proszę o sprawdzenie loga (privacy protector)

[finarfin]

Proszę o sprawdzenie loga na pulpicie pokazują mi się 3 ikonki :
- Privacy Protector
- Error Cleaner
- Spyware&Malware Protection
próbują łączyć mi się przez IE ze stronami do pobrania tego oprogramowania i blokują mi też pulpit podmieniając tapetę jako stronę web
poniżej podaje loga z combofixa

Kod: Zaznacz wszystko

ComboFix 08-03-01.3 - Akniol 2008-03-01 13:43:33.57 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Professional  5.1.2600.2.1250.1.1045.18.89 [GMT 1:00]
Running from: E:\ComboFix.exe
* Created a new restore point

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Akniol\Ulubione\Error Cleaner.url
C:\Documents and Settings\Akniol\Ulubione\Privacy Protector.url
C:\Documents and Settings\Akniol\Ulubione\Spyware&Malware Protection.url
C:\Documents and Settings\All Users\Dane aplikacji\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Dane aplikacji\Microsoft\Network\Downloader\qmgr1.dat
C:\WINDOWS\privacy_danger
C:\WINDOWS\privacy_danger\images\capt.gif
C:\WINDOWS\privacy_danger\images\danger.jpg
C:\WINDOWS\privacy_danger\images\down.gif
C:\WINDOWS\privacy_danger\images\spacer.gif
C:\WINDOWS\privacy_danger\index.htm
C:\WINDOWS\smdat32a.sys
C:\WINDOWS\smdat32m.sys
.
---- Previous Run -------
.
C:\Documents and Settings\Akniol\Pulpit\Error Cleaner.url
C:\Documents and Settings\Akniol\Pulpit\Privacy Protector.url
C:\Documents and Settings\Akniol\Pulpit\Spyware&Malware Protection.url
C:\Documents and Settings\Akniol\Ulubione\Error Cleaner.url
C:\Documents and Settings\Akniol\Ulubione\Privacy Protector.url
C:\Documents and Settings\Akniol\Ulubione\Spyware&Malware Protection.url
C:\Documents and Settings\All Users\Dane aplikacji\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Dane aplikacji\Microsoft\Network\Downloader\qmgr1.dat
C:\setup.exe
C:\WINDOWS\dat.txt
C:\WINDOWS\dwrmntsqld.dll
C:\WINDOWS\dwrmntssfd.dll
C:\WINDOWS\edfqvrw.dll
C:\WINDOWS\system32\p2pnetworking.exe
C:\WINDOWS\xpupdate.exe

----- BITS: Possible infected sites -----

hxxp://softworldnetwork.com
.
(((((((((((((((((((((((((   Files Created from 2008-02-01 to 2008-03-01  )))))))))))))))))))))))))))))))
.

2008-03-01 13:40 . 2004-08-03 22:44   395,776   --a------   C:\CF3593.exe
2008-02-28 14:24 . 2008-02-28 14:24   <DIR>   d--------   C:\Documents and Settings\Akniol\Dane aplikacji\Filter Forge Freepack 2 - Photo Effects
2008-02-28 14:14 . 2008-02-28 14:14   <DIR>   d--------   C:\Program Files\Filter Forge Freepack 2 - Photo Effects
2008-02-28 14:14 . 2006-11-10 18:41   1,030,144   --a------   C:\WINDOWS\system32\dbghelp-xfw.dll
2008-02-22 00:57 . 2008-02-22 00:57   <DIR>   d--------   C:\Documents and Settings\Akniol\Dane aplikacji\Tiffen
2008-02-22 00:54 . 2008-02-22 00:54   <DIR>   d--------   C:\WINDOWS\MSSecurityNS
2008-02-22 00:54 . 2008-02-22 00:54   <DIR>   d--------   C:\WINDOWS\MSSecurityNi
2008-02-22 00:52 . 2008-02-22 00:52   0   --ah-----   C:\WINDOWS\?AstInfo.dat
2008-02-17 15:36 . 2008-02-17 15:36   <DIR>   d--------   C:\Program Files\directx
2008-02-17 15:36 . 2008-02-17 15:36   <DIR>   d--------   C:\Program Files\Common Files\Roxio Shared
2008-02-17 15:36 . 2008-02-17 15:36   <DIR>   d--------   C:\Program Files\Common Files\Adaptec Shared
2008-02-17 15:36 . 2008-02-17 15:36   57,344   --a------   C:\WINDOWS\uneng.exe
2008-02-17 15:36 . 2008-02-17 15:36   49,152   --a------   C:\WINDOWS\system32\cdrtc.dll
2008-02-17 15:36 . 2008-02-17 15:36   45,056   --a------   C:\WINDOWS\system32\cdral.dll
2008-02-16 23:29 . 2008-02-16 23:29   <DIR>   d--------   C:\Documents and Settings\Akniol\Dane aplikacji\Alien Skin
2008-02-16 23:26 . 2008-02-16 23:26   <DIR>   d--------   C:\Program Files\Alien Skin
2008-02-16 22:49 . 2008-02-16 22:49   147,456   --a------   C:\WINDOWS\system32\vbzip10.dll
2008-02-14 09:35 . 2008-02-14 09:35   <DIR>   d--------   C:\Program Files\Mozilla Firefox 3 Beta 3
2008-02-13 16:39 . 2008-02-24 15:08   663,680   --a------   C:\WINDOWS\system32\GDIPFONTCACHEV1.DAT
2008-02-12 09:41 . 2004-08-03 22:44   395,776   --a------   C:\WINDOWS\system32\kmd.exe
2008-02-09 18:04 . 2008-02-09 18:04   <DIR>   d--------   C:\Program Files\photoshop
2008-02-09 05:41 . 2008-02-09 05:41   <DIR>   d--------   C:\Program Files\Common Files\Adobe Systems Shared
2008-02-09 05:41 . 2008-02-09 05:41   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\Macrovision
2008-02-09 05:40 . 2008-02-09 05:40   <DIR>   d--------   C:\Program Files\Common Files\Adobe
2008-02-07 21:54 . 2008-02-07 21:54   <DIR>   d--------   C:\Program Files\Google
2008-02-03 18:49 . 2008-02-03 18:49   3,240   --a------   C:\WINDOWS\jgswt-br24.ini
2008-02-03 18:48 . 2008-02-03 18:48   <DIR>   d--------   C:\Program Files\PhotoArtist Express
2008-02-03 02:38 . 2008-02-02 09:19   262,144   --a------   C:\WINDOWS\afxlspw.dll
2008-02-03 02:38 . 2008-02-02 09:19   229,376   --a------   C:\WINDOWS\bfrgnos.dll
2008-02-03 02:38 . 2008-02-02 16:47   81,920   --a------   C:\WINDOWS\frplprg.exe
2008-02-02 19:12 . 2008-02-02 19:12   <DIR>   d--------   C:\Program Files\Mozilla Firefox 3 Beta 2

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-08 20:32   6,164   --sha-w   C:\WINDOWS\system32\KGyGaAvL.sys
2008-01-30 00:09   13,312   ----a-w   C:\WINDOWS\system32\msvcled.dll
2008-01-29 00:52   ---------   d-----w   C:\Program Files\K-Lite Codec Pack
2008-01-29 00:52   ---------   d-----w   C:\Documents and Settings\Akniol\Dane aplikacji\Media Player Classic
2007-01-01 12:41   20   ---h--w   C:\Documents and Settings\All Users\Dane aplikacji\PKP_DLec.DAT
2006-12-28 11:08   30   ----a-w   C:\Program Files\Exiferupdate.ini
2004-10-01 14:00   40,960   ----a-w   C:\Program Files\Uninstall_CDS.exe
2006-07-13 19:22   88   --sh--r   C:\WINDOWS\system32\357CF7D4EA.sys
2007-09-08 16:19   23   --sha-w   C:\WINDOWS\system32\febe1_r.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\PixVue EXIF]
@={3E57A8B6-849B-476E-A3E9-CFCE49E3662A}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\PixVue EXIF & IPTC]
@={E3F36090-0540-418f-8136-074D5B255B59}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\PixVue EXIF & XMP]
@={E1C1BE26-35A8-4999-A3A6-235CB7BD558B}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\PixVue EXIF & XMP & IPTC]
@={2E9BD3CA-A57F-450b-B1BA-A6A58C0C1D51}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\PixVue IPTC]
@={BCA5FB3A-9FC1-4465-ACE3-8C2072449164}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\PixVue XMP]
@={F0C13C81-FB8D-464e-873F-F8FF999E3EEC}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\PixVue XMP & IPTC]
@={0117FFFB-91FD-414E-AC34-A00531032006}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-11-14 11:54 2131392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2006-05-10 13:01 270376]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 12:22 7700480]
"NvMediaCenter"="NvMCTray.dll" [2006-10-22 12:22 86016 C:\WINDOWS\system32\nvmctray.dll]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
D-Link AirPlus.lnk - C:\Program Files\D-Link AirPlus\AirPlus.exe [2006-01-26 20:55:21 262144]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoChangeKeyboardNavigationIndicators"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"afxlspw"= {89ECF207-AAB5-407C-9153-17CB614A2A5A} - C:\WINDOWS\afxlspw.dll [2008-02-02 09:19 262144]
"bfrgnos"= {37011CC9-91B1-476B-9D42-48123BB07434} - C:\WINDOWS\bfrgnos.dll [2008-02-02 09:19 229376]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages   REG_MULTI_SZ      scecli scecli scecli

[HKLM\~\startupfolder\C:^Documents and Settings^Akniol^Menu Start^Programy^Autostart^A4Proxy.lnk]
backup=C:\WINDOWS\pss\A4Proxy.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Akniol^Menu Start^Programy^Autostart^BitComet Acceleration Patch.lnk]
backup=C:\WINDOWS\pss\BitComet Acceleration Patch.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Akniol^Menu Start^Programy^Autostart^Rapidown.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^Akniol^Menu Start^Programy^Autostart^Rejestrowanie produktów Corela.lnk]
backup=C:\WINDOWS\pss\Rejestrowanie produktów Corela.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Akniol^Menu Start^Programy^Autostart^Yahoo! Widget Engine.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^GetRight - Tray Icon.lnk]
backup=C:\WINDOWS\pss\GetRight - Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Microsoft Office.lnk]
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AQQ]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitDownload]
G:\Programs\BitDownload\BitDownload.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CafeNews]
E:\Programy\CafeNews\CN.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\combofix]
--a------ 2004-08-03 22:44 395776 C:\WINDOWS\system32\kmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CoolSwitch]
--a------ 2002-03-19 17:30 45632 C:\WINDOWS\system32\taskswitch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-03 22:44 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
--a------ 2004-08-22 17:05 81920 C:\Program Files\D-Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EdHTML]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
C:\Program Files\Google\Google Talk\googletalk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IESet]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Komunikator]
--a------ 2007-10-05 15:20 6226432 C:\Program Files\Tlen.pl\tlen.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LGODDFU]
--a------ 2005-04-12 10:11 229376 C:\Program Files\lg_fwupdate\fwupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Magsmeowboldtitle]
--a------ 2007-05-30 16:27 522752 C:\Documents and Settings\All Users\Dane aplikacji\jugsboobmagsmeow\Mfcd Cake.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2005-10-13 01:29 7086080 C:\Program Files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
--a------ 2004-01-16 14:37 1748992 C:\Program Files\Ahead\Nero BackItUp\NBJ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nod32kui]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2006-10-22 12:22 1622016 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\One view global this]
--a------ 2007-11-17 22:44 659968 C:\Documents and Settings\All Users\Dane aplikacji\MPEG ELSE ONE VIEW\glue play.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
C:\WINDOWS\system32\oodtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb]
C:\Program Files\Winamp Remote\bin\OrbTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerBar]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealPlayer]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2003-12-08 17:35 32768 C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
--a------ 2006-12-18 17:32 25365032 C:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2003-01-10 04:39 46592 C:\WINDOWS\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Stefan]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2006-11-09 15:07 49263 C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TopDesk]
--a------ 2006-03-01 19:03 201216 C:\Program Files\TopDesk\topdesk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdService]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSave]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows update loader]
C:\Windows\xpupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XPRepairPro2007]
--a------ 2007-04-06 23:12 1015808 D:\Program Files\XP Repair Pro 2007\XPRepairPro.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

R0 avgntmgr;avgntmgr;C:\WINDOWS\system32\drivers\avgntmgr.sys [2005-07-06 14:15]
R1 avgntdd;avgntdd;C:\WINDOWS\system32\DRIVERS\avgntdd.sys [2006-02-23 18:17]
R1 VD_FileDisk;VD_FileDisk;C:\WINDOWS\system32\drivers\VD_FileDisk.sys [2006-01-13 14:00]
R2 bannerboard;bannerboard;C:\WINDOWS\system32\perver.exe [2007-10-30 22:28]
S3 AmdTools;AMD Special Tools Driver;C:\WINDOWS\system32\DRIVERS\AmdTools.sys []
S3 ed_bus;Encrypted Disk Manager;C:\WINDOWS\system32\DRIVERS\xcrdisk.sys [2004-02-17 15:37]
S3 im_bus;Paragon Image Mounter;C:\WINDOWS\system32\DRIVERS\imounter.sys []
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;C:\WINDOWS\System32\NSNDIS5.SYS [2004-03-24 04:12]
S3 usbscan;Sterownik skanera USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 21:08]
S3 V90drv;v90drv;C:\WINDOWS\system32\DRIVERS\v90drv.sys [2001-11-29 09:10]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-01 13:47:32
Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]
-> C:\WINDOWS\bfrgnos.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\astsrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\RunDLL32.exe
.
**************************************************************************
.
Completion time: 2008-03-01 13:49:03 - machine was rebooted [Akniol]
ComboFix2.txt  2008-02-10 17:08:52
ComboFix-quarantined-files.txt  2008-03-01 12:49:00


Z góry dziękuję za pomoc....

[wojtas]

Wykonaj to co jest podane w tym temacie

zastosuj:

smitfraudfix z opcji 2
(sciagasz -> uruchamiasz-> klikasz dowolny klawisz -> wpisujesz w programie 2 i enter potem czekasz chwile -> gdy wyskoczy pytanie w programie Do you want to clean the registry ? to wpisujesz literke Y i znowu enter i czekasz do wyskoczenia raportu (znak ze skan dobiegł konca)

Zastosuj SDFix . Po pobraniu uruchom go a rozpakuje się do C:\SDFix. Uruchom komputer w trybie awaryjnym (F8 przy stracie systemu). Będąc w awaryjnym uruchom plik RunThis.bat z folderu SDFixa. Zatwierdź czyszczenie przez Y. Poczekaj aż ukończy i komputer zresetuje

Potem wejdz do folderu C:\SDFix wrzuc zawartość pliku Report.txt + log z combofixa oraz z hijacka

[finarfin]

Wymagać tyle od kobiety... no ale chyba udało mi sie zrobić wszystko tak jak trzeba jeszcze raz dziękuje i pozdrawiam...

[wojtas]

wszystko jest ładnie opisane mam nadzieje że Pani sobie poradzi czekam na logi po pracy

[finarfin]

0a oto logi

SmitFraudFix v2.299

Kod: Zaznacz wszystko

SmitFraudFix v2.299

Scan done at 15:44:43,38, 2008-03-01
Run from C:\Documents and Settings\Akniol\Pulpit\Instalki\SmitfraudFix
OS: Microsoft Windows XP [Wersja 5.1.2600] - Windows_NT
The filesystem type is FAT32
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1       localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
C:\WINDOWS\afxlspw.dll deleted.


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\frplprg.exe Deleted

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: D-Link AirPlus DWL-520+ Wireless PCI Adapter - Sterownik miniport Harmonogramu pakietów
DNS Server Search Order: 192.168.0.1
DNS Server Search Order: 194.204.159.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{C0B4E6B4-3C3B-4628-9841-266172011C11}: NameServer=192.168.0.1,194.204.159.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{C0B4E6B4-3C3B-4628-9841-266172011C11}: NameServer=192.168.0.1,194.204.159.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{C0B4E6B4-3C3B-4628-9841-266172011C11}: NameServer=192.168.0.1,194.204.159.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{C0B4E6B4-3C3B-4628-9841-266172011C11}: NameServer=192.168.0.1,194.204.159.1


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End



SDFix

Kod: Zaznacz wszystko

[b]SDFix: Version 1.150 [/b]

Run by Akniol on 2008-03-01 at 16:08

Microsoft Windows XP [Wersja 5.1.2600]
Running From: C:\SDFix

[b]Checking Services [/b]:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting


[b]Checking Files [/b]:

Trojan Files Found:

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat - Contains Links to Malware Sites! - Deleted
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat - Contains Links to Malware Sites! - Deleted
C:\WINDOWS\system32\o  - Deleted
C:\WINDOWS\system32\winsecurityxp\mswinup.exe  - Deleted





Removing Temp Files

[b]ADS Check [/b]:



                                 [b]Final Check [/b]:

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-01 16:13:39
Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


[b]Remaining Services [/b]:



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[b]Remaining Files [/b]:


File Backups: - C:\SDFix\backups\backups.zip

[b]Files with Hidden Attributes [/b]:

Fri  8 Feb 2008         6,164 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
Thu 13 Jul 2006            88 ..SHR --- "C:\WINDOWS\system32\357CF7D4EA.sys"
Fri 26 Oct 2001        20,491 A..H. --- "C:\WINDOWS\system32\MFC421.dll"
Sat  8 Sep 2007            23 A.SH. --- "C:\WINDOWS\system32\febe1_r.dll"
Fri  8 Feb 2008            88 ..SHR --- "C:\WINDOWS\system32\B12BA821D4.sys"
Fri 31 Mar 2006         4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Tue  4 Dec 2007        19,456 ...H. --- "C:\Documents and Settings\Akniol\Dane aplikacji\Microsoft\Word\~WRL2936.tmp"
Tue  4 Dec 2007        20,480 ...H. --- "C:\Documents and Settings\Akniol\Dane aplikacji\Microsoft\Word\~WRL1377.tmp"
Tue  4 Dec 2007        21,504 ...H. --- "C:\Documents and Settings\Akniol\Dane aplikacji\Microsoft\Word\~WRL1534.tmp"
Tue  4 Dec 2007        22,528 ...H. --- "C:\Documents and Settings\Akniol\Dane aplikacji\Microsoft\Word\~WRL1252.tmp"
Tue  4 Dec 2007        24,064 ...H. --- "C:\Documents and Settings\Akniol\Dane aplikacji\Microsoft\Word\~WRL1535.tmp"
Tue  4 Dec 2007        24,576 ...H. --- "C:\Documents and Settings\Akniol\Dane aplikacji\Microsoft\Word\~WRL0564.tmp"
Tue 28 Feb 2006        45,568 ...H. --- "C:\Documents and Settings\Akniol\Dane aplikacji\Microsoft\Word\~WRL0004.tmp"
Sat  8 Sep 2007       262,144 A..H. --- "C:\Documents and Settings\Akniol\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat.bak_jv16pt"

[b]Finished![/b]

nowy log z combofixa

Kod: Zaznacz wszystko

ComboFix 08-03-01.3 - Akniol 2008-03-01 19:08:24.1 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Professional  5.1.2600.2.1250.1.1045.18.42 [GMT 1:00]
Running from: E:\ComboFix.exe
* Created a new restore point

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

(((((((((((((((((((((((((   Files Created from 2008-02-01 to 2008-03-01  )))))))))))))))))))))))))))))))
.

2008-03-01 16:06 . 2008-03-01 16:06   <DIR>   d--------   C:\WINDOWS\ERUNT
2008-03-01 16:02 . 2008-03-01 13:18   <DIR>   d--------   C:\SDFix
2008-03-01 15:45 . 2008-03-01 15:45   1,648   --a------   C:\WINDOWS\system32\tmp.reg
2008-03-01 15:44 . 2007-09-05 23:22   289,144   --a------   C:\WINDOWS\system32\VCCLSID.exe
2008-03-01 15:44 . 2006-04-27 16:49   288,417   --a------   C:\WINDOWS\system32\SrchSTS.exe
2008-03-01 15:44 . 2008-02-28 11:37   86,016   --a------   C:\WINDOWS\system32\VACFix.exe
2008-03-01 15:44 . 2008-02-29 23:48   82,432   --a------   C:\WINDOWS\system32\IEDFix.exe
2008-03-01 15:44 . 2003-06-05 20:13   53,248   --a------   C:\WINDOWS\system32\Process.exe
2008-03-01 15:44 . 2004-07-31 17:50   51,200   --a------   C:\WINDOWS\system32\dumphive.exe
2008-03-01 15:44 . 2007-10-03 23:36   25,600   --a------   C:\WINDOWS\system32\WS2Fix.exe
2008-03-01 15:30 . 2008-03-01 15:30   <DIR>   dr-------   C:\Documents and Settings\LocalService\Moje dokumenty
2008-03-01 15:29 . 2008-03-01 15:30   <DIR>   dr-------   C:\Documents and Settings\LocalService\Ulubione
2008-03-01 15:29 . 2008-03-01 15:30   <DIR>   d--------   C:\Documents and Settings\LocalService\Pulpit
2008-03-01 15:20 . 2008-03-01 15:20   <DIR>   d--------   C:\Program Files\Spyware Doctor
2008-03-01 15:20 . 2008-03-01 15:20   <DIR>   d--------   C:\Documents and Settings\Akniol\Dane aplikacji\PC Tools
2008-03-01 15:20 . 2007-12-10 14:53   81,288   --a------   C:\WINDOWS\system32\drivers\iksyssec.sys
2008-03-01 15:20 . 2007-12-10 14:53   66,952   --a------   C:\WINDOWS\system32\drivers\iksysflt.sys
2008-03-01 15:20 . 2007-12-10 14:53   41,864   --a------   C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-03-01 15:20 . 2007-12-10 14:53   29,576   --a------   C:\WINDOWS\system32\drivers\kcom.sys
2008-03-01 13:40 . 2004-08-03 22:44   395,776   --a------   C:\CF3593.exe
2008-02-28 14:24 . 2008-02-28 14:24   <DIR>   d--------   C:\Documents and Settings\Akniol\Dane aplikacji\Filter Forge Freepack 2 - Photo Effects
2008-02-28 14:14 . 2008-02-28 14:14   <DIR>   d--------   C:\Program Files\Filter Forge Freepack 2 - Photo Effects
2008-02-28 14:14 . 2006-11-10 18:41   1,030,144   --a------   C:\WINDOWS\system32\dbghelp-xfw.dll
2008-02-22 00:57 . 2008-02-22 00:57   <DIR>   d--------   C:\Documents and Settings\Akniol\Dane aplikacji\Tiffen
2008-02-22 00:54 . 2008-02-22 00:54   <DIR>   d--------   C:\WINDOWS\MSSecurityNS
2008-02-22 00:54 . 2008-02-22 00:54   <DIR>   d--------   C:\WINDOWS\MSSecurityNi
2008-02-22 00:52 . 2008-02-22 00:52   0   --ah-----   C:\WINDOWS\?AstInfo.dat
2008-02-17 15:36 . 2008-02-17 15:36   <DIR>   d--------   C:\Program Files\directx
2008-02-17 15:36 . 2008-02-17 15:36   <DIR>   d--------   C:\Program Files\Common Files\Roxio Shared
2008-02-17 15:36 . 2008-02-17 15:36   <DIR>   d--------   C:\Program Files\Common Files\Adaptec Shared
2008-02-17 15:36 . 2008-02-17 15:36   57,344   --a------   C:\WINDOWS\uneng.exe
2008-02-17 15:36 . 2008-02-17 15:36   49,152   --a------   C:\WINDOWS\system32\cdrtc.dll
2008-02-17 15:36 . 2008-02-17 15:36   45,056   --a------   C:\WINDOWS\system32\cdral.dll
2008-02-16 23:29 . 2008-02-16 23:29   <DIR>   d--------   C:\Documents and Settings\Akniol\Dane aplikacji\Alien Skin
2008-02-16 23:26 . 2008-02-16 23:26   <DIR>   d--------   C:\Program Files\Alien Skin
2008-02-16 22:49 . 2008-02-16 22:49   147,456   --a------   C:\WINDOWS\system32\vbzip10.dll
2008-02-14 09:35 . 2008-02-14 09:35   <DIR>   d--------   C:\Program Files\Mozilla Firefox 3 Beta 3
2008-02-13 16:39 . 2008-02-24 15:08   663,680   --a------   C:\WINDOWS\system32\GDIPFONTCACHEV1.DAT
2008-02-12 09:41 . 2004-08-03 22:44   395,776   --a------   C:\WINDOWS\system32\kmd.exe
2008-02-09 18:04 . 2008-02-09 18:04   <DIR>   d--------   C:\Program Files\photoshop
2008-02-09 05:41 . 2008-02-09 05:41   <DIR>   d--------   C:\Program Files\Common Files\Adobe Systems Shared
2008-02-09 05:41 . 2008-02-09 05:41   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\Macrovision
2008-02-09 05:40 . 2008-02-09 05:40   <DIR>   d--------   C:\Program Files\Common Files\Adobe
2008-02-07 21:54 . 2008-02-07 21:54   <DIR>   d--------   C:\Program Files\Google
2008-02-03 18:49 . 2008-02-03 18:49   3,240   --a------   C:\WINDOWS\jgswt-br24.ini
2008-02-03 18:48 . 2008-02-03 18:48   <DIR>   d--------   C:\Program Files\PhotoArtist Express
2008-02-02 19:12 . 2008-02-02 19:12   <DIR>   d--------   C:\Program Files\Mozilla Firefox 3 Beta 2

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-08 20:32   6,164   --sha-w   C:\WINDOWS\system32\KGyGaAvL.sys
2008-01-30 00:09   13,312   ----a-w   C:\WINDOWS\system32\msvcled.dll
2008-01-29 00:52   ---------   d-----w   C:\Program Files\K-Lite Codec Pack
2008-01-29 00:52   ---------   d-----w   C:\Documents and Settings\Akniol\Dane aplikacji\Media Player Classic
2007-01-01 12:41   20   ---h--w   C:\Documents and Settings\All Users\Dane aplikacji\PKP_DLec.DAT
2006-12-28 11:08   30   ----a-w   C:\Program Files\Exiferupdate.ini
2004-10-01 14:00   40,960   ----a-w   C:\Program Files\Uninstall_CDS.exe
2006-07-13 19:22   88   --sh--r   C:\WINDOWS\system32\357CF7D4EA.sys
2007-09-08 16:19   23   --sha-w   C:\WINDOWS\system32\febe1_r.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\PixVue EXIF]
@={3E57A8B6-849B-476E-A3E9-CFCE49E3662A}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\PixVue EXIF & IPTC]
@={E3F36090-0540-418f-8136-074D5B255B59}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\PixVue EXIF & XMP]
@={E1C1BE26-35A8-4999-A3A6-235CB7BD558B}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\PixVue EXIF & XMP & IPTC]
@={2E9BD3CA-A57F-450b-B1BA-A6A58C0C1D51}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\PixVue IPTC]
@={BCA5FB3A-9FC1-4465-ACE3-8C2072449164}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\PixVue XMP]
@={F0C13C81-FB8D-464e-873F-F8FF999E3EEC}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\PixVue XMP & IPTC]
@={0117FFFB-91FD-414E-AC34-A00531032006}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-11-14 11:54 2131392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2006-05-10 13:01 270376]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 12:22 7700480]
"NvMediaCenter"="NvMCTray.dll" [2006-10-22 12:22 86016 C:\WINDOWS\system32\nvmctray.dll]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2007-12-10 14:53 1103752]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
D-Link AirPlus.lnk - C:\Program Files\D-Link AirPlus\AirPlus.exe [2006-01-26 20:55:21 262144]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoChangeKeyboardNavigationIndicators"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages   REG_MULTI_SZ      scecli scecli scecli

[HKLM\~\startupfolder\C:^Documents and Settings^Akniol^Menu Start^Programy^Autostart^A4Proxy.lnk]
backup=C:\WINDOWS\pss\A4Proxy.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Akniol^Menu Start^Programy^Autostart^BitComet Acceleration Patch.lnk]
backup=C:\WINDOWS\pss\BitComet Acceleration Patch.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Akniol^Menu Start^Programy^Autostart^Rapidown.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^Akniol^Menu Start^Programy^Autostart^Rejestrowanie produktów Corela.lnk]
backup=C:\WINDOWS\pss\Rejestrowanie produktów Corela.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Akniol^Menu Start^Programy^Autostart^Yahoo! Widget Engine.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^GetRight - Tray Icon.lnk]
backup=C:\WINDOWS\pss\GetRight - Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Microsoft Office.lnk]
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AQQ]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitDownload]
G:\Programs\BitDownload\BitDownload.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CafeNews]
E:\Programy\CafeNews\CN.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\combofix]
--a------ 2004-08-03 22:44 395776 C:\WINDOWS\system32\kmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CoolSwitch]
--a------ 2002-03-19 17:30 45632 C:\WINDOWS\system32\taskswitch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-03 22:44 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
--a------ 2004-08-22 17:05 81920 C:\Program Files\D-Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EdHTML]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
C:\Program Files\Google\Google Talk\googletalk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IESet]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Komunikator]
--a------ 2007-10-05 15:20 6226432 C:\Program Files\Tlen.pl\tlen.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LGODDFU]
--a------ 2005-04-12 10:11 229376 C:\Program Files\lg_fwupdate\fwupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Magsmeowboldtitle]
--a------ 2007-05-30 16:27 522752 C:\Documents and Settings\All Users\Dane aplikacji\jugsboobmagsmeow\Mfcd Cake.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2005-10-13 01:29 7086080 C:\Program Files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
--a------ 2004-01-16 14:37 1748992 C:\Program Files\Ahead\Nero BackItUp\NBJ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nod32kui]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2006-10-22 12:22 1622016 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\One view global this]
--a------ 2007-11-17 22:44 659968 C:\Documents and Settings\All Users\Dane aplikacji\MPEG ELSE ONE VIEW\glue play.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
C:\WINDOWS\system32\oodtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb]
C:\Program Files\Winamp Remote\bin\OrbTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerBar]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealPlayer]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2003-12-08 17:35 32768 C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
--a------ 2006-12-18 17:32 25365032 C:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2003-01-10 04:39 46592 C:\WINDOWS\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Stefan]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2006-11-09 15:07 49263 C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TopDesk]
--a------ 2006-03-01 19:03 201216 C:\Program Files\TopDesk\topdesk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdService]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSave]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows update loader]
C:\Windows\xpupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XPRepairPro2007]
--a------ 2007-04-06 23:12 1015808 D:\Program Files\XP Repair Pro 2007\XPRepairPro.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Gadu-Gadu\\gg.exe"=
"D:\\Program Files\\BitComet\\BitComet.exe"=

R0 avgntmgr;avgntmgr;C:\WINDOWS\system32\drivers\avgntmgr.sys [2005-07-06 14:15]
R1 avgntdd;avgntdd;C:\WINDOWS\system32\DRIVERS\avgntdd.sys [2006-02-23 18:17]
R1 VD_FileDisk;VD_FileDisk;C:\WINDOWS\system32\drivers\VD_FileDisk.sys [2006-01-13 14:00]
R2 bannerboard;bannerboard;C:\WINDOWS\system32\perver.exe [2007-10-30 22:28]
S3 AmdTools;AMD Special Tools Driver;C:\WINDOWS\system32\DRIVERS\AmdTools.sys []
S3 ed_bus;Encrypted Disk Manager;C:\WINDOWS\system32\DRIVERS\xcrdisk.sys [2004-02-17 15:37]
S3 im_bus;Paragon Image Mounter;C:\WINDOWS\system32\DRIVERS\imounter.sys []
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;C:\WINDOWS\System32\NSNDIS5.SYS [2004-03-24 04:12]
S3 usbscan;Sterownik skanera USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 21:08]
S3 V90drv;v90drv;C:\WINDOWS\system32\DRIVERS\v90drv.sys [2001-11-29 09:10]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-01 19:13:40
Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\astsrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\imapi.exe
.
**************************************************************************
.
Completion time: 2008-03-01 19:17:01 - machine was rebooted
ComboFix3.txt  2008-02-10 17:08:52
ComboFix-quarantined-files.txt  2008-03-01 18:16:56
ComboFix2.txt  2008-03-01 12:49:06

hmmm a co do loga z hijacka no to hmm zrobil swoja ale nie moge znalesc z niego loga

[wojtas]

Otworz notatnik i wklej w nim to:

File::
C:\CF3593.exe

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows update loader]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdService]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSave]

Driver::
bannerboard

Plik >>> zapisz jako CFScript.txt .Plik przeciągnij i upuść na ikonę ComboFixa (tak jak tu ) . odczekaj az wygeneruje sie nowy log i go daj na forum

[finarfin]

Kod: Zaznacz wszystko

ComboFix 08-03-01.3 - Akniol 2008-03-01 20:02:25.2 - [color=red][b]FAT32[/b][/color]x86
Running from: E:\ComboFix.exe
Command switches used :: C:\Documents and Settings\Akniol\Pulpit\CFScript.txt
* Created a new restore point

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]

FILE ::
C:\CF3593.exe
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\CF3593.exe

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_BANNERBOARD
-------\bannerboard


(((((((((((((((((((((((((   Files Created from 2008-02-01 to 2008-03-01  )))))))))))))))))))))))))))))))
.

2008-03-01 16:06 . 2008-03-01 16:06   <DIR>   d--------   C:\WINDOWS\ERUNT
2008-03-01 16:02 . 2008-03-01 13:18   <DIR>   d--------   C:\SDFix
2008-03-01 15:45 . 2008-03-01 15:45   1,648   --a------   C:\WINDOWS\system32\tmp.reg
2008-03-01 15:44 . 2007-09-05 23:22   289,144   --a------   C:\WINDOWS\system32\VCCLSID.exe
2008-03-01 15:44 . 2006-04-27 16:49   288,417   --a------   C:\WINDOWS\system32\SrchSTS.exe
2008-03-01 15:44 . 2008-02-28 11:37   86,016   --a------   C:\WINDOWS\system32\VACFix.exe
2008-03-01 15:44 . 2008-02-29 23:48   82,432   --a------   C:\WINDOWS\system32\IEDFix.exe
2008-03-01 15:44 . 2003-06-05 20:13   53,248   --a------   C:\WINDOWS\system32\Process.exe
2008-03-01 15:44 . 2004-07-31 17:50   51,200   --a------   C:\WINDOWS\system32\dumphive.exe
2008-03-01 15:44 . 2007-10-03 23:36   25,600   --a------   C:\WINDOWS\system32\WS2Fix.exe
2008-03-01 15:30 . 2008-03-01 15:30   <DIR>   dr-------   C:\Documents and Settings\LocalService\Moje dokumenty
2008-03-01 15:29 . 2008-03-01 15:30   <DIR>   dr-------   C:\Documents and Settings\LocalService\Ulubione
2008-03-01 15:29 . 2008-03-01 15:30   <DIR>   d--------   C:\Documents and Settings\LocalService\Pulpit
2008-03-01 15:20 . 2008-03-01 15:20   <DIR>   d--------   C:\Program Files\Spyware Doctor
2008-03-01 15:20 . 2008-03-01 15:20   <DIR>   d--------   C:\Documents and Settings\Akniol\Dane aplikacji\PC Tools
2008-03-01 15:20 . 2007-12-10 14:53   81,288   --a------   C:\WINDOWS\system32\drivers\iksyssec.sys
2008-03-01 15:20 . 2007-12-10 14:53   66,952   --a------   C:\WINDOWS\system32\drivers\iksysflt.sys
2008-03-01 15:20 . 2007-12-10 14:53   41,864   --a------   C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-03-01 15:20 . 2007-12-10 14:53   29,576   --a------   C:\WINDOWS\system32\drivers\kcom.sys
2008-02-28 14:24 . 2008-02-28 14:24   <DIR>   d--------   C:\Documents and Settings\Akniol\Dane aplikacji\Filter Forge Freepack 2 - Photo Effects
2008-02-28 14:14 . 2008-02-28 14:14   <DIR>   d--------   C:\Program Files\Filter Forge Freepack 2 - Photo Effects
2008-02-28 14:14 . 2006-11-10 18:41   1,030,144   --a------   C:\WINDOWS\system32\dbghelp-xfw.dll
2008-02-22 00:57 . 2008-02-22 00:57   <DIR>   d--------   C:\Documents and Settings\Akniol\Dane aplikacji\Tiffen
2008-02-22 00:54 . 2008-02-22 00:54   <DIR>   d--------   C:\WINDOWS\MSSecurityNS
2008-02-22 00:54 . 2008-02-22 00:54   <DIR>   d--------   C:\WINDOWS\MSSecurityNi
2008-02-22 00:52 . 2008-02-22 00:52   0   --ah-----   C:\WINDOWS\?AstInfo.dat
2008-02-17 15:36 . 2008-02-17 15:36   <DIR>   d--------   C:\Program Files\directx
2008-02-17 15:36 . 2008-02-17 15:36   <DIR>   d--------   C:\Program Files\Common Files\Roxio Shared
2008-02-17 15:36 . 2008-02-17 15:36   <DIR>   d--------   C:\Program Files\Common Files\Adaptec Shared
2008-02-17 15:36 . 2008-02-17 15:36   57,344   --a------   C:\WINDOWS\uneng.exe
2008-02-17 15:36 . 2008-02-17 15:36   49,152   --a------   C:\WINDOWS\system32\cdrtc.dll
2008-02-17 15:36 . 2008-02-17 15:36   45,056   --a------   C:\WINDOWS\system32\cdral.dll
2008-02-16 23:29 . 2008-02-16 23:29   <DIR>   d--------   C:\Documents and Settings\Akniol\Dane aplikacji\Alien Skin
2008-02-16 23:26 . 2008-02-16 23:26   <DIR>   d--------   C:\Program Files\Alien Skin
2008-02-16 22:49 . 2008-02-16 22:49   147,456   --a------   C:\WINDOWS\system32\vbzip10.dll
2008-02-14 09:35 . 2008-02-14 09:35   <DIR>   d--------   C:\Program Files\Mozilla Firefox 3 Beta 3
2008-02-13 16:39 . 2008-02-24 15:08   663,680   --a------   C:\WINDOWS\system32\GDIPFONTCACHEV1.DAT
2008-02-12 09:41 . 2004-08-03 22:44   395,776   --a------   C:\WINDOWS\system32\kmd.exe
2008-02-09 18:04 . 2008-02-09 18:04   <DIR>   d--------   C:\Program Files\photoshop
2008-02-09 05:41 . 2008-02-09 05:41   <DIR>   d--------   C:\Program Files\Common Files\Adobe Systems Shared
2008-02-09 05:41 . 2008-02-09 05:41   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\Macrovision
2008-02-09 05:40 . 2008-02-09 05:40   <DIR>   d--------   C:\Program Files\Common Files\Adobe
2008-02-07 21:54 . 2008-02-07 21:54   <DIR>   d--------   C:\Program Files\Google
2008-02-03 18:49 . 2008-02-03 18:49   3,240   --a------   C:\WINDOWS\jgswt-br24.ini
2008-02-03 18:48 . 2008-02-03 18:48   <DIR>   d--------   C:\Program Files\PhotoArtist Express
2008-02-02 19:12 . 2008-02-02 19:12   <DIR>   d--------   C:\Program Files\Mozilla Firefox 3 Beta 2

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-08 20:32   6,164   --sha-w   C:\WINDOWS\system32\KGyGaAvL.sys
2008-01-30 00:09   13,312   ----a-w   C:\WINDOWS\system32\msvcled.dll
2008-01-29 00:52   ---------   d-----w   C:\Program Files\K-Lite Codec Pack
2008-01-29 00:52   ---------   d-----w   C:\Documents and Settings\Akniol\Dane aplikacji\Media Player Classic
2007-01-01 12:41   20   ---h--w   C:\Documents and Settings\All Users\Dane aplikacji\PKP_DLec.DAT
2006-12-28 11:08   30   ----a-w   C:\Program Files\Exiferupdate.ini
2004-10-01 14:00   40,960   ----a-w   C:\Program Files\Uninstall_CDS.exe
2006-07-13 19:22   88   --sh--r   C:\WINDOWS\system32\357CF7D4EA.sys
2007-09-08 16:19   23   --sha-w   C:\WINDOWS\system32\febe1_r.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\PixVue EXIF]
@={3E57A8B6-849B-476E-A3E9-CFCE49E3662A}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\PixVue EXIF & IPTC]
@={E3F36090-0540-418f-8136-074D5B255B59}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\PixVue EXIF & XMP]
@={E1C1BE26-35A8-4999-A3A6-235CB7BD558B}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\PixVue EXIF & XMP & IPTC]
@={2E9BD3CA-A57F-450b-B1BA-A6A58C0C1D51}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\PixVue IPTC]
@={BCA5FB3A-9FC1-4465-ACE3-8C2072449164}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\PixVue XMP]
@={F0C13C81-FB8D-464e-873F-F8FF999E3EEC}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\PixVue XMP & IPTC]
@={0117FFFB-91FD-414E-AC34-A00531032006}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-11-14 11:54 2131392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2006-05-10 13:01 270376]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 12:22 7700480]
"NvMediaCenter"="NvMCTray.dll" [2006-10-22 12:22 86016 C:\WINDOWS\system32\nvmctray.dll]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2007-12-10 14:53 1103752]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
D-Link AirPlus.lnk - C:\Program Files\D-Link AirPlus\AirPlus.exe [2006-01-26 20:55:21 262144]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoChangeKeyboardNavigationIndicators"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages   REG_MULTI_SZ      scecli scecli scecli

[HKLM\~\startupfolder\C:^Documents and Settings^Akniol^Menu Start^Programy^Autostart^A4Proxy.lnk]
backup=C:\WINDOWS\pss\A4Proxy.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Akniol^Menu Start^Programy^Autostart^BitComet Acceleration Patch.lnk]
backup=C:\WINDOWS\pss\BitComet Acceleration Patch.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Akniol^Menu Start^Programy^Autostart^Rapidown.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^Akniol^Menu Start^Programy^Autostart^Rejestrowanie produktów Corela.lnk]
backup=C:\WINDOWS\pss\Rejestrowanie produktów Corela.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Akniol^Menu Start^Programy^Autostart^Yahoo! Widget Engine.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^GetRight - Tray Icon.lnk]
backup=C:\WINDOWS\pss\GetRight - Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Microsoft Office.lnk]
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AQQ]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitDownload]
G:\Programs\BitDownload\BitDownload.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CafeNews]
E:\Programy\CafeNews\CN.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\combofix]
--a------ 2004-08-03 22:44 395776 C:\WINDOWS\system32\kmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CoolSwitch]
--a------ 2002-03-19 17:30 45632 C:\WINDOWS\system32\taskswitch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-03 22:44 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
--a------ 2004-08-22 17:05 81920 C:\Program Files\D-Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EdHTML]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
C:\Program Files\Google\Google Talk\googletalk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IESet]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Komunikator]
--a------ 2007-10-05 15:20 6226432 C:\Program Files\Tlen.pl\tlen.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LGODDFU]
--a------ 2005-04-12 10:11 229376 C:\Program Files\lg_fwupdate\fwupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Magsmeowboldtitle]
--a------ 2007-05-30 16:27 522752 C:\Documents and Settings\All Users\Dane aplikacji\jugsboobmagsmeow\Mfcd Cake.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2005-10-13 01:29 7086080 C:\Program Files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
--a------ 2004-01-16 14:37 1748992 C:\Program Files\Ahead\Nero BackItUp\NBJ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nod32kui]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2006-10-22 12:22 1622016 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\One view global this]
--a------ 2007-11-17 22:44 659968 C:\Documents and Settings\All Users\Dane aplikacji\MPEG ELSE ONE VIEW\glue play.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
C:\WINDOWS\system32\oodtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb]
C:\Program Files\Winamp Remote\bin\OrbTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerBar]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealPlayer]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2003-12-08 17:35 32768 C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
--a------ 2006-12-18 17:32 25365032 C:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2003-01-10 04:39 46592 C:\WINDOWS\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Stefan]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2006-11-09 15:07 49263 C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TopDesk]
--a------ 2006-03-01 19:03 201216 C:\Program Files\TopDesk\topdesk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XPRepairPro2007]
--a------ 2007-04-06 23:12 1015808 D:\Program Files\XP Repair Pro 2007\XPRepairPro.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Gadu-Gadu\\gg.exe"=
"D:\\Program Files\\BitComet\\BitComet.exe"=

R0 avgntmgr;avgntmgr;C:\WINDOWS\system32\drivers\avgntmgr.sys [2005-07-06 14:15]
R1 avgntdd;avgntdd;C:\WINDOWS\system32\DRIVERS\avgntdd.sys [2006-02-23 18:17]
R1 VD_FileDisk;VD_FileDisk;C:\WINDOWS\system32\drivers\VD_FileDisk.sys [2006-01-13 14:00]
S3 AmdTools;AMD Special Tools Driver;C:\WINDOWS\system32\DRIVERS\AmdTools.sys []
S3 ed_bus;Encrypted Disk Manager;C:\WINDOWS\system32\DRIVERS\xcrdisk.sys [2004-02-17 15:37]
S3 im_bus;Paragon Image Mounter;C:\WINDOWS\system32\DRIVERS\imounter.sys []
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;C:\WINDOWS\System32\NSNDIS5.SYS [2004-03-24 04:12]
S3 usbscan;Sterownik skanera USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 21:08]
S3 V90drv;v90drv;C:\WINDOWS\system32\DRIVERS\v90drv.sys [2001-11-29 09:10]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-01 20:07:18
Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\astsrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-03-01 20:10:05 - machine was rebooted
ComboFix4.txt  2008-02-10 17:08:52
ComboFix-quarantined-files.txt  2008-03-01 19:10:00
ComboFix3.txt  2008-03-01 12:49:06
ComboFix2.txt  2008-03-01 18:17:04


[wojtas]

czysto jak sytuacja z kompem?

[finarfin]

Dobrze już po pierwszych skanowaniach wszystko zanikło ikonki już się nie pojawiają miałam tylko mały problem z explorerem któryś z tych programów mi go zablokował jako niewłaściwą operację (czy coś w tym rodzaju) ale poradziłam z tym sobie
Dziękuję za pomoc