proszę o sprawdzenie loga z combofixa, infekcja virtumonde

[grant]

ComboFix log:

Kod: Zaznacz wszystko

ComboFix 08-06-20.4 - bufon 2008-06-28 13:14:43.3 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1250.1.1045.18.1643 [GMT 2:00]
Running from: D:\Documents and Settings\bufon\Pulpit\ComboFix.exe
* Resident AV is active


[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

(((((((((((((((((((((((((   Files Created from 2008-05-28 to 2008-06-28  )))))))))))))))))))))))))))))))
.

2008-06-28 11:33 . 2008-06-28 11:33   <DIR>   d--------   D:\VundoFix Backups
2008-06-28 10:20 . 2008-06-28 13:07   13,588   --a------   D:\WINDOWS\system32\wpa.dbl
2008-06-28 01:32 . 2008-06-28 01:32   <DIR>   d--------   D:\Program Files\Lavasoft
2008-06-28 01:32 . 2008-06-28 01:32   <DIR>   d--------   D:\Documents and Settings\All Users\Dane aplikacji\Lavasoft
2008-06-26 14:51 . 2008-06-26 14:51   <DIR>   d--------   D:\Program Files\Rockstar Games
2008-06-11 10:34 . 2008-06-14 19:36   273,024   -----c---   D:\WINDOWS\system32\dllcache\bthport.sys
2008-06-11 10:34 . 2008-05-08 16:02   203,136   -----c---   D:\WINDOWS\system32\dllcache\rmcast.sys
2008-06-07 03:07 . 2008-06-07 03:23   38   --a------   D:\WINDOWS\avisplitter.INI
2008-05-30 15:16 . 2008-05-30 15:16   1,535,465   --a------   D:\WINDOWS\system32\PMPD
2008-05-30 15:11 . 2008-05-30 15:16   <DIR>   d--------   D:\Program Files\PDF Maker Pilot Demo
2008-05-30 15:11 . 2008-05-30 15:11   <DIR>   d--------   D:\Program Files\Common Files\Invention Pilot Shared
2008-05-30 15:11 . 2007-11-06 18:19   3,109,336   --a------   D:\WINDOWS\system32\PDFCreatorPilot3.dll
2008-05-30 15:11 . 2007-10-17 18:41   28,160   --a------   D:\WINDOWS\system32\pmppmd.dll
2008-05-30 15:06 . 2008-05-30 15:06   <DIR>   d--------   D:\Program Files\PDFCreator
2008-05-30 15:06 . 2005-10-15 12:32   196,608   --a------   D:\WINDOWS\system32\pdfcmnnt.dll
2008-05-30 15:06 . 1998-07-06 00:00   23,552   --a------   D:\WINDOWS\system32\MSMPIDE.DLL
2008-05-30 14:08 . 2008-05-30 14:08   <DIR>   d--------   D:\Program Files\OpenOffice.org 2.4
2008-05-30 13:26 . 2007-07-06 05:37   135,168   --a------   D:\WINDOWS\system32\expat.dll
2008-05-30 13:26 . 2006-05-03 21:24   49,152   --a------   D:\WINDOWS\system32\INETWH32.dll

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-28 00:32   22,528   ----a-w   D:\WINDOWS\system32\drivers\nhcDriver.sys
2008-06-27 15:25   ---------   d-----w   D:\Documents and Settings\bufon\Dane aplikacji\foobar2000
2008-06-26 15:15   ---------   d-----w   D:\Documents and Settings\bufon\Dane aplikacji\uTorrent
2008-06-26 13:00   98,304   ----a-w   D:\WINDOWS\system32\CmdLineExt.dll
2008-06-26 12:51   ---------   d--h--w   D:\Program Files\InstallShield Installation Information
2008-06-25 15:26   ---------   d-----w   D:\Documents and Settings\bufon\Dane aplikacji\OpenOffice.org2
2008-06-22 21:44   ---------   d-----w   D:\Documents and Settings\bufon\Dane aplikacji\Skype
2008-06-14 17:36   273,024   ------w   D:\WINDOWS\system32\drivers\bthport.sys
2008-06-13 13:34   ---------   d-----w   D:\Program Files\Opera
2008-05-30 12:51   ---------   d-----w   D:\Documents and Settings\bufon\Dane aplikacji\AdobeUM
2008-05-30 12:08   ---------   d-----w   D:\Program Files\OpenOffice.org 2.3
2008-05-30 12:05   ---------   d-----w   D:\Program Files\Java
2008-05-20 20:44   ---------   d-----w   D:\Program Files\Notebook Hardware Control
2008-05-18 17:34   ---------   d-----w   D:\Program Files\IrfanView
2008-05-17 09:46   ---------   d-----w   D:\Program Files\K-Lite Codec Pack
2008-05-16 09:58   12,632   ----a-w   D:\WINDOWS\system32\lsdelete.exe
2008-05-13 16:18   ---------   d-----w   D:\Program Files\Audacity
2008-05-12 23:48   ---------   d-----w   D:\Documents and Settings\All Users\Dane aplikacji\nView_Profiles
2008-05-12 22:13   ---------   d-----w   D:\Program Files\Intel
2008-05-08 14:02   203,136   ----a-w   D:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:12   1,291,776   ----a-w   D:\WINDOWS\system32\quartz.dll
2008-04-29 09:20   15,648   ----a-w   D:\WINDOWS\system32\drivers\NSDriver.sys
2008-04-29 09:19   15,648   ----a-w   D:\WINDOWS\system32\drivers\Awrtrd.sys
2008-04-29 09:19   12,960   ----a-w   D:\WINDOWS\system32\drivers\Awrtpd.sys
2008-04-23 07:20   826,368   ----a-w   D:\WINDOWS\system32\wininet.dll
2008-04-14 20:51   11,264   ----a-w   D:\WINDOWS\system32\spnpinst.exe
2008-04-14 20:50   997,888   ----a-w   D:\WINDOWS\system32\setupapi.dll
2008-04-14 20:50   424,960   ----a-w   D:\WINDOWS\system32\licdll.dll
2008-04-14 17:46   1,804   ----a-w   D:\WINDOWS\system32\dcache.bin
2008-04-14 17:26   332,288   ----a-w   D:\WINDOWS\system32\netsetup.exe
2008-04-14 17:22   92,424   ----a-w   D:\WINDOWS\system32\rdpdd.dll
2008-04-14 17:22   87,176   ----a-w   D:\WINDOWS\system32\rdpwsx.dll
2008-04-14 17:22   12,168   ----a-w   D:\WINDOWS\system32\tsddd.dll
2008-04-14 17:20   999,936   ----a-w   D:\WINDOWS\system32\syssetup.dll
2008-04-14 17:19   98,304   ----a-w   D:\WINDOWS\system32\actxprxy.dll
2008-04-14 17:18   76,288   ----a-w   D:\WINDOWS\system32\uniime.dll
2008-04-14 17:18   5,632   ----a-w   D:\WINDOWS\system32\wmi.dll
2008-04-14 17:18   24,064   ----a-w   D:\WINDOWS\system32\pidgen.dll
2008-04-14 17:18   1,449,472   ----a-w   D:\WINDOWS\system32\winntbbu.dll
2008-04-14 17:17   57,375   ----a-w   D:\WINDOWS\system32\odbcji32.dll
2008-04-14 17:13   4,126   ----a-w   D:\WINDOWS\system32\msdxmlc.dll
2008-04-14 17:12   3,584   ----a-w   D:\WINDOWS\system32\msafd.dll
2008-04-14 17:07   811,064   ----a-w   D:\WINDOWS\system32\imjp81k.dll
2008-04-14 17:06   3,584   ----a-w   D:\WINDOWS\system32\icmp.dll
2008-04-14 17:05   9,344   ----a-w   D:\WINDOWS\system32\framebuf.dll
2008-04-14 17:05   569,856   ----a-w   D:\WINDOWS\system32\gpedit.dll
2008-04-14 17:04   7,168   ----a-w   D:\WINDOWS\system32\f3ahvoas.dll
2008-04-14 17:03   3,072   ----a-w   D:\WINDOWS\system32\dpnlobby.dll
2008-04-14 17:03   3,072   ----a-w   D:\WINDOWS\system32\dpnaddr.dll
2008-04-14 17:01   16,896   ----a-w   D:\WINDOWS\system32\cfgmgr32.dll
2008-04-14 17:00   285,696   ----a-w   D:\WINDOWS\system32\atmfd.dll
2008-04-14 16:29   2,146,816   ----a-w   D:\WINDOWS\system32\ntoskrnl.exe
2008-04-14 16:29   2,025,472   ----a-w   D:\WINDOWS\system32\ntkrnlpa.exe
2008-04-14 16:25   4,096   ----a-w   D:\WINDOWS\system32\dsprpres.dll
2008-04-14 16:22   89,600   ----a-w   D:\WINDOWS\system32\msxml6r.dll
2008-04-14 16:20   80,896   ------w   D:\WINDOWS\system32\msshavmsg.dll
2008-04-14 16:15   49,664   ----a-w   D:\WINDOWS\system32\inetres.dll
2008-04-14 16:13   563,200   ----a-w   D:\WINDOWS\system32\shdoclc.dll
2008-04-14 16:07   10,240   ----a-w   D:\WINDOWS\system32\gpkrsrc.dll
2008-04-14 16:05   67,584   ----a-w   D:\WINDOWS\system32\browselc.dll
2008-04-14 16:05   1,845,888   ----a-w   D:\WINDOWS\system32\win32k.sys
2008-04-13 18:44   17,664   ----a-w   D:\WINDOWS\system32\watchdog.sys
2008-04-13 18:43   9,728   ------w   D:\WINDOWS\system32\comsdupd.exe
2008-04-13 18:43   12,800   ----a-w   D:\WINDOWS\system32\spiisupd.exe
2008-04-13 18:40   427,008   ----a-w   D:\WINDOWS\system32\xpob2res.dll
2008-04-13 18:37   2,953,216   ----a-w   D:\WINDOWS\system32\xpsp2res.dll
2008-04-13 18:35   194,560   ----a-w   D:\WINDOWS\system32\xpsp1res.dll
2008-04-13 18:31   7,424   ----a-w   D:\WINDOWS\system32\kd1394.dll
2008-04-13 18:30   61,440   ----a-w   D:\WINDOWS\system32\msvcrt40.dll
2008-04-13 17:37   208,384   ----a-w   D:\WINDOWS\system32\rsaenh.dll
2008-04-13 17:37   138,752   ----a-w   D:\WINDOWS\system32\dssenh.dll
2008-04-13 17:26   12,288   ----a-w   D:\WINDOWS\system32\odbcp32r.dll
2008-04-13 17:26   12,288   ----a-w   D:\WINDOWS\system32\mscpx32r.dll
2008-04-13 17:21   733,696   ----a-w   D:\WINDOWS\system32\qedwipes.dll
2008-04-13 16:48   1,647,616   ----a-w   D:\WINDOWS\system32\winbrand.dll
2008-04-13 16:45   216,064   ----a-w   D:\WINDOWS\system32\moricons.dll
2008-04-13 16:23   48,128   ----a-w   D:\WINDOWS\system32\msprivs.dll
2008-04-13 15:39   884,736   ----a-w   D:\WINDOWS\system32\msimsg.dll
2008-04-01 22:28   2,102,272   ----a-w   D:\WINDOWS\system32\x264vfw.dll
2008-03-31 21:25   682,496   ----a-w   D:\WINDOWS\system32\divx.dll
2008-03-28 17:41   7,680   ----a-w   D:\WINDOWS\system32\ff_vfw.dll
2008-02-25 18:09   22,328   ----a-w   D:\Documents and Settings\bufon\Dane aplikacji\PnkBstrK.sys
.

(((((((((((((((((((((((((((((   snapshot@2008-06-28_11.51.31.67   )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-28 09:47:08   2,048   --s-a-w   D:\WINDOWS\bootstat.dat
+ 2008-06-28 11:07:04   2,048   --s-a-w   D:\WINDOWS\bootstat.dat
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{446A63DB-6963-4B90-9E32-E365A519C399}]
         D:\WINDOWS\system32\hgGxYsPj.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="D:\WINDOWS\system32\ctfmon.exe" [2008-04-14 19:21 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="D:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 19:21 15360]

D:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
BTTray.lnk - D:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-04-01 09:02:38 568176]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3fhg"= mp3fhg.acm
"msacm.divxa32"= divxa32.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"VIDC.YV12"= yv12vfw.dll

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk]
path=D:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk
backup=D:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Synchronizer.lnk]
path=D:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Synchronizer.lnk
backup=D:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ActiveSMART]
D:\Program Files\Active SMART\\ActiveSMART.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
--a------ 2007-07-02 12:29 220544 D:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\b4901822]
D:\WINDOWS\system32\djnprgcw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM5dd9aa71]
D:\WINDOWS\system32\acwdcqqg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-14 19:21 15360 D:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
--a------ 2003-12-22 09:38 241664 D:\Program Files\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-02-16 23:11 49152 D:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
--a------ 2007-10-03 16:15 480560 D:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
D:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
D:\WINDOWS\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Konnekt]
--a------ 2005-05-24 23:41 503808 D:\Program Files\Konnekt\konnekt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
--a------ 1997-06-03 09:51 48576 D:\YDPDict\watch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2008-04-14 19:21 1695232 D:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 12.0]
D:\Program Files\Norton Ghost\Agent\VProTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2008-01-02 19:08 8527872 D:\WINDOWS\system32\NvCpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nTune]
D:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2008-01-02 19:08 81920 D:\WINDOWS\system32\NvMcTray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2008-01-02 19:08 1626112 D:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OnScreenDisplay]
--a------ 2007-09-04 14:54 554320 D:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
--a------ 2008-03-28 11:20 1079296 D:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF Maker Pilot (demo) printing agent]
--a------ 2007-10-17 18:43 94208 D:\Program Files\PDF Maker Pilot Demo\pmpagentd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
--a------ 2007-01-17 14:34 634880 D:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-01-28 12:43 2097488 D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
-ra------ 2006-03-30 16:45 313472 D:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\_Alcohol.exe]
--a------ 2007-07-02 13:29 1776512 D:\Program Files\Alcohol Soft\Alcohol 120\_Alcohol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"RemoteRegistry"=2 (0x2)
"RDSessMgr"=3 (0x3)
"RasMan"=3 (0x3)
"RasAuto"=3 (0x3)
"mnmsrvc"=3 (0x3)
"ERSvc"=2 (0x2)
"Norton Ghost"=2 (0x2)
"clr_optimization_v2.0.50727_32"=3 (0x3)
"aspnet_state"=3 (0x3)
"nTuneService"=2 (0x2)
"stllssvr"=3 (0x3)
"RoxMediaDB9"=3 (0x3)
"SysmonLog"=3 (0x3)
"Schedule"=2 (0x2)
"WebClient"=2 (0x2)
"StarWindServiceAE"=3 (0x3)
"ose"=3 (0x3)
"NVSvc"=2 (0x2)
"LightScribeService"=2 (0x2)
"Browser"=2 (0x2)
"LmHosts"=2 (0x2)
"srservice"=2 (0x2)
"PDEngine"=2 (0x2)
"PDAgent"=2 (0x2)
"IAANTMON"=2 (0x2)
"rpcapd"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Alcmtr"=ALCMTR.EXE

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"D:\\Program Files\\Konnekt\\konnekt.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"D:\\D\\Programy\\sdc204\\StrongDC.exe"=
"D:\\D\\Programy\\eMule0.48a\\emule.exe"=
"D:\\Program Files\\uTorrent\\uTorrent.exe"=
"D:\\Program Files\\Quake III Arena\\quake3.exe"=
"D:\\Program Files\\NAPI-PROJEKT\\napisy.exe"=
"D:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"D:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"D:\\WINDOWS\\system32\\msiexec.exe"=
"D:\\Program Files\\SopCast\\SopCast.exe"=
"D:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"D:\\Program Files\\SopCast\\sopvod.exe"=
"D:\\D\\WAMP\\programs\\wamp\\Apache2\\bin\\httpd.exe"=
"D:\\WINDOWS\\system32\\PnkBstrA.exe"=
"D:\\WINDOWS\\system32\\PnkBstrB.exe"=
"D:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"D:\\Program Files\\Gadu-Gadu\\gg.exe"=
"D:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"D:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

S3 nmwcdnsu;Nokia USB Flashing Phone Parent;D:\WINDOWS\system32\drivers\nmwcdnsu.sys [2008-02-01 15:17]
S3 nmwcdnsuc;Nokia USB Flashing Generic;D:\WINDOWS\system32\drivers\nmwcdnsuc.sys [2008-02-01 15:17]
S3 NPF;NetGroup Packet Filter Driver;D:\WINDOWS\system32\drivers\npf.sys [2005-08-02 23:10]
S3 PortTalk;PortTalk;D:\WINDOWS\system32\Drivers\PortTalk.sys [2002-01-12 17:30]
S4 wampapache;wampapache;"D:\D\WAMP\programs\wamp\apache2\bin\httpd.exe" -k runservice []
S4 wampmysqld;wampmysqld;D:\D\WAMP\programs\wamp\mysql\bin\mysqld-nt.exe [2007-07-06 14:14]

*Newly Created Service* - CATCHME

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"D:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder
"2008-03-27 01:54:51 D:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- D:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-28 13:17:23
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-28 13:17:54
ComboFix-quarantined-files.txt  2008-06-28 11:17:51
ComboFix2.txt  2008-06-28 11:11:54
ComboFix3.txt  2008-06-28 09:51:53

Pre-Run: 5,798,502,400 bajtów wolnych
Post-Run: 5,786,013,696 bajtów wolnych

282   --- E O F ---   2008-06-11 08:40:56


HijackThis log:

Kod: Zaznacz wszystko

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:52:06, on 2008-06-28
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Eset\nod32krn.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\UAService7.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
D:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
D:\Program Files\Opera\opera.exe
D:\WINDOWS\system32\NOTEPAD.EXE
D:\WINDOWS\system32\cmd.exe
D:\WINDOWS\explorer.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 194.36.10.154:3124
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: (no name) - {446A63DB-6963-4B90-9E32-E365A519C399} - D:\WINDOWS\system32\hgGxYsPj.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Wyślij do urządzenia &Bluetooth... - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - D:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - D:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - D:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - D:\Program Files\Eset\nod32krn.exe
O23 - Service: ServiceLayer - Unknown owner - D:\Program Files\PC Connectivity Solution\ServiceLayer.exe (file missing)
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - D:\WINDOWS\system32\UAService7.exe

--
End of file - 4352 bytes



Walcze z Virtumonde , combofixem, fixvundo, SmitfraudFix i chcialem zapytac czy jest juz czysto, dzieki z gory

[Magik]

[ Dodano: Dzisiaj o 13:53 ]

Walcze z virtumonde, i chcialem sie dowiedziec czy juz jest czysto, ok dodam jeszcze z hijackthis za chwilę

i za cala reszte tez THX

odpal do tego VirtumundoBeGone
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe

+ by okocz'
Zastosuj SDFix . Po pobraniu uruchom go a rozpakuje się do C:\SDFix. Uruchom komputer w trybie awaryjnym (F8 przy stracie systemu). Będąc w awaryjnym uruchom plik RunThis.bat z folderu SDFixa. Zatwierdź czyszczenie przez Y. Poczekaj aż ukończy i komputer zresetuje

Potem wejdz do folderu C:\SDFix wrzuc zawartość pliku Report.txt + log z combofixa oraz daj loga z hijacka

[grant]

uzylem wszystkiego po lilka razy i oto logi
report

Kod: Zaznacz wszystko


[b]SDFix: Version 1.198 [/b]
Run by bufon on 2008-06-28 at 15:21

Microsoft Windows XP [Wersja 5.1.2600]
Running From: D:\SDFix

[b]Checking Services [/b]:


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


[b]Checking Files [/b]:

No Trojan Files Found






Removing Temp Files

[b]ADS Check [/b]:



                                 [b]Final Check [/b]:

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-28 15:26:38
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="D:\Program Files\Alcohol Soft\Alcohol 120\"
"h0"=dword:00000000
"ujdew"=hex:81,66,d2,cc,e8,8b,18,fa,8b,bf,01,1f,f4,b9,32,fb,fd,21,ed,01,96,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="D:\Program Files\Alcohol Soft\Alcohol 120\"
"h0"=dword:00000000
"ujdew"=hex:d2,32,c8,6d,cd,4b,bd,b6,02,42,e3,45,ba,cb,88,4d,da,2f,10,c7,c1,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="D:\Program Files\Alcohol Soft\Alcohol 120\"
"h0"=dword:00000000
"ujdew"=hex:81,66,d2,cc,e8,8b,18,fa,8b,bf,01,1f,f4,b9,32,fb,fd,21,ed,01,96,..

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


[b]Remaining Services [/b]:




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\\Program Files\\Konnekt\\konnekt.exe"="D:\\Program Files\\Konnekt\\konnekt.exe:*:Enabled:Konnekt - Core"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\\D\\Programy\\sdc204\\StrongDC.exe"="D:\\D\\Programy\\sdc204\\StrongDC.exe:*:Enabled:StrongDC++"
"D:\\D\\Programy\\eMule0.48a\\emule.exe"="D:\\D\\Programy\\eMule0.48a\\emule.exe:*:Enabled:eMule"
"D:\\Program Files\\uTorrent\\uTorrent.exe"="D:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:uTorrent"
"D:\\Program Files\\Quake III Arena\\quake3.exe"="D:\\Program Files\\Quake III Arena\\quake3.exe:*:Enabled:quake3"
"D:\\Program Files\\NAPI-PROJEKT\\napisy.exe"="D:\\Program Files\\NAPI-PROJEKT\\napisy.exe:*:Enabled:www.napiprojekt.pl"
"D:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"="D:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe:*:Enabled:Nokia Software Updater"
"D:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"="D:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process "
"D:\\WINDOWS\\system32\\msiexec.exe"="D:\\WINDOWS\\system32\\msiexec.exe:*:Disabled:WindowsR installer"
"D:\\Program Files\\SopCast\\SopCast.exe"="D:\\Program Files\\SopCast\\SopCast.exe:*:Enabled:SopCast Main Application"
"D:\\Program Files\\SopCast\\adv\\SopAdver.exe"="D:\\Program Files\\SopCast\\adv\\SopAdver.exe:*:Enabled:SopCast Adver"
"D:\\Program Files\\SopCast\\sopvod.exe"="D:\\Program Files\\SopCast\\sopvod.exe:*:Enabled:sopvod"
"D:\\D\\WAMP\\programs\\wamp\\Apache2\\bin\\httpd.exe"="D:\\D\\WAMP\\programs\\wamp\\Apache2\\bin\\httpd.exe:*:Enabled:Apache HTTP Server"
"D:\\WINDOWS\\system32\\PnkBstrA.exe"="D:\\WINDOWS\\system32\\PnkBstrA.exe:*:Enabled:PnkBstrA"
"D:\\WINDOWS\\system32\\PnkBstrB.exe"="D:\\WINDOWS\\system32\\PnkBstrB.exe:*:Enabled:PnkBstrB"
"D:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"="D:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM)"
"D:\\Program Files\\Gadu-Gadu\\gg.exe"="D:\\Program Files\\Gadu-Gadu\\gg.exe:*:Enabled:Gadu-Gadu - program gˆ˘wny"
"D:\\Program Files\\VideoLAN\\VLC\\vlc.exe"="D:\\Program Files\\VideoLAN\\VLC\\vlc.exe:*:Enabled:VLC media player"
"D:\\Program Files\\Skype\\Phone\\Skype.exe"="D:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[b]Remaining Files [/b]:



[b]Files with Hidden Attributes [/b]:

Wed  5 Dec 2007        89,600 A..H. --- "D:\D\sansa\~WRL0002.tmp"
Mon 28 Jan 2008     1,404,240 A.SHR --- "D:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 28 Jan 2008     5,146,448 A.SHR --- "D:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Mon 28 Jan 2008     2,097,488 A.SHR --- "D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Sun 15 Jun 2008         4,348 A.SH. --- "D:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sat 10 Nov 2007       232,960 A..H. --- "D:\D\pwr\uklady\projekt ue 1\~WRL0161.tmp"
Sat 10 Nov 2007       241,152 A..H. --- "D:\D\pwr\uklady\projekt ue 1\~WRL0283.tmp"
Sat 10 Nov 2007       174,080 A..H. --- "D:\D\pwr\uklady\projekt ue 1\~WRL0325.tmp"
Sat 10 Nov 2007       249,856 A..H. --- "D:\D\pwr\uklady\projekt ue 1\~WRL0725.tmp"
Sat 10 Nov 2007       249,856 A..H. --- "D:\D\pwr\uklady\projekt ue 1\~WRL0856.tmp"
Sat 10 Nov 2007       268,288 A..H. --- "D:\D\pwr\uklady\projekt ue 1\~WRL0974.tmp"
Sat 10 Nov 2007       203,264 A..H. --- "D:\D\pwr\uklady\projekt ue 1\~WRL1582.tmp"
Sat 10 Nov 2007       268,288 A..H. --- "D:\D\pwr\uklady\projekt ue 1\~WRL1602.tmp"
Sat 10 Nov 2007       107,008 A..H. --- "D:\D\pwr\uklady\projekt ue 1\~WRL1825.tmp"
Sat 10 Nov 2007       268,288 A..H. --- "D:\D\pwr\uklady\projekt ue 1\~WRL1842.tmp"
Sat 10 Nov 2007       249,856 A..H. --- "D:\D\pwr\uklady\projekt ue 1\~WRL1995.tmp"
Sat 10 Nov 2007       199,680 A..H. --- "D:\D\pwr\uklady\projekt ue 1\~WRL2119.tmp"
Sat 10 Nov 2007       256,512 A..H. --- "D:\D\pwr\uklady\projekt ue 1\~WRL2351.tmp"
Sat 10 Nov 2007       249,856 A..H. --- "D:\D\pwr\uklady\projekt ue 1\~WRL2845.tmp"
Sat 10 Nov 2007       249,344 A..H. --- "D:\D\pwr\uklady\projekt ue 1\~WRL2873.tmp"
Sat 10 Nov 2007       211,968 A..H. --- "D:\D\pwr\uklady\projekt ue 1\~WRL2963.tmp"
Sat 10 Nov 2007       256,000 A..H. --- "D:\D\pwr\uklady\projekt ue 1\~WRL3243.tmp"
Sat 10 Nov 2007       249,856 A..H. --- "D:\D\pwr\uklady\projekt ue 1\~WRL3282.tmp"
Sat 10 Nov 2007       215,040 A..H. --- "D:\D\pwr\uklady\projekt ue 1\~WRL3454.tmp"
Fri  9 Nov 2007       267,264 A..H. --- "D:\D\pwr\uklady\projekt ue 1\~WRL3769.tmp"
Sat 10 Nov 2007       174,592 A..H. --- "D:\D\pwr\uklady\projekt ue 1\~WRL3905.tmp"
Sat 10 Nov 2007       234,496 A..H. --- "D:\D\pwr\uklady\projekt ue 1\~WRL4027.tmp"
Sat 10 Nov 2007       249,856 A..H. --- "D:\D\pwr\uklady\projekt ue 1\~WRL4045.tmp"
Sat 10 Nov 2007       174,592 A..H. --- "D:\D\pwr\uklady\projekt ue 1\~WRL4091.tmp"
Thu 14 Feb 2008             0 A.SH. --- "D:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Wed 28 Nov 2007             0 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\cf80e29263dc9f4910f39b0a56f8e418\BIT22.tmp"
Tue  6 May 2008           444 ...HR --- "D:\Documents and Settings\bufon\Dane aplikacji\SecuROM\UserData\securom_v7_01.bak"
Sun 17 Jun 2007       814,080 A..H. --- "D:\D\pwr\uklady\uklady sciagi\ukˆady-moje ˜ciĄgi!!!\ukˆady-moje ˜ciĄgi!!!\~WRL0005.tmp"
Tue 27 Jun 2006       813,056 A..H. --- "D:\D\pwr\uklady\uklady sciagi\ukˆady-moje ˜ciĄgi!!!\ukˆady-moje ˜ciĄgi!!!\~WRL1760.tmp"

[b]Finished![/b]


combofix

Kod: Zaznacz wszystko

ComboFix 08-06-20.4 - bufon 2008-06-28 15:36:53.4 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1250.1.1045.18.1571 [GMT 2:00]
Running from: D:\Documents and Settings\bufon\Pulpit\ComboFix.exe
* Resident AV is active


[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

(((((((((((((((((((((((((   Files Created from 2008-05-28 to 2008-06-28  )))))))))))))))))))))))))))))))
.

2008-06-28 15:18 . 2008-06-28 15:18   <DIR>   d--------   D:\WINDOWS\ERUNT
2008-06-28 14:18 . 2008-06-28 15:30   <DIR>   d--------   D:\SDFix
2008-06-28 13:39 . 2008-06-28 13:39   214   --a------   D:\WINDOWS\system32\tmp.reg
2008-06-28 13:38 . 2008-06-28 13:48   <DIR>   d--------   D:\Documents and Settings\bufon\SmitfraudFix
2008-06-28 13:38 . 2007-09-06 00:22   289,144   --a------   D:\WINDOWS\system32\VCCLSID.exe
2008-06-28 13:38 . 2006-04-27 17:49   288,417   --a------   D:\WINDOWS\system32\SrchSTS.exe
2008-06-28 13:38 . 2008-05-29 09:35   86,528   --a------   D:\WINDOWS\system32\VACFix.exe
2008-06-28 13:38 . 2008-05-18 21:40   82,944   --a------   D:\WINDOWS\system32\IEDFix.exe
2008-06-28 13:38 . 2008-06-23 23:34   82,432   --a------   D:\WINDOWS\system32\IEDFix.C.exe
2008-06-28 13:38 . 2008-05-23 18:21   81,920   --a------   D:\WINDOWS\system32\404Fix.exe
2008-06-28 13:38 . 2003-06-05 21:13   53,248   --a------   D:\WINDOWS\system32\Process.exe
2008-06-28 13:38 . 2004-07-31 18:50   51,200   --a------   D:\WINDOWS\system32\dumphive.exe
2008-06-28 13:38 . 2007-10-04 00:36   25,600   --a------   D:\WINDOWS\system32\WS2Fix.exe
2008-06-28 11:33 . 2008-06-28 11:33   <DIR>   d--------   D:\VundoFix Backups
2008-06-28 10:20 . 2008-06-28 15:24   13,588   --a------   D:\WINDOWS\system32\wpa.dbl
2008-06-28 01:32 . 2008-06-28 01:32   <DIR>   d--------   D:\Program Files\Lavasoft
2008-06-28 01:32 . 2008-06-28 01:32   <DIR>   d--------   D:\Documents and Settings\All Users\Dane aplikacji\Lavasoft
2008-06-26 14:51 . 2008-06-26 14:51   <DIR>   d--------   D:\Program Files\Rockstar Games
2008-06-11 10:34 . 2008-06-14 19:36   273,024   -----c---   D:\WINDOWS\system32\dllcache\bthport.sys
2008-06-11 10:34 . 2008-05-08 16:02   203,136   -----c---   D:\WINDOWS\system32\dllcache\rmcast.sys
2008-06-07 03:07 . 2008-06-07 03:23   38   --a------   D:\WINDOWS\avisplitter.INI
2008-05-30 15:16 . 2008-05-30 15:16   1,535,465   --a------   D:\WINDOWS\system32\PMPD
2008-05-30 15:11 . 2008-05-30 15:16   <DIR>   d--------   D:\Program Files\PDF Maker Pilot Demo
2008-05-30 15:11 . 2008-05-30 15:11   <DIR>   d--------   D:\Program Files\Common Files\Invention Pilot Shared
2008-05-30 15:11 . 2007-11-06 18:19   3,109,336   --a------   D:\WINDOWS\system32\PDFCreatorPilot3.dll
2008-05-30 15:11 . 2007-10-17 18:41   28,160   --a------   D:\WINDOWS\system32\pmppmd.dll
2008-05-30 15:06 . 2008-05-30 15:06   <DIR>   d--------   D:\Program Files\PDFCreator
2008-05-30 15:06 . 2005-10-15 12:32   196,608   --a------   D:\WINDOWS\system32\pdfcmnnt.dll
2008-05-30 15:06 . 1998-07-06 00:00   23,552   --a------   D:\WINDOWS\system32\MSMPIDE.DLL
2008-05-30 14:08 . 2008-05-30 14:08   <DIR>   d--------   D:\Program Files\OpenOffice.org 2.4
2008-05-30 13:26 . 2007-07-06 05:37   135,168   --a------   D:\WINDOWS\system32\expat.dll
2008-05-30 13:26 . 2006-05-03 21:24   49,152   --a------   D:\WINDOWS\system32\INETWH32.dll

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-28 12:08   ---------   d-----w   D:\Documents and Settings\bufon\Dane aplikacji\foobar2000
2008-06-28 00:32   22,528   ----a-w   D:\WINDOWS\system32\drivers\nhcDriver.sys
2008-06-26 15:15   ---------   d-----w   D:\Documents and Settings\bufon\Dane aplikacji\uTorrent
2008-06-26 13:00   98,304   ----a-w   D:\WINDOWS\system32\CmdLineExt.dll
2008-06-26 12:51   ---------   d--h--w   D:\Program Files\InstallShield Installation Information
2008-06-25 15:26   ---------   d-----w   D:\Documents and Settings\bufon\Dane aplikacji\OpenOffice.org2
2008-06-22 21:44   ---------   d-----w   D:\Documents and Settings\bufon\Dane aplikacji\Skype
2008-06-14 17:36   273,024   ------w   D:\WINDOWS\system32\drivers\bthport.sys
2008-06-13 13:34   ---------   d-----w   D:\Program Files\Opera
2008-05-30 12:51   ---------   d-----w   D:\Documents and Settings\bufon\Dane aplikacji\AdobeUM
2008-05-30 12:08   ---------   d-----w   D:\Program Files\OpenOffice.org 2.3
2008-05-30 12:05   ---------   d-----w   D:\Program Files\Java
2008-05-20 20:44   ---------   d-----w   D:\Program Files\Notebook Hardware Control
2008-05-18 17:34   ---------   d-----w   D:\Program Files\IrfanView
2008-05-17 09:46   ---------   d-----w   D:\Program Files\K-Lite Codec Pack
2008-05-16 09:58   12,632   ----a-w   D:\WINDOWS\system32\lsdelete.exe
2008-05-13 16:18   ---------   d-----w   D:\Program Files\Audacity
2008-05-12 23:48   ---------   d-----w   D:\Documents and Settings\All Users\Dane aplikacji\nView_Profiles
2008-05-12 22:13   ---------   d-----w   D:\Program Files\Intel
2008-05-08 14:02   203,136   ----a-w   D:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:12   1,291,776   ----a-w   D:\WINDOWS\system32\quartz.dll
2008-04-29 09:20   15,648   ----a-w   D:\WINDOWS\system32\drivers\NSDriver.sys
2008-04-29 09:19   15,648   ----a-w   D:\WINDOWS\system32\drivers\Awrtrd.sys
2008-04-29 09:19   12,960   ----a-w   D:\WINDOWS\system32\drivers\Awrtpd.sys
2008-04-23 07:20   826,368   ----a-w   D:\WINDOWS\system32\wininet.dll
2008-04-14 20:51   11,264   ----a-w   D:\WINDOWS\system32\spnpinst.exe
2008-04-14 20:50   997,888   ----a-w   D:\WINDOWS\system32\setupapi.dll
2008-04-14 20:50   424,960   ----a-w   D:\WINDOWS\system32\licdll.dll
2008-04-14 17:46   1,804   ----a-w   D:\WINDOWS\system32\dcache.bin
2008-04-14 17:26   332,288   ----a-w   D:\WINDOWS\system32\netsetup.exe
2008-04-14 17:22   92,424   ----a-w   D:\WINDOWS\system32\rdpdd.dll
2008-04-14 17:22   87,176   ----a-w   D:\WINDOWS\system32\rdpwsx.dll
2008-04-14 17:22   12,168   ----a-w   D:\WINDOWS\system32\tsddd.dll
2008-04-14 17:20   999,936   ----a-w   D:\WINDOWS\system32\syssetup.dll
2008-04-14 17:19   98,304   ----a-w   D:\WINDOWS\system32\actxprxy.dll
2008-04-14 17:18   76,288   ----a-w   D:\WINDOWS\system32\uniime.dll
2008-04-14 17:18   5,632   ----a-w   D:\WINDOWS\system32\wmi.dll
2008-04-14 17:18   24,064   ----a-w   D:\WINDOWS\system32\pidgen.dll
2008-04-14 17:18   1,449,472   ----a-w   D:\WINDOWS\system32\winntbbu.dll
2008-04-14 17:17   57,375   ----a-w   D:\WINDOWS\system32\odbcji32.dll
2008-04-14 17:13   4,126   ----a-w   D:\WINDOWS\system32\msdxmlc.dll
2008-04-14 17:12   3,584   ----a-w   D:\WINDOWS\system32\msafd.dll
2008-04-14 17:07   811,064   ----a-w   D:\WINDOWS\system32\imjp81k.dll
2008-04-14 17:06   3,584   ----a-w   D:\WINDOWS\system32\icmp.dll
2008-04-14 17:05   9,344   ----a-w   D:\WINDOWS\system32\framebuf.dll
2008-04-14 17:05   569,856   ----a-w   D:\WINDOWS\system32\gpedit.dll
2008-04-14 17:04   7,168   ----a-w   D:\WINDOWS\system32\f3ahvoas.dll
2008-04-14 17:03   3,072   ----a-w   D:\WINDOWS\system32\dpnlobby.dll
2008-04-14 17:03   3,072   ----a-w   D:\WINDOWS\system32\dpnaddr.dll
2008-04-14 17:01   16,896   ----a-w   D:\WINDOWS\system32\cfgmgr32.dll
2008-04-14 17:00   285,696   ----a-w   D:\WINDOWS\system32\atmfd.dll
2008-04-14 16:29   2,146,816   ----a-w   D:\WINDOWS\system32\ntoskrnl.exe
2008-04-14 16:29   2,025,472   ----a-w   D:\WINDOWS\system32\ntkrnlpa.exe
2008-04-14 16:25   4,096   ----a-w   D:\WINDOWS\system32\dsprpres.dll
2008-04-14 16:22   89,600   ----a-w   D:\WINDOWS\system32\msxml6r.dll
2008-04-14 16:20   80,896   ------w   D:\WINDOWS\system32\msshavmsg.dll
2008-04-14 16:15   49,664   ----a-w   D:\WINDOWS\system32\inetres.dll
2008-04-14 16:13   563,200   ----a-w   D:\WINDOWS\system32\shdoclc.dll
2008-04-14 16:07   10,240   ----a-w   D:\WINDOWS\system32\gpkrsrc.dll
2008-04-14 16:05   67,584   ----a-w   D:\WINDOWS\system32\browselc.dll
2008-04-14 16:05   1,845,888   ----a-w   D:\WINDOWS\system32\win32k.sys
2008-04-13 18:44   17,664   ----a-w   D:\WINDOWS\system32\watchdog.sys
2008-04-13 18:43   9,728   ------w   D:\WINDOWS\system32\comsdupd.exe
2008-04-13 18:43   12,800   ----a-w   D:\WINDOWS\system32\spiisupd.exe
2008-04-13 18:40   427,008   ----a-w   D:\WINDOWS\system32\xpob2res.dll
2008-04-13 18:37   2,953,216   ----a-w   D:\WINDOWS\system32\xpsp2res.dll
2008-04-13 18:35   194,560   ----a-w   D:\WINDOWS\system32\xpsp1res.dll
2008-04-13 18:31   7,424   ----a-w   D:\WINDOWS\system32\kd1394.dll
2008-04-13 18:30   61,440   ----a-w   D:\WINDOWS\system32\msvcrt40.dll
2008-04-13 17:37   208,384   ----a-w   D:\WINDOWS\system32\rsaenh.dll
2008-04-13 17:37   138,752   ----a-w   D:\WINDOWS\system32\dssenh.dll
2008-04-13 17:26   12,288   ----a-w   D:\WINDOWS\system32\odbcp32r.dll
2008-04-13 17:26   12,288   ----a-w   D:\WINDOWS\system32\mscpx32r.dll
2008-04-13 17:21   733,696   ----a-w   D:\WINDOWS\system32\qedwipes.dll
2008-04-13 16:48   1,647,616   ----a-w   D:\WINDOWS\system32\winbrand.dll
2008-04-13 16:45   216,064   ----a-w   D:\WINDOWS\system32\moricons.dll
2008-04-13 16:23   48,128   ----a-w   D:\WINDOWS\system32\msprivs.dll
2008-04-13 15:39   884,736   ----a-w   D:\WINDOWS\system32\msimsg.dll
2008-04-01 22:28   2,102,272   ----a-w   D:\WINDOWS\system32\x264vfw.dll
2008-03-31 21:25   682,496   ----a-w   D:\WINDOWS\system32\divx.dll
2008-03-28 17:41   7,680   ----a-w   D:\WINDOWS\system32\ff_vfw.dll
2008-02-25 18:09   22,328   ----a-w   D:\Documents and Settings\bufon\Dane aplikacji\PnkBstrK.sys
.

(((((((((((((((((((((((((((((   snapshot@2008-06-28_11.51.31.67   )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-28 09:47:08   2,048   --s-a-w   D:\WINDOWS\bootstat.dat
+ 2008-06-28 13:24:07   2,048   --s-a-w   D:\WINDOWS\bootstat.dat
+ 2008-06-28 01:48:40   163,328   ----a-w   D:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2008-06-28 13:18:59   7,909,376   ----a-w   D:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000001\NTUSER.DAT
+ 2008-06-28 13:18:59   274,432   ----a-w   D:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000002\UsrClass.dat
+ 2008-06-28 01:48:40   163,328   ----a-w   D:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-06-28 13:18:57   7,909,376   ----a-w   D:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000001\NTUSER.DAT
+ 2008-06-28 13:18:57   274,432   ----a-w   D:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000002\UsrClass.dat
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{446A63DB-6963-4B90-9E32-E365A519C399}]
         D:\WINDOWS\system32\hgGxYsPj.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="D:\WINDOWS\system32\ctfmon.exe" [2008-04-14 19:21 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="D:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 19:21 15360]

D:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
BTTray.lnk - D:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-04-01 09:02:38 568176]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3fhg"= mp3fhg.acm
"msacm.divxa32"= divxa32.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"VIDC.YV12"= yv12vfw.dll

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk]
path=D:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk
backup=D:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Synchronizer.lnk]
path=D:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Synchronizer.lnk
backup=D:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ActiveSMART]
D:\Program Files\Active SMART\\ActiveSMART.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
--a------ 2007-07-02 12:29 220544 D:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\b4901822]
D:\WINDOWS\system32\djnprgcw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM5dd9aa71]
D:\WINDOWS\system32\acwdcqqg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-14 19:21 15360 D:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
--a------ 2003-12-22 09:38 241664 D:\Program Files\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-02-16 23:11 49152 D:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
--a------ 2007-10-03 16:15 480560 D:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
D:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
D:\WINDOWS\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Konnekt]
--a------ 2005-05-24 23:41 503808 D:\Program Files\Konnekt\konnekt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
--a------ 1997-06-03 09:51 48576 D:\YDPDict\watch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2008-04-14 19:21 1695232 D:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 12.0]
D:\Program Files\Norton Ghost\Agent\VProTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2008-01-02 19:08 8527872 D:\WINDOWS\system32\NvCpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nTune]
D:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2008-01-02 19:08 81920 D:\WINDOWS\system32\NvMcTray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2008-01-02 19:08 1626112 D:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OnScreenDisplay]
--a------ 2007-09-04 14:54 554320 D:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
--a------ 2008-03-28 11:20 1079296 D:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF Maker Pilot (demo) printing agent]
--a------ 2007-10-17 18:43 94208 D:\Program Files\PDF Maker Pilot Demo\pmpagentd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
--a------ 2007-01-17 14:34 634880 D:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-01-28 12:43 2097488 D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
-ra------ 2006-03-30 16:45 313472 D:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\_Alcohol.exe]
--a------ 2007-07-02 13:29 1776512 D:\Program Files\Alcohol Soft\Alcohol 120\_Alcohol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"RemoteRegistry"=2 (0x2)
"RDSessMgr"=3 (0x3)
"RasMan"=3 (0x3)
"RasAuto"=3 (0x3)
"mnmsrvc"=3 (0x3)
"ERSvc"=2 (0x2)
"Norton Ghost"=2 (0x2)
"clr_optimization_v2.0.50727_32"=3 (0x3)
"aspnet_state"=3 (0x3)
"nTuneService"=2 (0x2)
"stllssvr"=3 (0x3)
"RoxMediaDB9"=3 (0x3)
"SysmonLog"=3 (0x3)
"Schedule"=2 (0x2)
"WebClient"=2 (0x2)
"StarWindServiceAE"=3 (0x3)
"ose"=3 (0x3)
"NVSvc"=2 (0x2)
"LightScribeService"=2 (0x2)
"Browser"=2 (0x2)
"LmHosts"=2 (0x2)
"srservice"=2 (0x2)
"PDEngine"=2 (0x2)
"PDAgent"=2 (0x2)
"IAANTMON"=2 (0x2)
"rpcapd"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Alcmtr"=ALCMTR.EXE

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"D:\\Program Files\\Konnekt\\konnekt.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"D:\\D\\Programy\\sdc204\\StrongDC.exe"=
"D:\\D\\Programy\\eMule0.48a\\emule.exe"=
"D:\\Program Files\\uTorrent\\uTorrent.exe"=
"D:\\Program Files\\Quake III Arena\\quake3.exe"=
"D:\\Program Files\\NAPI-PROJEKT\\napisy.exe"=
"D:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"D:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"D:\\WINDOWS\\system32\\msiexec.exe"=
"D:\\Program Files\\SopCast\\SopCast.exe"=
"D:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"D:\\Program Files\\SopCast\\sopvod.exe"=
"D:\\D\\WAMP\\programs\\wamp\\Apache2\\bin\\httpd.exe"=
"D:\\WINDOWS\\system32\\PnkBstrA.exe"=
"D:\\WINDOWS\\system32\\PnkBstrB.exe"=
"D:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"D:\\Program Files\\Gadu-Gadu\\gg.exe"=
"D:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"D:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

S3 nmwcdnsu;Nokia USB Flashing Phone Parent;D:\WINDOWS\system32\drivers\nmwcdnsu.sys [2008-02-01 15:17]
S3 nmwcdnsuc;Nokia USB Flashing Generic;D:\WINDOWS\system32\drivers\nmwcdnsuc.sys [2008-02-01 15:17]
S3 NPF;NetGroup Packet Filter Driver;D:\WINDOWS\system32\drivers\npf.sys [2005-08-02 23:10]
S3 PortTalk;PortTalk;D:\WINDOWS\system32\Drivers\PortTalk.sys [2002-01-12 17:30]
S4 wampapache;wampapache;"D:\D\WAMP\programs\wamp\apache2\bin\httpd.exe" -k runservice []
S4 wampmysqld;wampmysqld;D:\D\WAMP\programs\wamp\mysql\bin\mysqld-nt.exe [2007-07-06 14:14]


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"D:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder
"2008-03-27 01:54:51 D:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- D:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-28 15:39:31
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-28 15:40:27
ComboFix-quarantined-files.txt  2008-06-28 13:40:20
ComboFix2.txt  2008-06-28 11:17:55
ComboFix3.txt  2008-06-28 11:11:54
ComboFix4.txt  2008-06-28 09:51:53

Pre-Run: 5,689,139,200 bajtów wolnych
Post-Run: 5,676,187,648 bajtów wolnych

301   --- E O F ---   2008-06-11 08:40:56


HijackThis

Kod: Zaznacz wszystko

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:41:41, on 2008-06-28
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Eset\nod32krn.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\UAService7.exe
D:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
D:\Program Files\Opera\opera.exe
D:\WINDOWS\explorer.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 194.36.10.154:3124
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: (no name) - {446A63DB-6963-4B90-9E32-E365A519C399} - D:\WINDOWS\system32\hgGxYsPj.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Wyślij do urządzenia &Bluetooth... - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - D:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - D:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - D:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - D:\Program Files\Eset\nod32krn.exe
O23 - Service: ServiceLayer - Unknown owner - D:\Program Files\PC Connectivity Solution\ServiceLayer.exe (file missing)
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - D:\WINDOWS\system32\UAService7.exe

--
End of file - 4638 bytes


Prosze o opinie, mam nadzieje ze jest juz czysto, objawy zniknely ale nigdy nic nie wiadomo. dzieki

[wojtas]

ten wpis tylko skasuj w hijackthis:

O2 - BHO: (no name) - {446A63DB-6963-4B90-9E32-E365A519C399} - D:\WINDOWS\system32\hgGxYsPj.dll (file missing)

[grant]

Ok dzięki wielkie:)