błagam pomocy!

tylko nie wiem co dalej błągam pomóżcie!!!1 :?

Logfile of HijackThis v1.99.1

Scan saved at 22:14:40, on 2008-02-06

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:

H:\WINDOWS\System32\smss.exe

H:\WINDOWS\system32\winlogon.exe

H:\WINDOWS\system32\services.exe

H:\WINDOWS\system32\lsass.exe

H:\WINDOWS\system32\Ati2evxx.exe

H:\WINDOWS\system32\svchost.exe

H:\WINDOWS\System32\svchost.exe

H:\WINDOWS\system32\Ati2evxx.exe

H:\WINDOWS\Explorer.EXE

H:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

H:\Program Files\Alwil Software\Avast4\ashServ.exe

H:\WINDOWS\system32\spoolsv.exe

H:\WINDOWS\RTHDCPL.EXE

H:\Program Files\HP\HP Software Update\HPWuSchd2.exe

H:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

H:\Program Files\Winamp\winampa.exe

H:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

H:\WINDOWS\system32\rundll32.exe

H:\WINDOWS\system32\ctfmon.exe

H:\Program Files\Gadu-Gadu\gg.exe

H:\Program Files\Ares\Ares.exe

H:\Program Files\Tlen.pl\tlen.exe

H:\Program Files\Winamp Remote\bin\OrbTray.exe

H:\Program Files\eMule\emule.exe

H:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

H:\Program Files\OpenOffice.org 2.3\program\soffice.exe

H:\Program Files\OpenOffice.org 2.3\program\soffice.BIN

H:\WINDOWS\system32\svchost.exe

H:\WINDOWS\System32\svchost.exe

H:\WINDOWS\System32\svchost.exe

H:\WINDOWS\system32\svchost.exe

H:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

H:\Program Files\Alwil Software\Avast4\ashWebSv.exe

H:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

H:\Program Files\Internet Explorer\iexplore.exe

h:\program files\winamp toolbar\WinampTbServer.exe

H:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe

H:\Program Files\WinRAR\WinRAR.exe

I:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.pl/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - H:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - H:\Program Files\HP\Smart Web Printing\hpswp_framework.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - H:\Program Files\Winamp Toolbar\winamptb.dll

O2 - BHO: UrlHelper Class - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - H:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - H:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll

O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - H:\Program Files\Winamp Toolbar\winamptb.dll

O4 - HKLM…\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM…\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM…\Run: [NeroFilterCheck] H:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM…\Run: [HP Software Update] H:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM…\Run: [avast!] H:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM…\Run: [WinampAgent] “H:\Program Files\Winamp\winampa.exe”

O4 - HKLM…\Run: [sunJavaUpdateSched] “H:\Program Files\Java\jre1.6.0_03\bin\jusched.exe”

O4 - HKLM…\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,BluetoothAuthenticationAgent

O4 - HKCU…\Run: [CTFMON.EXE] H:\WINDOWS\system32\ctfmon.exe

O4 - HKCU…\Run: [Gadu-Gadu] “H:\Program Files\Gadu-Gadu\gg.exe” /tray

O4 - HKCU…\Run: [ares] “H:\Program Files\Ares\Ares.exe” -h

O4 - HKCU…\Run: [Komunikator] H:\Program Files\Tlen.pl\tlen.exe

O4 - HKCU…\Run: [Orb] “H:\Program Files\Winamp Remote\bin\OrbTray.exe” /background

O4 - HKCU…\Run: [eMuleAutoStart] H:\Program Files\eMule\emule.exe -AutoStart

O4 - Startup: OpenOffice.org 2.3.lnk = H:\Program Files\OpenOffice.org 2.3\program\quickstart.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = H:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Microsoft Office.lnk = H:\Program Files\Microsoft Office\Office\OSA9.EXE

O8 - Extra context menu item: Winamp Toolbar Search - H:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Kolekcja wycinków HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - H:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Zaznaczanie HP Smart - {700259D7-1666-479a-93B1-3250410481E8} - H:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe

O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/ … 586-jc.cab

O17 - HKLM\System\CCS\Services\Tcpip…{44ABF320-9626-4800-8A04-B26636932396}: NameServer = 82.160.130.2,82.160.1.1

O17 - HKLM\System\CS1\Services\Tcpip…{44ABF320-9626-4800-8A04-B26636932396}: NameServer = 82.160.130.2,82.160.1.1

O17 - HKLM\System\CS2\Services\Tcpip…{44ABF320-9626-4800-8A04-B26636932396}: NameServer = 82.160.130.2,82.160.1.1

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - H:\Program Files\Ares\chatServer.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - H:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - H:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: avast! Antivirus - ALWIL Software - H:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - H:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - H:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

Daj log z ComboFix

oraz zapoznaj sie z:

http://www.bezpieczenstwosystemow.pl/in … topic=15.0

NIE MAM NIC TAKIEGO… :?

oto i log z combofix:

ComboFix 08-02.05.3 - w 2008-02-07 0:14:47.2 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.542 [GMT 1:00]

Running from: I:\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED

.

((((((((((((((((((((((((( Files Created from 2008-01-06 to 2008-02-06 )))))))))))))))))))))))))))))))

.

2008-02-06 23:51 . 2006-03-02 13:00 395,776 --a------ H:\kmd.exe

2008-02-04 19:14 . 2008-02-04 19:14 79 --a------ H:\WINDOWS\pit2007.ini

2008-02-04 19:13 . 2008-02-04 19:13

2008-02-03 18:49 . 2008-02-03 18:49 715,248 --a------ H:\WINDOWS\system32\drivers\sptd.sys

2008-02-02 11:02 . 2008-02-02 11:02

2008-02-02 11:02 . 2008-02-05 11:39

2008-02-01 17:53 . 2008-02-01 17:53

2008-02-01 14:55 . 2008-02-01 14:55

2008-02-01 09:38 . 2008-02-01 09:38 1,158 --a------ H:\WINDOWS\mozver.dat

2008-01-16 17:36 . 2004-08-03 23:10 38,016 --a------ H:\WINDOWS\system32\drivers\bthmodem.sys

2008-01-16 17:36 . 2004-08-03 23:10 38,016 --a–c— H:\WINDOWS\system32\dllcache\bthmodem.sys

2008-01-15 21:27 . 2008-01-15 21:27

2008-01-15 21:27 . 2008-01-15 21:27

2008-01-15 21:27 . 2007-09-24 23:31 69,632 --a------ H:\WINDOWS\system32\javacpl.cpl

2008-01-15 21:21 . 2008-01-15 21:21

2008-01-13 18:11 . 2008-01-13 18:11 0 --a------ H:\WINDOWS\nsreg.dat

2008-01-12 11:06 . 2008-02-07 00:09

2008-01-12 11:02 . 2008-01-12 11:05 3,858,985 --a------ H:\eMule0.48a-Installer.exe

2008-01-11 19:44 . 2008-01-20 16:48

2008-01-08 22:16 . 2008-01-08 22:16

2008-01-08 22:16 . 2008-01-08 22:16

2008-01-08 22:16 . 2008-01-08 22:16

2008-01-08 22:16 . 2008-01-08 22:16

2008-01-08 22:02 . 2008-01-08 22:17

2008-01-08 22:02 . 2008-01-08 22:17

2008-01-08 19:21 . 2008-01-08 19:25

2008-01-08 19:20 . 2008-01-08 19:20

2008-01-06 17:45 . 2008-01-06 17:45

2008-01-06 17:45 . 2008-01-06 17:45 32 --a------ H:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat

2008-01-06 17:41 . 2008-01-06 17:41

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-02-06 23:09 --------- d-----w H:\Documents and Settings\w\Dane aplikacji\OpenOffice.org2

2008-02-01 16:53 --------- d–h--w H:\Program Files\InstallShield Installation Information

2008-02-01 10:21 --------- d-----w H:\Program Files\Common Files\InstallShield

2008-01-31 16:24 --------- d-----w H:\Documents and Settings\w\Dane aplikacji\BearShare

2008-01-23 19:57 --------- d-----w H:\Documents and Settings\w\Dane aplikacji\HP

2008-01-23 19:57 --------- d-----w H:\Documents and Settings\All Users\Dane aplikacji\HP

2008-01-19 11:01 --------- d-----w H:\Documents and Settings\w\Dane aplikacji\AdobeUM

2008-01-05 19:56 --------- d-----w H:\Program Files\Ares

2008-01-04 23:16 --------- d-----w H:\Program Files\MSXML 4.0

2008-01-04 23:00 --------- d-----w H:\Program Files\Gadu-Gadu

2008-01-04 21:34 --------- d-----w H:\Program Files\BearShare Applications

2008-01-04 21:11 --------- d-----w H:\Program Files\OpenOffice.org 2.3

2008-01-04 21:10 112,047,158 ----a-w H:\Program Files\OOo_2.3.0_Win32Intel_install_pl.exe

2008-01-04 17:14 14,204,512 ----a-w H:\Program Files\avbeta.exe

2008-01-04 16:45 --------- d-----w H:\Program Files\AbiSuite2

2008-01-04 16:44 6,248,234 ----a-w H:\Program Files\abiword-setup-2.5.1.exe

2008-01-04 15:54 --------- d-----w H:\Documents and Settings\w\Dane aplikacji\HPAppData

2008-01-04 15:43 --------- d-----w H:\Documents and Settings\w\Dane aplikacji\Gadu-Gadu

2008-01-04 15:11 --------- d-----w H:\Program Files\Alwil Software

2008-01-04 15:08 18,755,272 ----a-w H:\Program Files\setuppol.exe

2008-01-04 14:46 15,600 ----a-w H:\WINDOWS\gdrv.sys

2008-01-01 10:26 --------- d-----w H:\Documents and Settings\w\Dane aplikacji\Media Player Classic

2007-12-29 13:59 --------- d-----w H:\Program Files\Impresja

2007-12-25 20:13 --------- d-----w H:\Documents and Settings\w\Dane aplikacji\CyberLink

2007-12-25 20:06 --------- d-----w H:\Program Files\Dragon Throne

2007-12-23 13:22 --------- d-----w H:\Program Files\Paradox Entertainment

2007-12-23 13:21 --------- d-----w H:\Program Files\Cossacks

2007-12-22 09:09 --------- d-----w H:\Documents and Settings\All Users\Dane aplikacji\HPSSUPPLY

2007-12-21 13:51 --------- d-----w H:\Program Files\Common Files\Adobe

2007-12-21 11:55 --------- d-----w H:\Program Files\Postal 2 STP

2007-12-21 11:36 --------- d-----w H:\Program Files\Project IGI

2007-12-21 11:33 --------- d-----w H:\Program Files\BattleField 1942

2007-12-19 12:42 --------- d-----w H:\Program Files\microsoft frontpage

2007-12-19 12:42 --------- d-----w H:\Documents and Settings\w\Dane aplikacji\Microsoft Web Folders

2007-12-18 16:11 --------- d-----w H:\Program Files\directx

2007-12-18 16:03 --------- d-----w H:\Program Files\Monte Cristo

2007-12-18 15:36 --------- d-----w H:\Program Files\Innonics

2007-12-18 10:20 --------- d-----w H:\Program Files\Empire Interactive

2007-12-17 22:50 --------- d-----w H:\Documents and Settings\All Users\Dane aplikacji\WEBREG

2007-12-17 22:39 --------- d-----w H:\Program Files\HP

2007-12-17 22:39 --------- d-----w H:\Program Files\Hewlett-Packard

2007-12-17 22:39 --------- d-----w H:\Program Files\Common Files\HP

2007-12-17 22:39 --------- d-----w H:\Program Files\Common Files\Hewlett-Packard

2007-12-17 22:39 --------- d-----w H:\Documents and Settings\All Users\Dane aplikacji\HP Product Assistant

2007-12-17 22:37 --------- d-----w H:\Documents and Settings\All Users\Dane aplikacji\Hewlett-Packard

2007-12-17 18:45 --------- d-----w H:\Program Files\CyberLink

2007-12-17 18:45 --------- d-----w H:\Documents and Settings\All Users\Dane aplikacji\CyberLink

2007-12-17 18:40 --------- d-----w H:\Program Files\Common Files\Ahead

2007-12-17 18:40 --------- d-----w H:\Program Files\Ahead

2007-12-17 18:39 --------- d-----w H:\Program Files\MarBit

2007-12-17 18:39 --------- d-----w H:\Program Files\K-Lite Codec Pack

2007-12-17 18:36 --------- d-----w H:\Program Files\Realtek

2007-12-17 18:30 --------- d-----w H:\Documents and Settings\w\Dane aplikacji\InstallShield

2007-12-17 18:18 315,392 ----a-w H:\WINDOWS\HideWin.exe

2007-12-17 17:56 --------- d-----w H:\Program Files\Usługi online

2007-12-04 13:04 837,496 ----a-w H:\WINDOWS\system32\aswBoot.exe

2007-12-04 12:54 95,608 ----a-w H:\WINDOWS\system32\AvastSS.scr

2007-11-07 09:29 723,968 ----a-w H:\WINDOWS\system32\lsasrv.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE~\Browser Helper Objects{0347C33E-8762-4905-BF09-768834316C61}]

2007-03-02 16:52 1298024 -ra------ H:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll

[HKEY_LOCAL_MACHINE~\Browser Helper Objects{053F9267-DC04-4294-A72C-58F732D338C0}]

2007-03-02 16:52 177768 -ra------ H:\Program Files\HP\Smart Web Printing\hpswp_framework.dll

[HKEY_LOCAL_MACHINE~\Browser Helper Objects{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]

2007-12-13 17:49 1185120 --a------ H:\Program Files\Winamp Toolbar\winamptb.dll

[HKEY_LOCAL_MACHINE~\Browser Helper Objects{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]

2007-12-02 15:13 394680 --a------ H:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A}

{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}

[HKEY_CLASSES_ROOT\clsid{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]

[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]

[HKEY_CLASSES_ROOT\TypeLib{538CD77C-BFDD-49b0-9562-77419CAB89D1}]

[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

“{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}”= H:\Program Files\Winamp Toolbar\winamptb.dll [2007-12-13 17:49 1185120]

[HKEY_CLASSES_ROOT\clsid{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]

[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]

[HKEY_CLASSES_ROOT\TypeLib{538CD77C-BFDD-49b0-9562-77419CAB89D1}]

[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“H:\WINDOWS\system32\ctfmon.exe” [2006-03-02 13:00 15360]

“Gadu-Gadu”=“H:\Program Files\Gadu-Gadu\gg.exe” [2007-11-14 11:54 2131392]

“ares”=“H:\Program Files\Ares\Ares.exe” [2007-05-04 01:32 961024]

“Komunikator”=“H:\Program Files\Tlen.pl\tlen.exe” [2007-12-07 11:16 6254592]

“Orb”=“H:\Program Files\Winamp Remote\bin\OrbTray.exe” [2007-12-18 02:02 471040]

“eMuleAutoStart”=“H:\Program Files\eMule\emule.exe” [2007-05-13 15:57 5308416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“RTHDCPL”=“RTHDCPL.EXE” [2007-07-05 09:08 16380416 H:\WINDOWS\RTHDCPL.exe]

“NeroFilterCheck”=“H:\WINDOWS\system32\NeroCheck.exe” [2001-07-09 10:50 155648]

“HP Software Update”=“H:\Program Files\HP\HP Software Update\HPWuSchd2.exe” [2007-03-11 21:34 49152]

“avast!”=“H:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2007-12-04 14:00 79224]

“WinampAgent”=“H:\Program Files\Winamp\winampa.exe” [2007-12-20 16:16 37376]

“SunJavaUpdateSched”=“H:\Program Files\Java\jre1.6.0_03\bin\jusched.exe” [2007-09-25 01:11 132496]

“BluetoothAuthenticationAgent”=“bthprops.cpl” [2006-03-02 13:00 110592 H:\WINDOWS\system32\bthprops.cpl]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“H:\WINDOWS\system32\CTFMON.EXE” [2006-03-02 13:00 15360]

H:\Documents and Settings\w\Menu Start\Programy\Autostart\

OpenOffice.org 2.3.lnk - H:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 22:57:56 393216]

H:\Documents and Settings\All Users\Menu Start\Programy\Autostart\

HP Digital Imaging Monitor.lnk - H:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 21:26:24 210520]

Microsoft Office.lnk - H:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 19:05:56 65588]

S3 gdrv;gdrv;H:\WINDOWS\gdrv.sys [2008-01-04 15:46]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{5e2acec6-accf-11dc-a0f7-001d7d218472}]

\Shell\AutoRun\command - EXPLORER.EXE

\Shell\explore\Command - EXPLORER.EXE

\Shell\open\Command - EXPLORER.EXE

.

Contents of the ‘Scheduled Tasks’ folder

“2008-02-06 22:13:15 H:\WINDOWS\Tasks\WebReg Deskjet F2100 series.job”

• H:\Program Files\HP\Digital Imaging\bin\hpqwrg.exe

.

**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-02-07 00:16:11

Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2008-02-07 0:16:32

ComboFix-quarantined-files.txt 2008-02-06 23:16:24

ComboFix2.txt 2008-02-06 22:56:28

.

2008-01-09 22:13:11 — E O F —

co to znaczy???

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED