Komunikaty o spyware i blokujący admin - log hijack

Dzisiaj wchodzę do IE i od razu ni stąd ni zowąd od razu alerty o spyware, potem gorzej, ponieważ głośnik sam się wycisza, nie moge wejsc w panel sterowania ani w menedżer bo “admin” zablokował. dlatego proszę bardzo o sprawdzenie tego poniżej!!

Logfile of HijackThis v1.99.1

Scan saved at 23:59:46, on 2007-12-21

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\DAEMON Tools\daemon.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\autorun.exe

C:\Program Files\SAGEM WiFi manager\WLANUTL.exe

C:\WINDOWS\system32\devldr32.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\piotrek\Moje dokumenty\Piotrek\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\shell.exe

O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll

O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll

O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll

O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.0 RC 16.2\RivaTuner.exe" /S

O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1045

O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\wianmpa.exe

O4 - HKLM\..\Run: [Medichi] medichi.exe

O4 - HKLM\..\Run: [Medichi2] medichi2.exe

O4 - HKLM\..\Run: [Printer] C:\WINDOWS\system32\printer.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray

O4 - HKCU\..\Run: [Spoolsv] C:\WINDOWS\system32\spoolvs.exe

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: findfast.exe

O4 - Global Startup: autorun.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Program sieciowy dla SAGEM Wi-Fi 11g USB adapter.lnk = ?

O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Ściągnij przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_link.htm

O8 - Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_all.htm

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe

O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {5A09E43F-A0A7-4ABF-AF80-11367CF1DC8F} (MainControl Class) - http://mks.com.pl/skaner/SkanerOnline.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1163250341474

O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MainControl Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1163250305131

O16 - DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} (SignActivX Control) - https://www.bph.pl/sezam/components/SignActivX.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{1C73FA6F-CCAD-4354-98C9-8949121E4334}: NameServer = 85.255.113.195,85.255.112.108

O17 - HKLM\System\CCS\Services\Tcpip\..\{87AECE95-7394-4D2C-8F91-EC3A41663A1A}: NameServer = 85.255.113.195,85.255.112.108

O17 - HKLM\System\CCS\Services\Tcpip\..\{AA0AC24A-589A-4711-8380-53CD643AEABE}: NameServer = 85.255.113.195,85.255.112.108

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.195 85.255.112.108

O17 - HKLM\System\CS1\Services\Tcpip\..\{1C73FA6F-CCAD-4354-98C9-8949121E4334}: NameServer = 85.255.113.195,85.255.112.108

O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.113.195 85.255.112.108

O17 - HKLM\System\CS3\Services\Tcpip\..\{1C73FA6F-CCAD-4354-98C9-8949121E4334}: NameServer = 85.255.113.195,85.255.112.108

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.195 85.255.112.108

O20 - AppInit_DLLs: murka.dat

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Proszę zastosować się do tego Tematu i edytować własnego posta

w celu zmiany jego tytułu na konkretny.

W przeciwnym razie topic wyląduje w Śmietniku.

jeżeli złamałem któryś z punktów dotyczący tytułowania tematów etc. to bardzo przepraszam, ale od razu sie tutaj zarejestrowałem po tym, jak to cos zaczelo mi na kompie się szwędać i zapostowałem…

teraz też mi się godzina na kompie zmieniła i co chwila coś się kopiuje…

Pobierz program SDFix

SDFix

SDFix: Version 1.119


Run by piotrek on 2007-12-21 at 17:40


Microsoft Windows XP [Wersja 5.1.2600]


Running From: C:\SDFix


Safe Mode:

Checking Services: 


Killing PID 928 'shell.exe'


Infected beep.sys Found!


beep.sys File Locations:


"C:\WINDOWS\system32\dllcache\beep.sys" 37888 2007-12-21 23:44 

"C:\WINDOWS\system32\drivers\beep.sys" 37888 2007-12-21 23:44 


Infected File Listed Below:


C:\WINDOWS\system32\dllcache\beep.sys

C:\WINDOWS\system32\drivers\beep.sys


Trojan File copied to Backups Folder

Attempting to replace beep.sys with original version... 


Original beep.sys Restored



Restoring Windows Registry Values

Restoring Windows Default Hosts File


Rebooting...



Normal Mode:

Checking Files: 


Trojan Files Found:


C:\WINDOWS\SYSTEM32\CMMGR32.EXE - Deleted

C:\WINDOWS\SYSTEM32\KERNEL32.EXE - Deleted

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\autorun.exe - Deleted

C:\Documents and Settings\piotrek\Menu Start\Programy\Autostart\findfast.exe - Deleted

C:\DOCUME~1\piotrek\USTAWI~1\Temp\removalfile.bat - Deleted

C:\WINDOWS\shell.exe - Deleted

C:\WINDOWS\system32\Kernel32.exe - Deleted

C:\WINDOWS\system32\printer.exe - Deleted

C:\WINDOWS\system32\spoolvs.exe - Deleted





Removing Temp Files...


ADS Check:


C:\WINDOWS

No streams found. 


C:\WINDOWS\system32

No streams found. 


C:\WINDOWS\system32\svchost.exe

No streams found.


C:\WINDOWS\system32\ntoskrnl.exe

No streams found.




                                 Final Check:


catchme 0.3.1333.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-12-21 17:46:49

Windows 5.1.2600 Dodatek Service Pack 2 NTFS


scanning hidden processes ...


scanning hidden services & system hive ...


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]

"s1"=dword:ef5d3a4d

"s2"=dword:4ee25234

"h0"=dword:00000002


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]

"h0"=dword:00000000

"ujdew"=hex:f1,90,07,2f,cc,b9,c2,21,56,d8,32,1c,81,f0,01,d6,20,8e,46,e4,36,..


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]

"p0"="C:\Program Files\DAEMON Tools\"

"h0"=dword:00000001

"khjeh"=hex:c4,0a,5a,17,58,7c,56,95,f5,45,5b,4a,9d,27,6c,00,e8,c8,84,19,64,..


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]

"a0"=hex:20,01,00,00,ca,61,2d,e6,53,cc,fc,9b,de,08,8b,f8,ba,1b,86,62,ec,..

"khjeh"=hex:bd,0f,1f,c1,95,69,1d,6d,98,c3,d5,6f,03,c6,8a,12,b0,20,b2,fe,7d,..


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]

"khjeh"=hex:5b,9c,8f,ed,19,24,4d,ec,0a,14,1e,5f,ed,9f,cd,6c,f0,af,4b,e6,09,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]

"h0"=dword:00000000

"ujdew"=hex:f1,90,07,2f,cc,b9,c2,21,56,d8,32,1c,81,f0,01,d6,20,8e,46,e4,36,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]

"p0"="C:\Program Files\DAEMON Tools\"

"h0"=dword:00000001

"khjeh"=hex:c4,0a,5a,17,58,7c,56,95,f5,45,5b,4a,9d,27,6c,00,e8,c8,84,19,64,..


[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]

"a0"=hex:20,01,00,00,ca,61,2d,e6,53,cc,fc,9b,de,08,8b,f8,ba,1b,86,62,ec,..

"khjeh"=hex:bd,0f,1f,c1,95,69,1d,6d,98,c3,d5,6f,03,c6,8a,12,b0,20,b2,fe,7d,..


[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]

"khjeh"=hex:5b,9c,8f,ed,19,24,4d,ec,0a,14,1e,5f,ed,9f,cd,6c,f0,af,4b,e6,09,..


scanning hidden registry entries ...


[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\A\1\5\1c]

"Order"=hex:08,00,00,00,02,00,00,00,b8,01,00,00,01,00,00,00,04,00,00,00,8c,..


scanning hidden files ...


scan completed successfully

hidden processes: 0

hidden services: 0

hidden files: 0



Remaining Services:

------------------




Authorized Application Key Export:


[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\\Program Files\\Gadu-Gadu\\gg.exe"="C:\\Program Files\\Gadu-Gadu\\gg.exe:*:Enabled:Gadu-Gadu - program g˘wny"

"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"

"C:\\Gry\\Guild Wars\\Gw.exe"="C:\\Gry\\Guild Wars\\Gw.exe:*:Enabled:Guild Wars"

"C:\\Gry\\star trek 2\\EF2.exe"="C:\\Gry\\star trek 2\\EF2.exe:*:Enabled:Elite Force II"

"C:\\Gry\\quake3\\quake3.exe"="C:\\Gry\\quake3\\quake3.exe:*:Enabled:quake3"

"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"

"C:\\Gry\\QIII\\quake3.exe"="C:\\Gry\\QIII\\quake3.exe:*:Enabled:quake3"

"C:\\Program Files\\BearShare\\BearShare.exe"="C:\\Program Files\\BearShare\\BearShare.exe:*:Disabled:BearShare"

"C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"="C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe:*:Disabled:BearShare"

"C:\\Documents and Settings\\piotrek\\Dane aplikacji\\printer.exe"="C:\\Documents and Settings\\piotrek\\Dane aplikacji\\printer.exe:*:Enabled:@xpsp2res.dll,-22019"

"C:\\WINDOWS\\system32\\printer.exe"="C:\\WINDOWS\\system32\\printer.exe:*:Enabled:@xpsp2res.dll,-22019"

"C:\\WINDOWS\\system32\\spoolvs.exe"="C:\\WINDOWS\\system32\\spoolvs.exe:*:Enabled:@xpsp2res.dll,-22019"

"C:\\WINDOWS\\shell.exe"="C:\\WINDOWS\\shell.exe:*:Enabled:@xpsp2res.dll,-22019"

"C:\\Documents and Settings\\piotrek\\Menu Start\\Programy\\Autostart\\findfast.exe"="C:\\Documents and Settings\\piotrek\\Menu Start\\Programy\\Autostart\\findfast.exe:*:Enabled:@xpsp2res.dll,-22019"

"C:\\Documents and Settings\\All Users\\Menu Start\\Programy\\Autostart\\autorun.exe"="C:\\Documents and Settings\\All Users\\Menu Start\\Programy\\Autostart\\autorun.exe:*:Enabled:@xpsp2res.dll,-22019"

"%windir%\\system32\\winav.exe"="%windir%\\system32\\winav.exe:*:Enabled:@xpsp2res.dll,-22019"

"C:\\Documents and Settings\\piotrek\\Dane aplikacji\\trant.exe"="C:\\Documents and Settings\\piotrek\\Dane aplikacji\\trant.exe:*:Enabled:@xpsp2res.dll,-22019"

"C:\\Documents and Settings\\piotrek\\Dane aplikacji\\mcrupdate.exe"="C:\\Documents and Settings\\piotrek\\Dane aplikacji\\mcrupdate.exe:*:Enabled:@xpsp2res.dll,-22019"


[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\\Documents and Settings\\piotrek\\Dane aplikacji\\printer.exe"="C:\\Documents and Settings\\piotrek\\Dane aplikacji\\printer.exe:*:Enabled:@xpsp2res.dll,-22019"

"C:\\WINDOWS\\system32\\printer.exe"="C:\\WINDOWS\\system32\\printer.exe:*:Enabled:@xpsp2res.dll,-22019"

"C:\\WINDOWS\\system32\\spoolvs.exe"="C:\\WINDOWS\\system32\\spoolvs.exe:*:Enabled:@xpsp2res.dll,-22019"

"C:\\WINDOWS\\shell.exe"="C:\\WINDOWS\\shell.exe:*:Enabled:@xpsp2res.dll,-22019"

"C:\\Documents and Settings\\piotrek\\Menu Start\\Programy\\Autostart\\findfast.exe"="C:\\Documents and Settings\\piotrek\\Menu Start\\Programy\\Autostart\\findfast.exe:*:Enabled:@xpsp2res.dll,-22019"

"C:\\Documents and Settings\\All Users\\Menu Start\\Programy\\Autostart\\autorun.exe"="C:\\Documents and Settings\\All Users\\Menu Start\\Programy\\Autostart\\autorun.exe:*:Enabled:@xpsp2res.dll,-22019"

"%windir%\\system32\\winav.exe"="%windir%\\system32\\winav.exe:*:Enabled:@xpsp2res.dll,-22019"

"C:\\Documents and Settings\\piotrek\\Dane aplikacji\\trant.exe"="C:\\Documents and Settings\\piotrek\\Dane aplikacji\\trant.exe:*:Enabled:@xpsp2res.dll,-22019"

"C:\\Documents and Settings\\piotrek\\Dane aplikacji\\mcrupdate.exe"="C:\\Documents and Settings\\piotrek\\Dane aplikacji\\mcrupdate.exe:*:Enabled:@xpsp2res.dll,-22019"


Remaining Files:

---------------


File Backups: - C:\SDFix\backups\backups.zip


Files with Hidden Attributes:


Wed 4 Aug 2004 1,667,584 ...H. --- "C:\Program Files\Messenger\msmsgs.exe"

Sat 24 Mar 2007 464,934 ..SH. --- "C:\WINDOWS\system32\xybeg.bak1"

Tue 27 Mar 2007 615,096 ..SH. --- "C:\WINDOWS\system32\xybeg.bak2"

Sun 12 Nov 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"


Finished!

i jeszcze hijackthis

Logfile of HijackThis v1.99.1

Scan saved at 17:53:48, on 2007-12-21

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\DAEMON Tools\daemon.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\SAGEM WiFi manager\WLANUTL.exe

C:\WINDOWS\system32\devldr32.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\piotrek\Moje dokumenty\Piotrek\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 

O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll

O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll

O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.0 RC 16.2\RivaTuner.exe" /S

O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1045

O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\wianmpa.exe

O4 - HKLM\..\Run: [Medichi] medichi.exe

O4 - HKLM\..\Run: [Medichi2] medichi2.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray

O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Program sieciowy dla SAGEM Wi-Fi 11g USB adapter.lnk = ?

O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Ściągnij przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_link.htm

O8 - Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_all.htm

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe

O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {5A09E43F-A0A7-4ABF-AF80-11367CF1DC8F} (MainControl Class) - http://mks.com.pl/skaner/SkanerOnline.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1163250341474

O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MainControl Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1163250305131

O16 - DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} (SignActivX Control) - https://www.bph.pl/sezam/components/SignActivX.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{1C73FA6F-CCAD-4354-98C9-8949121E4334}: NameServer = 85.255.113.195,85.255.112.108

O17 - HKLM\System\CCS\Services\Tcpip\..\{87AECE95-7394-4D2C-8F91-EC3A41663A1A}: NameServer = 85.255.113.195,85.255.112.108

O17 - HKLM\System\CCS\Services\Tcpip\..\{AA0AC24A-589A-4711-8380-53CD643AEABE}: NameServer = 85.255.113.195,85.255.112.108

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.195 85.255.112.108

O17 - HKLM\System\CS1\Services\Tcpip\..\{1C73FA6F-CCAD-4354-98C9-8949121E4334}: NameServer = 85.255.113.195,85.255.112.108

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.195 85.255.112.108

O20 - AppInit_DLLs: C:\WINDOWS\system32\wowfx.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

po skanowaniu nadal mam zblokowany cały panel sterowania przed admina, nie mogę zmienić daty/godziny’zmienić ustawienia myszy - nic. co jakiś czas nadal coś sie kopiuje oraz otwiera się stronka i alert

Teraz - Daj log z ComboFix