Wirus win32.hidrag.a-problem z usunięcim!

[kamilkil4]

Witam.
Jak widać w temacie mam problem z wirusem Wn32.hidrag.a.
Nie moge go usunąć , a powoduje wiele szkód np.
usuwa pliki Exe oraz nie można otworzyć dysku po dwukrotnym kliknięciu tylko trzeba klikać PPM i wybierać polecenie otwórz.
proszę o szybkie odpowiedzi!!!
Z góry dzięki!!!!
A oto log z combofix

Kod: Zaznacz wszystko

ComboFix 09-03-15.01 - Admin 2009-03-17 21:32:10.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1250.1.1045.18.1023.580 [GMT 1:00]
Uruchomiony z: c:\documents and settings\Admin\Pulpit\ComboFix.exe
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated)
* Utworzono nowy punkt przywracania

UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!
.

(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\Cache
D:\Autorun.inf
D:\MS32DLL.dll.vbs

.
(((((((((((((((((((((((((((((((((((((((   Sterowniki/Usługi   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_POWERMANAGER


(((((((((((((((((((((((((   Pliki utworzone od 2009-02-17 do 2009-03-17  )))))))))))))))))))))))))))))))
.

2009-03-17 20:29 . 2009-03-17 20:29   <DIR>   d---s----   c:\documents and settings\Admin\UserData
2009-03-15 20:05 . 2009-03-15 20:05   <DIR>   d--------   c:\program files\Trend Micro
2009-03-14 16:31 . 2006-07-03 05:16   88,960   -ra------   c:\windows\system32\drivers\ewusbmdm.sys
2009-03-14 16:25 . 2009-03-14 16:25   <DIR>   d--------   c:\program files\iPlus
2009-03-13 14:58 . 2009-03-13 14:58   98,304   --a------   c:\windows\system32\CmdLineExt.dll
2009-03-12 21:06 . 2009-03-12 21:06   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\MSN6
2009-03-12 21:06 . 2009-03-12 21:08   <DIR>   d--------   c:\documents and settings\Admin\Dane aplikacji\MSN6
2009-03-12 10:30 . 2009-03-12 11:01   <DIR>   d-a------   c:\documents and settings\All Users\Dane aplikacji\TEMP

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-17 20:35   ---------   d-----w   c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab
2009-03-17 20:34   450,592   --sha-w   c:\windows\system32\drivers\fidbox2.dat
2009-03-17 20:34   4,716   --sha-w   c:\windows\system32\drivers\fidbox2.idx
2009-03-17 20:34   4,236,320   --sha-w   c:\windows\system32\drivers\fidbox.dat
2009-03-17 20:34   36,272   --sha-w   c:\windows\system32\drivers\fidbox.idx
2009-03-14 15:31   36,334   ----a-w   c:\windows\E220AutoRunLog.tmp
2009-03-14 15:25   ---------   d-----w   c:\documents and settings\Admin\Dane aplikacji\iPlus
2009-03-11 22:03   89,601   ----a-w   c:\windows\system32\drivers\klick.dat
2009-03-11 22:03   33,808   ----a-w   c:\windows\system32\drivers\klbg.sys
2009-03-11 22:03   101,287   ----a-w   c:\windows\system32\drivers\klin.dat
2007-01-07 19:21   0   ----a-w   c:\documents and settings\Admin\Dane aplikacji\wklnhst.dat
.

------- Sigcheck -------

2001-10-26 18:30  12800  b3c95bfeef6781a82a1c429f466a3a11   c:\windows\$NtServicePackUninstall$\svchost.exe
2008-04-14 22:51  14336  8607d35d92528e2df386f19a960d23ce   c:\windows\ServicePackFiles\i386\svchost.exe
2008-04-14 22:51  14336  8607d35d92528e2df386f19a960d23ce   c:\windows\system32\svchost.exe

2002-09-20 17:04  561664  3a4892a57cfe05d61e4bbc3ec3e24a63   c:\windows\$NtServicePackUninstall$\user32.dll
2008-04-14 22:50  580096  a435c5c069afd901751ac323ad238793   c:\windows\ServicePackFiles\i386\user32.dll
2008-04-14 22:50  580096  a435c5c069afd901751ac323ad238793   c:\windows\system32\user32.dll

2001-10-26 18:29  75264  9b7d1c56cc12d806314b853bf52ecb4c   c:\windows\$NtServicePackUninstall$\ws2_32.dll
2008-04-14 22:51  82432  c0aa2ab856680c44739b41e01f5bd4e9   c:\windows\ServicePackFiles\i386\ws2_32.dll
2008-04-14 22:51  82432  c0aa2ab856680c44739b41e01f5bd4e9   c:\windows\system32\ws2_32.dll

2002-09-20 17:05  601600  4965c02574610e9b2d1e18d63d11a772   c:\windows\$NtServicePackUninstall$\wininet.dll
2008-04-14 22:50  668672  0457f0afd6ee10445d8cf721fb5fa4eb   c:\windows\ServicePackFiles\i386\wininet.dll
2008-04-14 22:50  668672  0457f0afd6ee10445d8cf721fb5fa4eb   c:\windows\system32\wininet.dll

2002-08-29 00:58  332928  244a2f9816bc9b593957281ef577d976   c:\windows\$NtServicePackUninstall$\tcpip.sys
2008-04-14 00:50  361344  93ea8d04ec73a85db02eb8805988f733   c:\windows\ServicePackFiles\i386\tcpip.sys
2008-04-14 00:50  361344  93ea8d04ec73a85db02eb8805988f733   c:\windows\system32\drivers\tcpip.sys

2002-09-20 17:05  519168  8b6e6bb5d451f8bbc0621203b687d993   c:\windows\$NtServicePackUninstall$\winlogon.exe
2008-04-14 22:51  510464  51fd2e13d723857b9ca239ae77150f48   c:\windows\ServicePackFiles\i386\winlogon.exe
2008-04-14 22:51  510464  51fd2e13d723857b9ca239ae77150f48   c:\windows\system32\winlogon.exe

2002-08-29 01:09  167552  3b350e5a2a5e951453f3993275a4523a   c:\windows\$NtServicePackUninstall$\ndis.sys
2008-04-14 00:50  182656  1df7f42665c94b825322fae71721130d   c:\windows\ServicePackFiles\i386\ndis.sys
2008-04-14 00:50  182656  1df7f42665c94b825322fae71721130d   c:\windows\system32\drivers\ndis.sys

2008-04-14 00:23  36608  3bb22519a194418d5fec05d800a19ad0   c:\windows\ServicePackFiles\i386\ip6fw.sys
2008-04-14 00:23  36608  3bb22519a194418d5fec05d800a19ad0   c:\windows\system32\drivers\ip6fw.sys

2002-09-20 17:18  1921536  3805154f53701c0f3dc438329bf89efb   c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
2008-04-14 21:59  2067200  4bba965664faa56b187c27f4cad7e7c5   c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
2008-04-14 21:59  2025472  280cd53ba94a32bca61b5ea01753aed8   c:\windows\system32\ntkrnlpa.exe

2002-09-20 16:12  1892864  0f8e5919d769f7dcefb559013400038c   c:\windows\$NtServicePackUninstall$\ntoskrnl.exe
2008-04-14 22:00  2190336  8ca14ecf04594eabbe93c9ff2e3cbfb1   c:\windows\ServicePackFiles\i386\ntoskrnl.exe
2008-04-14 21:59  2146816  1b4b41ac8cdaa66ded8999a7de212d3e   c:\windows\system32\ntoskrnl.exe

2008-04-14 22:51  1035264  c791ed9eac5e76d9525e157b1d7a599a   c:\windows\explorer.exe
2002-09-20 17:05  1005568  f4af85d918e83d71341fce2aa5318181   c:\windows\$NtServicePackUninstall$\explorer.exe
2008-04-14 22:51  1035264  c791ed9eac5e76d9525e157b1d7a599a   c:\windows\ServicePackFiles\i386\explorer.exe

2001-10-26 18:30  101888  bf4cbefdce42a699389791647cb95ca2   c:\windows\$NtServicePackUninstall$\services.exe
2008-04-14 22:51  109056  3e3ae424e27c4cefe4cab368c7b570ea   c:\windows\ServicePackFiles\i386\services.exe
2008-04-14 22:51  109056  3e3ae424e27c4cefe4cab368c7b570ea   c:\windows\system32\services.exe

2002-09-20 17:05  11776  fa2c871f57352339f0a1802bb9aea6e7   c:\windows\$NtServicePackUninstall$\lsass.exe
2008-04-14 22:51  13312  88296f7943f30a1ee3af735440b92268   c:\windows\ServicePackFiles\i386\lsass.exe
2008-04-14 22:51  13312  88296f7943f30a1ee3af735440b92268   c:\windows\system32\lsass.exe

2002-09-20 17:05  13312  0c4c012b0a8960f48a666c240a7baa3d   c:\windows\$NtServicePackUninstall$\ctfmon.exe
2008-04-14 22:51  15360  1bd41eda5b869afc99895c39a8de36e1   c:\windows\ServicePackFiles\i386\ctfmon.exe
2008-04-14 22:51  15360  1bd41eda5b869afc99895c39a8de36e1   c:\windows\system32\ctfmon.exe

2001-10-26 18:30  51200  414af353e9eeed8637d90370fd0c3b68   c:\windows\$NtServicePackUninstall$\spoolsv.exe
2008-04-14 22:51  57856  dd69ec597ab942c39b950d9c3ce1375d   c:\windows\ServicePackFiles\i386\spoolsv.exe
2008-04-14 22:51  57856  dd69ec597ab942c39b950d9c3ce1375d   c:\windows\system32\spoolsv.exe

2002-09-20 17:05  142336  2bdcbf19c5222fda21b049d1fbac7b36   c:\windows\$NtServicePackUninstall$\wuauclt.exe
2008-04-14 22:51  112128  9a19ba6d99b8ec3db5b3eff71b0a0bb5   c:\windows\ServicePackFiles\i386\wuauclt.exe
2008-10-16 14:09  51224  e654b78d2f1d791b30d0ed9a8195ec22   c:\windows\SoftwareDistribution\SelfUpdate\wuauclt.exe
2008-04-14 22:51  112128  9a19ba6d99b8ec3db5b3eff71b0a0bb5   c:\windows\system32\wuauclt.exe

2002-09-20 17:05  22528  323d3ffcbf99c59b2d20b4c5a7ece347   c:\windows\$NtServicePackUninstall$\userinit.exe
2008-04-14 22:51  26624  2a5b37d520508be6570a3ea79695f5b5   c:\windows\ServicePackFiles\i386\userinit.exe
2008-04-14 22:51  26624  2a5b37d520508be6570a3ea79695f5b5   c:\windows\system32\userinit.exe

2002-09-20 17:04  201216  c4ee140f5edcf2fc20099b56ddbe5445   c:\windows\$NtServicePackUninstall$\termsrv.dll
2008-04-14 22:50  296448  52e0505408edd4ab5ccc7f83b67b4299   c:\windows\ServicePackFiles\i386\termsrv.dll
2008-04-14 22:50  296448  52e0505408edd4ab5ccc7f83b67b4299   c:\windows\system32\termsrv.dll

2002-09-20 17:04  958976  8d452c28d7cad9b5bbdb3c41730305e9   c:\windows\$NtServicePackUninstall$\kernel32.dll
2008-04-14 22:50  1018368  fce4ecc34a36edacf03dbe8de5e28910   c:\windows\ServicePackFiles\i386\kernel32.dll
2008-04-14 22:50  1018368  fce4ecc34a36edacf03dbe8de5e28910   c:\windows\system32\kernel32.dll

2001-10-26 18:29  14848  cf06ff4307712677dd2ea86921ccd52f   c:\windows\$NtServicePackUninstall$\powrprof.dll
2008-04-14 22:50  17408  414c17a2958aedac700bbaafbf999f94   c:\windows\ServicePackFiles\i386\powrprof.dll
2008-04-14 22:50  17408  414c17a2958aedac700bbaafbf999f94   c:\windows\system32\powrprof.dll

2002-09-20 17:03  103936  b85f29a061f7d554c8f8092ade4ec107   c:\windows\$NtServicePackUninstall$\imm32.dll
2008-04-14 22:50  110080  2e9a03268e609917b83921ee16fd9cfb   c:\windows\ServicePackFiles\i386\imm32.dll
2008-04-14 22:50  110080  2e9a03268e609917b83921ee16fd9cfb   c:\windows\system32\imm32.dll
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 143360]
"Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2007-07-09 2119104]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2007-01-09 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2006-08-11 7630848]
"NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2006-08-11 86016]
"TrayServer"="c:\program files\MAGIX\Movie_Edit_Pro_14_silver\TrayServer.exe" [2007-12-04 90112]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-01-11 155648]
"DataLayer"="c:\progra~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE" [2004-09-23 1019392]
"PCSuiteTrayApplication"="c:\progra~1\Nokia\NOKIAP~1\TRAYAP~1.EXE" [2004-09-15 148992]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2009-03-11 206088]
"iPlusManager"="c:\program files\iPlus\iPlusChecker.exe" [2006-08-28 274432]
"RTHDCPL"="RTHDCPL.EXE" [2006-11-14 c:\windows\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe]
"nwiz"="nwiz.exe" [2006-08-11 c:\windows\system32\nwiz.exe]
"MsmqIntCert"="mqrt.dll" [2008-04-14 c:\windows\system32\mqrt.dll]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.3iv2"= 3ivxVfWCodec.dll
"msacm.divxa32"= divxa32.acm
"VIDC.HFYU"= huffyuv.dll
"VIDC.i263"= i263_32.drv
"msacm.imc"= imc32.acm
"VIDC.VP31"= vp31vfw.dll
"VIDC.NSVI"= nsvideo.dll
"VIDC.JPEG"= JpegCode.dll
"VIDC.MJPG"= JpegCode.dll
"msacm.ac3filter"= ac3filter.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"c:\\Program Files\\Gadu-Gadu\\gg.exe"=
"c:\\Program Files\\Vietcong - Zlota Edycja\\Vietcong 2\\vc2ded.exe"=
"d:\\gry anka\\Diablo II\\Game.exe"=

R0 Achernar;Achernar - SCSI Command Filter Drivers;c:\windows\system32\drivers\Achernar.sys [2006-12-27 18432]
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 33808]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-04-30 24592]
R3 PhTVTune;MEDION TV-TUNER 7134 MK2/3;c:\windows\system32\drivers\PhTVTune.sys [2006-12-26 24288]
S3 DSCVc;Video Capture;c:\windows\system32\DRIVERS\CoachVc.sys --> c:\windows\system32\DRIVERS\CoachVc.sys [?]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [2006-12-31 1527900]
S3 FlyPCI;FlyPCI;c:\windows\system32\drivers\FlyPCI.sys [2006-12-26 4134]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [2006-12-13 19072]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2005-08-02 32512]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs
.
- - - - USUNIĘTO PUSTE WPISY - - - -

HKLM-Run-RemoteControl - c:\program files\CyberLink\PowerDVD\PDVDServ.exe
HKLM-Run-WinDVRCtrl - c:\windows\WDVRCtrl.exe
HKLM-Run-AVPDWIN - c:\program files\Panda Software\Panda Demo\pandasft.exe
HKLM-Run-WinampAgent - c:\program files\Winamp\winampa.exe


.
------- Skan uzupełniający -------
.
uStart Page = hxxp://google.pl/
uInternet Connection Wizard,ShellNext = iexplore
IE: Add to AMV Converter... - c:\program files\MP3 Player Utilities 4.13\AMVConverter\grab.html
IE: MediaManager tool grab multimedia file - c:\program files\MP3 Player Utilities 4.13\MediaManager\grab.html
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-17 21:36:35
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

skanowanie ukrytych procesów ... 

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ... 

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\OMSCAN]
"ImagePath"="\Sys"
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\windows\system32\msdtc.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\snmp.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\mqsvc.exe
c:\windows\system32\mqtgsvc.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
.
**************************************************************************
.
Czas ukończenia: 2009-03-17 21:38:29 - komputer został uruchomiony ponownie [Admin]
ComboFix-quarantined-files.txt  2009-03-17 20:38:26

Przed: 31 550 398 464 bajtów wolnych
Po: 31,586,463,744 bajtów wolnych

216


Ato log z hichthis czy jakos tam

Kod: Zaznacz wszystko

ComboFix 09-03-15.01 - Admin 2009-03-17 21:32:10.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1250.1.1045.18.1023.580 [GMT 1:00]
Uruchomiony z: c:\documents and settings\Admin\Pulpit\ComboFix.exe
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated)
* Utworzono nowy punkt przywracania

UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!
.

(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\Cache
D:\Autorun.inf
D:\MS32DLL.dll.vbs

.
(((((((((((((((((((((((((((((((((((((((   Sterowniki/Usługi   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_POWERMANAGER


(((((((((((((((((((((((((   Pliki utworzone od 2009-02-17 do 2009-03-17  )))))))))))))))))))))))))))))))
.

2009-03-17 20:29 . 2009-03-17 20:29   <DIR>   d---s----   c:\documents and settings\Admin\UserData
2009-03-15 20:05 . 2009-03-15 20:05   <DIR>   d--------   c:\program files\Trend Micro
2009-03-14 16:31 . 2006-07-03 05:16   88,960   -ra------   c:\windows\system32\drivers\ewusbmdm.sys
2009-03-14 16:25 . 2009-03-14 16:25   <DIR>   d--------   c:\program files\iPlus
2009-03-13 14:58 . 2009-03-13 14:58   98,304   --a------   c:\windows\system32\CmdLineExt.dll
2009-03-12 21:06 . 2009-03-12 21:06   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\MSN6
2009-03-12 21:06 . 2009-03-12 21:08   <DIR>   d--------   c:\documents and settings\Admin\Dane aplikacji\MSN6
2009-03-12 10:30 . 2009-03-12 11:01   <DIR>   d-a------   c:\documents and settings\All Users\Dane aplikacji\TEMP

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-17 20:35   ---------   d-----w   c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab
2009-03-17 20:34   450,592   --sha-w   c:\windows\system32\drivers\fidbox2.dat
2009-03-17 20:34   4,716   --sha-w   c:\windows\system32\drivers\fidbox2.idx
2009-03-17 20:34   4,236,320   --sha-w   c:\windows\system32\drivers\fidbox.dat
2009-03-17 20:34   36,272   --sha-w   c:\windows\system32\drivers\fidbox.idx
2009-03-14 15:31   36,334   ----a-w   c:\windows\E220AutoRunLog.tmp
2009-03-14 15:25   ---------   d-----w   c:\documents and settings\Admin\Dane aplikacji\iPlus
2009-03-11 22:03   89,601   ----a-w   c:\windows\system32\drivers\klick.dat
2009-03-11 22:03   33,808   ----a-w   c:\windows\system32\drivers\klbg.sys
2009-03-11 22:03   101,287   ----a-w   c:\windows\system32\drivers\klin.dat
2007-01-07 19:21   0   ----a-w   c:\documents and settings\Admin\Dane aplikacji\wklnhst.dat
.

------- Sigcheck -------

2001-10-26 18:30  12800  b3c95bfeef6781a82a1c429f466a3a11   c:\windows\$NtServicePackUninstall$\svchost.exe
2008-04-14 22:51  14336  8607d35d92528e2df386f19a960d23ce   c:\windows\ServicePackFiles\i386\svchost.exe
2008-04-14 22:51  14336  8607d35d92528e2df386f19a960d23ce   c:\windows\system32\svchost.exe

2002-09-20 17:04  561664  3a4892a57cfe05d61e4bbc3ec3e24a63   c:\windows\$NtServicePackUninstall$\user32.dll
2008-04-14 22:50  580096  a435c5c069afd901751ac323ad238793   c:\windows\ServicePackFiles\i386\user32.dll
2008-04-14 22:50  580096  a435c5c069afd901751ac323ad238793   c:\windows\system32\user32.dll

2001-10-26 18:29  75264  9b7d1c56cc12d806314b853bf52ecb4c   c:\windows\$NtServicePackUninstall$\ws2_32.dll
2008-04-14 22:51  82432  c0aa2ab856680c44739b41e01f5bd4e9   c:\windows\ServicePackFiles\i386\ws2_32.dll
2008-04-14 22:51  82432  c0aa2ab856680c44739b41e01f5bd4e9   c:\windows\system32\ws2_32.dll

2002-09-20 17:05  601600  4965c02574610e9b2d1e18d63d11a772   c:\windows\$NtServicePackUninstall$\wininet.dll
2008-04-14 22:50  668672  0457f0afd6ee10445d8cf721fb5fa4eb   c:\windows\ServicePackFiles\i386\wininet.dll
2008-04-14 22:50  668672  0457f0afd6ee10445d8cf721fb5fa4eb   c:\windows\system32\wininet.dll

2002-08-29 00:58  332928  244a2f9816bc9b593957281ef577d976   c:\windows\$NtServicePackUninstall$\tcpip.sys
2008-04-14 00:50  361344  93ea8d04ec73a85db02eb8805988f733   c:\windows\ServicePackFiles\i386\tcpip.sys
2008-04-14 00:50  361344  93ea8d04ec73a85db02eb8805988f733   c:\windows\system32\drivers\tcpip.sys

2002-09-20 17:05  519168  8b6e6bb5d451f8bbc0621203b687d993   c:\windows\$NtServicePackUninstall$\winlogon.exe
2008-04-14 22:51  510464  51fd2e13d723857b9ca239ae77150f48   c:\windows\ServicePackFiles\i386\winlogon.exe
2008-04-14 22:51  510464  51fd2e13d723857b9ca239ae77150f48   c:\windows\system32\winlogon.exe

2002-08-29 01:09  167552  3b350e5a2a5e951453f3993275a4523a   c:\windows\$NtServicePackUninstall$\ndis.sys
2008-04-14 00:50  182656  1df7f42665c94b825322fae71721130d   c:\windows\ServicePackFiles\i386\ndis.sys
2008-04-14 00:50  182656  1df7f42665c94b825322fae71721130d   c:\windows\system32\drivers\ndis.sys

2008-04-14 00:23  36608  3bb22519a194418d5fec05d800a19ad0   c:\windows\ServicePackFiles\i386\ip6fw.sys
2008-04-14 00:23  36608  3bb22519a194418d5fec05d800a19ad0   c:\windows\system32\drivers\ip6fw.sys

2002-09-20 17:18  1921536  3805154f53701c0f3dc438329bf89efb   c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
2008-04-14 21:59  2067200  4bba965664faa56b187c27f4cad7e7c5   c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
2008-04-14 21:59  2025472  280cd53ba94a32bca61b5ea01753aed8   c:\windows\system32\ntkrnlpa.exe

2002-09-20 16:12  1892864  0f8e5919d769f7dcefb559013400038c   c:\windows\$NtServicePackUninstall$\ntoskrnl.exe
2008-04-14 22:00  2190336  8ca14ecf04594eabbe93c9ff2e3cbfb1   c:\windows\ServicePackFiles\i386\ntoskrnl.exe
2008-04-14 21:59  2146816  1b4b41ac8cdaa66ded8999a7de212d3e   c:\windows\system32\ntoskrnl.exe

2008-04-14 22:51  1035264  c791ed9eac5e76d9525e157b1d7a599a   c:\windows\explorer.exe
2002-09-20 17:05  1005568  f4af85d918e83d71341fce2aa5318181   c:\windows\$NtServicePackUninstall$\explorer.exe
2008-04-14 22:51  1035264  c791ed9eac5e76d9525e157b1d7a599a   c:\windows\ServicePackFiles\i386\explorer.exe

2001-10-26 18:30  101888  bf4cbefdce42a699389791647cb95ca2   c:\windows\$NtServicePackUninstall$\services.exe
2008-04-14 22:51  109056  3e3ae424e27c4cefe4cab368c7b570ea   c:\windows\ServicePackFiles\i386\services.exe
2008-04-14 22:51  109056  3e3ae424e27c4cefe4cab368c7b570ea   c:\windows\system32\services.exe

2002-09-20 17:05  11776  fa2c871f57352339f0a1802bb9aea6e7   c:\windows\$NtServicePackUninstall$\lsass.exe
2008-04-14 22:51  13312  88296f7943f30a1ee3af735440b92268   c:\windows\ServicePackFiles\i386\lsass.exe
2008-04-14 22:51  13312  88296f7943f30a1ee3af735440b92268   c:\windows\system32\lsass.exe

2002-09-20 17:05  13312  0c4c012b0a8960f48a666c240a7baa3d   c:\windows\$NtServicePackUninstall$\ctfmon.exe
2008-04-14 22:51  15360  1bd41eda5b869afc99895c39a8de36e1   c:\windows\ServicePackFiles\i386\ctfmon.exe
2008-04-14 22:51  15360  1bd41eda5b869afc99895c39a8de36e1   c:\windows\system32\ctfmon.exe

2001-10-26 18:30  51200  414af353e9eeed8637d90370fd0c3b68   c:\windows\$NtServicePackUninstall$\spoolsv.exe
2008-04-14 22:51  57856  dd69ec597ab942c39b950d9c3ce1375d   c:\windows\ServicePackFiles\i386\spoolsv.exe
2008-04-14 22:51  57856  dd69ec597ab942c39b950d9c3ce1375d   c:\windows\system32\spoolsv.exe

2002-09-20 17:05  142336  2bdcbf19c5222fda21b049d1fbac7b36   c:\windows\$NtServicePackUninstall$\wuauclt.exe
2008-04-14 22:51  112128  9a19ba6d99b8ec3db5b3eff71b0a0bb5   c:\windows\ServicePackFiles\i386\wuauclt.exe
2008-10-16 14:09  51224  e654b78d2f1d791b30d0ed9a8195ec22   c:\windows\SoftwareDistribution\SelfUpdate\wuauclt.exe
2008-04-14 22:51  112128  9a19ba6d99b8ec3db5b3eff71b0a0bb5   c:\windows\system32\wuauclt.exe

2002-09-20 17:05  22528  323d3ffcbf99c59b2d20b4c5a7ece347   c:\windows\$NtServicePackUninstall$\userinit.exe
2008-04-14 22:51  26624  2a5b37d520508be6570a3ea79695f5b5   c:\windows\ServicePackFiles\i386\userinit.exe
2008-04-14 22:51  26624  2a5b37d520508be6570a3ea79695f5b5   c:\windows\system32\userinit.exe

2002-09-20 17:04  201216  c4ee140f5edcf2fc20099b56ddbe5445   c:\windows\$NtServicePackUninstall$\termsrv.dll
2008-04-14 22:50  296448  52e0505408edd4ab5ccc7f83b67b4299   c:\windows\ServicePackFiles\i386\termsrv.dll
2008-04-14 22:50  296448  52e0505408edd4ab5ccc7f83b67b4299   c:\windows\system32\termsrv.dll

2002-09-20 17:04  958976  8d452c28d7cad9b5bbdb3c41730305e9   c:\windows\$NtServicePackUninstall$\kernel32.dll
2008-04-14 22:50  1018368  fce4ecc34a36edacf03dbe8de5e28910   c:\windows\ServicePackFiles\i386\kernel32.dll
2008-04-14 22:50  1018368  fce4ecc34a36edacf03dbe8de5e28910   c:\windows\system32\kernel32.dll

2001-10-26 18:29  14848  cf06ff4307712677dd2ea86921ccd52f   c:\windows\$NtServicePackUninstall$\powrprof.dll
2008-04-14 22:50  17408  414c17a2958aedac700bbaafbf999f94   c:\windows\ServicePackFiles\i386\powrprof.dll
2008-04-14 22:50  17408  414c17a2958aedac700bbaafbf999f94   c:\windows\system32\powrprof.dll

2002-09-20 17:03  103936  b85f29a061f7d554c8f8092ade4ec107   c:\windows\$NtServicePackUninstall$\imm32.dll
2008-04-14 22:50  110080  2e9a03268e609917b83921ee16fd9cfb   c:\windows\ServicePackFiles\i386\imm32.dll
2008-04-14 22:50  110080  2e9a03268e609917b83921ee16fd9cfb   c:\windows\system32\imm32.dll
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 143360]
"Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2007-07-09 2119104]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2007-01-09 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2006-08-11 7630848]
"NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2006-08-11 86016]
"TrayServer"="c:\program files\MAGIX\Movie_Edit_Pro_14_silver\TrayServer.exe" [2007-12-04 90112]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-01-11 155648]
"DataLayer"="c:\progra~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE" [2004-09-23 1019392]
"PCSuiteTrayApplication"="c:\progra~1\Nokia\NOKIAP~1\TRAYAP~1.EXE" [2004-09-15 148992]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2009-03-11 206088]
"iPlusManager"="c:\program files\iPlus\iPlusChecker.exe" [2006-08-28 274432]
"RTHDCPL"="RTHDCPL.EXE" [2006-11-14 c:\windows\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe]
"nwiz"="nwiz.exe" [2006-08-11 c:\windows\system32\nwiz.exe]
"MsmqIntCert"="mqrt.dll" [2008-04-14 c:\windows\system32\mqrt.dll]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.3iv2"= 3ivxVfWCodec.dll
"msacm.divxa32"= divxa32.acm
"VIDC.HFYU"= huffyuv.dll
"VIDC.i263"= i263_32.drv
"msacm.imc"= imc32.acm
"VIDC.VP31"= vp31vfw.dll
"VIDC.NSVI"= nsvideo.dll
"VIDC.JPEG"= JpegCode.dll
"VIDC.MJPG"= JpegCode.dll
"msacm.ac3filter"= ac3filter.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"c:\\Program Files\\Gadu-Gadu\\gg.exe"=
"c:\\Program Files\\Vietcong - Zlota Edycja\\Vietcong 2\\vc2ded.exe"=
"d:\\gry anka\\Diablo II\\Game.exe"=

R0 Achernar;Achernar - SCSI Command Filter Drivers;c:\windows\system32\drivers\Achernar.sys [2006-12-27 18432]
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 33808]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-04-30 24592]
R3 PhTVTune;MEDION TV-TUNER 7134 MK2/3;c:\windows\system32\drivers\PhTVTune.sys [2006-12-26 24288]
S3 DSCVc;Video Capture;c:\windows\system32\DRIVERS\CoachVc.sys --> c:\windows\system32\DRIVERS\CoachVc.sys [?]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [2006-12-31 1527900]
S3 FlyPCI;FlyPCI;c:\windows\system32\drivers\FlyPCI.sys [2006-12-26 4134]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [2006-12-13 19072]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2005-08-02 32512]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs
.
- - - - USUNIĘTO PUSTE WPISY - - - -

HKLM-Run-RemoteControl - c:\program files\CyberLink\PowerDVD\PDVDServ.exe
HKLM-Run-WinDVRCtrl - c:\windows\WDVRCtrl.exe
HKLM-Run-AVPDWIN - c:\program files\Panda Software\Panda Demo\pandasft.exe
HKLM-Run-WinampAgent - c:\program files\Winamp\winampa.exe


.
------- Skan uzupełniający -------
.
uStart Page = hxxp://google.pl/
uInternet Connection Wizard,ShellNext = iexplore
IE: Add to AMV Converter... - c:\program files\MP3 Player Utilities 4.13\AMVConverter\grab.html
IE: MediaManager tool grab multimedia file - c:\program files\MP3 Player Utilities 4.13\MediaManager\grab.html
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-17 21:36:35
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

skanowanie ukrytych procesów ... 

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ... 

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\OMSCAN]
"ImagePath"="\Sys"
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\windows\system32\msdtc.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\snmp.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\mqsvc.exe
c:\windows\system32\mqtgsvc.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
.
**************************************************************************
.
Czas ukończenia: 2009-03-17 21:38:29 - komputer został uruchomiony ponownie [Admin]
ComboFix-quarantined-files.txt  2009-03-17 20:38:26

Przed: 31 550 398 464 bajtów wolnych
Po: 31,586,463,744 bajtów wolnych

216


Z góry jeszcze raz dzięki !!!!

[wojtas]

wklej do notatnika

Windows Registry Editor Version 5.00

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]

w notatniku u góry>>>plik zapisz jako>>>Zmien rozszerzenie z TXT na Wszystkie pliki *.* >>> Zapisz pod nazwą FIX.REG

Klikasz dwa razy na powstały plik fix i dodajesz go do rejestru....

1. Ściągnij OTMoveIt i go włacz i odpal go z opcji CleanUp oraz skasuj folder C:\Qoobox
2. wykonaj optymalizację windowsa
3.sciagnij ATF_Cleaner
zaznacz
Windows Temp
All users Temp
Temporary internet files
Recycle Bin
i wcisnij EMPTY SELECTED
4.Wyłącz przywracanie systemu ( właściwości mój komputer-zakładka przywracanie - wyłącz przywracanie na wszystkich dyskach). Po chwili włącz je powrotem
5. Wykonaj skan Dr. Web CureIt
6. Przeskanuj obszar mojego komputera http://www.kaspersky.pl/virusscanner.html (uruchom przez IE) Daj raport z niego na forum.

i tym:

FixIEDef.

[kamilkil4]

combofix

Kod: Zaznacz wszystko

ComboFix 09-03-18.01 - Admin 2009-03-19 13:49:05.3 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1250.1.1045.18.1023.608 [GMT 1:00]
Uruchomiony z: c:\documents and settings\Admin\Pulpit\ComboFix.exe
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated)

UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!
.

(((((((((((((((((((((((((   Pliki utworzone od 2009-02-19 do 2009-03-19  )))))))))))))))))))))))))))))))
.

2009-03-18 20:56 . 2009-03-18 20:56   <DIR>   d--------   c:\windows\ERUNT
2009-03-18 20:56 . 2009-03-18 20:56   <DIR>   d--------   C:\ERDNT
2009-03-18 20:56 . 2009-03-18 20:56   <DIR>   d--------   C:\!FixIEDef
2009-03-18 20:49 . 2009-03-18 20:49   <DIR>   d--------   c:\documents and settings\Admin\DoctorWeb
2009-03-18 16:35 . 2009-03-18 16:33   108,544   ---------   c:\windows\system32\pxcpyi64.exe
2009-03-18 16:35 . 2009-03-18 16:33   104,960   ---------   c:\windows\system32\pxinsi64.exe
2009-03-18 16:34 . 2009-03-18 16:40   <DIR>   d--------   c:\program files\Musicmatch
2009-03-18 16:32 . 2008-04-14 22:51   221,184   --a------   c:\windows\system32\wmpns.dll
2009-03-17 20:29 . 2009-03-17 20:29   <DIR>   d---s----   c:\documents and settings\Admin\UserData
2009-03-15 20:05 . 2009-03-15 20:05   <DIR>   d--------   c:\program files\Trend Micro
2009-03-14 16:31 . 2006-07-03 05:16   88,960   -ra------   c:\windows\system32\drivers\ewusbmdm.sys
2009-03-14 16:25 . 2009-03-14 16:25   <DIR>   d--------   c:\program files\iPlus
2009-03-13 14:58 . 2009-03-13 14:58   98,304   --a------   c:\windows\system32\CmdLineExt.dll
2009-03-12 21:06 . 2009-03-12 21:06   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\MSN6
2009-03-12 21:06 . 2009-03-12 21:08   <DIR>   d--------   c:\documents and settings\Admin\Dane aplikacji\MSN6
2009-03-12 10:30 . 2009-03-12 11:01   <DIR>   d-a------   c:\documents and settings\All Users\Dane aplikacji\TEMP

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-19 12:34   ---------   d-----w   c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab
2009-03-19 11:33   475,168   --sha-w   c:\windows\system32\drivers\fidbox2.dat
2009-03-19 11:32   4,800   --sha-w   c:\windows\system32\drivers\fidbox2.idx
2009-03-18 22:31   4,236,320   --sha-w   c:\windows\system32\drivers\fidbox.dat
2009-03-18 22:31   36,272   --sha-w   c:\windows\system32\drivers\fidbox.idx
2009-03-18 15:34   ---------   d--h--w   c:\program files\InstallShield Installation Information
2009-03-14 15:31   36,334   ----a-w   c:\windows\E220AutoRunLog.tmp
2009-03-14 15:25   ---------   d-----w   c:\documents and settings\Admin\Dane aplikacji\iPlus
2009-03-11 22:03   89,601   ----a-w   c:\windows\system32\drivers\klick.dat
2009-03-11 22:03   33,808   ----a-w   c:\windows\system32\drivers\klbg.sys
2009-03-11 22:03   101,287   ----a-w   c:\windows\system32\drivers\klin.dat
2007-01-07 19:21   0   ----a-w   c:\documents and settings\Admin\Dane aplikacji\wklnhst.dat
.

------- Sigcheck -------

2001-10-26 18:30  12800  b3c95bfeef6781a82a1c429f466a3a11   c:\windows\$NtServicePackUninstall$\svchost.exe
2008-04-14 22:51  14336  8607d35d92528e2df386f19a960d23ce   c:\windows\ServicePackFiles\i386\svchost.exe
2008-04-14 22:51  14336  8607d35d92528e2df386f19a960d23ce   c:\windows\system32\svchost.exe

2002-09-20 17:04  561664  3a4892a57cfe05d61e4bbc3ec3e24a63   c:\windows\$NtServicePackUninstall$\user32.dll
2008-04-14 22:50  580096  a435c5c069afd901751ac323ad238793   c:\windows\ServicePackFiles\i386\user32.dll
2008-04-14 22:50  580096  a435c5c069afd901751ac323ad238793   c:\windows\system32\user32.dll

2001-10-26 18:29  75264  9b7d1c56cc12d806314b853bf52ecb4c   c:\windows\$NtServicePackUninstall$\ws2_32.dll
2008-04-14 22:51  82432  c0aa2ab856680c44739b41e01f5bd4e9   c:\windows\ServicePackFiles\i386\ws2_32.dll
2008-04-14 22:51  82432  c0aa2ab856680c44739b41e01f5bd4e9   c:\windows\system32\ws2_32.dll

2002-09-20 17:05  601600  4965c02574610e9b2d1e18d63d11a772   c:\windows\$NtServicePackUninstall$\wininet.dll
2008-04-14 22:50  668672  0457f0afd6ee10445d8cf721fb5fa4eb   c:\windows\ServicePackFiles\i386\wininet.dll
2008-04-14 22:50  668672  0457f0afd6ee10445d8cf721fb5fa4eb   c:\windows\system32\wininet.dll

2002-08-29 00:58  332928  244a2f9816bc9b593957281ef577d976   c:\windows\$NtServicePackUninstall$\tcpip.sys
2008-04-14 00:50  361344  93ea8d04ec73a85db02eb8805988f733   c:\windows\ServicePackFiles\i386\tcpip.sys
2008-04-14 00:50  361344  93ea8d04ec73a85db02eb8805988f733   c:\windows\system32\drivers\tcpip.sys

2002-09-20 17:05  519168  8b6e6bb5d451f8bbc0621203b687d993   c:\windows\$NtServicePackUninstall$\winlogon.exe
2008-04-14 22:51  510464  51fd2e13d723857b9ca239ae77150f48   c:\windows\ServicePackFiles\i386\winlogon.exe
2008-04-14 22:51  510464  51fd2e13d723857b9ca239ae77150f48   c:\windows\system32\winlogon.exe

2002-08-29 01:09  167552  3b350e5a2a5e951453f3993275a4523a   c:\windows\$NtServicePackUninstall$\ndis.sys
2008-04-14 00:50  182656  1df7f42665c94b825322fae71721130d   c:\windows\ServicePackFiles\i386\ndis.sys
2008-04-14 00:50  182656  1df7f42665c94b825322fae71721130d   c:\windows\system32\drivers\ndis.sys

2008-04-14 00:23  36608  3bb22519a194418d5fec05d800a19ad0   c:\windows\ServicePackFiles\i386\ip6fw.sys
2008-04-14 00:23  36608  3bb22519a194418d5fec05d800a19ad0   c:\windows\system32\drivers\ip6fw.sys

2002-09-20 17:18  1921536  3805154f53701c0f3dc438329bf89efb   c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
2008-04-14 21:59  2067200  4bba965664faa56b187c27f4cad7e7c5   c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
2008-04-14 21:59  2025472  280cd53ba94a32bca61b5ea01753aed8   c:\windows\system32\ntkrnlpa.exe

2002-09-20 16:12  1892864  0f8e5919d769f7dcefb559013400038c   c:\windows\$NtServicePackUninstall$\ntoskrnl.exe
2008-04-14 22:00  2190336  8ca14ecf04594eabbe93c9ff2e3cbfb1   c:\windows\ServicePackFiles\i386\ntoskrnl.exe
2008-04-14 21:59  2146816  1b4b41ac8cdaa66ded8999a7de212d3e   c:\windows\system32\ntoskrnl.exe

2008-04-14 22:51  1035264  c791ed9eac5e76d9525e157b1d7a599a   c:\windows\explorer.exe
2002-09-20 17:05  1005568  f4af85d918e83d71341fce2aa5318181   c:\windows\$NtServicePackUninstall$\explorer.exe
2008-04-14 22:51  1035264  c791ed9eac5e76d9525e157b1d7a599a   c:\windows\ServicePackFiles\i386\explorer.exe

2001-10-26 18:30  101888  bf4cbefdce42a699389791647cb95ca2   c:\windows\$NtServicePackUninstall$\services.exe
2008-04-14 22:51  109056  3e3ae424e27c4cefe4cab368c7b570ea   c:\windows\ServicePackFiles\i386\services.exe
2008-04-14 22:51  109056  3e3ae424e27c4cefe4cab368c7b570ea   c:\windows\system32\services.exe

2002-09-20 17:05  11776  fa2c871f57352339f0a1802bb9aea6e7   c:\windows\$NtServicePackUninstall$\lsass.exe
2008-04-14 22:51  13312  88296f7943f30a1ee3af735440b92268   c:\windows\ServicePackFiles\i386\lsass.exe
2008-04-14 22:51  13312  88296f7943f30a1ee3af735440b92268   c:\windows\system32\lsass.exe

2002-09-20 17:05  13312  0c4c012b0a8960f48a666c240a7baa3d   c:\windows\$NtServicePackUninstall$\ctfmon.exe
2008-04-14 22:51  15360  1bd41eda5b869afc99895c39a8de36e1   c:\windows\ServicePackFiles\i386\ctfmon.exe
2008-04-14 22:51  15360  1bd41eda5b869afc99895c39a8de36e1   c:\windows\system32\ctfmon.exe

2001-10-26 18:30  51200  414af353e9eeed8637d90370fd0c3b68   c:\windows\$NtServicePackUninstall$\spoolsv.exe
2008-04-14 22:51  57856  dd69ec597ab942c39b950d9c3ce1375d   c:\windows\ServicePackFiles\i386\spoolsv.exe
2008-04-14 22:51  57856  dd69ec597ab942c39b950d9c3ce1375d   c:\windows\system32\spoolsv.exe

2002-09-20 17:05  142336  2bdcbf19c5222fda21b049d1fbac7b36   c:\windows\$NtServicePackUninstall$\wuauclt.exe
2008-04-14 22:51  112128  9a19ba6d99b8ec3db5b3eff71b0a0bb5   c:\windows\ServicePackFiles\i386\wuauclt.exe
2008-10-16 14:09  51224  e654b78d2f1d791b30d0ed9a8195ec22   c:\windows\SoftwareDistribution\SelfUpdate\wuauclt.exe
2008-04-14 22:51  112128  9a19ba6d99b8ec3db5b3eff71b0a0bb5   c:\windows\system32\wuauclt.exe

2002-09-20 17:05  22528  323d3ffcbf99c59b2d20b4c5a7ece347   c:\windows\$NtServicePackUninstall$\userinit.exe
2008-04-14 22:51  26624  2a5b37d520508be6570a3ea79695f5b5   c:\windows\ServicePackFiles\i386\userinit.exe
2008-04-14 22:51  26624  2a5b37d520508be6570a3ea79695f5b5   c:\windows\system32\userinit.exe

2002-09-20 17:04  201216  c4ee140f5edcf2fc20099b56ddbe5445   c:\windows\$NtServicePackUninstall$\termsrv.dll
2008-04-14 22:50  296448  52e0505408edd4ab5ccc7f83b67b4299   c:\windows\ServicePackFiles\i386\termsrv.dll
2008-04-14 22:50  296448  52e0505408edd4ab5ccc7f83b67b4299   c:\windows\system32\termsrv.dll

2002-09-20 17:04  958976  8d452c28d7cad9b5bbdb3c41730305e9   c:\windows\$NtServicePackUninstall$\kernel32.dll
2008-04-14 22:50  1018368  fce4ecc34a36edacf03dbe8de5e28910   c:\windows\ServicePackFiles\i386\kernel32.dll
2008-04-14 22:50  1018368  fce4ecc34a36edacf03dbe8de5e28910   c:\windows\system32\kernel32.dll

2001-10-26 18:29  14848  cf06ff4307712677dd2ea86921ccd52f   c:\windows\$NtServicePackUninstall$\powrprof.dll
2008-04-14 22:50  17408  414c17a2958aedac700bbaafbf999f94   c:\windows\ServicePackFiles\i386\powrprof.dll
2008-04-14 22:50  17408  414c17a2958aedac700bbaafbf999f94   c:\windows\system32\powrprof.dll

2002-09-20 17:03  103936  b85f29a061f7d554c8f8092ade4ec107   c:\windows\$NtServicePackUninstall$\imm32.dll
2008-04-14 22:50  110080  2e9a03268e609917b83921ee16fd9cfb   c:\windows\ServicePackFiles\i386\imm32.dll
2008-04-14 22:50  110080  2e9a03268e609917b83921ee16fd9cfb   c:\windows\system32\imm32.dll
.
(((((((((((((((((((((((((((((   SnapShot@2009-03-19_13.23.28,09   )))))))))))))))))))))))))))))))))))))))))
.
- 2009-03-19 10:49:31   16,384   ----a-w   c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-03-19 12:34:07   16,384   ----a-w   c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-03-19 10:49:31   32,768   ----a-w   c:\windows\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\index.dat
+ 2009-03-19 12:34:07   32,768   ----a-w   c:\windows\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\index.dat
- 2009-03-19 12:07:40   215,177   ----a-w   c:\windows\system32\inetsrv\MetaBase.bin
+ 2009-03-19 12:34:07   215,179   ----a-w   c:\windows\system32\inetsrv\MetaBase.bin
+ 2009-03-19 12:34:22   16,384   ----atw   c:\windows\Temp\Perflib_Perfdata_7bc.dat
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 143360]
"Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2007-07-09 2119104]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2007-01-09 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2006-08-11 7630848]
"NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2006-08-11 86016]
"TrayServer"="c:\program files\MAGIX\Movie_Edit_Pro_14_silver\TrayServer.exe" [2007-12-04 90112]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-01-11 155648]
"DataLayer"="c:\progra~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE" [2004-09-23 1019392]
"PCSuiteTrayApplication"="c:\progra~1\Nokia\NOKIAP~1\TRAYAP~1.EXE" [2004-09-15 148992]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2009-03-11 206088]
"iPlusManager"="c:\program files\iPlus\iPlusChecker.exe" [2006-08-28 274432]
"RTHDCPL"="RTHDCPL.EXE" [2006-11-14 c:\windows\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe]
"nwiz"="nwiz.exe" [2006-08-11 c:\windows\system32\nwiz.exe]
"MsmqIntCert"="mqrt.dll" [2008-04-14 c:\windows\system32\mqrt.dll]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.3iv2"= 3ivxVfWCodec.dll
"msacm.divxa32"= divxa32.acm
"VIDC.HFYU"= huffyuv.dll
"VIDC.i263"= i263_32.drv
"msacm.imc"= imc32.acm
"VIDC.VP31"= vp31vfw.dll
"VIDC.NSVI"= nsvideo.dll
"VIDC.JPEG"= JpegCode.dll
"VIDC.MJPG"= JpegCode.dll
"msacm.ac3filter"= ac3filter.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"c:\\Program Files\\Gadu-Gadu\\gg.exe"=
"c:\\Program Files\\Vietcong - Zlota Edycja\\Vietcong 2\\vc2ded.exe"=
"d:\\gry anka\\Diablo II\\Game.exe"=

R0 Achernar;Achernar - SCSI Command Filter Drivers;c:\windows\system32\drivers\Achernar.sys [2006-12-27 18432]
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 33808]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-04-30 24592]
R3 PhTVTune;MEDION TV-TUNER 7134 MK2/3;c:\windows\system32\drivers\PhTVTune.sys [2006-12-26 24288]
S3 DSCVc;Video Capture;c:\windows\system32\DRIVERS\CoachVc.sys --> c:\windows\system32\DRIVERS\CoachVc.sys [?]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [2006-12-31 1527900]
S3 FlyPCI;FlyPCI;c:\windows\system32\drivers\FlyPCI.sys [2006-12-26 4134]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [2006-12-13 19072]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2005-08-02 32512]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://google.pl/
uInternet Connection Wizard,ShellNext = iexplore
IE: Add to AMV Converter... - c:\program files\MP3 Player Utilities 4.13\AMVConverter\grab.html
IE: MediaManager tool grab multimedia file - c:\program files\MP3 Player Utilities 4.13\MediaManager\grab.html
TCP: {42A005A5-009A-4FFA-842E-060770F0E124} = 212.2.96.51 212.2.96.52
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-19 13:50:41
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

skanowanie ukrytych procesów ... 

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ... 

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\OMSCAN]
"ImagePath"="\Sys"
.
Czas ukończenia: 2009-03-19 13:51:48
ComboFix-quarantined-files.txt  2009-03-19 12:51:45
ComboFix2.txt  2009-03-19 12:24:13

Przed: 35 412 123 648 bajtów wolnych
Po: 35,402,940,416 bajtów wolnych

204


hijackthis

Kod: Zaznacz wszystko

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:05:47, on 2009-03-15
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\iPlus\iPlusChecker.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\SYSTEM32\cidaemon.exe
C:\Program Files\iPlus\iPlusFlashSkin.exe
C:\WINDOWS\SYSTEM32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinDVRCtrl] C:\WINDOWS\WDVRCtrl.exe
O4 - HKLM\..\Run: [ScanRegistry] C:\W
O4 - HKLM\..\Run: [TrayServer] C:\Program Files\MAGIX\Movie_Edit_Pro_14_silver\TrayServer.exe
O4 - HKLM\..\Run: [AVPDWIN] "C:\Program Files\Panda Software\Panda Demo\pandasft.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKLM\..\Run: [iPlusManager] C:\Program Files\iPlus\iPlusChecker.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.13\AMVConverter\grab.html
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.13\MediaManager\grab.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Statystyki ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{42A005A5-009A-4FFA-842E-060770F0E124}: NameServer = 212.2.96.53 212.2.96.54
O18 - Protocol: a5res - (no CLSID) - (no file)
O18 - Protocol: XBasic - (no CLSID) - (no file)
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

--
End of file - 6873 bytes


fixiedef

Kod: Zaznacz wszystko

********************************************************************************
*                                                                              *
*                                 FixIEDef Log                                 *
*                              Version 1.7.22.7514                             *
*                                                                              *
********************************************************************************

Created at 12:02:47 on Thursday, March 19, 2009

Time Zone            :

Logged On User       : Admin

Operating System     : Microsoft Windows XP Professional Dodatek Service Pack 3
OS Architecture      : X86
System Langauge      : Polish
Keyboard Layout      : Polish
Processor            : X64               Intel(R) Pentium(R) D CPU 3.00GHz

System Drive         : C:\
Windows Directory    : C:\WINDOWS
System Directory     : C:\WINDOWS\system32

System Drive Type    : Fixed
System Drive Status  : READY
System Drive Label   :
System Drive Size    : 79.49 GB
System Drive Free    : 33.82 GB

Total Physical Memory: 1023 MB
Free Physical Memory : 473 MB
Total Page File      : 1023 MB
Free Page File       : 2069 MB
Total Virtual Memory : 2048 MB
Free Virtual Memory  : 1969 MB

Boot State           : Normal boot

--------------------------------------------------------------------------------

!!! userinit.exe is Clean !!!

--------------------------------------------------------------------------------

!!! Files that have been deleted !!!

No malicious files found

--------------------------------------------------------------------------------

!!! Directories that have been removed !!!

No malicious directories to be removed

--------------------------------------------------------------------------------

!!! Registry entries that have been removed !!!

No malicious Registry entries found

================================================================================

All Done :)

ShadowPuterDude

Safe Surfing!!!

[wojtas]

a raport z kaspra?