wszystko

ComboFix 08-09-10.04 - Nestioruk 2008-09-12 12:55:55.1 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.3.1250.1.1045.18.1565 [GMT 2:00]
Uruchomiony z: D:\Downloads\ComboFix.exe
* Utworzono nowy punkt przywracania

[color=red][b]UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !![/b][/color]
.

(((((((((((((((((((((((((   Pliki utworzone od 2008-08-12 do 2008-09-12  )))))))))))))))))))))))))))))))
.

2008-09-11 19:46 . 2008-09-11 19:46   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\Simply Super Software
2008-09-11 19:40 . 2008-09-12 12:28   <DIR>   d-a------   C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2008-09-11 19:38 . 2008-09-11 19:48   <DIR>   d--------   C:\Program Files\Trojan Remover
2008-09-11 19:30 . 2006-05-25 15:52   162,304   --a------   C:\WINDOWS\system32\ztvunrar36.dll
2008-09-11 19:30 . 2005-08-26 01:50   77,312   --a------   C:\WINDOWS\system32\ztvunace26.dll
2008-09-11 19:29 . 2003-02-02 20:06   153,088   --a------   C:\WINDOWS\system32\unrar3.dll
2008-09-11 19:29 . 2002-03-06 01:00   75,264   --a------   C:\WINDOWS\system32\unacev2.dll
2008-09-11 19:29 . 2006-06-19 13:01   69,632   --a------   C:\WINDOWS\system32\ztvcabinet.dll
2008-09-11 19:27 . 2008-09-11 19:38   <DIR>   d--------   C:\Documents and Settings\Nestioruk\Dane aplikacji\Simply Super Software
2008-09-11 14:46 . 2008-09-11 15:07   96,976   --a------   C:\WINDOWS\system32\drivers\klin.dat
2008-09-11 14:46 . 2008-09-11 15:07   87,855   --a------   C:\WINDOWS\system32\drivers\klick.dat
2008-09-11 14:45 . 2008-09-11 14:45   <DIR>   d--------   C:\Program Files\Kaspersky Lab
2008-09-11 14:45 . 2008-09-11 22:18   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab
2008-09-11 14:45 . 2008-09-12 12:57   3,175,456   --ahs----   C:\WINDOWS\system32\drivers\fidbox.dat
2008-09-11 14:45 . 2008-09-12 12:57   507,936   --ahs----   C:\WINDOWS\system32\drivers\fidbox2.dat
2008-09-11 14:45 . 2008-09-12 12:57   27,984   --ahs----   C:\WINDOWS\system32\drivers\fidbox.idx
2008-09-11 14:45 . 2008-09-12 12:57   3,864   --ahs----   C:\WINDOWS\system32\drivers\fidbox2.idx
2008-09-11 14:36 . 2008-09-11 14:44   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files
2008-09-11 12:25 . 2008-09-11 12:25   283,648   --a------   C:\WINDOWS\system32\opnolJbC.dll.vir
2008-08-28 23:26 . 2008-08-28 23:26   <DIR>   d--------   C:\Program Files\Combined Community Codec Pack
2008-08-28 10:48 . 2008-08-28 10:48   <DIR>   d--------   C:\Documents and Settings\Nestioruk\Dane aplikacji\Xfire
2008-08-22 16:11 . 2008-08-22 17:27   <DIR>   d--------   C:\Program Files\Thomson
2008-08-22 15:47 . 2008-08-22 16:42   <DIR>   d--------   C:\Program Files\Neostrada TP
2008-08-19 22:12 . 2008-08-19 22:12   <DIR>   d--------   C:\WINDOWS\system32\pl
2008-08-19 22:12 . 2008-08-19 22:12   <DIR>   d--------   C:\WINDOWS\system32\bits
2008-08-19 22:07 . 2008-08-19 22:07   <DIR>   d--------   C:\WINDOWS\EHome
2008-08-18 12:56 . 2008-08-18 12:57   <DIR>   d--------   C:\Program Files\CCleaner
2008-08-18 12:25 . 2008-08-18 12:25   <DIR>   d--------   C:\Program Files\Sony Ericsson
2008-08-18 12:25 . 2008-08-18 12:28   <DIR>   d--------   C:\Documents and Settings\Nestioruk\Dane aplikacji\Teleca
2008-08-18 12:25 . 2008-08-18 12:25   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\Teleca
2008-08-18 12:25 . 2008-08-18 12:25   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\Sony Ericsson
2008-08-18 12:23 . 2008-08-18 12:23   <DIR>   d--------   C:\Program Files\SEMC
2008-08-18 12:22 . 2008-08-18 12:22   6,176   --a------   C:\WINDOWS\system32\drivers\w810cm.sys
2008-08-18 12:22 . 2008-08-18 12:22   5,808   --a------   C:\WINDOWS\system32\drivers\w810wh.sys
2008-08-17 15:11 . 2008-08-17 15:11   <DIR>   d--------   C:\Program Files\DivX
2008-08-14 11:16 . 2008-04-11 21:06   691,712   -----c---   C:\WINDOWS\system32\dllcache\inetcomm.dll

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-12 10:55   ---------   d-----w   C:\Documents and Settings\Nestioruk\Dane aplikacji\MxBoost
2008-09-12 10:32   ---------   d-----w   C:\Program Files\MZ Manager 2
2008-09-11 10:20   ---------   d-----w   C:\Documents and Settings\Nestioruk\Dane aplikacji\MegauploadToolbar
2008-09-11 09:58   ---------   d--h--w   C:\Program Files\InstallShield Installation Information
2008-09-10 12:46   ---------   d-----w   C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help
2008-09-09 14:51   21   --sh--w   C:\date.bin
2008-08-24 10:37   14,656   ----a-w   C:\WINDOWS\gdrv.sys
2008-08-23 19:47   ---------   d-----w   C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy
2008-08-19 12:23   ---------   d-----w   C:\Documents and Settings\Nestioruk\Dane aplikacji\Skype
2008-08-19 11:02   ---------   d-----w   C:\Documents and Settings\Nestioruk\Dane aplikacji\skypePM
2008-08-18 13:25   ---------   d-----w   C:\Documents and Settings\Nestioruk\Dane aplikacji\DNA
2008-08-18 10:25   ---------   d-----w   C:\Program Files\Common Files\Teleca Shared
2008-08-18 10:22   6,144   ----a-w   C:\WINDOWS\system32\drivers\w800cm.sys
2008-08-18 10:22   5,744   ----a-w   C:\WINDOWS\system32\drivers\w800wh.sys
2008-07-23 16:48   200,704   ----a-w   C:\WINDOWS\system32\ssldivx.dll
2008-07-23 16:48   1,044,480   ----a-w   C:\WINDOWS\system32\libdivx.dll
2008-07-21 13:43   36,734   ----a-w   C:\WINDOWS\system32\OggDSuninst.exe
2008-07-18 20:10   94,920   ----a-w   C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10   53,448   ----a-w   C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10   45,768   ----a-w   C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10   36,552   ----a-w   C:\WINDOWS\system32\wups.dll
2008-07-18 20:09   563,912   ----a-w   C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09   325,832   ----a-w   C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09   205,000   ----a-w   C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09   1,811,656   ----a-w   C:\WINDOWS\system32\wuaueng.dll
2008-07-18 20:07   270,880   ----a-w   C:\WINDOWS\system32\mucltui.dll
2008-07-18 20:07   210,976   ----a-w   C:\WINDOWS\system32\muweb.dll
2008-07-15 21:26   ---------   d-----w   C:\Program Files\Gadu-Gadu
2008-07-07 20:29   253,952   ----a-w   C:\WINDOWS\system32\es.dll
2008-06-24 16:46   74,240   ----a-w   C:\WINDOWS\system32\mscms.dll
2008-06-24 16:12   295,936   ------w   C:\WINDOWS\system32\wmpeffects.dll
2008-06-23 16:42   826,368   ----a-w   C:\WINDOWS\system32\wininet.dll
2008-06-20 17:48   246,784   ----a-w   C:\WINDOWS\system32\mswsock.dll
2008-06-16 14:00   107,888   ----a-w   C:\WINDOWS\system32\CmdLineExt.dll
2008-06-16 13:50   669,184   ----a-w   C:\WINDOWS\system32\pbsvc.exe
2008-06-16 13:50   66,872   ----a-w   C:\WINDOWS\system32\PnkBstrA.exe
2008-06-16 13:50   22,328   ----a-w   C:\Documents and Settings\Nestioruk\Dane aplikacji\PnkBstrK.sys
2008-06-16 13:50   103,736   ----a-w   C:\WINDOWS\system32\PnkBstrB.exe
2008-02-26 14:47   32   ----a-w   C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat
2008-02-23 10:34   417,792   ----a-w   C:\Documents and Settings\Nestioruk\GL4JavbJauGljJNI14.dll
2007-09-23 10:22   3,655,488   ----a-w   C:\Program Files\FLV PlayerRCATSetup.exe
2007-09-23 10:22   2,293,712   ----a-w   C:\Program Files\FLV PlayerFCSetup.exe
2007-09-23 10:21   411,248   ----a-w   C:\Program Files\FLV PlayerRCSetup.exe
.

(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ecdee021-0d17-467f-a1ff-c7a115230949}"= "C:\Program Files\free-downloads.net\tbfree.dll" [2007-12-04 1502232]

[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}]
2007-12-04 14:53   1502232   --a------   C:\Program Files\free-downloads.net\tbfree.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ecdee021-0d17-467f-a1ff-c7a115230949}"= "C:\Program Files\free-downloads.net\tbfree.dll" [2007-12-04 1502232]

[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ECDEE021-0D17-467F-A1FF-C7A115230949}"= "C:\Program Files\free-downloads.net\tbfree.dll" [2007-12-04 1502232]

[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 1460560]
"DAEMON Tools Pro Agent"="C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 136136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gainward"="C:\Program Files\VDOTool\TBPanel.exe" [2007-06-26 2165272]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-28 8531968]
"JMB36X IDE Setup"="C:\WINDOWS\JM\JMInsIDE.exe" [2006-10-31 36864]
"36X Raid Configurer"="C:\WINDOWS\system32\JMRaidSetup.exe" [2006-11-17 1953792]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]
"SecurDisc"="C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe" [2007-02-12 1620480]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-10-28 81920]
"CoolSwitch"="C:\WINDOWS\system32\taskswitch.exe" [2002-03-19 45632]
"InCD"="C:\Program Files\Nero\Nero 7\InCD\InCD.exe" [2007-02-12 1050112]
"TrojanScanner"="C:\Program Files\Trojan Remover\Trjscan.exe" [2008-08-19 914512]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2008-04-25 201992]
"nwiz"="nwiz.exe" [2007-10-28 C:\WINDOWS\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-12-12 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-12-12 C:\WINDOWS\SkyTel.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]

C:\WINDOWS\system32\config\systemprofile\Menu Start\Programy\Autostart\
Tworzenie wycink˘w ekranu i uruchamianie programu OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]

C:\Documents and Settings\Nestioruk\Menu Start\Programy\Autostart\
Tworzenie wycink˘w ekranu i uruchamianie programu OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)
"ForceClassicControlPanel"= 1 (0x1)
"NoChangeKeyboardNavigationIndicators"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.FFDS"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
"msacm.avis"= ff_acm.acm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]
--a------ 2007-09-06 15:08 136136 C:\Program Files\DAEMON Tools Pro\DTProAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 15:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
-ra------ 2005-10-26 16:17 159744 C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Maxthon2\\Maxthon.exe"=
"C:\\Program Files\\Gadu-Gadu\\gg.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\FlashGet\\flashget.exe"=
"C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"C:\\Documents and Settings\\Nestioruk\\Dane aplikacji\\PowerChallenge\\PowerFootball\\PowerFootball.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"D:\\Tomek\\PES 8\\PES2008.exe"=
"C:\\Program Files\\Maxthon2\\Modules\\MxDownloader\\MxDownloadServer.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"D:\\Tomek\\CoD4\\iw3mp.exe"=
"C:\\Documents and Settings\\All Users\\Dane aplikacji\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2009\\Polish\\setup.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundMaskRequest"= 1 (0x1)
"AllowInboundRouterRequest"= 1 (0x1)
"AllowOutboundPacketTooBig"= 1 (0x1)

R0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [2008-01-29 32784]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;C:\WINDOWS\system32\DRIVERS\klfltdev.sys [2008-03-13 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-03-25 24592]
S3 usbscan;Sterownik skanera USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4cdb6765-6429-11dc-a4b2-000e507f33a3}]
\Shell\AutoRun\command - WScript.exe .\`.vbs
\Shell\open\Command - WScript.exe .\`.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4cdb6766-6429-11dc-a4b2-000e507f33a3}]
\Shell\AutoRun\command - WScript.exe .\`.vbs
\Shell\open\Command - WScript.exe .\`.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d3dec45c-04bc-11dd-9275-001a4d42000b}]
\Shell\AutoRun\command - WScript.exe .\`.vbs
\Shell\open\Command - WScript.exe .\`.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d9beaf88-5c7c-11dc-93f1-806d6172696f}]
\Shell\AutoRun\command - F:\Run.exe
.
- - - - USUNIĘTO PUSTE WPISY - - - -

BHO-{4623AB93-91F3-4FF4-A6C7-BDEF283F4929} - (no file)
BHO-{47836122-9D2E-476C-9763-B1D366F704E1} - (no file)
BHO-{6C5E0473-C99E-40CE-9E2B-DBE781B3A8EC} - (no file)
BHO-{B01187B2-0B7B-47B4-B6D0-E7BED5DF8DE7} - (no file)
BHO-{F7BAAEFF-4017-4D6F-9BEC-D988A6B2CE22} - (no file)


.
------- Skan uzupełniający -------
.
FireFox -: Profile - C:\Documents and Settings\Nestioruk\Dane aplikacji\Mozilla\Firefox\Profiles\xzs2x825.default\
.
.
------- File Associations (Beta) -------
.
regfile\shell\edit\command=%SystemRoot%\system32\NOTEPAD.EXE %1
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-12 13:03:31
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Czas ukończenia: 2008-09-12 13:06:13 - komputer został uruchomiony ponownie [Nestioruk]
ComboFix-quarantined-files.txt  2008-09-12 11:06:09

Przed: 461,144,064 bajt˘w wolnych
Po: 442,957,824 bajt˘w wolnych

233   --- E O F ---   2008-09-10 12:47:50


A tutaj log z HiJack'a

Kod: Zaznacz wszystko

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:51:01, on 2008-09-12
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\VDOTool\TBPanel.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Maxthon2\Maxthon.exe
C:\Program Files\Total Commander\TOTALCMD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: (no name) - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll
O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [Gainward] C:\Program Files\VDOTool\TBPanel.exe /A
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'Default user')
O4 - Startup: Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: &Ściągnij przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Ściągnij wszystko przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Dodaj do listy blokowanych banerów - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Statystyki ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Unknown owner - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (file missing)

--
End of file - 9849 bytes


[Okocza]

nesti, popraw nazwę tematu i wstaw log z hijacka

[nesti]

Wielkie dzieki za "pomoc" "fachowcy" z forum!! Zrobilem wszystko jak trzeba, wrzucilem log z hijacka, zmienilem temat i dalej zadnej odpowiedzi!!?? To co jeszcze musze zrobic?? Skoro z powodu glupiego tematu nie mozecie rozwiazac mojego problemu lepiej nie rozwiazujcie ich wcale bo zadnego pozytku z Was nie ma!!

[djarta]

Wklej do Notatnika:

Kod: Zaznacz wszystko

File::
C:\WINDOWS\system32\opnolJbC.dll.vir

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2]


>>Plik>>Zapisz jako... >>> CFScript
Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe
-->
Ma się rozpocząć usuwanie. (i powstanie log).Daj ten log, który powstanie w trakcie usuwania.
Jeśli pójdzie dobrze, to: Po restarcie usuń ręcznie folder C:\Qoobox.

Wielkie dzieki za "pomoc" "fachowcy" z forum!! Zrobilem wszystko jak trzeba, wrzucilem log z hijacka, zmienilem temat i dalej zadnej odpowiedzi!!?? To co jeszcze musze zrobic?? Skoro z powodu glupiego tematu nie mozecie rozwiazac mojego problemu lepiej nie rozwiazujcie ich wcale bo zadnego pozytku z Was nie ma!!

Cieszy się?



==========================
K.

[nesti]

Dlaczego najpierw trzeba napisac kilka szczerych slow zeby ktos raczyl pomoc??!!

Oto log kwygenerowany przez ComboFix

Kod: Zaznacz wszystko

ComboFix 08-09-10.04 - Nestioruk 2008-09-16 23:31:51.2 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.3.1250.1.1045.18.1461 [GMT 2:00]
Uruchomiony z: C:\Net\ComboFix.exe
Command switches used :: C:\Documents and Settings\Nestioruk\Pulpit\CFScript.txt
* Utworzono nowy punkt przywracania

[color=red][b]UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !![/b][/color]
.

(((((((((((((((((((((((((   Pliki utworzone od 2008-08-16 do 2008-09-16  )))))))))))))))))))))))))))))))
.

2008-09-13 14:11 . 2008-09-13 14:11   <DIR>   d--------   C:\Program Files\THQ
2008-09-13 11:22 . 2008-09-15 21:18   <DIR>   dr-------   C:\Documents and Settings\All Users\Dokumenty
2008-09-12 19:11 . 2008-09-16 01:12   <DIR>   d-a------   C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2008-09-12 14:49 . 2008-09-12 14:49   <DIR>   d--------   C:\Program Files\Trend Micro
2008-09-11 19:46 . 2008-09-11 19:46   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\Simply Super Software
2008-09-11 19:38 . 2008-09-11 19:48   <DIR>   d--------   C:\Program Files\Trojan Remover
2008-09-11 19:30 . 2006-05-25 15:52   162,304   --a------   C:\WINDOWS\system32\ztvunrar36.dll
2008-09-11 19:30 . 2005-08-26 01:50   77,312   --a------   C:\WINDOWS\system32\ztvunace26.dll
2008-09-11 19:29 . 2003-02-02 20:06   153,088   --a------   C:\WINDOWS\system32\unrar3.dll
2008-09-11 19:29 . 2002-03-06 01:00   75,264   --a------   C:\WINDOWS\system32\unacev2.dll
2008-09-11 19:29 . 2006-06-19 13:01   69,632   --a------   C:\WINDOWS\system32\ztvcabinet.dll
2008-09-11 19:27 . 2008-09-11 19:38   <DIR>   d--------   C:\Documents and Settings\Nestioruk\Dane aplikacji\Simply Super Software
2008-09-11 14:46 . 2008-09-11 15:07   96,976   --a------   C:\WINDOWS\system32\drivers\klin.dat
2008-09-11 14:46 . 2008-09-11 15:07   87,855   --a------   C:\WINDOWS\system32\drivers\klick.dat
2008-09-11 14:45 . 2008-09-11 14:45   <DIR>   d--------   C:\Program Files\Kaspersky Lab
2008-09-11 14:45 . 2008-09-16 19:54   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab
2008-09-11 14:45 . 2008-09-16 16:09   3,175,456   --ahs----   C:\WINDOWS\system32\drivers\fidbox.dat
2008-09-11 14:45 . 2008-09-16 16:09   565,280   --ahs----   C:\WINDOWS\system32\drivers\fidbox2.dat
2008-09-11 14:45 . 2008-09-16 16:09   27,984   --ahs----   C:\WINDOWS\system32\drivers\fidbox.idx
2008-09-11 14:45 . 2008-09-16 16:09   4,060   --ahs----   C:\WINDOWS\system32\drivers\fidbox2.idx
2008-09-11 14:36 . 2008-09-12 14:37   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files
2008-08-28 23:26 . 2008-08-28 23:26   <DIR>   d--------   C:\Program Files\Combined Community Codec Pack
2008-08-28 10:48 . 2008-08-28 10:48   <DIR>   d--------   C:\Documents and Settings\Nestioruk\Dane aplikacji\Xfire
2008-08-22 16:11 . 2008-08-22 17:27   <DIR>   d--------   C:\Program Files\Thomson
2008-08-22 15:47 . 2008-08-22 16:42   <DIR>   d--------   C:\Program Files\Neostrada TP
2008-08-19 22:12 . 2008-08-19 22:12   <DIR>   d--------   C:\WINDOWS\system32\pl
2008-08-19 22:12 . 2008-08-19 22:12   <DIR>   d--------   C:\WINDOWS\system32\bits
2008-08-19 22:07 . 2008-08-19 22:07   <DIR>   d--------   C:\WINDOWS\EHome
2008-08-18 12:56 . 2008-08-18 12:57   <DIR>   d--------   C:\Program Files\CCleaner
2008-08-18 12:25 . 2008-08-18 12:25   <DIR>   d--------   C:\Program Files\Sony Ericsson
2008-08-18 12:25 . 2008-08-18 12:28   <DIR>   d--------   C:\Documents and Settings\Nestioruk\Dane aplikacji\Teleca
2008-08-18 12:25 . 2008-08-18 12:25   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\Teleca
2008-08-18 12:25 . 2008-08-18 12:25   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\Sony Ericsson
2008-08-18 12:23 . 2008-08-18 12:23   <DIR>   d--------   C:\Program Files\SEMC
2008-08-18 12:22 . 2008-08-18 12:22   6,176   --a------   C:\WINDOWS\system32\drivers\w810cm.sys
2008-08-18 12:22 . 2008-08-18 12:22   5,808   --a------   C:\WINDOWS\system32\drivers\w810wh.sys
2008-08-17 15:11 . 2008-08-17 15:11   <DIR>   d--------   C:\Program Files\DivX

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-16 21:31   ---------   d-----w   C:\Documents and Settings\Nestioruk\Dane aplikacji\MxBoost
2008-09-16 21:21   ---------   d-----w   C:\Program Files\MZ Manager 2
2008-09-16 09:42   ---------   d-----w   C:\Program Files\Winamp
2008-09-15 23:06   ---------   d-----w   C:\Documents and Settings\Nestioruk\Dane aplikacji\Skype
2008-09-15 23:04   ---------   d-----w   C:\Documents and Settings\Nestioruk\Dane aplikacji\skypePM
2008-09-15 20:15   ---------   d-----w   C:\Documents and Settings\Nestioruk\Dane aplikacji\MegauploadToolbar
2008-09-13 17:10   22,328   ----a-w   C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-09-13 17:10   22,328   ----a-w   C:\Documents and Settings\Nestioruk\Dane aplikacji\PnkBstrK.sys
2008-09-13 17:10   103,736   ----a-w   C:\WINDOWS\system32\PnkBstrB.exe
2008-09-13 17:09   66,872   ----a-w   C:\WINDOWS\system32\PnkBstrA.exe
2008-09-11 09:58   ---------   d--h--w   C:\Program Files\InstallShield Installation Information
2008-09-10 12:46   ---------   d-----w   C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help
2008-09-09 14:51   21   --sh--w   C:\date.bin
2008-08-24 10:37   14,656   ----a-w   C:\WINDOWS\gdrv.sys
2008-08-23 19:47   ---------   d-----w   C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy
2008-08-18 13:25   ---------   d-----w   C:\Documents and Settings\Nestioruk\Dane aplikacji\DNA
2008-08-18 10:25   ---------   d-----w   C:\Program Files\Common Files\Teleca Shared
2008-08-18 10:22   6,144   ----a-w   C:\WINDOWS\system32\drivers\w800cm.sys
2008-08-18 10:22   5,744   ----a-w   C:\WINDOWS\system32\drivers\w800wh.sys
2008-07-23 16:48   200,704   ----a-w   C:\WINDOWS\system32\ssldivx.dll
2008-07-23 16:48   1,044,480   ----a-w   C:\WINDOWS\system32\libdivx.dll
2008-07-21 13:43   36,734   ----a-w   C:\WINDOWS\system32\OggDSuninst.exe
2008-07-18 20:10   94,920   ----a-w   C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10   53,448   ----a-w   C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10   45,768   ----a-w   C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10   36,552   ----a-w   C:\WINDOWS\system32\wups.dll
2008-07-18 20:09   563,912   ----a-w   C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09   325,832   ----a-w   C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09   205,000   ----a-w   C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09   1,811,656   ----a-w   C:\WINDOWS\system32\wuaueng.dll
2008-07-18 20:07   270,880   ----a-w   C:\WINDOWS\system32\mucltui.dll
2008-07-18 20:07   210,976   ----a-w   C:\WINDOWS\system32\muweb.dll
2008-07-07 20:29   253,952   ----a-w   C:\WINDOWS\system32\es.dll
2008-06-24 16:46   74,240   ----a-w   C:\WINDOWS\system32\mscms.dll
2008-06-24 16:12   295,936   ------w   C:\WINDOWS\system32\wmpeffects.dll
2008-06-23 16:42   826,368   ----a-w   C:\WINDOWS\system32\wininet.dll
2008-06-20 17:48   246,784   ----a-w   C:\WINDOWS\system32\mswsock.dll
2008-06-16 14:00   107,888   ----a-w   C:\WINDOWS\system32\CmdLineExt.dll
2008-06-16 13:50   669,184   ----a-w   C:\WINDOWS\system32\pbsvc.exe
2008-02-26 14:47   32   ----a-w   C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat
2008-02-23 10:34   417,792   ----a-w   C:\Documents and Settings\Nestioruk\GL4JavbJauGljJNI14.dll
2007-09-23 10:22   3,655,488   ----a-w   C:\Program Files\FLV PlayerRCATSetup.exe
2007-09-23 10:22   2,293,712   ----a-w   C:\Program Files\FLV PlayerFCSetup.exe
2007-09-23 10:21   411,248   ----a-w   C:\Program Files\FLV PlayerRCSetup.exe
.

(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ecdee021-0d17-467f-a1ff-c7a115230949}"= "C:\Program Files\free-downloads.net\tbfree.dll" [2007-12-04 1502232]

[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}]
2007-12-04 14:53   1502232   --a------   C:\Program Files\free-downloads.net\tbfree.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ecdee021-0d17-467f-a1ff-c7a115230949}"= "C:\Program Files\free-downloads.net\tbfree.dll" [2007-12-04 1502232]

[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ECDEE021-0D17-467F-A1FF-C7A115230949}"= "C:\Program Files\free-downloads.net\tbfree.dll" [2007-12-04 1502232]

[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 1460560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-28 8531968]
"JMB36X IDE Setup"="C:\WINDOWS\JM\JMInsIDE.exe" [2006-10-31 36864]
"36X Raid Configurer"="C:\WINDOWS\system32\JMRaidSetup.exe" [2006-11-17 1953792]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-10-28 81920]
"CoolSwitch"="C:\WINDOWS\system32\taskswitch.exe" [2002-03-19 45632]
"TrojanScanner"="C:\Program Files\Trojan Remover\Trjscan.exe" [2008-08-19 914512]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2008-04-25 201992]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-05-19 35328]
"nwiz"="nwiz.exe" [2007-10-28 C:\WINDOWS\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-12-12 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-12-12 C:\WINDOWS\SkyTel.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]

C:\WINDOWS\system32\config\systemprofile\Menu Start\Programy\Autostart\
Tworzenie wycink˘w ekranu i uruchamianie programu OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)
"ForceClassicControlPanel"= 1 (0x1)
"NoChangeKeyboardNavigationIndicators"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.FFDS"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
"msacm.avis"= ff_acm.acm

[HKLM\~\startupfolder\C:^Documents and Settings^Nestioruk^Menu Start^Programy^Autostart^Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk]
path=C:\Documents and Settings\Nestioruk\Menu Start\Programy\Autostart\Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk
backup=C:\WINDOWS\pss\Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]
--a------ 2007-09-06 15:08 136136 C:\Program Files\DAEMON Tools Pro\DTProAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gainward]
--a------ 2007-06-26 14:58 2165272 C:\Program Files\VDOTool\TBPANEL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
--a------ 2007-02-12 12:19 1050112 C:\Program Files\Nero\Nero 7\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
--a------ 2006-12-05 22:55 54832 C:\Program Files\CyberLink\PowerDVD\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--------- 2006-11-23 15:10 56928 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]
--a------ 2007-02-12 12:23 1620480 C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
-ra------ 2005-10-26 16:17 159744 C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Maxthon2\\Maxthon.exe"=
"C:\\Program Files\\Gadu-Gadu\\gg.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\FlashGet\\flashget.exe"=
"C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"C:\\Documents and Settings\\Nestioruk\\Dane aplikacji\\PowerChallenge\\PowerFootball\\PowerFootball.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"D:\\Tomek\\PES 8\\PES2008.exe"=
"C:\\Program Files\\Maxthon2\\Modules\\MxDownloader\\MxDownloadServer.exe"=
"C:\\Documents and Settings\\All Users\\Dane aplikacji\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2009\\Polish\\setup.exe"=
"D:\\Tomek\\CoD4pl\\iw3mp.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundMaskRequest"= 1 (0x1)
"AllowInboundRouterRequest"= 1 (0x1)
"AllowOutboundPacketTooBig"= 1 (0x1)

R0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [2008-01-29 32784]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;C:\WINDOWS\system32\DRIVERS\klfltdev.sys [2008-03-13 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-03-25 24592]
S3 usbscan;Sterownik skanera USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-16 23:34:14
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
Czas ukończenia: 2008-09-16 23:36:11
ComboFix-quarantined-files.txt  2008-09-16 21:35:11
ComboFix2.txt  2008-09-12 11:06:13

Przed: 496,541,696 bajt˘w wolnych
Po: 700,690,432 bajt˘w wolnych

203   --- E O F ---   2008-09-16 14:09:21


Cieszy sie choc to sie w sumie okaze w przeciagu kilku dni...Niewiem jak ale masowo znikaja mi pliki a sam ich nie usuwam i nie mam pojecia co sie dzieje!!

[wojtas]

Dlaczego najpierw trzeba napisac kilka szczerych slow zeby ktos raczyl pomoc??!!

a dlaczego sądzisz ze Ci co sprawdzają logi siedzą 24h na dobę na forum ? jak ktoś ma czas i chęci to pomoże ... czemu Ty nie chcesz nikomu pomoc ? najlepiej tylko oczekiwac pomocy ..

[nesti]

a dlaczego sądzisz ze Ci co sprawdzają logi siedzą 24h na dobę na forum ? jak ktoś ma czas i chęci to pomoże ... czemu Ty nie chcesz nikomu pomoc ? najlepiej tylko oczekiwac pomocy ..

Praepraszam. Myslalem ze jest na forum kilku fachowcow ktorzy sa odpowiedzialni za taka pomoc.. Skorzystalem z tego forum bo naprawde tego potrzebowalem, a sam chetnie bym komus pomogl tylko, ze o kompach mam wiedze troszke wiecej jak podstawowa, wiec za duzo nie pomoge bo umiem..Gdy bede cos wiedzial to z przyjemnoscia to zrobie. Fakt, troche za bardzo sie zdenerwowalem ale naprawde mialem juz powyzej uszu tych trojanow:( W najblizszym czasie sie poprawie:)

[slonkojustynka]

Logfile of Browser Hijack Recover(BHR) v2.2
http://www.browser-hijack.com/
Log created on 15/10/2008 22:55:44
Microsoft Windows XP Home Edition Service Pack 3 (Build 2600)
Internet Explorer v6.0.2900.5512 Update Versions: ;SP3;

[Process Manager] - [Process]
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Windows Defender\MsMpEng.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
D:\WINDOWS\system32\ctfmon.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\wbem\wmiprvse.exe
D:\WINDOWS\explorer.exe
D:\Program Files\Browser Hijack Recover\bhr.exe

[IE Options] - [Normal]
R0 - HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R0 - HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main,Window Title =

[IE Options] - [IE Menu]

[IE Options] - [Internet Options]

[IE Options] - [IE Search Hooks]
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - D:\WINDOWS\system32\shdocvw.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

[IE Add-Ons] - [Toolbars]

[IE Add-Ons] - [Explorer Bars]

[IE Add-Ons] - [Context Menu]

[IE Add-Ons] - [BHOs]
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (No Name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (No File)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_06\bin\ssv.dll

[IE Add-Ons] - [Tools Menu]
O9 - Extra "Tool" Menu Item: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra "Tool" Menu Item: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra "Tool" Menu Item: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe

[IE Add-Ons] - [Tools Button]
O9 - Extra "Tool" Menu Item: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra "Tool" Menu Item: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe

[System Options]

[StartUp]
04 - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run SpybotSD TeaTimer = D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
04 - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run ctfmon.exe = D:\WINDOWS\system32\ctfmon.exe
04 - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run Nowe Gadu-Gadu = D:\Program Files\Nowe Gadu-Gadu\gg.exe
04 - HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run SynTPEnh = D:\Program Files\Synaptics\SynTP\SynTPEnh.exe
04 - HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run egui = D:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
04 - HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run IgfxTray = D:\WINDOWS\system32\igfxtray.exe
04 - HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run Persistence = D:\WINDOWS\system32\igfxpers.exe
04 - HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run MSConfig = D:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto





ComboFix 08-10-15.01 - Slonko 2008-10-15 22:52:10.4 - NTFSx86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1089 [GMT 1:00]
Running from: D:\Documents and Settings\Slonko\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-09-15 to 2008-10-15 )))))))))))))))))))))))))))))))
.

2008-10-15 20:39 . 2008-10-15 20:39 <DIR> d-------- D:\WINDOWS\LastGood
2008-10-15 20:39 . 2008-10-15 20:39 <DIR> d-------- D:\Program Files\Panda Security
2008-10-15 20:39 . 2008-06-19 17:24 28,544 --a------ D:\WINDOWS\system32\drivers\pavboot.sys
2008-10-15 20:38 . 2008-10-15 22:50 <DIR> d-------- D:\Documents and Settings\Administrator\.housecall6.6
2008-10-15 20:28 . 2008-10-15 20:28 <DIR> d---s---- D:\Documents and Settings\Administrator\UserData
2008-10-15 20:22 . 2008-10-15 20:29 <DIR> d-------- D:\Program Files\SkanerOnline
2008-10-15 19:46 . 2008-10-15 20:38 <DIR> d---s---- D:\WINDOWS\Downloaded Program Files
2008-10-15 15:00 . 2008-10-15 15:00 <DIR> d-------- D:\Program Files\Crystal Reality
2008-10-15 13:12 . 2008-10-15 13:12 <DIR> d-------- D:\Program Files\Browser Hijack Recover
2008-10-15 13:12 . 2008-10-15 13:12 0 --a------ D:\WINDOWS\system32\8104297.jun
2008-10-15 12:03 . 2008-10-15 13:36 664 --a------ D:\WINDOWS\system32\d3d9caps.dat
2008-10-15 11:35 . 2008-10-15 11:36 <DIR> d-------- D:\Program Files\SIW
2008-10-15 10:28 . 2008-09-08 11:41 333,824 -----c--- D:\WINDOWS\system32\dllcache\srv.sys
2008-10-15 10:27 . 2008-08-14 11:11 2,189,184 -----c--- D:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-10-15 10:27 . 2008-08-14 11:09 2,145,280 -----c--- D:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-10-15 10:27 . 2008-08-14 10:33 2,066,048 -----c--- D:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-10-15 10:27 . 2008-08-14 10:33 2,023,936 -----c--- D:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-10-15 10:27 . 2008-09-15 13:12 1,846,400 -----c--- D:\WINDOWS\system32\dllcache\win32k.sys
2008-10-15 10:25 . 2008-05-01 15:33 331,776 -----c--- D:\WINDOWS\system32\dllcache\msadce.dll
2008-10-15 10:24 . 2008-04-11 20:04 691,712 -----c--- D:\WINDOWS\system32\dllcache\inetcomm.dll
2008-10-15 10:24 . 2008-06-13 12:05 272,128 -----c--- D:\WINDOWS\system32\dllcache\bthport.sys
2008-10-15 10:24 . 2008-05-08 15:02 203,136 -----c--- D:\WINDOWS\system32\dllcache\rmcast.sys
2008-10-15 09:58 . 2008-04-14 05:42 1,306,624 -----c--- D:\WINDOWS\system32\dllcache\msxml6.dll
2008-10-15 09:44 . 2007-08-08 10:17 172,032 --a------ D:\WINDOWS\system32\igfxres.dll
2008-10-14 21:30 . 2004-08-04 13:00 113,222 --a--c--- D:\WINDOWS\system32\dllcache\zoneclim.dll
2008-10-14 21:30 . 2004-08-04 13:00 41,029 --a--c--- D:\WINDOWS\system32\dllcache\zcorem.dll
2008-10-14 21:30 . 2004-08-04 13:00 36,937 --a--c--- D:\WINDOWS\system32\dllcache\zclientm.exe
2008-10-14 21:30 . 2004-08-04 13:00 29,760 --a--c--- D:\WINDOWS\system32\dllcache\znetm.dll
2008-10-14 21:30 . 2004-08-04 13:00 28,288 --a--c--- D:\WINDOWS\system32\dllcache\xjis.nls
2008-10-14 21:30 . 2004-08-04 13:00 13,894 --a--c--- D:\WINDOWS\system32\dllcache\zonelibm.dll
2008-10-14 21:30 . 2004-08-04 13:00 4,677 --a--c--- D:\WINDOWS\system32\dllcache\zeeverm.dll
2008-10-14 21:28 . 2008-04-14 01:09 13,463,552 --a--c--- D:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-10-14 21:27 . 2004-08-04 13:00 1,817,687 --a--c--- D:\WINDOWS\system32\dllcache\bckgres.dll
2008-10-14 21:24 . 2004-08-04 13:00 16,384 --a--c--- D:\WINDOWS\system32\dllcache\isignup.exe
2008-10-14 21:24 . 2008-10-14 21:24 749 -rah----- D:\WINDOWS\WindowsShell.Manifest
2008-10-14 21:24 . 2008-10-14 21:24 749 -rah----- D:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-10-14 21:24 . 2008-10-14 21:24 749 -rah----- D:\WINDOWS\system32\sapi.cpl.manifest
2008-10-14 21:24 . 2008-10-14 21:24 749 -rah----- D:\WINDOWS\system32\ncpa.cpl.manifest
2008-10-14 21:24 . 2008-10-14 21:24 488 -rah----- D:\WINDOWS\system32\logonui.exe.manifest
2008-10-14 21:16 . 2004-08-04 13:00 24,661 --a------ D:\WINDOWS\system32\spxcoins.dll
2008-10-14 21:16 . 2004-08-04 13:00 24,661 --a--c--- D:\WINDOWS\system32\dllcache\spxcoins.dll
2008-10-14 21:16 . 2004-08-04 13:00 13,312 --a------ D:\WINDOWS\system32\irclass.dll
2008-10-14 21:16 . 2004-08-04 13:00 13,312 --a--c--- D:\WINDOWS\system32\dllcache\irclass.dll
2008-10-14 21:16 . 2008-10-15 10:37 1,393 --a------ D:\WINDOWS\imsins.BAK
2008-10-14 21:15 . 2004-08-04 13:00 1,042,903 --a--c--- D:\WINDOWS\system32\dllcache\SP2.CAT
2008-10-14 21:15 . 2004-08-04 13:00 797,189 --a--c--- D:\WINDOWS\system32\dllcache\NT5IIS.CAT
2008-10-14 21:15 . 2004-08-04 13:00 399,645 --a--c--- D:\WINDOWS\system32\dllcache\MAPIMIG.CAT
2008-10-14 21:15 . 2004-08-04 13:00 37,484 --a--c--- D:\WINDOWS\system32\dllcache\MW770.CAT
2008-10-14 21:15 . 2004-08-04 13:00 13,472 --a--c--- D:\WINDOWS\system32\dllcache\HPCRDP.CAT
2008-10-14 21:15 . 2004-08-04 13:00 8,574 --a--c--- D:\WINDOWS\system32\dllcache\IASNT4.CAT
2008-10-14 21:15 . 2003-07-30 10:48 7,506 --a--c--- D:\WINDOWS\system32\dllcache\OEMBIOS.CAT
2008-10-14 21:15 . 2004-08-04 13:00 7,334 --a--c--- D:\WINDOWS\system32\dllcache\wmerrenu.cat
2008-10-11 23:47 . 2008-10-11 23:47 <DIR> d-------- D:\Documents and Settings\Slonko\Application Data\Raia
2008-10-11 23:45 . 2008-10-11 23:45 <DIR> d-------- D:\Documents and Settings\Slonko\Application Data\ShadeExplorer
2008-10-11 23:43 . 2008-10-11 23:43 <DIR> d-------- D:\Program Files\e frontier
2008-10-11 10:38 . 2008-10-14 18:12 9,459 --a------ D:\WINDOWS\setupapi.old
2008-10-11 10:37 . 2008-10-11 10:37 <DIR> d-------- D:\Program Files\Edgard Multimedia
2008-10-10 22:42 . 1998-03-20 13:01 299,008 --a------ D:\WINDOWS\uninst.exe
2008-10-10 22:39 . 2008-10-10 22:42 <DIR> d-------- D:\Program Files\Virtual Look Twoje Nowe Oblicze
2008-10-10 22:23 . 2008-10-10 22:23 <DIR> d-------- D:\Program Files\MoorHunt
2008-10-10 16:36 . 2008-10-10 16:36 <DIR> d--h-c--- D:\Documents and Settings\All Users\Application Data\{8CC5CF4A-124E-41BA-B58C-A41F05BE09CC}
2008-10-10 16:35 . 2008-10-10 16:35 <DIR> d-------- D:\Program Files\Stardock
2008-10-06 12:53 . 2008-10-06 12:53 <DIR> d-------- D:\Program Files\Ashampoo
2008-10-06 12:53 . 2008-10-06 12:53 <DIR> d-------- D:\Documents and Settings\Slonko\Application Data\Ashampoo
2008-10-06 12:53 . 2008-10-06 12:53 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\ashampoo
2008-10-06 11:28 . 2008-10-06 11:28 0 --a------ D:\WINDOWS\Irremote.ini
2008-10-05 23:06 . 2008-10-05 23:06 <DIR> d-------- D:\Program Files\FDRLab
2008-10-05 23:06 . 2008-10-05 23:06 <DIR> d-------- D:\Documents and Settings\Slonko\Application Data\FDRLab
2008-10-04 13:26 . 2008-10-04 13:26 <DIR> d-------- D:\Documents and Settings\Slonko\Application Data\Obsidium
2008-10-04 13:16 . 2008-10-04 13:16 <DIR> d-------- D:\Documents and Settings\Slonko\Application Data\JockerSoft
2008-09-30 21:23 . 2008-09-30 21:23 <DIR> d-------- D:\Documents and Settings\Slonko\Application Data\LogMeIn Rescue
2008-09-30 21:22 . 2008-09-30 21:22 <DIR> d-------- D:\Program Files\LogMeIn Rescue
2008-09-22 22:25 . 2008-09-22 22:25 <DIR> d-------- D:\Program Files\uTorrent
2008-09-21 23:33 . 2008-09-21 23:33 13 --a------ D:\WINDOWS\system32\WinSys32.crc
2008-09-21 23:19 . 2008-09-21 23:19 <DIR> d-------- D:\Documents and Settings\Slonko\Application Data\.freeciv
2008-09-21 23:18 . 2008-09-21 23:18 <DIR> d-------- D:\Documents and Settings\Slonko\Application Data\.ggz
2008-09-21 22:59 . 2008-09-21 22:59 <DIR> d-------- D:\Documents and Settings\Slonko\Application Data\BitSpirit
2008-09-21 19:41 . 2008-09-21 19:41 <DIR> d-------- D:\Program Files\BlueVoda Website Builder
2008-09-21 19:41 . 2004-11-22 20:56 913,560 --a------ D:\WINDOWS\system32\wodFtpDLX.ocx
2008-09-21 19:41 . 2008-09-21 19:40 737,280 --a------ D:\WINDOWS\iun6002.exe
2008-09-21 19:41 . 1999-03-22 12:29 233,472 --a------ D:\WINDOWS\system32\Ilda32.dll
2008-09-21 19:41 . 1998-06-17 04:00 18,944 --a------ D:\WINDOWS\system32\BORLNDMM.DLL
2008-09-21 19:40 . 2008-09-21 23:24 <DIR> d-------- D:\Program Files\Screamer Radio
2008-09-21 19:38 . 2008-09-22 22:26 <DIR> d-------- D:\Program Files\BitSpirit
2008-09-19 17:31 . 2008-10-09 23:19 <DIR> d-------- D:\Documents and Settings\Slonko\Application Data\Lavasoft
2008-09-19 17:25 . 2008-09-19 17:25 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Prevx
2008-09-19 17:20 . 2008-09-19 20:11 <DIR> d-------- D:\Program Files\Hitman Pro
2008-09-17 13:12 . 2008-09-24 23:56 <DIR> d-------- D:\Program Files\Odkurzacz
2008-09-16 15:42 . 2008-09-28 06:34 <DIR> d-------- D:\WINDOWS\A3W_DATA
2008-09-16 15:37 . 2008-09-28 06:32 86 --a------ D:\WINDOWS\CIV.INI
2008-09-16 15:36 . 1994-08-24 00:00 188,960 --a------ D:\WINDOWS\system\WINGDE.DLL
2008-09-16 15:36 . 1994-09-21 00:00 92,208 --a------ D:\WINDOWS\system\WING.DLL
2008-09-16 15:36 . 1994-09-21 00:00 12,800 --a------ D:\WINDOWS\system32\WING32.DLL
2008-09-16 15:36 . 1994-09-21 00:00 6,736 --a------ D:\WINDOWS\system\WINGDIB.DRV
2008-09-16 15:36 . 1994-09-21 00:00 5,024 --a------ D:\WINDOWS\system\WINGPAL.WND

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-15 10:52 --------- d-----w D:\Documents and Settings\Slonko\Application Data\uTorrent
2008-10-15 10:47 --------- d-----w D:\Program Files\Nowe Gadu-Gadu
2008-10-15 10:44 --------- d--h--w D:\Program Files\InstallShield Installation Information
2008-10-15 10:44 --------- d-----w D:\Program Files\Hewlett-Packard
2008-10-15 08:41 --------- d-----w D:\Program Files\Spybot - Search & Destroy
2008-10-15 08:41 --------- d-----w D:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-15 08:08 --------- d-----w D:\Documents and Settings\Slonko\Application Data\skypePM
2008-10-12 22:17 --------- d-----w D:\Documents and Settings\Slonko\Application Data\Skype
2008-10-09 22:19 --------- d-----w D:\Program Files\Lavasoft
2008-10-08 18:56 --------- d-----w D:\Documents and Settings\Slonko\Application Data\OpenOffice.org2
2008-09-25 22:37 --------- d-----w D:\Program Files\Image Styles 4
2008-09-21 18:42 --------- d-----w D:\Program Files\Process Lasso
2008-09-19 19:10 --------- d---a-w D:\Documents and Settings\All Users\Application Data\TEMP
2008-09-17 12:26 --------- d-----w D:\Program Files\IrfanView
2008-09-17 12:25 --------- d-----w D:\Program Files\QuickTime
2008-09-17 12:25 --------- d-----w D:\Program Files\NAPI-PROJEKT
2008-09-15 12:12 1,846,400 ----a-w D:\WINDOWS\system32\win32k.sys
2008-09-11 20:09 --------- d-----w D:\Program Files\AutoMapa EU
2008-09-10 17:19 --------- d-----w D:\Program Files\Dealio
2008-09-10 14:20 --------- d-----w D:\Program Files\Microsoft LifeCam
2008-09-09 10:00 --------- d-----w D:\Program Files\Fotosizer
2008-09-09 08:21 --------- d-----w D:\Documents and Settings\Slonko\Application Data\Uniblue
2008-09-09 08:16 --------- d-----w D:\Program Files\FreshDevices
2008-09-08 10:41 333,824 ----a-w D:\WINDOWS\system32\drivers\srv.sys
2008-09-07 13:22 --------- d-----w D:\Program Files\Common Files\GTK
2008-09-07 13:16 --------- d-----w D:\Documents and Settings\Slonko\Application Data\Tlen.pl
2008-09-07 13:15 --------- d-----w D:\Program Files\Tlen.pl
2008-09-06 20:02 --------- d-----w D:\Program Files\ALLPlayer
2008-09-06 12:52 --------- d-----w D:\Program Files\Huawei technologies
2008-09-05 22:36 --------- d-----w D:\Program Files\Monopoly Here & Now Edition
2008-09-05 21:40 --------- d-----w D:\Program Files\AutoTek
2008-09-05 16:23 --------- d-----w D:\Documents and Settings\Slonko\Application Data\Nero
2008-09-05 16:22 --------- d-----w D:\Program Files\Common Files\Nero
2008-08-31 22:38 --------- d-----w D:\Documents and Settings\Slonko\Application Data\Canneverbe_Limited
2008-08-28 07:46 74,752 ----a-w D:\WINDOWS\system32\msw3prt.dll
2008-08-28 07:46 104,960 ----a-w D:\WINDOWS\system32\win32spl.dll
2008-08-25 09:47 --------- d-----w D:\Program Files\Snoodoku
2008-08-24 20:57 --------- d-----w D:\Documents and Settings\Slonko\Application Data\Reflexive
2008-08-24 20:36 --------- d-----w D:\Program Files\Ancient Quest of Saqqarah
2008-08-24 20:36 --------- d-----w D:\Documents and Settings\Slonko\Application Data\Ancient Quest of Saqqarah__bfg
2008-08-24 19:32 --------- d-----w D:\Documents and Settings\Slonko\Application Data\Windows Search
2008-08-24 19:29 --------- d-----w D:\Program Files\Microsoft Silverlight
2008-08-24 19:23 --------- d-----w D:\Program Files\MSXML 4.0
2008-08-22 18:17 --------- d-----w D:\Documents and Settings\Slonko\Application Data\dvdcss
2008-08-21 10:17 --------- d-----w D:\Program Files\A4Desk
2008-08-20 21:35 138,752 ----a-w D:\WINDOWS\system32\sndvol32.exe
2008-08-20 05:30 666,112 ----a-w D:\WINDOWS\system32\wininet.dll
2008-08-19 17:24 409,600 ----a-w D:\WINDOWS\system32\wrap_oal.dll
2008-08-19 17:24 114,688 ----a-w D:\WINDOWS\system32\OpenAL32.dll
2008-08-19 17:24 --------- d-----w D:\Program Files\Puzzle Quest
2008-08-19 17:24 --------- d-----w D:\Program Files\OpenAL
2008-08-19 17:22 --------- d-----w D:\Documents and Settings\Slonko\Application Data\Atari
2008-08-19 17:17 --------- d-----w D:\Documents and Settings\Slonko\Application Data\Leadertech
2008-08-18 16:43 --------- d-----w D:\Documents and Settings\Slonko\Application Data\WeatherWatcher
2008-08-17 16:01 --------- d-----w D:\Program Files\Snow Queen Mahjong
2008-08-17 15:58 --------- d-----w D:\Program Files\Common Files\stardock
2008-08-17 15:57 2,560 ----a-w D:\WINDOWS\_MSRSTRT.EXE
2008-08-17 15:56 --------- d-----w D:\Program Files\Chameleon Desktop
2008-08-15 14:55 --------- d-----w D:\Program Files\BFG
2008-08-14 10:09 2,145,280 ----a-w D:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 09:33 2,023,936 ----a-w D:\WINDOWS\system32\ntkrnlpa.exe
2008-08-12 16:42 2,828 --sha-w D:\WINDOWS\system32\KGyGaAvL.sys
2008-07-29 22:27 1,122,304 ---ha-w D:\WINDOWS\system32\wodfamop.dll
2008-07-18 21:10 94,920 ----a-w D:\WINDOWS\system32\cdm.dll
2008-07-18 21:10 53,448 ----a-w D:\WINDOWS\system32\wuauclt.exe
2008-07-18 21:10 45,768 ----a-w D:\WINDOWS\system32\wups2.dll
2008-07-18 21:10 36,552 ----a-w D:\WINDOWS\system32\wups.dll
2008-07-18 21:09 563,912 ----a-w D:\WINDOWS\system32\wuapi.dll
2008-07-18 21:09 325,832 ----a-w D:\WINDOWS\system32\wucltui.dll
2008-07-18 21:09 205,000 ----a-w D:\WINDOWS\system32\wuweb.dll
2008-07-18 21:09 1,811,656 ----a-w D:\WINDOWS\system32\wuaueng.dll
2008-07-18 21:07 270,880 ----a-w D:\WINDOWS\system32\mucltui.dll
2008-07-18 21:07 210,976 ----a-w D:\WINDOWS\system32\muweb.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 1832272]
"ctfmon.exe"="D:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"Nowe Gadu-Gadu"="D:\Program Files\Nowe Gadu-Gadu\gg.exe" [2008-10-10 6500960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="D:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1040384]
"egui"="D:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 1443072]
"IgfxTray"="D:\WINDOWS\system32\igfxtray.exe" [2007-09-18 141848]
"Persistence"="D:\WINDOWS\system32\igfxpers.exe" [2007-09-18 137752]
"MSConfig"="D:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2008-04-14 169984]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="D:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="D:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2007-09-18 22:29 166424 D:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Odkurzacz-MCD]
--a------ 2008-08-16 16:01 264704 D:\Program Files\Odkurzacz\odk_mcd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ProcessGovernor]
--a------ 2008-09-18 19:41 127488 D:\Program Files\Process Lasso\ProcessGovernor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ProcessSupervisorGUI]
--a------ 2008-09-18 19:42 277504 D:\Program Files\Process Lasso\ProcessLasso.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]
--a------ 2008-06-03 16:40 177456 D:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 10:50 413696 D:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX1000]
--a------ 2006-10-13 17:04 707376 D:\WINDOWS\vVX1000.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ProtexisLicensing"=2 (0x2)
"FLEXnet Licensing Service"=3 (0x3)
"Bonjour Service"=2 (0x2)
"MSCamSvc"=2 (0x2)
"McAfeeFramework"=2 (0x2)
"iPod Service"=3 (0x3)
"Com4QLBEx"=3 (0x3)
"aawservice"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"D:\\Program Files\\Nowe Gadu-Gadu\\gg.exe"=
"D:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"D:\\Program Files\\Common Files\\Nero\\Nero Web\\SetupX.exe"=
"D:\\Program Files\\Tlen.pl\\tlen.exe"=
"D:\\WINDOWS\\system32\\mmc.exe"=
"D:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"D:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"D:\\Program Files\\uTorrent\\uTorrent.exe"=
"D:\\Documents and Settings\\Slonko\\Desktop\\utorrent.exe"=
"D:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 epfwtdir;epfwtdir;D:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2007-12-21 33800]
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;D:\WINDOWS\system32\NSNDIS5.SYS [2004-03-24 17280]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);D:\WINDOWS\system32\DRIVERS\s115bus.sys [2007-04-23 83208]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;D:\WINDOWS\system32\DRIVERS\s115mdfl.sys [2007-04-23 15112]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;D:\WINDOWS\system32\DRIVERS\s115mdm.sys [2007-04-23 108680]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);D:\WINDOWS\system32\DRIVERS\s115mgmt.sys [2007-04-23 100488]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;D:\WINDOWS\system32\DRIVERS\s115obex.sys [2007-04-23 98568]
S3 VX1000;VX-1000;D:\WINDOWS\system32\DRIVERS\VX1000.sys [2006-10-13 1966000]
S4 Com4QLBEx;Com4QLBEx;D:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
S4 MSCamSvc;MSCamSvc;D:\Program Files\Microsoft LifeCam\MSCamS32.exe [2006-10-13 207664]

*Newly Created Service* - MDMXSDK
*Newly Created Service* - TMCOMM
.
Contents of the 'Scheduled Tasks' folder

2008-10-15 D:\WINDOWS\Tasks\MP Scheduled Scan.job
- D:\Program Files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]

2008-10-15 D:\WINDOWS\Tasks\RegCure Program Check.job
- D:\Program Files\RegCure\RegCure.exe []

2008-10-10 D:\WINDOWS\Tasks\RegCure.job
- D:\Program Files\RegCure\RegCure.exe []
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-Google Update - D:\Documents and Settings\Slonko\Local Settings\Application Data\Google\Update\GoogleUpdate.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - D:\Documents and Settings\Slonko\Application Data\Mozilla\Firefox\Profiles\hqbghc5o.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - wp.pl
FF -: plugin - D:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF -: plugin - D:\Documents and Settings\Slonko\Application Data\Mozilla\Firefox\Profiles\hqbghc5o.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll
FF -: plugin - D:\Documents and Settings\Slonko\Application Data\Mozilla\Firefox\Profiles\hqbghc5o.default\extensions\TechnicianConsole@logmeinrescue.com\platform\WINNT\plugins\npRescue.dll
FF -: plugin - D:\Program Files\Mozilla Firefox\plugins\NPCARDS.dll
FF -: plugin - D:\Program Files\Mozilla Firefox\plugins\NPDARTS.dll
FF -: plugin - D:\Program Files\Mozilla Firefox\plugins\NPSUDOKU.dll
FF -: plugin - D:\Program Files\Mozilla Firefox\plugins\NPWORDSSINGLE.dll
FF -: plugin - D:\Program Files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-15 22:53:54
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ASFWHide]
"ImagePath"="\??\D:\DOCUME~1\Slonko\LOCALS~1\Temp\ASFWHide"
.
Completion time: 2008-10-15 22:55:05
ComboFix-quarantined-files.txt 2008-10-15 21:54:52
ComboFix2.txt 2008-10-15 12:47:24

Pre-Run: 4,715,081,728 bytes free
Post-Run: 4,837,064,704 bytes free

292 --- E O F --- 2008-10-15 14:21:40




prosze o pomoc,,please..................
miga start i ikonki na pulpicie,a po 18 sam sie probowal wylogowywac

Dodano Dzisiaj, 23:26:
Logfile of Browser Hijack Recover(BHR) v2.2
http://www.browser-hijack.com/
Log created on 15/10/2008 22:55:44
Microsoft Windows XP Home Edition Service Pack 3 (Build 2600)
Internet Explorer v6.0.2900.5512 Update Versions: ;SP3;

[Process Manager] - [Process]
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Windows Defender\MsMpEng.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
D:\WINDOWS\system32\ctfmon.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\wbem\wmiprvse.exe
D:\WINDOWS\explorer.exe
D:\Program Files\Browser Hijack Recover\bhr.exe

[IE Options] - [Normal]
R0 - HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R0 - HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main,Window Title =

[IE Options] - [IE Menu]

[IE Options] - [Internet Options]

[IE Options] - [IE Search Hooks]
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - D:\WINDOWS\system32\shdocvw.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

[IE Add-Ons] - [Toolbars]

[IE Add-Ons] - [Explorer Bars]

[IE Add-Ons] - [Context Menu]

[IE Add-Ons] - [BHOs]
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (No Name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (No File)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_06\bin\ssv.dll

[IE Add-Ons] - [Tools Menu]
O9 - Extra "Tool" Menu Item: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra "Tool" Menu Item: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra "Tool" Menu Item: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe

[IE Add-Ons] - [Tools Button]
O9 - Extra "Tool" Menu Item: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra "Tool" Menu Item: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe

[System Options]

[StartUp]
04 - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run SpybotSD TeaTimer = D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
04 - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run ctfmon.exe = D:\WINDOWS\system32\ctfmon.exe
04 - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run Nowe Gadu-Gadu = D:\Program Files\Nowe Gadu-Gadu\gg.exe
04 - HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run SynTPEnh = D:\Program Files\Synaptics\SynTP\SynTPEnh.exe
04 - HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run egui = D:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
04 - HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run IgfxTray = D:\WINDOWS\system32\igfxtray.exe
04 - HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run Persistence = D:\WINDOWS\system32\igfxpers.exe
04 - HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run MSConfig = D:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto





ComboFix 08-10-15.01 - Slonko 2008-10-15 22:52:10.4 - NTFSx86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1089 [GMT 1:00]
Running from: D:\Documents and Settings\Slonko\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-09-15 to 2008-10-15 )))))))))))))))))))))))))))))))
.

2008-10-15 20:39 . 2008-10-15 20:39 <DIR> d-------- D:\WINDOWS\LastGood
2008-10-15 20:39 . 2008-10-15 20:39 <DIR> d-------- D:\Program Files\Panda Security
2008-10-15 20:39 . 2008-06-19 17:24 28,544 --a------ D:\WINDOWS\system32\drivers\pavboot.sys
2008-10-15 20:38 . 2008-10-15 22:50 <DIR> d-------- D:\Documents and Settings\Administrator\.housecall6.6
2008-10-15 20:28 . 2008-10-15 20:28 <DIR> d---s---- D:\Documents and Settings\Administrator\UserData
2008-10-15 20:22 . 2008-10-15 20:29 <DIR> d-------- D:\Program Files\SkanerOnline
2008-10-15 19:46 . 2008-10-15 20:38 <DIR> d---s---- D:\WINDOWS\Downloaded Program Files
2008-10-15 15:00 . 2008-10-15 15:00 <DIR> d-------- D:\Program Files\Crystal Reality
2008-10-15 13:12 . 2008-10-15 13:12 <DIR> d-------- D:\Program Files\Browser Hijack Recover
2008-10-15 13:12 . 2008-10-15 13:12 0 --a------ D:\WINDOWS\system32\8104297.jun
2008-10-15 12:03 . 2008-10-15 13:36 664 --a------ D:\WINDOWS\system32\d3d9caps.dat
2008-10-15 11:35 . 2008-10-15 11:36 <DIR> d-------- D:\Program Files\SIW
2008-10-15 10:28 . 2008-09-08 11:41 333,824 -----c--- D:\WINDOWS\system32\dllcache\srv.sys
2008-10-15 10:27 . 2008-08-14 11:11 2,189,184 -----c--- D:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-10-15 10:27 . 2008-08-14 11:09 2,145,280 -----c--- D:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-10-15 10:27 . 2008-08-14 10:33 2,066,048 -----c--- D:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-10-15 10:27 . 2008-08-14 10:33 2,023,936 -----c--- D:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-10-15 10:27 . 2008-09-15 13:12 1,846,400 -----c--- D:\WINDOWS\system32\dllcache\win32k.sys
2008-10-15 10:25 . 2008-05-01 15:33 331,776 -----c--- D:\WINDOWS\system32\dllcache\msadce.dll
2008-10-15 10:24 . 2008-04-11 20:04 691,712 -----c--- D:\WINDOWS\system32\dllcache\inetcomm.dll
2008-10-15 10:24 . 2008-06-13 12:05 272,128 -----c--- D:\WINDOWS\system32\dllcache\bthport.sys
2008-10-15 10:24 . 2008-05-08 15:02 203,136 -----c--- D:\WINDOWS\system32\dllcache\rmcast.sys
2008-10-15 09:58 . 2008-04-14 05:42 1,306,624 -----c--- D:\WINDOWS\system32\dllcache\msxml6.dll
2008-10-15 09:44 . 2007-08-08 10:17 172,032 --a------ D:\WINDOWS\system32\igfxres.dll
2008-10-14 21:30 . 2004-08-04 13:00 113,222 --a--c--- D:\WINDOWS\system32\dllcache\zoneclim.dll
2008-10-14 21:30 . 2004-08-04 13:00 41,029 --a--c--- D:\WINDOWS\system32\dllcache\zcorem.dll
2008-10-14 21:30 . 2004-08-04 13:00 36,937 --a--c--- D:\WINDOWS\system32\dllcache\zclientm.exe
2008-10-14 21:30 . 2004-08-04 13:00 29,760 --a--c--- D:\WINDOWS\system32\dllcache\znetm.dll
2008-10-14 21:30 . 2004-08-04 13:00 28,288 --a--c--- D:\WINDOWS\system32\dllcache\xjis.nls
2008-10-14 21:30 . 2004-08-04 13:00 13,894 --a--c--- D:\WINDOWS\system32\dllcache\zonelibm.dll
2008-10-14 21:30 . 2004-08-04 13:00 4,677 --a--c--- D:\WINDOWS\system32\dllcache\zeeverm.dll
2008-10-14 21:28 . 2008-04-14 01:09 13,463,552 --a--c--- D:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-10-14 21:27 . 2004-08-04 13:00 1,817,687 --a--c--- D:\WINDOWS\system32\dllcache\bckgres.dll
2008-10-14 21:24 . 2004-08-04 13:00 16,384 --a--c--- D:\WINDOWS\system32\dllcache\isignup.exe
2008-10-14 21:24 . 2008-10-14 21:24 749 -rah----- D:\WINDOWS\WindowsShell.Manifest
2008-10-14 21:24 . 2008-10-14 21:24 749 -rah----- D:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-10-14 21:24 . 2008-10-14 21:24 749 -rah----- D:\WINDOWS\system32\sapi.cpl.manifest
2008-10-14 21:24 . 2008-10-14 21:24 749 -rah----- D:\WINDOWS\system32\ncpa.cpl.manifest
2008-10-14 21:24 . 2008-10-14 21:24 488 -rah----- D:\WINDOWS\system32\logonui.exe.manifest
2008-10-14 21:16 . 2004-08-04 13:00 24,661 --a------ D:\WINDOWS\system32\spxcoins.dll
2008-10-14 21:16 . 2004-08-04 13:00 24,661 --a--c--- D:\WINDOWS\system32\dllcache\spxcoins.dll
2008-10-14 21:16 . 2004-08-04 13:00 13,312 --a------ D:\WINDOWS\system32\irclass.dll
2008-10-14 21:16 . 2004-08-04 13:00 13,312 --a--c--- D:\WINDOWS\system32\dllcache\irclass.dll
2008-10-14 21:16 . 2008-10-15 10:37 1,393 --a------ D:\WINDOWS\imsins.BAK
2008-10-14 21:15 . 2004-08-04 13:00 1,042,903 --a--c--- D:\WINDOWS\system32\dllcache\SP2.CAT
2008-10-14 21:15 . 2004-08-04 13:00 797,189 --a--c--- D:\WINDOWS\system32\dllcache\NT5IIS.CAT
2008-10-14 21:15 . 2004-08-04 13:00 399,645 --a--c--- D:\WINDOWS\system32\dllcache\MAPIMIG.CAT
2008-10-14 21:15 . 2004-08-04 13:00 37,484 --a--c--- D:\WINDOWS\system32\dllcache\MW770.CAT
2008-10-14 21:15 . 2004-08-04 13:00 13,472 --a--c--- D:\WINDOWS\system32\dllcache\HPCRDP.CAT
2008-10-14 21:15 . 2004-08-04 13:00 8,574 --a--c--- D:\WINDOWS\system32\dllcache\IASNT4.CAT
2008-10-14 21:15 . 2003-07-30 10:48 7,506 --a--c--- D:\WINDOWS\system32\dllcache\OEMBIOS.CAT
2008-10-14 21:15 . 2004-08-04 13:00 7,334 --a--c--- D:\WINDOWS\system32\dllcache\wmerrenu.cat
2008-10-11 23:47 . 2008-10-11 23:47 <DIR> d-------- D:\Documents and Settings\Slonko\Application Data\Raia
2008-10-11 23:45 . 2008-10-11 23:45 <DIR> d-------- D:\Documents and Settings\Slonko\Application Data\ShadeExplorer
2008-10-11 23:43 . 2008-10-11 23:43 <DIR> d-------- D:\Program Files\e frontier
2008-10-11 10:38 . 2008-10-14 18:12 9,459 --a------ D:\WINDOWS\setupapi.old
2008-10-11 10:37 . 2008-10-11 10:37 <DIR> d-------- D:\Program Files\Edgard Multimedia
2008-10-10 22:42 . 1998-03-20 13:01 299,008 --a------ D:\WINDOWS\uninst.exe
2008-10-10 22:39 . 2008-10-10 22:42 <DIR> d-------- D:\Program Files\Virtual Look Twoje Nowe Oblicze
2008-10-10 22:23 . 2008-10-10 22:23 <DIR> d-------- D:\Program Files\MoorHunt
2008-10-10 16:36 . 2008-10-10 16:36 <DIR> d--h-c--- D:\Documents and Settings\All Users\Application Data\{8CC5CF4A-124E-41BA-B58C-A41F05BE09CC}
2008-10-10 16:35 . 2008-10-10 16:35 <DIR> d-------- D:\Program Files\Stardock
2008-10-06 12:53 . 2008-10-06 12:53 <DIR> d-------- D:\Program Files\Ashampoo
2008-10-06 12:53 . 2008-10-06 12:53 <DIR> d-------- D:\Documents and Settings\Slonko\Application Data\Ashampoo
2008-10-06 12:53 . 2008-10-06 12:53 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\ashampoo
2008-10-06 11:28 . 2008-10-06 11:28 0 --a------ D:\WINDOWS\Irremote.ini
2008-10-05 23:06 . 2008-10-05 23:06 <DIR> d-------- D:\Program Files\FDRLab
2008-10-05 23:06 . 2008-10-05 23:06 <DIR> d-------- D:\Documents and Settings\Slonko\Application Data\FDRLab
2008-10-04 13:26 . 2008-10-04 13:26 <DIR> d-------- D:\Documents and Settings\Slonko\Application Data\Obsidium
2008-10-04 13:16 . 2008-10-04 13:16 <DIR> d-------- D:\Documents and Settings\Slonko\Application Data\JockerSoft
2008-09-30 21:23 . 2008-09-30 21:23 <DIR> d-------- D:\Documents and Settings\Slonko\Application Data\LogMeIn Rescue
2008-09-30 21:22 . 2008-09-30 21:22 <DIR> d-------- D:\Program Files\LogMeIn Rescue
2008-09-22 22:25 . 2008-09-22 22:25 <DIR> d-------- D:\Program Files\uTorrent
2008-09-21 23:33 . 2008-09-21 23:33 13 --a------ D:\WINDOWS\system32\WinSys32.crc
2008-09-21 23:19 . 2008-09-21 23:19 <DIR> d-------- D:\Documents and Settings\Slonko\Application Data\.freeciv
2008-09-21 23:18 . 2008-09-21 23:18 <DIR> d-------- D:\Documents and Settings\Slonko\Application Data\.ggz
2008-09-21 22:59 . 2008-09-21 22:59 <DIR> d-------- D:\Documents and Settings\Slonko\Application Data\BitSpirit
2008-09-21 19:41 . 2008-09-21 19:41 <DIR> d-------- D:\Program Files\BlueVoda Website Builder
2008-09-21 19:41 . 2004-11-22 20:56 913,560 --a------ D:\WINDOWS\system32\wodFtpDLX.ocx
2008-09-21 19:41 . 2008-09-21 19:40 737,280 --a------ D:\WINDOWS\iun6002.exe
2008-09-21 19:41 . 1999-03-22 12:29 233,472 --a------ D:\WINDOWS\system32\Ilda32.dll
2008-09-21 19:41 . 1998-06-17 04:00 18,944 --a------ D:\WINDOWS\system32\BORLNDMM.DLL
2008-09-21 19:40 . 2008-09-21 23:24 <DIR> d-------- D:\Program Files\Screamer Radio
2008-09-21 19:38 . 2008-09-22 22:26 <DIR> d-------- D:\Program Files\BitSpirit
2008-09-19 17:31 . 2008-10-09 23:19 <DIR> d-------- D:\Documents and Settings\Slonko\Application Data\Lavasoft
2008-09-19 17:25 . 2008-09-19 17:25 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Prevx
2008-09-19 17:20 . 2008-09-19 20:11 <DIR> d-------- D:\Program Files\Hitman Pro
2008-09-17 13:12 . 2008-09-24 23:56 <DIR> d-------- D:\Program Files\Odkurzacz
2008-09-16 15:42 . 2008-09-28 06:34 <DIR> d-------- D:\WINDOWS\A3W_DATA
2008-09-16 15:37 . 2008-09-28 06:32 86 --a------ D:\WINDOWS\CIV.INI
2008-09-16 15:36 . 1994-08-24 00:00 188,960 --a------ D:\WINDOWS\system\WINGDE.DLL
2008-09-16 15:36 . 1994-09-21 00:00 92,208 --a------ D:\WINDOWS\system\WING.DLL
2008-09-16 15:36 . 1994-09-21 00:00 12,800 --a------ D:\WINDOWS\system32\WING32.DLL
2008-09-16 15:36 . 1994-09-21 00:00 6,736 --a------ D:\WINDOWS\system\WINGDIB.DRV
2008-09-16 15:36 . 1994-09-21 00:00 5,024 --a------ D:\WINDOWS\system\WINGPAL.WND

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-15 10:52 --------- d-----w D:\Documents and Settings\Slonko\Application Data\uTorrent
2008-10-15 10:47 --------- d-----w D:\Program Files\Nowe Gadu-Gadu
2008-10-15 10:44 --------- d--h--w D:\Program Files\InstallShield Installation Information
2008-10-15 10:44 --------- d-----w D:\Program Files\Hewlett-Packard
2008-10-15 08:41 --------- d-----w D:\Program Files\Spybot - Search & Destroy
2008-10-15 08:41 --------- d-----w D:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-15 08:08 --------- d-----w D:\Documents and Settings\Slonko\Application Data\skypePM
2008-10-12 22:17 --------- d-----w D:\Documents and Settings\Slonko\Application Data\Skype
2008-10-09 22:19 --------- d-----w D:\Program Files\Lavasoft
2008-10-08 18:56 --------- d-----w D:\Documents and Settings\Slonko\Application Data\OpenOffice.org2
2008-09-25 22:37 --------- d-----w D:\Program Files\Image Styles 4
2008-09-21 18:42 --------- d-----w D:\Program Files\Process Lasso
2008-09-19 19:10 --------- d---a-w D:\Documents and Settings\All Users\Application Data\TEMP
2008-09-17 12:26 --------- d-----w D:\Program Files\IrfanView
2008-09-17 12:25 --------- d-----w D:\Program Files\QuickTime
2008-09-17 12:25 --------- d-----w D:\Program Files\NAPI-PROJEKT
2008-09-15 12:12 1,846,400 ----a-w D:\WINDOWS\system32\win32k.sys
2008-09-11 20:09 --------- d-----w D:\Program Files\AutoMapa EU
2008-09-10 17:19 --------- d-----w D:\Program Files\Dealio
2008-09-10 14:20 --------- d-----w D:\Program Files\Microsoft LifeCam
2008-09-09 10:00 --------- d-----w D:\Program Files\Fotosizer
2008-09-09 08:21 --------- d-----w D:\Documents and Settings\Slonko\Application Data\Uniblue
2008-09-09 08:16 --------- d-----w D:\Program Files\FreshDevices
2008-09-08 10:41 333,824 ----a-w D:\WINDOWS\system32\drivers\srv.sys
2008-09-07 13:22 --------- d-----w D:\Program Files\Common Files\GTK
2008-09-07 13:16 --------- d-----w D:\Documents and Settings\Slonko\Application Data\Tlen.pl
2008-09-07 13:15 --------- d-----w D:\Program Files\Tlen.pl
2008-09-06 20:02 --------- d-----w D:\Program Files\ALLPlayer
2008-09-06 12:52 --------- d-----w D:\Program Files\Huawei technologies
2008-09-05 22:36 --------- d-----w D:\Program Files\Monopoly Here & Now Edition
2008-09-05 21:40 --------- d-----w D:\Program Files\AutoTek
2008-09-05 16:23 --------- d-----w D:\Documents and Settings\Slonko\Application Data\Nero
2008-09-05 16:22 --------- d-----w D:\Program Files\Common Files\Nero
2008-08-31 22:38 --------- d-----w D:\Documents and Settings\Slonko\Application Data\Canneverbe_Limited
2008-08-28 07:46 74,752 ----a-w D:\WINDOWS\system32\msw3prt.dll
2008-08-28 07:46 104,960 ----a-w D:\WINDOWS\system32\win32spl.dll
2008-08-25 09:47 --------- d-----w D:\Program Files\Snoodoku
2008-08-24 20:57 --------- d-----w D:\Documents and Settings\Slonko\Application Data\Reflexive
2008-08-24 20:36 --------- d-----w D:\Program Files\Ancient Quest of Saqqarah
2008-08-24 20:36 --------- d-----w D:\Documents and Settings\Slonko\Application Data\Ancient Quest of Saqqarah__bfg
2008-08-24 19:32 --------- d-----w D:\Documents and Settings\Slonko\Application Data\Windows Search
2008-08-24 19:29 --------- d-----w D:\Program Files\Microsoft Silverlight
2008-08-24 19:23 --------- d-----w D:\Program Files\MSXML 4.0
2008-08-22 18:17 --------- d-----w D:\Documents and Settings\Slonko\Application Data\dvdcss
2008-08-21 10:17 --------- d-----w D:\Program Files\A4Desk
2008-08-20 21:35 138,752 ----a-w D:\WINDOWS\system32\sndvol32.exe
2008-08-20 05:30 666,112 ----a-w D:\WINDOWS\system32\wininet.dll
2008-08-19 17:24 409,600 ----a-w D:\WINDOWS\system32\wrap_oal.dll
2008-08-19 17:24 114,688 ----a-w D:\WINDOWS\system32\OpenAL32.dll
2008-08-19 17:24 --------- d-----w D:\Program Files\Puzzle Quest
2008-08-19 17:24 --------- d-----w D:\Program Files\OpenAL
2008-08-19 17:22 --------- d-----w D:\Documents and Settings\Slonko\Application Data\Atari
2008-08-19 17:17 --------- d-----w D:\Documents and Settings\Slonko\Application Data\Leadertech
2008-08-18 16:43 --------- d-----w D:\Documents and Settings\Slonko\Application Data\WeatherWatcher
2008-08-17 16:01 --------- d-----w D:\Program Files\Snow Queen Mahjong
2008-08-17 15:58 --------- d-----w D:\Program Files\Common Files\stardock
2008-08-17 15:57 2,560 ----a-w D:\WINDOWS\_MSRSTRT.EXE
2008-08-17 15:56 --------- d-----w D:\Program Files\Chameleon Desktop
2008-08-15 14:55 --------- d-----w D:\Program Files\BFG
2008-08-14 10:09 2,145,280 ----a-w D:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 09:33 2,023,936 ----a-w D:\WINDOWS\system32\ntkrnlpa.exe
2008-08-12 16:42 2,828 --sha-w D:\WINDOWS\system32\KGyGaAvL.sys
2008-07-29 22:27 1,122,304 ---ha-w D:\WINDOWS\system32\wodfamop.dll
2008-07-18 21:10 94,920 ----a-w D:\WINDOWS\system32\cdm.dll
2008-07-18 21:10 53,448 ----a-w D:\WINDOWS\system32\wuauclt.exe
2008-07-18 21:10 45,768 ----a-w D:\WINDOWS\system32\wups2.dll
2008-07-18 21:10 36,552 ----a-w D:\WINDOWS\system32\wups.dll
2008-07-18 21:09 563,912 ----a-w D:\WINDOWS\system32\wuapi.dll
2008-07-18 21:09 325,832 ----a-w D:\WINDOWS\system32\wucltui.dll
2008-07-18 21:09 205,000 ----a-w D:\WINDOWS\system32\wuweb.dll
2008-07-18 21:09 1,811,656 ----a-w D:\WINDOWS\system32\wuaueng.dll
2008-07-18 21:07 270,880 ----a-w D:\WINDOWS\system32\mucltui.dll
2008-07-18 21:07 210,976 ----a-w D:\WINDOWS\system32\muweb.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 1832272]
"ctfmon.exe"="D:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"Nowe Gadu-Gadu"="D:\Program Files\Nowe Gadu-Gadu\gg.exe" [2008-10-10 6500960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="D:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1040384]
"egui"="D:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 1443072]
"IgfxTray"="D:\WINDOWS\system32\igfxtray.exe" [2007-09-18 141848]
"Persistence"="D:\WINDOWS\system32\igfxpers.exe" [2007-09-18 137752]
"MSConfig"="D:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2008-04-14 169984]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="D:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="D:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2007-09-18 22:29 166424 D:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Odkurzacz-MCD]
--a------ 2008-08-16 16:01 264704 D:\Program Files\Odkurzacz\odk_mcd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ProcessGovernor]
--a------ 2008-09-18 19:41 127488 D:\Program Files\Process Lasso\ProcessGovernor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ProcessSupervisorGUI]
--a------ 2008-09-18 19:42 277504 D:\Program Files\Process Lasso\ProcessLasso.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]
--a------ 2008-06-03 16:40 177456 D:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 10:50 413696 D:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX1000]
--a------ 2006-10-13 17:04 707376 D:\WINDOWS\vVX1000.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ProtexisLicensing"=2 (0x2)
"FLEXnet Licensing Service"=3 (0x3)
"Bonjour Service"=2 (0x2)
"MSCamSvc"=2 (0x2)
"McAfeeFramework"=2 (0x2)
"iPod Service"=3 (0x3)
"Com4QLBEx"=3 (0x3)
"aawservice"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"D:\\Program Files\\Nowe Gadu-Gadu\\gg.exe"=
"D:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"D:\\Program Files\\Common Files\\Nero\\Nero Web\\SetupX.exe"=
"D:\\Program Files\\Tlen.pl\\tlen.exe"=
"D:\\WINDOWS\\system32\\mmc.exe"=
"D:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"D:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"D:\\Program Files\\uTorrent\\uTorrent.exe"=
"D:\\Documents and Settings\\Slonko\\Desktop\\utorrent.exe"=
"D:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 epfwtdir;epfwtdir;D:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2007-12-21 33800]
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;D:\WINDOWS\system32\NSNDIS5.SYS [2004-03-24 17280]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);D:\WINDOWS\system32\DRIVERS\s115bus.sys [2007-04-23 83208]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;D:\WINDOWS\system32\DRIVERS\s115mdfl.sys [2007-04-23 15112]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;D:\WINDOWS\system32\DRIVERS\s115mdm.sys [2007-04-23 108680]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);D:\WINDOWS\system32\DRIVERS\s115mgmt.sys [2007-04-23 100488]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;D:\WINDOWS\system32\DRIVERS\s115obex.sys [2007-04-23 98568]
S3 VX1000;VX-1000;D:\WINDOWS\system32\DRIVERS\VX1000.sys [2006-10-13 1966000]
S4 Com4QLBEx;Com4QLBEx;D:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
S4 MSCamSvc;MSCamSvc;D:\Program Files\Microsoft LifeCam\MSCamS32.exe [2006-10-13 207664]

*Newly Created Service* - MDMXSDK
*Newly Created Service* - TMCOMM
.
Contents of the 'Scheduled Tasks' folder

2008-10-15 D:\WINDOWS\Tasks\MP Scheduled Scan.job
- D:\Program Files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]

2008-10-15 D:\WINDOWS\Tasks\RegCure Program Check.job
- D:\Program Files\RegCure\RegCure.exe []

2008-10-10 D:\WINDOWS\Tasks\RegCure.job
- D:\Program Files\RegCure\RegCure.exe []
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-Google Update - D:\Documents and Settings\Slonko\Local Settings\Application Data\Google\Update\GoogleUpdate.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - D:\Documents and Settings\Slonko\Application Data\Mozilla\Firefox\Profiles\hqbghc5o.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - wp.pl
FF -: plugin - D:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF -: plugin - D:\Documents and Settings\Slonko\Application Data\Mozilla\Firefox\Profiles\hqbghc5o.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll
FF -: plugin - D:\Documents and Settings\Slonko\Application Data\Mozilla\Firefox\Profiles\hqbghc5o.default\extensions\TechnicianConsole@logmeinrescue.com\platform\WINNT\plugins\npRescue.dll
FF -: plugin - D:\Program Files\Mozilla Firefox\plugins\NPCARDS.dll
FF -: plugin - D:\Program Files\Mozilla Firefox\plugins\NPDARTS.dll
FF -: plugin - D:\Program Files\Mozilla Firefox\plugins\NPSUDOKU.dll
FF -: plugin - D:\Program Files\Mozilla Firefox\plugins\NPWORDSSINGLE.dll
FF -: plugin - D:\Program Files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-15 22:53:54
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ASFWHide]
"ImagePath"="\??\D:\DOCUME~1\Slonko\LOCALS~1\Temp\ASFWHide"
.
Completion time: 2008-10-15 22:55:05
ComboFix-quarantined-files.txt 2008-10-15 21:54:52
ComboFix2.txt 2008-10-15 12:47:24

Pre-Run: 4,715,081,728 bytes free
Post-Run: 4,837,064,704 bytes free

292 --- E O F --- 2008-10-15 14:21:40




prosze o pomoc,,please..................
miga start i ikonki na pulpicie,a po 18 sam sie probowal wylogowywac

[Okocza]

slonkojustynka, załóż swój temat, nazwij go odpowiednio, wstaw logi w tagi code