proszę o sprawdzenie loga

[SzeregowiecUni]

Witam! Mam problem z kompem, otóż komputer bardzo wolno chodzi od jakiegoś czasu, do tego internet mi chodzi jakby chciał, ale nie mógł.
Myślę, że odpowiednio zabezpieczam komputer (Nod32+ZoneAlarm+SpybotS&D+Adware2007) jednakże coś się dzieje.

Oto logi:
SillentRunner

Kod: Zaznacz wszystko

"Silent Runners.vbs", revision 55, http://www.silentrunners.org/
Operating System: Windows XP
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"Gadu-Gadu" = ""C:\Program Files\Gadu-Gadu\gg.exe" /tray" ["Gadu-Gadu S.A."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"Resume copy" = "copyfstq.exe /startup" [null data]
"ZoneAlarm Client" = ""C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"" ["Zone Labs, LLC"]
"CnxDslTaskBar" = ""c:\program files\zte corporation\zxdsl852\CnxDslTb.exe" "ZTE Corporation\ZXDSL852"" ["Conexant Systems, Inc."]
"ATIPTA" = ""C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"" ["ATI Technologies, Inc."]
"SunJavaUpdateSched" = ""C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"" ["Sun Microsystems, Inc."]
"nod32kui" = ""C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE" ["Eset "]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
  -> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"
                   \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}\(Default) = (no title provided)
  -> {HKLM...CLSID} = "Winamp Toolbar BHO"
                   \InProcServer32\(Default) = "C:\Program Files\Winamp Toolbar\winamptb.dll" ["AOL LLC"]
{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}\(Default) = "flashget urlcatch"
  -> {HKLM...CLSID} = "FGCatchUrl"
                   \InProcServer32\(Default) = "C:\Program Files\FlashGet\jccatch.dll" ["www.flashget.com"]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
  -> {HKLM...CLSID} = "SSVHelper Class"
                   \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll" ["Sun Microsystems, Inc."]
{F156768E-81EF-470C-9057-481BA8380DBA}\(Default) = (no title provided)
  -> {HKLM...CLSID} = "FlashGet GetFlash Class"
                   \InProcServer32\(Default) = "C:\Program Files\FlashGet\getflash.dll" ["www.flashget.com"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
  -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"
                   \InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
  -> {HKLM...CLSID} = "HyperTerminal Icon Ext"
                   \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{A4D78B20-6E05-1069-8758-4E73FD83DEAD}" = "QCopy"
  -> {HKLM...CLSID} = "QCopy"
                   \InProcServer32\(Default) = "dropcpyr.dll" [null data]
"{D9872D13-7651-4471-9EEE-F0A00218BEBB}" = "Multiscan"
  -> {HKLM...CLSID} = "ZLAVShExt Class"
                   \InProcServer32\(Default) = "C:\Program Files\Zone Labs\ZoneAlarm\zlavscan.dll" ["Zone Labs, LLC"]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
  -> {HKLM...CLSID} = "WinRAR"
                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{0E6C58A9-F592-4862-B35F-CA45E24003B3}" = "CloneCD"
  -> {HKLM...CLSID} = "CloneCD Shell Extension"
                   \InProcServer32\(Default) = "C:\Program Files\Elaborate Bytes\CloneCD\ElbyVCDShell.dll" ["Elaborate Bytes"]
"{67C63340-679B-11D2-92EE-000021474C19}" = "IrfanView Extensions"
  -> {HKLM...CLSID} = "IrfanView Extensions"
                   \InProcServer32\(Default) = "C:\Program Files\IrfanView\IVEX.dll" ["BAxBEx Software"]
"{32020A01-506E-484D-A2A8-BE3CF17601C3}" = "AlcoholShellEx"
  -> {HKLM...CLSID} = "AlcoholShellEx"
                   \InProcServer32\(Default) = "C:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll" ["Alcohol Soft Development Team"]
"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
  -> {HKLM...CLSID} = "Microsoft Office Outlook"
                   \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
  -> {HKLM...CLSID} = "Rozszerzenie ikon plików programu Outlook"
                   \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]
"{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}" = "TuneUp Shredder Shell Extension"
  -> {HKLM...CLSID} = "TuneUp Shredder Shell Extension"
                   \InProcServer32\(Default) = "C:\Program Files\TuneUp Utilities 2007\SDShelEx-win32.dll" ["TuneUp Software GmbH"]
"{44440D00-FF19-4AFC-B765-9A0970567D97}" = "TuneUp Theme Extension"
  -> {HKLM...CLSID} = "TuneUp Theme Extension"
                   \InProcServer32\(Default) = "C:\WINDOWS\System32\uxtuneup.dll" ["TuneUp Software GmbH"]
"{B089FE88-FB52-11D3-BDF1-0050DA34150D}" = "NOD32 Context Menu Shell Extension"
  -> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"
                   \InProcServer32\(Default) = "C:\Program Files\Eset\nodshex.dll" [null data]

HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\
<<!>> ("credssp.dll" [MS]) "SecurityProviders" = "msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, credssp.dll"

HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\
<<!>> "BootExecute" = "autocheck autochk *"|"lsdelete" [null data]

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<<!>> AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]
<<!>> dimsntfy\DLLName = "C:\WINDOWS\System32\dimsntfy.dll" [MS]

HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\
<<!>> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]

HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
  -> {HKLM...CLSID} = "PDF Shell Extension"
                   \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\
NOD32 Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}"
  -> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"
                   \InProcServer32\(Default) = "C:\Program Files\Eset\nodshex.dll" [null data]
TuneUp Shredder Shell Extension\(Default) = "{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}"
  -> {HKLM...CLSID} = "TuneUp Shredder Shell Extension"
                   \InProcServer32\(Default) = "C:\Program Files\TuneUp Utilities 2007\SDShelEx-win32.dll" ["TuneUp Software GmbH"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
  -> {HKLM...CLSID} = "WinRAR"
                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
ZLAVShExt\(Default) = "{D9872D13-7651-4471-9EEE-F0A00218BEBB}"
  -> {HKLM...CLSID} = "ZLAVShExt Class"
                   \InProcServer32\(Default) = "C:\Program Files\Zone Labs\ZoneAlarm\zlavscan.dll" ["Zone Labs, LLC"]
{67C63340-679B-11D2-92EE-000021474C19}\(Default) = "{67C63340-679B-11D2-92EE-000021474C19}"
  -> {HKLM...CLSID} = "IrfanView Extensions"
                   \InProcServer32\(Default) = "C:\Program Files\IrfanView\IVEX.dll" ["BAxBEx Software"]

HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\
TuneUp Shredder Shell Extension\(Default) = "{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}"
  -> {HKLM...CLSID} = "TuneUp Shredder Shell Extension"
                   \InProcServer32\(Default) = "C:\Program Files\TuneUp Utilities 2007\SDShelEx-win32.dll" ["TuneUp Software GmbH"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
  -> {HKLM...CLSID} = "WinRAR"
                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\
NOD32 Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}"
  -> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"
                   \InProcServer32\(Default) = "C:\Program Files\Eset\nodshex.dll" [null data]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
  -> {HKLM...CLSID} = "WinRAR"
                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
ZLAVShExt\(Default) = "{D9872D13-7651-4471-9EEE-F0A00218BEBB}"
  -> {HKLM...CLSID} = "ZLAVShExt Class"
                   \InProcServer32\(Default) = "C:\Program Files\Zone Labs\ZoneAlarm\zlavscan.dll" ["Zone Labs, LLC"]


Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\

"shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\web\wallpaper\Idylla.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\WINDOWS\web\wallpaper\Idylla.bmp"


Enabled Scheduled Tasks:
------------------------

"1-Click Maintenance" -> launches: "C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe /schedulestart" ["TuneUp Software GmbH"]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
C:\WINDOWS\system32\imon.dll ["Eset "], 01 - 05, 23
%SystemRoot%\system32\mswsock.dll [MS], 06 - 08, 11 - 22
%SystemRoot%\system32\rsvpsp.dll [MS], 09 - 10


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"
  -> {HKLM...CLSID} = "Winamp Toolbar"
                   \InProcServer32\(Default) = "C:\Program Files\Winamp Toolbar\winamptb.dll" ["AOL LLC"]

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}" = "Winamp Toolbar"
  -> {HKLM...CLSID} = "Winamp Toolbar"
                   \InProcServer32\(Default) = "C:\Program Files\Winamp Toolbar\winamptb.dll" ["AOL LLC"]

Explorer Bars

HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\

HKLM\SOFTWARE\Classes\CLSID\{1E0DE227-5CE4-4EA3-AB0C-8B03E1AA76BC}\(Default) = "My Web Search Quick View"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]

HKLM\SOFTWARE\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Badanie"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL" [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}"
  -> {HKCU...CLSID} = "Java Plug-in 1.6.0_03"
                   \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll" ["Sun Microsystems, Inc."]
  -> {HKLM...CLSID} = "Java Plug-in 1.6.0_03"
                   \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll" ["Sun Microsystems, Inc."]

{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
"ButtonText" = "Badanie"

{D6E814A0-E0C5-11D4-8D29-0050BA6940E3}\
"ButtonText" = "FlashGet"
"MenuText" = "FlashGet"
"Exec" = "C:\Program Files\FlashGet\FlashGet.exe" ["FlashGet.com"]

{E2E2DD38-D088-4134-82B7-F2BA38496583}\
"MenuText" = "@xpsp3res.dll,-20001"
"Exec" = "%windir%\Network Diagnostic\xpnetdiag.exe" [MS]

{EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A}\
"ButtonText" = "eBay - Homepage"
"CLSIDExtension" = "{1FBA04EE-3024-11D2-8F1F-0000F87ABD16}"
  -> {HKLM...CLSID} = "Toolbar Extension for Executable"
                   \InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
"Exec" = "C:\Program Files\IrfanView\Ebay\Ebay.htm" [null data]

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]


Miscellaneous IE Hijack Points
------------------------------

HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\
<<H>> "Tabs" = "res://ieframe.dll/tabswelcome.htm" [file not found]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Ad-Aware 2007 Service, aawservice, ""C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe"" ["Lavasoft AB"]
Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\system32\Ati2evxx.exe" ["ATI Technologies Inc."]
NOD32 Kernel Service, NOD32krn, ""C:\Program Files\Eset\nod32krn.exe"" ["Eset "]
TrueVector Internet Monitor, vsmon, "C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service" ["Zone Labs, LLC"]
TuneUp Theme Extension, UxTuneUp, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\uxtuneup.dll" ["TuneUp Software GmbH"]}
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]


Print Monitors:
---------------

HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\
HP Standard TCP/IP Port\Driver = "HpTcpMon.dll" ["Hewlett Packard"]
Language Monitor\Driver = "hpz3l054.dll" ["Hewlett-Packard Company"]
Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]


---------- (launch time: 2008-01-28 16:24:47)
<<!>>: Suspicious data at a malware launch point.
<<H>>: Suspicious data at a browser hijack point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
  launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
  took 363 seconds.
---------- (total run time: 632 seconds)


HijackThis

Kod: Zaznacz wszystko

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:50, on 2008-01-27
Platform: Windows XP SP3, v.3244 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.3244)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\program files\zte corporation\zxdsl852\CnxDslTb.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Winamp\winamp.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\FlashGet\flashget.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\ComboFix\sed.cfexe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: (no name) - {37B85A29-692B-4205-9CAD-2626E4993404} - (no file)
O3 - Toolbar: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - (no file)
O4 - HKLM\..\Run: [Resume copy] copyfstq.exe /startup
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [CnxDslTaskBar] "c:\program files\zte corporation\zxdsl852\CnxDslTb.exe" "ZTE Corporation\ZXDSL852"
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Search - ?p=ZNfox000
O8 - Extra context menu item: &Ściągnij przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Ściągnij wszystko przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Program Files\IrfanView\Ebay\Ebay.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{A4A5BDA0-4DF3-41D7-B763-754F9E8BD705}: NameServer = 194.204.159.1 217.98.63.164
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 5873 bytes



ComboFix

Kod: Zaznacz wszystko

ComboFix 08-01-23.1C - Backup 2008-01-27 20:50:59.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1250.1.1033.18.181 [GMT 1:00]
Running from: C:\Downloads\ComboFix.exe
* Created a new restore point

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Dane aplikacji\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Dane aplikacji\Microsoft\Network\Downloader\qmgr1.dat
C:\Program Files\MyWebSearch
C:\Program Files\MyWebSearch\bar\1.bin\F3BKGERR.JPG
C:\Program Files\MyWebSearch\bar\1.bin\F3BROVLY.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3DTACTL.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3HISTSW.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR
C:\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3SCHMON.EXE
C:\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3SHLLVW.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3SPACER.WMV
C:\Program Files\MyWebSearch\bar\1.bin\F3WALLPP.DAT
C:\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR
C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST
C:\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3IDLE.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE
C:\Program Files\MyWebSearch\bar\1.bin\M3MSG.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR
C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST
C:\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE
C:\Program Files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE
C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL_tobedeleted_old
C:\Program Files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL
C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]0760BE8
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]07614C2
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]076180E.bin
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]0761DAB.bin
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]0FE3FA5.bin
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]0FE5466.bin
C:\Program Files\MyWebSearch\bar\Cache\files.ini
C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S
C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S
C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S
C:\Program Files\MyWebSearch\bar\History\search2
C:\Program Files\MyWebSearch\bar\icons\CM.ICO
C:\Program Files\MyWebSearch\bar\icons\MFC.ICO
C:\Program Files\MyWebSearch\bar\icons\PSS.ICO
C:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO
C:\Program Files\MyWebSearch\bar\icons\WB.ICO
C:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO
C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S
C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S
C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S
C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S
C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S
C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S
C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S
C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S
C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S
C:\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat

----- BITS: Possible infected sites -----

hxxp://go.microsoft.com
.
(((((((((((((((((((((((((   Files Created from 2007-12-27 to 2008-01-27  )))))))))))))))))))))))))))))))
.

2008-01-27 20:50 . 2008-01-27 20:50   <DIR>   d--------   C:\Program Files\Trend Micro
2008-01-27 20:48 . 2000-08-31 08:00   51,200   --a------   C:\WINDOWS\Nircmd.exe
2008-01-26 15:14 . 1998-03-12 15:03   18,384   --a------   C:\WINDOWS\system32\video.drv
2008-01-20 13:09 . 2008-01-20 16:11   187   --a------   C:\WINDOWS\7THLEVEL.INI
2008-01-20 12:58 . 1996-07-18 13:06   297,472   --a------   C:\WINDOWS\uninst.exe
2008-01-19 10:15 . 2008-01-19 10:15   <DIR>   d--------   C:\Program Files\Common Files\Macrovision Shared
2008-01-19 10:15 . 2008-01-19 10:15   54,784   --a------   C:\WINDOWS\system32\drivers\CDAC11BA.EXE
2008-01-19 10:15 . 2008-01-19 10:15   12,464   --a------   C:\WINDOWS\system32\drivers\CdaC15BA.SYS
2008-01-19 10:00 . 2008-01-19 10:00   <DIR>   d--------   C:\Program Files\Boontygames
2008-01-18 23:21 . 2008-01-27 20:49   <DIR>   d--------   C:\Downloads
2008-01-18 17:13 . 2007-10-31 00:32   90,624   --a--c---   C:\WINDOWS\system32\dllcache\muisetup.exe
2008-01-18 16:50 . 2008-01-18 16:50   <DIR>   d--------   C:\WINDOWS\system32\en
2008-01-18 16:44 . 2008-01-18 16:51   <DIR>   d--------   C:\WINDOWS\ServicePackFiles
2008-01-18 16:43 . 2007-10-31 00:32   294,912   -----c---   C:\WINDOWS\system32\dllcache\dlimport.exe
2008-01-18 16:36 . 2007-10-30 16:31   1,897,408   ---------   C:\WINDOWS\system32\drivers\nv4_mini.sys
2008-01-18 16:32 . 2006-12-29 00:31   19,569   --a------   C:\WINDOWS\[u]0[/u]03262_.tmp
2008-01-17 17:44 . 2008-01-17 17:44   <DIR>   d--------   C:\Program Files\Google
2008-01-16 21:28 . 2008-01-16 21:27   512,096   --a------   C:\WINDOWS\system32\drivers\amon.sys
2008-01-16 21:28 . 2008-01-16 21:27   298,104   --a------   C:\WINDOWS\system32\imon.dll
2008-01-16 21:28 . 2008-01-16 21:27   15,424   --a------   C:\WINDOWS\system32\drivers\nod32drv.sys
2008-01-14 21:32 . 2008-01-14 21:32   <DIR>   d--------   C:\Program Files\Common Files\PC Tools
2008-01-14 18:47 . 2008-01-14 18:47   <DIR>   d--------   C:\Program Files\Common Files\NSV
2008-01-12 13:11 . 2008-01-12 13:11   <DIR>   d--------   C:\Program Files\Nero
2008-01-12 13:11 . 2008-01-12 13:11   <DIR>   d--------   C:\Program Files\Common Files\Ahead
2008-01-12 13:11 . 2005-10-17 17:15   2,605,056   --a------   C:\WINDOWS\system32\BCGCBPRO800u.dll
2008-01-12 13:11 . 2005-10-17 17:07   2,600,960   --a------   C:\WINDOWS\system32\BCGCBPRO800.dll
2008-01-12 13:11 . 2004-07-26 17:16   1,568,768   --a------   C:\WINDOWS\system32\imagX7.dll
2008-01-12 13:11 . 2004-07-26 17:16   476,320   --a------   C:\WINDOWS\system32\imagXpr7.dll
2008-01-12 13:11 . 2004-07-26 17:16   471,040   --a------   C:\WINDOWS\system32\imagXRA7.dll
2008-01-12 13:11 . 2004-07-09 09:43   364,544   --a------   C:\WINDOWS\system32\TwnLib4.dll
2008-01-12 13:11 . 2004-07-26 17:16   262,144   --a------   C:\WINDOWS\system32\imagXR7.dll
2008-01-12 13:11 . 2005-12-23 17:50   32,768   --a------   C:\WINDOWS\system32\BCGPOleAcc.dll
2008-01-06 01:15 . 2008-01-06 01:15   <DIR>   d--h-----   C:\WINDOWS\PIF
2008-01-06 01:11 . 2008-01-18 22:59   <DIR>   d--------   C:\Program Files\Azureus
2008-01-06 01:04 . 2008-01-06 01:04   <DIR>   d--------   C:\Program Files\DivX
2008-01-06 00:46 . 2004-08-03 22:14   359,040   --a------   C:\WINDOWS\system32\drivers\tcpip.sys.flg
2008-01-06 00:45 . 2008-01-27 20:51   <DIR>   d--------   C:\Program Files\FlashGet
2007-12-30 19:39 . 1999-05-05 22:22   471,040   --a------   C:\WINDOWS\KERNEL32.DLL
2007-12-30 18:56 . 2007-12-30 18:56   <DIR>   d--------   C:\Program Files\DIFX
2007-12-30 18:55 . 2007-12-30 18:56   <DIR>   d----c---   C:\WINDOWS\system32\DRVSTORE
2007-12-30 18:55 . 2007-12-30 18:55   <DIR>   d--------   C:\WINDOWS\system32\AGEIA
2007-12-30 18:55 . 2007-12-30 18:55   <DIR>   d--------   C:\Program Files\AGEIA Technologies
2007-12-30 00:18 . 2006-06-26 03:19   2,388,176   --a------   C:\WINDOWS\d3dx9_30.dll

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-26 14:08   1,574,912   ----a-w   C:\WINDOWS\Internet Logs\xDB37.tmp
2008-01-26 14:05   52,334,624   --sha-w   C:\WINDOWS\system32\drivers\fidbox.dat
2008-01-25 23:12   693,272   --sha-w   C:\WINDOWS\system32\drivers\fidbox.idx
2008-01-25 14:36   2,951,680   ----a-w   C:\WINDOWS\Internet Logs\xDB35.tmp
2008-01-25 14:36   1,569,792   ----a-w   C:\WINDOWS\Internet Logs\xDB36.tmp
2008-01-22 10:00   12,800   ----a-w   C:\WINDOWS\Internet Logs\xDB34.tmp
2008-01-22 09:47   2,321,408   ----a-w   C:\WINDOWS\Internet Logs\xDB32.tmp
2008-01-22 09:47   1,565,696   ----a-w   C:\WINDOWS\Internet Logs\xDB33.tmp
2008-01-20 19:52   2,870,784   ----a-w   C:\WINDOWS\Internet Logs\xDB30.tmp
2008-01-20 19:52   1,564,672   ----a-w   C:\WINDOWS\Internet Logs\xDB31.tmp
2008-01-18 16:28   ---------   d--h--w   C:\Program Files\InstallShield Installation Information
2008-01-17 22:42   3,406,848   ----a-w   C:\WINDOWS\Internet Logs\xDB2E.tmp
2008-01-17 22:42   1,545,728   ----a-w   C:\WINDOWS\Internet Logs\xDB2F.tmp
2008-01-17 19:21   ---------   d-----w   C:\Program Files\TuneUp Utilities 2007
2008-01-14 17:49   1,539,072   ----a-w   C:\WINDOWS\Internet Logs\xDB2D.tmp
2008-01-12 22:15   2,856,960   ----a-w   C:\WINDOWS\Internet Logs\xDB2B.tmp
2008-01-12 22:15   1,537,536   ----a-w   C:\WINDOWS\Internet Logs\xDB2C.tmp
2008-01-12 12:10   ---------   d-----w   C:\Program Files\Ahead
2008-01-07 18:46   ---------   d-----w   C:\Program Files\IrfanView
2008-01-07 17:26   2,960,384   ----a-w   C:\WINDOWS\Internet Logs\xDB2A.tmp
2008-01-06 20:37   3,185,664   ----a-w   C:\WINDOWS\Internet Logs\xDB28.tmp
2008-01-06 20:37   1,510,400   ----a-w   C:\WINDOWS\Internet Logs\xDB29.tmp
2008-01-06 14:16   ---------   d-----w   C:\Program Files\Gadu-Gadu
2008-01-03 11:41   ---------   d-----w   C:\Program Files\NAPI-PROJEKT
2008-01-02 21:52   2,705,408   ----a-w   C:\WINDOWS\Internet Logs\xDB26.tmp
2008-01-02 21:52   1,488,896   ----a-w   C:\WINDOWS\Internet Logs\xDB27.tmp
2008-01-01 17:22   516,096   ----a-w   C:\WINDOWS\Internet Logs\xDB24.tmp
2008-01-01 17:22   1,486,848   ----a-w   C:\WINDOWS\Internet Logs\xDB25.tmp
2008-01-01 13:29   4,516,352   ----a-w   C:\WINDOWS\Internet Logs\xDB23.tmp
2007-12-31 18:13   1,482,752   ----a-w   C:\WINDOWS\Internet Logs\xDB22.tmp
2007-12-30 17:55   ---------   d-----w   C:\Program Files\Common Files\Wise Installation Wizard
2007-12-28 16:15   2,159,352   ----a-w   C:\WINDOWS\Internet Logs\tvDebug.zip
2007-12-27 12:11   ---------   d-----w   C:\Program Files\3GP Player
2007-12-25 17:46   ---------   d-----w   C:\Program Files\Xilisoft
2007-12-25 17:46   ---------   d-----w   C:\Program Files\QuickTime
2007-12-25 09:51   0   ----a-r   C:\logwmemory.bin
2007-12-23 14:39   ---------   d-----w   C:\Program Files\cFosSpeed
2007-12-21 16:13   ---------   d-----w   C:\Program Files\HP
2007-12-21 16:13   ---------   d-----w   C:\Program Files\Common Files\HP
2007-12-21 16:09   ---------   d-----w   C:\Program Files\Hewlett-Packard
2007-12-21 16:06   ---------   d-----w   C:\Program Files\Common Files\Hewlett-Packard
2007-12-20 20:40   948,736   ----a-w   C:\WINDOWS\Internet Logs\xDB20.tmp
2007-12-20 20:40   1,444,352   ----a-w   C:\WINDOWS\Internet Logs\xDB21.tmp
2007-12-20 19:15   ---------   d-----w   C:\Program Files\Winamp
2007-12-20 19:04   ---------   d-----w   C:\Program Files\Winamp Remote
2007-12-20 19:00   1,440,256   ----a-w   C:\WINDOWS\Internet Logs\xDB1F.tmp
2007-12-20 17:34   2,949,120   ----a-w   C:\WINDOWS\Internet Logs\xDB1D.tmp
2007-12-20 17:34   1,439,744   ----a-w   C:\WINDOWS\Internet Logs\xDB1E.tmp
2007-12-19 20:07   ---------   d-----w   C:\Program Files\Alwil Software
2007-12-19 15:38   ---------   d-----w   C:\Program Files\illiminable
2007-12-15 17:21   243,712   ----a-w   C:\WINDOWS\Internet Logs\xDB1B.tmp
2007-12-15 17:21   1,424,384   ----a-w   C:\WINDOWS\Internet Logs\xDB1C.tmp
2007-12-15 16:32   2,839,040   ----a-w   C:\WINDOWS\Internet Logs\xDB19.tmp
2007-12-15 16:32   1,423,872   ----a-w   C:\WINDOWS\Internet Logs\xDB1A.tmp
2007-12-14 16:57   ---------   d-----w   C:\Program Files\kRk Software
2007-12-12 20:45   2,887,680   ----a-w   C:\WINDOWS\Internet Logs\xDB17.tmp
2007-12-12 20:45   1,419,776   ----a-w   C:\WINDOWS\Internet Logs\xDB18.tmp
2007-12-12 20:07   ---------   d-----w   C:\Program Files\BearShare
2007-12-10 16:14   ---------   d-----w   C:\Program Files\SystemRequirementsLab
2007-12-06 15:14   ---------   d-----w   C:\Program Files\Microsoft.NET
2007-12-04 20:14   ---------   d-----w   C:\Program Files\MobiRise 3GP Converter
2007-12-03 19:56   ---------   d-----w   C:\Program Files\Cartall
2007-12-03 19:55   ---------   d-----w   C:\Program Files\DAEMON Tools
2007-12-01 22:10   3,240,448   ----a-w   C:\WINDOWS\Internet Logs\xDB15.tmp
2007-12-01 22:10   1,384,960   ----a-w   C:\WINDOWS\Internet Logs\xDB16.tmp
2007-11-29 22:30   200,704   ----a-w   C:\WINDOWS\system32\ssldivx.dll
2007-11-29 22:30   1,044,480   ----a-w   C:\WINDOWS\system32\libdivx.dll
2007-11-29 17:32   ---------   d-----w   C:\Program Files\SubEdit-Player
2007-11-27 05:33   127,034   ------r   C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe
2007-11-25 17:03   2,783,744   ----a-w   C:\WINDOWS\Internet Logs\xDB13.tmp
2007-11-25 17:03   1,370,624   ----a-w   C:\WINDOWS\Internet Logs\xDB14.tmp
2007-11-23 17:22   3,598,848   ----a-w   C:\WINDOWS\Internet Logs\xDB12.tmp
2007-11-19 20:12   1,358,848   ----a-w   C:\WINDOWS\Internet Logs\xDB11.tmp
2007-11-19 14:49   118,784   ------r   C:\WINDOWS\bwUnin-7.2.0.137-8876480SL.exe
2007-11-18 17:45   131,584   ----a-w   C:\WINDOWS\Internet Logs\xDBF.tmp
2007-11-18 17:45   1,342,464   ----a-w   C:\WINDOWS\Internet Logs\xDB10.tmp
2007-11-18 16:14   28,160   ----a-w   C:\WINDOWS\Internet Logs\xDBE.tmp
2007-11-18 14:24   1,341,952   ----a-w   C:\WINDOWS\Internet Logs\xDBD.tmp
2007-11-18 14:21   1,341,952   ----a-w   C:\WINDOWS\Internet Logs\xDBC.tmp
2007-11-18 13:33   25,088   ----a-w   C:\WINDOWS\Internet Logs\xDBA.tmp
2007-11-18 13:33   1,341,952   ----a-w   C:\WINDOWS\Internet Logs\xDBB.tmp
2007-11-18 13:30   1,341,952   ----a-w   C:\WINDOWS\Internet Logs\xDB9.tmp
2007-11-18 13:28   1,341,952   ----a-w   C:\WINDOWS\Internet Logs\xDB8.tmp
2007-11-18 13:26   1,342,464   ----a-w   C:\WINDOWS\Internet Logs\xDB7.tmp
2007-11-18 13:26   1,227,264   ----a-w   C:\WINDOWS\Internet Logs\xDB6.tmp
2007-11-18 08:54   13,824   ----a-w   C:\WINDOWS\Internet Logs\xDB5.tmp
2007-11-18 06:46   2,758,144   ----a-w   C:\WINDOWS\Internet Logs\xDB4.tmp
2007-11-17 14:22   1,230,336   ----a-w   C:\WINDOWS\Internet Logs\xDB3.tmp
2007-11-17 13:56   147,456   ----a-w   C:\WINDOWS\Internet Logs\xDB1.tmp
2007-11-17 13:56   1,320,448   ----a-w   C:\WINDOWS\Internet Logs\xDB2.tmp
2007-11-17 12:30   720,896   ----a-w   C:\WINDOWS\iun6002.exe
2007-10-30 23:37   330,240   ----a-w   C:\WINDOWS\system32\netsetup.exe
2007-10-30 23:33   92,424   ----a-w   C:\WINDOWS\system32\rdpdd.dll
2007-10-30 23:33   9,216   ----a-w   C:\WINDOWS\system32\scrnsave.scr
2007-10-30 23:33   87,176   ----a-w   C:\WINDOWS\system32\rdpwsx.dll
2007-10-30 23:33   704,512   ----a-w   C:\WINDOWS\system32\ss3dfo.scr
2007-10-30 23:33   679,936   ----a-w   C:\WINDOWS\system32\sstext3d.scr
2007-10-30 23:33   65,024   ----a-w   C:\WINDOWS\system32\wextract.exe
2007-10-30 23:33   610,304   ----a-w   C:\WINDOWS\system32\sspipes.scr
2007-10-30 23:33   507,904   ----a-w   C:\WINDOWS\system32\winlogon.exe
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
2007-10-04 21:06   1135968   --a------   C:\Program Files\Winamp Toolbar\winamptb.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
{37B85A29-692B-4205-9CAD-2626E4993404}
{07B18EA9-A523-4961-B6BB-170DE4475CCA}

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-10-04 21:06 1135968]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-07-09 08:39 2119104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Resume copy"="copyfstq.exe" [2002-03-24 12:54 46080 C:\WINDOWS\COPYFSTQ.EXE]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-06-21 21:54 919016]
"CnxDslTaskBar"="c:\program files\zte corporation\zxdsl852\CnxDslTb.exe" [2005-07-21 21:52 278528]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 21:05 344064]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-01-16 21:27 949376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2007-10-31 00:32 15360]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu]
--a------ 2007-07-09 08:39 2119104 C:\Program Files\Gadu-Gadu\gg.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MyWebSearch Email Plugin"=C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"My Web Search Bar"=rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S
"MyWebSearch Email Plugin"=C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2007-10-31 00:32]
R3 CnxEtP;ZTE ZXDSL852 Adapter Filter Driver;C:\WINDOWS\system32\DRIVERS\CnxEtP.sys [2005-05-20 19:27]
R3 CnxEtU;ZTE ZXDSL852 Interface Device Driver;C:\WINDOWS\system32\DRIVERS\CnxEtU.sys [2005-05-20 19:27]
R3 CnxTgNW;ZTE ZXDSL852 WAN PPPoA Adapter Driver;C:\WINDOWS\system32\DRIVERS\CnxTgNW.sys [2005-05-20 19:28]
R3 LVPrcMon;Logitech LVPrcMon Driver;C:\WINDOWS\system32\drivers\LVPrcMon.sys [2005-12-09 15:37]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp

*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
"2008-01-27 19:19:30 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-27 20:59:57
Windows 5.1.2600 Service Pack 3, v.3244 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-27 21:01:58
ComboFix-quarantined-files.txt  2008-01-27 20:01:49



SDFix

Kod: Zaznacz wszystko

SDFix: Version 1.131

Run by Backup on 2008-01-28 at 16:57

Microsoft Windows XP [Wersja 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

No Trojan Files Found






Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\explorer.exe
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



                                 Final Check:

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-28 17:08:23
Windows 5.1.2600 Service Pack 3, v.3244 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:fa,84,c9,a8,ee,a0,28,c3,80,f4,a5,7c,92,67,78,8c,eb,53,4e,73,94,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,a1,d9,b0,95,ce,6f,f0,6a,01,86,ce,7a,bf,5e,b1,2f,27,..
"khjeh"=hex:d9,42,5c,90,10,85,df,3b,86,64,65,cd,47,95,12,46,23,48,f6,1e,c5,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:46,8f,a2,a1,0c,b3,3e,a8,74,85,4c,f2,e4,54,33,5a,2a,26,80,02,36,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:c1,b2,bb,8a,fa,15,d3,09,ed,ee,74,bb,65,8c,ad,f4,35,3e,b6,98,38,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:fa,84,c9,a8,ee,a0,28,c3,80,f4,a5,7c,92,67,78,8c,eb,53,4e,73,94,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,a1,d9,b0,95,ce,6f,f0,6a,01,86,ce,7a,bf,5e,b1,2f,27,..
"khjeh"=hex:2a,ac,1e,c2,95,9a,50,bf,01,e5,c7,89,02,a1,9b,0a,d8,7b,58,10,2a,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:67,58,3d,5a,13,02,45,cc,00,d5,4d,ba,b0,f2,c0,b2,cd,71,68,a9,a3,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:fa,84,c9,a8,ee,a0,28,c3,80,f4,a5,7c,92,67,78,8c,eb,53,4e,73,94,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,a1,d9,b0,95,ce,6f,f0,6a,01,86,ce,7a,bf,5e,b1,2f,27,..
"khjeh"=hex:d9,42,5c,90,10,85,df,3b,86,64,65,cd,47,95,12,46,23,48,f6,1e,c5,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:46,8f,a2,a1,0c,b3,3e,a8,74,85,4c,f2,e4,54,33,5a,2a,26,80,02,36,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:c1,b2,bb,8a,fa,15,d3,09,ed,ee,74,bb,65,8c,ad,f4,35,3e,b6,98,38,..

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E9F81423-211E-46B6-9AE0-38568BC5CF6F}]
"DisplayName"="Alcohol 120%"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\A\1\5\1c]
"Order"=hex:08,00,00,00,02,00,00,00,b8,01,00,00,01,00,00,00,04,00,00,00,8c,..

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

Remaining Files:
---------------


Files with Hidden Attributes:

Fri 23 Nov 2007         4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"

Finished!


[wojtas]

Wykonaj to co jest podane w tym temacie

skasuj wpisy:

O3 - Toolbar: (no name) - {37B85A29-692B-4205-9CAD-2626E4993404} - (no file)
O3 - Toolbar: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - (no file)

wklej do notatnika

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MyWebSearch Email Plugin"=-

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"My Web Search Bar"=-
"MyWebSearch Email Plugin"=-

w notatniku u góry>>>plik zapisz jako>>>Zmien rozszerzenie z TXT na Wszystkie pliki *.* >>> Zapisz pod nazwą FIX.REG

Klikasz dwa razy na powstały plik fix i dodajesz go do rejestru....


te pliki:

C:\WINDOWS\Internet Logs\xDB16.tmp
C:\WINDOWS\003262_.tmp
C:\WINDOWS\system32\dllcache\muisetup.exe
C:\WINDOWS\7THLEVEL.INI

przeskanuj tu i daj raporty:

http://virusscan.jotti.org/
http://www.virustotal.com/

[SzeregowiecUni]

Kod: Zaznacz wszystko

Plik xDB16.tmp otrzymany 2008.01.28 18:11:00 (CET)
Obecny status: Ładowanie ... w kolejce oczekuje skanowanie zakończono NIE ZNALEZIONO ZATRZYMANE
Wynik: 0/32 (0%)
Ładowanie informacji serwera...
Twój plik czeka w kolejce na pozycji: 10.
Oczekiwany czas rozpoczęcia zawiera się między 66 i 95 sekundy.
Nie zamykaj tego okna, dopóki skanowanie nie zostanie ukończone.
Skaner nie odpowiada, trwają próby odzyskania wyników skanowania.
Jeśli potrwa to dłużej niż 5 minut, wyślik plik ponownie.
Twój plik jest obecnie skanowany, wyniki będą pojawiać się stopniowo.
Zwięzły Zwięzły
Drukuj wyniki Drukuj wyniki
Twój plik wygasł lub nie istnieje.
Usługa została wstrzymana. Twój plik będzie czekać na skanowanie (na pozycji: ) przez nieokreślony czas.

Możesz czekać na odpowiedź (automatyczne przeładowanie) lub podać swój email poniżej i kliknąć "przypomnij", wtedy system poinformuje Cię o zakończeniu skanowania wysyłając email.
Przypomnij:    
   
Antywirus    Wersja    Ostatnia aktualizacja    Wynik
AhnLab-V3   2008.1.28.10   2008.01.28   -
AntiVir   7.6.0.56   2008.01.28   -
Authentium   4.93.8   2008.01.26   -
Avast   4.7.1098.0   2008.01.27   -
AVG   7.5.0.516   2008.01.28   -
BitDefender   7.2   2008.01.28   -
CAT-QuickHeal   9.00   2008.01.25   -
ClamAV   0.91.2   2008.01.28   -
DrWeb   4.44.0.09170   2008.01.28   -
eSafe   7.0.15.0   2008.01.16   -
eTrust-Vet   31.3.5486   2008.01.26   -
Ewido   4.0   2008.01.27   -
FileAdvisor   1   2008.01.28   -
Fortinet   3.14.0.0   2008.01.28   -
F-Prot   4.4.2.54   2008.01.27   -
F-Secure   6.70.13260.0   2008.01.28   -
Ikarus   T3.1.1.20   2008.01.28   -
Kaspersky   7.0.0.125   2008.01.28   -
McAfee   5216   2008.01.26   -
Microsoft   1.3109   2008.01.28   -
NOD32v2   2828   2008.01.28   -
Norman   5.80.02   2008.01.28   -
Panda   9.0.0.4   2008.01.28   -
Prevx1   V2   2008.01.28   -
Rising   20.29.01.00   2008.01.28   -
Sophos   4.25.0   2008.01.28   -
Sunbelt   2.2.907.0   2008.01.25   -
Symantec   10   2008.01.28   -
TheHacker   6.2.9.200   2008.01.28   -
VBA32   3.12.2.5   2008.01.21   -
VirusBuster   4.3.26:9   2008.01.28   -
Webwasher-Gateway   6.6.2   2008.01.28   -
Dodatkowe informacje
File size: 1384960 bytes
MD5: 06b45b9a6eee49e8360c92feb9b5ab52
SHA1: 8a933c475f0a861ecdd6918b3f8cd9664b7b801d
PEiD: -

C:\WINDOWS\003262_.tmp

Kod: Zaznacz wszystko

Antywirus    Wersja    Ostatnia aktualizacja    Wynik
AhnLab-V3    2008.1.19.10    2008.01.18    -
AntiVir    7.6.0.48    2008.01.18    -
Authentium    4.93.8    2008.01.19    -
Avast    4.7.1098.0    2008.01.19    -
AVG    7.5.0.516    2008.01.18    -
BitDefender    7.2    2008.01.19    -
CAT-QuickHeal    9.00    2008.01.19    -
ClamAV    0.91.2    2008.01.19    -
DrWeb    4.44.0.09170    2008.01.19    -
eSafe    7.0.15.0    2008.01.16    -
eTrust-Vet    31.3.5470    2008.01.18    -
Ewido    4.0    2008.01.19    -
FileAdvisor    1    2008.01.19    -
Fortinet    3.14.0.0    2008.01.19    -
F-Prot    4.4.2.54    2008.01.19    -
F-Secure    6.70.13260.0    2008.01.18    -
Ikarus    T3.1.1.20    2008.01.19    -
Kaspersky    7.0.0.125    2008.01.19    -
McAfee    5211    2008.01.18    -
Microsoft    1.3109    2008.01.19    -
NOD32v2    2807    2008.01.19    -
Norman    5.80.02    2008.01.18    -
Panda    9.0.0.4    2008.01.19    -
Prevx1    V2    2008.01.19    -
Rising    20.27.50.00    2008.01.19    -
Sophos    4.24.0    2008.01.19    -
Sunbelt    2.2.907.0    2008.01.17    -
Symantec    10    2008.01.19    -
TheHacker    6.2.9.191    2008.01.18    -
VBA32    3.12.2.5    2008.01.19    -
VirusBuster    4.3.26:9    2008.01.18    -
Webwasher-Gateway    6.6.2    2008.01.18    -

Kod: Zaznacz wszystko

Plik 7THLEVEL.INI otrzymany 2008.01.28 18:12:23 (CET)
Obecny status: Ładowanie ... w kolejce oczekuje skanowanie zakończono NIE ZNALEZIONO ZATRZYMANE
Wynik: 0/32 (0%)
Ładowanie informacji serwera...
Twój plik czeka w kolejce na pozycji: 11.
Oczekiwany czas rozpoczęcia zawiera się między 70 i 100 sekundy.
Nie zamykaj tego okna, dopóki skanowanie nie zostanie ukończone.
Skaner nie odpowiada, trwają próby odzyskania wyników skanowania.
Jeśli potrwa to dłużej niż 5 minut, wyślik plik ponownie.
Twój plik jest obecnie skanowany, wyniki będą pojawiać się stopniowo.
Zwięzły Zwięzły
Drukuj wyniki Drukuj wyniki
Twój plik wygasł lub nie istnieje.
Usługa została wstrzymana. Twój plik będzie czekać na skanowanie (na pozycji: ) przez nieokreślony czas.

Możesz czekać na odpowiedź (automatyczne przeładowanie) lub podać swój email poniżej i kliknąć "przypomnij", wtedy system poinformuje Cię o zakończeniu skanowania wysyłając email.
Przypomnij:    
   
Antywirus    Wersja    Ostatnia aktualizacja    Wynik
AhnLab-V3   2008.1.28.10   2008.01.28   -
AntiVir   7.6.0.56   2008.01.28   -
Authentium   4.93.8   2008.01.26   -
Avast   4.7.1098.0   2008.01.27   -
AVG   7.5.0.516   2008.01.28   -
BitDefender   7.2   2008.01.28   -
CAT-QuickHeal   9.00   2008.01.25   -
ClamAV   0.91.2   2008.01.28   -
DrWeb   4.44.0.09170   2008.01.28   -
eSafe   7.0.15.0   2008.01.16   -
eTrust-Vet   31.3.5486   2008.01.26   -
Ewido   4.0   2008.01.27   -
FileAdvisor   1   2008.01.28   -
Fortinet   3.14.0.0   2008.01.28   -
F-Prot   4.4.2.54   2008.01.27   -
F-Secure   6.70.13260.0   2008.01.28   -
Ikarus   T3.1.1.20   2008.01.28   -
Kaspersky   7.0.0.125   2008.01.28   -
McAfee   5216   2008.01.26   -
Microsoft   1.3109   2008.01.28   -
NOD32v2   2828   2008.01.28   -
Norman   5.80.02   2008.01.28   -
Panda   9.0.0.4   2008.01.28   -
Prevx1   V2   2008.01.28   -
Rising   20.29.01.00   2008.01.28   -
Sophos   4.25.0   2008.01.28   -
Sunbelt   2.2.907.0   2008.01.25   -
Symantec   10   2008.01.28   -
TheHacker   6.2.9.200   2008.01.28   -
VBA32   3.12.2.5   2008.01.21   -
VirusBuster   4.3.26:9   2008.01.28   -
Webwasher-Gateway   6.6.2   2008.01.28   -
Dodatkowe informacje
File size: 187 bytes
MD5: 2ca21ce39455b1ac32d85c38d0de7374
SHA1: b4f041539d195d27de1dd40e77ca73c6fb78f287
PEiD: -

Kod: Zaznacz wszystko

Plik muisetup.exe otrzymany 2008.01.28 18:17:48 (CET)
Obecny status: Ładowanie ... w kolejce oczekuje skanowanie zakończono NIE ZNALEZIONO ZATRZYMANE
Wynik: 1/32 (3.13%)
Ładowanie informacji serwera...
Twój plik czeka w kolejce na pozycji: ___.
Oczekiwany czas rozpoczęcia zawiera się między ___ i ___ .
Nie zamykaj tego okna, dopóki skanowanie nie zostanie ukończone.
Skaner nie odpowiada, trwają próby odzyskania wyników skanowania.
Jeśli potrwa to dłużej niż 5 minut, wyślik plik ponownie.
Twój plik jest obecnie skanowany, wyniki będą pojawiać się stopniowo.
Zwięzły Zwięzły
Drukuj wyniki Drukuj wyniki
Twój plik wygasł lub nie istnieje.
Usługa została wstrzymana. Twój plik będzie czekać na skanowanie (na pozycji: ) przez nieokreślony czas.

Możesz czekać na odpowiedź (automatyczne przeładowanie) lub podać swój email poniżej i kliknąć "przypomnij", wtedy system poinformuje Cię o zakończeniu skanowania wysyłając email.
Przypomnij:    
   
Antywirus    Wersja    Ostatnia aktualizacja    Wynik
AhnLab-V3   2008.1.28.10   2008.01.28   -
AntiVir   7.6.0.56   2008.01.28   -
Authentium   4.93.8   2008.01.26   -
Avast   4.7.1098.0   2008.01.27   -
AVG   7.5.0.516   2008.01.28   -
BitDefender   7.2   2008.01.28   -
CAT-QuickHeal   9.00   2008.01.25   -
ClamAV   0.91.2   2008.01.28   -
DrWeb   4.44.0.09170   2008.01.28   -
eSafe   7.0.15.0   2008.01.16   -
eTrust-Vet   31.3.5486   2008.01.26   -
Ewido   4.0   2008.01.27   -
FileAdvisor   1   2008.01.28   -
Fortinet   3.14.0.0   2008.01.28   -
F-Prot   4.4.2.54   2008.01.27   -
F-Secure   6.70.13260.0   2008.01.28   -
Ikarus   T3.1.1.20   2008.01.28   -
Kaspersky   7.0.0.125   2008.01.28   -
McAfee   5216   2008.01.26   -
Microsoft   1.3109   2008.01.28   -
NOD32v2   2828   2008.01.28   -
Norman   5.80.02   2008.01.28   -
Panda   9.0.0.4   2008.01.28   -
Prevx1   V2   2008.01.28   Heuristic: Suspicious Self Modifying File
Rising   20.29.01.00   2008.01.28   -
Sophos   4.25.0   2008.01.28   -
Sunbelt   2.2.907.0   2008.01.25   -
Symantec   10   2008.01.28   -
TheHacker   6.2.9.200   2008.01.28   -
VBA32   3.12.2.5   2008.01.21   -
VirusBuster   4.3.26:9   2008.01.28   -
Webwasher-Gateway   6.6.2   2008.01.28   -
Dodatkowe informacje
File size: 90624 bytes
MD5: 8cf91f047bfccb94b6861c0e75e05a79
SHA1: 1c689e1b4a124946ea7e6093d9c43ffea441e758
PEiD: -
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=77AEAC3A00F8FD586224011BBC658E000F965C74

[wojtas]

daj jeszcze nowego loga z hj oraz combo

[SzeregowiecUni]

HijackThis]/color]

Kod: Zaznacz wszystko

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:32:28, on 2008-01-28
Platform: Windows XP SP3, v.3244 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.3244)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\program files\zte corporation\zxdsl852\CnxDslTb.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [Resume copy] copyfstq.exe /startup
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [CnxDslTaskBar] "c:\program files\zte corporation\zxdsl852\CnxDslTb.exe" "ZTE Corporation\ZXDSL852"
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Search - ?p=ZNfox000
O8 - Extra context menu item: &Ściągnij przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Ściągnij wszystko przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Program Files\IrfanView\Ebay\Ebay.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{A4A5BDA0-4DF3-41D7-B763-754F9E8BD705}: NameServer = 194.204.159.1 217.98.63.164
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 5772 bytes


[color=red]ComboFix

Kod: Zaznacz wszystko

ComboFix 08-01-23.1C - Backup 2008-01-28 18:34:19.2 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1250.1.1033.18.157 [GMT 1:00]
Running from: C:\Downloads\ComboFix.exe

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

(((((((((((((((((((((((((   Files Created from 2007-12-28 to 2008-01-28  )))))))))))))))))))))))))))))))
.

2008-01-28 16:55 . 2008-01-28 16:55   <DIR>   d--------   C:\WINDOWS\ERUNT
2008-01-28 16:43 . 2008-01-27 20:47   1,213,206   --a------   C:\SDFix.exe
2008-01-27 20:50 . 2008-01-27 20:50   <DIR>   d--------   C:\Program Files\Trend Micro
2008-01-27 20:48 . 2000-08-31 08:00   51,200   --a------   C:\WINDOWS\Nircmd.exe
2008-01-26 15:14 . 1998-03-12 15:03   18,384   --a------   C:\WINDOWS\system32\video.drv
2008-01-20 13:09 . 2008-01-20 16:11   187   --a------   C:\WINDOWS\7THLEVEL.INI
2008-01-20 12:58 . 1996-07-18 13:06   297,472   --a------   C:\WINDOWS\uninst.exe
2008-01-19 10:15 . 2008-01-19 10:15   <DIR>   d--------   C:\Program Files\Common Files\Macrovision Shared
2008-01-19 10:15 . 2008-01-19 10:15   54,784   --a------   C:\WINDOWS\system32\drivers\CDAC11BA.EXE
2008-01-19 10:15 . 2008-01-19 10:15   12,464   --a------   C:\WINDOWS\system32\drivers\CdaC15BA.SYS
2008-01-19 10:00 . 2008-01-19 10:00   <DIR>   d--------   C:\Program Files\Boontygames
2008-01-18 23:21 . 2008-01-28 18:04   <DIR>   d--------   C:\Downloads
2008-01-18 17:13 . 2007-10-31 00:32   90,624   --a--c---   C:\WINDOWS\system32\dllcache\muisetup.exe
2008-01-18 16:50 . 2008-01-18 16:50   <DIR>   d--------   C:\WINDOWS\system32\en
2008-01-18 16:44 . 2008-01-18 16:51   <DIR>   d--------   C:\WINDOWS\ServicePackFiles
2008-01-18 16:43 . 2007-10-31 00:32   294,912   -----c---   C:\WINDOWS\system32\dllcache\dlimport.exe
2008-01-18 16:36 . 2007-10-30 16:31   1,897,408   ---------   C:\WINDOWS\system32\drivers\nv4_mini.sys
2008-01-18 16:32 . 2006-12-29 00:31   19,569   --a------   C:\WINDOWS\[u]0[/u]03262_.tmp
2008-01-17 17:44 . 2008-01-17 17:44   <DIR>   d--------   C:\Program Files\Google
2008-01-16 21:28 . 2008-01-16 21:27   512,096   --a------   C:\WINDOWS\system32\drivers\amon.sys
2008-01-16 21:28 . 2008-01-16 21:27   298,104   --a------   C:\WINDOWS\system32\imon.dll
2008-01-16 21:28 . 2008-01-16 21:27   15,424   --a------   C:\WINDOWS\system32\drivers\nod32drv.sys
2008-01-14 21:32 . 2008-01-14 21:32   <DIR>   d--------   C:\Program Files\Common Files\PC Tools
2008-01-14 18:47 . 2008-01-14 18:47   <DIR>   d--------   C:\Program Files\Common Files\NSV
2008-01-12 13:11 . 2008-01-12 13:11   <DIR>   d--------   C:\Program Files\Nero
2008-01-12 13:11 . 2008-01-12 13:11   <DIR>   d--------   C:\Program Files\Common Files\Ahead
2008-01-12 13:11 . 2005-10-17 17:15   2,605,056   --a------   C:\WINDOWS\system32\BCGCBPRO800u.dll
2008-01-12 13:11 . 2005-10-17 17:07   2,600,960   --a------   C:\WINDOWS\system32\BCGCBPRO800.dll
2008-01-12 13:11 . 2004-07-26 17:16   1,568,768   --a------   C:\WINDOWS\system32\imagX7.dll
2008-01-12 13:11 . 2004-07-26 17:16   476,320   --a------   C:\WINDOWS\system32\imagXpr7.dll
2008-01-12 13:11 . 2004-07-26 17:16   471,040   --a------   C:\WINDOWS\system32\imagXRA7.dll
2008-01-12 13:11 . 2004-07-09 09:43   364,544   --a------   C:\WINDOWS\system32\TwnLib4.dll
2008-01-12 13:11 . 2004-07-26 17:16   262,144   --a------   C:\WINDOWS\system32\imagXR7.dll
2008-01-12 13:11 . 2005-12-23 17:50   32,768   --a------   C:\WINDOWS\system32\BCGPOleAcc.dll
2008-01-06 01:15 . 2008-01-06 01:15   <DIR>   d--h-----   C:\WINDOWS\PIF
2008-01-06 01:11 . 2008-01-18 22:59   <DIR>   d--------   C:\Program Files\Azureus
2008-01-06 01:04 . 2008-01-06 01:04   <DIR>   d--------   C:\Program Files\DivX
2008-01-06 00:46 . 2004-08-03 22:14   359,040   --a------   C:\WINDOWS\system32\drivers\tcpip.sys.flg
2008-01-06 00:45 . 2008-01-28 18:23   <DIR>   d--------   C:\Program Files\FlashGet
2007-12-30 19:39 . 1999-05-05 22:22   471,040   --a------   C:\WINDOWS\KERNEL32.DLL
2007-12-30 18:56 . 2007-12-30 18:56   <DIR>   d--------   C:\Program Files\DIFX
2007-12-30 18:55 . 2007-12-30 18:56   <DIR>   d----c---   C:\WINDOWS\system32\DRVSTORE
2007-12-30 18:55 . 2007-12-30 18:55   <DIR>   d--------   C:\WINDOWS\system32\AGEIA
2007-12-30 18:55 . 2007-12-30 18:55   <DIR>   d--------   C:\Program Files\AGEIA Technologies
2007-12-30 00:18 . 2006-06-26 03:19   2,388,176   --a------   C:\WINDOWS\d3dx9_30.dll

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-28 16:37   ---------   d-----w   C:\Program Files\Java
2008-01-26 14:08   1,574,912   ----a-w   C:\WINDOWS\Internet Logs\xDB37.tmp
2008-01-26 14:05   52,334,624   --sha-w   C:\WINDOWS\system32\drivers\fidbox.dat
2008-01-25 23:12   693,272   --sha-w   C:\WINDOWS\system32\drivers\fidbox.idx
2008-01-25 14:36   2,951,680   ----a-w   C:\WINDOWS\Internet Logs\xDB35.tmp
2008-01-25 14:36   1,569,792   ----a-w   C:\WINDOWS\Internet Logs\xDB36.tmp
2008-01-22 10:00   12,800   ----a-w   C:\WINDOWS\Internet Logs\xDB34.tmp
2008-01-22 09:47   2,321,408   ----a-w   C:\WINDOWS\Internet Logs\xDB32.tmp
2008-01-22 09:47   1,565,696   ----a-w   C:\WINDOWS\Internet Logs\xDB33.tmp
2008-01-20 19:52   2,870,784   ----a-w   C:\WINDOWS\Internet Logs\xDB30.tmp
2008-01-20 19:52   1,564,672   ----a-w   C:\WINDOWS\Internet Logs\xDB31.tmp
2008-01-18 16:28   ---------   d--h--w   C:\Program Files\InstallShield Installation Information
2008-01-17 22:42   3,406,848   ----a-w   C:\WINDOWS\Internet Logs\xDB2E.tmp
2008-01-17 22:42   1,545,728   ----a-w   C:\WINDOWS\Internet Logs\xDB2F.tmp
2008-01-17 19:21   ---------   d-----w   C:\Program Files\TuneUp Utilities 2007
2008-01-14 17:49   1,539,072   ----a-w   C:\WINDOWS\Internet Logs\xDB2D.tmp
2008-01-12 22:15   2,856,960   ----a-w   C:\WINDOWS\Internet Logs\xDB2B.tmp
2008-01-12 22:15   1,537,536   ----a-w   C:\WINDOWS\Internet Logs\xDB2C.tmp
2008-01-12 12:10   ---------   d-----w   C:\Program Files\Ahead
2008-01-07 18:46   ---------   d-----w   C:\Program Files\IrfanView
2008-01-07 17:26   2,960,384   ----a-w   C:\WINDOWS\Internet Logs\xDB2A.tmp
2008-01-06 20:37   3,185,664   ----a-w   C:\WINDOWS\Internet Logs\xDB28.tmp
2008-01-06 20:37   1,510,400   ----a-w   C:\WINDOWS\Internet Logs\xDB29.tmp
2008-01-06 14:16   ---------   d-----w   C:\Program Files\Gadu-Gadu
2008-01-03 11:41   ---------   d-----w   C:\Program Files\NAPI-PROJEKT
2008-01-02 21:52   2,705,408   ----a-w   C:\WINDOWS\Internet Logs\xDB26.tmp
2008-01-02 21:52   1,488,896   ----a-w   C:\WINDOWS\Internet Logs\xDB27.tmp
2008-01-01 17:22   516,096   ----a-w   C:\WINDOWS\Internet Logs\xDB24.tmp
2008-01-01 17:22   1,486,848   ----a-w   C:\WINDOWS\Internet Logs\xDB25.tmp
2008-01-01 13:29   4,516,352   ----a-w   C:\WINDOWS\Internet Logs\xDB23.tmp
2007-12-31 18:13   1,482,752   ----a-w   C:\WINDOWS\Internet Logs\xDB22.tmp
2007-12-30 17:55   ---------   d-----w   C:\Program Files\Common Files\Wise Installation Wizard
2007-12-28 16:15   2,159,352   ----a-w   C:\WINDOWS\Internet Logs\tvDebug.zip
2007-12-27 12:11   ---------   d-----w   C:\Program Files\3GP Player
2007-12-25 17:46   ---------   d-----w   C:\Program Files\Xilisoft
2007-12-25 17:46   ---------   d-----w   C:\Program Files\QuickTime
2007-12-25 09:51   0   ----a-r   C:\logwmemory.bin
2007-12-23 14:39   ---------   d-----w   C:\Program Files\cFosSpeed
2007-12-21 16:13   ---------   d-----w   C:\Program Files\HP
2007-12-21 16:13   ---------   d-----w   C:\Program Files\Common Files\HP
2007-12-21 16:09   ---------   d-----w   C:\Program Files\Hewlett-Packard
2007-12-21 16:06   ---------   d-----w   C:\Program Files\Common Files\Hewlett-Packard
2007-12-20 20:40   948,736   ----a-w   C:\WINDOWS\Internet Logs\xDB20.tmp
2007-12-20 20:40   1,444,352   ----a-w   C:\WINDOWS\Internet Logs\xDB21.tmp
2007-12-20 19:15   ---------   d-----w   C:\Program Files\Winamp
2007-12-20 19:04   ---------   d-----w   C:\Program Files\Winamp Remote
2007-12-20 19:00   1,440,256   ----a-w   C:\WINDOWS\Internet Logs\xDB1F.tmp
2007-12-20 17:34   2,949,120   ----a-w   C:\WINDOWS\Internet Logs\xDB1D.tmp
2007-12-20 17:34   1,439,744   ----a-w   C:\WINDOWS\Internet Logs\xDB1E.tmp
2007-12-19 20:07   ---------   d-----w   C:\Program Files\Alwil Software
2007-12-19 15:38   ---------   d-----w   C:\Program Files\illiminable
2007-12-15 17:21   243,712   ----a-w   C:\WINDOWS\Internet Logs\xDB1B.tmp
2007-12-15 17:21   1,424,384   ----a-w   C:\WINDOWS\Internet Logs\xDB1C.tmp
2007-12-15 16:32   2,839,040   ----a-w   C:\WINDOWS\Internet Logs\xDB19.tmp
2007-12-15 16:32   1,423,872   ----a-w   C:\WINDOWS\Internet Logs\xDB1A.tmp
2007-12-14 16:57   ---------   d-----w   C:\Program Files\kRk Software
2007-12-12 20:45   2,887,680   ----a-w   C:\WINDOWS\Internet Logs\xDB17.tmp
2007-12-12 20:45   1,419,776   ----a-w   C:\WINDOWS\Internet Logs\xDB18.tmp
2007-12-12 20:07   ---------   d-----w   C:\Program Files\BearShare
2007-12-10 16:14   ---------   d-----w   C:\Program Files\SystemRequirementsLab
2007-12-06 15:14   ---------   d-----w   C:\Program Files\Microsoft.NET
2007-12-04 20:14   ---------   d-----w   C:\Program Files\MobiRise 3GP Converter
2007-12-03 19:56   ---------   d-----w   C:\Program Files\Cartall
2007-12-03 19:55   ---------   d-----w   C:\Program Files\DAEMON Tools
2007-12-01 22:10   3,240,448   ----a-w   C:\WINDOWS\Internet Logs\xDB15.tmp
2007-12-01 22:10   1,384,960   ----a-w   C:\WINDOWS\Internet Logs\xDB16.tmp
2007-11-29 22:30   200,704   ----a-w   C:\WINDOWS\system32\ssldivx.dll
2007-11-29 22:30   1,044,480   ----a-w   C:\WINDOWS\system32\libdivx.dll
2007-11-29 17:32   ---------   d-----w   C:\Program Files\SubEdit-Player
2007-11-27 05:33   127,034   ------r   C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe
2007-11-25 17:03   2,783,744   ----a-w   C:\WINDOWS\Internet Logs\xDB13.tmp
2007-11-25 17:03   1,370,624   ----a-w   C:\WINDOWS\Internet Logs\xDB14.tmp
2007-11-23 17:22   3,598,848   ----a-w   C:\WINDOWS\Internet Logs\xDB12.tmp
2007-11-19 20:12   1,358,848   ----a-w   C:\WINDOWS\Internet Logs\xDB11.tmp
2007-11-19 14:49   118,784   ------r   C:\WINDOWS\bwUnin-7.2.0.137-8876480SL.exe
2007-11-18 17:45   131,584   ----a-w   C:\WINDOWS\Internet Logs\xDBF.tmp
2007-11-18 17:45   1,342,464   ----a-w   C:\WINDOWS\Internet Logs\xDB10.tmp
2007-11-18 16:14   28,160   ----a-w   C:\WINDOWS\Internet Logs\xDBE.tmp
2007-11-18 14:24   1,341,952   ----a-w   C:\WINDOWS\Internet Logs\xDBD.tmp
2007-11-18 14:21   1,341,952   ----a-w   C:\WINDOWS\Internet Logs\xDBC.tmp
2007-11-18 13:33   25,088   ----a-w   C:\WINDOWS\Internet Logs\xDBA.tmp
2007-11-18 13:33   1,341,952   ----a-w   C:\WINDOWS\Internet Logs\xDBB.tmp
2007-11-18 13:30   1,341,952   ----a-w   C:\WINDOWS\Internet Logs\xDB9.tmp
2007-11-18 13:28   1,341,952   ----a-w   C:\WINDOWS\Internet Logs\xDB8.tmp
2007-11-18 13:26   1,342,464   ----a-w   C:\WINDOWS\Internet Logs\xDB7.tmp
2007-11-18 13:26   1,227,264   ----a-w   C:\WINDOWS\Internet Logs\xDB6.tmp
2007-11-18 08:54   13,824   ----a-w   C:\WINDOWS\Internet Logs\xDB5.tmp
2007-11-18 06:46   2,758,144   ----a-w   C:\WINDOWS\Internet Logs\xDB4.tmp
2007-11-17 14:22   1,230,336   ----a-w   C:\WINDOWS\Internet Logs\xDB3.tmp
2007-11-17 13:56   147,456   ----a-w   C:\WINDOWS\Internet Logs\xDB1.tmp
2007-11-17 13:56   1,320,448   ----a-w   C:\WINDOWS\Internet Logs\xDB2.tmp
2007-11-17 12:30   720,896   ----a-w   C:\WINDOWS\iun6002.exe
2007-10-30 23:37   330,240   ----a-w   C:\WINDOWS\system32\netsetup.exe
2007-10-30 23:33   92,424   ----a-w   C:\WINDOWS\system32\rdpdd.dll
2007-10-30 23:33   9,216   ----a-w   C:\WINDOWS\system32\scrnsave.scr
2007-10-30 23:33   87,176   ----a-w   C:\WINDOWS\system32\rdpwsx.dll
2007-10-30 23:33   704,512   ----a-w   C:\WINDOWS\system32\ss3dfo.scr
2007-10-30 23:33   679,936   ----a-w   C:\WINDOWS\system32\sstext3d.scr
2007-10-30 23:33   65,024   ----a-w   C:\WINDOWS\system32\wextract.exe
2007-10-30 23:33   610,304   ----a-w   C:\WINDOWS\system32\sspipes.scr
.

(((((((((((((((((((((((((((((   snapshot@2008-01-27_21.01.01,50   )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-24 08:01:35   163,328   ----a-w   C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2008-01-28 15:55:57   3,760,128   ----a-w   C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000001\NTUSER.DAT
+ 2008-01-28 15:55:57   147,456   ----a-w   C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000002\UsrClass.dat
+ 2008-01-24 08:01:35   163,328   ----a-w   C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-01-28 15:55:46   3,760,128   ----a-w   C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000001\NTUSER.DAT
+ 2008-01-28 15:55:46   147,456   ----a-w   C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000002\UsrClass.dat
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
2007-10-04 21:06   1135968   --a------   C:\Program Files\Winamp Toolbar\winamptb.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-10-04 21:06 1135968]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-07-09 08:39 2119104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Resume copy"="copyfstq.exe" [2002-03-24 12:54 46080 C:\WINDOWS\COPYFSTQ.EXE]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-06-21 21:54 919016]
"CnxDslTaskBar"="c:\program files\zte corporation\zxdsl852\CnxDslTb.exe" [2005-07-21 21:52 278528]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 21:05 344064]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-01-16 21:27 949376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2007-10-31 00:32 15360]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu]
--a------ 2007-07-09 08:39 2119104 C:\Program Files\Gadu-Gadu\gg.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MyWebSearch Email Plugin"=C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"My Web Search Bar"=rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S
"MyWebSearch Email Plugin"=C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2007-10-31 00:32]
R3 CnxEtP;ZTE ZXDSL852 Adapter Filter Driver;C:\WINDOWS\system32\DRIVERS\CnxEtP.sys [2005-05-20 19:27]
R3 CnxEtU;ZTE ZXDSL852 Interface Device Driver;C:\WINDOWS\system32\DRIVERS\CnxEtU.sys [2005-05-20 19:27]
R3 CnxTgNW;ZTE ZXDSL852 WAN PPPoA Adapter Driver;C:\WINDOWS\system32\DRIVERS\CnxTgNW.sys [2005-05-20 19:28]
R3 LVPrcMon;Logitech LVPrcMon Driver;C:\WINDOWS\system32\drivers\LVPrcMon.sys [2005-12-09 15:37]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp

.
Contents of the 'Scheduled Tasks' folder
"2008-01-27 19:19:30 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-28 18:38:10
Windows 5.1.2600 Service Pack 3, v.3244 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-28 18:39:35
ComboFix-quarantined-files.txt  2008-01-28 17:39:26
ComboFix2.txt  2008-01-27 20:02:01


[wojtas]

C:\WINDOWS\Internet Logs

w tym folderze utworzylo sie duzo tempów znasz ich pochodzenie?

wklej do notatnika

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MyWebSearch Email Plugin"=-

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"My Web Search Bar"=-
"MyWebSearch Email Plugin"=-

w notatniku u góry>>>plik zapisz jako>>>Zmien rozszerzenie z TXT na Wszystkie pliki *.* >>> Zapisz pod nazwą FIX.REG

Klikasz dwa razy na powstały plik fix i dodajesz go do rejestru....

[SzeregowiecUni]

gotowe, otwierając niektóre pliki tekstowe okazuje się, że ZoneAlarm je tworzy tak więc nie będę usuwał

[wojtas]

tak wiec czysto

Autor postu otrzymał pochwałę

[SzeregowiecUni]

Dziękuje bardzo, Pozdrawiam