proszę o sprawdzenie loga

[prezess]

Kod: Zaznacz wszystko

Logfile of HijackThis v1.99.1
Scan saved at 16:11:19, on 2007-05-22
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\admin\Pulpit\hijackthis_199\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.cyberlink.com.tw/registration/registration1.asp?SoftWare=POWERDVD&Version_Num=2.55&Cd_Key=DV22636500118872&Company=XYZ&FName=XYZ&Lang=Enu
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Share Accelerator MM Toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Program Files\Share_Accelerator_MM\tbShar.dll
O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL
O3 - Toolbar: Share Accelerator MM Toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Program Files\Share_Accelerator_MM\tbShar.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - Startup: Eurobarre.lnk = C:\Program Files\Eurobarre\eb.exe
O4 - Startup: UniSpiker-2.6.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: SmartShopper - Compare product prices - {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEBF} - C:\Program Files\SmartShopper\Bin\2.0.20\SmrtShpr.dll
O9 - Extra button: SmartShopper - Compare travel rates - {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEC0} - C:\Program Files\SmartShopper\Bin\2.0.20\SmrtShpr.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe



[Red]

proszę podac powody wklejania loga.....

[prezess]

Po włączeniu komputera, nie mogę włączyć żadnego programu, bo jak nacisnę kursorem na ikonę to zostaje tylko podświetlona na chwilę, a folder sie nie otwiera. I nic nie mogę zrobić...

[wojtas]

skasuj wpisy + pogrubione:

R3 - URLSearchHook: Share Accelerator MM Toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Program Files\Share_Accelerator_MM\tbShar.dll
O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL
O3 - Toolbar: Share Accelerator MM Toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Program Files\Share_Accelerator_MM\tbShar.dll

po skasowaniu nowy log z :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

i silent runners

[prezess]

Kod: Zaznacz wszystko

Logfile of HijackThis v1.99.1
Scan saved at 20:53, on 2007-05-22
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MixVibes6\mixvibes.exe
C:\WINDOWS\TEMP\win68.tmp.exe
C:\WINDOWS\system32\cmd.exe
C:\Documents and Settings\admin\Pulpit\hijackthis_199\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.cyberlink.com.tw/registration/registration1.asp?SoftWare=POWERDVD&Version_Num=2.55&Cd_Key=DV22636500118872&Company=XYZ&FName=XYZ&Lang=Enu
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = L1cza
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - Startup: Eurobarre.lnk = C:\Program Files\Eurobarre\eb.exe
O4 - Startup: UniSpiker-2.6.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: SmartShopper - Compare product prices - {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEBF} - C:\Program Files\SmartShopper\Bin\2.0.20\SmrtShpr.dll
O9 - Extra button: SmartShopper - Compare travel rates - {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEC0} - C:\Program Files\SmartShopper\Bin\2.0.20\SmrtShpr.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe

Puściłem jeszcze kilka programów Spyware i nie ma już tak jak pisałem, wcześniej, ale za to komputer mi bardzo wolno działa.

[wojtas]

daj loga z:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

[prezess]

Kod: Zaznacz wszystko

"admin" - 2007-05-22 21:44:14    Dodatek Service Pack 2 
ComboFix 07-05.21.6.V - Running from: "C:\Documents and Settings\admin\Pulpit\"


(((((((((((((((((((((((((((((((   Files Created from 2007-04-05 to 2007-05-22  ))))))))))))))))))))))))))))))))))


2007-05-22 20:54   71,680   --a------   C:\WINDOWS\g653910.exe
2007-05-22 20:52   71,680   --a------   C:\WINDOWS\g533747.exe
2007-05-22 18:33   71,680   --a------   C:\WINDOWS\g3490278.exe
2007-05-22 18:23   71,680   --a------   C:\WINDOWS\g2943642.exe
2007-05-22 18:03   71,680   --a------   C:\WINDOWS\g1741383.exe
2007-05-22 17:44   71,680   --a------   C:\WINDOWS\g563189.exe
2007-05-22 16:36   <DIR>   d--------   C:\DOCUME~1\admin\DANEAP~1\DivX
2007-05-22 16:32   2,560   ---------   C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-05-22 16:32   2,432   ---------   C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-05-22 16:32   129,784   ---------   C:\WINDOWS\system32\pxafs.dll
2007-05-22 16:32   118,520   ---------   C:\WINDOWS\system32\pxinsi64.exe
2007-05-22 16:32   116,472   ---------   C:\WINDOWS\system32\pxcpyi64.exe
2007-05-22 16:28   71,680   --a------   C:\WINDOWS\g1708096.exe
2007-05-22 16:24   71,680   --a------   C:\WINDOWS\g1461701.exe
2007-05-22 16:24   33,792   --a------   C:\WINDOWS\system32\wudb.dll
2007-05-22 16:00   <DIR>   d--------   C:\WINDOWS\CSC
2007-05-22 15:24   <DIR>   d--------   C:\Program Files\Audio WAV To MP3 Converter
2007-05-22 07:34   <DIR>   d--------   C:\Program Files\BitDownload
2007-05-22 07:28   1   --a------   C:\WINDOWS\kimamiss.dat
2007-05-22 07:27   <DIR>   d--------   C:\Program Files\AML Products
2007-05-22 01:02   <DIR>   d--------   C:\Temp
2007-05-22 00:55   <DIR>   d--------   C:\Program Files\Xilisoft
2007-05-22 00:51   987,136   --a------   C:\WINDOWS\system32\agsaamh.dll
2007-05-22 00:51   90,112   --a------   C:\WINDOWS\system32\agsaami.dll
2007-05-22 00:51   610,304   --a------   C:\WINDOWS\system32\agsaamg.dll
2007-05-22 00:51   53,760   --a------   C:\WINDOWS\system\ppacklib.dll
2007-05-22 00:51   46   --a------   C:\WINDOWS\system32\kakle.dll
2007-05-22 00:51   44   --a------   C:\WINDOWS\system32\winitn.dll
2007-05-22 00:51   372,736   --a------   C:\WINDOWS\system32\agsaamc.dll
2007-05-22 00:51   331,776   --a------   C:\WINDOWS\system32\agsaama.dll
2007-05-22 00:51   2,535,424   --a------   C:\WINDOWS\system32\agsaamj.dll
2007-05-22 00:51   196,608   --a------   C:\WINDOWS\system32\maag.dll
2007-05-22 00:51   1,986,560   --a------   C:\WINDOWS\system32\akll.dll
2007-05-22 00:51   1,245,184   --a------   C:\WINDOWS\system32\bkll.dll
2007-05-22 00:51   1,212,416   --a------   C:\WINDOWS\system32\ckll.dll
2007-05-22 00:50   237,568   --a------   C:\WINDOWS\system32\lame_enc.dll
2007-05-22 00:50   <DIR>   d--------   C:\WINDOWS\system32\RMBin
2007-05-22 00:50   <DIR>   d--------   C:\Program Files\Akram
2007-05-21 22:49   <DIR>   d--------   C:\Program Files\MixVibes6
2007-05-21 22:14   86,016   --a------   C:\WINDOWS\unvise32.exe
2007-05-21 22:14   <DIR>   d--------   C:\DOCUME~1\admin\DANEAP~1\Simple Star
2007-05-21 22:13   <DIR>   d--------   C:\Program Files\Simple Star
2007-05-21 21:57   665,424   --a------   C:\WINDOWS\system32\wmv8dmoe.dll
2007-05-21 21:57   572,752   --a------   C:\WINDOWS\system32\wmvdmoe.dll
2007-05-21 21:57   438,608   --a------   C:\WINDOWS\system32\wmv8dmod.dll
2007-05-21 21:57   1,683,792   --a------   C:\WINDOWS\system32\wmvcore2.dll
2007-05-21 21:57   <DIR>   d--------   C:\Program Files\Sonic Foundry
2007-05-21 21:54   <DIR>   d--------   C:\Program Files\Sonic Foundry Setup
2007-05-21 21:46   <DIR>   d--------   C:\Program Files\ARWizard3
2007-05-21 16:58   <DIR>   d--------   C:\DOCUME~1\admin\DANEAP~1\Gadu-Gadu
2007-05-21 14:45   <DIR>   d--------   C:\Program Files\eMule
2007-05-19 15:35   <DIR>   d--------   C:\Program Files\Sony Ericsson
2007-05-19 15:35   <DIR>   d--------   C:\Program Files\Common Files\Teleca Shared
2007-05-19 15:14   <DIR>   d--------   C:\Program Files\VS Online
2007-05-18 16:15   <DIR>   d--------   C:\Program Files\GG Skin Manager
2007-05-17 07:12   <DIR>   d--------   C:\Program Files\MSXML 4.0
2007-05-16 17:55   33,340   ---------   C:\WINDOWS\system32\dbmsqlgc.dll
2007-05-16 17:55   24,576   ---------   C:\WINDOWS\system32\dbmsgnet.dll
2007-05-16 17:55   <DIR>   d--------   C:\Program Files\Microsoft SQL Server
2007-05-16 17:55   <DIR>   d--------   C:\DOCUME~1\ALLUSE~1\DANEAP~1\Sony
2007-05-16 15:44   <DIR>   d--------   C:\DOCUME~1\admin\DANEAP~1\Sony
2007-05-16 15:44   <DIR>   d--------   C:\DOCUME~1\admin\DANEAP~1\Publish Providers
2007-05-16 15:42   <DIR>   d--------   C:\WINDOWS\system32\appmgmt
2007-05-16 15:29   <DIR>   d--------   C:\DOCUME~1\admin\DANEAP~1\BSplayer Pro
2007-05-16 15:29   <DIR>   d--------   C:\DOCUME~1\admin\DANEAP~1\BSplayer
2007-05-16 15:28   <DIR>   d--------   C:\Program Files\Webteh
2007-05-16 15:21   934,576   --a------   C:\WINDOWS\system32\ltr13n.dll
2007-05-16 15:21   82,432   --a------   C:\WINDOWS\system32\msxml4r.dll
2007-05-16 15:21   80,896   --a------   C:\WINDOWS\system32\lfwmf13s.dll
2007-05-16 15:21   79,360   --a------   C:\WINDOWS\system32\lfeps13s.dll
2007-05-16 15:21   74,752   --a------   C:\WINDOWS\system32\lfgif13s.dll
2007-05-16 15:21   73,728   --a------   C:\WINDOWS\system32\MMAviAx.dll
2007-05-16 15:21   70,144   --a------   C:\WINDOWS\system32\lfbmp13s.dll
2007-05-16 15:21   65,536   --a------   C:\WINDOWS\system32\lfpcx13s.dll
2007-05-16 15:21   64,000   --a------   C:\WINDOWS\system32\lftga13s.dll
2007-05-16 15:21   59,904   --a------   C:\WINDOWS\system32\lfpcd13s.dll
2007-05-16 15:21   466,624   --a------   C:\WINDOWS\system32\LTRPR13n.DLL
2007-05-16 15:21   44,544   --a------   C:\WINDOWS\system32\msxml4a.dll
2007-05-16 15:21   401,408   --a------   C:\WINDOWS\system32\pvmjpg30.dll
2007-05-16 15:21   393,728   --a------   C:\WINDOWS\system32\LFCMP13s.DLL
2007-05-16 15:21   32,768   --a------   C:\WINDOWS\system32\MLPagAx.dll
2007-05-16 15:21   304,816   --a------   C:\WINDOWS\system32\LTRIO13N.DLL
2007-05-16 15:21   283,136   --a------   C:\WINDOWS\system32\LFJ2K13s.dll
2007-05-16 15:21   204,881   --a------   C:\WINDOWS\system32\DiskIO.dll
2007-05-16 15:21   194,248   --a------   C:\WINDOWS\system32\LTRFD13n.DLL
2007-05-16 15:21   185,856   --a------   C:\WINDOWS\system32\lfpng13s.dll
2007-05-16 15:21   166,400   --a------   C:\WINDOWS\system32\lftif13s.dll
2007-05-16 15:21   155,721   --a------   C:\WINDOWS\system32\RALMain.dll
2007-05-16 15:21   116,224   --a------   C:\WINDOWS\system32\lffax13s.dll
2007-05-16 15:21   114,759   --a------   C:\WINDOWS\system32\Aviprax.dll
2007-05-16 15:21   110,080   --a------   C:\WINDOWS\system32\lfpsd13s.dll
2007-05-16 15:21   104,960   --a------   C:\WINDOWS\system32\lfpct13s.dll
2007-05-16 15:21   1,772,032   --a------   C:\WINDOWS\system32\LTCLR13s.dll
2007-05-16 15:18   <DIR>   d--------   C:\Program Files\SmartSound Software
2007-05-16 15:18   <DIR>   d--------   C:\DOCUME~1\ALLUSE~1\DANEAP~1\SmartSound Software Inc
2007-05-16 15:17   84,992   --a------   C:\WINDOWS\system32\ATL70.DLL
2007-05-16 15:17   57,856   --a------   C:\WINDOWS\system32\masd32.dll
2007-05-16 15:17   27,648   --a------   C:\WINDOWS\system32\ma32.dll
2007-05-16 15:17   196,096   --a------   C:\WINDOWS\system32\macd32.dll
2007-05-16 15:17   138,752   --a------   C:\WINDOWS\system32\mase32.dll
2007-05-16 15:17   136,192   --a------   C:\WINDOWS\system32\mamc32.dll
2007-05-16 15:16   964,608   --a------   C:\WINDOWS\system32\MFC70U.DLL
2007-05-16 15:16   65,536   --a------   C:\WINDOWS\system32\MFC71DEU.DLL
2007-05-16 15:16   61,440   --a------   C:\WINDOWS\system32\MFC71ITA.DLL
2007-05-16 15:16   61,440   --a------   C:\WINDOWS\system32\MFC71FRA.DLL
2007-05-16 15:16   61,440   --a------   C:\WINDOWS\system32\MFC71ESP.DLL
2007-05-16 15:16   57,344   --a------   C:\WINDOWS\system32\MFC71ENU.DLL
2007-05-16 15:16   54,784   --a------   C:\WINDOWS\system32\MSVCI70.DLL
2007-05-16 15:16   49,152   --a------   C:\WINDOWS\system32\PCLEGetGuid.dll
2007-05-16 15:16   49,152   --a------   C:\WINDOWS\system32\MFC71KOR.DLL
2007-05-16 15:16   49,152   --a------   C:\WINDOWS\system32\MFC71JPN.DLL
2007-05-16 15:16   45,056   --a------   C:\WINDOWS\system32\MFC71CHT.DLL
2007-05-16 15:16   40,960   --a------   C:\WINDOWS\system32\MFC71CHS.DLL
2007-05-16 15:15   <DIR>   d--------   C:\DOCUME~1\ALLUSE~1\DANEAP~1\Pinnacle Studio
2007-05-16 15:13   14,165   --a------   C:\WINDOWS\system32\drivers\Pclepci.sys
2007-05-16 15:13   <DIR>   d--------   C:\Program Files\Pinnacle
2007-05-16 15:13   <DIR>   d--------   C:\DOCUME~1\ALLUSE~1\DANEAP~1\Pinnacle
2007-05-15 20:44   <DIR>   d--------   C:\Program Files\SmartShopper
2007-05-15 20:44   <DIR>   d--------   C:\Program Files\Share_Accelerator_MM
2007-05-15 20:44   <DIR>   d--------   C:\DOCUME~1\admin\DANEAP~1\SmartShopper
2007-05-15 20:43   434,252   --a------   C:\WINDOWS\system32\Msvcrtd.dll
2007-05-15 20:43   <DIR>   d--------   C:\Program Files\Zapu
2007-05-15 17:17   <DIR>   d--------   C:\Program Files\Vstplugins
2007-05-15 17:16   <DIR>   d--------   C:\Program Files\Sony
2007-05-15 17:05   <DIR>   d--------   C:\WINDOWS\system32\URTTemp
2007-05-15 16:52   <DIR>   d--------   C:\DOCUME~1\admin\DANEAP~1\Sony Setup
2007-05-15 16:50   <DIR>   d--------   C:\Program Files\Sony Setup
2007-05-11 19:54   524,288   --a------   C:\WINDOWS\system32\DivXsm.exe
2007-05-11 06:37   823,296   --a------   C:\WINDOWS\system32\divx_xx0c.dll
2007-05-11 06:37   823,296   --a------   C:\WINDOWS\system32\divx_xx07.dll
2007-05-11 06:37   802,816   --a------   C:\WINDOWS\system32\divx_xx11.dll
2007-05-11 06:37   740,442   --a------   C:\WINDOWS\system32\DivX.dll
2007-04-23 02:15   3,596,288   --a------   C:\WINDOWS\system32\qt-dx331.dll
2007-04-23 02:15   200,704   --a------   C:\WINDOWS\system32\ssldivx.dll
2007-04-23 02:15   1,044,480   --a------   C:\WINDOWS\system32\libdivx.dll
2007-04-23 02:02   73,728   --a------   C:\WINDOWS\system32\dpl100.dll
2007-04-23 02:02   593,920   --a------   C:\WINDOWS\system32\dpuGUI11.dll
2007-04-23 02:02   57,344   --a------   C:\WINDOWS\system32\dpv11.dll
2007-04-23 02:02   53,248   --a------   C:\WINDOWS\system32\dpuGUI10.dll
2007-04-23 02:02   344,064   --a------   C:\WINDOWS\system32\dpus11.dll
2007-04-23 02:02   294,912   --a------   C:\WINDOWS\system32\dpu11.dll
2007-04-23 02:02   294,912   --a------   C:\WINDOWS\system32\dpu10.dll
2007-04-23 02:02   196,608   --a------   C:\WINDOWS\system32\dtu100.dll
2007-04-23 02:01   124,472   --a------   C:\WINDOWS\system32\DivXCodecUpdateChecker.exe
2007-04-23 02:01   12,288   --a------   C:\WINDOWS\system32\DivXWMPExtType.dll


((((((((((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-05-22 16:35:27   --------   d-----w   C:\Program Files\Common Files\Symantec Shared
2007-05-22 14:45:20   40   ----a-w   C:\WINDOWS\system32\profile.dat
2007-05-22 14:32:26   --------   d-----w   C:\Program Files\DivX
2007-05-21 13:12:25   --------   d-----w   C:\Program Files\Gadu-Gadu
2007-05-19 13:34:59   --------   d--h--w   C:\Program Files\InstallShield Installation Information
2007-05-16 15:56:06   74,982   ----a-w   C:\WINDOWS\system32\perfc015.dat
2007-05-16 15:56:06   454,152   ----a-w   C:\WINDOWS\system32\perfh015.dat
2007-05-16 13:17:27   95   ----a-w   C:\AUTOEXEC.BAT
2007-04-23 00:15:25   36,624   ------w   C:\WINDOWS\system32\drivers\pxhelp20.sys
2007-04-20 19:43:58   --------   d-----w   C:\DOCUME~1\admin\DANEAP~1\Skype
2007-03-24 14:50:30   --------   d-----w   C:\DOCUME~1\admin\DANEAP~1\AdobeUM
2007-03-21 12:36:33   --------   d-----w   C:\Program Files\Common Files\InstallShield
2007-03-21 11:49:12   --------   d-----w   C:\Program Files\Hewlett-Packard
2007-03-21 11:48:17   --------   d--h--w   C:\Program Files\Zenographics
2007-03-17 13:45:36   293,376   ----a-w   C:\WINDOWS\system32\winsrv.dll
2007-03-08 15:38:47   579,072   ----a-w   C:\WINDOWS\system32\user32.dll
2007-03-08 15:38:47   40,960   ----a-w   C:\WINDOWS\system32\mf3216.dll
2007-03-08 15:38:47   281,600   ----a-w   C:\WINDOWS\system32\gdi32.dll
2007-03-08 15:37:33   1,843,840   ----a-w   C:\WINDOWS\system32\win32k.sys
2007-02-05 20:19:48   185,856   ----a-w   C:\WINDOWS\system32\upnphost.dll


((((((((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{2BA1C226-EC1B-4471-A65F-D0688AC6EE3A}=C:\Program Files\SmartShopper\Bin\2.0.20\SmrtShpr.dll [2006-12-31 13:42]
{37B85A21-692B-4205-9CAD-2626E4993404}=C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL [2007-01-13 14:50]
{4596013b-6c31-408b-a266-deae5c086dc2}=C:\Program Files\Share_Accelerator_MM\tbShar.dll [2007-02-01 15:14]
{53707962-6F74-2D53-2644-206D7942484F}=C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2005-05-31 02:04]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" []
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-03-07 14:02]
"vptray"="C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe" [2006-03-17 07:34]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-01-11 20:07]
"OrderReminder"="C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2005-03-18 13:18]
"PinnacleDriverCheck"="C:\WINDOWS\system32\\PSDrvCheck.exe" [2004-03-11 00:26]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-05-10 16:36]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wudb]
C:\WINDOWS\system32\wudb.dll
   


~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

backup-20070522-204728-984
O3 - Toolbar: Share Accelerator MM Toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Program Files\Share_Accelerator_MM\tbShar.dll

backup-20070522-204728-759
O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL

backup-20070522-204728-980
R3 - URLSearchHook: Share Accelerator MM Toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Program Files\Share_Accelerator_MM\tbShar.dll
********************************************************************

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-22 21:46:02
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0


********************************************************************

Completion time: 2007-05-22 21:46:42
C:\ComboFix-quarantined-files.txt ... 2007-05-22 21:46

   --- E O F ---

[wojtas]

Pobierz i uruchom narzędzie : The Avenger
http://swandog46.geekstogo.com/avenger.zip
Zaznacz opcję Input script manually i kliknij na Lupkę z prawej strony. W okienku, które się otworzy wklejasz:

Files to delete:

C:\WINDOWS\g653910.exe
C:\WINDOWS\g533747.exe
C:\WINDOWS\g3490278.exe
C:\WINDOWS\g2943642.exe
C:\WINDOWS\g1741383.exe
C:\WINDOWS\g563189.exe
C:\WINDOWS\g1461701.exe
C:\WINDOWS\g1708096.exe
C:\WINDOWS\system32\wudb.dll

Registry keys to delete:

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wudb

Klikasz Done, a następnie zielone światełko i zgadzasz się na restart klikając OK.


start>uruchom>regedit>przejdz do klucza:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

i skasuj w prawokliku:

{37B85A21-692B-4205-9CAD-2626E4993404}
{4596013b-6c31-408b-a266-deae5c086dc2}

Kasujesz ręcznie z dysku plik: C:\Avenger\backup.zip i wklejasz na forum raport: C:\avenger.txt + log z combo

[prezess]

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\bltuitqy

*******************

Script file located at: \??\C:\WINDOWS\cenzura!.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\g653910.exe deleted successfully.
File C:\WINDOWS\g533747.exe deleted successfully.
File C:\WINDOWS\g3490278.exe deleted successfully.
File C:\WINDOWS\g2943642.exe deleted successfully.
File C:\WINDOWS\g1741383.exe deleted successfully.
File C:\WINDOWS\g563189.exe deleted successfully.
File C:\WINDOWS\g1461701.exe deleted successfully.
File C:\WINDOWS\g1708096.exe deleted successfully.
File C:\WINDOWS\system32\wudb.dll deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wudb deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

[ Dodano: Dzisiaj o 14:24 ]

Kod: Zaznacz wszystko

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\bltuitqy

*******************

Script file located at: \??\C:\WINDOWS\cenzura!.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\g653910.exe deleted successfully.
File C:\WINDOWS\g533747.exe deleted successfully.
File C:\WINDOWS\g3490278.exe deleted successfully.
File C:\WINDOWS\g2943642.exe deleted successfully.
File C:\WINDOWS\g1741383.exe deleted successfully.
File C:\WINDOWS\g563189.exe deleted successfully.
File C:\WINDOWS\g1461701.exe deleted successfully.
File C:\WINDOWS\g1708096.exe deleted successfully.
File C:\WINDOWS\system32\wudb.dll deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wudb deleted successfully.

Completed script processing.

*******************

Finished!  Terminate.

Kod: Zaznacz wszystko

"admin" - 2007-05-23 14:59:38    Dodatek Service Pack 2 
ComboFix 07-05.21.6.V - Running from: "C:\Documents and Settings\admin\Pulpit\"


(((((((((((((((((((((((((((((((   Files Created from 2007-04-05 to 2007-05-23  ))))))))))))))))))))))))))))))))))


2007-05-22 21:46   49,152   --a------   C:\WINDOWS\nircmd.exe
2007-05-22 16:36   <DIR>   d--------   C:\DOCUME~1\admin\DANEAP~1\DivX
2007-05-22 16:32   2,560   ---------   C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-05-22 16:32   2,432   ---------   C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-05-22 16:32   129,784   ---------   C:\WINDOWS\system32\pxafs.dll
2007-05-22 16:32   118,520   ---------   C:\WINDOWS\system32\pxinsi64.exe
2007-05-22 16:32   116,472   ---------   C:\WINDOWS\system32\pxcpyi64.exe
2007-05-22 16:00   <DIR>   d--------   C:\WINDOWS\CSC
2007-05-22 15:24   <DIR>   d--------   C:\Program Files\Audio WAV To MP3 Converter
2007-05-22 07:34   <DIR>   d--------   C:\Program Files\BitDownload
2007-05-22 07:28   1   --a------   C:\WINDOWS\kimamiss.dat
2007-05-22 07:27   <DIR>   d--------   C:\Program Files\AML Products
2007-05-22 01:02   <DIR>   d--------   C:\Temp
2007-05-22 00:55   <DIR>   d--------   C:\Program Files\Xilisoft
2007-05-22 00:51   987,136   --a------   C:\WINDOWS\system32\agsaamh.dll
2007-05-22 00:51   90,112   --a------   C:\WINDOWS\system32\agsaami.dll
2007-05-22 00:51   610,304   --a------   C:\WINDOWS\system32\agsaamg.dll
2007-05-22 00:51   53,760   --a------   C:\WINDOWS\system\ppacklib.dll
2007-05-22 00:51   46   --a------   C:\WINDOWS\system32\kakle.dll
2007-05-22 00:51   44   --a------   C:\WINDOWS\system32\winitn.dll
2007-05-22 00:51   372,736   --a------   C:\WINDOWS\system32\agsaamc.dll
2007-05-22 00:51   331,776   --a------   C:\WINDOWS\system32\agsaama.dll
2007-05-22 00:51   2,535,424   --a------   C:\WINDOWS\system32\agsaamj.dll
2007-05-22 00:51   196,608   --a------   C:\WINDOWS\system32\maag.dll
2007-05-22 00:51   1,986,560   --a------   C:\WINDOWS\system32\akll.dll
2007-05-22 00:51   1,245,184   --a------   C:\WINDOWS\system32\bkll.dll
2007-05-22 00:51   1,212,416   --a------   C:\WINDOWS\system32\ckll.dll
2007-05-22 00:50   237,568   --a------   C:\WINDOWS\system32\lame_enc.dll
2007-05-22 00:50   <DIR>   d--------   C:\WINDOWS\system32\RMBin
2007-05-22 00:50   <DIR>   d--------   C:\Program Files\Akram
2007-05-21 22:49   <DIR>   d--------   C:\Program Files\MixVibes6
2007-05-21 22:14   86,016   --a------   C:\WINDOWS\unvise32.exe
2007-05-21 22:14   <DIR>   d--------   C:\DOCUME~1\admin\DANEAP~1\Simple Star
2007-05-21 22:13   <DIR>   d--------   C:\Program Files\Simple Star
2007-05-21 21:57   665,424   --a------   C:\WINDOWS\system32\wmv8dmoe.dll
2007-05-21 21:57   572,752   --a------   C:\WINDOWS\system32\wmvdmoe.dll
2007-05-21 21:57   438,608   --a------   C:\WINDOWS\system32\wmv8dmod.dll
2007-05-21 21:57   1,683,792   --a------   C:\WINDOWS\system32\wmvcore2.dll
2007-05-21 21:57   <DIR>   d--------   C:\Program Files\Sonic Foundry
2007-05-21 21:54   <DIR>   d--------   C:\Program Files\Sonic Foundry Setup
2007-05-21 21:46   <DIR>   d--------   C:\Program Files\ARWizard3
2007-05-21 16:58   <DIR>   d--------   C:\DOCUME~1\admin\DANEAP~1\Gadu-Gadu
2007-05-21 14:45   <DIR>   d--------   C:\Program Files\eMule
2007-05-19 15:35   <DIR>   d--------   C:\Program Files\Sony Ericsson
2007-05-19 15:35   <DIR>   d--------   C:\Program Files\Common Files\Teleca Shared
2007-05-19 15:14   <DIR>   d--------   C:\Program Files\VS Online
2007-05-18 16:15   <DIR>   d--------   C:\Program Files\GG Skin Manager
2007-05-17 07:12   <DIR>   d--------   C:\Program Files\MSXML 4.0
2007-05-16 17:55   33,340   ---------   C:\WINDOWS\system32\dbmsqlgc.dll
2007-05-16 17:55   24,576   ---------   C:\WINDOWS\system32\dbmsgnet.dll
2007-05-16 17:55   <DIR>   d--------   C:\Program Files\Microsoft SQL Server
2007-05-16 17:55   <DIR>   d--------   C:\DOCUME~1\ALLUSE~1\DANEAP~1\Sony
2007-05-16 15:44   <DIR>   d--------   C:\DOCUME~1\admin\DANEAP~1\Sony
2007-05-16 15:44   <DIR>   d--------   C:\DOCUME~1\admin\DANEAP~1\Publish Providers
2007-05-16 15:42   <DIR>   d--------   C:\WINDOWS\system32\appmgmt
2007-05-16 15:29   <DIR>   d--------   C:\DOCUME~1\admin\DANEAP~1\BSplayer Pro
2007-05-16 15:29   <DIR>   d--------   C:\DOCUME~1\admin\DANEAP~1\BSplayer
2007-05-16 15:28   <DIR>   d--------   C:\Program Files\Webteh
2007-05-16 15:21   934,576   --a------   C:\WINDOWS\system32\ltr13n.dll
2007-05-16 15:21   82,432   --a------   C:\WINDOWS\system32\msxml4r.dll
2007-05-16 15:21   80,896   --a------   C:\WINDOWS\system32\lfwmf13s.dll
2007-05-16 15:21   79,360   --a------   C:\WINDOWS\system32\lfeps13s.dll
2007-05-16 15:21   74,752   --a------   C:\WINDOWS\system32\lfgif13s.dll
2007-05-16 15:21   73,728   --a------   C:\WINDOWS\system32\MMAviAx.dll
2007-05-16 15:21   70,144   --a------   C:\WINDOWS\system32\lfbmp13s.dll
2007-05-16 15:21   65,536   --a------   C:\WINDOWS\system32\lfpcx13s.dll
2007-05-16 15:21   64,000   --a------   C:\WINDOWS\system32\lftga13s.dll
2007-05-16 15:21   59,904   --a------   C:\WINDOWS\system32\lfpcd13s.dll
2007-05-16 15:21   466,624   --a------   C:\WINDOWS\system32\LTRPR13n.DLL
2007-05-16 15:21   44,544   --a------   C:\WINDOWS\system32\msxml4a.dll
2007-05-16 15:21   401,408   --a------   C:\WINDOWS\system32\pvmjpg30.dll
2007-05-16 15:21   393,728   --a------   C:\WINDOWS\system32\LFCMP13s.DLL
2007-05-16 15:21   32,768   --a------   C:\WINDOWS\system32\MLPagAx.dll
2007-05-16 15:21   304,816   --a------   C:\WINDOWS\system32\LTRIO13N.DLL
2007-05-16 15:21   283,136   --a------   C:\WINDOWS\system32\LFJ2K13s.dll
2007-05-16 15:21   204,881   --a------   C:\WINDOWS\system32\DiskIO.dll
2007-05-16 15:21   194,248   --a------   C:\WINDOWS\system32\LTRFD13n.DLL
2007-05-16 15:21   185,856   --a------   C:\WINDOWS\system32\lfpng13s.dll
2007-05-16 15:21   166,400   --a------   C:\WINDOWS\system32\lftif13s.dll
2007-05-16 15:21   155,721   --a------   C:\WINDOWS\system32\RALMain.dll
2007-05-16 15:21   116,224   --a------   C:\WINDOWS\system32\lffax13s.dll
2007-05-16 15:21   114,759   --a------   C:\WINDOWS\system32\Aviprax.dll
2007-05-16 15:21   110,080   --a------   C:\WINDOWS\system32\lfpsd13s.dll
2007-05-16 15:21   104,960   --a------   C:\WINDOWS\system32\lfpct13s.dll
2007-05-16 15:21   1,772,032   --a------   C:\WINDOWS\system32\LTCLR13s.dll
2007-05-16 15:18   <DIR>   d--------   C:\Program Files\SmartSound Software
2007-05-16 15:18   <DIR>   d--------   C:\DOCUME~1\ALLUSE~1\DANEAP~1\SmartSound Software Inc
2007-05-16 15:17   84,992   --a------   C:\WINDOWS\system32\ATL70.DLL
2007-05-16 15:17   57,856   --a------   C:\WINDOWS\system32\masd32.dll
2007-05-16 15:17   27,648   --a------   C:\WINDOWS\system32\ma32.dll
2007-05-16 15:17   196,096   --a------   C:\WINDOWS\system32\macd32.dll
2007-05-16 15:17   138,752   --a------   C:\WINDOWS\system32\mase32.dll
2007-05-16 15:17   136,192   --a------   C:\WINDOWS\system32\mamc32.dll
2007-05-16 15:16   964,608   --a------   C:\WINDOWS\system32\MFC70U.DLL
2007-05-16 15:16   65,536   --a------   C:\WINDOWS\system32\MFC71DEU.DLL
2007-05-16 15:16   61,440   --a------   C:\WINDOWS\system32\MFC71ITA.DLL
2007-05-16 15:16   61,440   --a------   C:\WINDOWS\system32\MFC71FRA.DLL
2007-05-16 15:16   61,440   --a------   C:\WINDOWS\system32\MFC71ESP.DLL
2007-05-16 15:16   57,344   --a------   C:\WINDOWS\system32\MFC71ENU.DLL
2007-05-16 15:16   54,784   --a------   C:\WINDOWS\system32\MSVCI70.DLL
2007-05-16 15:16   49,152   --a------   C:\WINDOWS\system32\PCLEGetGuid.dll
2007-05-16 15:16   49,152   --a------   C:\WINDOWS\system32\MFC71KOR.DLL
2007-05-16 15:16   49,152   --a------   C:\WINDOWS\system32\MFC71JPN.DLL
2007-05-16 15:16   45,056   --a------   C:\WINDOWS\system32\MFC71CHT.DLL
2007-05-16 15:16   40,960   --a------   C:\WINDOWS\system32\MFC71CHS.DLL
2007-05-16 15:15   <DIR>   d--------   C:\DOCUME~1\ALLUSE~1\DANEAP~1\Pinnacle Studio
2007-05-16 15:13   14,165   --a------   C:\WINDOWS\system32\drivers\Pclepci.sys
2007-05-16 15:13   <DIR>   d--------   C:\Program Files\Pinnacle
2007-05-16 15:13   <DIR>   d--------   C:\DOCUME~1\ALLUSE~1\DANEAP~1\Pinnacle
2007-05-15 20:44   <DIR>   d--------   C:\Program Files\SmartShopper
2007-05-15 20:44   <DIR>   d--------   C:\Program Files\Share_Accelerator_MM
2007-05-15 20:44   <DIR>   d--------   C:\DOCUME~1\admin\DANEAP~1\SmartShopper
2007-05-15 20:43   434,252   --a------   C:\WINDOWS\system32\Msvcrtd.dll
2007-05-15 20:43   <DIR>   d--------   C:\Program Files\Zapu
2007-05-15 17:17   <DIR>   d--------   C:\Program Files\Vstplugins
2007-05-15 17:16   <DIR>   d--------   C:\Program Files\Sony
2007-05-15 17:05   <DIR>   d--------   C:\WINDOWS\system32\URTTemp
2007-05-15 16:52   <DIR>   d--------   C:\DOCUME~1\admin\DANEAP~1\Sony Setup
2007-05-15 16:50   <DIR>   d--------   C:\Program Files\Sony Setup
2007-05-11 19:54   524,288   --a------   C:\WINDOWS\system32\DivXsm.exe
2007-05-11 06:37   823,296   --a------   C:\WINDOWS\system32\divx_xx0c.dll
2007-05-11 06:37   823,296   --a------   C:\WINDOWS\system32\divx_xx07.dll
2007-05-11 06:37   802,816   --a------   C:\WINDOWS\system32\divx_xx11.dll
2007-05-11 06:37   740,442   --a------   C:\WINDOWS\system32\DivX.dll
2007-04-23 02:15   3,596,288   --a------   C:\WINDOWS\system32\qt-dx331.dll
2007-04-23 02:15   200,704   --a------   C:\WINDOWS\system32\ssldivx.dll
2007-04-23 02:15   1,044,480   --a------   C:\WINDOWS\system32\libdivx.dll
2007-04-23 02:02   73,728   --a------   C:\WINDOWS\system32\dpl100.dll
2007-04-23 02:02   593,920   --a------   C:\WINDOWS\system32\dpuGUI11.dll
2007-04-23 02:02   57,344   --a------   C:\WINDOWS\system32\dpv11.dll
2007-04-23 02:02   53,248   --a------   C:\WINDOWS\system32\dpuGUI10.dll
2007-04-23 02:02   344,064   --a------   C:\WINDOWS\system32\dpus11.dll
2007-04-23 02:02   294,912   --a------   C:\WINDOWS\system32\dpu11.dll
2007-04-23 02:02   294,912   --a------   C:\WINDOWS\system32\dpu10.dll
2007-04-23 02:02   196,608   --a------   C:\WINDOWS\system32\dtu100.dll
2007-04-23 02:01   124,472   --a------   C:\WINDOWS\system32\DivXCodecUpdateChecker.exe
2007-04-23 02:01   12,288   --a------   C:\WINDOWS\system32\DivXWMPExtType.dll


((((((((((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-05-23 12:53:03   40   ----a-w   C:\WINDOWS\system32\profile.dat
2007-05-22 16:35:27   --------   d-----w   C:\Program Files\Common Files\Symantec Shared
2007-05-22 14:32:26   --------   d-----w   C:\Program Files\DivX
2007-05-21 13:12:25   --------   d-----w   C:\Program Files\Gadu-Gadu
2007-05-19 13:34:59   --------   d--h--w   C:\Program Files\InstallShield Installation Information
2007-05-16 15:56:06   74,982   ----a-w   C:\WINDOWS\system32\perfc015.dat
2007-05-16 15:56:06   454,152   ----a-w   C:\WINDOWS\system32\perfh015.dat
2007-05-16 13:17:27   95   ----a-w   C:\AUTOEXEC.BAT
2007-04-23 00:15:25   36,624   ------w   C:\WINDOWS\system32\drivers\pxhelp20.sys
2007-04-20 19:43:58   --------   d-----w   C:\DOCUME~1\admin\DANEAP~1\Skype
2007-03-24 14:50:30   --------   d-----w   C:\DOCUME~1\admin\DANEAP~1\AdobeUM
2007-03-21 12:36:33   --------   d-----w   C:\Program Files\Common Files\InstallShield
2007-03-21 11:49:12   --------   d-----w   C:\Program Files\Hewlett-Packard
2007-03-21 11:48:17   --------   d--h--w   C:\Program Files\Zenographics
2007-03-17 13:45:36   293,376   ----a-w   C:\WINDOWS\system32\winsrv.dll
2007-03-08 15:38:47   579,072   ----a-w   C:\WINDOWS\system32\user32.dll
2007-03-08 15:38:47   40,960   ----a-w   C:\WINDOWS\system32\mf3216.dll
2007-03-08 15:38:47   281,600   ----a-w   C:\WINDOWS\system32\gdi32.dll
2007-03-08 15:37:33   1,843,840   ----a-w   C:\WINDOWS\system32\win32k.sys
2007-02-05 20:19:48   185,856   ----a-w   C:\WINDOWS\system32\upnphost.dll


((((((((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{2BA1C226-EC1B-4471-A65F-D0688AC6EE3A}=C:\Program Files\SmartShopper\Bin\2.0.20\SmrtShpr.dll [2006-12-31 13:42]
{53707962-6F74-2D53-2644-206D7942484F}=C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2005-05-31 02:04]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" []
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-03-07 14:02]
"vptray"="C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe" [2006-03-17 07:34]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-01-11 20:07]
"OrderReminder"="C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2005-03-18 13:18]
"PinnacleDriverCheck"="C:\WINDOWS\system32\\PSDrvCheck.exe" [2004-03-11 00:26]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-05-10 16:36]
   

********************************************************************

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-23 15:03:31
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0


********************************************************************

Completion time: 2007-05-23 15:05:58
C:\ComboFix-quarantined-files.txt ... 2007-05-23 15:05
C:\ComboFix2.txt ... 2007-05-22 21:46

   --- E O F ---


[wojtas]

juz jest ok

[prezess]

ok, dzieki wielkie