prosze o sprawdzenie loga,wolny komp

[aanusia]

Komp zaczal bardzo wolno chodzic,przy skanowaniu pojawia sie informacja,ze jest wirus Win32/Adware.WhenU.SaveNow. ale nie da sie go usunac:(

Logfile of HijackThis v1.99.1
Scan saved at 00:32, on 2008-03-17
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\GlobespanVirata\XPFix.exe
C:\Program Files\Eset\nod32kui.exe
E:\Ania\BearShare.exe
D:\Winamp\winampa.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
E:\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\Instalki\FotoStation Easy AutoLaunch.exe
C:\Program Files\Eset\nod32krn.exe
E:\Spyware Doctor\pctsAuxs.exe
E:\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe
E:\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
D:\Winamp\winamp.exe
D:\Winamp\winamp.exe
C:\Program Files\iTunes\iTunes.exe
D:\Programy\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=66005
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=66005
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=66005
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=66005
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=66005
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=33568
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [XPFix] C:\Program Files\GlobespanVirata\XPFix.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [BearShare] "E:\Ania\BearShare.exe" /pause
O4 - HKLM\..\Run: [WinampAgent] D:\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [Anti-Trojan-Watch] E:\Anti-Trojan-55\ATWatch.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [ISTray] "E:\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Picasa Media Detector] E:\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [ManyCam] "E:\ManyCam 2.1\ManyCam.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: OpenOffice.ux.pl 2.0.2.lnk = D:\OpenOffice.ux.pl 2.0.2\program\quickstart.exe
O4 - Global Startup: FotoStation Easy AutoLaunch.lnk = ?
O4 - Global Startup: Program sieciowy dla SAGEM Wi-Fi 11g USB adapter.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Urządzenie mobilne Apple (Apple Mobile Device) - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Usługa iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - E:\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - E:\Spyware Doctor\pctsSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

Bardzo prosze o pomoc,bo strasznie trudno cos robic na takim zamulonym kompie:(

[Dzi@dek]

Zastosuj sie do tego tematu:
http://forum.programosy.pl/bad-generic-host-process-for-win32-services-vt79489.html

Daj log z Combofix

[aanusia]

ComboFix 08-03-14.4 - scf 2008-03-17 23:55:46.1 - NTFSx86
Running from: D:\Programy\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-02-17 to 2008-03-17 )))))))))))))))))))))))))))))))
.

2008-03-17 00:39 . 2005-11-23 06:25 385,024 --a------ C:\WINDOWS\system32\XPControls.ocx
2008-03-17 00:39 . 1998-06-24 09:55 140,096 --a------ C:\WINDOWS\system32\COMDLG32.OCX
2008-03-16 23:51 . 2008-03-17 00:15 <DIR> d-------- C:\Program Files\RegClean
2008-03-16 23:51 . 2008-03-16 23:57 <DIR> d-------- C:\Documents and Settings\scf\Dane aplikacji\RegClean
2008-03-16 20:17 . 2008-03-17 11:08 3,600 --a------ C:\WINDOWS\system32\tmp.reg
2008-03-16 17:42 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-03-16 17:42 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-03-16 17:42 . 2008-03-14 09:09 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-03-16 17:42 . 2008-03-15 17:16 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-03-16 17:42 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-03-16 17:42 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-03-16 17:42 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-03-16 01:29 . 2008-03-17 23:47 <DIR> d-a------ C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2008-03-16 01:28 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-03-16 01:28 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-03-16 01:28 . 2007-12-10 14:53 41,864 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-03-16 01:28 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-03-16 01:27 . 2008-03-16 01:27 <DIR> d-------- C:\Documents and Settings\scf\Dane aplikacji\PC Tools
2008-03-13 00:35 . 2008-03-13 00:35 335 --a------ C:\WINDOWS\mozregistry.dat
2008-03-13 00:13 . 2008-03-13 00:13 <DIR> d-------- C:\Documents and Settings\scf\Dane aplikacji\BESTplayer
2008-03-12 23:37 . 2008-03-12 23:37 577,536 --a------ C:\WINDOWS\system32\ac3filter.ax
2008-03-12 23:36 . 2008-03-12 23:36 892,928 --a------ C:\WINDOWS\system32\iconv.dll
2008-03-12 23:36 . 2008-03-12 23:36 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2008-03-12 23:35 . 2008-03-12 23:35 755,027 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-03-12 23:35 . 2008-03-12 23:35 344,394 --a------ C:\WINDOWS\system32\xvid.ax
2008-03-12 21:59 . 2008-03-17 16:05 <DIR> d-------- C:\Documents and Settings\scf\Dane aplikacji\skypePM
2008-03-12 21:59 . 2008-03-12 21:59 32 --a------ C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat
2008-03-12 21:56 . 2008-03-12 21:56 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-03-10 18:14 . 2008-03-10 18:14 <DIR> d-------- C:\Program Files\SAGEM WiFi manager
2008-03-10 18:14 . 2008-03-10 18:14 <DIR> d-------- C:\Program Files\SAGEM
2008-03-10 18:14 . 2007-01-16 13:52 20,608 --a------ C:\WINDOWS\system32\drivers\BRGSp50.sys
2008-03-10 18:14 . 2007-01-16 13:52 17,664 --a------ C:\WINDOWS\system32\drivers\ZDPSp50.sys
2008-03-10 18:11 . 2007-01-10 10:14 450,560 --a------ C:\WINDOWS\system32\drivers\WlanBZXP.sys
2008-03-10 18:11 . 2005-06-17 10:26 114,688 --a------ C:\WINDOWS\system32\WLANUTL.dll
2008-03-10 18:11 . 2005-06-17 10:26 61,440 --a------ C:\WINDOWS\system32\W32N50.dll
2008-03-04 20:45 . 2004-08-03 23:10 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys
2008-03-04 20:45 . 2004-08-03 23:10 10,880 --a--c--- C:\WINDOWS\system32\dllcache\ndisip.sys
2008-03-04 20:45 . 2004-08-03 22:58 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2008-03-04 20:45 . 2004-08-03 22:58 5,504 --a--c--- C:\WINDOWS\system32\dllcache\mstee.sys
2008-03-04 20:43 . 2004-08-04 00:44 54,784 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2008-03-04 20:43 . 2004-08-04 00:44 54,784 --a--c--- C:\WINDOWS\system32\dllcache\vfwwdm32.dll
2008-03-04 20:43 . 2004-08-04 00:44 43,008 --a------ C:\WINDOWS\system32\ksxbar.ax
2008-03-04 20:43 . 2004-08-04 00:44 43,008 --a--c--- C:\WINDOWS\system32\dllcache\ksxbar.ax
2008-03-04 20:35 . 2008-03-04 20:38 <DIR> d-------- C:\Program Files\Common Files\Logitech
2008-03-04 20:35 . 2008-03-04 20:35 <DIR> d-------- C:\Program Files\Common Files\Logishrd
2008-03-04 20:34 . 2008-03-04 20:34 <DIR> d-------- C:\Program Files\Logitech
2008-03-04 20:34 . 2008-03-04 20:34 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Logitech
2008-02-20 16:08 . 2008-02-20 16:08 <DIR> d-------- C:\Documents and Settings\scf\Dane aplikacji\InstallShield
2008-02-20 16:04 . 2008-02-20 16:08 <DIR> d-------- C:\Program Files\Avanquest update
2008-02-20 16:04 . 2004-08-03 23:08 25,600 --a------ C:\WINDOWS\system32\drivers\usbser.sys
2008-02-20 16:04 . 2004-08-03 23:08 25,600 --a--c--- C:\WINDOWS\system32\dllcache\usbser.sys
2008-02-20 16:04 . 2003-12-26 08:22 24,192 -ra------ C:\WINDOWS\system32\drivers\OLD1178.tmp
2008-02-20 16:02 . 2008-02-20 16:13 <DIR> d-------- C:\Program Files\Motorola Phone Tools
2008-02-20 16:02 . 2008-02-20 16:16 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\BVRP Software
2008-02-20 16:01 . 2008-02-20 16:13 92,064 --a------ C:\Documents and Settings\scf\mqdmmdm.sys
2008-02-20 16:01 . 2008-02-20 16:13 79,328 --a------ C:\Documents and Settings\scf\mqdmserd.sys
2008-02-20 16:01 . 2008-02-20 16:13 66,656 --a------ C:\Documents and Settings\scf\mqdmbus.sys
2008-02-20 16:01 . 2008-02-20 16:13 25,600 --a------ C:\Documents and Settings\scf\usbsermptxp.sys
2008-02-20 16:01 . 2008-02-20 16:13 22,768 --a------ C:\Documents and Settings\scf\usbsermpt.sys
2008-02-20 16:01 . 2008-02-20 16:13 9,232 --a------ C:\Documents and Settings\scf\mqdmmdfl.sys
2008-02-20 16:01 . 2008-02-20 16:13 6,208 --a------ C:\Documents and Settings\scf\mqdmcmnt.sys
2008-02-20 16:01 . 2008-02-20 16:13 5,936 --a------ C:\Documents and Settings\scf\mqdmwhnt.sys
2008-02-20 16:01 . 2008-02-20 16:13 4,048 --a------ C:\Documents and Settings\scf\mqdmcr.sys
2008-02-20 00:26 . 2008-02-20 00:27 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Lavasoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-17 19:56 --------- d-----w C:\Documents and Settings\scf\Dane aplikacji\Skype
2008-03-17 10:54 --------- d-----w C:\Program Files\DivX
2008-03-17 10:45 --------- d-----w C:\Program Files\Yahoo!
2008-03-17 00:44 --------- d-----w C:\Documents and Settings\scf\Dane aplikacji\OpenOffice.ux.pl2
2008-03-16 21:51 --------- d-----w C:\Documents and Settings\scf\Dane aplikacji\uTorrent
2008-03-16 11:06 --------- d-----w C:\Documents and Settings\scf\Dane aplikacji\BSplayer
2008-03-12 22:31 --------- d-----w C:\Program Files\AdVantage
2008-03-12 20:56 --------- d-----w C:\Program Files\Skype
2008-03-12 20:43 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Skype
2008-03-10 17:14 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-07 15:36 --------- d-----w C:\Program Files\uTorrent
2008-03-06 01:01 --------- d-----w C:\Documents and Settings\scf\Dane aplikacji\Lavasoft
2008-03-01 07:17 --------- d-----w C:\Program Files\Gadu-Gadu
2008-02-27 23:53 --------- d-----w C:\Program Files\Common Files\PCSuite
2008-02-27 19:51 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-19 14:42 --------- d-----w C:\Program Files\ESET
2008-02-01 20:22 --------- d-----w C:\Documents and Settings\scf\Dane aplikacji\BSplayer Pro
2008-01-31 16:48 --------- d-----w C:\Program Files\iTunes
2008-01-30 00:50 --------- d-----w C:\Program Files\Windows Installer Clean Up
2008-01-30 00:49 --------- d-----w C:\Program Files\MSECACHE
2008-01-29 23:41 1,505 ----a-w C:\Program Files\Adobe Reader 8.lnk
2008-01-29 21:20 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\FLEXnet
2008-01-25 00:04 --------- d-----w C:\Program Files\Google
2008-01-22 12:01 740,442 ----a-w C:\WINDOWS\system32\DivX.dll
2007-07-21 07:11 15,732,984 ----a-w C:\Program Files\GoogleEarthWin_EARA.exe
2007-06-02 14:27 326 ---ha-w C:\Documents and Settings\All Users\hpothb07.dat
2007-06-02 14:27 325 ---ha-w C:\Documents and Settings\scf\hpothb07.dat
2006-09-22 16:08 1,468,464 ----a-w C:\Program Files\ccsetup132.exe
2006-09-17 16:23 1,441,018 ----a-w C:\Program Files\ALLPlayer(dobreprogramy.pl).exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2005-11-15 19:44 1200128]
"ManyCam"="E:\ManyCam 2.1\ManyCam.exe" [2007-08-20 11:44 1515520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-07-02 03:02 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-07-02 02:58 118784]
"AGRSMMSG"="AGRSMMSG.exe" [2004-02-21 05:00 88363 C:\WINDOWS\AGRSMMSG.exe]
"LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [2003-04-29 06:08 184320]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-07-24 05:49 102400]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-07-24 05:49 684032]
"XPFix"="C:\Program Files\GlobespanVirata\XPFix.exe" [2004-07-23 18:25 217188]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-09-21 09:58 949376]
"BearShare"="E:\Ania\BearShare.exe" [2006-08-01 17:04 3313664]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe" [2006-10-31 01:03 284184]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [2006-11-15 21:58 746520]
"ISTray"="E:\Spyware Doctor\pctsTray.exe" [2007-12-10 14:53 1103752]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [ ]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [ ]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
FotoStation Easy AutoLaunch.lnk - D:\Instalki\FotoStation Easy AutoLaunch.exe [2007-10-17 12:47:41 49152]
Program sieciowy dla SAGEM Wi-Fi 11g USB adapter.lnk - C:\Program Files\SAGEM WiFi manager\WLANUTL.exe [2008-03-10 18:14:47 950272]

[HKLM\~\startupfolder\C:^Documents and Settings^scf^Menu Start^Programy^Autostart^OpenOffice.ux.pl 2.0.2.lnk]
path=C:\Documents and Settings\scf\Menu Start\Programy\Autostart\OpenOffice.ux.pl 2.0.2.lnk
backup=C:\WINDOWS\pss\OpenOffice.ux.pl 2.0.2.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 D:\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-11-15 13:11 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
--a------ 2006-11-15 22:01 244512 C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 17:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-11-14 23:43 286720 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-02-06 18:21 21898024 C:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2004-12-22 10:09 77824 C:\WINDOWS\SOUNDMAN.EXE

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"=
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"=
"C:\\Program Files\\Gadu-Gadu\\gg.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"E:\\Ania\\BearShare.exe"=
"C:\\Program Files\\BearShare\\BearShare.exe"=
"E:\\eMule\\emule.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;C:\WINDOWS\system32\DRIVERS\ManyCam.sys [2007-03-22 13:17]
R3 PRISM_A00;PRISM 802.11 Driver;C:\WINDOWS\system32\DRIVERS\PRISMA00.sys [2004-07-20 20:16]
S3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;C:\WINDOWS\system32\DRIVERS\WlanBZXP.sys [2007-01-10 10:14]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a3fe7a80-6820-11dc-acd6-00904bca4cd6}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
\Shell\Open(&0)\command - Recycled\ctfmon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a7e09120-9e87-11dc-ad1b-00904bca4cd6}]
\Shell\Auto\command - I:\UFO.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL UFO.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-03-17 13:36:07 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-03-16 22:52:08 C:\WINDOWS\Tasks\RegClean Scheduled Scan.job"
- C:\Program Files\RegClean\RegClean.ex
- C:\Program Files\RegClean
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-17 23:59:10
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-18 0:01:29
.
2008-03-12 16:58:16 --- E O F ---

[wojtas]

Otworz notatnik i wklej w nim to:

File::
C:\WINDOWS\system32\drivers\OLD1178.tmp

Folder::
C:\Program Files\AdVantage

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a3fe7a80-6820-11dc-acd6-00904bca4cd6}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a7e09120-9e87-11dc-ad1b-00904bca4cd6}]

Plik >>> zapisz jako CFScript.txt .Plik przeciągnij i upuść na ikonę ComboFixa (tak jak tu ) . odczekaj az wygeneruje sie nowy log i go daj na forum oraz napisz gdzie wykrywa Ci wirusa tego

[aanusia]

ComboFix 08-03-14.4 - scf 2008-03-18 21:39:39.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.213 [GMT 1:00]
Running from: D:\Programy\ComboFix.exe
Command switches used :: D:\Programy\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\system32\drivers\OLD1178.tmp
.

((((((((((((((((((((((((( Files Created from 2008-02-18 to 2008-03-18 )))))))))))))))))))))))))))))))
.

2008-03-18 00:19 . 2008-03-18 00:19 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-18 00:19 . 2008-03-18 00:19 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-17 00:39 . 2005-11-23 06:25 385,024 --a------ C:\WINDOWS\system32\XPControls.ocx
2008-03-17 00:39 . 1998-06-24 09:55 140,096 --a------ C:\WINDOWS\system32\COMDLG32.OCX
2008-03-16 23:51 . 2008-03-17 00:15 <DIR> d-------- C:\Program Files\RegClean
2008-03-16 23:51 . 2008-03-16 23:57 <DIR> d-------- C:\Documents and Settings\scf\Dane aplikacji\RegClean
2008-03-16 20:17 . 2008-03-17 11:08 3,600 --a------ C:\WINDOWS\system32\tmp.reg
2008-03-16 17:42 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-03-16 17:42 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-03-16 17:42 . 2008-03-14 09:09 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-03-16 17:42 . 2008-03-15 17:16 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-03-16 17:42 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-03-16 17:42 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-03-16 17:42 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-03-16 01:29 . 2008-03-18 21:32 <DIR> d-a------ C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2008-03-16 01:28 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-03-16 01:28 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-03-16 01:28 . 2007-12-10 14:53 41,864 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-03-16 01:28 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-03-16 01:27 . 2008-03-16 01:27 <DIR> d-------- C:\Documents and Settings\scf\Dane aplikacji\PC Tools
2008-03-13 00:35 . 2008-03-13 00:35 335 --a------ C:\WINDOWS\mozregistry.dat
2008-03-13 00:13 . 2008-03-13 00:13 <DIR> d-------- C:\Documents and Settings\scf\Dane aplikacji\BESTplayer
2008-03-12 23:37 . 2008-03-12 23:37 577,536 --a------ C:\WINDOWS\system32\ac3filter.ax
2008-03-12 23:36 . 2008-03-12 23:36 892,928 --a------ C:\WINDOWS\system32\iconv.dll
2008-03-12 23:36 . 2008-03-12 23:36 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2008-03-12 23:35 . 2008-03-12 23:35 755,027 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-03-12 23:35 . 2008-03-12 23:35 344,394 --a------ C:\WINDOWS\system32\xvid.ax
2008-03-12 21:59 . 2008-03-18 16:05 <DIR> d-------- C:\Documents and Settings\scf\Dane aplikacji\skypePM
2008-03-12 21:59 . 2008-03-12 21:59 32 --a------ C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat
2008-03-12 21:56 . 2008-03-12 21:56 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-03-10 18:14 . 2008-03-10 18:14 <DIR> d-------- C:\Program Files\SAGEM WiFi manager
2008-03-10 18:14 . 2008-03-10 18:14 <DIR> d-------- C:\Program Files\SAGEM
2008-03-10 18:14 . 2007-01-16 13:52 20,608 --a------ C:\WINDOWS\system32\drivers\BRGSp50.sys
2008-03-10 18:14 . 2007-01-16 13:52 17,664 --a------ C:\WINDOWS\system32\drivers\ZDPSp50.sys
2008-03-10 18:11 . 2007-01-10 10:14 450,560 --a------ C:\WINDOWS\system32\drivers\WlanBZXP.sys
2008-03-10 18:11 . 2005-06-17 10:26 114,688 --a------ C:\WINDOWS\system32\WLANUTL.dll
2008-03-10 18:11 . 2005-06-17 10:26 61,440 --a------ C:\WINDOWS\system32\W32N50.dll
2008-03-04 20:45 . 2004-08-03 23:10 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys
2008-03-04 20:45 . 2004-08-03 23:10 10,880 --a--c--- C:\WINDOWS\system32\dllcache\ndisip.sys
2008-03-04 20:45 . 2004-08-03 22:58 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2008-03-04 20:45 . 2004-08-03 22:58 5,504 --a--c--- C:\WINDOWS\system32\dllcache\mstee.sys
2008-03-04 20:43 . 2004-08-04 00:44 54,784 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2008-03-04 20:43 . 2004-08-04 00:44 54,784 --a--c--- C:\WINDOWS\system32\dllcache\vfwwdm32.dll
2008-03-04 20:43 . 2004-08-04 00:44 43,008 --a------ C:\WINDOWS\system32\ksxbar.ax
2008-03-04 20:43 . 2004-08-04 00:44 43,008 --a--c--- C:\WINDOWS\system32\dllcache\ksxbar.ax
2008-03-04 20:35 . 2008-03-04 20:38 <DIR> d-------- C:\Program Files\Common Files\Logitech
2008-03-04 20:35 . 2008-03-04 20:35 <DIR> d-------- C:\Program Files\Common Files\Logishrd
2008-03-04 20:34 . 2008-03-04 20:34 <DIR> d-------- C:\Program Files\Logitech
2008-03-04 20:34 . 2008-03-04 20:34 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Logitech
2008-02-20 16:08 . 2008-02-20 16:08 <DIR> d-------- C:\Documents and Settings\scf\Dane aplikacji\InstallShield
2008-02-20 16:04 . 2008-02-20 16:08 <DIR> d-------- C:\Program Files\Avanquest update
2008-02-20 16:04 . 2004-08-03 23:08 25,600 --a------ C:\WINDOWS\system32\drivers\usbser.sys
2008-02-20 16:04 . 2004-08-03 23:08 25,600 --a--c--- C:\WINDOWS\system32\dllcache\usbser.sys
2008-02-20 16:02 . 2008-02-20 16:13 <DIR> d-------- C:\Program Files\Motorola Phone Tools
2008-02-20 16:02 . 2008-02-20 16:16 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\BVRP Software
2008-02-20 16:01 . 2008-02-20 16:13 92,064 --a------ C:\Documents and Settings\scf\mqdmmdm.sys
2008-02-20 16:01 . 2008-02-20 16:13 79,328 --a------ C:\Documents and Settings\scf\mqdmserd.sys
2008-02-20 16:01 . 2008-02-20 16:13 66,656 --a------ C:\Documents and Settings\scf\mqdmbus.sys
2008-02-20 16:01 . 2008-02-20 16:13 25,600 --a------ C:\Documents and Settings\scf\usbsermptxp.sys
2008-02-20 16:01 . 2008-02-20 16:13 22,768 --a------ C:\Documents and Settings\scf\usbsermpt.sys
2008-02-20 16:01 . 2008-02-20 16:13 9,232 --a------ C:\Documents and Settings\scf\mqdmmdfl.sys
2008-02-20 16:01 . 2008-02-20 16:13 6,208 --a------ C:\Documents and Settings\scf\mqdmcmnt.sys
2008-02-20 16:01 . 2008-02-20 16:13 5,936 --a------ C:\Documents and Settings\scf\mqdmwhnt.sys
2008-02-20 16:01 . 2008-02-20 16:13 4,048 --a------ C:\Documents and Settings\scf\mqdmcr.sys
2008-02-20 00:26 . 2008-02-20 00:27 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Lavasoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-18 20:15 --------- d-----w C:\Documents and Settings\scf\Dane aplikacji\Skype
2008-03-18 09:14 --------- d-----w C:\Documents and Settings\scf\Dane aplikacji\uTorrent
2008-03-17 23:50 --------- d-----w C:\Documents and Settings\scf\Dane aplikacji\OpenOffice.ux.pl2
2008-03-17 10:54 --------- d-----w C:\Program Files\DivX
2008-03-17 10:45 --------- d-----w C:\Program Files\Yahoo!
2008-03-16 11:06 --------- d-----w C:\Documents and Settings\scf\Dane aplikacji\BSplayer
2008-03-12 20:56 --------- d-----w C:\Program Files\Skype
2008-03-12 20:43 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Skype
2008-03-10 17:14 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-07 15:36 --------- d-----w C:\Program Files\uTorrent
2008-03-06 01:01 --------- d-----w C:\Documents and Settings\scf\Dane aplikacji\Lavasoft
2008-03-01 07:17 --------- d-----w C:\Program Files\Gadu-Gadu
2008-02-27 23:53 --------- d-----w C:\Program Files\Common Files\PCSuite
2008-02-27 19:51 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-19 14:42 --------- d-----w C:\Program Files\ESET
2008-02-01 20:22 --------- d-----w C:\Documents and Settings\scf\Dane aplikacji\BSplayer Pro
2008-01-31 16:48 --------- d-----w C:\Program Files\iTunes
2008-01-30 00:50 --------- d-----w C:\Program Files\Windows Installer Clean Up
2008-01-30 00:49 --------- d-----w C:\Program Files\MSECACHE
2008-01-29 23:41 1,505 ----a-w C:\Program Files\Adobe Reader 8.lnk
2008-01-29 21:20 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\FLEXnet
2008-01-25 00:04 --------- d-----w C:\Program Files\Google
2008-01-22 12:01 740,442 ----a-w C:\WINDOWS\system32\DivX.dll
2007-07-21 07:11 15,732,984 ----a-w C:\Program Files\GoogleEarthWin_EARA.exe
2007-06-02 14:27 326 ---ha-w C:\Documents and Settings\All Users\hpothb07.dat
2007-06-02 14:27 325 ---ha-w C:\Documents and Settings\scf\hpothb07.dat
2006-09-22 16:08 1,468,464 ----a-w C:\Program Files\ccsetup132.exe
2006-09-17 16:23 1,441,018 ----a-w C:\Program Files\ALLPlayer(dobreprogramy.pl).exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2005-11-15 19:44 1200128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-07-02 03:02 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-07-02 02:58 118784]
"AGRSMMSG"="AGRSMMSG.exe" [2004-02-21 05:00 88363 C:\WINDOWS\AGRSMMSG.exe]
"LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [2003-04-29 06:08 184320]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-07-24 05:49 102400]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-07-24 05:49 684032]
"XPFix"="C:\Program Files\GlobespanVirata\XPFix.exe" [2004-07-23 18:25 217188]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-09-21 09:58 949376]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"ISTray"="E:\Spyware Doctor\pctsTray.exe" [2007-12-10 14:53 1103752]
"BearShare"="E:\Ania\BearShare.exe" [2006-08-01 17:04 3313664]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [ ]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [ ]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
FotoStation Easy AutoLaunch.lnk - D:\Instalki\FotoStation Easy AutoLaunch.exe [2007-10-17 12:47:41 49152]
Program sieciowy dla SAGEM Wi-Fi 11g USB adapter.lnk - C:\Program Files\SAGEM WiFi manager\WLANUTL.exe [2008-03-10 18:14:47 950272]

[HKLM\~\startupfolder\C:^Documents and Settings^scf^Menu Start^Programy^Autostart^OpenOffice.ux.pl 2.0.2.lnk]
path=C:\Documents and Settings\scf\Menu Start\Programy\Autostart\OpenOffice.ux.pl 2.0.2.lnk
backup=C:\WINDOWS\pss\OpenOffice.ux.pl 2.0.2.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 D:\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-11-15 13:11 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
--a------ 2006-11-15 22:01 244512 C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 17:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-11-14 23:43 286720 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-02-06 18:21 21898024 C:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2004-12-22 10:09 77824 C:\WINDOWS\SOUNDMAN.EXE

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"=
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"=
"C:\\Program Files\\Gadu-Gadu\\gg.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"E:\\Ania\\BearShare.exe"=
"C:\\Program Files\\BearShare\\BearShare.exe"=
"E:\\eMule\\emule.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;C:\WINDOWS\system32\DRIVERS\ManyCam.sys [2007-03-22 13:17]
R3 PRISM_A00;PRISM 802.11 Driver;C:\WINDOWS\system32\DRIVERS\PRISMA00.sys [2004-07-20 20:16]
S3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;C:\WINDOWS\system32\DRIVERS\WlanBZXP.sys [2007-01-10 10:14]

.
Contents of the 'Scheduled Tasks' folder
"2008-03-17 13:36:07 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-03-18 02:30:00 C:\WINDOWS\Tasks\RegClean Scheduled Scan.job"
- C:\Program Files\RegClean\RegClean.ex
- C:\Program Files\RegClean
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-18 21:42:10
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-18 21:43:17
ComboFix-quarantined-files.txt 2008-03-18 20:42:58
ComboFix2.txt 2008-03-17 23:01:30
.
2008-03-12 16:58:16 --- E O F ---

[wojtas]

Gdzie Ci wykrywa wirusa? bo nie widac nic