z programem uusee

[pion.77]

Witam. Zainstalowałem program do oglądania telewizji internetowej UUsee. Po tym, jak okazało się, że niczego nie da się z niego zrozumieć (chińszczyzna w najczystszej postaci...) odinstalowałem go. No i się zaczęło... przy pasku języka pojawia się dziwne okienko z chińskimi oznaczeniami i samoczynnie zmienia się język na chiński. Próbowałem go odinstalować, ale...go tam nie ma zainstalowanego!!! Kolejny przykład - przy instalacji gry, podczas podawania cd- key'a to okienko chińskie również się pojawia i nie pozwala na wpisywanie polskich znaków, to samo jeśli chodzi o strony internetowe... Z tym jakoś sobie radzę, ale chciałbym pozbyć się tych kwadracików definitywnie. Jak??

[Lukesh]

Zastosuj sie do wskazowek z tematu: http://forum.programosy.pl/bad-generic-host-process-for-win32-services-vt79489.html
Zrob skan on-line http://www.ewido.com
Zastosuj SDFix . Po pobraniu uruchom go a rozpakuje się do C:\SDFix. Uruchom komputer w trybie awaryjnym (F8 przy stracie systemu). Będąc w awaryjnym uruchom plik RunThis.bat z folderu SDFixa. Zatwierdź czyszczenie przez Y. Poczekaj aż ukończy i komputer zresetuje

zastosuj:
SDFix

Potem wejdz do folderu C:\SDFix wrzuc zawartość pliku Report.txt

Pokaz log z ComboFix: http://www.programosy.pl/program,combofix.html
na sam koniec wstaw logi z HJ: http://forum.programosy.pl/hijackthis-amp-silent-runners-gtobsuga-i-umieszczanie-vt9452.html

[pion.77]

1 i drugi krok wykonany.logo z:
SDfix:

Kod: Zaznacz wszystko

[b]SDFix: Version 1.171 [/b]
Run by PooH on 2008-04-17 at 02:25

Microsoft Windows XP [Wersja 5.1.2600]
Running From: C:\SDFix

[b]Checking Services [/b]:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting


[b]Checking Files [/b]:

No Trojan Files Found






Removing Temp Files

[b]ADS Check [/b]:



                                 [b]Final Check [/b]:

catchme 0.3.1353.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-17 14:29:08
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"p0"="C:\Program Files\DAEMON Tools Pro\"
"h0"=dword:00000001
"hdf12"=hex:29,a7,17,fd,07,af,13,fd,b4,34,f2,8a,93,8f,e3,5f,b2,f5,aa,26,46,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]
"a0"=hex:20,01,00,00,25,9f,3c,2d,e8,37,c2,70,6d,db,74,c9,e3,34,34,a7,db,..
"hdf12"=hex:83,f1,21,85,39,ef,44,14,f3,f2,af,f7,dc,15,35,77,2c,27,ef,4d,a5,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]
"hdf12"=hex:fd,d4,a1,de,01,c5,e9,cc,2a,c0,58,dc,23,e3,40,5c,db,56,80,f1,30,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1]
"hdf12"=hex:0b,5b,fb,fa,04,25,67,4c,45,73,54,b3,cd,42,15,b7,a1,fc,a8,48,3e,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002]
"a0"=hex:20,01,00,00,63,19,32,2d,28,aa,ed,ba,9f,d9,7e,e4,94,aa,f9,df,c6,..
"hdf12"=hex:d2,a3,02,22,ae,92,18,cb,36,42,88,ba,35,9f,c4,6b,7c,b8,50,cf,84,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0]
"hdf12"=hex:75,84,ba,0f,70,8b,6d,7b,da,90,0b,98,a2,e9,87,bd,61,d0,3d,a5,84,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq1]
"hdf12"=hex:07,f6,22,7b,3d,cc,6d,52,9d,ba,bf,ae,07,2c,fb,5c,a6,0b,83,fe,f6,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:97,df,ba,03,9c,25,d4,df,16,34,4b,4c,c6,ed,08,71,74,60,b3,ec,f2,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"p0"="C:\Program Files\DAEMON Tools Pro\"
"h0"=dword:00000001
"hdf12"=hex:29,a7,17,fd,07,af,13,fd,b4,34,f2,8a,93,8f,e3,5f,b2,f5,aa,26,46,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]
"a0"=hex:20,01,00,00,25,9f,3c,2d,e8,37,c2,70,6d,db,74,c9,e3,34,34,a7,db,..
"hdf12"=hex:83,f1,21,85,39,ef,44,14,f3,f2,af,f7,dc,15,35,77,2c,27,ef,4d,a5,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]
"hdf12"=hex:fd,d4,a1,de,01,c5,e9,cc,2a,c0,58,dc,23,e3,40,5c,db,56,80,f1,30,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1]
"hdf12"=hex:0b,5b,fb,fa,04,25,67,4c,45,73,54,b3,cd,42,15,b7,a1,fc,a8,48,3e,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002]
"a0"=hex:20,01,00,00,63,19,32,2d,28,aa,ed,ba,9f,d9,7e,e4,94,aa,f9,df,c6,..
"hdf12"=hex:d2,a3,02,22,ae,92,18,cb,36,42,88,ba,35,9f,c4,6b,7c,b8,50,cf,84,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0]
"hdf12"=hex:75,84,ba,0f,70,8b,6d,7b,da,90,0b,98,a2,e9,87,bd,61,d0,3d,a5,84,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq1]
"hdf12"=hex:07,f6,22,7b,3d,cc,6d,52,9d,ba,bf,ae,07,2c,fb,5c,a6,0b,83,fe,f6,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:97,df,ba,03,9c,25,d4,df,16,34,4b,4c,c6,ed,08,71,74,60,b3,ec,f2,..

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


[b]Remaining Services [/b]:



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:uTorrent"
"E:\\GRY\\Pro 2008\\PES2008.exe"="E:\\GRY\\Pro 2008\\PES2008.exe:*:Enabled:Pro Evolution Soccer 2008"
"E:\\GRY\\Neverwinter 2\\nwn2main.exe"="E:\\GRY\\Neverwinter 2\\nwn2main.exe:*:Enabled:Neverwinter Nights 2 Main"
"E:\\GRY\\Neverwinter 2\\nwn2main_amdxp.exe"="E:\\GRY\\Neverwinter 2\\nwn2main_amdxp.exe:*:Enabled:Neverwinter Nights 2 AMD"
"E:\\GRY\\Neverwinter 2\\nwupdate.exe"="E:\\GRY\\Neverwinter 2\\nwupdate.exe:*:Enabled:Neverwinter Nights 2 Updater"
"E:\\GRY\\Neverwinter 2\\nwn2server.exe"="E:\\GRY\\Neverwinter 2\\nwn2server.exe:*:Enabled:Neverwinter Nights 2 Server"
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"="C:\\Program Files\\Winamp Remote\\bin\\Orb.exe:*:Enabled:Orb"
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe:*:Enabled:OrbTray"
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"C:\\Program Files\\BearShare\\BearShare.exe"="C:\\Program Files\\BearShare\\BearShare.exe:*:Enabled:BearShare"
"E:\\GRY\\Anno 1701\\Anno1701.exe"="E:\\GRY\\Anno 1701\\Anno1701.exe:*:Enabled:Anno 1701"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Program Files\\uusee\\UUSeePlayer.exe"="C:\\Program Files\\uusee\\UUSeePlayer.exe:*:Enabled:UUPlayer"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[b]Remaining Files [/b]:


File Backups: - C:\SDFix\backups\backups.zip

[b]Files with Hidden Attributes [/b]:

Sat 27 Oct 2007            88 ..SHR --- "C:\WINDOWS\system32\5662E81A33.sys"
Tue 27 Nov 2007            88 ..SHR --- "C:\WINDOWS\system32\DD0710FBDB.sys"
Fri 14 Dec 2007         3,454 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
Wed  3 Oct 2007         4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Thu  7 Feb 2008             0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
Sun  9 Dec 2007         1,332 ...HR --- "C:\Documents and Settings\PooH\Dane aplikacji\SecuROM\UserData\securom_v7_01.bak"
Wed  3 Oct 2007         4,348 ...H. --- "C:\Documents and Settings\PooH\Moje dokumenty\Moja muzyka\Kopia zapasowa licencji\drmv1key.bak"
Sat 13 Oct 2007            20 A..H. --- "C:\Documents and Settings\PooH\Moje dokumenty\Moja muzyka\Kopia zapasowa licencji\drmv1lic.bak"
Wed  3 Oct 2007           400 A.SH. --- "C:\Documents and Settings\PooH\Moje dokumenty\Moja muzyka\Kopia zapasowa licencji\drmv2key.bak"

[b]Finished![/b]



Combofix:

Kod: Zaznacz wszystko

ComboFix 08-04-16.5 - PooH 2008-04-17 14:38:38.1 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1250.1.1045.18.1491 [GMT 2:00]
Running from: C:\Documents and Settings\PooH\Pulpit\ComboFix.exe
* Created a new restore point

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

(((((((((((((((((((((((((   Files Created from 2008-03-17 to 2008-04-17  )))))))))))))))))))))))))))))))
.

2008-04-17 14:23 . 2008-04-17 14:23   <DIR>   d--------   C:\WINDOWS\ERUNT
2008-04-17 14:20 . 2008-04-17 14:31   <DIR>   d--------   C:\SDFix
2008-04-17 11:26 . 2008-04-17 11:26   43,520   --a------   C:\WINDOWS\system32\CmdLineExt03.dll
2008-04-17 10:47 . 2008-04-17 10:48   21,840   --a----t-   C:\WINDOWS\system32\SIntfNT.dll
2008-04-17 10:47 . 2008-04-17 10:48   17,212   --a----t-   C:\WINDOWS\system32\SIntf32.dll
2008-04-17 10:47 . 2008-04-17 10:48   12,067   --a----t-   C:\WINDOWS\system32\SIntf16.dll
2008-04-17 10:45 . 2008-04-17 10:45   106,496   --a------   C:\WINDOWS\DIIUnin.exe
2008-04-17 10:45 . 2008-04-17 11:26   29,551   --a------   C:\WINDOWS\DIIUnin.dat
2008-04-17 10:45 . 2008-04-17 10:45   2,829   --a------   C:\WINDOWS\DIIUnin.pif
2008-04-16 20:17 . 2008-04-16 20:17   <DIR>   d--------   C:\Program Files\Google
2008-04-16 20:17 . 2008-04-16 20:17   204   --a------   C:\WINDOWS\struct~.ini
2008-04-13 09:21 . 2008-04-13 09:21   <DIR>   d--------   C:\Program Files\ToniArts
2008-04-03 21:07 . 2004-08-03 23:08   31,616   --a------   C:\WINDOWS\system32\drivers\usbccgp.sys
2008-04-03 21:07 . 2004-08-03 23:08   31,616   --a--c---   C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-03-31 18:09 . 2008-03-31 18:09   <DIR>   d--------   C:\Program Files\Guitar Pro 5
2008-03-24 11:01 . 2008-03-24 11:01   <DIR>   d--------   C:\Program Files\TacView
2008-03-24 11:01 . 2002-08-09 14:00   4,082,688   --a------   C:\WINDOWS\system32\qtintf70.dll

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-17 12:31   ---------   d-----w   C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab
2008-04-17 12:21   156,704   --sha-w   C:\WINDOWS\system32\drivers\fidbox2.dat
2008-04-17 12:21   15,188   --sha-w   C:\WINDOWS\system32\drivers\fidbox2.idx
2008-04-17 12:21   137,972   --sha-w   C:\WINDOWS\system32\drivers\fidbox.idx
2008-04-17 12:21   10,072,864   --sha-w   C:\WINDOWS\system32\drivers\fidbox.dat
2008-04-17 08:18   ---------   d-----w   C:\Documents and Settings\PooH\Dane aplikacji\uTorrent
2008-04-13 07:30   ---------   d-----w   C:\Program Files\PowerISO
2008-04-13 07:21   ---------   d--h--w   C:\Program Files\InstallShield Installation Information
2008-04-05 10:56   ---------   d-----w   C:\Documents and Settings\PooH\Dane aplikacji\Skype
2008-04-05 07:23   ---------   d-----w   C:\Documents and Settings\PooH\Dane aplikacji\skypePM
2008-03-27 21:37   ---------   d-----w   C:\Documents and Settings\PooH\Dane aplikacji\Corel
2008-03-20 08:09   1,845,504   ----a-w   C:\WINDOWS\system32\win32k.sys
2008-03-14 17:00   ---------   d-----w   C:\Program Files\Common Files\Onet.pl
2008-03-14 17:00   ---------   d-----w   C:\Documents and Settings\PooH\Dane aplikacji\Kamerzysta
2008-03-14 17:00   ---------   d-----w   C:\Documents and Settings\PooH\Dane aplikacji\Czat
2008-03-14 17:00   ---------   d-----w   C:\Documents and Settings\PooH\Dane aplikacji\AutoUpdate
2008-03-05 18:14   ---------   d-----w   C:\Program Files\ACE Mega CoDecS Pack
2008-03-05 14:07   91,700   ----a-w   C:\WINDOWS\system32\drivers\klin.dat
2008-03-05 14:07   85,860   ----a-w   C:\WINDOWS\system32\drivers\klick.dat
2008-03-05 14:07   ---------   d-----w   C:\Program Files\Kaspersky Lab
2008-03-05 13:58   ---------   d-----w   C:\Documents and Settings\All Users\Dane aplikacji\F-Secure
2008-03-05 13:43   ---------   d---a-w   C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2008-03-05 13:41   ---------   d-----w   C:\Documents and Settings\All Users\Dane aplikacji\OrbNetworks
2008-03-05 10:45   ---------   d-----w   C:\Program Files\ESET
2008-03-05 10:41   ---------   d-----w   C:\Documents and Settings\All Users\Dane aplikacji\fssg
2008-03-04 18:10   ---------   d-----w   C:\Documents and Settings\PooH\Dane aplikacji\Ahead
2008-03-04 18:10   ---------   d-----w   C:\Documents and Settings\All Users\Dane aplikacji\Ahead
2008-03-02 13:16   ---------   d-----w   C:\Program Files\DivX
2008-03-01 13:12   ---------   d-----w   C:\Program Files\TVAnts
2008-03-01 13:02   826,368   ----a-w   C:\WINDOWS\system32\wininet.dll
2008-02-28 18:12   ---------   d-----w   C:\Documents and Settings\PooH\Dane aplikacji\Tlen.pl
2008-02-28 14:59   ---------   d-----w   C:\Program Files\Java
2008-02-24 18:25   ---------   d-----w   C:\Program Files\AGEIA Technologies
2008-02-24 18:24   ---------   d-----w   C:\Program Files\Common Files\Wise Installation Wizard
2008-02-21 02:05   200,704   ----a-w   C:\WINDOWS\system32\ssldivx.dll
2008-02-21 02:05   1,044,480   ----a-w   C:\WINDOWS\system32\libdivx.dll
2008-02-20 06:51   282,624   ----a-w   C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:38   45,568   ----a-w   C:\WINDOWS\system32\dnsrslvr.dll
2008-02-08 17:37   219,664   ----a-w   C:\WINDOWS\system32\klogon.dll
2008-01-05 19:37   32   ----a-w   C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat
2007-11-05 16:27   1   ----a-w   C:\Documents and Settings\PooH\SI.bin
2007-09-17 18:06   476,752   ----a-w   C:\Documents and Settings\All Users\Dane aplikacji\pswi_preloaded.exe
2007-10-27 18:29   88   --sh--r   C:\WINDOWS\system32\5662E81A33.sys
2007-11-27 18:53   88   --sh--r   C:\WINDOWS\system32\DD0710FBDB.sys
2007-12-14 20:27   3,454   --sha-w   C:\WINDOWS\system32\KGyGaAvL.sys
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 14:00 15360]
"DAEMON Tools Pro Agent"="C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 15:08 136136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkyTel"="SkyTel.EXE" [2006-05-16 04:04 2879488 C:\WINDOWS\SkyTel.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-10-30 05:49 16269312 C:\WINDOWS\RTHDCPL.exe]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-08-06 09:45 877568]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]
"LWBMOUSE"="C:\Program Files\MULTI-MEDIA OPTICAL MOUSE\MULTI-MEDIA OPTICAL MOUSE\1.4\MOUSE32A.EXE" [2004-11-24 11:02 365568]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-09-17 02:07 8491008]
"nwiz"="nwiz.exe" [2007-09-17 02:07 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-09-17 02:07 81920]
"QuickTime Task"="C:\WINDOWS\system32\qttask.exe" [2008-01-10 17:02 98304]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2008-02-08 19:36 227856]
"Google IME Autoupdater"="C:\Program Files\Google\Google Pinyin\GooglePinyinDaemon.exe" [2008-01-07 12:15 251376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 14:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" /tray
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\BearShare\\BearShare.exe"=
"E:\\GRY\\Anno 1701\\Anno1701.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2006-03-02 14:00]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 14:28]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0a1402ec-0185-11dd-9998-000e50b4ebe2}]
\Shell\Auto\command - H:\wupdmgr.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wupdmgr.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{294f67be-61b8-11dc-8128-000e50b4ebe2}]
\Shell\Auto\command - wupdmgr.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wupdmgr.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{35e663fa-824d-11dc-ac06-000e50b4ebe2}]
\Shell\Auto\command - UFO.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL UFO.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{695f4be4-ff35-11dc-9997-000e50b4ebe2}]
\Shell\AutoRun\command - H:\AutoTransfer.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9c96f4b7-fc36-11dc-9994-000e50b4ebe2}]
\Shell\Auto\command - wupdmgr.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wupdmgr.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-04-12 03:59:08 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
"2008-04-12 05:29:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-17 14:47:13
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-17 14:49:20
ComboFix-quarantined-files.txt  2008-04-17 12:49:14

Pre-Run: 8,815,894,528 bajtów wolnych
Post-Run: 8,724,152,320 bajtów wolnych
.
2008-04-10 21:21:07   --- E O F --- 


HJ:

Kod: Zaznacz wszystko

Logfile of HijackThis v1.99.1
Scan saved at 2:50:28 , on 2008-04-17
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\MULTI-MEDIA OPTICAL MOUSE\MULTI-MEDIA OPTICAL MOUSE\1.4\MOUSE32A.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Google\Google Pinyin\GooglePinyinDaemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Pro\DTProAgent.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\MULTI-MEDIA OPTICAL MOUSE\MULTI-MEDIA OPTICAL MOUSE\1.4\MOUSE32A.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\system32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [Google IME Autoupdater] C:\Program Files\Google\Google Pinyin\GooglePinyinDaemon.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O8 - Extra context menu item: Dodaj do blokowanych banerów - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Statystyki dla ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8C6C8487-C48C-4905-BA31-9070839E39C7}: NameServer = 213.241.79.37 83.238.255.76
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" -r (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe



THX

[wojtas]

wklej do notatnika:

REGEDIT 4

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0a1402ec-0185-11dd-9998-000e50b4ebe2}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{294f67be-61b8-11dc-8128-000e50b4ebe2}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{35e663fa-824d-11dc-ac06-000e50b4ebe2}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9c96f4b7-fc36-11dc-9994-000e50b4ebe2}]

w notatniku u góry>>>plik zapisz jako>>>Zmien rozszerzenie z TXT na Wszystkie pliki *.* >>> Zapisz pod nazwą FIX.REG

Klikasz dwa razy na powstały plik fix i dodajesz go do rejestru....

i wracasz z logami nowymi

Po tym, jak okazało się, że niczego nie da się z niego zrozumieć (chińszczyzna w najczystszej postaci...) odinstalowałem go. No i się zaczęło... przy pasku języka pojawia się dziwne okienko z chińskimi oznaczeniami i samoczynnie zmienia się język na chiński.

mozesz dac screeny?

[pion.77]

Combo

Kod: Zaznacz wszystko

ComboFix 08-04-16.5 - PooH 2008-04-17 20:01:31.2 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1250.1.1045.18.1343 [GMT 2:00]
Running from: C:\Documents and Settings\PooH\Pulpit\ComboFix.exe

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

(((((((((((((((((((((((((   Files Created from 2008-03-17 to 2008-04-17  )))))))))))))))))))))))))))))))
.

2008-04-17 14:23 . 2008-04-17 14:23   <DIR>   d--------   C:\WINDOWS\ERUNT
2008-04-17 14:20 . 2008-04-17 14:31   <DIR>   d--------   C:\SDFix
2008-04-17 11:26 . 2008-04-17 11:26   43,520   --a------   C:\WINDOWS\system32\CmdLineExt03.dll
2008-04-17 10:47 . 2008-04-17 10:48   21,840   --a----t-   C:\WINDOWS\system32\SIntfNT.dll
2008-04-17 10:47 . 2008-04-17 10:48   17,212   --a----t-   C:\WINDOWS\system32\SIntf32.dll
2008-04-17 10:47 . 2008-04-17 10:48   12,067   --a----t-   C:\WINDOWS\system32\SIntf16.dll
2008-04-17 10:45 . 2008-04-17 10:45   106,496   --a------   C:\WINDOWS\DIIUnin.exe
2008-04-17 10:45 . 2008-04-17 11:26   29,551   --a------   C:\WINDOWS\DIIUnin.dat
2008-04-17 10:45 . 2008-04-17 10:45   2,829   --a------   C:\WINDOWS\DIIUnin.pif
2008-04-16 20:17 . 2008-04-16 20:17   <DIR>   d--------   C:\Program Files\Google
2008-04-16 20:17 . 2008-04-16 20:17   204   --a------   C:\WINDOWS\struct~.ini
2008-04-13 09:21 . 2008-04-13 09:21   <DIR>   d--------   C:\Program Files\ToniArts
2008-04-03 21:07 . 2004-08-03 23:08   31,616   --a------   C:\WINDOWS\system32\drivers\usbccgp.sys
2008-04-03 21:07 . 2004-08-03 23:08   31,616   --a--c---   C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-03-31 18:09 . 2008-03-31 18:09   <DIR>   d--------   C:\Program Files\Guitar Pro 5
2008-03-24 11:01 . 2008-03-24 11:01   <DIR>   d--------   C:\Program Files\TacView
2008-03-24 11:01 . 2002-08-09 14:00   4,082,688   --a------   C:\WINDOWS\system32\qtintf70.dll

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-17 15:49   96,645   ----a-w   C:\WINDOWS\system32\drivers\klin.dat
2008-04-17 15:49   87,941   ----a-w   C:\WINDOWS\system32\drivers\klick.dat
2008-04-17 12:31   ---------   d-----w   C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab
2008-04-17 12:21   156,704   --sha-w   C:\WINDOWS\system32\drivers\fidbox2.dat
2008-04-17 12:21   15,188   --sha-w   C:\WINDOWS\system32\drivers\fidbox2.idx
2008-04-17 12:21   137,972   --sha-w   C:\WINDOWS\system32\drivers\fidbox.idx
2008-04-17 12:21   10,072,864   --sha-w   C:\WINDOWS\system32\drivers\fidbox.dat
2008-04-17 08:18   ---------   d-----w   C:\Documents and Settings\PooH\Dane aplikacji\uTorrent
2008-04-13 07:30   ---------   d-----w   C:\Program Files\PowerISO
2008-04-13 07:21   ---------   d--h--w   C:\Program Files\InstallShield Installation Information
2008-04-05 10:56   ---------   d-----w   C:\Documents and Settings\PooH\Dane aplikacji\Skype
2008-04-05 07:23   ---------   d-----w   C:\Documents and Settings\PooH\Dane aplikacji\skypePM
2008-03-27 21:37   ---------   d-----w   C:\Documents and Settings\PooH\Dane aplikacji\Corel
2008-03-20 08:09   1,845,504   ----a-w   C:\WINDOWS\system32\win32k.sys
2008-03-14 17:00   ---------   d-----w   C:\Program Files\Common Files\Onet.pl
2008-03-14 17:00   ---------   d-----w   C:\Documents and Settings\PooH\Dane aplikacji\Kamerzysta
2008-03-14 17:00   ---------   d-----w   C:\Documents and Settings\PooH\Dane aplikacji\Czat
2008-03-14 17:00   ---------   d-----w   C:\Documents and Settings\PooH\Dane aplikacji\AutoUpdate
2008-03-05 18:14   ---------   d-----w   C:\Program Files\ACE Mega CoDecS Pack
2008-03-05 14:07   ---------   d-----w   C:\Program Files\Kaspersky Lab
2008-03-05 13:58   ---------   d-----w   C:\Documents and Settings\All Users\Dane aplikacji\F-Secure
2008-03-05 13:43   ---------   d---a-w   C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2008-03-05 13:41   ---------   d-----w   C:\Documents and Settings\All Users\Dane aplikacji\OrbNetworks
2008-03-05 10:45   ---------   d-----w   C:\Program Files\ESET
2008-03-05 10:41   ---------   d-----w   C:\Documents and Settings\All Users\Dane aplikacji\fssg
2008-03-04 18:10   ---------   d-----w   C:\Documents and Settings\PooH\Dane aplikacji\Ahead
2008-03-04 18:10   ---------   d-----w   C:\Documents and Settings\All Users\Dane aplikacji\Ahead
2008-03-02 13:16   ---------   d-----w   C:\Program Files\DivX
2008-03-01 13:12   ---------   d-----w   C:\Program Files\TVAnts
2008-03-01 13:02   826,368   ----a-w   C:\WINDOWS\system32\wininet.dll
2008-02-28 18:12   ---------   d-----w   C:\Documents and Settings\PooH\Dane aplikacji\Tlen.pl
2008-02-28 14:59   ---------   d-----w   C:\Program Files\Java
2008-02-24 18:25   ---------   d-----w   C:\Program Files\AGEIA Technologies
2008-02-24 18:24   ---------   d-----w   C:\Program Files\Common Files\Wise Installation Wizard
2008-02-21 02:05   200,704   ----a-w   C:\WINDOWS\system32\ssldivx.dll
2008-02-21 02:05   1,044,480   ----a-w   C:\WINDOWS\system32\libdivx.dll
2008-02-20 06:51   282,624   ----a-w   C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:38   45,568   ----a-w   C:\WINDOWS\system32\dnsrslvr.dll
2008-02-08 17:37   219,664   ----a-w   C:\WINDOWS\system32\klogon.dll
2008-01-05 19:37   32   ----a-w   C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat
2007-11-05 16:27   1   ----a-w   C:\Documents and Settings\PooH\SI.bin
2007-09-17 18:06   476,752   ----a-w   C:\Documents and Settings\All Users\Dane aplikacji\pswi_preloaded.exe
2007-10-27 18:29   88   --sh--r   C:\WINDOWS\system32\5662E81A33.sys
2007-11-27 18:53   88   --sh--r   C:\WINDOWS\system32\DD0710FBDB.sys
2007-12-14 20:27   3,454   --sha-w   C:\WINDOWS\system32\KGyGaAvL.sys
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 14:00 15360]
"DAEMON Tools Pro Agent"="C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 15:08 136136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkyTel"="SkyTel.EXE" [2006-05-16 04:04 2879488 C:\WINDOWS\SkyTel.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-10-30 05:49 16269312 C:\WINDOWS\RTHDCPL.exe]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-08-06 09:45 877568]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]
"LWBMOUSE"="C:\Program Files\MULTI-MEDIA OPTICAL MOUSE\MULTI-MEDIA OPTICAL MOUSE\1.4\MOUSE32A.EXE" [2004-11-24 11:02 365568]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-09-17 02:07 8491008]
"nwiz"="nwiz.exe" [2007-09-17 02:07 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-09-17 02:07 81920]
"QuickTime Task"="C:\WINDOWS\system32\qttask.exe" [2008-01-10 17:02 98304]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2008-02-08 19:36 227856]
"Google IME Autoupdater"="C:\Program Files\Google\Google Pinyin\GooglePinyinDaemon.exe" [2008-01-07 12:15 251376]
"BearShare"="C:\Program Files\BearShare\BearShare.exe" [2006-08-01 17:04 3313664]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 14:00 15360]

C:\Documents and Settings\PooH\Menu Start\Programy\Autostart\
Last.fm Helper.lnk - C:\Program Files\Last.fm\LastFMHelper.exe [2007-09-20 20:16:03 106496]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" /tray
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\BearShare\\BearShare.exe"=
"E:\\GRY\\Anno 1701\\Anno1701.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2006-03-02 14:00]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 14:28]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0a1402ec-0185-11dd-9998-000e50b4ebe2}]
\Shell\Auto\command - H:\wupdmgr.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wupdmgr.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{294f67be-61b8-11dc-8128-000e50b4ebe2}]
\Shell\Auto\command - wupdmgr.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wupdmgr.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{35e663fa-824d-11dc-ac06-000e50b4ebe2}]
\Shell\Auto\command - UFO.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL UFO.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{695f4be4-ff35-11dc-9997-000e50b4ebe2}]
\Shell\AutoRun\command - H:\AutoTransfer.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9c96f4b7-fc36-11dc-9994-000e50b4ebe2}]
\Shell\Auto\command - wupdmgr.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wupdmgr.exe

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-04-12 03:59:08 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
"2008-04-12 05:29:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-17 20:06:38
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-17 20:09:52
ComboFix-quarantined-files.txt  2008-04-17 18:09:48
ComboFix2.txt  2008-04-17 12:49:21

Pre-Run: 9,141,596,160 bajtów wolnych
Post-Run: 9,162,104,832 bajtów wolnych
.
2008-04-10 21:21:07   ---
E O F --- 


HJ

Kod: Zaznacz wszystko

Logfile of HijackThis v1.99.1
Scan saved at 8:10:53 , on 2008-04-17
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\MULTI-MEDIA OPTICAL MOUSE\MULTI-MEDIA OPTICAL MOUSE\1.4\MOUSE32A.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Google\Google Pinyin\GooglePinyinDaemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Pro\DTProAgent.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Last.fm\LastFM.exe
C:\Program Files\Last.fm\LastFmHelper.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\MULTI-MEDIA OPTICAL MOUSE\MULTI-MEDIA OPTICAL MOUSE\1.4\MOUSE32A.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\system32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [Google IME Autoupdater] C:\Program Files\Google\Google Pinyin\GooglePinyinDaemon.exe
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O8 - Extra context menu item: Dodaj do blokowanych banerów - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Statystyki dla ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8C6C8487-C48C-4905-BA31-9070839E39C7}: NameServer = 213.241.79.37 83.238.255.76
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" -r (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe



co do screena nie mogę na razie dostarczyć, gdyż po prostu już go nie ma... na razie:-).

[wojtas]

wklej do notatnika

Windows Registry Editor Version 5.00

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0a1402ec-0185-11dd-9998-000e50b4ebe2}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{294f67be-61b8-11dc-8128-000e50b4ebe2}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{35e663fa-824d-11dc-ac06-000e50b4ebe2}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9c96f4b7-fc36-11dc-9994-000e50b4ebe2}]

w notatniku u góry>>>plik zapisz jako>>>Zmien rozszerzenie z TXT na Wszystkie pliki *.* >>> Zapisz pod nazwą FIX.REG

Klikasz dwa razy na powstały plik fix i dodajesz go do rejestru....

Autor postu otrzymał pochwałę

[pion.77]

Done... Jeśli to wszystko to dziękuję...

[zajac1987]

witam mam ten sam problem i bardzo prosze o pomoc
moj raport z sdfixa to：

Kod: Zaznacz wszystko

[b]SDFix: Version 1.226 [/b]
Run by Z on 2008-09-16 at 23:43

Microsoft Windows XP [Wersja 5.1.2600]
Running From: C:\SDFix

[b]Checking Services [/b]:


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


[b]Checking Files [/b]:

No Trojan Files Found




Folder C:\Documents and Settings\Z\Dane aplikacji\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#w*w.redtube.com - Removed


Removing Temp Files

[b]ADS Check [/b]:



                                 [b]Final Check [/b]:

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-16 23:49:12
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"p0"="C:\Program Files\DAEMON Tools Pro\"
"h0"=dword:00000000
"hdf12"=hex:ec,85,6a,3f,31,53,cb,88,1c,ef,ec,cd,40,34,dd,b7,86,8e,4a,39,1b,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]
"a0"=hex:20,01,00,00,37,d7,19,fb,16,43,9b,7b,8b,94,bb,27,a9,91,2e,30,29,..
"hdf12"=hex:b2,e3,c1,cb,38,ae,fe,c9,a9,4c,89,60,98,c1,6f,12,c1,a7,cf,6f,5f,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]
"hdf12"=hex:7d,ba,7b,fa,57,ad,17,37,89,4e,99,7d,07,73,4e,8e,fa,25,bf,73,9f,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"p0"="C:\Program Files\DAEMON Tools Pro\"
"h0"=dword:00000000
"hdf12"=hex:ec,85,6a,3f,31,53,cb,88,1c,ef,ec,cd,40,34,dd,b7,86,8e,4a,39,1b,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]
"a0"=hex:20,01,00,00,37,d7,19,fb,16,43,9b,7b,8b,94,bb,27,a9,91,2e,30,29,..
"hdf12"=hex:b2,e3,c1,cb,38,ae,fe,c9,a9,4c,89,60,98,c1,6f,12,c1,a7,cf,6f,5f,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]
"hdf12"=hex:7d,ba,7b,fa,57,ad,17,37,89,4e,99,7d,07,73,4e,8e,fa,25,bf,73,9f,..

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


[b]Remaining Services [/b]:




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe"="C:\\Program Files\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe:*:Enabled:Pro Evolution Soccer 2008"
"C:\\Program Files\\Gadu-Gadu\\gg.exe"="C:\\Program Files\\Gadu-Gadu\\gg.exe:*:Enabled:Gadu-Gadu - program gˆ˘wny"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Dream Match Tennis Pro\\FA.exe"="C:\\Program Files\\Dream Match Tennis Pro\\FA.exe:*:Disabled:FA"
"C:\\Program Files\\SecondLife\\SLVoice.exe"="C:\\Program Files\\SecondLife\\SLVoice.exe:*:Enabled:SLVoice"
"C:\\Program Files\\SopCast\\adv\\SopAdver.exe"="C:\\Program Files\\SopCast\\adv\\SopAdver.exe:*:Enabled:SopCast Adver"
"C:\\Program Files\\SopCast\\SopCast.exe"="C:\\Program Files\\SopCast\\SopCast.exe:*:Enabled:SopCast Main Application"
"C:\\Program Files\\BearShare\\BearShare.exe"="C:\\Program Files\\BearShare\\BearShare.exe:*:Enabled:BearShare"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\BitComet\\BitComet.exe"="C:\\Program Files\\BitComet\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"E:\\GRY\\MoH\\MOHAA.EXE"="E:\\GRY\\MoH\\MOHAA.EXE:*:Enabled:Medal of Honor Allied Assault(tm)"
"E:\\GRY\\MoH Airborn\\UnrealEngine3\\Binaries\\MOHA.exe"="E:\\GRY\\MoH Airborn\\UnrealEngine3\\Binaries\\MOHA.exe:*:Enabled:Medal of Honor Airborne"
"E:\\GRY\\Colin McRae Rally DIRT\\DiRT.exe"="E:\\GRY\\Colin McRae Rally DIRT\\DiRT.exe:*:Enabled:DiRT Executable"
"C:\\WEOL'08 2.0\\ePSXe.exe"="C:\\WEOL'08 2.0\\ePSXe.exe:*:Enabled:ePSXe"
"C:\\Program Files\\Honor_pol\\MOHAA.exe"="C:\\Program Files\\Honor_pol\\MOHAA.exe:*:Enabled:Medal of Honor Allied Assault(tm)"
"C:\\Program Files\\Honor_pol\\MOHAA_server.exe"="C:\\Program Files\\Honor_pol\\MOHAA_server.exe:*:Enabled:Medal of Honor Allied Assault(tm)"
"C:\\Program Files\\The All-Seeing Eye\\eye.exe"="C:\\Program Files\\The All-Seeing Eye\\eye.exe:*:Enabled:Yahoo! All-Seeing Eye"
"E:\\obrazy gier\\Call.of.Duty.4.Modern.Warfare.Full-Rip.Skullptura\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"="E:\\obrazy gier\\Call.of.Duty.4.Modern.Warfare.Full-Rip.Skullptura\\Call of Duty 4 - Modern Warfare\\iw3mp.exe:*:Enabled:iw3mp"
"C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"="C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe:*:Enabled:Nero ProductSetup"
"E:\\GRY\\CoD 2\\CoD2MP_s.exe"="E:\\GRY\\CoD 2\\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
"C:\\WINDOWS\\system32\\PnkBstrA.exe"="C:\\WINDOWS\\system32\\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\\WINDOWS\\system32\\PnkBstrB.exe"="C:\\WINDOWS\\system32\\PnkBstrB.exe:*:Enabled:PnkBstrB"
"E:\\GRY\\PES 2008\\PES2008.exe"="E:\\GRY\\PES 2008\\PES2008.exe:*:Enabled:Pro Evolution Soccer 2008"
"E:\\GRY\\Pro Evolution Soccer 2008\\PES2008.exe"="E:\\GRY\\Pro Evolution Soccer 2008\\PES2008.exe:*:Enabled:Pro Evolution Soccer 2008"
"C:\\Program Files\\EA Sports\\F1 Challenge 2007\\F1Challenge2007.exe"="C:\\Program Files\\EA Sports\\F1 Challenge 2007\\F1Challenge2007.exe:*:Enabled:F1 Challenge 99-02"
"E:\\GRY\\Assassin's Creed\\AssassinsCreed_Dx9.exe"="E:\\GRY\\Assassin's Creed\\AssassinsCreed_Dx9.exe:*:Enabled:Assassin's Creed Dx9"
"E:\\GRY\\Assassin's Creed\\AssassinsCreed_Dx10.exe"="E:\\GRY\\Assassin's Creed\\AssassinsCreed_Dx10.exe:*:Enabled:Assassin's Creed Dx10"
"E:\\GRY\\Assassin's Creed\\AssassinsCreed_Launcher.exe"="E:\\GRY\\Assassin's Creed\\AssassinsCreed_Launcher.exe:*:Enabled:Assassin's Creed Update"
"C:\\Documents and Settings\\Z\\Application Data\\PowerChallenge\\PowerSoccer\\PowerSoccer.exe"="C:\\Documents and Settings\\Z\\Application Data\\PowerChallenge\\PowerSoccer\\PowerSoccer.exe:*:Enabled:PowerSoccer"
"C:\\Program Files\\TVAnts\\Tvants.exe"="C:\\Program Files\\TVAnts\\Tvants.exe:*:Enabled:TVAnts"
"C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"="C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe:*:Enabled:BearShare"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype. Take a deep breath "
"C:\\Program Files\\sina\\SAP\\SAPlatform.exe"="C:\\Program Files\\sina\\SAP\\SAPlatform.exe:*:Enabled:SAPlatform.exe"
"C:\\Program Files\\uusee\\UUSeePlayer.exe"="C:\\Program Files\\uusee\\UUSeePlayer.exe:*:Enabled:UUPlayer"
"C:\\Program Files\\Common Files\\uusee\\UUSeeMediaCenter.exe"="C:\\Program Files\\Common Files\\uusee\\UUSeeMediaCenter.exe:*:Enabled:UUSeeMediaCenter"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[b]Remaining Files [/b]:



[b]Files with Hidden Attributes [/b]:

Fri 14 Sep 2007       247,296 A.SH. --- "C:\Program Files\Game Graphic Studio\DelZip179.dll"
Mon 12 May 2008             0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Mon 26 May 2008       429,568 ...H. --- "C:\Documents and Settings\Z\Moje dokumenty\somalia\~WRL0775.tmp"
Mon 26 May 2008        42,496 ...H. --- "C:\Documents and Settings\Z\Moje dokumenty\somalia\~WRL4021.tmp"
Thu 29 Nov 2007             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\1738c621b33e51e95e7a1d6339d42049\BIT15.tmp"
Thu 29 Nov 2007             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\20a4a6e3d70f3001229eaa8cf46f9b6e\BIT6A.tmp"
Thu 29 Nov 2007             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\22d177b61fde58f114e05dfd9b70c96d\BIT67.tmp"
Thu 29 Nov 2007             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\67c8fc01100a7555e3d40c5e21ad4a52\BIT65.tmp"
Thu 29 Nov 2007             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\9e6443517b40ee6dc8c01624ff3d2084\BIT56.tmp"

[b]Finished![/b]

[wojtas]

zajac1987, zaloz wlasny temat. opisz problem wstaw logi z hijacka i combofixa