prosze o sprawdzenie loga z combofixa(mam 2754 wirusy)

**Posty:** 16 · przez **bili1610** 27 Cze 2008, 19:20

ComboFix 08-06-20.4 - Komputer 2008-06-27 18:52:55.11 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.1471 [GMT 2:00]
Running from: C:\Documents and Settings\Komputer\Moje dokumenty\Programy\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-05-27 to 2008-06-27 )))))))))))))))))))))))))))))))
.

2008-06-27 18:08 . 2008-06-27 18:53 594 ---hs---- C:\WINDOWS\system32\oqcvgojv.ini
2008-06-27 18:03 . 2008-06-27 18:03 91,008 --a------ C:\WINDOWS\system32\vjogvcqo.dll
2008-06-27 18:00 . 2008-06-21 11:35 3,262 --a------ C:\WINDOWS\system32\cenzura-spam.ico
2008-06-27 17:57 . 2008-06-27 17:57 <DIR> d-------- C:\Documents and Settings\Komputer\Dane aplikacji\rhc3qtj0e575
2008-06-27 17:57 . 2008-06-27 10:06 303,104 --a------ C:\WINDOWS\gfetqaxsvgb.dll
2008-06-27 17:57 . 2008-06-27 10:06 229,376 --a------ C:\WINDOWS\pntqkflv.dll
2008-06-27 17:57 . 2008-06-27 10:06 180,224 --a------ C:\WINDOWS\qegbdmwf.dll
2008-06-27 17:57 . 2008-06-27 10:06 151,552 --a------ C:\WINDOWS\gxvpsafm.dll
2008-06-27 17:57 . 2008-06-27 18:49 94,208 --a------ C:\WINDOWS\system32\pphc7qtj0e575.exe
2008-06-27 17:57 . 2008-06-27 10:06 81,920 --a------ C:\WINDOWS\tovafrnm.exe
2008-06-27 17:57 . 2008-06-27 17:57 28,800 --a------ C:\WINDOWS\system32\nnnkHYSl.dll
2008-06-27 17:57 . 2008-06-27 17:57 28,800 --a------ C:\WINDOWS\system32\byXRLFWp.dll
2008-06-27 17:56 . 2008-06-27 17:56 <DIR> d-------- C:\Program Files\VAV
2008-06-27 17:56 . 2008-06-27 17:57 <DIR> d-------- C:\Program Files\rhc3qtj0e575
2008-06-27 17:56 . 2008-06-27 17:56 <DIR> d-------- C:\Program Files\PCHealthCenter
2008-06-27 17:56 . 2008-06-19 18:20 117,248 --a------ C:\WINDOWS\system32\vav.cpl
2008-06-27 17:56 . 2008-06-27 18:49 90,838 --a------ C:\WINDOWS\system32\phc7qtj0e575.bmp
2008-06-27 17:56 . 2008-06-27 18:49 60,928 --a------ C:\WINDOWS\system32\blphc7qtj0e575.scr
2008-06-27 17:56 . 2008-06-21 11:35 3,262 --a------ C:\WINDOWS\system32\cenzura-spam.ico
2008-06-27 17:55 . 2008-06-27 17:56 109,056 --a------ C:\WINDOWS\system32\lphc7qtj0e575.exe
2008-06-25 20:45 . 2008-06-25 20:45 51,678 --a------ C:\acadminidump.dmp
2008-06-24 14:45 . 2008-06-24 14:45 <DIR> d-------- C:\Program Files\AnswerWorks 4.0
2008-06-24 14:42 . 2008-06-24 14:47 <DIR> d-------- C:\Documents and Settings\Komputer\Dane aplikacji\Autodesk
2008-06-24 14:42 . 2008-06-24 14:42 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Autodesk
2008-06-24 14:41 . 2008-06-24 14:46 <DIR> d-------- C:\Program Files\Common Files\Autodesk Shared
2008-06-24 14:36 . 2008-06-24 14:36 <DIR> d-------- C:\Program Files\Autodesk
2008-06-12 22:04 . 2008-06-12 22:04 <DIR> d-------- C:\Program Files\LucasArts
2008-06-12 12:32 . 2008-06-12 12:32 1,160 --a------ C:\WINDOWS\mozver.dat
2008-06-11 10:25 . 2008-06-14 20:01 273,024 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 10:25 . 2008-06-14 20:01 273,024 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-10 23:26 . 2008-06-10 23:26 110,304 --a------ C:\WINDOWS\system32\drivers\ACEDRV09.sys
2008-06-10 23:23 . 2008-06-14 00:03 <DIR> d-------- C:\WINDOWS\uninstall

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-27 16:50 --------- d-----w C:\Program Files\neostrada tp
2008-06-27 16:05 --------- d-----w C:\Documents and Settings\Komputer\Dane aplikacji\uTorrent
2008-06-26 08:24 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-25 13:53 --------- d-----w C:\Program Files\Gothic III
2008-06-12 20:08 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-06-10 21:55 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help
2008-06-08 18:52 --------- d-----w C:\Documents and Settings\Komputer\Dane aplikacji\ZoomBrowser EX
2008-06-08 18:52 --------- d-----w C:\Documents and Settings\Komputer\Dane aplikacji\CameraWindowDC
2008-05-21 11:46 --------- d-----w C:\Documents and Settings\Komputer\Dane aplikacji\BESTplayer
2008-05-18 20:23 --------- d-----w C:\Program Files\NAPI-PROJEKT
2008-05-12 14:46 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-05-12 14:46 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\InstallShield
2008-05-08 14:08 --------- d-----w C:\Program Files\BYOND
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:16 1,291,264 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-30 16:50 --------- d-----w C:\Program Files\DAEMON Tools Lite
2008-04-30 16:42 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Lavasoft
2008-04-29 18:43 --------- d-----w C:\Documents and Settings\Komputer\Dane aplikacji\Hamachi
2008-04-29 18:40 25,280 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
2008-04-28 08:08 --------- d-----w C:\Program Files\uTorrent
2008-04-23 07:20 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-04-03 07:37 415,104 ----a-w C:\WINDOWS\system32\pr2aq6eb.exe
2008-03-19 13:55 32 ----a-w C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat
.

((((((((((((((((((((((((((((( snapshot_2008-06-27_18.45.05.15 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-27 16:15:09 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-27 16:49:25 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{35218E2A-1C45-46FE-829B-8415790B0210}]
2008-06-27 17:57 28800 --a------ C:\WINDOWS\system32\nnnkHYSl.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]
C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B74A6E94-805A-40A7-8F83-26CC9CD91D22}]
C:\WINDOWS\system32\nnnnMGXp.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BA00DCFD-75B6-48F2-889A-56595E335AA1}]
2008-06-27 10:06 303104 --a------ C:\WINDOWS\gfetqaxsvgb.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}]
2008-02-14 15:54 1555480 --a------ C:\Program Files\free-downloads.net\tbfree.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ECDEE021-0D17-467F-A1FF-C7A115230949}"= "C:\Program Files\free-downloads.net\tbfree.dll" [2008-02-14 15:54 1555480]
"{01DC360B-6DEB-4B33-9329-F12E9CD8FB24}"= "C:\WINDOWS\gxvpsafm.dll" [2008-06-27 10:06 151552]

[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]

[HKEY_CLASSES_ROOT\clsid\{01dc360b-6deb-4b33-9329-f12e9cd8fb24}]
[HKEY_CLASSES_ROOT\gxvpsafm.1]
[HKEY_CLASSES_ROOT\TypeLib\{D6317914-D4A0-4625-B9C9-3F365F46094E}]
[HKEY_CLASSES_ROOT\gxvpsafm]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{ECDEE021-0D17-467F-A1FF-C7A115230949}"= C:\Program Files\free-downloads.net\tbfree.dll [2008-02-14 15:54 1555480]

[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 11:21 153136]
"LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-07-18 18:55 451872]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44 15360]
"Orb"="C:\Program Files\Winamp Remote\bin\OrbTray.exe" [2008-01-07 22:02 495616]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-02-14 01:09 486856]
"Sys1.exe"="C:\Windows\Sys1.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="C:\Program Files\IDT\WDM\sttray.exe" [2007-12-14 13:26 413696]
"Gainward"="C:\Program Files\VDOTool\TBPanel.exe" [2007-11-27 15:36 2169368]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]
"nwiz"="nwiz.exe" [2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 16:57 153136]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"WOOWATCH"="C:\PROGRA~1\NEOSTR~1\Watch.exe" [2004-08-23 14:49 20480]
"WOOTASKBARICON"="C:\PROGRA~1\NEOSTR~1\GestMaj.exe" [2004-10-14 16:55 32768]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-01-16 00:54 37376]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 00:12 49152]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-06-16 06:03 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 06:03 81920]
"lphc7qtj0e575"="C:\WINDOWS\system32\lphc7qtj0e575.exe" [2008-06-27 17:56 109056]
"Antivirus"="C:\Program Files\VAV\vav.exe" [2008-06-19 18:22 325632]
"SMrhc3qtj0e575"="C:\Program Files\rhc3qtj0e575\rhc3qtj0e575.exe" [2008-06-27 11:13 1214976]
"0862793d"="C:\WINDOWS\system32\vjogvcqo.dll" [2008-06-27 18:03 91008]
"Sys1.exe"="C:\Windows\Sys1.exe" [ ]

C:\Documents and Settings\Komputer\Menu Start\Programy\Autostart\
Tworzenie wycink˘w ekranu i uruchamianie programu OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 21:24:54 98632]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-12 00:23:26 282624]
Przyspieszenie uruchomienia programu AutoCAD.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart17.exe [2006-03-05 15:43:54 11000]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{35218E2A-1C45-46FE-829B-8415790B0210}"= C:\WINDOWS\system32\nnnkHYSl.dll [2008-06-27 17:57 28800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"pntqkflv"= {FEA1D2F2-7D95-4C54-B25E-3F69CB1A2837} - C:\WINDOWS\pntqkflv.dll [2008-06-27 10:06 229376]
"qegbdmwf"= {63EF39F3-4DEA-46A5-80B7-5CAD0BF2137F} - C:\WINDOWS\qegbdmwf.dll [2008-06-27 10:06 180224]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnkHYSl]
nnnkHYSl.dll 2008-06-27 17:57 28800 C:\WINDOWS\system32\nnnkHYSl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Gadu-Gadu\\gg.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"D:\\Program Files\\BearShare\\BearShare.exe"=
"C:\\Program Files\\Valve\\hl.exe"=
"C:\\Program Files\\Aspyr Media, Inc\\THAW\\Game\\THAW.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Valve\\hlds.exe"=
"C:\\Program Files\\BYOND\\bin\\byond.exe"=
"C:\\Program Files\\Techland\\FIM Speedway GP3\\sgp3.exe"=

R0 pe3aq6eb;FIM Speedway GP3 Environment Driver (pe3aq6eb);C:\WINDOWS\system32\drivers\pe3aq6eb.sys [2008-04-03 09:36]
R0 ps7aq6eb;FIM Speedway GP3 Synchronization Driver (ps7aq6eb);C:\WINDOWS\system32\drivers\ps7aq6eb.sys [2008-04-03 09:35]
R2 ACEDRV09;ACEDRV09;C:\WINDOWS\system32\drivers\ACEDRV09.sys [2008-06-10 23:26]
R3 e4usbaw;USB ADSL2 WAN Adapter;C:\WINDOWS\system32\DRIVERS\e4usbaw.sys [2006-09-19 12:03]
S2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);C:\WINDOWS\system32\Drivers\e4ldr.sys [2006-09-15 12:07]
S2 pr2aq6eb;FIM Speedway GP3 Drivers Auto Removal (pr2aq6eb);C:\WINDOWS\system32\pr2aq6eb.exe svc []

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-27 18:53:52
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\nnnkHYSl.dll
.
Completion time: 2008-06-27 18:55:01
ComboFix-quarantined-files.txt 2008-06-27 16:54:59
ComboFix2.txt 2008-06-27 16:45:30
ComboFix3.txt 2008-04-30 18:15:03
ComboFix4.txt 2008-04-30 18:09:24
ComboFix5.txt 2008-04-30 17:03:20

Pre-Run: 37,018,918,912 bajtów wolnych
Post-Run: 37,011,931,136 bajtów wolnych

187 --- E O F --- 2008-06-27 16:10:01

**Posty:** 7956 · przez **Magik** 27 Cze 2008, 19:29

Witam
http://forum.programosy.pl/przeczytaj-zanim-wstawisz-logi-na-forum-vt93842.html

Nazwa tematu, gdzie opis problemu itd :?:

otworz notatnik i wklej

Kod: Zaznacz wszystko: FILE:: C:\WINDOWS\system32\byXRLFWp.dll C:\WINDOWS\system32\oqcvgojv.ini C:\WINDOWS\system32\vjogvcqo.dll C:\WINDOWS\system32\cenzura-spam.ico C:\WINDOWS\tovafrnm.exe C:\WINDOWS\system32\nnnkHYSl.dll C:\WINDOWS\system32\lphc7qtj0e575.exe C:\WINDOWS\gfetqaxsvgb.dll C:\WINDOWS\pntqkflv.dll C:\WINDOWS\qegbdmwf.dll C:\WINDOWS\gxvpsafm.dll

zapisz jako CFScript.txt. Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe

BTW, nie wiadomo w czym problem wiec.............

**Posty:** 16 · przez **bili1610** 27 Cze 2008, 19:44

Problem jest taki że mam 2754 wirusy.Zrobiłem to co napisałeś

**Posty:** 8001 · przez **Okocza** 27 Cze 2008, 19:48

smitfraudfix z opcji 2
(sciagasz -> uruchamiasz-> klikasz dowolny klawisz -> wpisujesz w programie 2 i enter potem czekasz chwile -> gdy wyskoczy pytanie w programie Do you want to clean the registry ? to wpisujesz literke Y i znowu enter i czekasz do wyskoczenia raportu (znak ze skan dobiegł konca)

oraz te skanery po kilka razy

VundoFix

VirtumundoBeGone

FixVundo

**Posty:** 16 · przez **bili1610** 27 Cze 2008, 20:24

czy jest opcja trzecia?

**Posty:** 8001 · przez **Okocza** 27 Cze 2008, 20:26

Wykonaj to co jest podane w tym temacie

Zastosuj SDFix . Po pobraniu uruchom go a rozpakuje się do C:\SDFix. Uruchom komputer w trybie awaryjnym (F8 przy stracie systemu). Będąc w awaryjnym uruchom plik RunThis.bat z folderu SDFixa. Zatwierdź czyszczenie przez Y. Poczekaj aż ukończy i komputer zresetuje

Potem wejdz do folderu C:\SDFix wrzuc zawartość pliku Report.txt + log z combofixa oraz daj loga z hijacka

to jest 3 opcja.

**Posty:** 16 · przez **bili1610** 27 Cze 2008, 20:46

co dokładnie mam zrobić z tymi logami?

**Posty:** 8001 · przez **Okocza** 27 Cze 2008, 20:46

wkleić je na forum :?:

w tagi..

**Posty:** 16 · przez **bili1610** 27 Cze 2008, 21:08

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:06:54, on 08-06-27
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\IDT\IntelXPV_v50\WDM\STacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\VDOTool\TBPanel.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\NEOSTR~1\TaskBarIcon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\rhc3qtj0e575\rhc3qtj0e575.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Winamp Remote\bin\OrbTray.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\SpyShredder\SpyShredder.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\pphc7qtj0e575.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\neostrada tp\neostradatp.exe
C:\Program Files\neostrada tp\ComComp.exe
C:\PROGRA~1\NEOSTR~1\Toaster.exe
C:\PROGRA~1\NEOSTR~1\Inactivity.exe
C:\PROGRA~1\NEOSTR~1\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\neostrada tp\Watch.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://szukaj.wp.pl/szukajneo.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: UrlHelper Class - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll (file missing)
O2 - BHO: (no name) - {B74A6E94-805A-40A7-8F83-26CC9CD91D22} - C:\WINDOWS\system32\nnnnMGXp.dll (file missing)
O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O3 - Toolbar: (no name) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - (no file)
O3 - Toolbar: (no name) - {37B85A29-692B-4205-9CAD-2626E4993404} - (no file)
O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [Gainward] C:\Program Files\VDOTool\TBPanel.exe /A
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [lphc7qtj0e575] C:\WINDOWS\system32\lphc7qtj0e575.exe
O4 - HKLM\..\Run: [Antivirus] C:\Program Files\VAV\vav.exe
O4 - HKLM\..\Run: [SMrhc3qtj0e575] C:\Program Files\rhc3qtj0e575\rhc3qtj0e575.exe
O4 - HKLM\..\Run: [Sys1.exe] C:\Windows\Sys1.exe
O4 - HKLM\..\Run: [0862793d] rundll32.exe "C:\WINDOWS\system32\gqivbelm.dll",b
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Sys1.exe] C:\Windows\Sys1.exe
O4 - HKCU\..\Run: [SpyShredder] C:\Program Files\SpyShredder\SpyShredder.exe
O4 - Startup: Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Przyspieszenie uruchomienia programu AutoCAD.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FA523A0F-DD1C-4E88-B302-2A4810D832A4}: NameServer = 194.204.159.1 217.98.63.164
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: nnnkHYSl - nnnkHYSl.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: FIM Speedway GP3 Drivers Auto Removal (pr2aq6eb) (pr2aq6eb) - Techland Sp.z o.o. - C:\WINDOWS\system32\pr2aq6eb.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Program Files\IDT\IntelXPV_v50\WDM\STacSV.exe

--
End of file - 9748 bytes

ComboFix 08-06-20.4 - Komputer 2008-06-27 19:40:28.13 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.1483 [GMT 2:00]
Running from: C:\Documents and Settings\Komputer\Moje dokumenty\Programy\ComboFix.exe
Command switches used :: C:\Documents and Settings\Komputer\Moje dokumenty\Programy\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\WINDOWS\gfetqaxsvgb.dll
C:\WINDOWS\gxvpsafm.dll
C:\WINDOWS\pntqkflv.dll
C:\WINDOWS\qegbdmwf.dll
C:\WINDOWS\system32\awtUNgEx.dll
C:\WINDOWS\system32\lphc7qtj0e575.exe
C:\WINDOWS\system32\mlebviqg.ini
C:\WINDOWS\system32\nnnkHYSl.dll
C:\WINDOWS\system32\oqcvgojv.ini
C:\WINDOWS\system32\cenzura-spam.ico
C:\WINDOWS\system32\vjogvcqo.dll
C:\WINDOWS\system32\xEgNUtwa.ini
C:\WINDOWS\system32\xEgNUtwa.ini2
C:\WINDOWS\tovafrnm.exe

.
((((((((((((((((((((((((( Files Created from 2008-05-27 to 2008-06-27 )))))))))))))))))))))))))))))))
.

2008-06-27 19:35 . 2008-06-27 19:40 354 ---hs---- C:\WINDOWS\system32\mlebviqg.ini
2008-06-27 19:01 . 2008-06-27 19:01 91,008 --a------ C:\WINDOWS\system32\gqivbelm.dll
2008-06-27 17:57 . 2008-06-27 17:57 <DIR> d-------- C:\Documents and Settings\Komputer\Dane aplikacji\rhc3qtj0e575
2008-06-27 17:57 . 2008-06-27 19:34 94,208 --a------ C:\WINDOWS\system32\pphc7qtj0e575.exe
2008-06-27 17:57 . 2008-06-27 17:57 28,800 --a------ C:\WINDOWS\system32\byXRLFWp.dll
2008-06-27 17:56 . 2008-06-27 17:56 <DIR> d-------- C:\Program Files\VAV
2008-06-27 17:56 . 2008-06-27 17:57 <DIR> d-------- C:\Program Files\rhc3qtj0e575
2008-06-27 17:56 . 2008-06-27 17:56 <DIR> d-------- C:\Program Files\PCHealthCenter
2008-06-27 17:56 . 2008-06-19 18:20 117,248 --a------ C:\WINDOWS\system32\vav.cpl
2008-06-27 17:56 . 2008-06-27 18:49 90,838 --a------ C:\WINDOWS\system32\phc7qtj0e575.bmp
2008-06-27 17:56 . 2008-06-27 18:49 60,928 --a------ C:\WINDOWS\system32\blphc7qtj0e575.scr
2008-06-27 17:56 . 2008-06-21 11:35 3,262 --a------ C:\WINDOWS\system32\cenzura-spam.ico
2008-06-25 20:45 . 2008-06-25 20:45 51,678 --a------ C:\acadminidump.dmp
2008-06-24 14:45 . 2008-06-24 14:45 <DIR> d-------- C:\Program Files\AnswerWorks 4.0
2008-06-24 14:42 . 2008-06-24 14:47 <DIR> d-------- C:\Documents and Settings\Komputer\Dane aplikacji\Autodesk
2008-06-24 14:42 . 2008-06-24 14:42 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Autodesk
2008-06-24 14:41 . 2008-06-24 14:46 <DIR> d-------- C:\Program Files\Common Files\Autodesk Shared
2008-06-24 14:36 . 2008-06-24 14:36 <DIR> d-------- C:\Program Files\Autodesk
2008-06-12 22:04 . 2008-06-12 22:04 <DIR> d-------- C:\Program Files\LucasArts
2008-06-12 12:32 . 2008-06-12 12:32 1,160 --a------ C:\WINDOWS\mozver.dat
2008-06-11 10:25 . 2008-06-14 20:01 273,024 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 10:25 . 2008-06-14 20:01 273,024 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-10 23:26 . 2008-06-10 23:26 110,304 --a------ C:\WINDOWS\system32\drivers\ACEDRV09.sys
2008-06-10 23:23 . 2008-06-14 00:03 <DIR> d-------- C:\WINDOWS\uninstall

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-27 17:38 --------- d-----w C:\Program Files\neostrada tp
2008-06-27 17:33 --------- d-----w C:\Documents and Settings\Komputer\Dane aplikacji\uTorrent
2008-06-26 08:24 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-25 13:53 --------- d-----w C:\Program Files\Gothic III
2008-06-12 20:08 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-06-10 21:55 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help
2008-06-08 18:52 --------- d-----w C:\Documents and Settings\Komputer\Dane aplikacji\ZoomBrowser EX
2008-06-08 18:52 --------- d-----w C:\Documents and Settings\Komputer\Dane aplikacji\CameraWindowDC
2008-05-21 11:46 --------- d-----w C:\Documents and Settings\Komputer\Dane aplikacji\BESTplayer
2008-05-18 20:23 --------- d-----w C:\Program Files\NAPI-PROJEKT
2008-05-12 14:46 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-05-12 14:46 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\InstallShield
2008-05-08 14:08 --------- d-----w C:\Program Files\BYOND
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:16 1,291,264 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-30 16:50 --------- d-----w C:\Program Files\DAEMON Tools Lite
2008-04-30 16:42 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Lavasoft
2008-04-29 18:43 --------- d-----w C:\Documents and Settings\Komputer\Dane aplikacji\Hamachi
2008-04-29 18:40 25,280 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
2008-04-28 08:08 --------- d-----w C:\Program Files\uTorrent
2008-04-23 07:20 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-04-03 07:37 415,104 ----a-w C:\WINDOWS\system32\pr2aq6eb.exe
2008-03-19 13:55 32 ----a-w C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat
.

((((((((((((((((((((((((((((( snapshot_2008-06-27_18.45.05.15 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-27 16:15:09 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-27 17:34:26 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]
C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B74A6E94-805A-40A7-8F83-26CC9CD91D22}]
C:\WINDOWS\system32\nnnnMGXp.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}]
2008-02-14 15:54 1555480 --a------ C:\Program Files\free-downloads.net\tbfree.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ECDEE021-0D17-467F-A1FF-C7A115230949}"= "C:\Program Files\free-downloads.net\tbfree.dll" [2008-02-14 15:54 1555480]
"{01DC360B-6DEB-4B33-9329-F12E9CD8FB24}"= "C:\WINDOWS\gxvpsafm.dll" [ ]

[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]

[HKEY_CLASSES_ROOT\clsid\{01dc360b-6deb-4b33-9329-f12e9cd8fb24}]
[HKEY_CLASSES_ROOT\gxvpsafm.1]
[HKEY_CLASSES_ROOT\TypeLib\{D6317914-D4A0-4625-B9C9-3F365F46094E}]
[HKEY_CLASSES_ROOT\gxvpsafm]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{ECDEE021-0D17-467F-A1FF-C7A115230949}"= C:\Program Files\free-downloads.net\tbfree.dll [2008-02-14 15:54 1555480]

[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 11:21 153136]
"LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-07-18 18:55 451872]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44 15360]
"Orb"="C:\Program Files\Winamp Remote\bin\OrbTray.exe" [2008-01-07 22:02 495616]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-02-14 01:09 486856]
"Sys1.exe"="C:\Windows\Sys1.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="C:\Program Files\IDT\WDM\sttray.exe" [2007-12-14 13:26 413696]
"Gainward"="C:\Program Files\VDOTool\TBPanel.exe" [2007-11-27 15:36 2169368]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]
"nwiz"="nwiz.exe" [2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 16:57 153136]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"WOOWATCH"="C:\PROGRA~1\NEOSTR~1\Watch.exe" [2004-08-23 14:49 20480]
"WOOTASKBARICON"="C:\PROGRA~1\NEOSTR~1\GestMaj.exe" [2004-10-14 16:55 32768]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-01-16 00:54 37376]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 00:12 49152]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-06-16 06:03 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 06:03 81920]
"lphc7qtj0e575"="C:\WINDOWS\system32\lphc7qtj0e575.exe" [ ]
"Antivirus"="C:\Program Files\VAV\vav.exe" [2008-06-19 18:22 325632]
"SMrhc3qtj0e575"="C:\Program Files\rhc3qtj0e575\rhc3qtj0e575.exe" [2008-06-27 11:13 1214976]
"Sys1.exe"="C:\Windows\Sys1.exe" [ ]
"0862793d"="C:\WINDOWS\system32\gqivbelm.dll" [2008-06-27 19:01 91008]

C:\Documents and Settings\Komputer\Menu Start\Programy\Autostart\
Tworzenie wycink˘w ekranu i uruchamianie programu OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 21:24:54 98632]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-12 00:23:26 282624]
Przyspieszenie uruchomienia programu AutoCAD.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart17.exe [2006-03-05 15:43:54 11000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"pntqkflv"= {FEA1D2F2-7D95-4C54-B25E-3F69CB1A2837} - C:\WINDOWS\pntqkflv.dll [ ]
"qegbdmwf"= {63EF39F3-4DEA-46A5-80B7-5CAD0BF2137F} - C:\WINDOWS\qegbdmwf.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnkHYSl]
nnnkHYSl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Gadu-Gadu\\gg.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"D:\\Program Files\\BearShare\\BearShare.exe"=
"C:\\Program Files\\Valve\\hl.exe"=
"C:\\Program Files\\Aspyr Media, Inc\\THAW\\Game\\THAW.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Valve\\hlds.exe"=
"C:\\Program Files\\BYOND\\bin\\byond.exe"=
"C:\\Program Files\\Techland\\FIM Speedway GP3\\sgp3.exe"=

R0 pe3aq6eb;FIM Speedway GP3 Environment Driver (pe3aq6eb);C:\WINDOWS\system32\drivers\pe3aq6eb.sys [2008-04-03 09:36]
R0 ps7aq6eb;FIM Speedway GP3 Synchronization Driver (ps7aq6eb);C:\WINDOWS\system32\drivers\ps7aq6eb.sys [2008-04-03 09:35]
R2 ACEDRV09;ACEDRV09;C:\WINDOWS\system32\drivers\ACEDRV09.sys [2008-06-10 23:26]
R3 e4usbaw;USB ADSL2 WAN Adapter;C:\WINDOWS\system32\DRIVERS\e4usbaw.sys [2006-09-19 12:03]
S2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);C:\WINDOWS\system32\Drivers\e4ldr.sys [2006-09-15 12:07]
S2 pr2aq6eb;FIM Speedway GP3 Drivers Auto Removal (pr2aq6eb);C:\WINDOWS\system32\pr2aq6eb.exe svc []

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-27 19:41:34
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-27 19:42:16
ComboFix-quarantined-files.txt 2008-06-27 17:41:56
ComboFix2.txt 2008-06-27 16:55:02
ComboFix3.txt 2008-06-27 16:45:30
ComboFix4.txt 2008-04-30 18:15:03
ComboFix5.txt 2008-04-30 18:09:24

Pre-Run: 37,019,185,152 bajtów wolnych
Post-Run: 37,010,436,096 bajtów wolnych

191 --- E O F --- 2008-06-27 16:10:01

SDFix: Version 1.197
Run by Administrator on 08-06-27 at 20:35

Microsoft Windows XP [Wersja 5.1.2600]
Running From: C:\SDFix

Checking Services :

Restoring Default Security Values
Restoring Default Hosts File
Restoring Default HomePage Value
Restoring Default Desktop Components Value

Rebooting

Checking Files :

Trojan Files Found:

C:\Program Files\VAV\vav.cpl - Deleted
C:\Program Files\VAV\vav.exe - Deleted
C:\Program Files\VAV\vav0.dat - Deleted
C:\Program Files\VAV\vav1.dat - Deleted
C:\WINDOWS\system32\cenzura-spam.ico - Deleted

Folder C:\Program Files\VAV - Removed

Removing Temp Files

ADS Check :

Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-27 20:39:26
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000001
"ujdew"=hex:d8,e2,09,d4,81,17,0a,29,3b,02,dc,47,65,c4,37,2e,cd,d7,96,7e,ad,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:2a,c7,b2,26,00,89,de,8c,3a,01,15,5a,52,9c,9d,7c,b3,d0,ad,4a,4f,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,94,02,2c,41,55,b2,fd,af,f4,e1,35,a6,68,ca,d5,34,7a,..
"khjeh"=hex:4e,ac,29,8e,23,84,87,c1,66,f8,84,3e,e9,11,6a,f5,b4,50,54,4b,88,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:e8,34,6d,71,c6,2d,1c,3d,5d,5e,ca,00,ab,d0,39,3c,1f,dc,21,ff,30,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:e8,34,6d,71,c6,2d,1c,3d,5d,5e,ca,00,ab,d0,39,3c,1f,dc,21,ff,30,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:82,e7,a9,18,cd,a2,dd,ec,44,c9,69,7f,4b,d7,b7,1b,14,0e,5b,d5,ee,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43]
"khjeh"=hex:82,e7,a9,18,cd,a2,dd,ec,44,c9,69,7f,4b,d7,b7,1b,14,0e,5b,d5,ee,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000001
"ujdew"=hex:d8,e2,09,d4,81,17,0a,29,3b,02,dc,47,65,c4,37,2e,cd,d7,96,7e,ad,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:2a,c7,b2,26,00,89,de,8c,3a,01,15,5a,52,9c,9d,7c,b3,d0,ad,4a,4f,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,94,02,2c,41,55,b2,fd,af,f4,e1,35,a6,68,ca,d5,34,7a,..
"khjeh"=hex:4e,ac,29,8e,23,84,87,c1,66,f8,84,3e,e9,11,6a,f5,b4,50,54,4b,88,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:e8,34,6d,71,c6,2d,1c,3d,5d,5e,ca,00,ab,d0,39,3c,1f,dc,21,ff,30,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:e8,34,6d,71,c6,2d,1c,3d,5d,5e,ca,00,ab,d0,39,3c,1f,dc,21,ff,30,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:82,e7,a9,18,cd,a2,dd,ec,44,c9,69,7f,4b,d7,b7,1b,14,0e,5b,d5,ee,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43]
"khjeh"=hex:82,e7,a9,18,cd,a2,dd,ec,44,c9,69,7f,4b,d7,b7,1b,14,0e,5b,d5,ee,..

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:00000048
"TracesSuccessful"=dword:00000004

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

Remaining Services :

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Gadu-Gadu\\gg.exe"="C:\\Program Files\\Gadu-Gadu\\gg.exe:*:Enabled:Gadu-Gadu - program g˘wny"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"="C:\\Program Files\\Winamp Remote\\bin\\Orb.exe:*:Enabled:Orb"
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe:*:Enabled:OrbTray"
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:uTorrent"
"D:\\Program Files\\BearShare\\BearShare.exe"="D:\\Program Files\\BearShare\\BearShare.exe:*:Enabled:BearShare"
"C:\\Program Files\\Valve\\hl.exe"="C:\\Program Files\\Valve\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\Aspyr Media, Inc\\THAW\\Game\\THAW.exe"="C:\\Program Files\\Aspyr Media, Inc\\THAW\\Game\\THAW.exe:*:Enabled:Tony Hawk's American Wasteland"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Program Files\\Valve\\hlds.exe"="C:\\Program Files\\Valve\\hlds.exe:*:Enabled:HLDS Launcher"
"C:\\Program Files\\BYOND\\bin\\byond.exe"="C:\\Program Files\\BYOND\\bin\\byond.exe:*:Enabled:byond"
"C:\\Program Files\\Techland\\FIM Speedway GP3\\sgp3.exe"="C:\\Program Files\\Techland\\FIM Speedway GP3\\sgp3.exe:*:Enabled:Speedway Grand Prix 3"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

Remaining Files :

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Tue 15 Nov 2005 78,104 ..SHR --- "C:\Program Files\Autodesk\Autodesk DWF Viewer\Setup.exe"
Tue 15 Nov 2005 12,912 A.SHR --- "C:\Program Files\Autodesk\Autodesk DWF Viewer\_Setupx.dll"
Tue 11 Mar 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Sun 16 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0a67b6c406b1d7e0f5c1e6f6d44a3f6e\BIT8.tmp"
Sun 16 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\18b19374451d28a8fbaf1939cf31ff45\BITB.tmp"
Sun 16 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\26924cbc8132a10b438ce6e2b49d4652\BIT7.tmp"
Sun 16 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\5a563fa477cf8fafb8fe0c62db7d73a1\BITC.tmp"
Sun 16 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\5d8b27483d3f365d76169cb326b6d1c4\BITA.tmp"
Sun 16 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\8213811a47d2bd2f8f612f637816d982\BIT9.tmp"
Thu 8 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\bb094e9f8c2d7d8ec9a15b1be70e1f47\BIT1B.tmp"
Tue 15 Jan 2002 548,864 A..H. --- "C:\Documents and Settings\Komputer\Moje dokumenty\Bartek\Gry\KAKASHI\ALLEG40.DLL"
Wed 13 Mar 2002 53,248 A..H. --- "C:\Documents and Settings\Komputer\Moje dokumenty\Bartek\Gry\KAKASHI\ZLIB.DLL"
Tue 16 Apr 2002 77,824 A..H. --- "C:\Documents and Settings\Komputer\Moje dokumenty\Tomek\Studia\laborki\Mech. pyn1\Tematy\~WRL0038.tmp"

Finished!

[ Dodano: Dzisiaj o 21:24 ]
błagam pomóż

**Posty:** 84 · przez **gloni** 27 Cze 2008, 21:34

na fix w trybie awaryjnym
usuwanie http://forum.programosy.pl/hijackthis-amp-silent-runners-gtobsuga-i-umieszczanie-vt9452.html
punkt 4

Kod: Zaznacz wszystko: C:\Program Files\rhc3qtj0e575\rhc3qtj0e575.exe C:\Program Files\SpyShredder\SpyShredder.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://szukaj.wp.pl/szukajneo.html O3 - Toolbar: (no name) - {37B85A29-692B-4205-9CAD-2626E4993404} - (no file) O3 - Toolbar: (no name) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - (no file) O4 - HKLM\..\Run: [lphc7qtj0e575] C:\WINDOWS\system32\lphc7qtj0e575.exe O4 - HKLM\..\Run: [Antivirus] C:\Program Files\VAV\vav.exe O4 - HKLM\..\Run: [SMrhc3qtj0e575] C:\Program Files\rhc3qtj0e575\rhc3qtj0e575.exe O4 - HKLM\..\Run: [Sys1.exe] C:\Windows\Sys1.exe O4 - HKCU\..\Run: [SpyShredder] C:\Program Files\SpyShredder\SpyShredder.exe

to mozesz zastosowac http://forum.programosy.pl/program-szukajacy-trojanow-i-malware-vt97108.html
potem przeskanuj jakims antyspyware , odkurzaczem

**Posty:** 16 · przez **bili1610** 27 Cze 2008, 21:37

na jaki fix??

[ Dodano: Dzisiaj o 21:41 ]
to bylo w logu

********************************************************************************
* *
* FixIEDef Log *
* Version 1.4.19.5850 *
* *
********************************************************************************

Created at 21:39:04 on Friday, June 27, 2008

Time Zone :

Logged On User : Komputer

Operating System : Microsoft Windows XP Home Edition Dodatek Service Pack 2
OS Version : 5.1.2600
System Langauge : Polish
Keyboard Layout : Polish
Processor : X86 Procesor Intel Pentium III Xeon

System Drive : C:\
Windows Directory : C:\WINDOWS
System Directory : C:\WINDOWS\system32

Total Physical Memory : 2136326144 bytes
Free Physical Memory : 1488968 bytes
Total Virtual Memory : 2097024 bytes
Free Virtual Memory : 2053248 bytes

Boot State : Normal boot

--------------------------------------------------------------------------------

!!! Files that have been deleted !!!

C:\Program Files\SpyShredder\SpyShredder.exe
C:\Program Files\SpyShredder\Uninstall.exe
C:\Program Files\SpyShredder\SpyShredder.exe
C:\Program Files\SpyShredder\SpyShredder.lic
C:\Program Files\SpyShredder\SpyShredder0.ss
C:\Program Files\SpyShredder\SpyShredder1.ss
C:\WINDOWS\system32\actskn45.ocx
C:\WINDOWS\system32\tmp.reg
C:\WINDOWS\system32\tmp.txt

--------------------------------------------------------------------------------

!!! Directories that have been removed !!!

C:\Program Files\SpyShredder

--------------------------------------------------------------------------------

!!! Registry entries that have been removed !!!

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\DateTime
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SSV.SSVHelper
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\unonasad.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{96488BA0-1A53-4583-8AC8-DB77560E8876}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{96A48B57-D55D-4B03-895D-7EE0281D1929}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{5522E65B-6538-431A-BDAF-0B096A3FDD1C}

================================================================================

All Done

ShadowPuterDude

Safe Surfing!!!

[ Dodano: Dzisiaj o 21:47 ]
czy to znaczy że już wszystko dobrze??

**Posty:** 7956 · przez **Magik** 28 Cze 2008, 00:12

bili1610 napisał(a):czy to znaczy że już wszystko dobrze??

powyzsze wpisy z HiJackThis usunales dajac na "Fix" :arrow:

jesli tak wklej na koniec log z combofix'a i HiJackThis dla pewnosci i zrob

1. Ściągnij OTMoveIt i go włacz i odpal go z opcji CleanUp

2. wykonaj optymalizację windowsa
3.sciagnij ATF_Cleaner
zaznacz
Windows Temp
All users Temp
Temporary internet files
Recycle Bin
i wcisnij EMPTY SELECTED
4.Wyłącz przywracanie systemu ( właściwości mój komputer-zakładka przywracanie - wyłącz przywracanie na wszystkich dyskach). Po chwili włącz je powrotem

prosze o sprawdzenie loga z combofixa(mam 2754 wirusy)

prosze o sprawdzenie loga z combofixa(mam 2754 wirusy)

Kto jest na forum