Log | dziwne raporty noda

[morf_ik]

Witam.
Ostatnio mam jakieś problemy z komputerem. Przeskanowałem go nodem i wykryło m. in.:

Kod: Zaznacz wszystko

2008-12-06 16:41:16   Ochrona systemu plików w czasie rzeczywistym   plik   I:\Autorun.inf   INF/Autorun.gen koń trojański   wyleczony przez usunięcie - poddany kwarantannie   ZARZĄDZANIE NT\SYSTEM   Zdarzenie wystąpiło podczas próby uzyskania dostępu do pliku przez aplikację: C:\WINDOWS\System32\svchost.exe.

Kod: Zaznacz wszystko

2008-12-01 19:28:14   Ochrona systemu plików w czasie rzeczywistym   plik   D:\System Volume Information\_restore{9932AC2A-9F45-4121-BEBE-9D945AEBB4FB}\RP10\A0001179.exe   odmiana wirusa Win32/TrojanDropper.Agent.NPH koń trojański   wyleczony przez usunięcie - poddany kwarantannie   ZARZĄDZANIE NT\SYSTEM   Zdarzenie wystąpiło podczas modyfikowania pliku przez aplikację: C:\WINDOWS\System32\svchost.exe.

Kod: Zaznacz wszystko

2009-02-24 23:56:59   Skaner przy uruchamianiu   plik   C:\WINDOWS\system32\nmdfgds0.dll   Win32/PSW.OnLineGames.NMP koń trojański   wyleczony przez usunięcie (po następnym uruchomieniu) - poddany kwarantannie      

Ten Win32/PSW.OnLineGames.NMP jest w wielu różnych lokacjach i nod co jakiś czas ponownie o nim coś krzyczy :].

Oto logi:

HiJackThis

Kod: Zaznacz wszystko

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:37:32, on 2009-02-28
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
E:\Gry\TheSims2\TSBin\Sims2.exe
C:\DOCUME~1\Mateusz\USTAWI~1\Temp\~e5.0001
D:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\KWorld Multimedia\PVR Plus\TVR\honestechTV.exe
D:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.21\RivaTuner.exe" /S
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Ściągnij przy pomocy FlashGet'a - D:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Ściągnij wszystko przy pomocy FlashGet'a - D:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Usługa iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 5417 bytes

Silent Runners

Kod: Zaznacz wszystko

"Silent Runners.vbs", revision 48, http://www.silentrunners.org/
Operating System: Windows XP
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"DAEMON Tools Lite" = ""C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun" ["DT Soft Ltd"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"SoundMAXPnP" = "C:\Program Files\Analog Devices\Core\smax4pnp.exe" ["Analog Devices, Inc."]
"SoundMAX" = ""C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray" ["Analog Devices, Inc."]
"egui" = ""C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice" ["ESET"]
"KernelFaultCheck" = "C:\WINDOWS\system32\dumprep 0 -k" [MS]
"amd_dc_opt" = "C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" ["AMD"]
"RivaTunerStartupDaemon" = ""C:\Program Files\RivaTuner v2.21\RivaTuner.exe" /S" [empty string]
"StartCCC" = ""C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun" ["Advanced Micro Devices, Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}\(Default) = "flashget urlcatch"
  -> {HKLM...CLSID} = "FGCatchUrl"
                   \InProcServer32\(Default) = "D:\Program Files\FlashGet\jccatch.dll" ["www.flashget.com"]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
  -> {HKLM...CLSID} = "Java(tm) Plug-In SSV Helper"
                   \InProcServer32\(Default) = "C:\Program Files\Java\jre6\bin\ssv.dll" ["Sun Microsystems, Inc."]
{DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided)
  -> {HKLM...CLSID} = "Java(tm) Plug-In 2 SSV Helper"
                   \InProcServer32\(Default) = "C:\Program Files\Java\jre6\bin\jp2ssv.dll" ["Sun Microsystems, Inc."]
{E7E6F031-17CE-4C07-BC86-EABFE594F69C}\(Default) = "JQSIEStartDetectorImpl"
  -> {HKLM...CLSID} = "JQSIEStartDetectorImpl Class"
                   \InProcServer32\(Default) = "C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll" ["Sun Microsystems, Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
  -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"
                   \InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
  -> {HKLM...CLSID} = "HyperTerminal Icon Ext"
                   \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band"
  -> {HKLM...CLSID} = "Shell Search Band"
                   \InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
"{EFA24E62-B078-11d0-89E4-00C04FC9E26E}" = "History Band"
  -> {HKLM...CLSID} = "History Band"
                   \InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
"{e82a2d71-5b2f-43a0-97b8-81be15854de8}" = "ShellLink for Application References"
  -> {HKLM...CLSID} = "ShellLink for Application References"
                   \InProcServer32\(Default) = "C:\WINDOWS\system32\dfshim.dll" [MS]
"{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75}" = "Shell Icon Handler for Application References"
  -> {HKLM...CLSID} = "Shell Icon Handler for Application References"
                   \InProcServer32\(Default) = "C:\WINDOWS\system32\dfshim.dll" [MS]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
  -> {HKLM...CLSID} = "WinRAR"
                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" ["Alexander Roshal"]
"{B089FE88-FB52-11D3-BDF1-0050DA34150D}" = "Eset Smart Security - Context Menu Shell Extension"
  -> {HKLM...CLSID} = "Eset Smart Security - Context Menu Shell Extension"
                   \InProcServer32\(Default) = "C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll" ["ESET"]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]
"{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler"
  -> {HKLM...CLSID} = "NeroDigitalIconHandler Class"
                   \InProcServer32\(Default) = "C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll" ["Nero AG"]
"{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler"
  -> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class"
                   \InProcServer32\(Default) = "C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll" ["Nero AG"]
"{45670FA8-ED97-4F44-BC93-305082590BFB}" = "Microsoft.XPS.Shell.Metadata.1"
  -> {HKLM...CLSID} = "Windows XPS Document Metadata Handler"
                   \InProcServer32\(Default) = "C:\WINDOWS\System32\XPSSHHDR.DLL" [MS]
"{44121072-A222-48f2-A58A-6D9AD51EBBE9}" = "Microsoft.XPS.Shell.Thumbnail.1"
  -> {HKLM...CLSID} = "Windows XPS Document Thumbnail Handler"
                   \InProcServer32\(Default) = "C:\WINDOWS\System32\XPSSHHDR.DLL" [MS]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
  -> {HKLM...CLSID} = "Portable Media Devices"
                   \InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{35786D3C-B075-49b9-88DD-029876E11C01}" = "Portable Devices"
  -> {HKLM...CLSID} = "Portable Devices"
                   \InProcServer32\(Default) = "C:\WINDOWS\system32\wpdshext.dll" [MS]
"{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8}" = "Portable Devices Menu"
  -> {HKLM...CLSID} = "Portable Devices Menu"
                   \InProcServer32\(Default) = "C:\WINDOWS\system32\wpdshext.dll" [MS]
"{5E2121EE-0300-11D4-8D3B-444553540000}" = "Catalyst Context Menu extension"
  -> {HKLM...CLSID} = "SimpleShlExt Class"
                   \InProcServer32\(Default) = "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll" ["Advanced Micro Devices, Inc."]
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"
  -> {HKLM...CLSID} = "iTunes"
                   \InProcServer32\(Default) = "C:\Program Files\iTunes\iTunesMiniPlayer.dll" ["Apple Inc."]

HKLM\System\CurrentControlSet\Control\Session Manager\
INFECTION WARNING! "BootExecute" = "autocheck autochk * autocheck OODBS OODBS" [file not found], [MS], [file not found], [file not found], ["O&O Software GmbH"], [file not found]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]

HKLM\Software\Classes\PROTOCOLS\Filter\
INFECTION WARNING! text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]

HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler"
  -> {HKLM...CLSID} = "NeroDigitalColumnHandler Class"
                   \InProcServer32\(Default) = "C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll" ["Nero AG"]
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
  -> {HKLM...CLSID} = "PDF Shell Extension"
                   \InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
Eset Smart Security - Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}"
  -> {HKLM...CLSID} = "Eset Smart Security - Context Menu Shell Extension"
                   \InProcServer32\(Default) = "C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll" ["ESET"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
  -> {HKLM...CLSID} = "WinRAR"
                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" ["Alexander Roshal"]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
  -> {HKLM...CLSID} = "WinRAR"
                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" ["Alexander Roshal"]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
Eset Smart Security - Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}"
  -> {HKLM...CLSID} = "Eset Smart Security - Context Menu Shell Extension"
                   \InProcServer32\(Default) = "C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll" ["ESET"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
  -> {HKLM...CLSID} = "WinRAR"
                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" ["Alexander Roshal"]


Active Desktop and Wallpaper:
-----------------------------

Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Mateusz\Dane aplikacji\Mozilla\Firefox\Tapeta pulpitu.bmp"


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS]


DESKTOP.INI DLL launch in local fixed drive directories:
--------------------------------------------------------

C:\Documents and Settings\Default User\Ustawienia lokalne\Historia\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]
CLSID={FF393560-C2A7-11CF-BFF4-444553540000}
  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]

C:\Documents and Settings\Default User\Ustawienia lokalne\Historia\History.IE5\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]
CLSID={FF393560-C2A7-11CF-BFF4-444553540000}
  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]

C:\Documents and Settings\Default User\Ustawienia lokalne\Temporary Internet Files\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]

C:\Documents and Settings\Default User\Ustawienia lokalne\Temporary Internet Files\Content.IE5\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]

C:\Documents and Settings\Default User\Ustawienia lokalne\Temporary Internet Files\Content.IE5\IQ5WMBPF\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]

C:\Documents and Settings\Default User\Ustawienia lokalne\Temporary Internet Files\Content.IE5\KBOW18NX\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]

C:\Documents and Settings\Default User\Ustawienia lokalne\Temporary Internet Files\Content.IE5\V2SOHY5U\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]

C:\Documents and Settings\Default User\Ustawienia lokalne\Temporary Internet Files\Content.IE5\ZQKHAGZG\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]

C:\Documents and Settings\LocalService\Ustawienia lokalne\Historia\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]
CLSID={FF393560-C2A7-11CF-BFF4-444553540000}
  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]

C:\Documents and Settings\LocalService\Ustawienia lokalne\Historia\History.IE5\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]
CLSID={FF393560-C2A7-11CF-BFF4-444553540000}
  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]

C:\Documents and Settings\LocalService\Ustawienia lokalne\Temporary Internet Files\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]

C:\Documents and Settings\LocalService\Ustawienia lokalne\Temporary Internet Files\Content.IE5\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]

C:\Documents and Settings\LocalService\Ustawienia lokalne\Temporary Internet Files\Content.IE5\6Y20DK0G\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]

C:\Documents and Settings\LocalService\Ustawienia lokalne\Temporary Internet Files\Content.IE5\9JB6JQ6J\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]

C:\Documents and Settings\LocalService\Ustawienia lokalne\Temporary Internet Files\Content.IE5\PQUGZU1E\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]

C:\Documents and Settings\LocalService\Ustawienia lokalne\Temporary Internet Files\Content.IE5\QXPZU7QX\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]

C:\Documents and Settings\Mateusz\Cookies\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]

C:\Documents and Settings\Mateusz\Ustawienia lokalne\Dane aplikacji\Microsoft\Feeds Cache\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]

C:\Documents and Settings\Mateusz\Ustawienia lokalne\Dane aplikacji\Microsoft\Feeds Cache\0P5WC6NJ\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]

C:\Documents and Settings\Mateusz\Ustawienia lokalne\Dane aplikacji\Microsoft\Feeds Cache\8WRBXSFU\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]

C:\Documents and Settings\Mateusz\Ustawienia lokalne\Dane aplikacji\Microsoft\Feeds Cache\RNOBLJZL\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]

C:\Documents and Settings\Mateusz\Ustawienia lokalne\Dane aplikacji\Microsoft\Feeds Cache\ZJDLXP8P\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]

C:\Documents and Settings\Mateusz\Ustawienia lokalne\Historia\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]
CLSID={FF393560-C2A7-11CF-BFF4-444553540000}
  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]

C:\Documents and Settings\Mateusz\Ustawienia lokalne\Historia\History.IE5\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]

C:\Documents and Settings\Mateusz\Ustawienia lokalne\Temporary Internet Files\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]

C:\Documents and Settings\Mateusz\Ustawienia lokalne\Temporary Internet Files\Content.IE5\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]

C:\Documents and Settings\Mateusz\Ustawienia lokalne\Temporary Internet Files\Content.IE5\05JSVAJI\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]

C:\Documents and Settings\Mateusz\Ustawienia lokalne\Temporary Internet Files\Content.IE5\3V7RPVCN\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]

C:\Documents and Settings\Mateusz\Ustawienia lokalne\Temporary Internet Files\Content.IE5\JZ8CS970\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]

C:\Documents and Settings\Mateusz\Ustawienia lokalne\Temporary Internet Files\Content.IE5\TBX0M679\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]

C:\Documents and Settings\NetworkService\Ustawienia lokalne\Historia\History.IE5\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]
CLSID={FF393560-C2A7-11CF-BFF4-444553540000}
  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]

C:\Documents and Settings\NetworkService\Ustawienia lokalne\Temporary Internet Files\Content.IE5\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]

C:\Documents and Settings\NetworkService\Ustawienia lokalne\Temporary Internet Files\Content.IE5\96R9INJ6\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]

C:\Documents and Settings\NetworkService\Ustawienia lokalne\Temporary Internet Files\Content.IE5\Q2VTYF15\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]

C:\Documents and Settings\NetworkService\Ustawienia lokalne\Temporary Internet Files\Content.IE5\S6EW60YE\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]

C:\Documents and Settings\NetworkService\Ustawienia lokalne\Temporary Internet Files\Content.IE5\UA1SYJFS\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]

C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Historia\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]
CLSID={FF393560-C2A7-11CF-BFF4-444553540000}
  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]

C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]
CLSID={FF393560-C2A7-11CF-BFF4-444553540000}
  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]

C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]

C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]

C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\8LHWSMOX\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]

C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\NNYRCHWH\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]

C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\WQ4D7VJ6\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]

C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\Y1BV9ZJG\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]

C:\WINDOWS\Temp\History\History.IE5\DESKTOP.INI
[.ShellClassInfo]
CLSID={FF393560-C2A7-11CF-BFF4-444553540000}
  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]

C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]

C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\A2DX1HXC\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]

C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\HZFIODQV\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]

C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\NT86MO7B\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]

C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\PQL1AUJN\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000004\LibraryPath = "C:\Program Files\Bonjour\mdnsNSP.dll" ["Apple Inc."]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


Toolbars, Explorer Bars, Extensions:
------------------------------------

Explorer Bars

Dormant Explorer Bars in "View, Explorer Bar" menu

HKLM\Software\Classes\CLSID\{21569614-B795-46B1-85F4-E737A8DC09AD}\(Default) = "Shell Search Band"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]

HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Badanie"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL" [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
"ButtonText" = "Badanie"


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\system32\Ati2evxx.exe" ["ATI Technologies Inc."]
Eset Service, ekrn, ""C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe"" ["ESET"]
Java Quick Starter, JavaQuickStarterService, ""C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"" ["Sun Microsystems, Inc."]
O&O Defrag, O&O Defrag, "C:\WINDOWS\system32\oodag.exe" ["O&O Software GmbH"]
Pml Driver HPZ12, Pml Driver HPZ12, "C:\WINDOWS\system32\HPZipm12.exe" ["HP"]


Print Monitors:
---------------

HKLM\System\CurrentControlSet\Control\Print\Monitors\
hpzlnt12\Driver = "hpzlnt12.dll" ["HP"]


----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
  launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
  took 78 seconds.
+ The search for all Registry CLSIDs containing dormant Explorer Bars
  took 5 seconds.
---------- (total run time: 96 seconds)

ComboFix

Kod: Zaznacz wszystko

ComboFix 09-02-27.02 - Mateusz 2009-02-28  0:43:57.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1250.1.1045.18.2046.1374 [GMT 1:00]
Uruchomiony z: c:\documents and settings\Mateusz\Pulpit\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated)
* Utworzono nowy punkt przywracania

UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!
.

(((((((((((((((((((((((((   Pliki utworzone od 2009-01-27 do 2009-02-27  )))))))))))))))))))))))))))))))
.

2009-02-28 00:37 . 2009-02-28 00:37   <DIR>   d--------   c:\program files\Trend Micro
2009-02-25 21:32 . 2009-02-25 21:32   <DIR>   d--------   c:\program files\Spybot - Search & Destroy
2009-02-25 21:32 . 2009-02-25 21:43   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\Spybot - Search & Destroy
2009-02-25 21:15 . 2009-02-25 21:15   <DIR>   d--------   c:\program files\CCleaner
2009-02-22 17:37 . 2009-02-22 17:37   <DIR>   d--------   C:\DriveKey
2009-02-06 17:58 . 2009-02-06 17:58   <DIR>   d--------   c:\program files\DIFX
2009-02-06 17:57 . 2009-02-06 17:57   <DIR>   d--------   c:\windows\system32\AGEIA
2009-02-06 17:57 . 2009-02-06 17:57   <DIR>   d--------   c:\program files\Common Files\Wise Installation Wizard
2009-02-06 17:57 . 2009-02-06 17:57   <DIR>   d--------   c:\program files\AGEIA Technologies
2009-02-06 17:57 . 2006-07-01 23:32   43,520   --a------   c:\windows\system32\drivers\AmdK8.sys
2009-02-05 19:35 . 2005-02-26 06:34   442,368   -ra------   c:\windows\system32\vp6vfw.dll
2009-02-05 14:07 . 2009-02-05 14:07   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\Office Genuine Advantage
2009-02-03 20:57 . 2008-04-13 23:16   121,984   --a------   c:\windows\system32\drivers\usbvideo.sys
2009-02-03 20:57 . 2008-04-13 23:16   121,984   --a--c---   c:\windows\system32\dllcache\usbvideo.sys
2009-02-03 20:57 . 2008-04-14 21:51   20,992   --a------   c:\windows\system32\dshowext.ax
2009-02-03 20:57 . 2008-04-14 21:51   20,992   --a--c---   c:\windows\system32\dllcache\dshowext.ax
2009-01-31 15:14 . 2009-01-31 15:14   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\FLEXnet
2009-01-31 15:08 . 2009-01-31 15:08   <DIR>   d--------   c:\program files\Common Files\Macrovision Shared

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-22 16:37   ---------   d--h--w   c:\program files\InstallShield Installation Information
2009-02-13 23:51   ---------   d-----w   c:\documents and settings\Mateusz\Dane aplikacji\Skype
2009-02-13 19:38   ---------   d-----w   c:\documents and settings\Mateusz\Dane aplikacji\skypePM
2009-02-11 11:23   ---------   d-----w   c:\program files\SpeedFan
2009-01-31 14:13   ---------   d-----w   c:\program files\Common Files\Adobe
2009-01-29 15:23   ---------   d-----w   c:\program files\Winamp Remote
2009-01-24 23:06   ---------   d-----w   c:\program files\Opera
2009-01-17 20:04   ---------   d-----w   c:\documents and settings\All Users\Dane aplikacji\2DBoy
2009-01-14 16:14   ---------   d---a-w   c:\documents and settings\All Users\Dane aplikacji\TEMP
2009-01-13 17:47   ---------   d-----w   c:\documents and settings\Mateusz\Dane aplikacji\Ubisoft
2009-01-13 17:13   ---------   d-----w   c:\documents and settings\All Users\Dane aplikacji\Ubisoft
2009-01-13 16:49   ---------   d-----w   c:\documents and settings\Mateusz\Dane aplikacji\InstallShield
2009-01-09 21:48   ---------   d-----w   c:\documents and settings\Mateusz\Dane aplikacji\Crayon Physics Deluxe
2009-01-05 22:38   ---------   d-----w   c:\documents and settings\Mateusz\Dane aplikacji\Hamachi
2008-12-29 13:56   ---------   d-----w   c:\documents and settings\Mateusz\Dane aplikacji\VoipCheapCom
2008-12-28 20:41   25,280   ----a-w   c:\windows\system32\drivers\hamachi.sys
2008-12-28 20:41   ---------   d-----w   c:\program files\Hamachi
2008-12-20 23:03   826,368   ----a-w   c:\windows\system32\wininet.dll
2008-12-13 12:51   348,160   ----a-w   c:\windows\system32\Msvcr71.dll
2008-12-13 12:51   1,700,352   ----a-w   c:\windows\system32\gdiplus.dll
2008-12-13 12:51   1,060,864   ----a-w   c:\windows\system32\mfc71.dll
2008-12-05 14:39   107,888   ----a-w   c:\windows\system32\CmdLineExt.dll
2008-12-01 20:52   425,984   ----a-w   c:\windows\system32\ATIDEMGX.dll
2008-12-01 20:51   318,464   ----a-w   c:\windows\system32\ati2dvag.dll
2008-12-01 20:46   11,304,960   ----a-w   c:\windows\system32\atioglxx.dll
2008-12-01 20:41   188,416   ----a-w   c:\windows\system32\atipdlxx.dll
2008-12-01 20:40   43,520   ----a-w   c:\windows\system32\ati2edxx.dll
2008-12-01 20:40   26,112   ----a-w   c:\windows\system32\Ati2mdxx.exe
2008-12-01 20:40   147,456   ----a-w   c:\windows\system32\Oemdspif.dll
2008-12-01 20:40   143,360   ----a-w   c:\windows\system32\ati2evxx.dll
2008-12-01 20:38   598,016   ----a-w   c:\windows\system32\ati2evxx.exe
2008-12-01 20:37   53,248   ----a-w   c:\windows\system32\ATIDDC.DLL
2008-12-01 20:27   4,120,384   ----a-w   c:\windows\system32\ati3duag.dll
2008-12-01 20:19   307,200   ----a-w   c:\windows\system32\atiiiexx.dll
2008-12-01 20:11   2,495,360   ----a-w   c:\windows\system32\ativvaxx.dll
2008-12-01 19:57   48,640   ----a-w   c:\windows\system32\amdpcom32.dll
2008-12-01 19:53   45,056   ----a-w   c:\windows\system32\amdcalrt.dll
2008-12-01 19:53   45,056   ----a-w   c:\windows\system32\amdcalcl.dll
2008-12-01 19:53   401,408   ----a-w   c:\windows\system32\atikvmag.dll
2008-12-01 19:52   86,016   ----a-w   c:\windows\system32\atiadlxx.dll
2008-12-01 19:52   17,408   ----a-w   c:\windows\system32\atitvo32.dll
2008-12-01 19:50   3,252,224   ----a-w   c:\windows\system32\Amdcaldd.dll
2008-12-01 19:50   286,720   ----a-w   c:\windows\system32\atiok3x2.dll
2008-12-01 19:45   577,536   ----a-w   c:\windows\system32\ati2cqag.dll
2008-12-01 17:08   413,696   ----a-w   c:\windows\system32\wrap_oal.dll
2008-12-01 17:08   110,592   ----a-w   c:\windows\system32\OpenAL32.dll
2008-12-01 16:24   410,976   ----a-w   c:\windows\system32\deploytk.dll
2008-12-01 13:35   593,920   ------w   c:\windows\system32\ati2sgag.exe
.

(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-08-18 1447168]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"RivaTunerStartupDaemon"="c:\program files\RivaTuner v2.21\RivaTuner.exe" [2008-12-10 2732032]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute   REG_MULTI_SZ      autocheck autochk *\[u]0[/u]autocheck OODBS\[u]0[/u]OODBS

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"e:\\Gry\\Grid\\GRID.exe"=
"d:\\Program Files\\FlashGet\\flashget.exe"=
"d:\\Program Files\\VoipCheapCom\\VoipCheapCom.exe"=
"d:\\Program Files\\Gadu-Gadu\\gg.exe"=
"e:\\Gry\\GTAIV\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"e:\\Gry\\GTAIV\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"e:\\Gry\\GTAIV\\Grand Theft Auto IV\\GTAIV.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"e:\\Gry\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"e:\\Gry\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"e:\\Gry\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"e:\\Gry\\PES 2009\\pes2009.exe"=
"e:\\Gry\\Tactical Ops\\Tactical_Ops_-_Assault_On_Terror\\System\\TacticalOps.exe"=
"e:\\Gry\\BurnOut\\BurnoutLauncher.exe"=
"e:\\Gry\\BurnOut\\BurnoutConfigTool.exe"=
"e:\\Gry\\BurnOut\\BurnoutParadise.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-08-18 34312]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-08-18 468224]
R3 PhTVTune;Philips WDM TVTuner;c:\windows\system32\drivers\PhTVTune.sys [2008-10-25 28288]
S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [2001-10-26 3584]
S3 cpuz126;cpuz126;\??\c:\docume~1\Mateusz\USTAWI~1\Temp\cpuz.sys --> c:\docume~1\Mateusz\USTAWI~1\Temp\cpuz.sys [?]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e20d3404-f60f-11dd-99cc-000acd05d080}]
\Shell\AutoRun\command - I:\2fiy.bat
\Shell\open\Command - I:\2fiy.bat
.
- - - - USUNIĘTO PUSTE WPISY - - - -

Notify-WgaLogon - (no file)


.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.google.pl/
uInternet Settings,ProxyOverride = *.local
IE: &Ściągnij przy pomocy FlashGet'a - d:\program files\FlashGet\jc_link.htm
IE: &Ściągnij wszystko przy pomocy FlashGet'a - d:\program files\FlashGet\jc_all.htm
IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Mateusz\Dane aplikacji\Mozilla\Firefox\Profiles\fiat3c32.default\
FF - prefs.js: browser.search.selectedEngine - Allegro
FF - component: c:\documents and settings\Mateusz\Dane aplikacji\Mozilla\Firefox\Profiles\fiat3c32.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - component: d:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: d:\program files\Mozilla Firefox\plugins\np-mswmp.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-28 00:44:34
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

skanowanie ukrytych procesów ... 

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ... 

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="11AE9034B462AA8BFBE9B8D0E7EB7DBE68F28AEBB144B520C781CB9741B3047FF3A0881E6F94AE03157F2FB0290C6F8299113B69F48B6CA6B9F4719CFCA731EC12B12776AF37CB6545491FECECD1E656368BF3844288811BCDCA0ED74082AD5FCFD5B7FE51E0662BC3C22D3F2D6DEEB9688BCE09D528C99DBC7E57CAA691B53F17F2278FEED74221C8611FF1A9C676FCD6B30ED7308D7D26C0F9258A9053E94752638691EC998C68938B60626275D246B31715E4118F397F19A0F442A27AD188F3748D836DD652F3E39C0006A0FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6A0AC4980AC79339DB7CE019D40AA5C9DB7CE019D40AA5CE549A75E434292F4E2F3354A8EC04DA627B11818E1B258FA13D9DED7D3F5329B3981784E7450C3C781877796D63DCB009E3CB2DC766428C2D193A9A1DA0EDF6001E2BB92172D06541BBA326D987CE83749C31AFA42A8943A77326993550820BA284B7A34B3E853D69674D4A8686811ABACD6403D06609C81C790B508D15FA729CEFB90C1433434D111FD9D264A89C2FD82E6EA71740ED579B8E9F75FD0AF40F0461CADC833E6C60ADA862147BB909095B64EB269B65AE64BF4DDF07C4839C51A99B155E0E6783E0878A0CAF22BCF239BEDC607FD69918D605BF232479FE2AB71812C5F20B388DF98A3C1D5117ABDB4FEFA70A8889A2299697D10222C353475066E5D76A5E25707CEC645D10F02F41572E84DAEE7CFA16F58A281FB19D95A3DAC84799B10B4CCA1FC046925600C35A7EAF34680FE81C7066544784F0452262FFC991B2384D8F1B03FAFCF88F9D86162238FA6DEB31A6E6C8B13887D62D68C0FD3BBBDB32CF573CBEF518088D41A00D2985F9ED8F17A18BF096F2B3F3195262FD12845C93426259D33A66405EFF63C968EBDBED5A6F667B6E1F13B9C702FB07A5953F434CB787C63EB9F49B44B8AE5E00AB7018F46D7A497DC637BF6A2390C6E14647797A86E9270C3E0E39EED646D7A568F3F92C6D73BC085C20E80CFBCBD1CECB75A6B03FCA52928C2492061876B3D003ABAC2A2A73B212AC1FB3E83B46E28955D8EFB978F9789CA5273E932E91A98DA619453D86BD83EDE49B28D4E946CCB8096E8E82803EEA01FCEC18072785A10FC635550EA3BEBAEFAF1801B42412655675CA3A4F6A9D48D602FF53E38902C3BBFD069166123F09E180A9CE978913225C45ADB794E4A18890A19B6CD9D85B845C16E1F5745A3065096959C528CD4C831DAEF13017A9E295EDE6B0EB03F1FC86DE338A81926AE70969A4AFE7E1DCBC782AC2F2EABCCD49EE8E235EABCBF184D874E59203695AE98DA8892A3EBCD2A2FB502E177BC988DB39C5F3B2099449ED8F86934FEDA2C7F09188E8C4EEEC61AA27C67839CCD"
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

- - - - - - - > 'winlogon.exe'(612)
c:\windows\system32\Ati2evxx.dll
.
Czas ukończenia: 2009-02-28  0:45:10
ComboFix-quarantined-files.txt  2009-02-27 23:45:07

Przed: 8 082 599 936 bajtów wolnych
Po: 8,133,738,496 bajtów wolnych

171   --- E O F ---   2009-02-25 05:52:46


[wojtas]

Wykonaj to co jest podane w tym temacie

Zastosuj SDFix . Po pobraniu uruchom go a rozpakuje się do C:\SDFix. Uruchom komputer w trybie awaryjnym (F8 przy stracie systemu). Będąc w awaryjnym uruchom plik RunThis.bat z folderu SDFixa. Zatwierdź czyszczenie przez Y. Poczekaj aż ukończy i komputer zresetuje

Potem wejdz do folderu C:\SDFix wrzuc zawartość pliku Report.txt + log z combofixa oraz daj loga z hijacka

[morf_ik]

Wykonałem zalecenia z tematu.

Raport z SDFix'a:

Kod: Zaznacz wszystko

[b]SDFix: Version 1.240 [/b]
Run by Administrator on 2009-02-28 at 14:04

Microsoft Windows XP [Wersja 5.1.2600]
Running From: C:\SDFix

[b]Checking Services [/b]:


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


[b]Checking Files [/b]:

No Trojan Files Found






Removing Temp Files

[b]ADS Check [/b]:



                                 [b]Final Check [/b]:

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-28 14:07:38
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:32,46,6e,16,5d,4f,44,30,a9,2c,28,40,e5,1f,73,76,f5,eb,d0,91,66,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,4b,59,ca,7f,a1,f8,a0,d1,8f,56,a0,d4,8d,99,d0,95,5d,..
"khjeh"=hex:1d,5b,97,ae,11,bc,43,93,7d,8e,a8,77,c5,b4,fa,62,f0,9c,da,1d,10,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:ac,1f,db,24,e3,e8,f1,2e,61,4f,bb,3f,03,09,a2,4a,bf,ab,d9,1c,fa,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:ef,63,29,57,57,c7,00,f9,23,5b,17,3e,65,75,9d,3c,df,89,25,2a,25,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,4b,59,ca,7f,a1,f8,a0,d1,8f,56,a0,d4,8d,99,d0,95,5d,..
"khjeh"=hex:1d,5b,97,ae,11,bc,43,93,7d,8e,a8,77,c5,b4,fa,62,f0,9c,da,1d,10,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:c4,74,46,1e,83,d8,a0,3d,f0,5b,87,e4,aa,15,25,29,27,f3,c4,e5,85,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:ef,63,29,57,57,c7,00,f9,23,5b,17,3e,65,75,9d,3c,df,89,25,2a,25,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,4b,59,ca,7f,a1,f8,a0,d1,8f,56,a0,d4,8d,99,d0,95,5d,..
"khjeh"=hex:1d,5b,97,ae,11,bc,43,93,7d,8e,a8,77,c5,b4,fa,62,f0,9c,da,1d,10,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:c4,74,46,1e,83,d8,a0,3d,f0,5b,87,e4,aa,15,25,29,27,f3,c4,e5,85,..

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System]
"OODEFRAG11.00.00.01WORKSTATION"="11AE9034B462AA8BFBE9B8D0E7EB7DBE68F28AEBB144B520C781CB9741B3047FF3A0881E6F94AE03157F2FB0290C6F8299113B69F48B6CA6B9F4719CFCA731EC12B12776AF37CB6545491FECECD1E656368BF3844288811BCDCA0ED74082AD5FCFD5B7FE51E0662BC3C22D3F2D6DEEB9688BCE09D528C99DBC7E57CAA691B53F17F2278FEED74221C8611FF1A9C676FCD6B30ED7308D7D26C0F9258A9053E94752638691EC998C68938B60626275D246B31715E4118F397F19A0F442A27AD188F3748D836DD652F3E39C0006A0FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6A0AC4980AC79339DB7CE019D40AA5C9DB7CE019D40AA5CE549A75E434292F4E2F3354A8EC04DA627B11818E1B258FA13D9DED7D3F5329B3981784E7450C3C781877796D63DCB009E3CB2DC766428C2D193A9A1DA0EDF6001E2BB92172D06541BBA326D987CE83749C31AFA42A8943A77326993550820BA284B7A34B3E853D69674D4A8686811ABACD6403D06609C81C790B508D15FA729CEFB90C1433434D111FD9D264A89C2FD82E6EA71740ED579B8E9F75FD0AF40F0461CADC833E6C60ADA862147BB909095B64EB269B65AE64BF4DDF07C4839C51A99B155E0E6783E0878A0CAF22BCF239BEDC607FD69918D605BF232479FE2AB71812C5F20B388DF98A3C1D5117ABDB4FEFA70A8889A2299697D10222C353475066E5D76A5E25707CEC645D10F02F41572E84DAEE7CFA16F58A281FB19D95A3DAC84799B10B4CCA1FC046925600C35A7EAF34680FE81C7066544784F0452262FFC991B2384D8F1B03FAFCF88F9D86162238FA6DEB31A6E6C8B13887D62D68C0FD3BBBDB32CF573CBEF518088D41A00D2985F9ED8F17A18BF096F2B3F3195262FD12845C93426259D33A66405EFF63C968EBDBED5A6F667B6E1F13B9C702FB07A5953F434CB787C63EB9F49B44B8AE5E00AB7018F46D7A497DC637BF6A2390C6E14647797A86E9270C3E0E39EED646D7A568F3F92C6D73BC085C20E80CFBCBD1CECB75A6B03FCA52928C2492061876B3D003ABAC2A2A73B212AC1FB3E83B46E28955D8EFB978F9789CA5273E932E91A98DA619453D86BD83EDE49B28D4E946CCB8096E8E82803EEA01FCEC18072785A10FC635550EA3BEBAEFAF1801B42412655675CA3A4F6A9D48D602FF53E38902C3BBFD069166123F09E180A9CE978913225C45ADB794E4A18890A19B6CD9D85B845C16E1F5745A3065096959C528CD4C831DAEF13017A9E295EDE6B0EB03F1FC86DE338A81926AE70969A4AFE7E1DCBC782AC2F2EABCCD49EE8E235EABCBF184D874E59203695AE98DA8892A3EBCD2A2FB502E177BC988DB39C5F3B2099449ED8F86934FEDA2C7F09188E8C4EEEC61AA27C67839CCD"

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


[b]Remaining Services [/b]:




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"E:\\Gry\\Grid\\GRID.exe"="E:\\Gry\\Grid\\GRID.exe:*:Enabled:GRID Executable"
"D:\\Program Files\\FlashGet\\flashget.exe"="D:\\Program Files\\FlashGet\\flashget.exe:*:Enabled:FlashGet"
"D:\\Program Files\\VoipCheapCom\\VoipCheapCom.exe"="D:\\Program Files\\VoipCheapCom\\VoipCheapCom.exe:*:Enabled:VoipCheapCom"
"D:\\Program Files\\Gadu-Gadu\\gg.exe"="D:\\Program Files\\Gadu-Gadu\\gg.exe:*:Enabled:Gadu-Gadu - program główny"
"E:\\Gry\\GTAIV\\Rockstar Games Social Club\\RGSCLauncher.exe"="E:\\Gry\\GTAIV\\Rockstar Games Social Club\\RGSCLauncher.exe:*:Enabled:Rockstar Games Social Club"
"E:\\Gry\\GTAIV\\Grand Theft Auto IV\\LaunchGTAIV.exe"="E:\\Gry\\GTAIV\\Grand Theft Auto IV\\LaunchGTAIV.exe:*:Enabled:Grand Theft Auto IV"
"E:\\Gry\\GTAIV\\Grand Theft Auto IV\\GTAIV.exe"="E:\\Gry\\GTAIV\\Grand Theft Auto IV\\GTAIV.exe:*:Enabled:Grand Theft Auto IV"
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"="C:\\Program Files\\Winamp Remote\\bin\\Orb.exe:*:Enabled:Orb"
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe:*:Enabled:OrbTray"
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"E:\\Gry\\Assassin's Creed\\AssassinsCreed_Dx9.exe"="E:\\Gry\\Assassin's Creed\\AssassinsCreed_Dx9.exe:*:Enabled:Assassin's Creed Dx9"
"E:\\Gry\\Assassin's Creed\\AssassinsCreed_Dx10.exe"="E:\\Gry\\Assassin's Creed\\AssassinsCreed_Dx10.exe:*:Enabled:Assassin's Creed Dx10"
"E:\\Gry\\Assassin's Creed\\AssassinsCreed_Launcher.exe"="E:\\Gry\\Assassin's Creed\\AssassinsCreed_Launcher.exe:*:Enabled:Assassin's Creed Update"
"E:\\Gry\\PES 2009\\pes2009.exe"="E:\\Gry\\PES 2009\\pes2009.exe:*:Enabled:Pro Evolution Soccer 2009"
"E:\\Gry\\Tactical Ops\\Tactical_Ops_-_Assault_On_Terror\\System\\TacticalOps.exe"="E:\\Gry\\Tactical Ops\\Tactical_Ops_-_Assault_On_Terror\\System\\TacticalOps.exe:*:Enabled:TacticalOps"
"E:\\Gry\\BurnOut\\BurnoutLauncher.exe"="E:\\Gry\\BurnOut\\BurnoutLauncher.exe:*:Enabled:Burnout(TM) Paradise The Ultimate Box"
"E:\\Gry\\BurnOut\\BurnoutConfigTool.exe"="E:\\Gry\\BurnOut\\BurnoutConfigTool.exe:*:Enabled:Burnout(TM) Paradise The Ultimate Box"
"E:\\Gry\\BurnOut\\BurnoutParadise.exe"="E:\\Gry\\BurnOut\\BurnoutParadise.exe:*:Enabled:Burnout(TM) Paradise The Ultimate Box"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[b]Remaining Files [/b]:



[b]Files with Hidden Attributes [/b]:

Mon  3 Mar 2008           568 A..H. --- "C:\WINDOWS\nod32fixtemdono.reg"
Mon  3 Mar 2008         5,702 A..H. --- "C:\WINDOWS\nod32restoretemdono.reg"
Mon 26 Jan 2009     1,740,632 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 26 Jan 2009     5,365,592 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Mon 26 Jan 2009     2,144,088 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"

[b]Finished![/b]


Reszta logów w 1. poście.

[wojtas]

wklej do notatnika

Windows Registry Editor Version 5.00

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e20d3404-f60f-11dd-99cc-000acd05d080}]

w notatniku u góry>>>plik zapisz jako>>>Zmien rozszerzenie z TXT na Wszystkie pliki *.* >>> Zapisz pod nazwą FIX.REG

Klikasz dwa razy na powstały plik fix i dodajesz go do rejestru....

1. Ściągnij OTMoveIt i go włacz i odpal go z opcji CleanUp oraz skasuj folder C:\Qoobox
2. wykonaj optymalizację windowsa
3.sciagnij ATF_Cleaner
zaznacz
Windows Temp
All users Temp
Temporary internet files
Recycle Bin
i wcisnij EMPTY SELECTED
4.Wyłącz przywracanie systemu ( właściwości mój komputer-zakładka przywracanie - wyłącz przywracanie na wszystkich dyskach). Po chwili włącz je powrotem
5. Wykonaj skan Dr. Web CureIt
6. Przeskanuj obszar mojego komputera http://www.kaspersky.pl/virusscanner.html (uruchom przez IE) Daj raport z niego na forum.

i tym:

FixIEDef.