prosba o sprawdzenie loga

[artibaj]

prosba o sprawdzenie loga z ComboFix

Kod: Zaznacz wszystko

ComboFix 08-04-15.4 - artibaj 2008-04-16 16:01:16.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1250.1.1045.18.871 [GMT 2:00]
Running from: C:\Documents and Settings\artibaj\Pulpit\ComboFix.exe
 * Created a new restore point

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\bqmkbokb.dll
C:\WINDOWS\system32\cqkntsuo.ini
C:\WINDOWS\system32\dmivfpeb.dll
C:\WINDOWS\system32\igafhlpj.dll
C:\WINDOWS\system32\iofultec.dll
C:\WINDOWS\system32\kdjkpgmm.dll
C:\WINDOWS\system32\kkhclbjv.ini
C:\WINDOWS\system32\lipkhhlt.dll
C:\WINDOWS\system32\lmrymobw.ini
C:\WINDOWS\system32\lojecmyi.dll
C:\WINDOWS\system32\lwiykkju.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\pmnnooo.dll
C:\WINDOWS\system32\tqyqoijc.dll
C:\WINDOWS\system32\utoylygy.ini
C:\WINDOWS\system32\utstv.ini
C:\WINDOWS\system32\utstv.ini2
C:\WINDOWS\system32\vtstu.dll
C:\WINDOWS\system32\ygylyotu.dll

.
(((((((((((((((((((((((((   Files Created from 2008-03-16 to 2008-04-16  )))))))))))))))))))))))))))))))
.

2008-04-15 10:16 . 2008-04-15 10:16   878   ---hs----   C:\WINDOWS\system32\borbbefl.ini
2008-04-15 09:49 . 2008-04-15 09:49   818   ---hs----   C:\WINDOWS\system32\qfvounie.ini
2008-04-14 22:29 . 2008-04-15 09:35   758   ---hs----   C:\WINDOWS\system32\dagpckwv.ini
2008-04-13 22:27 . 2008-04-14 15:13   1,050   ---hs----   C:\WINDOWS\system32\obfpedad.ini
2008-04-12 22:28 . 2008-04-13 09:44   698   ---hs----   C:\WINDOWS\system32\eyajsyph.ini
2008-04-12 12:45 . 2008-04-12 12:45   <DIR>   d--------   C:\Program Files\real
2008-04-12 12:45 . 2008-04-12 12:46   <DIR>   d--------   C:\Program Files\eread7.0
2008-04-11 22:30 . 2008-04-11 22:45   354   ---hs----   C:\WINDOWS\system32\butvwoei.ini
2008-04-10 22:23 . 2008-04-10 22:48   766   ---hs----   C:\WINDOWS\system32\brpkidfl.ini
2008-04-10 19:56 . 2008-04-10 19:56   <DIR>   d--------   C:\WINDOWS\ERUNT
2008-04-10 19:55 . 2008-04-16 16:04   <DIR>   d--h-----   C:\Documents and Settings\Administrator\Ustawienia lokalne
2008-04-10 19:55 . 2008-02-21 20:23   <DIR>   d--------   C:\Documents and Settings\Administrator\Ulubione
2008-04-10 19:55 . 2008-02-21 19:31   <DIR>   d--h-----   C:\Documents and Settings\Administrator\Szablony
2008-04-10 19:55 . 2008-04-16 16:06   <DIR>   d--------   C:\Documents and Settings\Administrator\Pulpit
2008-04-10 19:55 . 2008-02-21 20:23   <DIR>   d--------   C:\Documents and Settings\Administrator\Moje dokumenty
2008-04-10 19:55 . 2008-02-21 20:23   <DIR>   dr-------   C:\Documents and Settings\Administrator\Menu Start
2008-04-10 19:55 . 2008-02-21 20:23   <DIR>   dr-h-----   C:\Documents and Settings\Administrator\Dane aplikacji
2008-04-10 19:55 . 2008-04-10 19:55   <DIR>   d--------   C:\Documents and Settings\Administrator
2008-04-10 19:52 . 2008-04-10 20:14   <DIR>   d--------   C:\SDFix
2008-04-10 19:29 . 2008-04-10 19:29   <DIR>   d--------   C:\Program Files\Browser Hijack Recover
2008-04-10 19:29 . 2008-04-10 19:29   0   --a------   C:\WINDOWS\system32\8104297.jun
2008-04-10 19:24 . 2008-04-10 19:24   <DIR>   d--------   C:\Program Files\Trend Micro
2008-04-10 16:49 . 2008-04-10 16:49   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\Lavasoft
2008-04-10 16:48 . 2008-04-10 16:48   <DIR>   d--------   C:\Program Files\Common Files\Wise Installation Wizard
2008-04-10 16:22 . 2008-04-10 16:49   <DIR>   d--------   C:\Program Files\Lavasoft
2008-04-09 23:49 . 2008-04-09 23:49   <DIR>   d--------   C:\Program Files\PS Tray Factory
2008-04-09 23:04 . 2008-04-10 22:55   <DIR>   d--------   C:\Documents and Settings\artibaj\Dane aplikacji\Desktop Sidebar
2008-04-09 23:03 . 2008-04-09 23:03   <DIR>   d--------   C:\Program Files\Desktop Sidebar
2008-04-09 23:00 . 2008-04-09 23:00   <DIR>   d--------   C:\Program Files\Fic_Products
2008-04-09 19:00 . 2008-04-09 19:02   10,740   --a------   C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-04-09 19:00 . 2008-04-09 19:02   805   --a------   C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-04-09 18:37 . 2008-04-09 19:07   <DIR>   d--------   C:\Program Files\Norton Internet Security
2008-04-09 18:35 . 2008-04-09 19:02   123,952   --a------   C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-04-09 18:35 . 2008-04-09 19:02   60,800   --a------   C:\WINDOWS\system32\S32EVNT1.DLL
2008-04-09 18:34 . 2008-04-09 19:02   <DIR>   d--------   C:\Program Files\Symantec
2008-04-09 18:34 . 2008-04-12 12:47   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\Symantec
2008-04-09 17:12 . 2008-04-09 17:12   <DIR>   d--------   C:\WINDOWS\E80F62FF5D3C4A1984099721F2928206.TMP
2008-04-09 13:58 . 2008-04-09 13:58   <DIR>   d--------   C:\WINDOWS\NU_DATA
2008-04-09 10:08 . 2008-04-15 22:24   101,091   --a------   C:\WINDOWS\BM13dd5592.xml
2008-04-08 12:24 . 2004-08-03 23:08   26,496   --a--c---   C:\WINDOWS\system32\dllcache\usbstor.sys
2008-04-06 11:35 . 2008-04-06 11:36   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\FLEXnet
2008-04-06 11:30 . 2007-02-20 16:04   2,463,976   --a------   C:\WINDOWS\system32\NPSWF32.dll
2008-04-06 11:30 . 2007-02-20 16:04   190,696   --a------   C:\WINDOWS\system32\NPSWF32_FlashUtil.exe
2008-04-06 11:28 . 2008-04-06 11:28   <DIR>   d--------   C:\Program Files\Bonjour
2008-04-06 11:19 . 2008-04-06 11:19   <DIR>   d--------   C:\Program Files\Common Files\Macrovision Shared
2008-04-05 10:48 . 2006-06-18 17:09   13,824   --a------   C:\WINDOWS\system32\drivers\Amusbprt.sys
2008-04-05 10:48 . 2006-01-11 14:34   13,824   --a------   C:\WINDOWS\system32\drivers\Amps2prt.sys
2008-04-05 10:48 . 2006-04-11 13:56   10,240   --a------   C:\WINDOWS\system32\drivers\Arfumx86.sys
2008-04-05 10:48 . 2006-01-11 14:33   8,704   --a------   C:\WINDOWS\system32\drivers\Amfilter.sys
2008-04-03 15:18 . 2008-04-03 15:18   <DIR>   d--------   C:\Program Files\A4Tech
2008-04-03 15:18 . 2006-03-13 02:48   36,864   --a------   C:\WINDOWS\system32\Amhooker.dll
2008-04-02 11:06 . 2008-04-02 11:06   <DIR>   d--------   C:\Program Files\Mplayer
2008-04-02 11:03 . 2008-04-08 19:26   774   --a------   C:\WINDOWS\QIII.INI
2008-03-28 19:51 . 2008-03-28 19:51   <DIR>   d--------   C:\Program Files\Nstorm
2008-03-28 19:33 . 2004-03-29 17:23   90,112   --a------   C:\WINDOWS\unvise32.exe
2008-03-28 19:23 . 2008-03-28 19:23   <DIR>   d--------   C:\Program Files\Desktop
2008-03-28 16:47 . 2008-03-28 16:47   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\Thinstall
2008-03-28 16:26 . 2008-04-10 23:20   32   --a------   C:\WINDOWS\CD_Start.INI
2008-03-27 12:00 . 2008-04-12 16:06   69   --a------   C:\WINDOWS\NeroDigital.ini
2008-03-27 11:59 . 2001-09-05 14:36   30   --a------   C:\WINDOWS\Q3version.ini
2008-03-26 19:48 . 2008-03-26 19:48   <DIR>   d--------   C:\MxDownload
2008-03-26 19:48 . 2008-03-26 19:48   0   --a------   C:\WINDOWS\system32\cid_store.dat
2008-03-25 16:23 . 2008-04-06 11:29   <DIR>   d--------   C:\Program Files\Common Files\InstallShield
2008-03-24 22:16 . 2008-03-24 22:16   <DIR>   d--------   C:\Documents and Settings\artibaj\Dane aplikacji\Lost Marble
2008-03-21 21:03 . 2008-03-21 21:03   <DIR>   d--------   C:\ISFYZQVO.TWJ
2008-03-21 21:03 . 2008-03-21 21:03   66,336   --ah-----   C:\BEADCGEH
2008-03-21 20:59 . 2008-03-21 20:59   66,336   --ah-----   C:\BDDLBJAD
2008-03-21 20:32 . 2008-03-21 21:03   <DIR>   d--------   C:\QUAKE
2008-03-21 20:31 . 2008-03-21 20:31   66,336   --ah-----   C:\BDBPDAEJ
2008-03-21 20:29 . 1996-08-16 14:49   298,496   --a------   C:\WINDOWS\uninst.exe
2008-03-21 20:23 . 2008-03-21 20:23   <DIR>   d--------   C:\Documents and Settings\artibaj\WINDOWS
2008-03-16 15:32 . 2000-07-31 10:48   306,688   --a------   C:\WINDOWS\IsUninst.exe
2008-03-16 13:16 . 2008-03-16 15:51   902   --a------   C:\WINDOWS\EF.ini

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-16 14:04   ---------   d-----w   C:\Program Files\Common Files\Symantec Shared
2008-04-16 14:00   ---------   d-----w   C:\Documents and Settings\artibaj\Dane aplikacji\MxBoost
2008-04-16 13:59   ---------   d-----w   C:\Program Files\FlashGet
2008-04-16 13:30   ---------   d-----w   C:\Documents and Settings\artibaj\Dane aplikacji\The Bat!
2008-04-10 21:03   ---------   d---a-w   C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2008-04-10 21:02   ---------   d-----w   C:\Documents and Settings\artibaj\Dane aplikacji\Thinstall
2008-04-09 16:28   ---------   d-----w   C:\Program Files\Norton SystemWorks Premier
2008-04-06 09:28   ---------   d-----w   C:\Program Files\Common Files\Adobe
2008-04-02 12:18   ---------   d--h--w   C:\Program Files\InstallShield Installation Information
2008-03-26 20:13   ---------   d-----w   C:\Documents and Settings\artibaj\Dane aplikacji\BSplayer PRO
2008-03-14 13:15   ---------   d-----w   C:\Documents and Settings\artibaj\Dane aplikacji\Winamp
2008-03-08 21:44   ---------   d-----w   C:\Program Files\CFi
2008-02-28 15:49   ---------   d-----w   C:\Program Files\Webteh
2008-02-28 15:13   ---------   d-----w   C:\Program Files\BSPlayer
2008-02-26 17:01   ---------   d-----w   C:\Program Files\SubEdit-Player
2008-02-24 22:08   ---------   d-----w   C:\Documents and Settings\artibaj\Dane aplikacji\Kristanix Software
2008-02-24 21:22   ---------   d-----w   C:\Documents and Settings\artibaj\Dane aplikacji\Ulead Systems
2008-02-24 21:21   ---------   d-----w   C:\Program Files\Common Files\Ulead Systems
2008-02-24 21:21   ---------   d-----w   C:\Documents and Settings\All Users\Dane aplikacji\Ulead Systems
2008-02-23 17:47   ---------   d-----w   C:\Program Files\FontExplorerL.M
2008-02-23 15:13   ---------   d-----w   C:\Program Files\TC UP
2008-02-23 14:52   ---------   d-----w   C:\Program Files\Common Files\snp2std
2008-02-23 14:52   ---------   d-----w   C:\Documents and Settings\artibaj\Dane aplikacji\InstallShield
2008-02-22 22:57   ---------   d-----w   C:\Program Files\MSXML 4.0
2008-02-22 15:17   ---------   d-----w   C:\Program Files\Common Files\TechSmith Shared
2008-02-22 15:15   ---------   d-----w   C:\Program Files\QuickTime
2008-02-22 15:15   ---------   d-----w   C:\Program Files\Apple Software Update
2008-02-22 15:15   ---------   d-----w   C:\Documents and Settings\All Users\Dane aplikacji\Apple Computer
2008-02-22 15:15   ---------   d-----w   C:\Documents and Settings\All Users\Dane aplikacji\Apple
2008-02-22 15:01   ---------   d-----w   C:\Documents and Settings\All Users\Dane aplikacji\Adobe Systems
2008-02-22 15:00   ---------   d-----w   C:\Program Files\Common Files\Adobe Systems Shared
2008-02-22 14:49   ---------   d-----w   C:\Program Files\Common Files\Macromedia
2008-02-22 14:27   ---------   d-----w   C:\Program Files\PowerISO
2008-02-22 14:16   ---------   d-----w   C:\Documents and Settings\artibaj\Dane aplikacji\Helios
2008-02-22 14:15   ---------   d-----w   C:\Program Files\TextPad 5
2008-02-21 23:26   ---------   d-----w   C:\Program Files\The KMPlayer
2008-02-21 20:53   ---------   d-----w   C:\Program Files\Winamp
2008-02-21 20:52   ---------   d-----w   C:\Program Files\K-Lite Codec Pack
2008-02-21 20:51   72,748   ----a-w   C:\WINDOWS\unins000.exe
2008-02-21 20:51   ---------   d-----w   C:\Program Files\IrfanView
2008-02-21 20:50   ---------   d-----w   C:\Program Files\Lavalys
2008-02-21 20:50   ---------   d-----w   C:\Program Files\CDCheck
2008-02-21 20:48   ---------   d-----w   C:\Program Files\TweakNow PowerPack 2006
2008-02-21 20:48   ---------   d-----w   C:\Documents and Settings\artibaj\Dane aplikacji\TweakNow PowerPack
2008-02-21 20:46   ---------   d-----w   C:\Documents and Settings\artibaj\Dane aplikacji\HEXelon
2008-02-21 20:45   ---------   d-----w   C:\Program Files\SourceTec
2008-02-21 20:45   ---------   d-----w   C:\Program Files\Common Files\SourceTec
2008-02-21 20:44   ---------   d-----w   C:\Program Files\DVD Region+CSS Free
2008-02-21 20:43   ---------   d-----w   C:\Documents and Settings\artibaj\Dane aplikacji\Axialis
2008-02-21 20:42   ---------   d-----w   C:\Program Files\Axialis
2008-02-21 20:41   ---------   d-----w   C:\Documents and Settings\artibaj\Dane aplikacji\Nero
2008-02-21 20:40   ---------   d-----w   C:\Program Files\Common Files\Nero
2008-02-21 20:39   ---------   d-----w   C:\Program Files\Nero
2008-02-21 20:39   ---------   d-----w   C:\Documents and Settings\All Users\Dane aplikacji\Nero
2008-02-21 19:45   ---------   d-----w   C:\Program Files\Creative
2008-02-21 19:45   ---------   d-----w   C:\Documents and Settings\artibaj\Dane aplikacji\Creative
2008-02-21 19:42   ---------   d--h--w   C:\Program Files\Creative Installation Information
2008-02-21 19:40   ---------   d-----w   C:\Program Files\Common Files\Creative
2008-02-21 19:37   ---------   d-----w   C:\Program Files\Common Files\xInstallShield
2008-02-21 19:04   ---------   d-----w   C:\Program Files\BitLord
2008-02-21 18:49   ---------   d-----w   C:\Program Files\The Bat!
2008-02-21 18:29   ---------   d-----w   C:\Program Files\Stardock
2008-02-21 18:29   ---------   d-----w   C:\Program Files\Common Files\Stardock
2008-02-21 18:25   ---------   d-----w   C:\Program Files\Maxthon2
2008-02-21 18:15   ---------   d-----w   C:\Program Files\DAEMON Tools Pro
2008-02-21 17:50   ---------   d-----w   C:\Documents and Settings\All Users\Dane aplikacji\nView_Profiles
2008-02-21 17:47   ---------   d-----w   C:\Program Files\MagicISO
2008-02-21 17:46   ---------   d-----w   C:\Documents and Settings\artibaj\Dane aplikacji\DAEMON Tools Pro
2008-02-21 17:43   685,816   ----a-w   C:\WINDOWS\system32\drivers\sptd.sys
2008-02-21 17:36   ---------   d-----w   C:\Program Files\microsoft frontpage
2008-02-21 17:34   ---------   d-----w   C:\Program Files\Usługi online
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{24F06550-65E3-4D1C-8CFE-839C296B5530}]
2007-06-28 17:25   57344   --a------   C:\Program Files\eread7.0\IEeREAD.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6A19C29D-ED45-4483-8999-9F939C8161F2}]
2008-03-10 12:08   81920   --a------   C:\Program Files\eread7.0\WebHook.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\CFi]
@={2DBD5D71-CBB7-41D1-B170-511646B170BD}

[HKEY_CLASSES_ROOT\CLSID\{2DBD5D71-CBB7-41D1-B170-511646B170BD}]
2008-02-25 16:22   55296   --a------   C:\PROGRA~1\CFi\SHELLT~1\CFiShlJP.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]
"nwiz"="nwiz.exe" [2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920]
"CTSysVol"="C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 11:51 57344]
"P17Helper"="P17.dll" [2005-05-03 13:38 64512 C:\WINDOWS\system32\P17.dll]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 02:00 90112]
"FixCamera"="C:\WINDOWS\FixCamera.exe" [2007-02-12 15:50 20480]
"iKeyWorks"="C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe" [2006-04-09 19:31 61440]
"WheelMouse"="C:\Program Files\A4Tech\Mouse\Amoumain.exe" [2006-06-21 21:45 200704]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-09-03 02:04 84640]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2006-09-05 20:22 26248]
"TrayFactory"="C:\Program Files\PS Tray Factory\PSTrayFactory.exe" [2006-12-16 15:57 425472]
"PWRISOVM.EXE"="C:\Documents and Settings\Default User\Local Settings\Temp\cxxxSy76ad\PWRISOVM.EXE" [2008-01-20 10:05 217088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"TrayFactory"="C:\Program Files\PS Tray Factory\PSTrayFactory.exe" [2006-12-16 15:57 425472]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:44 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoBandCustomize"= 0 (0x0)
"NoToolbarCustomize"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MaxRecentDocs"= 11 (0xb)
"NoStartMenuMFUprogramsList"= 0 (0x0)
"NoBandCustomize"= 0 (0x0)
"NoToolbarCustomize"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= C:\PROGRA~1\DVDREG~1\DVDShell.dll [2004-10-09 16:18 49152]
"{067B597C-C099-4A08-A180-E5FEC5DCF2DF}"= C:\PROGRA~1\CFi\SHELLT~1\CFiShlEx.dll [2008-02-25 16:22 43008]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnnooo]
pmnnooo.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=

R1 VD_FileDisk;VD_FileDisk;C:\WINDOWS\system32\drivers\VD_FileDisk.sys [2006-01-13 15:00]
R2 Harmonogram automatycznej usługi LiveUpdate;Harmonogram automatycznej usługi LiveUpdate;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2006-09-13 15:54]
R3 Arfumdev;A4Tech USB Port RF-Mouse filter driver;C:\WINDOWS\system32\DRIVERS\Arfumx86.sys [2006-04-11 13:56]
R3 SNP2STD;USB2.0 PC Camera (SNP2STD);C:\WINDOWS\system32\DRIVERS\snp2sxp.sys [2007-05-22 11:55]

*Newly Created Service* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{0DA3B9B7-3DB5-97A1-DA31-969D6950BB42}]
C:\WINDOWS\system32:winsock32.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-03-20 12:33:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-11 18:00:12 C:\WINDOWS\Tasks\Norton Internet Security - Uruchom pełne skanowanie systemu - artibaj.job"


[huber2t]

Pobierz ComboFix, ale nie uruchamiaj
Wklej do notatnika:

Kod: Zaznacz wszystko

File::
C:\WINDOWS\system32\borbbefl.ini
C:\WINDOWS\system32\qfvounie.ini
C:\WINDOWS\system32\dagpckwv.ini
C:\WINDOWS\system32\obfpedad.ini
C:\WINDOWS\system32\eyajsyph.ini
C:\WINDOWS\system32\butvwoei.ini
C:\WINDOWS\system32\brpkidfl.ini
C:\WINDOWS\system32\8104297.jun
C:\WINDOWS\E80F62FF5D3C4A1984099721F2928206.TMP

Folder::
C:\ISFYZQVO.TWJ
C:\BDBPDAEJ
C:\BDDLBJAD
C:\BEADCGEH

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnnooo]


Plik zapisz jako CFScript.txt (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe)
Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe tak jak tu

Powinno się rozpocząć usuwanie i powstanie log, daj ten log na forum.
Jeśli wszystko pójdzie dobrze, to po restarcie usuń ręcznie folder C: \Qoobox

[artibaj]

teraz nie dzialaja mi zewnetzre programy do pobierania plikow

jak klikam sciagnij za pomoca FlashGeta nic sie nie dzieje
tak samo jak chce zapisac pliki .swf za pomoca SWF Catcher

[huber2t]

Daj log z usuwania z combofix

[artibaj]

Kod: Zaznacz wszystko

ComboFix 08-04-15.4 - artibaj 2008-04-20 17:44:55.3 - NTFSx86
Running from: C:\Documents and Settings\artibaj\Pulpit\ComboFix.exe

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

(((((((((((((((((((((((((   Files Created from 2008-03-20 to 2008-04-20  )))))))))))))))))))))))))))))))
.

2008-04-20 12:59 . 2008-04-20 12:59   <DIR>   d--------   C:\Program Files\Opera
2008-04-20 12:49 . 2008-04-20 12:49   <DIR>   d--------   C:\Documents and Settings\Administrator\Dane aplikacji\MxBoost
2008-04-20 12:49 . 2008-04-20 12:50   664   --a------   C:\WINDOWS\system32\d3d9caps.dat
2008-04-20 12:40 . 2008-04-20 12:40   673,610   --a------   C:\WINDOWS\unins001.exe
2008-04-20 12:40 . 2008-04-20 12:40   1,993   --a------   C:\WINDOWS\unins001.dat
2008-04-20 11:02 . 2008-04-20 11:02   230   --a------   C:\WINDOWS\system32\spupdsvc.inf
2008-04-20 10:34 . 2008-04-20 10:37   <DIR>   d--------   C:\Program Files\Google
2008-04-20 10:33 . 2008-04-20 13:46   <DIR>   d--------   C:\Program Files\FlashGet
2008-04-20 01:49 . 2008-04-20 11:04   <DIR>   d--------   C:\WINDOWS\system32\pl-pl
2008-04-20 01:41 . 2007-07-01 05:31   2,455,488   -----c---   C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-04-20 01:41 . 2007-07-01 05:36   1,036,288   -----c---   C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-04-20 01:41 . 2008-03-01 15:02   459,264   -----c---   C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-04-20 01:41 . 2008-03-01 15:02   267,776   -----c---   C:\WINDOWS\system32\dllcache\iertutil.dll
2008-04-20 01:41 . 2008-03-01 15:02   63,488   -----c---   C:\WINDOWS\system32\dllcache\icardie.dll
2008-04-20 01:41 . 2008-03-01 15:02   52,224   -----c---   C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-04-20 01:41 . 2008-02-22 12:00   13,824   -----c---   C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-20 01:40 . 2008-03-01 15:02   6,066,176   -----c---   C:\WINDOWS\system32\dllcache\ieframe.dll
2008-04-20 01:40 . 2008-03-01 15:02   383,488   -----c---   C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-04-20 01:22 . 2008-04-20 10:00   <DIR>   d--------   C:\Program Files\IDA
2008-04-20 01:22 . 2008-04-20 01:23   <DIR>   d--------   C:\Documents and Settings\artibaj\Dane aplikacji\Internet Download Accelerator
2008-04-20 00:53 . 2008-04-20 13:24   54,156   --ah-----   C:\WINDOWS\QTFont.qfn
2008-04-20 00:53 . 2008-04-20 00:53   1,409   --a------   C:\WINDOWS\QTFont.for
2008-04-18 10:40 . 2006-09-06 00:03   3,968   --a------   C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-04-18 10:34 . 2008-04-18 10:34   140   --a------   C:\WINDOWS\winamp.ini
2008-04-18 10:34 . 2008-04-18 10:34   83   --a------   C:\WINDOWS\wow.cfg
2008-04-15 10:16 . 2008-04-15 10:16   878   ---hs----   C:\WINDOWS\system32\borbbefl.ini
2008-04-15 09:49 . 2008-04-15 09:49   818   ---hs----   C:\WINDOWS\system32\qfvounie.ini
2008-04-14 22:29 . 2008-04-15 09:35   758   ---hs----   C:\WINDOWS\system32\dagpckwv.ini
2008-04-13 22:27 . 2008-04-14 15:13   1,050   ---hs----   C:\WINDOWS\system32\obfpedad.ini
2008-04-12 22:28 . 2008-04-13 09:44   698   ---hs----   C:\WINDOWS\system32\eyajsyph.ini
2008-04-12 12:45 . 2008-04-12 12:45   <DIR>   d--------   C:\Program Files\real
2008-04-12 12:45 . 2008-04-12 12:46   <DIR>   d--------   C:\Program Files\eread7.0
2008-04-11 22:30 . 2008-04-11 22:45   354   ---hs----   C:\WINDOWS\system32\butvwoei.ini
2008-04-10 22:23 . 2008-04-10 22:48   766   ---hs----   C:\WINDOWS\system32\brpkidfl.ini
2008-04-10 19:56 . 2008-04-10 19:56   <DIR>   d--------   C:\WINDOWS\ERUNT
2008-04-10 19:55 . 2008-04-20 17:46   <DIR>   d--h-----   C:\Documents and Settings\Administrator\Ustawienia lokalne
2008-04-10 19:55 . 2008-04-20 12:50   <DIR>   d--------   C:\Documents and Settings\Administrator\Ulubione
2008-04-10 19:55 . 2008-02-21 19:31   <DIR>   d--h-----   C:\Documents and Settings\Administrator\Szablony
2008-04-10 19:55 . 2008-04-20 12:50   <DIR>   d--------   C:\Documents and Settings\Administrator\Pulpit
2008-04-10 19:55 . 2008-02-21 20:23   <DIR>   d--------   C:\Documents and Settings\Administrator\Moje dokumenty
2008-04-10 19:55 . 2008-02-21 20:23   <DIR>   dr-------   C:\Documents and Settings\Administrator\Menu Start
2008-04-10 19:55 . 2008-04-20 12:49   <DIR>   dr-h-----   C:\Documents and Settings\Administrator\Dane aplikacji
2008-04-10 19:55 . 2008-04-10 19:55   <DIR>   d--------   C:\Documents and Settings\Administrator
2008-04-10 19:52 . 2008-04-10 20:14   <DIR>   d--------   C:\SDFix
2008-04-10 19:29 . 2008-04-10 19:29   <DIR>   d--------   C:\Program Files\Browser Hijack Recover
2008-04-10 19:29 . 2008-04-10 19:29   0   --a------   C:\WINDOWS\system32\8104297.jun
2008-04-10 19:24 . 2008-04-10 19:24   <DIR>   d--------   C:\Program Files\Trend Micro
2008-04-10 16:49 . 2008-04-10 16:49   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\Lavasoft
2008-04-10 16:48 . 2008-04-10 16:48   <DIR>   d--------   C:\Program Files\Common Files\Wise Installation Wizard
2008-04-10 16:22 . 2008-04-10 16:49   <DIR>   d--------   C:\Program Files\Lavasoft
2008-04-09 23:49 . 2008-04-09 23:49   <DIR>   d--------   C:\Program Files\PS Tray Factory
2008-04-09 23:04 . 2008-04-17 00:29   <DIR>   d--------   C:\Documents and Settings\artibaj\Dane aplikacji\Desktop Sidebar
2008-04-09 23:03 . 2008-04-09 23:03   <DIR>   d--------   C:\Program Files\Desktop Sidebar
2008-04-09 23:00 . 2008-04-09 23:00   <DIR>   d--------   C:\Program Files\Fic_Products
2008-04-09 19:00 . 2008-04-09 19:02   10,740   --a------   C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-04-09 19:00 . 2008-04-09 19:02   805   --a------   C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-04-09 18:37 . 2008-04-09 19:07   <DIR>   d--------   C:\Program Files\Norton Internet Security
2008-04-09 18:35 . 2008-04-09 19:02   123,952   --a------   C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-04-09 18:35 . 2008-04-09 19:02   60,800   --a------   C:\WINDOWS\system32\S32EVNT1.DLL
2008-04-09 18:34 . 2008-04-09 19:02   <DIR>   d--------   C:\Program Files\Symantec
2008-04-09 18:34 . 2008-04-20 11:17   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\Symantec
2008-04-09 17:12 . 2008-04-09 17:12   <DIR>   d--------   C:\WINDOWS\E80F62FF5D3C4A1984099721F2928206.TMP
2008-04-09 13:58 . 2008-04-09 13:58   <DIR>   d--------   C:\WINDOWS\NU_DATA
2008-04-09 10:08 . 2008-04-15 22:24   101,091   --a------   C:\WINDOWS\BM13dd5592.xml
2008-04-08 12:24 . 2004-08-03 23:08   26,496   --a--c---   C:\WINDOWS\system32\dllcache\usbstor.sys
2008-04-06 11:35 . 2008-04-06 11:36   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\FLEXnet
2008-04-06 11:30 . 2007-02-20 16:04   2,463,976   --a------   C:\WINDOWS\system32\NPSWF32.dll
2008-04-06 11:30 . 2007-02-20 16:04   190,696   --a------   C:\WINDOWS\system32\NPSWF32_FlashUtil.exe
2008-04-06 11:28 . 2008-04-06 11:28   <DIR>   d--------   C:\Program Files\Bonjour
2008-04-06 11:19 . 2008-04-06 11:19   <DIR>   d--------   C:\Program Files\Common Files\Macrovision Shared
2008-04-05 10:48 . 2006-06-18 17:09   13,824   --a------   C:\WINDOWS\system32\drivers\Amusbprt.sys
2008-04-05 10:48 . 2006-01-11 14:34   13,824   --a------   C:\WINDOWS\system32\drivers\Amps2prt.sys
2008-04-05 10:48 . 2006-04-11 13:56   10,240   --a------   C:\WINDOWS\system32\drivers\Arfumx86.sys
2008-04-05 10:48 . 2006-01-11 14:33   8,704   --a------   C:\WINDOWS\system32\drivers\Amfilter.sys
2008-04-03 15:18 . 2008-04-03 15:18   <DIR>   d--------   C:\Program Files\A4Tech
2008-04-03 15:18 . 2006-03-13 02:48   36,864   --a------   C:\WINDOWS\system32\Amhooker.dll
2008-04-02 11:06 . 2008-04-02 11:06   <DIR>   d--------   C:\Program Files\Mplayer
2008-04-02 11:03 . 2008-04-08 19:26   774   --a------   C:\WINDOWS\QIII.INI
2008-03-28 19:51 . 2008-03-28 19:51   <DIR>   d--------   C:\Program Files\Nstorm
2008-03-28 19:33 . 2004-03-29 17:23   90,112   --a------   C:\WINDOWS\unvise32.exe
2008-03-28 19:23 . 2008-03-28 19:23   <DIR>   d--------   C:\Program Files\Desktop
2008-03-28 16:47 . 2008-03-28 16:47   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\Thinstall
2008-03-28 16:26 . 2008-04-10 23:20   32   --a------   C:\WINDOWS\CD_Start.INI
2008-03-27 12:00 . 2008-04-18 11:59   69   --a------   C:\WINDOWS\NeroDigital.ini
2008-03-27 11:59 . 2001-09-05 14:36   30   --a------   C:\WINDOWS\Q3version.ini
2008-03-26 19:48 . 2008-03-26 19:48   <DIR>   d--------   C:\MxDownload
2008-03-26 19:48 . 2008-03-26 19:48   0   --a------   C:\WINDOWS\system32\cid_store.dat
2008-03-25 16:23 . 2008-04-06 11:29   <DIR>   d--------   C:\Program Files\Common Files\InstallShield
2008-03-24 22:16 . 2008-03-24 22:16   <DIR>   d--------   C:\Documents and Settings\artibaj\Dane aplikacji\Lost Marble
2008-03-21 21:03 . 2008-03-21 21:03   <DIR>   d--------   C:\ISFYZQVO.TWJ
2008-03-21 21:03 . 2008-03-21 21:03   66,336   --ah-----   C:\BEADCGEH
2008-03-21 20:59 . 2008-03-21 20:59   66,336   --ah-----   C:\BDDLBJAD
2008-03-21 20:32 . 2008-03-21 21:03   <DIR>   d--------   C:\QUAKE
2008-03-21 20:31 . 2008-03-21 20:31   66,336   --ah-----   C:\BDBPDAEJ
2008-03-21 20:29 . 1996-08-16 14:49   298,496   --a------   C:\WINDOWS\uninst.exe
2008-03-21 20:23 . 2008-03-21 20:23   <DIR>   d--------   C:\Documents and Settings\artibaj\WINDOWS

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-20 15:40   ---------   d-----w   C:\Documents and Settings\artibaj\Dane aplikacji\MxBoost
2008-04-20 15:32   ---------   d-----w   C:\Documents and Settings\artibaj\Dane aplikacji\The Bat!
2008-04-20 11:12   ---------   d-----w   C:\Program Files\Common Files\Symantec Shared
2008-04-20 08:33   ---------   d-----w   C:\Program Files\FlashGet1
2008-04-19 22:41   ---------   d-----w   C:\Program Files\Maxthon2
2008-04-10 21:03   ---------   d---a-w   C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2008-04-10 21:02   ---------   d-----w   C:\Documents and Settings\artibaj\Dane aplikacji\Thinstall
2008-04-09 16:28   ---------   d-----w   C:\Program Files\Norton SystemWorks Premier
2008-04-06 09:28   ---------   d-----w   C:\Program Files\Common Files\Adobe
2008-04-02 12:18   ---------   d--h--w   C:\Program Files\InstallShield Installation Information
2008-03-26 20:13   ---------   d-----w   C:\Documents and Settings\artibaj\Dane aplikacji\BSplayer PRO
2008-03-20 08:09   1,845,504   ----a-w   C:\WINDOWS\system32\win32k.sys
2008-03-14 13:15   ---------   d-----w   C:\Documents and Settings\artibaj\Dane aplikacji\Winamp
2008-03-08 21:44   ---------   d-----w   C:\Program Files\CFi
2008-02-28 15:49   ---------   d-----w   C:\Program Files\Webteh
2008-02-28 15:13   ---------   d-----w   C:\Program Files\BSPlayer
2008-02-26 17:01   ---------   d-----w   C:\Program Files\SubEdit-Player
2008-02-24 22:08   ---------   d-----w   C:\Documents and Settings\artibaj\Dane aplikacji\Kristanix Software
2008-02-24 21:22   ---------   d-----w   C:\Documents and Settings\artibaj\Dane aplikacji\Ulead Systems
2008-02-24 21:21   ---------   d-----w   C:\Program Files\Common Files\Ulead Systems
2008-02-24 21:21   ---------   d-----w   C:\Documents and Settings\All Users\Dane aplikacji\Ulead Systems
2008-02-23 17:47   ---------   d-----w   C:\Program Files\FontExplorerL.M
2008-02-23 15:13   ---------   d-----w   C:\Program Files\TC UP
2008-02-23 14:52   ---------   d-----w   C:\Program Files\Common Files\snp2std
2008-02-23 14:52   ---------   d-----w   C:\Documents and Settings\artibaj\Dane aplikacji\InstallShield
2008-02-22 22:57   ---------   d-----w   C:\Program Files\MSXML 4.0
2008-02-22 15:17   ---------   d-----w   C:\Program Files\Common Files\TechSmith Shared
2008-02-22 15:15   ---------   d-----w   C:\Program Files\QuickTime
2008-02-22 15:15   ---------   d-----w   C:\Program Files\Apple Software Update
2008-02-22 15:15   ---------   d-----w   C:\Documents and Settings\All Users\Dane aplikacji\Apple Computer
2008-02-22 15:15   ---------   d-----w   C:\Documents and Settings\All Users\Dane aplikacji\Apple
2008-02-22 15:01   ---------   d-----w   C:\Documents and Settings\All Users\Dane aplikacji\Adobe Systems
2008-02-22 15:00   ---------   d-----w   C:\Program Files\Common Files\Adobe Systems Shared
2008-02-22 14:49   ---------   d-----w   C:\Program Files\Common Files\Macromedia
2008-02-22 14:27   ---------   d-----w   C:\Program Files\PowerISO
2008-02-22 14:16   ---------   d-----w   C:\Documents and Settings\artibaj\Dane aplikacji\Helios
2008-02-22 14:15   ---------   d-----w   C:\Program Files\TextPad 5
2008-02-21 23:26   ---------   d-----w   C:\Program Files\The KMPlayer
2008-02-21 20:53   ---------   d-----w   C:\Program Files\Winamp
2008-02-21 20:52   ---------   d-----w   C:\Program Files\K-Lite Codec Pack
2008-02-21 20:51   72,748   ----a-w   C:\WINDOWS\unins000.exe
2008-02-21 20:51   ---------   d-----w   C:\Program Files\IrfanView
2008-02-21 20:50   ---------   d-----w   C:\Program Files\Lavalys
2008-02-21 20:50   ---------   d-----w   C:\Program Files\CDCheck
2008-02-21 20:48   ---------   d-----w   C:\Program Files\TweakNow PowerPack 2006
2008-02-21 20:48   ---------   d-----w   C:\Documents and Settings\artibaj\Dane aplikacji\TweakNow PowerPack
2008-02-21 20:46   ---------   d-----w   C:\Documents and Settings\artibaj\Dane aplikacji\HEXelon
2008-02-21 20:45   ---------   d-----w   C:\Program Files\SourceTec
2008-02-21 20:45   ---------   d-----w   C:\Program Files\Common Files\SourceTec
2008-02-21 20:44   ---------   d-----w   C:\Program Files\DVD Region+CSS Free
2008-02-21 20:43   ---------   d-----w   C:\Documents and Settings\artibaj\Dane aplikacji\Axialis
2008-02-21 20:42   ---------   d-----w   C:\Program Files\Axialis
2008-02-21 20:41   ---------   d-----w   C:\Documents and Settings\artibaj\Dane aplikacji\Nero
2008-02-21 20:40   ---------   d-----w   C:\Program Files\Common Files\Nero
2008-02-21 20:39   ---------   d-----w   C:\Program Files\Nero
2008-02-21 20:39   ---------   d-----w   C:\Documents and Settings\All Users\Dane aplikacji\Nero
2008-02-21 19:45   ---------   d-----w   C:\Program Files\Creative
2008-02-21 19:45   ---------   d-----w   C:\Documents and Settings\artibaj\Dane aplikacji\Creative
2008-02-21 19:42   ---------   d--h--w   C:\Program Files\Creative Installation Information
2008-02-21 19:40   ---------   d-----w   C:\Program Files\Common Files\Creative
2008-02-21 19:37   ---------   d-----w   C:\Program Files\Common Files\xInstallShield
2008-02-21 19:04   ---------   d-----w   C:\Program Files\BitLord
2008-02-21 18:49   ---------   d-----w   C:\Program Files\The Bat!
2008-02-21 18:29   ---------   d-----w   C:\Program Files\Stardock
2008-02-21 18:29   ---------   d-----w   C:\Program Files\Common Files\Stardock
2008-02-21 18:15   ---------   d-----w   C:\Program Files\DAEMON Tools Pro
2008-02-21 17:50   ---------   d-----w   C:\Documents and Settings\All Users\Dane aplikacji\nView_Profiles
2008-02-21 17:47   ---------   d-----w   C:\Program Files\MagicISO
2008-02-21 17:46   ---------   d-----w   C:\Documents and Settings\artibaj\Dane aplikacji\DAEMON Tools Pro
2008-02-21 17:43   685,816   ----a-w   C:\WINDOWS\system32\drivers\sptd.sys
2008-02-21 17:36   ---------   d-----w   C:\Program Files\microsoft frontpage
2008-02-21 17:34   ---------   d-----w   C:\Program Files\Usługi online
2008-02-20 06:51   282,624   ----a-w   C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:38   45,568   ----a-w   C:\WINDOWS\system32\dnsrslvr.dll
2008-02-16 09:05   662,016   ----a-w   C:\WINDOWS\system32\wininet.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\CFi]
@={2DBD5D71-CBB7-41D1-B170-511646B170BD}

[HKEY_CLASSES_ROOT\CLSID\{2DBD5D71-CBB7-41D1-B170-511646B170BD}]
2008-02-25 16:22   55296   --a------   C:\PROGRA~1\CFi\SHELLT~1\CFiShlJP.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]
"Internet Download Accelerator"="C:\Program Files\IDA\ida.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-04-20 10:35 171448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]
"nwiz"="nwiz.exe" [2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920]
"CTSysVol"="C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 11:51 57344]
"P17Helper"="P17.dll" [2005-05-03 13:38 64512 C:\WINDOWS\system32\P17.dll]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 02:00 90112]
"iKeyWorks"="C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe" [2006-04-09 19:31 61440]
"WheelMouse"="C:\Program Files\A4Tech\Mouse\Amoumain.exe" [2006-06-21 21:45 200704]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-09-03 02:04 84640]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-02-01 00:13 385024]
"TrayFactory"="C:\Program Files\PS Tray Factory\PSTrayFactory.exe" [2006-12-16 15:57 425472]
"Flashget"="C:\Program Files\FlashGet\flashget.exe" [2007-09-25 10:10 2007088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"TrayFactory"="C:\Program Files\PS Tray Factory\PSTrayFactory.exe" [2006-12-16 15:57 425472]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:44 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoBandCustomize"= 0 (0x0)
"NoToolbarCustomize"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MaxRecentDocs"= 11 (0xb)
"NoStartMenuMFUprogramsList"= 0 (0x0)
"NoBandCustomize"= 0 (0x0)
"NoToolbarCustomize"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= C:\PROGRA~1\DVDREG~1\DVDShell.dll [2004-10-09 16:18 49152]
"{067B597C-C099-4A08-A180-E5FEC5DCF2DF}"= C:\PROGRA~1\CFi\SHELLT~1\CFiShlEx.dll [2008-02-25 16:22 43008]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnnooo]
pmnnooo.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\senscfg32]
senscfg32.dll 2004-08-01 10:03 8192 C:\WINDOWS\system32\senscfg32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\FlashGet\\FlashGet.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4815:TCP"= 4815:TCP:messenger

*Newly Created Service* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{0DA3B9B7-3DB5-97A1-DA31-969D6950BB42}]
C:\WINDOWS\system32:winsock32.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-03-20 12:33:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-18 18:01:11 C:\WINDOWS\Tasks\Norton Internet Security - Uruchom pełne skanowanie systemu - artibaj.job"
- C:\PROGRA~1\NORTON~2\NORTON~1\Navw32.exef/TASK:
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-20 17:46:13
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-20 17:46:58
ComboFix-quarantined-files.txt  2008-04-20 15:46:46
ComboFix2.txt  2008-04-20 15:39:58

Pre-Run: 7,204,425,728 bajtów wolnych
Post-Run: 7,195,779,072 bajtów wolnych
.
2008-04-10 22:25:28   --- E O F --- 


[huber2t]

Pobierz ComboFix, ale nie uruchamiaj
Wklej do notatnika:

Kod: Zaznacz wszystko

File::
C:\WINDOWS\system32\borbbefl.ini
C:\WINDOWS\system32\qfvounie.ini
C:\WINDOWS\system32\dagpckwv.ini
C:\WINDOWS\system32\obfpedad.ini
C:\WINDOWS\system32\eyajsyph.ini
C:\WINDOWS\system32\butvwoei.ini
C:\WINDOWS\system32\brpkidfl.ini
C:\WINDOWS\system32\8104297.jun
C:\ISFYZQVO.TWJ
C:\BEADCGEH
C:\BDDLBJAD
C:\QUAKE
C:\BDBPDAEJ

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnnooo]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\senscfg32]


Plik zapisz jako CFScript.txt (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe)
Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe tak jak tu

Powinno się rozpocząć usuwanie i powstanie log, daj ten log na forum.

[artibaj]

juz wszytsko dziala
WIELKIE DZIEKI !!!!

[MANY]

ComboFix 08-04-18.3 - BOCHAT 2008-04-20 18:26:11.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.112 [GMT 2:00]
Running from: C:\Documents and Settings\BOCHAT\Pulpit\ComboFix.exe
Command switches used :: C:\Documents and Settings\BOCHAT\Pulpit\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-03-20 to 2008-04-20 )))))))))))))))))))))))))))))))
.

2008-04-20 17:25 . 2008-04-20 17:25 427 --a------ C:\WINDOWS\ODBC.INI
2008-04-20 17:23 . 2008-04-20 17:24 <DIR> d-------- C:\WINDOWS\ShellNew
2008-04-20 17:11 . 2008-04-20 17:11 754 --a------ C:\WINDOWS\WORDPAD.INI
2008-04-20 00:11 . 2008-04-20 00:11 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-04-19 23:59 . 2008-04-19 23:59 <DIR> d-------- C:\Program Files\MalwareBell
2008-04-19 22:41 . 2008-04-19 22:41 <DIR> d-------- C:\Program Files\Alwil Software
2008-04-19 22:38 . 2008-04-19 22:38 <DIR> d-------- C:\Program Files\Lavasoft
2008-04-19 22:38 . 2008-04-19 23:08 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Lavasoft
2008-04-19 22:37 . 2008-04-19 22:37 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-19 21:44 . 2008-04-19 22:05 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\F-Secure
2008-04-19 21:37 . 2008-04-19 21:43 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\fssg
2008-04-19 20:51 . 2008-04-19 20:51 <DIR> d-------- C:\Documents and Settings\BOCHAT\Dane aplikacji\ispnews
2008-04-19 19:46 . 2008-04-19 19:46 <DIR> d-------- C:\Documents and Settings\BOCHAT\Dane aplikacji\TmpRecentIcons
2008-04-19 19:09 . 2008-04-19 19:09 <DIR> d-------- C:\Program Files\VirusIsolator
2008-04-19 18:28 . 2008-04-19 12:39 188,416 --a------ C:\WINDOWS\vadokmxt.dll
2008-04-19 18:28 . 2008-04-19 12:39 155,648 --a------ C:\WINDOWS\dpevflbg.dll
2008-04-19 18:28 . 2008-04-19 12:39 98,304 --a------ C:\WINDOWS\wxvgsdbq.exe
2008-04-19 18:28 . 2008-04-19 12:39 94,208 --a------ C:\WINDOWS\olgdqarf.exe
2008-04-08 23:11 . 1998-10-07 12:54 327,168 --a------ C:\WINDOWS\IsUn0415.exe
2008-04-03 15:38 . 2008-04-03 15:39 <DIR> d-------- C:\cs
2008-04-03 15:35 . 2008-04-03 15:36 <DIR> d-------- C:\cstrike
2008-03-30 23:47 . 2008-03-30 23:47 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2008-03-30 23:40 . 2008-03-30 23:40 <DIR> d-------- C:\Documents and Settings\BOCHAT\Dane aplikacji\DAEMON Tools
2008-03-30 23:40 . 2008-03-30 23:40 716,272 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-03-30 23:27 . 2006-04-29 14:25 40,960 --a------ C:\WINDOWS\system32\psfind.dll
2008-03-29 15:40 . 2008-02-22 03:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-03-29 15:39 . 2008-03-29 15:40 <DIR> d-------- C:\Program Files\Java
2008-03-29 15:38 . 2008-03-29 15:38 <DIR> d-------- C:\Program Files\Common Files\Java
2008-03-24 17:24 . 2008-03-24 17:24 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-03-24 17:24 . 2008-04-18 22:04 107,832 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2008-03-24 17:24 . 2008-03-24 17:24 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2008-03-24 17:24 . 2008-04-18 22:04 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-03-24 15:14 . 2008-03-24 15:14 <DIR> d-------- C:\WINDOWS\Server CFG Creator
2008-03-24 15:14 . 2008-03-24 15:14 <DIR> d-------- C:\Program Files\mnProjects
2008-03-20 01:00 . 2008-04-03 15:23 <DIR> d-------- C:\Program Files\Counter-Strike 1.6

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-19 21:07 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-04-19 20:11 --------- d-----w C:\Program Files\F-Secure Internet Security
2008-04-19 16:59 --------- d-----w C:\Program Files\AskTBar
2008-04-19 15:05 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-03 20:27 --------- d-----w C:\Documents and Settings\BOCHAT\Dane aplikacji\teamspeak2
2008-03-26 18:56 --------- d-----w C:\Documents and Settings\BOCHAT\Dane aplikacji\Skype
2008-03-26 16:28 --------- d-----w C:\Documents and Settings\BOCHAT\Dane aplikacji\skypePM
2008-03-19 19:15 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Logishrd
2008-03-19 19:10 --------- d-----w C:\Program Files\Common Files\LogiShrd
2008-03-19 19:07 --------- d-----w C:\Program Files\Logitech
2008-03-14 19:47 21,840 ----atw C:\WINDOWS\system32\SIntfNT.dll
2008-03-14 19:47 17,212 ----atw C:\WINDOWS\system32\SIntf32.dll
2008-03-14 19:47 12,067 ----atw C:\WINDOWS\system32\SIntf16.dll
2008-03-09 21:01 --------- d-----w C:\Documents and Settings\BOCHAT\Dane aplikacji\InstallShield
2008-03-08 20:34 32 ----a-w C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat
2008-03-08 20:33 --------- d-----w C:\Program Files\Skype
2008-03-08 20:33 --------- d-----w C:\Program Files\Common Files\Skype
2008-03-08 20:33 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Skype
2008-03-01 19:46 --------- d-----w C:\Program Files\ATI Technologies
2008-03-01 19:01 --------- d-----w C:\Program Files\ToniArts
2008-02-29 16:42 2,829 ----a-w C:\WINDOWS\DIIUnin.pif
2008-02-29 16:42 106,496 ----a-w C:\WINDOWS\DIIUnin.exe
2008-02-29 15:06 --------- d-----w C:\Program Files\ATITool
2008-02-25 20:41 --------- d-----w C:\Program Files\LOTR - Return of the King
2008-02-25 15:13 --------- d-----w C:\Documents and Settings\BOCHAT\Dane aplikacji\ATI
2008-02-23 23:55 --------- d-----w C:\Program Files\MediaCoder
2008-02-23 22:11 --------- d-----w C:\Program Files\Cucusoft
2008-02-07 21:09 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2008-02-07 21:09 286,720 ------w C:\WINDOWS\Setup1.exe
2008-02-06 06:58 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-02-06 03:42 127,034 ------r C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe
2008-02-06 02:45 729,088 ----a-w C:\WINDOWS\iun6002.exe
2008-01-31 02:02 54,608 ----a-w C:\WINDOWS\system32\xfcodec.dll
2008-01-22 20:04 46,080 ----a-w C:\WINDOWS\system32\amdpcom32.dll
2008-01-22 20:01 385,024 ------w C:\WINDOWS\system32\atikvmag.dll
2008-01-22 19:57 163,840 ------w C:\WINDOWS\system32\atiok3x2.dll
2004-10-01 14:00 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
.

((((((((((((((((((((((((((((( snapshot@2008-04-20_13.04.48.42 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-20 10:02:02 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-20 16:12:47 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-20 15:25:26 167,936 ----a-r C:\WINDOWS\Installer\{90110415-6000-11D3-8CFE-0050048383C9}\accicons.exe
+ 2008-04-20 15:25:26 2,560 ----a-r C:\WINDOWS\Installer\{90110415-6000-11D3-8CFE-0050048383C9}\cagicon.exe
+ 2008-04-20 15:25:25 34,304 ----a-r C:\WINDOWS\Installer\{90110415-6000-11D3-8CFE-0050048383C9}\misc.exe
+ 2008-04-20 15:25:26 8,192 ----a-r C:\WINDOWS\Installer\{90110415-6000-11D3-8CFE-0050048383C9}\mspicons.exe
+ 2008-04-20 15:25:26 3,584 ----a-r C:\WINDOWS\Installer\{90110415-6000-11D3-8CFE-0050048383C9}\opwicon.exe
+ 2008-04-20 15:25:26 114,688 ----a-r C:\WINDOWS\Installer\{90110415-6000-11D3-8CFE-0050048383C9}\outicon.exe
+ 2008-04-20 15:25:26 16,384 ----a-r C:\WINDOWS\Installer\{90110415-6000-11D3-8CFE-0050048383C9}\PEicons.exe
+ 2008-04-20 15:25:26 30,720 ----a-r C:\WINDOWS\Installer\{90110415-6000-11D3-8CFE-0050048383C9}\pptico.exe
+ 2008-04-20 15:25:26 22,528 ----a-r C:\WINDOWS\Installer\{90110415-6000-11D3-8CFE-0050048383C9}\unbndico.exe
+ 2008-04-20 15:25:25 45,056 ----a-r C:\WINDOWS\Installer\{90110415-6000-11D3-8CFE-0050048383C9}\wordicon.exe
+ 2008-04-20 15:25:25 90,112 ----a-r C:\WINDOWS\Installer\{90110415-6000-11D3-8CFE-0050048383C9}\xlicons.exe
+ 2001-01-22 01:25:24 32,768 ----a-w C:\WINDOWS\system32\ATHPRXY.DLL
+ 1999-10-18 02:01:42 1,129,232 ----a-w C:\WINDOWS\system32\FM20.DLL
+ 1999-10-18 02:01:16 26,384 ----a-w C:\WINDOWS\system32\FM20ENU.DLL
- 2008-02-06 11:14:15 95,072 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-04-20 16:12:44 119,744 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 1999-01-28 15:42:40 521,856 ----a-w C:\WINDOWS\system32\MAPI.DLL
+ 1999-04-14 13:07:34 39,184 ----a-w C:\WINDOWS\system32\MAPISRVR.EXE
+ 1999-04-08 09:23:34 53,248 ----a-w C:\WINDOWS\system32\MFC42PLK.DLL
+ 1999-06-04 13:22:38 7,680 ----a-w C:\WINDOWS\system32\MSPRPPL.DLL
+ 2000-05-11 11:06:20 397,312 ----a-w C:\WINDOWS\system32\MSRDO20.DLL
+ 2000-05-24 04:45:58 118,784 ----a-w C:\WINDOWS\system32\MSSTDFMT.DLL
+ 2000-06-02 14:51:02 84,480 ----a-w C:\WINDOWS\system32\NSCMPS.DLL
+ 2000-06-02 14:51:50 34,240 ----a-w C:\WINDOWS\system32\NSERROR.DLL
+ 1998-12-09 01:53:58 212,480 ----a-w C:\WINDOWS\system32\PCDLIB32.DLL
+ 2000-04-03 15:52:54 151,552 ----a-w C:\WINDOWS\system32\RDOCURS.DLL
+ 1998-03-25 03:54:08 15,872 ----a-w C:\WINDOWS\system32\SCP32.DLL
+ 1999-11-25 00:40:50 40,960 ----a-w C:\WINDOWS\system32\VBAME.DLL
+ 2008-04-20 16:12:58 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_65c.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{87F195A2-E583-4FE1-9649-3333E6FE1A61}"= "C:\WINDOWS\dpevflbg.dll" [2008-04-19 12:39 155648]

[HKEY_CLASSES_ROOT\clsid\{87f195a2-e583-4fe1-9649-3333e6fe1a61}]
[HKEY_CLASSES_ROOT\dpevflbg.1]
[HKEY_CLASSES_ROOT\TypeLib\{6D1E583A-D2AA-4ACA-ACE8-451F73C609F1}]
[HKEY_CLASSES_ROOT\dpevflbg]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2002-12-31 14:00 15360]
"LogitechSetup"="F:\Setup\Setup.exe" [ ]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-07-09 09:39 2119104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-09-16 14:39 69632 C:\WINDOWS\SOUNDMAN.EXE]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-09-29 08:15 344064]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2004-09-29 11:37 28672]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 17:37 2178832]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2002-12-31 14:00 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 18:35 1294336]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2004-09-29 11:37 28672]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2002-12-31 14:00 44544]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
ATI CATALYST System Tray.lnk - C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe [2004-09-29 11:37:26 28672]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= file:///C:\WINDOWS\privacy_danger\index.htm
FriendlyName= Privacy Protection

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"vadokmxt"= {53B3DFE1-FED8-4FFA-A23E-C9940A9267EE} - C:\WINDOWS\vadokmxt.dll [2008-04-19 12:39 188416]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifgGaxX]
iifgGaxX.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^.protected]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\.protected
backup=C:\WINDOWS\pss\.protectedCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^CoreCenter.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\CoreCenter.lnk
backup=C:\WINDOWS\pss\CoreCenter.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^F-Secure Anti-Virus 2006.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\F-Secure Anti-Virus 2006.lnk
backup=C:\WINDOWS\pss\F-Secure Anti-Virus 2006.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Logitech Desktop Messenger.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Logitech Desktop Messenger.lnk
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^VIA RAID TOOL.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\VIA RAID TOOL.lnk
backup=C:\WINDOWS\pss\VIA RAID TOOL.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^BOCHAT^Menu Start^Programy^Autostart^.protected]
path=C:\Documents and Settings\BOCHAT\Menu Start\Programy\Autostart\.protected
backup=C:\WINDOWS\pss\.protectedStartup

[HKLM\~\startupfolder\C:^Documents and Settings^BOCHAT^Menu Start^Programy^Autostart^Xfire.lnk]
path=C:\Documents and Settings\BOCHAT\Menu Start\Programy\Autostart\Xfire.lnk
backup=C:\WINDOWS\pss\Xfire.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Anti-Blaxx Manager]
--a------ 2005-05-18 17:08 208896 C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-02-14 01:09 486856 C:\Program Files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure Manager]
C:\Program Files\F-Secure Internet Security\Common\FSM32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure Startup Wizard]
C:\Program Files\F-Secure Internet Security\FSGUI\FSSW.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure TNB]
C:\Program Files\F-Secure Internet Security\TNB\TNBUtil.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu]
--a------ 2007-07-09 09:39 2119104 C:\Program Files\Gadu-Gadu\gg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
--------- 2005-07-08 16:25 1397760 C:\Program Files\Ahead\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
--a------ 2007-10-25 17:33 563984 C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-08-04 01:55 1667584 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 12:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb]
--a------ 2008-01-07 22:02 495616 C:\Program Files\Winamp Remote\bin\OrbTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
--a------ 2007-12-10 11:12 695808 C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2003-12-08 18:35 32768 C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-02-01 18:22 21898024 C:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 05:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystemDefender]
C:\Program Files\SystemDefender\SystemDefender.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"FSMA"=2 (0x2)
"FSDFWD"=3 (0x3)
"FSAUA"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"E:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"C:\\Program Files\\Xfire\\xfire.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"E:\\Program Files\\Sierra\\FEAR\\FEAR.exe"=
"E:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"E:\\Program Files\\Sierra\\FEARCombat\\FEARMP.exe"=
"C:\\Program Files\\BitSpirit\\BitSpirit.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-09-22 12:14]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4a987f2b-d66b-11dc-8034-806d6172696f}]
\Shell\AutoRun\command - F:\Launch.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9c80af93-d45c-11dc-be50-806d6172696f}]
\Shell\AutoRun\command - F:\Install.exe

*Newly Created Service* - CATCHME
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-20 18:27:51
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-20 18:28:41
ComboFix-quarantined-files.txt 2008-04-20 16:28:36
ComboFix2.txt 2008-04-20 11:05:11

Pre-Run: 4,008,448,000 bajtów wolnych
Post-Run: 4,019,810,304 bajtów wolnych

260