Zawieszanie sie explorera.exe

[bleetz]

witam
dosc czesto zawiesza mi sie explorer.exe i nie moge wtedy nawet wejsc do menedzera urzadzen
mks online wykryl pare wirkow

z gory dzieki za sprawdzenie

logi z HJT

Kod: Zaznacz wszystko

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:53:16, on 2008-12-07
Platform: Windows XP SP3, v.5657 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\WINDOWS\V0470Mon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
D:\steam\steam.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Ahead\Nero StartSmart\NeroStartSmart.exe
C:\Program Files\Ahead\nero\nero.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe, explorer.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [V0470Mon.exe] C:\WINDOWS\V0470Mon.exe
O4 - HKLM\..\Run: [Barsaka] explorer.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [kamsoft] C:\WINDOWS\system32\kamsoft.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Steam] "d:\steam\steam.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - Startup: lsass.exe
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Wyślij do interfejsu &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{46B4E1DA-7249-4484-AA5D-28F1D05980EE}: NameServer = 192.168.0.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA-OMEGA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Power Manager (PowerManager) - Unknown owner - C:\WINDOWS\svchost.exe (file missing)

--
End of file - 7648 bytes


[wojtas]

Wykonaj to co jest podane w tym temacie

Zastosuj SDFix . Po pobraniu uruchom go a rozpakuje się do C:\SDFix. Uruchom komputer w trybie awaryjnym (F8 przy stracie systemu). Będąc w awaryjnym uruchom plik RunThis.bat z folderu SDFixa. Zatwierdź czyszczenie przez Y. Poczekaj aż ukończy i komputer zresetuje

Potem wejdz do folderu C:\SDFix wrzuc zawartość pliku Report.txt + log z combofixa oraz daj loga z hijacka

[bleetz]

sdfix

Kod: Zaznacz wszystko


[b]SDFix: Version 1.240 [/b]
Run by lapek on 2008-12-07 at 18:40

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\Documents and Settings\lapek\Desktop\SDFix\SDFix

[b]Checking Services [/b]:


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


[b]Checking Files [/b]:

Trojan Files Found:

C:\autorun.inf - Deleted



Folder C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013 - Removed


Removing Temp Files

[b]ADS Check [/b]:



                                 [b]Final Check [/b]:

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-07 18:44:21
Windows 5.1.2600 Service Pack 3, v.5657 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:9e,0c,1e,eb,07,6e,0b,cb,de,78,70,a1,00,3f,4e,39,f8,9d,38,38,ac,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,70,26,00,41,e0,5d,31,10,60,d7,c6,3b,e4,6c,12,30,e6,..
"khjeh"=hex:82,d9,60,42,cc,bd,03,00,04,c6,74,d7,ba,e6,25,ce,36,0b,10,9f,b0,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:bf,15,5e,11,6e,3f,ed,53,53,6c,9e,ef,84,b8,2e,f4,f0,db,0b,bb,c3,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:9e,0c,1e,eb,07,6e,0b,cb,de,78,70,a1,00,3f,4e,39,f8,9d,38,38,ac,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,70,26,00,41,e0,5d,31,10,60,d7,c6,3b,e4,6c,12,30,e6,..
"khjeh"=hex:82,d9,60,42,cc,bd,03,00,04,c6,74,d7,ba,e6,25,ce,36,0b,10,9f,b0,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:bf,15,5e,11,6e,3f,ed,53,53,6c,9e,ef,84,b8,2e,f4,f0,db,0b,bb,c3,..

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


[b]Remaining Services [/b]:




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\PPMate\\PPMate\\ppmate.exe"="C:\\Program Files\\PPMate\\PPMate\\ppmate.exe:*:Enabled:PPMate"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[b]Remaining Files [/b]:


File Backups: - C:\DOCUME~1\lapek\Desktop\SDFix\SDFix\backups\backups.zip

[b]Files with Hidden Attributes [/b]:

Mon 17 Nov 2008       106,363 ..SHR --- "C:\0w.com"
Sat  6 Dec 2008       104,421 ..SHR --- "C:\2u.com"
Fri 14 Nov 2008        99,381 ..SHR --- "C:\lky.exe"
Fri 28 Nov 2008       105,411 ..SHR --- "C:\o1.com"
Sun  9 Nov 2008       110,013 ..SHR --- "C:\sq.com"
Mon 10 Nov 2008       108,271 ..SHR --- "C:\whi.com"
Sun  7 Dec 2008     6,108,728 A..H. --- "C:\Program Files\Picasa2\setup.exe"
Sun  9 Nov 2008       110,013 ..SHR --- "C:\WINDOWS\system32\ckvo.exe"
Mon 10 Nov 2008        85,504 ..SHR --- "C:\WINDOWS\system32\ckvo0.dll"
Sun  9 Nov 2008        85,504 ..SHR --- "C:\WINDOWS\system32\ckvo1.dll"
Sun  7 Dec 2008        84,992 ..SHR --- "C:\WINDOWS\system32\gasretyw0.dll"
Sat  6 Dec 2008        84,992 ..SHR --- "C:\WINDOWS\system32\gasretyw1.dll"
Sat  6 Dec 2008       104,421 ..SHR --- "C:\WINDOWS\system32\kamsoft.exe"
Fri  7 Nov 2008        82,458 A.SH. --- "C:\Documents and Settings\lapek\Start Menu\Programs\Startup\lsass.exe"

[b]Finished![/b]



combofix

Kod: Zaznacz wszystko

ComboFix 08-12-06.06 - lapek 2008-12-07 18:47:43.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1250.1.1033.18.1538 [GMT -8:00]
Uruchomiony z: c:\documents and settings\lapek\Desktop\ComboFix.exe
* Utworzono nowy punkt przywracania

[COLOR=RED][B]UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !![/B][/COLOR]
.

(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\[u]0[/u]w.com
C:\abk.bat
C:\Autorun.inf
c:\documents and settings\lapek\Start Menu\Programs\Startup\lsass.exe
C:\e.cmd
C:\ij.bat
C:\lky.exe
C:\nq0cq.cmd
C:\rcukd.cmd
c:\windows\system32\ckvo.exe
c:\windows\system32\ckvo0.dll
c:\windows\system32\ckvo1.dll
c:\windows\system32\gasretyw0.dll
c:\windows\system32\gasretyw1.dll
c:\windows\system32\kamsoft.exe
C:\xih9.cmd
C:\yannh.cmd
D:\[u]0[/u]w.com
D:\abk.bat
D:\Autorun.inf
D:\e.cmd
D:\ij.bat
D:\lky.exe
D:\nq0cq.cmd
D:\rcukd.cmd
D:\xih9.cmd
D:\yannh.cmd
G:\abk.bat
G:\autorun.inf
G:\e.cmd

.
(((((((((((((((((((((((((((((((((((((((   Sterowniki/Usługi   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_POWERMANAGER
-------\Service_PowerManager


(((((((((((((((((((((((((   Pliki utworzone od 2008-11-08 do 2008-12-08  )))))))))))))))))))))))))))))))
.

2008-12-07 18:38 . 2008-12-07 18:38   <DIR>   d--------   c:\windows\ERUNT
2008-12-07 18:35 . 2008-12-07 18:35   <DIR>   d--------   c:\documents and settings\Administrator
2008-12-07 18:17 . 2008-12-07 18:17   <DIR>   d--hs----   C:\found.001
2008-12-07 18:14 . 2008-12-07 18:14   69   --a------   c:\windows\NeroDigital.ini
2008-12-07 17:45 . 2008-12-07 18:30   <DIR>   d--------   C:\nba
2008-12-07 16:53 . 2008-12-07 16:53   <DIR>   d--------   c:\program files\Trend Micro
2008-12-06 17:17 . 2008-12-07 15:14   <DIR>   d--------   c:\program files\Km TPR
2008-12-06 17:08 . 2007-03-13 11:05   <DIR>   d--------   C:\Knigkts_and_Merchants_PL
2008-12-05 13:14 . 2008-12-06 21:59   104,421   -r-hs----   C:\2u.com
2008-12-05 00:34 . 2008-12-05 00:39   <DIR>   d--------   C:\Generation Kill Season1 (XviD asd) EnglishV+NapisyPL - www.tvshows.yoyo.pl
2008-12-05 00:20 . 2008-12-05 00:20   <DIR>   d--------   C:\tokyo
2008-12-03 23:58 . 2008-12-07 14:22   <DIR>   d--------   C:\kapadocja
2008-12-01 07:58 . 2008-12-01 07:58   <DIR>   d--hs----   C:\found.000
2008-11-28 13:18 . 2008-11-28 13:18   105,411   -r-hs----   C:\o1.com
2008-11-26 14:08 . 2008-11-26 14:08   <DIR>   d--------   c:\program files\Common Files\Ahead
2008-11-26 14:08 . 2008-11-26 14:08   <DIR>   d--------   c:\program files\Ahead
2008-11-26 14:08 . 2004-07-26 16:16   1,568,768   ---------   c:\windows\system32\ImagX7.dll
2008-11-26 14:08 . 2004-07-26 16:16   476,320   ---------   c:\windows\system32\ImagXpr7.dll
2008-11-26 14:08 . 2004-07-26 16:16   471,040   ---------   c:\windows\system32\ImagXRA7.dll
2008-11-26 14:08 . 2004-07-09 08:43   364,544   ---------   c:\windows\system32\TwnLib4.dll
2008-11-26 14:08 . 2004-07-26 16:16   262,144   ---------   c:\windows\system32\ImagXR7.dll
2008-11-26 14:08 . 2001-07-09 10:50   155,648   --a------   c:\windows\system32\NeroCheck.exe
2008-11-26 14:08 . 2005-09-01 11:03   127,488   ---------   c:\windows\system32\drivers\imagesrv.sys
2008-11-26 14:08 . 2000-06-26 10:45   106,496   --a------   c:\windows\system32\TwnLib20.dll
2008-11-26 14:08 . 2005-09-01 11:03   5,888   ---------   c:\windows\system32\drivers\imagedrv.sys
2008-11-26 13:52 . 2008-11-26 13:52   <DIR>   d--------   c:\program files\Lavasoft
2008-11-26 13:52 . 2008-11-26 13:59   <DIR>   d--------   c:\documents and settings\All Users\Application Data\Lavasoft
2008-11-26 13:51 . 2008-11-26 13:51   <DIR>   d--------   c:\program files\Common Files\Wise Installation Wizard
2008-11-25 23:19 . 2008-11-25 23:19   <DIR>   d--------   c:\program files\Java
2008-11-25 23:19 . 2008-11-25 23:19   73,728   --a------   c:\windows\system32\javacpl.cpl
2008-11-25 23:14 . 2008-11-25 23:14   <DIR>   d--------   c:\program files\AskBarDis
2008-11-25 20:33 . 2008-11-25 21:52   <DIR>   d--------   c:\program files\SkanerOnline
2008-11-25 20:31 . 2008-11-25 20:31   502,208   --a------   c:\windows\system32\drivers\amon.sys
2008-11-25 20:24 . 2008-11-25 22:51   <DIR>   d--------   c:\program files\Eset
2008-11-25 20:24 . 2008-11-25 20:31   270,336   --a------   c:\windows\system32\imon.dll
2008-11-25 16:55 . 2008-11-25 16:55   <DIR>   d--------   c:\windows\Logs
2008-11-25 16:48 . 2008-11-25 21:57   <DIR>   d--------   c:\program files\DAEMON Tools Lite
2008-11-25 16:38 . 2008-11-25 16:38   <DIR>   d--------   c:\documents and settings\lapek\Application Data\DAEMON Tools
2008-11-25 16:38 . 2008-11-25 16:38   717,296   --a------   c:\windows\system32\drivers\sptd.sys
2008-11-16 14:51 . 2008-11-16 14:51   <DIR>   d--------   c:\program files\Microsoft Works
2008-11-16 14:51 . 2006-10-26 19:58   30,512   --a------   c:\windows\system32\mdimon.dll
2008-11-16 14:47 . 2008-11-16 14:47   <DIR>   d--------   c:\windows\SHELLNEW
2008-11-16 14:46 . 2008-11-16 14:46   <DIR>   dr-h-----   C:\MSOCache
2008-11-16 14:46 . 2008-11-25 23:09   <DIR>   d--------   c:\documents and settings\All Users\Application Data\Microsoft Help
2008-11-13 23:13 . 2008-11-16 13:07   <DIR>   d--------   c:\documents and settings\lapek\Application Data\GanymedeNet
2008-11-13 23:12 . 2008-11-25 21:57   <DIR>   d--------   c:\program files\Ganymede
2008-11-12 12:01 . 2008-10-24 03:21   455,296   -----c---   c:\windows\system32\dllcache\mrxsmb.sys
2008-11-10 19:37 . 2008-11-10 19:37   126,129   --a------   C:\DSC_1025.JPG
2008-11-10 17:54 . 2008-11-10 17:54   108,271   -r-hs----   C:\whi.com
2008-11-10 06:10 . 2008-11-25 21:59   <DIR>   d--------   c:\program files\VentriloMIX
2008-11-10 06:10 . 2008-11-10 06:10   <DIR>   d--------   c:\documents and settings\lapek\Application Data\Ventrilo

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-08 02:47   ---------   d-----w   c:\documents and settings\lapek\Application Data\Skype
2008-12-08 02:46   ---------   d-----w   c:\program files\Mozilla Thunderbird
2008-12-08 02:19   ---------   d-----w   c:\documents and settings\lapek\Application Data\skypePM
2008-12-08 02:15   ---------   d-----w   c:\documents and settings\lapek\Application Data\Azureus
2008-12-07 23:11   ---------   d-----w   c:\documents and settings\lapek\Application Data\foobar2000
2008-12-07 22:30   ---------   d-----w   c:\program files\Picasa2
2008-11-27 10:04   ---------   d-----w   c:\program files\IrfanView
2008-11-26 07:30   ---------   d-----w   c:\program files\SubEdit-Player
2008-11-26 07:19   410,976   ----a-w   c:\windows\system32\deploytk.dll
2008-11-26 07:14   ---------   d-----w   c:\program files\Vuze
2008-11-26 06:56   753,664   ----a-w   c:\windows\system32\nvcplui.exe
2008-11-26 06:56   442,368   ----a-w   c:\windows\system32\nvappbar.exe
2008-11-26 06:56   425,984   ----a-w   c:\windows\system32\keystone.exe
2008-11-26 06:56   356,352   ----a-w   c:\windows\system32\NVUNINST.EXE
2008-11-26 06:56   356,352   ----a-w   c:\windows\system32\nvudisp.exe
2008-11-26 06:56   293,376   ----a-w   c:\windows\system32\WISPTIS.EXE
2008-11-26 06:56   147,456   ----a-w   c:\windows\system32\nvcolor.exe
2008-11-26 06:56   126,976   ----a-w   c:\windows\system32\Prounstl.exe
2008-11-26 06:56   1,339,392   ----a-w   c:\windows\system32\nvdspsch.exe
2008-11-26 05:59   ---------   d-----w   c:\program files\SopCast
2008-11-26 05:58   ---------   d-----w   c:\program files\NAPI-PROJEKT
2008-11-26 05:58   ---------   d-----w   c:\program files\KeyTweak
2008-11-26 05:58   ---------   d-----w   c:\program files\K-Lite Codec Pack
2008-11-26 05:57   ---------   d-----w   c:\program files\foobar2000
2008-11-09 20:52   110,013   --sh--r   C:\sq.com
2008-11-07 23:20   ---------   d-----w   c:\documents and settings\lapek\Application Data\PPMate
2008-11-07 23:19   ---------   d-----w   c:\program files\PPMate
2008-11-07 23:19   ---------   d-----w   c:\program files\Common Files\Synacast
2008-11-06 08:26   ---------   d-----w   c:\documents and settings\lapek\Application Data\Hide IP NG
2008-11-02 21:54   ---------   d-----w   c:\documents and settings\All Users\Application Data\Azureus
2008-10-31 15:35   ---------   d-----w   c:\program files\NOS
2008-10-31 15:35   ---------   d-----w   c:\documents and settings\All Users\Application Data\NOS
2008-10-31 07:37   ---------   d-----w   c:\program files\Damian Pasternak
2008-10-30 23:57   ---------   d-----w   c:\program files\Common Files\Adobe AIR
2008-10-30 23:56   ---------   d-----w   c:\program files\Common Files\Adobe
2008-10-29 03:55   ---------   dcsh--w   c:\program files\Common Files\WindowsLiveInstaller
2008-10-29 03:55   ---------   d-----w   c:\program files\Windows Live
2008-10-29 03:34   ---------   d-----w   c:\documents and settings\All Users\Application Data\WLInstaller
2008-10-24 11:21   455,296   ----a-w   c:\windows\system32\drivers\mrxsmb.sys
2008-10-19 22:06   ---------   d-----w   c:\program files\Google
2008-10-16 22:13   202,776   ----a-w   c:\windows\system32\wuweb.dll
2008-10-16 22:13   1,809,944   ----a-w   c:\windows\system32\wuaueng.dll
2008-10-16 22:12   561,688   ----a-w   c:\windows\system32\wuapi.dll
2008-10-16 22:12   323,608   ----a-w   c:\windows\system32\wucltui.dll
2008-10-16 22:09   92,696   ----a-w   c:\windows\system32\cdm.dll
2008-10-16 22:09   51,224   ----a-w   c:\windows\system32\wuauclt.exe
2008-10-16 22:09   43,544   ----a-w   c:\windows\system32\wups2.dll
2008-10-16 22:08   34,328   ----a-w   c:\windows\system32\wups.dll
2008-10-16 22:06   268,648   ----a-w   c:\windows\system32\mucltui.dll
2008-10-16 22:06   208,744   ----a-w   c:\windows\system32\muweb.dll
2008-10-14 23:04   ---------   d-----w   c:\program files\WIDCOMM
2008-10-14 22:53   ---------   d--h--w   c:\program files\InstallShield Installation Information
2008-10-14 22:53   ---------   d-----w   c:\program files\NetWaiting
2008-10-14 22:53   ---------   d-----w   c:\program files\CONEXANT
2008-10-14 22:53   ---------   d-----w   c:\program files\Common Files\InstallShield
2008-10-14 22:52   ---------   d-----w   c:\program files\Hewlett-Packard
2008-10-14 22:42   ---------   d-----w   c:\program files\Driver-Soft
2008-10-14 22:13   ---------   d-----w   c:\documents and settings\lapek\Application Data\Thunderbird
2008-10-14 22:10   ---------   d-----w   c:\program files\Skype
2008-10-14 22:10   ---------   d-----w   c:\program files\Common Files\Skype
2008-10-14 22:10   ---------   d-----w   c:\documents and settings\All Users\Application Data\Skype
2008-10-14 21:37   ---------   d-----w   c:\program files\Gadu-Gadu
2008-10-14 20:15   ---------   d-----w   c:\program files\Intel
2008-10-14 20:09   ---------   d-----w   c:\program files\Nvidia Omega Drivers
2008-10-14 18:21   ---------   d-----w   c:\program files\DIFX
2008-10-14 18:20   ---------   d-----w   c:\program files\Broadcom
2008-10-14 18:20   ---------   d-----w   c:\documents and settings\lapek\Application Data\InstallShield
2008-10-14 17:56   ---------   d-----w   c:\program files\microsoft frontpage
2008-09-15 12:12   1,846,400   ----a-w   c:\windows\system32\win32k.sys
2008-09-10 01:14   1,307,648   ----a-w   c:\windows\system32\msxml6.dll
2008-02-01 08:39   113,664   ----a-w   c:\windows\inf\hdaudio.sys
.

(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-11-12 22:37   333192   --a------   c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-12 333192]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-12 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2005-03-31 790528]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-09-23 21755688]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2007-11-30 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-14 1694208]
"Steam"="d:\steam\steam.exe" [2008-11-14 1410296]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-04 8523776]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-04 81920]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-01-10 472776]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"V0470Mon.exe"="c:\windows\V0470Mon.exe" [2007-06-04 32768]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-25 136600]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-07-27 c:\windows\system32\CHDAudPropShortcut.exe]
"nwiz"="nwiz.exe" [2007-12-04 c:\windows\system32\nwiz.exe]
"Barsaka"="explorer.exe" [2007-11-30 c:\windows\explorer.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-05-12 581693]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders   msapsspc.dll, schannel.dll, digest.dll, credssp.dll, msnsspc.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [2008-11-25 464264]
S3 VF0470Vid;Live! Cam Notebook (VF0470);c:\windows\system32\DRIVERS\V0470Vid.sys [2008-11-03 146720]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C]
\Shell\AutoRun\command - C:\ij.bat
\Shell\explore\Command - C:\ij.bat
\Shell\open\Command - C:\ij.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\ij.bat
\Shell\explore\Command - D:\ij.bat
\Shell\open\Command - D:\ij.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{06124fee-aef8-11dd-ab5b-0016369cfc48}]
\Shell\AutoRun\command - G:\e.cmd
\Shell\explore\Command - G:\e.cmd
\Shell\open\Command - G:\e.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1c9d99ab-b1ee-11dd-ab68-0016369cfc48}]
\Shell\AutoRun\command - lky.exe
\Shell\explore\Command - lky.exe
\Shell\open\Command - lky.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3545bfb9-ac6f-11dd-ab4f-0016369cfc48}]
\Shell\AutoRun\command - G:\abk.bat
\Shell\explore\Command - G:\abk.bat
\Shell\open\Command - G:\abk.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a70bfcf4-9e6d-11dd-ab17-0016369cfc48}]
\Shell\AutoRun\command - G:\xih9.cmd
\Shell\explore\Command - G:\xih9.cmd
\Shell\open\Command - G:\xih9.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a9e2aaaa-9eed-11dd-ab18-0016369cfc48}]
\Shell\AutoRun\command - F:\abk.bat
\Shell\explore\Command - F:\abk.bat
\Shell\open\Command - F:\abk.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b940cb56-ba40-11dd-ab91-0016369cfc48}]
\Shell\AutoRun\command - G:\abk.bat
\Shell\explore\Command - G:\abk.bat
\Shell\open\Command - G:\abk.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e9c05a52-b76c-11dd-ab88-0016369cfc48}]
\Shell\AutoRun\command - F:\abk.bat
\Shell\explore\Command - F:\abk.bat
\Shell\open\Command - F:\abk.bat
.
- - - - USUNIĘTO PUSTE WPISY - - - -

HKLM-Run-nod32kui - c:\program files\Eset\nod32kui.exe


.
------- Skan uzupełniający -------
.
uInternet Settings,ProxyServer = socks=
IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Wyślij do interfejsu &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
LSP: imon.dll
TCP: {46B4E1DA-7249-4484-AA5D-28F1D05980EE} = 192.168.0.1

c:\windows\system32\SkanerOnlineUninstall.exe - c:\windows\system32\SkanerOnline.dll
O16 -: {68282C51-9459-467B-95BF-3C0E89627E55}
hxxp://www.mks.com.pl/skaner/SkanerOnline.cab
c:\windows\Downloaded Program Files\SkanerOnline.inf
FireFox -: Profile - c:\documents and settings\lapek\Application Data\Mozilla\Firefox\Profiles\tdmdl5c9.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - google.com
FF -: plugin - c:\documents and settings\lapek\Application Data\Mozilla\plugins\npoctoshape.dll
FF -: plugin - c:\documents and settings\lapek\Local Settings\Application Data\Octoshape\Octoshape Streaming Services\octoprogram-L03-NMS0810164_SUA_900\npoctoshape.dll
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npjp2.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\np_gp.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npdeploytk.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npganymedenet.dll
FF -: plugin - c:\program files\Picasa2\npPicasa2.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-07 18:50:29
Windows 5.1.2600 Service Pack 3, v.5657 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

- - - - - - - > 'lsass.exe'(1056)
c:\windows\system32\imon.dll
c:\program files\Eset\pr_imon.dll
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\windows\system32\rundll32.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files\Eset\nod32krn.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\program files\WIDCOMM\Bluetooth Software\BTStackServer.exe
c:\windows\system32\wscntfy.exe
c:\progra~1\HEWLET~1\Shared\HPQTOA~1.EXE
c:\program files\Windows Live\Messenger\usnsvc.exe
.
**************************************************************************
.
Czas ukończenia: 2008-12-07 18:51:29 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt  2008-12-08 02:51:26

Przed: 4 083 642 368 bytes free
Po: 4,061,630,464 bytes free

316   --- E O F ---   2008-12-07 11:02:38


HJT

Kod: Zaznacz wszystko

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:18:08, on 2008-12-08
Platform: Windows XP SP3, v.5657 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\WINDOWS\V0470Mon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Vuze\Azureus.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [V0470Mon.exe] C:\WINDOWS\V0470Mon.exe
O4 - HKLM\..\Run: [Barsaka] explorer.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Steam] "d:\steam\steam.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Wyślij do interfejsu &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{46B4E1DA-7249-4484-AA5D-28F1D05980EE}: NameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{D34CE038-5549-4A80-918F-931AD76C9707}: NameServer = 192.168.0.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA-OMEGA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 7130 bytes


dzieki

[wojtas]

Wylecz pendriva lub kartę pamięci
użyj Perlovga Removal Tool lub
Flash Disinfector
lub format.


Otworz notatnik i wklej w nim to:

File::
C:\2u.com
D:\2u.com
G:\2u.com
C:\whi.com
D:\whi.com
G:\whi.com
C:\sq.com
D:\sq.com
G:\sq.com

Folder::
c:\program files\AskBarDis

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{06124fee-aef8-11dd-ab5b-0016369cfc48}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1c9d99ab-b1ee-11dd-ab68-0016369cfc48}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3545bfb9-ac6f-11dd-ab4f-0016369cfc48}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a70bfcf4-9e6d-11dd-ab17-0016369cfc48}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a9e2aaaa-9eed-11dd-ab18-0016369cfc48}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3545bfb9-ac6f-11dd-ab4f-0016369cfc48}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a70bfcf4-9e6d-11dd-ab17-0016369cfc48}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a9e2aaaa-9eed-11dd-ab18-0016369cfc48}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b940cb56-ba40-11dd-ab91-0016369cfc48}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e9c05a52-b76c-11dd-ab88-0016369cfc48}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}=-
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Barsaka"=-

>>Plik>>Zapisz jako... >>> CFScript
Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe
-->
Ma się rozpocząć usuwanie. (i powstanie log).Daj ten log, który powstanie w trakcie usuwania.

[bleetz]

log z CF

Kod: Zaznacz wszystko

ComboFix 08-12-07.01 - lapek 2008-12-08 20:37:04.2 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1250.1.1033.18.1339 [GMT -8:00]
Uruchomiony z: c:\documents and settings\lapek\Desktop\ComboFix.exe
Użyto następujących komend :: c:\documents and settings\lapek\Desktop\CFScript.txt.txt
* Utworzono nowy punkt przywracania

[COLOR=RED][B]UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !![/B][/COLOR]

FILE ::
C:\2u.com
C:\sq.com
C:\whi.com
D:\2u.com
D:\sq.com
D:\whi.com
G:\2u.com
G:\sq.com
G:\whi.com
.

(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\2u.com
c:\program files\AskBarDis
c:\program files\AskBarDis\bar\bin\askBar.dll
c:\program files\AskBarDis\bar\bin\askPopStp.dll
c:\program files\AskBarDis\bar\bin\AskService.exe
c:\program files\AskBarDis\bar\bin\psvince.dll
c:\program files\AskBarDis\bar\Cache\[u]0[/u]017C12D
c:\program files\AskBarDis\bar\Cache\[u]0[/u]017C5C1
c:\program files\AskBarDis\bar\Cache\[u]0[/u]017C8ED.bin
c:\program files\AskBarDis\bar\Cache\[u]0[/u]017CE3D.bin
c:\program files\AskBarDis\bar\Cache\[u]0[/u]017D10B.bin
c:\program files\AskBarDis\bar\Cache\[u]0[/u]017D31F.bin
c:\program files\AskBarDis\bar\Cache\[u]0[/u]017D63B.bin
c:\program files\AskBarDis\bar\Cache\[u]0[/u]017DB1D.bin
c:\program files\AskBarDis\bar\Cache\[u]0[/u]017DE88.bin
c:\program files\AskBarDis\bar\Cache\files.ini
c:\program files\AskBarDis\bar\History\search
c:\program files\AskBarDis\bar\Settings\config.dat
c:\program files\AskBarDis\bar\Settings\config.dat.bak
c:\program files\AskBarDis\bar\Settings\prevcfg.htm
c:\program files\AskBarDis\bar\Settings\prevCfg2.htm
c:\program files\AskBarDis\unins000.dat
c:\program files\AskBarDis\unins000.exe
C:\sq.com
C:\whi.com
D:\2u.com
D:\sq.com
D:\whi.com
G:\2u.com

.
(((((((((((((((((((((((((   Pliki utworzone od 2008-11-09 do 2008-12-09  )))))))))))))))))))))))))))))))
.

2008-12-08 03:43 . 2008-12-08 03:45   <DIR>   d--------   C:\Nuri Bilge Ceylan - Climates
2008-12-08 03:42 . 2008-12-08 03:43   <DIR>   d--------   C:\Casino.Royale[2006]DvDrip[Eng]-aXXo
2008-12-08 03:41 . 2008-12-08 03:42   <DIR>   d--------   C:\Sin City[2005]DvDrip AC3[Eng]-FXG
2008-12-08 03:00 . 2008-12-08 03:00   <DIR>   d--------   c:\windows\LastGood
2008-12-07 18:38 . 2008-12-07 18:38   <DIR>   d--------   c:\windows\ERUNT
2008-12-07 18:35 . 2008-12-07 18:35   <DIR>   d--------   c:\documents and settings\Administrator
2008-12-07 18:17 . 2008-12-07 18:17   <DIR>   d--hs----   C:\found.001
2008-12-07 18:14 . 2008-12-07 18:14   69   --a------   c:\windows\NeroDigital.ini
2008-12-07 17:45 . 2008-12-07 18:30   <DIR>   d--------   C:\nba
2008-12-07 16:53 . 2008-12-07 16:53   <DIR>   d--------   c:\program files\Trend Micro
2008-12-06 17:17 . 2008-12-07 15:14   <DIR>   d--------   c:\program files\Km TPR
2008-12-06 17:08 . 2007-03-13 11:05   <DIR>   d--------   C:\Knigkts_and_Merchants_PL
2008-12-05 00:34 . 2008-12-05 00:39   <DIR>   d--------   C:\Generation Kill Season1 (XviD asd) EnglishV+NapisyPL - www.tvshows.yoyo.pl
2008-12-05 00:20 . 2008-12-05 00:20   <DIR>   d--------   C:\tokyo
2008-12-03 23:58 . 2008-12-08 02:04   <DIR>   d--------   C:\kapadocja
2008-12-01 07:58 . 2008-12-01 07:58   <DIR>   d--hs----   C:\found.000
2008-11-28 13:18 . 2008-11-28 13:18   105,411   -r-hs----   C:\o1.com
2008-11-26 14:08 . 2008-11-26 14:08   <DIR>   d--------   c:\program files\Common Files\Ahead
2008-11-26 14:08 . 2008-11-26 14:08   <DIR>   d--------   c:\program files\Ahead
2008-11-26 14:08 . 2004-07-26 16:16   1,568,768   ---------   c:\windows\system32\ImagX7.dll
2008-11-26 14:08 . 2004-07-26 16:16   476,320   ---------   c:\windows\system32\ImagXpr7.dll
2008-11-26 14:08 . 2004-07-26 16:16   471,040   ---------   c:\windows\system32\ImagXRA7.dll
2008-11-26 14:08 . 2004-07-09 08:43   364,544   ---------   c:\windows\system32\TwnLib4.dll
2008-11-26 14:08 . 2004-07-26 16:16   262,144   ---------   c:\windows\system32\ImagXR7.dll
2008-11-26 14:08 . 2001-07-09 10:50   155,648   --a------   c:\windows\system32\NeroCheck.exe
2008-11-26 14:08 . 2005-09-01 11:03   127,488   ---------   c:\windows\system32\drivers\imagesrv.sys
2008-11-26 14:08 . 2000-06-26 10:45   106,496   --a------   c:\windows\system32\TwnLib20.dll
2008-11-26 14:08 . 2005-09-01 11:03   5,888   ---------   c:\windows\system32\drivers\imagedrv.sys
2008-11-26 13:52 . 2008-11-26 13:52   <DIR>   d--------   c:\program files\Lavasoft
2008-11-26 13:52 . 2008-11-26 13:59   <DIR>   d--------   c:\documents and settings\All Users\Application Data\Lavasoft
2008-11-26 13:51 . 2008-11-26 13:51   <DIR>   d--------   c:\program files\Common Files\Wise Installation Wizard
2008-11-25 23:19 . 2008-11-25 23:19   <DIR>   d--------   c:\program files\Java
2008-11-25 23:19 . 2008-11-25 23:19   73,728   --a------   c:\windows\system32\javacpl.cpl
2008-11-25 20:33 . 2008-11-25 21:52   <DIR>   d--------   c:\program files\SkanerOnline
2008-11-25 20:31 . 2008-11-25 20:31   502,208   --a------   c:\windows\system32\drivers\amon.sys
2008-11-25 20:24 . 2008-11-25 22:51   <DIR>   d--------   c:\program files\Eset
2008-11-25 20:24 . 2008-11-25 20:31   270,336   --a------   c:\windows\system32\imon.dll
2008-11-25 16:55 . 2008-11-25 16:55   <DIR>   d--------   c:\windows\Logs
2008-11-25 16:48 . 2008-11-25 21:57   <DIR>   d--------   c:\program files\DAEMON Tools Lite
2008-11-25 16:38 . 2008-11-25 16:38   <DIR>   d--------   c:\documents and settings\lapek\Application Data\DAEMON Tools
2008-11-25 16:38 . 2008-11-25 16:38   717,296   --a------   c:\windows\system32\drivers\sptd.sys
2008-11-16 14:51 . 2008-11-16 14:51   <DIR>   d--------   c:\program files\Microsoft Works
2008-11-16 14:51 . 2006-10-26 19:58   30,512   --a------   c:\windows\system32\mdimon.dll
2008-11-16 14:47 . 2008-11-16 14:47   <DIR>   d--------   c:\windows\SHELLNEW
2008-11-16 14:46 . 2008-11-16 14:46   <DIR>   dr-h-----   C:\MSOCache
2008-11-16 14:46 . 2008-11-25 23:09   <DIR>   d--------   c:\documents and settings\All Users\Application Data\Microsoft Help
2008-11-13 23:13 . 2008-11-16 13:07   <DIR>   d--------   c:\documents and settings\lapek\Application Data\GanymedeNet
2008-11-13 23:12 . 2008-11-25 21:57   <DIR>   d--------   c:\program files\Ganymede
2008-11-12 12:01 . 2008-10-24 03:21   455,296   -----c---   c:\windows\system32\dllcache\mrxsmb.sys
2008-11-10 19:37 . 2008-11-10 19:37   126,129   --a------   C:\DSC_1025.JPG
2008-11-10 06:10 . 2008-11-25 21:59   <DIR>   d--------   c:\program files\VentriloMIX
2008-11-10 06:10 . 2008-11-10 06:10   <DIR>   d--------   c:\documents and settings\lapek\Application Data\Ventrilo

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-09 04:37   ---------   d-----w   c:\documents and settings\lapek\Application Data\Azureus
2008-12-09 04:31   ---------   d-----w   c:\program files\Mozilla Thunderbird
2008-12-08 10:14   ---------   d-----w   c:\documents and settings\lapek\Application Data\Skype
2008-12-08 02:19   ---------   d-----w   c:\documents and settings\lapek\Application Data\skypePM
2008-12-07 23:11   ---------   d-----w   c:\documents and settings\lapek\Application Data\foobar2000
2008-12-07 22:30   ---------   d-----w   c:\program files\Picasa2
2008-11-27 10:04   ---------   d-----w   c:\program files\IrfanView
2008-11-26 07:30   ---------   d-----w   c:\program files\SubEdit-Player
2008-11-26 07:19   410,976   ----a-w   c:\windows\system32\deploytk.dll
2008-11-26 07:14   ---------   d-----w   c:\program files\Vuze
2008-11-26 06:56   753,664   ----a-w   c:\windows\system32\nvcplui.exe
2008-11-26 06:56   442,368   ----a-w   c:\windows\system32\nvappbar.exe
2008-11-26 06:56   425,984   ----a-w   c:\windows\system32\keystone.exe
2008-11-26 06:56   356,352   ----a-w   c:\windows\system32\NVUNINST.EXE
2008-11-26 06:56   356,352   ----a-w   c:\windows\system32\nvudisp.exe
2008-11-26 06:56   293,376   ----a-w   c:\windows\system32\WISPTIS.EXE
2008-11-26 06:56   147,456   ----a-w   c:\windows\system32\nvcolor.exe
2008-11-26 06:56   126,976   ----a-w   c:\windows\system32\Prounstl.exe
2008-11-26 06:56   1,339,392   ----a-w   c:\windows\system32\nvdspsch.exe
2008-11-26 05:59   ---------   d-----w   c:\program files\SopCast
2008-11-26 05:58   ---------   d-----w   c:\program files\NAPI-PROJEKT
2008-11-26 05:58   ---------   d-----w   c:\program files\KeyTweak
2008-11-26 05:58   ---------   d-----w   c:\program files\K-Lite Codec Pack
2008-11-26 05:57   ---------   d-----w   c:\program files\foobar2000
2008-11-07 23:20   ---------   d-----w   c:\documents and settings\lapek\Application Data\PPMate
2008-11-07 23:19   ---------   d-----w   c:\program files\PPMate
2008-11-07 23:19   ---------   d-----w   c:\program files\Common Files\Synacast
2008-11-06 08:26   ---------   d-----w   c:\documents and settings\lapek\Application Data\Hide IP NG
2008-11-02 21:54   ---------   d-----w   c:\documents and settings\All Users\Application Data\Azureus
2008-10-31 15:35   ---------   d-----w   c:\program files\NOS
2008-10-31 15:35   ---------   d-----w   c:\documents and settings\All Users\Application Data\NOS
2008-10-31 07:37   ---------   d-----w   c:\program files\Damian Pasternak
2008-10-30 23:57   ---------   d-----w   c:\program files\Common Files\Adobe AIR
2008-10-30 23:56   ---------   d-----w   c:\program files\Common Files\Adobe
2008-10-29 03:55   ---------   dcsh--w   c:\program files\Common Files\WindowsLiveInstaller
2008-10-29 03:55   ---------   d-----w   c:\program files\Windows Live
2008-10-29 03:34   ---------   d-----w   c:\documents and settings\All Users\Application Data\WLInstaller
2008-10-24 11:21   455,296   ----a-w   c:\windows\system32\drivers\mrxsmb.sys
2008-10-19 22:06   ---------   d-----w   c:\program files\Google
2008-10-16 22:13   202,776   ----a-w   c:\windows\system32\wuweb.dll
2008-10-16 22:13   1,809,944   ----a-w   c:\windows\system32\wuaueng.dll
2008-10-16 22:12   561,688   ----a-w   c:\windows\system32\wuapi.dll
2008-10-16 22:12   323,608   ----a-w   c:\windows\system32\wucltui.dll
2008-10-16 22:09   92,696   ----a-w   c:\windows\system32\cdm.dll
2008-10-16 22:09   51,224   ----a-w   c:\windows\system32\wuauclt.exe
2008-10-16 22:09   43,544   ----a-w   c:\windows\system32\wups2.dll
2008-10-16 22:08   34,328   ----a-w   c:\windows\system32\wups.dll
2008-10-16 22:06   268,648   ----a-w   c:\windows\system32\mucltui.dll
2008-10-16 22:06   208,744   ----a-w   c:\windows\system32\muweb.dll
2008-10-14 23:04   ---------   d-----w   c:\program files\WIDCOMM
2008-10-14 22:53   ---------   d--h--w   c:\program files\InstallShield Installation Information
2008-10-14 22:53   ---------   d-----w   c:\program files\NetWaiting
2008-10-14 22:53   ---------   d-----w   c:\program files\CONEXANT
2008-10-14 22:53   ---------   d-----w   c:\program files\Common Files\InstallShield
2008-10-14 22:52   ---------   d-----w   c:\program files\Hewlett-Packard
2008-10-14 22:42   ---------   d-----w   c:\program files\Driver-Soft
2008-10-14 22:13   ---------   d-----w   c:\documents and settings\lapek\Application Data\Thunderbird
2008-10-14 22:10   ---------   d-----w   c:\program files\Skype
2008-10-14 22:10   ---------   d-----w   c:\program files\Common Files\Skype
2008-10-14 22:10   ---------   d-----w   c:\documents and settings\All Users\Application Data\Skype
2008-10-14 21:37   ---------   d-----w   c:\program files\Gadu-Gadu
2008-10-14 20:15   ---------   d-----w   c:\program files\Intel
2008-10-14 20:09   ---------   d-----w   c:\program files\Nvidia Omega Drivers
2008-10-14 18:21   ---------   d-----w   c:\program files\DIFX
2008-10-14 18:20   ---------   d-----w   c:\program files\Broadcom
2008-10-14 18:20   ---------   d-----w   c:\documents and settings\lapek\Application Data\InstallShield
2008-10-14 17:56   ---------   d-----w   c:\program files\microsoft frontpage
2008-09-15 12:12   1,846,400   ----a-w   c:\windows\system32\win32k.sys
2008-09-10 01:14   1,307,648   ----a-w   c:\windows\system32\msxml6.dll
2008-02-01 08:39   113,664   ----a-w   c:\windows\inf\hdaudio.sys
.

(((((((((((((((((((((((((((((   snapshot@2008-12-07_18.51.06.35   )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-12-08 09:52:42   16,384   ----atw   c:\windows\Temp\Perflib_Perfdata_6c8.dat
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2005-03-31 790528]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-09-23 21755688]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2007-11-30 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-14 1694208]
"Steam"="d:\steam\steam.exe" [2008-11-14 1410296]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-04 8523776]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-04 81920]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-01-10 472776]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"V0470Mon.exe"="c:\windows\V0470Mon.exe" [2007-06-04 32768]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-25 136600]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-07-27 c:\windows\system32\CHDAudPropShortcut.exe]
"nwiz"="nwiz.exe" [2007-12-04 c:\windows\system32\nwiz.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-05-12 581693]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders   msapsspc.dll, schannel.dll, digest.dll, credssp.dll, msnsspc.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

S2 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe []
S3 VF0470Vid;Live! Cam Notebook (VF0470);c:\windows\system32\DRIVERS\V0470Vid.sys [2008-11-03 146720]
.
- - - - USUNIĘTO PUSTE WPISY - - - -

Toolbar-{3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\AskBarDis\bar\bin\askBar.dll


.
------- Skan uzupełniający -------
.
uInternet Settings,ProxyServer = socks=
IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Wyślij do interfejsu &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
LSP: imon.dll
TCP: {46B4E1DA-7249-4484-AA5D-28F1D05980EE} = 192.168.0.1
TCP: {D34CE038-5549-4A80-918F-931AD76C9707} = 192.168.0.1

c:\windows\system32\SkanerOnlineUninstall.exe - c:\windows\system32\SkanerOnline.dll
O16 -: {68282C51-9459-467B-95BF-3C0E89627E55}
hxxp://www.mks.com.pl/skaner/SkanerOnline.cab
c:\windows\Downloaded Program Files\SkanerOnline.inf
FireFox -: Profile - c:\documents and settings\lapek\Application Data\Mozilla\Firefox\Profiles\tdmdl5c9.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - google.com
FF -: plugin - c:\documents and settings\lapek\Application Data\Mozilla\plugins\npoctoshape.dll
FF -: plugin - c:\documents and settings\lapek\Local Settings\Application Data\Octoshape\Octoshape Streaming Services\octoprogram-L03-NMS0810164_SUA_900\npoctoshape.dll
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npjp2.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\np_gp.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npdeploytk.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npganymedenet.dll
FF -: plugin - c:\program files\Picasa2\npPicasa2.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-08 20:37:59
Windows 5.1.2600 Service Pack 3, v.5657 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

- - - - - - - > 'lsass.exe'(1080)
c:\windows\system32\imon.dll
c:\program files\Eset\pr_imon.dll
.
Czas ukończenia: 2008-12-08 20:38:32
ComboFix-quarantined-files.txt  2008-12-09 04:38:22
ComboFix2.txt  2008-12-08 02:51:30

Przed: 1 018 335 232 bytes free
Po: 1,009,983,488 bytes free

266   --- E O F ---   2008-12-08 11:00:19


btw. dziekuje

[wojtas]

Otworz notatnik i wklej w nim to:

File::
C:\o1.com
D:\o1.com

>>Plik>>Zapisz jako... >>> CFScript
Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe
-->
Ma się rozpocząć usuwanie. (i powstanie log).Daj ten log, który powstanie w trakcie usuwania.

[maru666]

log z CF

Kod: Zaznacz wszystko

ComboFix 08-12-07.01 - lapek 2008-12-10 14:55:41.4 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1250.1.1033.18.1612 [GMT -8:00]
Uruchomiony z: c:\documents and settings\lapek\Desktop\ComboFix.exe
Użyto następujących komend :: c:\documents and settings\lapek\Desktop\CFScript.txt
* Utworzono nowy punkt przywracania

[COLOR=RED][B]UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !![/B][/COLOR]

FILE ::
C:\o1.com
D:\o1.com
.

(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\abk.bat
C:\autorun.inf
C:\o1.com
c:\windows\system32\gasretyw0.dll
c:\windows\system32\kamsoft.exe
c:\windows\system32\lssas.exe
D:\abk.bat
D:\Autorun.inf
D:\o1.com

.
(((((((((((((((((((((((((   Pliki utworzone od 2008-11-10 do 2008-12-10  )))))))))))))))))))))))))))))))
.

2008-12-10 14:30 . 2008-12-10 14:30   85,504   -r-hs----   c:\windows\system32\vbsdfe1.dll
2008-12-10 13:34 . 2008-11-21 15:18   107,385   -r-hs----   C:\6fnlpetp.exe
2008-12-10 13:32 . 2008-12-10 14:30   108,501   -r-hs----   c:\windows\system32\vamsoft.exe
2008-12-10 13:32 . 2008-12-10 14:53   85,504   -r-hs----   c:\windows\system32\vbsdfe0.dll
2008-12-09 18:14 . 2008-12-09 18:14   <DIR>   dr-hs----   C:\CONFIG
2008-12-08 20:39 . 2008-12-08 20:39   <DIR>   d--------   c:\program files\AskBardis
2008-12-08 03:43 . 2008-12-08 03:45   <DIR>   d--------   C:\Nuri Bilge Ceylan - Climates
2008-12-08 03:42 . 2008-12-08 03:43   <DIR>   d--------   C:\Casino.Royale[2006]DvDrip[Eng]-aXXo
2008-12-08 03:41 . 2008-12-08 03:42   <DIR>   d--------   C:\Sin City[2005]DvDrip AC3[Eng]-FXG
2008-12-07 18:38 . 2008-12-07 18:38   <DIR>   d--------   c:\windows\ERUNT
2008-12-07 18:35 . 2008-12-07 18:35   <DIR>   d--------   c:\documents and settings\Administrator
2008-12-07 18:17 . 2008-12-07 18:17   <DIR>   d--hs----   C:\found.001
2008-12-07 18:14 . 2008-12-07 18:14   69   --a------   c:\windows\NeroDigital.ini
2008-12-07 17:45 . 2008-12-07 18:30   <DIR>   d--------   C:\nba
2008-12-07 16:53 . 2008-12-07 16:53   <DIR>   d--------   c:\program files\Trend Micro
2008-12-06 17:17 . 2008-12-07 15:14   <DIR>   d--------   c:\program files\Km TPR
2008-12-06 17:08 . 2007-03-13 11:05   <DIR>   d--------   C:\Knigkts_and_Merchants_PL
2008-12-05 00:34 . 2008-12-05 00:39   <DIR>   d--------   C:\Generation Kill Season1 (XviD asd) EnglishV+NapisyPL - www.tvshows.yoyo.pl
2008-12-05 00:20 . 2008-12-05 00:20   <DIR>   d--------   C:\tokyo
2008-12-03 23:58 . 2008-12-08 02:04   <DIR>   d--------   C:\kapadocja
2008-12-01 07:58 . 2008-12-01 07:58   <DIR>   d--hs----   C:\found.000
2008-11-26 14:08 . 2008-11-26 14:08   <DIR>   d--------   c:\program files\Common Files\Ahead
2008-11-26 14:08 . 2008-11-26 14:08   <DIR>   d--------   c:\program files\Ahead
2008-11-26 14:08 . 2004-07-26 16:16   1,568,768   ---------   c:\windows\system32\ImagX7.dll
2008-11-26 14:08 . 2004-07-26 16:16   476,320   ---------   c:\windows\system32\ImagXpr7.dll
2008-11-26 14:08 . 2004-07-26 16:16   471,040   ---------   c:\windows\system32\ImagXRA7.dll
2008-11-26 14:08 . 2004-07-09 08:43   364,544   ---------   c:\windows\system32\TwnLib4.dll
2008-11-26 14:08 . 2004-07-26 16:16   262,144   ---------   c:\windows\system32\ImagXR7.dll
2008-11-26 14:08 . 2001-07-09 10:50   155,648   --a------   c:\windows\system32\NeroCheck.exe
2008-11-26 14:08 . 2005-09-01 11:03   127,488   ---------   c:\windows\system32\drivers\imagesrv.sys
2008-11-26 14:08 . 2000-06-26 10:45   106,496   --a------   c:\windows\system32\TwnLib20.dll
2008-11-26 14:08 . 2005-09-01 11:03   5,888   ---------   c:\windows\system32\drivers\imagedrv.sys
2008-11-26 13:52 . 2008-11-26 13:52   <DIR>   d--------   c:\program files\Lavasoft
2008-11-26 13:52 . 2008-11-26 13:59   <DIR>   d--------   c:\documents and settings\All Users\Application Data\Lavasoft
2008-11-26 13:51 . 2008-11-26 13:51   <DIR>   d--------   c:\program files\Common Files\Wise Installation Wizard
2008-11-25 23:19 . 2008-11-25 23:19   <DIR>   d--------   c:\program files\Java
2008-11-25 23:19 . 2008-11-25 23:19   73,728   --a------   c:\windows\system32\javacpl.cpl
2008-11-25 20:33 . 2008-11-25 21:52   <DIR>   d--------   c:\program files\SkanerOnline
2008-11-25 20:31 . 2008-11-25 20:31   502,208   --a------   c:\windows\system32\drivers\amon.sys
2008-11-25 20:24 . 2008-11-25 22:51   <DIR>   d--------   c:\program files\Eset
2008-11-25 20:24 . 2008-11-25 20:31   270,336   --a------   c:\windows\system32\imon.dll
2008-11-25 16:55 . 2008-11-25 16:55   <DIR>   d--------   c:\windows\Logs
2008-11-25 16:48 . 2008-11-25 21:57   <DIR>   d--------   c:\program files\DAEMON Tools Lite
2008-11-25 16:38 . 2008-11-25 16:38   <DIR>   d--------   c:\documents and settings\lapek\Application Data\DAEMON Tools
2008-11-25 16:38 . 2008-11-25 16:38   717,296   --a------   c:\windows\system32\drivers\sptd.sys
2008-11-16 14:51 . 2008-11-16 14:51   <DIR>   d--------   c:\program files\Microsoft Works
2008-11-16 14:51 . 2006-10-26 19:58   30,512   --a------   c:\windows\system32\mdimon.dll
2008-11-16 14:47 . 2008-11-16 14:47   <DIR>   d--------   c:\windows\SHELLNEW
2008-11-16 14:46 . 2008-11-16 14:46   <DIR>   dr-h-----   C:\MSOCache
2008-11-16 14:46 . 2008-11-25 23:09   <DIR>   d--------   c:\documents and settings\All Users\Application Data\Microsoft Help
2008-11-13 23:13 . 2008-11-16 13:07   <DIR>   d--------   c:\documents and settings\lapek\Application Data\GanymedeNet
2008-11-13 23:12 . 2008-11-25 21:57   <DIR>   d--------   c:\program files\Ganymede
2008-11-12 12:01 . 2008-10-24 03:21   455,296   -----c---   c:\windows\system32\dllcache\mrxsmb.sys
2008-11-10 19:37 . 2008-11-10 19:37   126,129   --a------   C:\DSC_1025.JPG
2008-11-10 06:10 . 2008-11-25 21:59   <DIR>   d--------   c:\program files\VentriloMIX
2008-11-10 06:10 . 2008-11-10 06:10   <DIR>   d--------   c:\documents and settings\lapek\Application Data\Ventrilo

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-10 22:54   ---------   d-----w   c:\program files\Mozilla Thunderbird
2008-12-10 22:54   ---------   d-----w   c:\documents and settings\lapek\Application Data\Skype
2008-12-10 22:09   ---------   d-----w   c:\documents and settings\lapek\Application Data\foobar2000
2008-12-10 12:48   ---------   d-----w   c:\documents and settings\lapek\Application Data\skypePM
2008-12-10 03:19   ---------   d-----w   c:\documents and settings\lapek\Application Data\Azureus
2008-12-09 21:11   ---------   d-----w   c:\program files\NAPI-PROJEKT
2008-12-07 22:30   ---------   d-----w   c:\program files\Picasa2
2008-11-27 10:04   ---------   d-----w   c:\program files\IrfanView
2008-11-26 07:30   ---------   d-----w   c:\program files\SubEdit-Player
2008-11-26 07:19   410,976   ----a-w   c:\windows\system32\deploytk.dll
2008-11-26 07:14   ---------   d-----w   c:\program files\Vuze
2008-11-26 06:56   753,664   ----a-w   c:\windows\system32\nvcplui.exe
2008-11-26 06:56   442,368   ----a-w   c:\windows\system32\nvappbar.exe
2008-11-26 06:56   425,984   ----a-w   c:\windows\system32\keystone.exe
2008-11-26 06:56   356,352   ----a-w   c:\windows\system32\NVUNINST.EXE
2008-11-26 06:56   356,352   ----a-w   c:\windows\system32\nvudisp.exe
2008-11-26 06:56   293,376   ----a-w   c:\windows\system32\WISPTIS.EXE
2008-11-26 06:56   147,456   ----a-w   c:\windows\system32\nvcolor.exe
2008-11-26 06:56   126,976   ----a-w   c:\windows\system32\Prounstl.exe
2008-11-26 06:56   1,339,392   ----a-w   c:\windows\system32\nvdspsch.exe
2008-11-26 05:59   ---------   d-----w   c:\program files\SopCast
2008-11-26 05:58   ---------   d-----w   c:\program files\KeyTweak
2008-11-26 05:58   ---------   d-----w   c:\program files\K-Lite Codec Pack
2008-11-26 05:57   ---------   d-----w   c:\program files\foobar2000
2008-11-07 23:20   ---------   d-----w   c:\documents and settings\lapek\Application Data\PPMate
2008-11-07 23:19   ---------   d-----w   c:\program files\PPMate
2008-11-07 23:19   ---------   d-----w   c:\program files\Common Files\Synacast
2008-11-06 08:26   ---------   d-----w   c:\documents and settings\lapek\Application Data\Hide IP NG
2008-11-02 21:54   ---------   d-----w   c:\documents and settings\All Users\Application Data\Azureus
2008-10-31 15:35   ---------   d-----w   c:\program files\NOS
2008-10-31 15:35   ---------   d-----w   c:\documents and settings\All Users\Application Data\NOS
2008-10-31 07:37   ---------   d-----w   c:\program files\Damian Pasternak
2008-10-30 23:57   ---------   d-----w   c:\program files\Common Files\Adobe AIR
2008-10-30 23:56   ---------   d-----w   c:\program files\Common Files\Adobe
2008-10-29 03:55   ---------   dcsh--w   c:\program files\Common Files\WindowsLiveInstaller
2008-10-29 03:55   ---------   d-----w   c:\program files\Windows Live
2008-10-29 03:34   ---------   d-----w   c:\documents and settings\All Users\Application Data\WLInstaller
2008-10-24 11:21   455,296   ----a-w   c:\windows\system32\drivers\mrxsmb.sys
2008-10-19 22:06   ---------   d-----w   c:\program files\Google
2008-10-16 22:13   202,776   ----a-w   c:\windows\system32\wuweb.dll
2008-10-16 22:13   1,809,944   ----a-w   c:\windows\system32\wuaueng.dll
2008-10-16 22:12   561,688   ----a-w   c:\windows\system32\wuapi.dll
2008-10-16 22:12   323,608   ----a-w   c:\windows\system32\wucltui.dll
2008-10-16 22:09   92,696   ----a-w   c:\windows\system32\cdm.dll
2008-10-16 22:09   51,224   ----a-w   c:\windows\system32\wuauclt.exe
2008-10-16 22:09   43,544   ----a-w   c:\windows\system32\wups2.dll
2008-10-16 22:08   34,328   ----a-w   c:\windows\system32\wups.dll
2008-10-16 22:06   268,648   ----a-w   c:\windows\system32\mucltui.dll
2008-10-16 22:06   208,744   ----a-w   c:\windows\system32\muweb.dll
2008-10-14 23:04   ---------   d-----w   c:\program files\WIDCOMM
2008-10-14 22:53   ---------   d--h--w   c:\program files\InstallShield Installation Information
2008-10-14 22:53   ---------   d-----w   c:\program files\NetWaiting
2008-10-14 22:53   ---------   d-----w   c:\program files\CONEXANT
2008-10-14 22:53   ---------   d-----w   c:\program files\Common Files\InstallShield
2008-10-14 22:52   ---------   d-----w   c:\program files\Hewlett-Packard
2008-10-14 22:42   ---------   d-----w   c:\program files\Driver-Soft
2008-10-14 22:13   ---------   d-----w   c:\documents and settings\lapek\Application Data\Thunderbird
2008-10-14 22:10   ---------   d-----w   c:\program files\Skype
2008-10-14 22:10   ---------   d-----w   c:\program files\Common Files\Skype
2008-10-14 22:10   ---------   d-----w   c:\documents and settings\All Users\Application Data\Skype
2008-10-14 21:37   ---------   d-----w   c:\program files\Gadu-Gadu
2008-10-14 20:15   ---------   d-----w   c:\program files\Intel
2008-10-14 20:09   ---------   d-----w   c:\program files\Nvidia Omega Drivers
2008-10-14 18:21   ---------   d-----w   c:\program files\DIFX
2008-10-14 18:20   ---------   d-----w   c:\program files\Broadcom
2008-10-14 18:20   ---------   d-----w   c:\documents and settings\lapek\Application Data\InstallShield
2008-10-14 17:56   ---------   d-----w   c:\program files\microsoft frontpage
2008-09-15 12:12   1,846,400   ----a-w   c:\windows\system32\win32k.sys
2008-09-10 01:14   1,307,648   ----a-w   c:\windows\system32\msxml6.dll
2008-02-01 08:39   113,664   ----a-w   c:\windows\inf\hdaudio.sys
.

(((((((((((((((((((((((((((((   snapshot@2008-12-07_18.51.06.35   )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-12-10 22:53:34   16,384   ----atw   c:\windows\Temp\Perflib_Perfdata_73c.dat
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2005-03-31 790528]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-09-23 21755688]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2007-11-30 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-14 1694208]
"Steam"="d:\steam\steam.exe" [2008-11-14 1410296]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]
"vamsoft"="c:\windows\system32\vamsoft.exe" [2008-12-10 108501]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-04 8523776]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-04 81920]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-01-10 472776]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"V0470Mon.exe"="c:\windows\V0470Mon.exe" [2007-06-04 32768]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-25 136600]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-07-27 c:\windows\system32\CHDAudPropShortcut.exe]
"nwiz"="nwiz.exe" [2007-12-04 c:\windows\system32\nwiz.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-05-12 581693]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders   msapsspc.dll, schannel.dll, digest.dll, credssp.dll, msnsspc.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

S2 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe []
S3 VF0470Vid;Live! Cam Notebook (VF0470);c:\windows\system32\DRIVERS\V0470Vid.sys [2008-11-03 146720]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6f6999a7-a6de-11dd-ab3d-0016369cfc48}]
\Shell\AutoRun\command - h:\config\S-1-5-21-1482476501-1644491937-682003330-1013\Cfg.exe
\Shell\open\command - h:\config\S-1-5-21-1482476501-1644491937-682003330-1013\Cfg.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{821258c8-a86d-11dd-ab42-0016369cfc48}]
\Shell\AutoRun\command - G:\abk.bat
\Shell\explore\Command - G:\abk.bat
\Shell\open\Command - G:\abk.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ba176c36-9cb5-11dd-ab13-0016369cfc48}]
\Shell\AutoRun\command - g:\config\S-1-5-21-1482476501-1644491937-682003330-1013\Cfg.exe
\Shell\open\command - g:\config\S-1-5-21-1482476501-1644491937-682003330-1013\Cfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{28ABC5C0-4FCB-11CF-AAX5-21CX5C574571}]
c:\config\S-1-5-21-1482476501-1644491937-682003330-1013\Cfg.exe
.
.
------- Skan uzupełniający -------
.
uInternet Settings,ProxyServer = socks=
IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Wyślij do interfejsu &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
TCP: {46B4E1DA-7249-4484-AA5D-28F1D05980EE} = 192.168.0.1

c:\windows\system32\SkanerOnlineUninstall.exe - c:\windows\system32\SkanerOnline.dll
O16 -: {68282C51-9459-467B-95BF-3C0E89627E55}
hxxp://www.mks.com.pl/skaner/SkanerOnline.cab
c:\windows\Downloaded Program Files\SkanerOnline.inf
FireFox -: Profile - c:\documents and settings\lapek\Application Data\Mozilla\Firefox\Profiles\tdmdl5c9.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - www.google.com
FF -: plugin - c:\documents and settings\lapek\Application Data\Mozilla\plugins\npoctoshape.dll
FF -: plugin - c:\documents and settings\lapek\Local Settings\Application Data\Octoshape\Octoshape Streaming Services\octoprogram-L03-NMS0810164_SUA_900\npoctoshape.dll
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npjp2.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\np_gp.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npdeploytk.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npganymedenet.dll
FF -: plugin - c:\program files\Picasa2\npPicasa2.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-10 14:56:36
Windows 5.1.2600 Service Pack 3, v.5657 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
Czas ukończenia: 2008-12-10 14:57:03
ComboFix-quarantined-files.txt  2008-12-10 22:56:55
ComboFix2.txt  2008-12-09 04:38:33
ComboFix3.txt  2008-12-08 02:51:30

Przed: 935,743,488 bytes free
Po: 922,406,912 bytes free

251   --- E O F ---   2008-12-10 22:21:16


przed zrobieniem tego kilka razy przy starcie windy pojawil mi sie blad explorer.exe i mialem problemy z otwieraniem stron poki nie dalem ostatnio znanej dobrej konfiguracji a do tego zawiesil mi sie CF za 1 razem dlatego dorzucam log z HJT

Kod: Zaznacz wszystko

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:00:59, on 2008-12-10
Platform: Windows XP SP3, v.5657 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\WINDOWS\V0470Mon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
D:\steam\steam.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [V0470Mon.exe] C:\WINDOWS\V0470Mon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Steam] "d:\steam\steam.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [vamsoft] C:\WINDOWS\system32\vamsoft.exe
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Wyślij do interfejsu &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{46B4E1DA-7249-4484-AA5D-28F1D05980EE}: NameServer = 192.168.0.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA-OMEGA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 6701 bytes


[wojtas]

Otworz notatnik i wklej w nim to:

File::
c:\windows\system32\vbsdfe1.dll
C:\6fnlpetp.exe
c:\windows\system32\vamsoft.exe
c:\windows\system32\vbsdfe0.dll

Folder::
c:\program files\AskBardis

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"vamsoft"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6f6999a7-a6de-11dd-ab3d-0016369cfc48}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{821258c8-a86d-11dd-ab42-0016369cfc48}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ba176c36-9cb5-11dd-ab13-0016369cfc48}]
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{28ABC5C0-4FCB-11CF-AAX5-21CX5C574571}]

>>Plik>>Zapisz jako... >>> CFScript
Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe
-->
Ma się rozpocząć usuwanie. (i powstanie log).Daj ten log, który powstanie w trakcie usuwania.