czesc jestem nowy na forum. tak jak w temacie gry same mi sie minimalizuja.

na wypadek daje logi:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:00:04, on 2008-07-30

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\cisvc.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\V0420Mon.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\inetsrv\inetinfo.exe

C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe

C:\WINDOWS\System32\snmp.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\MsPMSPSv.exe

C:\WINDOWS\system32\mqsvc.exe

C:\WINDOWS\system32\mqtgsvc.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\cidaemon.exe

C:\WINDOWS\system32\cidaemon.exe

C:\PROGRA~1\Mozilla Firefox\firefox.exe

C:\Program Files\WinRAR\WinRAR.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.speedbit.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - URLSearchHook: SrchHook Class - {F4F10C1D-87C7-404A-B4B3-000000000000} - C:\PROGRA~1\DAP\SBSearch.dll

O2 - BHO: IE 4.x-6.x BHO for Internet Download Accelerator - {2A646672-9C3A-4C28-9A7A-1FB0F63F28B6} - C:\PROGRA~1\IDA\idaiehlp.dll

O2 - BHO: (no name) - {6CF0A05E-7D6B-4E00-B836-B3F23513657C} - C:\WINDOWS\system32\wvUoLcdE.dll (file missing)

O2 - BHO: (no name) - {C6F8F694-2BA5-4F41-91D7-D56931426FB7} - C:\WINDOWS\system32\jkkHAQGy.dll (file missing)

O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM…\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM…\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe”

O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM…\Run: [CTSysVol] C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe /r

O4 - HKLM…\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM…\Run: [C] C:\WINDOWS\system32\RegSvr32.exe /s C:\WINDOWS\system32\V0420Cvw.dll

O4 - HKLM…\Run: [V0420Mon.exe] C:\WINDOWS\V0420Mon.exe

O4 - HKLM…\Run: [ATICCC] “C:\Program Files\ATI Technologies\ATI.ACE\cli.exe” runtime

O4 - HKLM…\Run: [MsmqIntCert] regsvr32 /s mqrt.dll

O4 - HKLM…\Run: [WinampAgent] “C:\Program Files\Winamp\winampa.exe”

O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU…\Run: [Disk Cleaner] “C:\Program Files\Disk Cleaner\LaunchDiskCleaner.Exe” “C:\Program Files\Disk Cleaner\DiskCleaner.Exe” /boot

O4 - HKCU…\Run: [Registry Helper] “C:\Program Files\Registry Helper\LaunchRegistryHelper.Exe” “C:\Program Files\Registry Helper\RegistryHelper.Exe” /boot

O4 - HKCU…\Run: [uTorrent] “C:\Program Files\uTorrent\uTorrent.exe”

O4 - HKCU…\Run: [uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S

O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA LOKALNA’)

O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA SIECIOWA’)

O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)

O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)

O4 - Global Startup: Action Manager 32.lnk = C:\Program Files\ScannerU\AM32.exe

O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe

O4 - Global Startup: NETGEAR WG311v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe

O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm

O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm

O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm

O8 - Extra context menu item: Download ALL with IDA - C:\Program Files\IDA\idaieall.htm

O8 - Extra context menu item: Download with IDA - C:\Program Files\IDA\idaie.htm

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe

O9 - Extra ‘Tools’ menuitem: &Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virus … nicode.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: wvUoLcdE - wvUoLcdE.dll (file missing)

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

–

End of file - 6545 bytes

fix w hijackthis

Podaj log z Combofix

Przeczytaj proszę regulamin forum oraz zasady pisani a w tym dziale. Popraw błędy, na forum używamy polskiej pisowni oraz posta z logiem, zgodnie z tym tematem. Temat przenoszę.

viewtopic.php?f=16&t=253052

a oto te logi:

ComboFix 08-07-30.02 - SaJwO 2008-07-31 13:45:57.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.705 [GMT 2:00]

Running from: C:\Documents and Settings\SaJwO\Pulpit\ComboFix.exe

* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\WINDOWS\cookies.ini

C:\WINDOWS\system32\bmffjaks.dll

C:\WINDOWS\system32\Cache

C:\WINDOWS\system32\hivjtklx.ini

C:\WINDOWS\system32\hoitkwel.dll

C:\WINDOWS\system32\holxlvyf.ini

C:\WINDOWS\system32\ikuacq.dll

C:\WINDOWS\system32\juxeltsm.dll

C:\WINDOWS\system32\mcrh.tmp

C:\WINDOWS\system32\mhabqtdn.dll

C:\WINDOWS\system32\mlJCtssT.dll

C:\WINDOWS\system32\stsexa.dll

C:\WINDOWS\system32\tgkmbggn.ini

C:\WINDOWS\system32\uvxdtj.dll

C:\WINDOWS\system32\yGQAHkkj.ini

C:\WINDOWS\system32\yGQAHkkj.ini2

.

((((((((((((((((((((((((( Files Created from 2008-06-28 to 2008-07-31 )))))))))))))))))))))))))))))))

.

2008-07-30 22:59 . 2008-07-30 22:59

2008-07-29 11:57 . 2008-07-29 11:57 98,304 --a------ C:\WINDOWS\system32\CmdLineExt.dll

2008-07-29 11:20 . 2008-07-29 11:20

2008-07-25 12:45 . 2008-07-25 12:45

2008-07-25 12:43 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll

2008-07-25 12:43 . 2006-09-28 16:05 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll

2008-07-25 12:43 . 2007-04-04 18:53 81,768 --a------ C:\WINDOWS\system32\xinput1_3.dll

2008-07-25 12:42 . 2008-07-25 12:42

2008-07-25 12:41 . 2008-07-25 12:41

2008-07-21 10:33 . 2008-07-21 10:34

2008-07-21 10:21 . 2008-07-21 11:41 237 --a------ C:\WINDOWS\system32\temp_0000_65-15.aok

2008-07-21 10:14 . 2008-07-21 10:15

2008-07-21 09:43 . 2008-07-21 11:39 238 --a------ C:\WINDOWS\system32\test.aok

2008-07-21 09:38 . 2008-07-21 09:41

2008-07-21 09:38 . 2004-01-11 08:02 258,048 --a------ C:\WINDOWS\system32\GplMpgDec.ax

2008-07-21 09:38 . 2007-04-12 14:19 129,024 --a------ C:\WINDOWS\system32\AVERM.dll

2008-07-21 09:38 . 2006-09-26 13:57 28,672 --a------ C:\WINDOWS\system32\AVEQT.dll

2008-07-20 18:06 . 2008-07-20 18:06

2008-07-20 18:05 . 2008-07-20 18:06

2008-07-19 13:40 . 2008-07-19 13:41

2008-07-19 13:34 . 2008-07-19 13:34 29 --a------ C:\WINDOWS\DEBUGSM.INI

2008-07-19 13:27 . 2008-07-19 13:27

2008-07-19 13:27 . 2007-01-25 20:56 15,360 --a------ C:\WINDOWS\system32\GetInst32.dll

2008-07-19 13:17 . 2008-07-19 13:17 0 --a------ C:\WINDOWS\prestopm.INI

2008-07-17 17:36 . 2008-07-17 17:36

2008-07-17 17:29 . 2008-07-17 17:29

2008-07-17 17:13 . 2008-07-17 17:22

2008-07-17 17:13 . 2006-06-02 00:11 109,568 --------- C:\WINDOWS\system32\pxinsi64.exe

2008-07-17 17:13 . 2006-06-02 00:11 108,544 --------- C:\WINDOWS\system32\pxcpyi64.exe

2008-07-17 16:56 . 2008-07-17 16:56

2008-07-17 16:56 . 2008-07-25 21:00

2008-07-17 13:54 . 2008-07-17 13:54

2008-07-17 12:24 . 2008-07-17 16:41

2008-07-17 12:24 . 2008-07-17 12:24 172,032 --a------ C:\WINDOWS\system32\AniGIF.ocx

2008-07-14 19:31 . 2008-07-14 19:31

2008-07-14 19:31 . 2008-07-14 19:31

2008-07-12 21:33 . 2008-07-12 21:33 406 --ahs---- C:\WINDOWS\system32\uqoynfku.ini

2008-07-12 21:19 . 2008-07-12 21:19 1,776,311 --ahs---- C:\WINDOWS\system32\uqoynfku.tmp

2008-07-12 20:34 . 2008-07-12 20:34

2008-07-11 12:31 . 2008-07-11 12:31

2008-07-10 09:48 . 2008-07-10 10:05

2008-07-08 18:44 . 2008-07-08 18:46 139,264 --a------ C:\WINDOWS\War3Unin.exe

2008-07-08 18:44 . 2008-07-08 18:49 63,433 --a------ C:\WINDOWS\War3Unin.dat

2008-07-08 18:44 . 2008-07-08 18:46 2,829 --a------ C:\WINDOWS\War3Unin.pif

2008-07-08 13:46 . 2004-08-03 23:08 26,496 --a–c— C:\WINDOWS\system32\dllcache\usbstor.sys

2008-07-08 10:43 . 2008-07-08 10:43

2008-07-08 10:35 . 2008-07-31 13:19 1,019 --a------ C:\WINDOWS\wbocx.ini

2008-07-07 14:47 . 2008-07-07 15:21

2008-07-07 14:24 . 2004-08-03 23:08 10,624 --a------ C:\WINDOWS\system32\drivers\gameenum.sys

2008-07-07 14:24 . 2004-08-03 23:08 10,624 --a–c— C:\WINDOWS\system32\dllcache\gameenum.sys

2008-07-07 14:24 . 2001-08-17 22:00 2,944 --a------ C:\WINDOWS\system32\drivers\msmpu401.sys

2008-07-07 14:24 . 2001-08-17 22:00 2,944 --a–c— C:\WINDOWS\system32\dllcache\msmpu401.sys

2008-07-07 14:19 . 2008-07-07 14:19

2008-07-07 14:19 . 2008-07-31 13:27 49 --a------ C:\WINDOWS\NeroDigital.ini

2008-07-07 13:52 . 2008-07-30 22:18

2008-07-07 13:52 . 2008-07-07 18:03

2008-07-07 13:17 . 2008-07-07 13:17

2008-07-07 13:15 . 2004-08-04 02:44 2,134,528 --a–c— C:\WINDOWS\system32\dllcache\smtpsnap.dll

2008-07-07 13:14 . 2008-07-07 13:16

2008-07-07 13:14 . 2008-07-13 20:00

2008-07-07 13:14 . 2008-07-07 13:20

2008-07-07 12:53 . 2003-06-19 01:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll

2008-07-07 12:53 . 2008-07-07 12:53 421 --a------ C:\WINDOWS\ODBC.INI

2008-07-07 12:52 . 2008-07-07 12:52

2008-07-07 12:52 . 2008-07-07 12:52

2008-07-07 12:49 . 2008-07-07 12:49

2008-07-07 12:49 . 2008-07-07 12:49

2008-07-07 12:45 . 2008-07-07 12:45

2008-07-07 12:39 . 2008-07-07 12:40

2008-07-07 12:39 . 2008-07-29 12:54 1,188 --a------ C:\WINDOWS\wincmd.ini

2008-07-07 12:39 . 2008-04-22 07:03 545 --a------ C:\WINDOWS\UC.PIF

2008-07-07 12:39 . 2008-04-22 07:03 545 --a------ C:\WINDOWS\RAR.PIF

2008-07-07 12:39 . 2008-04-22 07:03 545 --a------ C:\WINDOWS\PKZIP.PIF

2008-07-07 12:39 . 2008-04-22 07:03 545 --a------ C:\WINDOWS\PKUNZIP.PIF

2008-07-07 12:39 . 2008-04-22 07:03 545 --a------ C:\WINDOWS\NOCLOSE.PIF

2008-07-07 12:39 . 2008-04-22 07:03 545 --a------ C:\WINDOWS\LHA.PIF

2008-07-07 12:39 . 2008-04-22 07:03 545 --a------ C:\WINDOWS\ARJ.PIF

2008-07-07 12:37 . 2008-07-07 12:37

2008-07-07 12:37 . 2008-07-07 12:37 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys

2008-07-07 12:36 . 2008-07-19 13:49 613 --a------ C:\WINDOWS\if40le.ini

2008-07-07 12:36 . 2008-07-19 13:49 114 --a------ C:\WINDOWS\SCNDRVU.INI

2008-07-07 12:35 . 2008-07-07 12:35

2008-07-07 12:35 . 2008-07-07 12:36

2008-07-07 12:35 . 2008-07-19 13:49

2008-07-07 12:35 . 2008-07-07 12:35

2008-07-07 12:35 . 1998-11-12 15:35 311,808 --a------ C:\WINDOWS\system32\CAMSDKR.DLL

2008-07-07 12:35 . 2000-08-18 10:24 79,360 --a------ C:\WINDOWS\system32\CAMSDKCT.OCX

2008-07-07 12:35 . 1997-10-13 13:19 11,776 --a------ C:\WINDOWS\system32\pmsbfn32.dll

2008-07-07 12:35 . 2008-07-29 14:58 3,084 --a------ C:\WINDOWS\If42le.ini

2008-07-07 12:35 . 2008-07-19 13:49 403 --a------ C:\WINDOWS\umxaddin.ini

2008-07-07 12:35 . 2008-07-19 13:49 362 --a------ C:\WINDOWS\PEXPLORE.INI

2008-07-07 12:33 . 2001-10-26 17:29 87,040 --a------ C:\WINDOWS\system32\wiafbdrv.dll

2008-07-07 12:33 . 2001-10-26 17:29 87,040 --a–c— C:\WINDOWS\system32\dllcache\wiafbdrv.dll

2008-07-07 12:33 . 2007-08-07 17:11 57,344 --a------ C:\WINDOWS\system32\Micdrv.dll

2008-07-07 12:33 . 2002-10-31 20:12 49,152 -ra------ C:\WINDOWS\AutoSet.dll

2008-07-07 12:33 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys

2008-07-07 12:33 . 2004-08-03 22:58 15,104 --a–c— C:\WINDOWS\system32\dllcache\usbscan.sys

2008-07-07 12:31 . 2008-07-07 12:31

2008-07-07 12:31 . 2004-05-21 06:00 116,736 --a------ C:\WINDOWS\system32\CNMLM66.DLL

2008-07-07 12:31 . 2004-03-11 17:06 86,016 --a------ C:\WINDOWS\system32\CNMCP66.exe

2008-07-07 12:31 . 2004-05-21 06:00 7,680 --a------ C:\WINDOWS\system32\CNMVS66.DLL

2008-07-06 23:09 . 2004-08-04 00:39 142,464 --a------ C:\WINDOWS\system32\drivers\aec.sys

2008-07-06 23:09 . 2001-08-18 00:00 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys

2008-07-06 23:09 . 2004-08-04 01:07 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys

2008-07-06 23:09 . 2004-08-04 00:58 7,552 --a------ C:\WINDOWS\system32\drivers\MSKSSRV.sys

2008-07-06 23:09 . 2004-08-04 01:07 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys

2008-07-06 23:07 . 2004-09-29 02:05 2,254,560 --a------ C:\WINDOWS\system32\ati3duag.dll

2008-07-06 23:07 . 2004-08-04 02:43 870,784 --a------ C:\WINDOWS\system32\ati3d1ag.dll

2008-07-06 23:07 . 2004-09-29 02:22 800,256 --a------ C:\WINDOWS\system32\drivers\ati2mtag.sys

2008-07-06 23:07 . 2004-09-29 02:22 800,256 --a–c— C:\WINDOWS\system32\dllcache\ati2mtag.sys

2008-07-06 23:07 . 2004-09-29 01:45 479,840 --a------ C:\WINDOWS\system32\ativvaxx.dll

2008-07-06 23:07 . 2004-09-29 01:29 245,760 --a------ C:\WINDOWS\system32\ati2cqag.dll

2008-07-06 23:07 . 2004-09-29 02:22 216,576 --a------ C:\WINDOWS\system32\ati2dvag.dll

2008-07-06 23:07 . 2004-08-04 02:44 77,312 --a------ C:\WINDOWS\system32\usbui.dll

2008-07-06 23:07 . 2001-08-17 23:46 6,400 --a------ C:\WINDOWS\system32\drivers\enum1394.sys

2008-07-06 23:05 . 2008-07-30 23:37

2008-07-06 23:05 . 2008-07-06 23:05

2008-07-06 23:05 . 2008-07-06 23:05

2008-07-06 23:05 . 2008-07-06 21:14

2008-07-06 23:05 . 2008-07-06 23:05

2008-07-06 23:05 . 2008-07-06 23:05

2008-07-06 23:05 . 2008-07-06 23:05

2008-07-06 23:05 . 2008-07-06 23:05

2008-07-06 23:05 . 2008-07-06 23:05

2008-07-06 23:05 . 2008-07-06 23:05

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-07-31 11:50 --------- d-----w C:\Documents and Settings\SaJwO\Dane aplikacji\uTorrent

2008-07-30 18:46 --------- d-----w C:\Documents and Settings\SaJwO\Dane aplikacji\Skype

2008-07-30 16:32 --------- d-----w C:\Documents and Settings\SaJwO\Dane aplikacji\skypePM

2008-07-26 15:18 271,360 ----a-w C:\WINDOWS\system32\drivers\atksgt.sys

2008-07-26 15:18 18,048 ----a-w C:\WINDOWS\system32\drivers\lirsgt.sys

2008-07-26 15:12 --------- d–h--w C:\Program Files\InstallShield Installation Information

2008-07-20 12:40 --------- d-----w C:\Program Files\Gadu-Gadu

2008-07-19 11:27 --------- d-----w C:\Program Files\Common Files\InstallShield

2008-07-17 14:57 --------- d—a-w C:\Documents and Settings\All Users\Dane aplikacji\TEMP

2008-07-07 12:42 --------- d-----w C:\Program Files\Creative

2008-07-07 12:25 --------- d-----w C:\Documents and Settings\SaJwO\Dane aplikacji\Winamp

2008-07-07 10:46 --------- d-----w C:\Program Files\ATI Technologies

2008-07-06 20:36 --------- d-----w C:\Program Files\uTorrent

2008-07-06 20:27 --------- d-----w C:\Program Files\Alwil Software

2008-07-06 20:26 --------- d-----w C:\Documents and Settings\SaJwO\Dane aplikacji\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

2008-07-06 20:25 --------- d-----w C:\Program Files\Common Files\Adobe AIR

2008-07-06 20:25 --------- d-----w C:\Program Files\Common Files\Adobe

2008-07-06 20:11 --------- d-----w C:\Program Files\Ahead

2008-07-06 20:08 --------- d-----w C:\Program Files\Common Files\Ahead

2008-07-06 20:08 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Ahead

2008-07-06 19:46 --------- d-----w C:\Documents and Settings\SaJwO\Dane aplikacji\Talkback

2008-07-06 19:45 --------- d-----w C:\Program Files\MarBit

2008-07-06 19:44 --------- d-----w C:\Documents and Settings\SaJwO\Dane aplikacji\Gadu-Gadu

2008-07-06 19:43 --------- d-----w C:\Program Files\Winamp

2008-07-06 19:42 --------- d-----w C:\Program Files\Skype

2008-07-06 19:42 --------- d-----w C:\Program Files\IrfanView

2008-07-06 19:42 --------- d-----w C:\Program Files\Common Files\Skype

2008-07-06 19:42 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Skype

2008-07-06 19:29 --------- d-----w C:\Program Files\NETGEAR

2008-07-06 19:21 --------- d-----w C:\Program Files\microsoft frontpage

2008-07-06 19:19 --------- d-----w C:\Program Files\Usługi online

2006-03-15 12:19 212,992 ----a-w C:\WINDOWS\inf\WG311v3\CopyWHQLDriver.exe

2006-01-26 15:55 280,576 ----a-w C:\WINDOWS\inf\WG311v3\WG311v3.sys

2005-10-06 13:17 280,576 ----a-w C:\WINDOWS\inf\WG311v3\WG311v3XP.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 02:44 15360]

“uTorrent”=“C:\Program Files\uTorrent\uTorrent.exe” [2008-07-06 22:36 219952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“NeroFilterCheck”=“C:\WINDOWS\system32\NeroCheck.exe” [2001-07-09 11:50 155648]

“ATIPTA”=“C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe” [2004-09-29 07:15 344064]

“Adobe Reader Speed Launcher”=“C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe” [2008-06-12 02:38 34672]

“CTSysVol”=“C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe” [2003-09-17 10:43 57344]

“UpdReg”=“C:\WINDOWS\UpdReg.EXE” [2000-05-11 01:00 90112]

“C:\WINDOWS\system32\V0420Cvw.dll”=“C:\WINDOWS\system32\V0420Cvw.dll” [2007-05-14 03:00 262144]

“V0420Mon.exe”=“C:\WINDOWS\V0420Mon.exe” [2007-04-30 03:00 32768]

“ATICCC”=“C:\Program Files\ATI Technologies\ATI.ACE\cli.exe” [2004-09-29 10:37 28672]

“MsmqIntCert”=“mqrt.dll” [2004-08-04 02:44 177152 C:\WINDOWS\system32\mqrt.dll]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2004-08-04 02:44 15360]

“ATICCC”=“C:\Program Files\ATI Technologies\ATI.ACE\cli.exe” [2004-09-29 10:37 28672]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\

Action Manager 32.lnk - C:\Program Files\ScannerU\AM32.exe [2008-07-19 13:49:26 69632]

ATI CATALYST System Tray.lnk - C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe [2004-09-29 10:37:26 28672]

NETGEAR WG311v3 Smart Wizard.lnk - C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe [2006-01-26 17:55:04 1486848]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

“VIDC.YV12”= yv12vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

“AntiVirusDisableNotify”=dword:00000001

“UpdatesDisableNotify”=dword:00000001

“AntiVirusOverride”=dword:00000001

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

“%windir%\system32\sessmgr.exe”=

“C:\Program Files\uTorrent\uTorrent.exe”=

“C:\WINDOWS\system32\mqsvc.exe”=

“C:\WINDOWS\system32\dpvsetup.exe”=

“C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\SurMixer.exe”=

“C:\Program Files\MarBit\ALLPlayer\ALLPlayer.exe”=

“C:\Program Files\Winamp\winamp.exe”=

“C:\Program Files\ScannerU\AM32.exe”=

“C:\Program Files\Creative\SB Live! 24-bit\Diagnostics\diagnos3.exe”=

“C:\Program Files\Creative\SB Live! 24-bit\Equalizer\CTEQ.exe”=

“C:\Program Files\Creative\SB Live! 24-bit\MiniDisc\CTMDCen.exe”=

“C:\Program Files\Creative\SB Live! 24-bit\Program\Restore.exe”=

“C:\Program Files\Creative\SB Live! 24-bit\Speaker Settings\SpkSet.exe”=

“C:\Program Files\Creative\SB Live! 24-bit\WaveStudio\CTWave32.exe”=

“C:\Program Files\DAEMON Tools Lite\daemon.exe”=

“C:\Program Files\Creative\SB Live! 24-bit\EAX\EAX.exe”=

“C:\Program Files\Ahead\Nero StartSmart\NeroStartSmart.exe”=

“E:\Program Files\Warcraft III\Warcraft III.exe”=

“C:\Program Files\Nowe Gadu-Gadu\gg.exe”=

“C:\Program Files\Skype\Phone\Skype.exe”=

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

“8461:TCP”= 8461:TCP:GoD High Port

“8462:TCP”= 8462:TCP:GoD Low Port

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 16:35]

R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 16:37]

R3 V0420VID;Live! Cam Vista IM (VF0420);C:\WINDOWS\system32\DRIVERS\V0420Vid.sys [2007-05-31 03:32]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{9253112c-4ce3-11dd-b7a2-001b2fce01c2}]

\Shell\Auto\command - sal.xls.exe

\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sal.xls.exe

.

• • • • ORPHANS REMOVED - - - -

HKCU-Run-Disk Cleaner - C:\Program Files\Disk Cleaner\LaunchDiskCleaner.Exe

HKCU-Run-Registry Helper - C:\Program Files\Registry Helper\LaunchRegistryHelper.Exe

HKCU-Run-Uniblue RegistryBooster 2 - C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe

HKLM-Run-WinampAgent - C:\Program Files\Winamp\winampa.exe

Notify-wvUoLcdE - wvUoLcdE.dll

.

------- Supplementary Scan -------

.

FireFox -: Profile - C:\Documents and Settings\SaJwO\Dane aplikacji\Mozilla\Firefox\Profiles\q7lfd9t6.default\

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-07-31 13:49:47

Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully

hidden files: 0

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

C:\WINDOWS\system32\ati2evxx.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\msdtc.exe

C:\WINDOWS\system32\ati2evxx.exe

C:\WINDOWS\system32\CTSVCCDA.EXE

C:\WINDOWS\system32\inetsrv\inetinfo.exe

C:\WINDOWS\system32\snmp.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\WINDOWS\system32\MsPMSPSv.exe

C:\WINDOWS\system32\mqsvc.exe

C:\WINDOWS\system32\mqtgsvc.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\SoftwareDistribution\Download\ad9c4c2a779933f83b51a49a2c88838d\update\update.exe

.

**************************************************************************

.

Completion time: 2008-07-31 13:53:25 - machine was rebooted

ComboFix-quarantined-files.txt 2008-07-31 11:53:19

Pre-Run: 11,878,391,808 bajtów wolnych

Post-Run: 11,904,196,608 bajt˘w wolnych

297

Pobierz Combofix ale nie uruchamiaj wklej do notatnika:

Zapisz plik jako CFScript.txt najlepiej aby ikonka tego pliku znajdowała się obok ikonki ComboFix.exe

Przeciągnij i upuść plik CFScript.txt na ikonkę ComboFix.exe powinno rozpocząć się usuwanie po tym daj log na forum.

Usuń ręcznie folder C: \Qoobox , usuń instalkę Combofix z dysku.

Dzięki oto logi:

http://wklejto.pl/7024

Log wyglada na czysty

usuń ręcznie folder C: \Qoobox , usuń instalkę Combofix z dysku.

Przeczyść komputer Ccleanerem

Wykonaj optymalizację autostartu

Wyłącz i włącz przywracanie systemu na wszystkich dyskach. Instrukcja

Przeskanuj obszar mojego komputera http://www.kaspersky.pl/virusscanner.html (uruchom przez IE) Daj raport z niego na forum

lub

Dr.WEB CureIt!

Pobierz Combofix ale nie uruchamiaj wklej do notatnika:

Zapisz plik jako CFScript.txt najlepiej aby ikonka tego pliku znajdowała się obok ikonki ComboFix.exe

Przeciągnij i upuść plik CFScript.txt na ikonkę ComboFix.exe powinno rozpocząć się usuwanie po tym daj log na forum.

Usuń ręcznie folder C: \Qoobox , usuń instalkę Combofix z dysku.