Logfile of HijackThis v1.99.1

Scan saved at 20:18:11, on 2008-02-10

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:

C:WINDOWSSystem32smss.exe

C:WINDOWSsystem32winlogon.exe

C:WINDOWSsystem32services.exe

C:WINDOWSsystem32lsass.exe

C:WINDOWSsystem32svchost.exe

C:WINDOWSSystem32svchost.exe

C:WINDOWSsystem32spoolsv.exe

C:Program FilesAviraAntiVir PersonalEdition Classicavguard.exe

C:Program FilesAviraAntiVir PersonalEdition Classicsched.exe

C:Program FilesSymantecLiveUpdateALUSchedulerSvc.exe

C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE

C:WINDOWSsystem32HPZipm12.exe

C:WINDOWSsystem32PnkBstrA.exe

C:WINDOWSsystem32svchost.exe

C:Program FilesCommon FilesSymantec SharedCCPD-LCsymlcsvc.exe

C:WINDOWSExplorer.EXE

C:Program Filesxeroxwdfmgr-19472.exe

C:Program FilesAnalog DevicesCoresmax4pnp.exe

C:Program FilesAnalog DevicesSoundMAXSmax4.exe

C:WINDOWSSOINTGR.EXE

C:Program FilesMultimedia Card Readershwicon2k.exe

C:WINDOWSsystem32VTTimer.exe

C:WINDOWSsystem32VTtrayp.exe

C:Program FilesHPHP Software UpdateHPWuSchd2.exe

C:Program FilesGoogleGoogle Desktop SearchGoogleDesktop.exe

C:Program FilesJavajre1.6.0_02binjusched.exe

C:Program FilesCommon FilesRealUpdate_OBrealsched.exe

C:Program FilesD-Toolsdaemon.exe

C:Program FilesWinampwinampa.exe

C:Program FilesSony EricssonMobile2Application LauncherApplication Launcher.exe

C:Program FilesAviraAntiVir PersonalEdition Classicavgnt.exe

C:Program FilesQuickTimeqttask.exe

C:Program FilesSeekmobin10.0.406.0OEAddOn.exe

C:Program FilesSlySoftCloneCDCloneCDTray.exe

C:WINDOWSsystem32driversservices.exe

C:WINDOWSsystem32ctfmon.exe

C:Program FilesMessengermsmsgs.exe

C:Program FilesGadu-Gadugg.exe

C:Program FilesHPDigital Imagingbinhpqtra08.exe

C:Program FilesHPDigital Imagingbinhpqimzone.exe

C:WINDOWSsystem32msiexec.exe

C:Program FilesHPDigital ImagingProduct Assistantbinhprblog.exe

C:Program FilesCommon FilesTeleca SharedGeneric.exe

C:WINDOWSsystem32mmc.exe

C:WINDOWSsystem32DfrgNtfs.exe

C:Program FilesInternet Exploreriexplore.exe

C:WINDOWSsystem32spider.exe

C:Program FilesWinRARWinRAR.exe

C:DOCUME~1jacekUSTAWI~1TempRar$EX00.796HijackThis.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.wp.pl/

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCUSoftwareMicrosoftInternet Connection Wizard,ShellNext = http://www.pcf.pl/

R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll

O2 - BHO: Seekmo /fleok=1D8A83A5C7E6197F99A56B2A1FBB39BFE4976E26CAEDA120180A196D6093 - {07AA283A-43D7-4CBE-A064-32A21112D94D} - (no file)

O2 - BHO: War Rock Toolbar Helper - {0914953A-B6C0-42C3-983E-5213C64AFA9B} - C:Program FilesWar Rock Toolbarv3.2.0.0War_Rock_Toolbar.dll

O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:PROGRA~1FlashGetjccatch.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:Program FilesBitComettoolsBitCometBHO.dll

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:PROGRA~1MEGAUP~1MEGAUP~1.DLL

O2 - BHO: BiblePro Toolbar Helper - {6A3EBAF8-C030-4E10-9D09-DB76740E85B1} - C:Program FilesBiblePro Toolbarv3.2.0.0BiblePro_Toolbar.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.6.0_02binssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:program filesgooglegoogletoolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:Program FilesGoogleGoogleToolbarNotifier2.0.301.7164swg.dll

O2 - BHO: (no name) - {E14DCE67-8FB7-4721-8149-179BAA4D792C} - (no file)

O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:PROGRA~1FlashGetgetflash.dll (file missing)

O3 - Toolbar: AOL Security Toolbar - {3BB63FD4-3C00-44D7-94A9-5DE211900DEF} - C:Program FilesAOL Security Toolbartbu18AOL_security_toolbar.dll (file missing)

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:PROGRA~1MEGAUP~1MEGAUP~1.DLL

O3 - Toolbar: BiblePro Toolbar - {4D053320-23CF-417F-B498-0DCF8EBF49C3} - C:Program FilesBiblePro Toolbarv3.2.0.0BiblePro_Toolbar.dll

O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:PROGRA~1FlashGetfgiebar.dll (file missing)

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:program filesgooglegoogletoolbar2.dll

O3 - Toolbar: War Rock Toolbar - {5D956A61-05E7-427B-A2B1-BF32FB18B1BE} - C:Program FilesWar Rock Toolbarv3.2.0.0War_Rock_Toolbar.dll

O3 - Toolbar: Seekmo - {07AA283A-43D7-4CBE-A064-32A21112D94D} - (no file)

O4 - HKLM…Run: [DTemp] C:SysPrepTestDTempDTemp.exe

O4 - HKLM…Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe

O4 - HKLM…Run: [soundMAXPnP] C:Program FilesAnalog DevicesCoresmax4pnp.exe

O4 - HKLM…Run: [soundMAX] “C:Program FilesAnalog DevicesSoundMAXSmax4.exe” /tray

O4 - HKLM…Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe

O4 - HKLM…Run: [sO5 Integrator Pass Two] C:WINDOWSSOINTGR.EXE

O4 - HKLM…Run: [sunkist2k] C:Program FilesMultimedia Card Readershwicon2k.exe

O4 - HKLM…Run: [VTTimer] VTTimer.exe

O4 - HKLM…Run: [VTTrayp] VTtrayp.exe

O4 - HKLM…Run: [HP Software Update] C:Program FilesHPHP Software UpdateHPWuSchd2.exe

O4 - HKLM…Run: [Google Desktop Search] “C:Program FilesGoogleGoogle Desktop SearchGoogleDesktop.exe” /startup

O4 - HKLM…Run: [sunJavaUpdateSched] “C:Program FilesJavajre1.6.0_02binjusched.exe”

O4 - HKLM…Run: [TkBellExe] “C:Program FilesCommon FilesRealUpdate_OBrealsched.exe” -osboot

O4 - HKLM…Run: [DAEMON Tools-1033] “C:Program FilesD-Toolsdaemon.exe” -lang 1033 -lock

O4 - HKLM…Run: [Adobe Reader Speed Launcher] “C:Program FilesAdobeReader 8.0ReaderReader_sl.exe”

O4 - HKLM…Run: [WinampAgent] C:Program FilesWinampwinampa.exe

O4 - HKLM…Run: [No-IP Client 1.42] C:Program FilesNo-IP Clientnoipclient.exe

O4 - HKLM…Run: [sony Ericsson PC Suite] “C:Program FilesSony EricssonMobile2Application LauncherApplication Launcher.exe” /startoptions

O4 - HKLM…Run: [hosted] C:Windowssystem32hosted.exe

O4 - HKLM…Run: [avgnt] “C:Program FilesAviraAntiVir PersonalEdition Classicavgnt.exe” /min

O4 - HKLM…Run: [!xSpeed] C:!xSpeedPro!xSpeedPro.exe reg

O4 - HKLM…Run: [diagnostic] C:Windowssystem32diagnostic.exe

O4 - HKLM…Run: [QuickTime Task] “C:Program FilesQuickTimeqttask.exe” -atboottime

O4 - HKLM…Run: [seekmoOE] C:Program FilesSeekmobin10.0.406.0OEAddOn.exe

O4 - HKLM…Run: [seekmoSA] “C:Program FilesSeekmobin10.0.406.0SeekmoSA.exe”

O4 - HKLM…Run: [CloneCDTray] “C:Program FilesSlySoftCloneCDCloneCDTray.exe” /s

O4 - HKLM…Run: [msm] C:WINDOWSsystem32driversservices.exe

O4 - HKCU…Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe

O4 - HKCU…Run: [MSMSGS] “C:Program FilesMessengermsmsgs.exe” /background

O4 - HKCU…Run: [Gadu-Gadu] “C:Program FilesGadu-Gadugg.exe” /tray

O4 - Global Startup: Adobe Gamma Loader.lnk = C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:Program FilesHPDigital Imagingbinhpqtra08.exe

O4 - Global Startup: HP Image Zone - szybkie uruchamianie.lnk = C:Program FilesHPDigital Imagingbinhpqthb08.exe

O8 - Extra context menu item: Download All by FlashGet - C:PROGRA~1FlashGetjc_all.htm

O8 - Extra context menu item: Download all links using BitComet - res://C:Program FilesBitCometBitComet.exe/AddAllLink.htm

O8 - Extra context menu item: Download all videos using BitComet - res://C:Program FilesBitCometBitComet.exe/AddVideo.htm

O8 - Extra context menu item: Download link using &BitComet - res://C:Program FilesBitCometBitComet.exe/AddLink.htm

O8 - Extra context menu item: Download using FlashGet - C:PROGRA~1FlashGetjc_link.htm

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_02binssv.dll

O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_02binssv.dll

O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:PROGRA~1FlashGetflashget.exe (file missing)

O9 - Extra ‘Tools’ menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:PROGRA~1FlashGetflashget.exe (file missing)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network Diagnosticxpnetdiag.exe (file missing)

O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network Diagnosticxpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe

O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O12 - Plugin for .spop: C:Program FilesInternet ExplorerPluginsNPDocBox.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.pcf.pl/

O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} (MainControl Class) - http://slimak.onet.pl/_m/wirusy/ArcaOnline.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda … 8922579046

O16 - DPF: {70B410C0-BADA-11D4-8308-0080C8D7ED4A} (GameDesire Bridge) - http://67.15.101.3/g_bin/pl/bridge_2_0_0_20.cab

O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://67.15.101.3/g_bin/pl/billard8_2_0_0_28.cab

O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} (GameDesire Snooker) - http://67.15.101.3/g_bin/pl/snooker_2_0_0_28.cab

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:Program FilesCommon FilesMicrosoft SharedHelphxds.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL

O20 - AppInit_DLLs: C:PROGRA~1GoogleGOOGLE~1GOEC62~1.DLL

O20 - Winlogon Notify: WgaLogon - C:WINDOWSSYSTEM32WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:WINDOWSsystem32WPDShServiceObj.dll

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:Program FilesAviraAntiVir PersonalEdition Classicsched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:Program FilesAviraAntiVir PersonalEdition Classicavguard.exe

O23 - Service: GoogleDesktopManager - Google - C:Program FilesGoogleGoogle Desktop SearchGoogleDesktop.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe

O23 - Service: Harmonogram automatycznej usługi LiveUpdate - Symantec Corporation - C:Program FilesSymantecLiveUpdateALUSchedulerSvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:PROGRA~1SymantecLIVEUP~1LUCOMS~1.EXE

O23 - Service: Pml Driver HPZ12 - HP - C:WINDOWSsystem32HPZipm12.exe

O23 - Service: PnkBstrA - Unknown owner - C:WINDOWSsystem32PnkBstrA.exe

O23 - Service: Sandra Service (SandraTheSrv) - Unknown owner - C:Documents and SettingsWłaścicielPulpitSiSoftware Sandra Lite 2005.SR1RpcSandraSrv.exe (file missing)

O23 - Service: Symantec Core LC - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedCCPD-LCsymlcsvc.exe

O2 - BHO: Seekmo /fleok=1D8A83A5C7E6197F99A56B2A1FBB39BFE4976E26CAEDA120180A196D6093 - {07AA283A-43D7-4CBE-A064-32A21112D94D} - (no file)

O2 - BHO: (no name) - {E14DCE67-8FB7-4721-8149-179BAA4D792C} - (no file)

O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:PROGRA~1FlashGetgetflash.dll (file missing)

O3 - Toolbar: AOL Security Toolbar - {3BB63FD4-3C00-44D7-94A9-5DE211900DEF} - C:Program FilesAOL Security Toolbartbu18AOL_security_toolbar.dll (file missing)

O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:PROGRA~1FlashGetfgiebar.dll (file missing)

O3 - Toolbar: Seekmo - {07AA283A-43D7-4CBE-A064-32A21112D94D} - (no file)

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:PROGRA~1FlashGetflashget.exe (file missing)			

O9 - Extra \'Tools\' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:PROGRA~1FlashGetflashget.exe (file missing)

usuń wpisy HJT

Daj log z ComboFix

Zmiana zasad wklejania logów na forum - viewtopic.php?f=16&t=213350

wklej.org/id/a03ba75126

Użyj jeszcze jednego automatu po tym reszta

Pobierz program SDFix

wklej.org/id/42facd6e8f

Użyj jeszcze raz SDFix i po tmy nowy log z combo

wklej.org/id/b3465ffbf3

Podałam log i co dalej?

otwórz notatnik i wklej

zapisz jako CFScript.txt (zapisz by ikonka CFScript.txt była obok ikonki ComboFix.exe) >> Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe

http://img.wklej.org/images/88953CFScri … iemoes.gif

Powinno rozpocząć się usuwanie

Potem log z usuwania Combofix

Po restarcie jeśli wszystko będzie OK usuń ręcznie folder C: \Qoobox

zrób optymalizację autostartu http://cybertrash.netarteria.pl/cyber/index.php/topic,378.0.html

powywalaj te skróty z autostartu (start >> wszystkie progr. >> autostart)

EDIT:

C:\WINDOWS\system32\Sys 

C:\WINDOWS\system32\28463

C:\Documents and Settings\All Users\Dane aplikacji\2ACA5CC3-0F83-453D-A079-1076FE1A8B65

sprawdź te foldery jeszcze