straszne zamulenie kompa log do spr

[bartoex]

Tak jak w opisie straszne zamulenie kompa i neta Prosze o spr loga

Logfile of HijackThis v1.99.1
Scan saved at 16:28, on 2007-12-10
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\NEOSTR~1\CnxMon.exe
C:\Program Files\Neostrada TP\taskbaricon.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Neostrada TP\Watch.exe
C:\Program Files\Neostrada TP\NeostradaTP.exe
C:\Program Files\Neostrada TP\ComComp.exe
D:\Programy\Gadu-Gadu\gg.exe
C:\Program Files\Xfire\xfire.exe
D:\Programy2\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowsxlive.net/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\Program Files\Neostrada TP\taskbaricon.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Odkurzacz-MCD] C:\Program Files\Odkurzacz\odk_mcd.exe
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Pobierz za pomocą Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{8E60D7BF-64FB-43D8-BCCD-32B543BA4F80}: NameServer = 194.204.152.34 217.98.63.164
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe

[wojtas]

Wykonaj to co jest podane w tym temacie

daj loga z combofixa

[bartoex]

ComboFix 07-12-09.1 - BartoeX 2007-12-10 17:37:24.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1143 [GMT 1:00]
Running from: C:\Documents and Settings\BartoeX\Pulpit\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\pskill.exe
C:\WINDOWS\system32\wpcap.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_NPF
-------\NPF




((((((((((((((((((((((((( Files Created from 2007-11-10 to 2007-12-10 )))))))))))))))))))))))))))))))
.

2007-12-10 16:09 . 2007-12-10 16:18 <DIR> d-------- C:\Program Files\Odkurzacz
2007-12-06 15:04 . 2007-12-06 15:04 <DIR> d-------- C:\Program Files\PrivacyEraser Computing
2007-12-03 21:27 . 2007-12-03 21:40 674,600 --a------ C:\WINDOWS\system32\pbsvc.exe
2007-12-03 21:27 . 2007-12-03 21:41 22,328 --a------ C:\Documents and Settings\BartoeX\Dane aplikacji\PnkBstrK.sys
2007-12-03 19:37 . 2007-12-10 16:27 <DIR> d-------- C:\Program Files\CCleaner
2007-12-02 18:27 . 2007-12-02 18:27 <DIR> d-------- C:\Program Files\Common Files\Ahead
2007-12-02 18:27 . 2007-12-02 18:27 <DIR> d-------- C:\Program Files\Ahead
2007-12-02 18:27 . 2004-07-26 16:16 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
2007-12-02 18:27 . 2004-07-26 16:16 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
2007-12-02 18:27 . 2004-07-26 16:16 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
2007-12-02 18:27 . 2004-07-26 16:16 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
2007-12-02 18:27 . 2001-07-09 10:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2007-12-02 18:27 . 2004-03-02 16:37 125,184 --------- C:\WINDOWS\system32\drivers\imagesrv.sys
2007-12-02 18:27 . 2000-06-26 10:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2007-12-02 18:27 . 2004-03-02 16:37 5,504 --------- C:\WINDOWS\system32\drivers\imagedrv.sys
2007-11-29 14:40 . 2007-11-29 14:49 <DIR> d-------- C:\Program Files\Microsoft Bootvis
2007-11-29 14:39 . 2007-11-29 14:39 25,992 --a------ C:\WINDOWS\system32\pgdfgsvc.exe
2007-11-29 03:39 . 2007-11-29 03:39 2,359,350 --a------ C:\WINDOWS\BricoPack Wallpaper.bmp
2007-11-29 03:39 . 2007-11-29 03:39 69,057 --a------ C:\WINDOWS\BricoPackUninst.cmd
2007-11-29 03:37 . 2007-11-29 03:37 <DIR> d-------- C:\WINDOWS\BricoPacks
2007-11-29 03:37 . 2007-11-29 03:39 5,468 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
2007-11-29 02:03 . 2007-11-29 02:03 <DIR> d-------- C:\WINDOWS\system32\VIRepair
2007-11-29 01:50 . 2007-11-29 01:50 <DIR> d-------- C:\Program Files\TrueTransparency
2007-11-29 01:50 . 2007-11-29 02:03 <DIR> d-------- C:\Program Files\Styler
2007-11-29 01:48 . 2007-11-29 01:48 78,942 --a------ C:\WINDOWS\Icon_2.ico
2007-11-28 23:26 . 2007-11-29 01:53 <DIR> d-------- C:\Documents and Settings\BartoeX\Dane aplikacji\ViStart
2007-11-28 23:20 . 2004-08-03 23:44 3,128,320 --a------ C:\WINDOWS\system32\logon.scr
2007-11-28 23:17 . 2007-11-29 02:05 <DIR> d-------- C:\WINDOWS\system32\VITrans
2007-11-28 23:17 . 2006-12-03 17:15 111,104 --a------ C:\WINDOWS\system32\Uharc.exe
2007-11-28 23:17 . 2007-11-28 23:17 78,942 --a------ C:\WINDOWS\Icon_1.ico
2007-11-28 23:17 . 2006-12-03 17:15 19,968 --a------ C:\WINDOWS\system32\reico.exe
2007-11-28 23:17 . 2006-12-03 17:14 8,636 --a------ C:\WINDOWS\system32\modifype.exe
2007-11-28 03:08 . 2007-11-28 03:11 <DIR> d--h----- C:\WINDOWS\Icons
2007-11-27 22:56 . 1998-06-18 11:58 94,208 --a------ C:\WINDOWS\system32\msstkprp.dll
2007-11-26 22:38 . 2007-11-26 22:38 7,168 --ahs---- C:\WINDOWS\Thumbs.db
2007-11-25 03:19 . 2007-12-10 16:27 <DIR> d-------- C:\Program Files\Trojan Remover
2007-11-25 03:19 . 2007-11-25 03:19 <DIR> d-------- C:\Documents and Settings\BartoeX\Dane aplikacji\Simply Super Software
2007-11-25 03:19 . 2007-11-25 03:19 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Simply Super Software
2007-11-25 03:19 . 2006-05-25 14:52 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
2007-11-25 03:19 . 2003-02-02 19:06 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll
2007-11-25 03:19 . 2005-08-26 00:50 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll
2007-11-25 03:19 . 2002-03-06 00:00 75,264 --a------ C:\WINDOWS\system32\unacev2.dll
2007-11-25 03:19 . 2006-06-19 12:01 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll
2007-11-25 03:14 . 2007-11-25 03:14 <DIR> d-------- C:\Program Files\Wirtualna Polska
2007-11-25 03:14 . 2007-12-10 14:33 <DIR> d-------- C:\Program Files\Ganymede
2007-11-25 03:14 . 2007-11-25 03:14 4 --a------ C:\WINDOWS\system32\AMD Athlon(tm) 64 Processor 3800+_V1_V1.bin
2007-11-25 03:09 . 2007-11-25 03:09 <DIR> d-------- C:\WINDOWS\NU_DATA
2007-11-25 02:34 . 2007-11-25 02:34 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Trymedia
2007-11-24 18:59 . 2007-11-24 18:59 1,834 --a------ C:\WINDOWS\system32\sdbackup.reg
2007-11-24 14:08 . 2007-11-24 14:12 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2007-11-24 00:57 . 2007-11-24 00:57 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2007-11-20 16:41 . 2007-11-20 16:41 <DIR> d-------- C:\Program Files\DAEMON Tools
2007-11-19 15:07 . 2007-11-19 15:07 <DIR> d-------- C:\Documents and Settings\BartoeX\Dane aplikacji\dBpoweramp
2007-11-18 00:29 . 2007-12-03 22:17 <DIR> d-------- C:\Program Files\Teamspeak2_RC2
2007-11-15 21:45 . 2007-11-15 21:45 <DIR> d-------- C:\Program Files\Game Graphic Studio
2007-11-15 16:47 . 2007-11-29 14:44 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-11-15 16:47 . 2007-12-06 15:22 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2007-11-15 16:47 . 2007-12-03 21:40 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2007-11-15 16:47 . 2007-12-04 18:26 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-11-13 22:10 . 2007-11-13 22:10 50 --a------ C:\WINDOWS\MegaManager.INI
2007-11-13 21:55 . 2007-11-13 21:55 <DIR> d-------- C:\Program Files\WapSter
2007-11-13 21:55 . 2007-11-13 21:55 <DIR> d-------- C:\Documents and Settings\BartoeX\WapSter
2007-11-13 17:39 . 2007-11-13 17:39 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files
2007-11-11 00:23 . 2007-11-11 00:23 <DIR> d-------- C:\Program Files\TZ Connection Booster

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-10 16:27 --------- d-----w C:\Program Files\Neostrada TP
2007-12-10 16:22 --------- d-----w C:\Documents and Settings\BartoeX\Dane aplikacji\Xfire
2007-12-10 16:00 --------- d-----w C:\Documents and Settings\BartoeX\Dane aplikacji\GanymedeNet
2007-12-10 15:30 --------- d-----w C:\Documents and Settings\BartoeX\Dane aplikacji\SBMAV Disk Cleaner
2007-12-10 15:27 --------- d-----w C:\Program Files\The All-Seeing Eye
2007-12-10 15:27 --------- d-----w C:\Program Files\Driver Cleaner
2007-12-10 15:27 --------- d-----w C:\Program Files\DkZ Studio
2007-12-10 15:27 --------- d-----w C:\Documents and Settings\BartoeX\Dane aplikacji\Winamp
2007-12-10 15:27 --------- d-----w C:\Documents and Settings\BartoeX\Dane aplikacji\uTorrent
2007-12-10 15:18 --------- d-----w C:\Program Files\Imesh
2007-12-05 20:25 --------- d-----w C:\Documents and Settings\BartoeX\Dane aplikacji\teamspeak2
2007-12-04 11:18 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-03 18:45 --------- d-----w C:\Program Files\Xfire
2007-12-03 18:45 --------- d-----w C:\Documents and Settings\BartoeX\Dane aplikacji\Hamachi
2007-11-29 02:39 219,648 ----a-w C:\WINDOWS\system32\uxtheme.dll
2007-11-29 02:11 --------- d-----w C:\Program Files\Realtek
2007-11-25 01:52 --------- d-----w C:\Documents and Settings\BartoeX\Dane aplikacji\BitTorrent
2007-11-24 17:43 737,280 ----a-w C:\WINDOWS\iun6002.exe
2007-11-24 17:40 --------- d-----w C:\Program Files\Google
2007-11-24 12:13 --------- d---a-w C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2007-11-23 23:12 --------- d-----w C:\Documents and Settings\BartoeX\Dane aplikacji\iMesh
2007-11-08 23:49 --------- d-----w C:\Documents and Settings\BartoeX\Dane aplikacji\Sports Interactive
2007-11-08 18:39 --------- d-----w C:\Documents and Settings\BartoeX\Dane aplikacji\Megaupload
2007-11-06 18:04 --------- d-----w C:\Program Files\TuneUp Utilities 2006
2007-11-05 23:38 4,229,496 ----a-w C:\WINDOWS\system32\SpoonUninstall.exe
2007-11-05 23:38 --------- d-----w C:\Program Files\Illustrate
2007-11-05 23:19 --------- d-----w C:\Program Files\NCH Swift Sound
2007-11-05 23:15 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\NCH Swift Sound
2007-11-05 12:06 --------- d-----w C:\Program Files\Winamp
2007-11-03 17:55 --------- d-----w C:\Program Files\NuGardt Software
2007-10-27 21:17 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-10-27 21:17 --------- d--h--r C:\Documents and Settings\BartoeX\Dane aplikacji\SecuROM
2007-10-26 15:50 --------- d-----w C:\Documents and Settings\BartoeX\Dane aplikacji\Tibia
2007-10-26 15:49 --------- d-----w C:\Program Files\Tibia
2007-10-24 14:48 --------- d-----w C:\Program Files\VID_0E8F&PID_0012
2007-10-24 14:48 --------- d-----w C:\Program Files\USB Vibration
2007-10-23 07:29 --------- d-----w C:\Program Files\AlleGen
2007-10-22 13:47 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help
2007-10-22 13:45 --------- d-----w C:\Program Files\MSBuild
2007-10-22 13:45 --------- d-----w C:\Program Files\Microsoft Works
2007-10-22 13:33 --------- d-----w C:\Documents and Settings\NetworkService\Dane aplikacji\Xfire
2007-10-14 21:53 163,644 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-10-10 07:19 --------- d-----w C:\Documents and Settings\LocalService\Dane aplikacji\Xfire
2007-10-07 18:15 14,336 ----a-w C:\WINDOWS\system32\svchost.exe
2007-10-01 10:35 90,112 ----a-w C:\WINDOWS\system32\agsaami.dll
2007-10-01 10:35 610,304 ----a-w C:\WINDOWS\system32\agsaamg.dll
2007-10-01 10:35 372,736 ----a-w C:\WINDOWS\system32\agsaamc.dll
2007-10-01 10:35 2,535,424 ----a-w C:\WINDOWS\system32\agsaamj.dll
2007-09-11 09:17 81,920 ----a-w C:\WINDOWS\system32\frapsvid.dll
2007-09-09 12:02 23 --sha-w C:\WINDOWS\system32\cabeb_r.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Groove Explorer Icon Overlay 1 (GFS Unread Stub)]
@={99FD978C-D287-4F50-827F-B2C658EDA8E7}
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Groove Explorer Icon Overlay 2 (GFS Stub)]
@={AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)]
@={920E6DB1-9907-4370-B3A0-BAFC03D81399}
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Groove Explorer Icon Overlay 3 (GFS Folder)]
@={16F3DD56-1AF5-4347-846D-7C10C4192619}
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Groove Explorer Icon Overlay 4 (GFS Unread Mark)]
@={2916C86E-86A6-43FE-8112-43ABE6BF8DCC}
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Offline Files]

[HKEY_CLASSES_ROOT\CLSID\{99FD978C-D287-4F50-827F-B2C658EDA8E7}]
2006-10-26 23:48 2210608 --a------ C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL

[HKEY_CLASSES_ROOT\CLSID\{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}]
2006-10-26 23:48 2210608 --a------ C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL

[HKEY_CLASSES_ROOT\CLSID\{920E6DB1-9907-4370-B3A0-BAFC03D81399}]
2006-10-26 23:48 2210608 --a------ C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL

[HKEY_CLASSES_ROOT\CLSID\{16F3DD56-1AF5-4347-846D-7C10C4192619}]
2006-10-26 23:48 2210608 --a------ C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL

[HKEY_CLASSES_ROOT\CLSID\{2916C86E-86A6-43FE-8112-43ABE6BF8DCC}]
2006-10-26 23:48 2210608 --a------ C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:44]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-11-08 19:41]
"Odkurzacz-MCD"="C:\Program Files\Odkurzacz\odk_mcd.exe" [2007-03-02 22:38]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-03 23:44 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2006-08-11 14:43 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-03 23:44 C:\WINDOWS\system32\rundll32.exe]
"WooCnxMon"="C:\PROGRA~1\NEOSTR~1\CnxMon.exe" [2003-10-16 18:07]
"WOOWATCH"="C:\PROGRA~1\NEOSTR~1\Watch.exe" [2003-10-16 18:07]
"WOOTASKBARICON"="C:\Program Files\Neostrada TP\taskbaricon.exe" [2003-10-16 18:07]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 23:47]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 11:48]
"RTHDCPL"="RTHDCPL.EXE" [2007-05-10 11:08 C:\WINDOWS\RTHDCPL.exe]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:44]

C:\Documents and Settings\BartoeX\Menu Start\Programy\Autostart\
RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-18 23:05:02]
Xfire.lnk - C:\Program Files\Xfire\xfire.exe [2007-11-15 02:00:40]
Y'z Shadow.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe [2006-05-21 08:43:14]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26]
DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2007-10-01 20:07:58]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^BartoeX^Menu Start^Programy^Autostart^hamachi.lnk]
path=C:\Documents and Settings\BartoeX\Menu Start\Programy\Autostart\hamachi.lnk
backup=C:\WINDOWS\pss\hamachi.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
C:\Program Files\BitTorrent\bittorrent.exe --force_start_minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe /startoptions

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2007-08-31 15:46 1460560 --a------ C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner]
2007-11-25 03:17 726608 --a------ C:\Program Files\Trojan Remover\Trjscan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2007-10-10 06:28 36352 --a------ C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2 (0x2)
"wscsvc"=2 (0x2)
"Alerter"=2 (0x2)

S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
S3 ZDCndis5;ZDCndis5 Protocol Driver;\??\C:\WINDOWS\system32\ZDCndis5.SYS

.
Contents of the 'Scheduled Tasks' folder
"2007-12-07 16:15:59 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.2180]
-> C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.dll
.
**************************************************************************

catchme 0.3.1331 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-10 17:39:04
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-10 17:39:39
.
--- E O F ---

[wojtas]

combofix usunal troche smieci:

C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\pskill.exe
C:\WINDOWS\system32\wpcap.dll

w logu juz nic nie ma