Prośba o sprawdzenie loga

[Amadeusz]

Witam wszystkich mam problem z wirusem TrojanDownloader.XS

oto log z ComboFix;
ComboFix 08-06-10.5 - Andrzej 2008-06-11 14:52:56.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1030 [GMT 2:00]
Running from: C:\Documents and Settings\Andrzej\Pulpit\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Andrzej\Dane aplikacji\Microsoft\dtsc
C:\Documents and Settings\Andrzej\Dane aplikacji\Microsoft\dtsc\8491.exe
C:\Documents and Settings\Andrzej\Dane aplikacji\Microsoft\dtsc\s
C:\Program Files\AntispyStorm
C:\Program Files\AntispyStorm\AntispyStorm.exe.MANIFEST
C:\Program Files\AntispyStorm\logs\06.10.08_20_34_49.log
C:\Program Files\AntispyStorm\stat.bin
C:\Program Files\AntispyStorm\uninstall.exe
C:\Program Files\AntispyStorm\uninstall.log
C:\Program Files\SpyMaxx
C:\Program Files\SpyMaxx\mdReg.dll
C:\Program Files\SpyMaxx\sm_ie_monitor.dll
C:\Program Files\SpyMaxx\SpyMaxx.exe.MANIFEST
C:\Program Files\SpyMaxx\stat.bin
C:\Program Files\SpyMaxx\uninstall.exe
C:\Program Files\SpyMaxx\uninstall.log
C:\WINDOWS\accesss.exe
C:\WINDOWS\astctl32.ocx
C:\WINDOWS\avpcc.dll
C:\WINDOWS\clrssn.exe
C:\WINDOWS\cpan.dll
C:\WINDOWS\ctfmon32.exe
C:\WINDOWS\ctrlpan.dll
C:\WINDOWS\default.htm
C:\WINDOWS\directx32.exe
C:\WINDOWS\dnsrelay.dll
C:\WINDOWS\editpad.exe
C:\WINDOWS\explore.exe
C:\WINDOWS\explorer32.exe
C:\WINDOWS\funniest.exe
C:\WINDOWS\funny.exe
C:\WINDOWS\gfmnaaa.dll
C:\WINDOWS\helpcvs.exe
C:\WINDOWS\iedll.exe
C:\WINDOWS\iexplorer.exe
C:\WINDOWS\inetinf.exe
C:\WINDOWS\internet.exe
C:\WINDOWS\lfn.exe
C:\WINDOWS\loader.exe
C:\WINDOWS\mainms.vpi
C:\WINDOWS\megavid.cdt
C:\WINDOWS\msconfd.dll
C:\WINDOWS\msspi.dll
C:\WINDOWS\mssys.exe
C:\WINDOWS\msupdate.exe
C:\WINDOWS\mswsc10.dll
C:\WINDOWS\mswsc20.dll
C:\WINDOWS\mtwirl32.dll
C:\WINDOWS\muotr.so
C:\WINDOWS\notepad32.exe
C:\WINDOWS\olehelp.exe
C:\WINDOWS\qttasks.exe
C:\WINDOWS\quicken.exe
C:\WINDOWS\rundll16.exe
C:\WINDOWS\rundll32.vbe
C:\WINDOWS\searchword.dll
C:\WINDOWS\sistem.exe
C:\WINDOWS\svchost32.exe
C:\WINDOWS\svcinit.exe
C:\WINDOWS\systeem.exe
C:\WINDOWS\system32\hljwugsf.bin
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\systemcritical.exe
C:\WINDOWS\time.exe
C:\WINDOWS\users32.exe
C:\WINDOWS\waol.exe
C:\WINDOWS\win32e.exe
C:\WINDOWS\win64.exe
C:\WINDOWS\winajbm.dll
C:\WINDOWS\window.exe
C:\WINDOWS\winmgnt.exe
C:\WINDOWS\x.exe
C:\WINDOWS\xplugin.dll
C:\WINDOWS\xxxvideo.hta
C:\WINDOWS\y.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MSSECURITY1.209.4
-------\Service_MsSecurity1.209.4


((((((((((((((((((((((((( Files Created from 2008-05-11 to 2008-06-11 )))))))))))))))))))))))))))))))
.

2008-06-11 14:41 . 2008-06-11 14:41 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-11 01:06 . 2008-06-11 14:55 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-06-11 01:06 . 2008-06-11 01:06 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-06-11 01:06 . 2008-06-11 01:06 <DIR> d-------- C:\Documents and Settings\Andrzej\Dane aplikacji\PC Tools
2008-06-11 01:06 . 2008-06-11 14:42 74,240 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-06-11 01:06 . 2008-06-11 14:42 56,832 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-06-11 01:06 . 2007-10-04 17:10 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-06-11 01:06 . 2007-10-04 17:11 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-06-11 00:57 . 2008-06-11 00:57 <DIR> d-------- C:\WINDOWS\ERUNT
2008-06-11 00:53 . 2008-06-11 00:53 <DIR> d-------- C:\SDFIX
2008-06-11 00:01 . 2008-06-11 00:01 <DIR> d-------- C:\Program Files\Unlocker
2008-06-11 00:01 . 2008-06-11 00:04 <DIR> d-------- C:\Documents and Settings\Andrzej\Dane aplikacji\Desktopicon
2008-06-10 23:30 . 2008-06-10 23:34 <DIR> d-------- C:\Program Files\mks_vir_2007
2008-06-10 20:04 . 2008-06-10 20:04 <DIR> d-------- C:\Program Files\Lavasoft
2008-06-10 19:36 . 2008-06-10 19:36 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-06-10 18:59 . 2008-06-10 18:59 <DIR> d-------- C:\WINDOWS\system32\zo
2008-06-10 18:59 . 2008-06-10 18:59 <DIR> d-------- C:\WINDOWS\system32\vntiho06
2008-06-10 18:59 . 2008-06-10 19:00 <DIR> d-------- C:\WINDOWS\system32\Dv
2008-06-10 18:59 . 2008-06-10 18:59 <DIR> dr------- C:\Documents and Settings\LocalService\Ulubione
2008-06-10 18:59 . 2008-06-10 18:59 87,511 --a------ C:\WINDOWS\system32\iftuyszv.exe
2008-06-10 18:59 . 2008-06-10 18:59 49,158 --a------ C:\WINDOWS\444.0
2008-06-10 18:35 . 2008-06-10 18:35 <DIR> d-------- C:\Documents and Settings\Andrzej\Dane aplikacji\Thinstall
2008-06-10 18:23 . 2008-06-10 18:26 <DIR> d-------- C:\Documents and Settings\Andrzej\Dane aplikacji\FairStars Audio Converter
2008-06-10 18:11 . 2008-06-10 18:13 <DIR> d-------- C:\Program Files\uTorrent
2008-06-10 18:11 . 2008-06-11 14:29 <DIR> d-------- C:\Documents and Settings\Andrzej\Dane aplikacji\uTorrent
2008-06-04 15:47 . 2008-06-10 13:50 <DIR> d-------- C:\WWW
2008-05-22 14:09 . 2008-05-22 14:09 <DIR> d-------- C:\Live! Cam
2008-05-22 14:04 . 2008-05-22 14:04 <DIR> d-------- C:\Documents and Settings\Andrzej\Dane aplikacji\Creative
2008-05-22 14:04 . 2008-05-22 14:05 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Creative
2008-05-22 14:01 . 2003-06-12 23:25 7,062 --a------ C:\WINDOWS\system32\audiopid.vxd
2008-05-22 14:00 . 2006-10-06 08:17 53,248 --------- C:\WINDOWS\Ctregrun.exe
2008-05-22 13:59 . 2004-08-03 23:07 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2008-05-22 13:59 . 2004-08-03 23:07 59,264 --a--c--- C:\WINDOWS\system32\dllcache\usbaudio.sys
2008-05-22 13:57 . 2008-05-22 14:10 <DIR> d-------- C:\WINDOWS\CtDrvInstall
2008-05-22 13:56 . 2008-05-22 13:57 <DIR> d-------- C:\Program Files\SightSpeed
2008-05-22 13:53 . 2008-05-22 14:00 <DIR> d-------- C:\Program Files\Creative
2008-05-21 15:56 . 2008-06-11 10:35 <DIR> d-------- C:\Documents and Settings\Andrzej\Dane aplikacji\skypePM
2008-05-21 15:56 . 2008-05-21 15:56 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-05-21 15:51 . 2008-05-21 15:51 <DIR> d-------- C:\Program Files\Skype
2008-05-21 15:51 . 2008-05-21 15:51 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-05-21 15:51 . 2008-06-11 14:56 <DIR> d-------- C:\Documents and Settings\Andrzej\Dane aplikacji\Skype
2008-05-21 15:50 . 2008-05-21 15:51 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Skype
2008-05-20 23:05 . 2008-05-20 23:05 32,768 --a------ C:\WINDOWS\system32\vntiho06\vntiho061083.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-11 12:42 --------- d---a-w C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2008-06-10 21:01 --------- d-----w C:\Program Files\SkanerOnline
2008-06-10 18:04 --------- d-----w C:\Documents and Settings\Andrzej\Dane aplikacji\Lavasoft
2008-06-10 18:00 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy
2008-06-06 23:25 --------- d-----w C:\Documents and Settings\Andrzej\Dane aplikacji\BearShare
2008-05-31 13:28 --------- d-----w C:\Documents and Settings\Andrzej\Dane aplikacji\teamspeak2
2008-05-23 10:26 --------- d-----w C:\Program Files\Teamspeak2_RC2
2008-05-22 12:01 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-20 14:38 --------- d-----w C:\Program Files\NCH Swift Sound
2008-05-20 14:37 --------- d-----w C:\Documents and Settings\Andrzej\Dane aplikacji\NCH Swift Sound
2008-05-15 13:41 --------- d-----w C:\Documents and Settings\Andrzej\Dane aplikacji\Winamp
2008-05-09 22:48 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-05-09 22:37 --------- d-----w C:\Program Files\MarBit
2008-05-07 14:46 --------- d-----w C:\Program Files\BearShare Applications
2008-04-28 15:12 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Videozilla
2008-04-28 15:10 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\shctxex.vb
2008-04-28 15:02 --------- d-----w C:\Program Files\Smallvideosoft
2008-04-28 14:26 --------- d-----w C:\Documents and Settings\Andrzej\Dane aplikacji\vlc
2008-04-28 14:24 --------- d-----w C:\Program Files\VideoLAN
2008-04-23 15:22 --------- d-----w C:\Documents and Settings\Andrzej\Dane aplikacji\Uniblue
2008-04-13 20:30 --------- d-----w C:\Program Files\Google
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{086ae192-23a6-48d6-96ec-715f53797e85}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{150fa160-130d-451f-b863-b655061432ba}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{17da0c9e-4a27-4ac5-bb75-5d24b8cdb972}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2e9caff6-30c7-4208-8807-e79d4ec6f806}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{467faeb2-5f5b-4c81-bae0-2a4752ca7f4e}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{587dbf2d-9145-4c9e-92c2-1f953da73773}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{79369d5c-2903-4b7a-ade2-d5e0dee14d24}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{799a370d-5993-4887-9df7-0a4756a77d00}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{98dbbf16-ca43-4c33-be80-99e6694468a4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a55581dc-2cdb-4089-8878-71a080b22342}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b847676d-72ac-4393-bfff-43a1eb979352}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bc97b254-b2b9-4d40-971d-78e0978f5f26}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BCA83B3B-5D57-431E-9C04-F5A7AC4AF4D7}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cf021f40-3e14-23a5-cba2-717765721306}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e2ddf680-9905-4dee-8c64-0a5de7fe133c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e3eebbe8-9cab-4c76-b26a-747e25ebb4c6}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e7afff2a-1b57-49c7-bf6b-e5123394c970}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fd9bc004-8331-4457-b830-4759ff704c22}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44 15360]
"Gadu-Gadu"="D:\Programy\Gadu-Gadu\gg.exe" [2007-11-14 12:54 2131392]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-04-30 17:17 22058792]
"Creative Live! Cam Manager"="D:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe" [2007-06-07 14:01 155648]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 11:12 90112]
"iKeyWorks"="C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe" [2005-04-14 05:35 73728]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"WheelMouse"="D:\Program Files\Mouse\Amoumain.exe" [2007-04-19 10:30 237568]
"WinampAgent"="D:\Program Files\Winamp\winampa.exe" [2008-04-01 20:49 36352]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 17:17 159744]
"Adobe Reader Speed Launcher"="D:\Programy\Adobe Reader 8.1\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"V0350Mon.exe"="C:\WINDOWS\V0350Mon.exe" [2007-08-23 01:03 28672]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:44 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.iv41"= ir41_32.dll
"vidc.vixl"= Miroxl32.dll
"vidc.mmes"= DigiVCap.dll
"vidc.ipdv"= idvcodec.dll
"vidc.pdvc"= idvcodec.dll
"vidc.gpeg"= GPEG.dll
"vidc.glzw"= GLZW.dll
"vidc.em2v"= ETXCodec.dll
"MSVideo"= DPSVidCap.drv
"vidc.dps0"= DpsAviCC.dll
"VIDC.AP41"= APmpg4v1.dll
"vidc.advs"= Dvc.dll
"vidc.rt21"= IR21_R.DLL
"vidc.ir21"= IR21_R.DLL
"vidc.fljp"= MMTVMJ.dll
"vidc.tvmj"= MMTVMJ.dll
"vidc.mj2c"= M3JP2K32.dll
"vidc.mszh"= avimszh.dll
"vidc.zlib"= avizlib.dll
"vidc.avrn"= AvidAVICodec.dll
"vidc.dvma"= dvicmau.dll
"vidc.div3"= DivXc32.dll
"vidc.div4"= DivXc32f.dll
"vidc.dvx4"= divx4.dll
"vidc.aflc"= flccodec32.dll
"vidc.afli"= flccodec32.dll
"vidc.hfyu"= huffyuv.dll
"vidc.i263"= i263_32.drv
"vidc.dmb1"= m3jpeg32.dll
"vidc.mjpg"= m3jpeg32.dll
"vidc.dcmj"= MCMJPG32.DLL
"vidc.mwv1"= icmw_32.dll
"vidc.pimj"= pvljpg20.dll
"vidc.mjpx"= pvmjpg21.dll
"vidc.pvw2"= pvwv220.dll
"vidc.bt20"= btvvc32.drv
"vidc.y41p"= btvvc32.drv
"vidc.rud0"= rududu.dll
"vidc.cdvc"= CSCCDVC.DLL
"vidc.ddvc"= CSCdvsd.DLL
"vidc.vcr1"= ativcr1.dll
"vidc.vcr2"= ativcr2.dll
"vidc.asv1"= asusasv1.dll
"vidc.asv2"= asusasv2.dll
"msacm.pcdv"= pcdv.acm
"msacm.dvmpega"= dvacmau.dll
"msacm.qmpeg"= qmpeg.acm
"msacm.imc"= IMC32.ACM
"msacm.wrpr"= aviwrap.dll
"vidc.wrpr"= aviwrap.dll
"msacm.divxa32"= divxa32.acm
"vidc.nt00"= NTCodec.dll
"vidc.vp31"= vp31vfw.dll
"vidc.mjpa"= rtmjpgcdc.dll
"vidc.frwu"= frwu.dll
"vidc.frwd"= frwd.dll
"vidc.frwt"= frwt.dll
"vidc.s422"= tekyuv.dll
"vidc.cyuv"= yuvcodec.dll
"vidc.sjpg"= pmjpeg32.dll
"vidc.wnv1"= WNVPLAY1.DLL
"vidc.rmp4"= rmp4.dll
"vidc.sony"= sonydv.dll
"vidc.miro"= mirodv2avi.dll
"vidc.dv25"= DigiVCap.dll
"vidc.dv50"= DigiVCap.dll
"vidc.msmc"= DigiVCap.dll
"vidc.mmjp"= DigiVCap.dll
"vidc.3ivx"= 3ivxVfWCodec.dll
"vidc.yv12"= yv12vfw.dll
"msacm.l3fhg"= mp3fhg.acm
"VIDC.X264"= x264vfw.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^BTTray.lnk]
backup=C:\WINDOWS\pss\BTTray.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 23:16 39792 D:\Programy\Adobe Reader 8.1\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Smapp]
--a------ 2003-05-05 08:57 143360 C:\Program Files\Analog Devices\SoundMAX\SMTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2008-04-01 20:49 36352 D:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"D:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"=
"D:\\Programy\\Gadu-Gadu\\gg.exe"=
"E:\\Program Files\\Metin2\\metin2.bin"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\SightSpeed\\SightSpeed.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 MPRIFL;MPRIFL;C:\WINDOWS\system32\DRIVERS\MPRIFL.SYS [2007-04-17 23:52]
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);C:\WINDOWS\system32\drivers\sfdrv01a.sys [2006-07-05 14:46]
R0 viasraid;viasraid;C:\WINDOWS\system32\DRIVERS\viasraid.sys [2003-10-31 05:22]
R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-10-17 20:22]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R3 Amps2prt;Compatible PS/2 Port Mouse Driver;C:\WINDOWS\system32\DRIVERS\Amps2prt.sys [2007-04-06 07:53]
S3 k510bus;Sony Ericsson K510 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\k510bus.sys [2008-02-14 13:59]
S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k510mdfl.sys [2008-02-14 13:59]
S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\k510mdm.sys [2008-02-14 13:59]
S3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\k510mgmt.sys [2008-02-14 13:59]
S3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\k510obex.sys [2008-02-14 13:59]
S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
S3 VF0350Afx;VF0350 Audio FX;C:\WINDOWS\system32\Drivers\V0350Afx.sys [2007-06-11 01:01]
S3 VF0350Vfx;VF0350 Video FX;C:\WINDOWS\system32\DRIVERS\V0350VFx.sys [2007-03-05 18:45]
S3 VF0350Vid;Live! Cam Video IM (VF0350);C:\WINDOWS\system32\DRIVERS\V0350Vid.sys [2007-08-29 01:03]

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-11 14:56:39
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ASFWHide]
"ImagePath"="\??\C:\DOCUME~1\Andrzej\USTAWI~1\Temp\ASFWHide"
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Completion time: 2008-06-11 15:00:34 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-11 13:00:29

Pre-Run: 4,277,968,896 bajtów wolnych
Post-Run: 4,218,740,736 bajt˘w wolnych

357 --- E O F --- 2007-12-17 14:30:38

a To z HijackThis;
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:41:48, on 2008-06-11
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\iftuyszv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
D:\Program Files\Mouse\Amoumain.exe
D:\Program Files\Winamp\winampa.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\V0350Mon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
D:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe
C:\Documents and Settings\Andrzej\Dane aplikacji\Microsoft\dtsc\8491.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\444.0
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\Documents and Settings\Andrzej\Dane aplikacji\Microsoft\dtsc\8491.exe
C:\Documents and Settings\Andrzej\Dane aplikacji\Microsoft\dtsc\8491.exe
C:\Documents and Settings\Andrzej\Dane aplikacji\Microsoft\dtsc\8491.exe
C:\Documents and Settings\Andrzej\Dane aplikacji\Microsoft\dtsc\8491.exe
C:\Documents and Settings\Andrzej\Dane aplikacji\Microsoft\dtsc\8491.exe
C:\Documents and Settings\Andrzej\Dane aplikacji\Microsoft\dtsc\8491.exe
C:\Documents and Settings\Andrzej\Dane aplikacji\Microsoft\dtsc\8491.exe
C:\Documents and Settings\Andrzej\Dane aplikacji\Microsoft\dtsc\8491.exe
C:\Documents and Settings\Andrzej\Dane aplikacji\Microsoft\dtsc\8491.exe
C:\Documents and Settings\Andrzej\Dane aplikacji\Microsoft\dtsc\8491.exe
C:\Documents and Settings\Andrzej\Dane aplikacji\Microsoft\dtsc\8491.exe
C:\Documents and Settings\Andrzej\Dane aplikacji\Microsoft\dtsc\8491.exe
C:\Documents and Settings\Andrzej\Dane aplikacji\Microsoft\dtsc\8491.exe
C:\Documents and Settings\Andrzej\Dane aplikacji\Microsoft\dtsc\8491.exe
C:\Documents and Settings\Andrzej\Dane aplikacji\Microsoft\dtsc\8491.exe
C:\Documents and Settings\Andrzej\Dane aplikacji\Microsoft\dtsc\8491.exe
C:\Documents and Settings\Andrzej\Dane aplikacji\Microsoft\dtsc\8491.exe
C:\Documents and Settings\Andrzej\Dane aplikacji\Microsoft\dtsc\8491.exe
C:\Documents and Settings\Andrzej\Dane aplikacji\Microsoft\dtsc\8491.exe
C:\Documents and Settings\Andrzej\Dane aplikacji\Microsoft\dtsc\8491.exe
C:\Documents and Settings\Andrzej\Dane aplikacji\Microsoft\dtsc\8491.exe
C:\Documents and Settings\Andrzej\Dane aplikacji\Microsoft\dtsc\8491.exe
C:\Documents and Settings\Andrzej\Dane aplikacji\Microsoft\dtsc\8491.exe
C:\Documents and Settings\Andrzej\Dane aplikacji\Microsoft\dtsc\8491.exe
C:\Documents and Settings\Andrzej\Dane aplikacji\Microsoft\dtsc\8491.exe
C:\Documents and Settings\Andrzej\Dane aplikacji\Microsoft\dtsc\8491.exe
C:\Documents and Settings\Andrzej\Dane aplikacji\Microsoft\dtsc\8491.exe
C:\Documents and Settings\Andrzej\Dane aplikacji\Microsoft\dtsc\8491.exe
C:\Documents and Settings\Andrzej\Dane aplikacji\Microsoft\dtsc\8491.exe
C:\Documents and Settings\Andrzej\Dane aplikacji\Microsoft\dtsc\8491.exe
C:\Documents and Settings\Andrzej\Dane aplikacji\Microsoft\dtsc\8491.exe
C:\Documents and Settings\Andrzej\Dane aplikacji\Microsoft\dtsc\8491.exe
C:\Documents and Settings\Andrzej\Dane aplikacji\Microsoft\dtsc\8491.exe
C:\Documents and Settings\Andrzej\Dane aplikacji\Microsoft\dtsc\8491.exe
C:\Documents and Settings\Andrzej\Dane aplikacji\Microsoft\dtsc\8491.exe
C:\Documents and Settings\Andrzej\Dane aplikacji\Microsoft\dtsc\8491.exe
C:\Documents and Settings\Andrzej\Dane aplikacji\Microsoft\dtsc\8491.exe
C:\Documents and Settings\Andrzej\Dane aplikacji\Microsoft\dtsc\8491.exe
C:\Documents and Settings\Andrzej\Dane aplikacji\Microsoft\dtsc\8491.exe
C:\Documents and Settings\Andrzej\Dane aplikacji\Microsoft\dtsc\8491.exe
C:\Documents and Settings\Andrzej\Dane aplikacji\Microsoft\dtsc\8491.exe
C:\Documents and Settings\Andrzej\Dane aplikacji\Microsoft\dtsc\8491.exe
C:\Documents and Settings\Andrzej\Dane aplikacji\Microsoft\dtsc\8491.exe
C:\Documents and Settings\Andrzej\Dane aplikacji\Microsoft\dtsc\8491.exe
C:\Documents and Settings\Andrzej\Dane aplikacji\Microsoft\dtsc\8491.exe
C:\Documents and Settings\Andrzej\Dane aplikacji\Microsoft\dtsc\8491.exe
C:\Documents and Settings\Andrzej\Dane aplikacji\Microsoft\dtsc\8491.exe
C:\Documents and Settings\Andrzej\Dane aplikacji\Microsoft\dtsc\8491.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\iftuyszv.exe,
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {086ae192-23a6-48d6-96ec-715f53797e85} - (no file)
O2 - BHO: (no name) - {150fa160-130d-451f-b863-b655061432ba} - (no file)
O2 - BHO: (no name) - {17da0c9e-4a27-4ac5-bb75-5d24b8cdb972} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2} - (no file)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {2e9caff6-30c7-4208-8807-e79d4ec6f806} - (no file)
O2 - BHO: (no name) - {467faeb2-5f5b-4c81-bae0-2a4752ca7f4e} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {587dbf2d-9145-4c9e-92c2-1f953da73773} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {79369d5c-2903-4b7a-ade2-d5e0dee14d24} - (no file)
O2 - BHO: (no name) - {799a370d-5993-4887-9df7-0a4756a77d00} - (no file)
O2 - BHO: (no name) - {98dbbf16-ca43-4c33-be80-99e6694468a4} - (no file)
O2 - BHO: (no name) - {a55581dc-2cdb-4089-8878-71a080b22342} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {b847676d-72ac-4393-bfff-43a1eb979352} - (no file)
O2 - BHO: (no name) - {bc97b254-b2b9-4d40-971d-78e0978f5f26} - (no file)
O2 - BHO: (no name) - {BCA83B3B-5D57-431E-9C04-F5A7AC4AF4D7} - (no file)
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765721306} - (no file)
O2 - BHO: (no name) - {e2ddf680-9905-4dee-8c64-0a5de7fe133c} - (no file)
O2 - BHO: (no name) - {e3eebbe8-9cab-4c76-b26a-747e25ebb4c6} - (no file)
O2 - BHO: (no name) - {e7afff2a-1b57-49c7-bf6b-e5123394c970} - (no file)
O2 - BHO: (no name) - {fcaddc14-bd46-408a-9842-cdbe1c6d37eb} - (no file)
O2 - BHO: (no name) - {fd9bc004-8331-4457-b830-4759ff704c22} - (no file)
O2 - BHO: (no name) - {ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [WheelMouse] D:\Program Files\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [WinampAgent] "D:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Programy\Adobe Reader 8.1\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [V0350Mon.exe] C:\WINDOWS\V0350Mon.exe
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "D:\Programy\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Creative Live! Cam Manager] "D:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe"
O4 - HKCU\..\Run: [Microsoft Windows Installer] C:\Documents and Settings\Andrzej\Dane aplikacji\Microsoft\dtsc\8491.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://D:\Programy\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/ ... /CTPID.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MsSecurity Updated (MsSecurity1.209.4) - Unknown owner - C:\WINDOWS\444.0.exe (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 13558 bytes

Prosze o pomoc.

[huber2t]

Pobierz ComboFix, ale nie uruchamiaj
Wklej do notatnika:

Kod: Zaznacz wszystko

File::
C:\WINDOWS\system32\iftuyszv.exe

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{086ae192-23a6-48d6-96ec-715f53797e85}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{150fa160-130d-451f-b863-b655061432ba}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{17da0c9e-4a27-4ac5-bb75-5d24b8cdb972}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2e9caff6-30c7-4208-8807-e79d4ec6f806}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{467faeb2-5f5b-4c81-bae0-2a4752ca7f4e}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{587dbf2d-9145-4c9e-92c2-1f953da73773}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{79369d5c-2903-4b7a-ade2-d5e0dee14d24}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{799a370d-5993-4887-9df7-0a4756a77d00}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{98dbbf16-ca43-4c33-be80-99e6694468a4}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a55581dc-2cdb-4089-8878-71a080b22342}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b847676d-72ac-4393-bfff-43a1eb979352}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bc97b254-b2b9-4d40-971d-78e0978f5f26}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BCA83B3B-5D57-431E-9C04-F5A7AC4AF4D7}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cf021f40-3e14-23a5-cba2-717765721306}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e2ddf680-9905-4dee-8c64-0a5de7fe133c}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e3eebbe8-9cab-4c76-b26a-747e25ebb4c6}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e7afff2a-1b57-49c7-bf6b-e5123394c970}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fd9bc004-8331-4457-b830-4759ff704c22}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880}]


Plik zapisz jako CFScript.txt (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe)
Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe tak jak tu

Rozpocznie się usuwanie i powstanie log, daj ten log na forum.

[Amadeusz]

Zrobiłem tak jak napisałeś oto nowy log;

ComboFix 08-06-10.5 - Andrzej 2008-06-11 15:36:34.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1028 [GMT 2:00]
Running from: C:\Documents and Settings\Andrzej\Pulpit\ComboFix.exe
Command switches used :: C:\Documents and Settings\Andrzej\Pulpit\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\system32\iftuyszv.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\iftuyszv.exe

.
((((((((((((((((((((((((( Files Created from 2008-05-11 to 2008-06-11 )))))))))))))))))))))))))))))))
.

2008-06-11 14:41 . 2008-06-11 14:41 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-11 01:06 . 2008-06-11 14:55 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-06-11 01:06 . 2008-06-11 01:06 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-06-11 01:06 . 2008-06-11 01:06 <DIR> d-------- C:\Documents and Settings\Andrzej\Dane aplikacji\PC Tools
2008-06-11 01:06 . 2008-06-11 14:42 74,240 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-06-11 01:06 . 2008-06-11 14:42 56,832 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-06-11 01:06 . 2007-10-04 17:10 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-06-11 01:06 . 2007-10-04 17:11 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-06-11 00:57 . 2008-06-11 00:57 <DIR> d-------- C:\WINDOWS\ERUNT
2008-06-11 00:53 . 2008-06-11 00:53 <DIR> d-------- C:\SDFIX
2008-06-11 00:01 . 2008-06-11 00:01 <DIR> d-------- C:\Program Files\Unlocker
2008-06-11 00:01 . 2008-06-11 00:04 <DIR> d-------- C:\Documents and Settings\Andrzej\Dane aplikacji\Desktopicon
2008-06-10 23:30 . 2008-06-10 23:34 <DIR> d-------- C:\Program Files\mks_vir_2007
2008-06-10 20:04 . 2008-06-10 20:04 <DIR> d-------- C:\Program Files\Lavasoft
2008-06-10 19:36 . 2008-06-10 19:36 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-06-10 18:59 . 2008-06-10 18:59 <DIR> d-------- C:\WINDOWS\system32\zo
2008-06-10 18:59 . 2008-06-10 18:59 <DIR> d-------- C:\WINDOWS\system32\vntiho06
2008-06-10 18:59 . 2008-06-10 19:00 <DIR> d-------- C:\WINDOWS\system32\Dv
2008-06-10 18:59 . 2008-06-10 18:59 <DIR> dr------- C:\Documents and Settings\LocalService\Ulubione
2008-06-10 18:59 . 2008-06-10 18:59 49,158 --a------ C:\WINDOWS\444.0
2008-06-10 18:35 . 2008-06-10 18:35 <DIR> d-------- C:\Documents and Settings\Andrzej\Dane aplikacji\Thinstall
2008-06-10 18:23 . 2008-06-10 18:26 <DIR> d-------- C:\Documents and Settings\Andrzej\Dane aplikacji\FairStars Audio Converter
2008-06-10 18:11 . 2008-06-10 18:13 <DIR> d-------- C:\Program Files\uTorrent
2008-06-10 18:11 . 2008-06-11 14:29 <DIR> d-------- C:\Documents and Settings\Andrzej\Dane aplikacji\uTorrent
2008-06-04 15:47 . 2008-06-10 13:50 <DIR> d-------- C:\WWW
2008-05-22 14:09 . 2008-05-22 14:09 <DIR> d-------- C:\Live! Cam
2008-05-22 14:04 . 2008-05-22 14:04 <DIR> d-------- C:\Documents and Settings\Andrzej\Dane aplikacji\Creative
2008-05-22 14:04 . 2008-05-22 14:05 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Creative
2008-05-22 14:01 . 2003-06-12 23:25 7,062 --a------ C:\WINDOWS\system32\audiopid.vxd
2008-05-22 14:00 . 2006-10-06 08:17 53,248 --------- C:\WINDOWS\Ctregrun.exe
2008-05-22 13:59 . 2004-08-03 23:07 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2008-05-22 13:59 . 2004-08-03 23:07 59,264 --a--c--- C:\WINDOWS\system32\dllcache\usbaudio.sys
2008-05-22 13:57 . 2008-05-22 14:10 <DIR> d-------- C:\WINDOWS\CtDrvInstall
2008-05-22 13:56 . 2008-05-22 13:57 <DIR> d-------- C:\Program Files\SightSpeed
2008-05-22 13:53 . 2008-05-22 14:00 <DIR> d-------- C:\Program Files\Creative
2008-05-21 15:56 . 2008-06-11 14:58 <DIR> d-------- C:\Documents and Settings\Andrzej\Dane aplikacji\skypePM
2008-05-21 15:56 . 2008-05-21 15:56 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-05-21 15:51 . 2008-05-21 15:51 <DIR> d-------- C:\Program Files\Skype
2008-05-21 15:51 . 2008-05-21 15:51 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-05-21 15:51 . 2008-06-11 15:01 <DIR> d-------- C:\Documents and Settings\Andrzej\Dane aplikacji\Skype
2008-05-21 15:50 . 2008-05-21 15:51 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Skype
2008-05-20 23:05 . 2008-05-20 23:05 32,768 --a------ C:\WINDOWS\system32\vntiho06\vntiho061083.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-11 12:42 --------- d---a-w C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2008-06-10 21:01 --------- d-----w C:\Program Files\SkanerOnline
2008-06-10 18:04 --------- d-----w C:\Documents and Settings\Andrzej\Dane aplikacji\Lavasoft
2008-06-10 18:00 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy
2008-06-06 23:25 --------- d-----w C:\Documents and Settings\Andrzej\Dane aplikacji\BearShare
2008-05-31 13:28 --------- d-----w C:\Documents and Settings\Andrzej\Dane aplikacji\teamspeak2
2008-05-23 10:26 --------- d-----w C:\Program Files\Teamspeak2_RC2
2008-05-22 12:01 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-20 14:38 --------- d-----w C:\Program Files\NCH Swift Sound
2008-05-20 14:37 --------- d-----w C:\Documents and Settings\Andrzej\Dane aplikacji\NCH Swift Sound
2008-05-15 13:41 --------- d-----w C:\Documents and Settings\Andrzej\Dane aplikacji\Winamp
2008-05-09 22:48 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-05-09 22:37 --------- d-----w C:\Program Files\MarBit
2008-05-07 14:46 --------- d-----w C:\Program Files\BearShare Applications
2008-04-28 15:12 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Videozilla
2008-04-28 15:10 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\shctxex.vb
2008-04-28 15:02 --------- d-----w C:\Program Files\Smallvideosoft
2008-04-28 14:26 --------- d-----w C:\Documents and Settings\Andrzej\Dane aplikacji\vlc
2008-04-28 14:24 --------- d-----w C:\Program Files\VideoLAN
2008-04-23 15:22 --------- d-----w C:\Documents and Settings\Andrzej\Dane aplikacji\Uniblue
2008-04-13 20:30 --------- d-----w C:\Program Files\Google
2008-04-01 22:28 2,102,272 ----a-w C:\WINDOWS\system32\x264vfw.dll
2008-03-31 21:25 682,496 ----a-w C:\WINDOWS\system32\divx.dll
2008-03-28 17:41 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll
2008-03-21 20:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-03-21 20:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44 15360]
"Gadu-Gadu"="D:\Programy\Gadu-Gadu\gg.exe" [2007-11-14 12:54 2131392]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-04-30 17:17 22058792]
"Creative Live! Cam Manager"="D:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe" [2007-06-07 14:01 155648]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 11:12 90112]
"iKeyWorks"="C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe" [2005-04-14 05:35 73728]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"WheelMouse"="D:\Program Files\Mouse\Amoumain.exe" [2007-04-19 10:30 237568]
"WinampAgent"="D:\Program Files\Winamp\winampa.exe" [2008-04-01 20:49 36352]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 17:17 159744]
"Adobe Reader Speed Launcher"="D:\Programy\Adobe Reader 8.1\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"V0350Mon.exe"="C:\WINDOWS\V0350Mon.exe" [2007-08-23 01:03 28672]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:44 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.iv41"= ir41_32.dll
"vidc.vixl"= Miroxl32.dll
"vidc.mmes"= DigiVCap.dll
"vidc.ipdv"= idvcodec.dll
"vidc.pdvc"= idvcodec.dll
"vidc.gpeg"= GPEG.dll
"vidc.glzw"= GLZW.dll
"vidc.em2v"= ETXCodec.dll
"MSVideo"= DPSVidCap.drv
"vidc.dps0"= DpsAviCC.dll
"VIDC.AP41"= APmpg4v1.dll
"vidc.advs"= Dvc.dll
"vidc.rt21"= IR21_R.DLL
"vidc.ir21"= IR21_R.DLL
"vidc.fljp"= MMTVMJ.dll
"vidc.tvmj"= MMTVMJ.dll
"vidc.mj2c"= M3JP2K32.dll
"vidc.mszh"= avimszh.dll
"vidc.zlib"= avizlib.dll
"vidc.avrn"= AvidAVICodec.dll
"vidc.dvma"= dvicmau.dll
"vidc.div3"= DivXc32.dll
"vidc.div4"= DivXc32f.dll
"vidc.dvx4"= divx4.dll
"vidc.aflc"= flccodec32.dll
"vidc.afli"= flccodec32.dll
"vidc.hfyu"= huffyuv.dll
"vidc.i263"= i263_32.drv
"vidc.dmb1"= m3jpeg32.dll
"vidc.mjpg"= m3jpeg32.dll
"vidc.dcmj"= MCMJPG32.DLL
"vidc.mwv1"= icmw_32.dll
"vidc.pimj"= pvljpg20.dll
"vidc.mjpx"= pvmjpg21.dll
"vidc.pvw2"= pvwv220.dll
"vidc.bt20"= btvvc32.drv
"vidc.y41p"= btvvc32.drv
"vidc.rud0"= rududu.dll
"vidc.cdvc"= CSCCDVC.DLL
"vidc.ddvc"= CSCdvsd.DLL
"vidc.vcr1"= ativcr1.dll
"vidc.vcr2"= ativcr2.dll
"vidc.asv1"= asusasv1.dll
"vidc.asv2"= asusasv2.dll
"msacm.pcdv"= pcdv.acm
"msacm.dvmpega"= dvacmau.dll
"msacm.qmpeg"= qmpeg.acm
"msacm.imc"= IMC32.ACM
"msacm.wrpr"= aviwrap.dll
"vidc.wrpr"= aviwrap.dll
"msacm.divxa32"= divxa32.acm
"vidc.nt00"= NTCodec.dll
"vidc.vp31"= vp31vfw.dll
"vidc.mjpa"= rtmjpgcdc.dll
"vidc.frwu"= frwu.dll
"vidc.frwd"= frwd.dll
"vidc.frwt"= frwt.dll
"vidc.s422"= tekyuv.dll
"vidc.cyuv"= yuvcodec.dll
"vidc.sjpg"= pmjpeg32.dll
"vidc.wnv1"= WNVPLAY1.DLL
"vidc.rmp4"= rmp4.dll
"vidc.sony"= sonydv.dll
"vidc.miro"= mirodv2avi.dll
"vidc.dv25"= DigiVCap.dll
"vidc.dv50"= DigiVCap.dll
"vidc.msmc"= DigiVCap.dll
"vidc.mmjp"= DigiVCap.dll
"vidc.3ivx"= 3ivxVfWCodec.dll
"vidc.yv12"= yv12vfw.dll
"msacm.l3fhg"= mp3fhg.acm
"VIDC.X264"= x264vfw.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^BTTray.lnk]
backup=C:\WINDOWS\pss\BTTray.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 23:16 39792 D:\Programy\Adobe Reader 8.1\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Smapp]
--a------ 2003-05-05 08:57 143360 C:\Program Files\Analog Devices\SoundMAX\SMTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2008-04-01 20:49 36352 D:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"D:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"=
"D:\\Programy\\Gadu-Gadu\\gg.exe"=
"E:\\Program Files\\Metin2\\metin2.bin"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\SightSpeed\\SightSpeed.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 MPRIFL;MPRIFL;C:\WINDOWS\system32\DRIVERS\MPRIFL.SYS [2007-04-17 23:52]
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);C:\WINDOWS\system32\drivers\sfdrv01a.sys [2006-07-05 14:46]
R0 viasraid;viasraid;C:\WINDOWS\system32\DRIVERS\viasraid.sys [2003-10-31 05:22]
R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-10-17 20:22]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R3 Amps2prt;Compatible PS/2 Port Mouse Driver;C:\WINDOWS\system32\DRIVERS\Amps2prt.sys [2007-04-06 07:53]
S3 k510bus;Sony Ericsson K510 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\k510bus.sys [2008-02-14 13:59]
S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k510mdfl.sys [2008-02-14 13:59]
S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\k510mdm.sys [2008-02-14 13:59]
S3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\k510mgmt.sys [2008-02-14 13:59]
S3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\k510obex.sys [2008-02-14 13:59]
S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
S3 VF0350Afx;VF0350 Audio FX;C:\WINDOWS\system32\Drivers\V0350Afx.sys [2007-06-11 01:01]
S3 VF0350Vfx;VF0350 Video FX;C:\WINDOWS\system32\DRIVERS\V0350VFx.sys [2007-03-05 18:45]
S3 VF0350Vid;Live! Cam Video IM (VF0350);C:\WINDOWS\system32\DRIVERS\V0350Vid.sys [2007-08-29 01:03]

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-11 15:37:37
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ASFWHide]
"ImagePath"="\??\C:\DOCUME~1\Andrzej\USTAWI~1\Temp\ASFWHide"
.
Completion time: 2008-06-11 15:38:24
ComboFix-quarantined-files.txt 2008-06-11 13:38:16
ComboFix2.txt 2008-06-11 13:00:35

Pre-Run: 4,286,365,696 bajtów wolnych
Post-Run: 4,276,068,352 bajtów wolnych

243 --- E O F --- 2007-12-17 14:30:38

[Amadeusz]

Co mam dalej robić? Czy wszystko jest już dobrze?

[huber2t]

Nie jestem pewny wiec daj log z HijackThis

[Amadeusz]

Oto log;

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:12:01, on 2008-06-11
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\WINDOWS\V0350Mon.exe
D:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [WheelMouse] D:\Program Files\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [WinampAgent] "D:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Programy\Adobe Reader 8.1\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [V0350Mon.exe] C:\WINDOWS\V0350Mon.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "D:\Programy\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Creative Live! Cam Manager] "D:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://D:\Programy\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virus ... nicode.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/ ... /CTPID.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 7616 bytes

[huber2t]

fix w hijackthis

O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [V0350Mon.exe] C:\WINDOWS\V0350Mon.exe

Wyłącz przywracanie systemu na wszystkich dyskach. Instrukcja

Przeskanuj obszar mojego komputera http://www.kaspersky.pl/virusscanner.html (uruchom przez IE) Daj raport z niego na forum

Włącz przywracanie systemu.

[Amadeusz]

Dobrze zrobię jak mówisz.

[Amadeusz]

Oto raport ze skanera Kaspersky ;

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
11 czerwiec 2008 17:03:07
System operacyjny: Microsoft Windows XP Professional, Dodatek Service Pack 2 (Build 2600)
Kaspersky Online Scanner wersja: 5.0.98.0
Ostatnia aktualizacja Kaspersky Anti-Virus12/06/2008
Liczba wpisów w bazie danych Kaspersky Anti-Virus856010
-------------------------------------------------------------------------------

Ustawienia skanowania:
Skanowanie przy użyciu następujących baz danych: rozszerzone
Skanuj archiwa: tak
Skanuj pocztowe bazy danych: tak

Obszar skanowania - Mój komputer:
A:\
C:\
D:\
E:\
F:\
L:\

Statystyki skanowania:
Liczba skanowanych obiektów: 45878
Liczba wykrytych wirusów: 7
Liczba zainfekowanych obiektów: 7
Liczba podejrzanych obiektów: 6
Czas trwania skanowania: 00:39:08

Nazwa zainfekowanego obiektu / Nazwa wirusa / Ostatnie działanie
C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy\Recovery\SmitfraudC1.zip/winmgnt.exe Podejrzanych: Password-protected-EXE pominięty
C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy\Recovery\SmitfraudC1.zip ZIP: podejrzany - 1 pominięty
C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy\Recovery\SmitfraudC10.zip/accesss.exe Podejrzanych: Password-protected-EXE pominięty
C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy\Recovery\SmitfraudC10.zip ZIP: podejrzany - 1 pominięty
C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy\Recovery\SmitfraudC11.zip/olehelp.exe Podejrzanych: Password-protected-EXE pominięty
C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy\Recovery\SmitfraudC11.zip ZIP: podejrzany - 1 pominięty
C:\Documents and Settings\Andrzej\Cookies\index.dat Object is locked pominięty
C:\Documents and Settings\Andrzej\Dane aplikacji\Mozilla\Firefox\Profiles\r7f9ukbd.default\cert8.db Object is locked pominięty
C:\Documents and Settings\Andrzej\Dane aplikacji\Mozilla\Firefox\Profiles\r7f9ukbd.default\flashgot.log Object is locked pominięty
C:\Documents and Settings\Andrzej\Dane aplikacji\Mozilla\Firefox\Profiles\r7f9ukbd.default\formhistory.dat Object is locked pominięty
C:\Documents and Settings\Andrzej\Dane aplikacji\Mozilla\Firefox\Profiles\r7f9ukbd.default\GoogleToolbarData\googlesafebrowsing.db Object is locked pominięty
C:\Documents and Settings\Andrzej\Dane aplikacji\Mozilla\Firefox\Profiles\r7f9ukbd.default\history.dat Object is locked pominięty
C:\Documents and Settings\Andrzej\Dane aplikacji\Mozilla\Firefox\Profiles\r7f9ukbd.default\key3.db Object is locked pominięty
C:\Documents and Settings\Andrzej\Dane aplikacji\Mozilla\Firefox\Profiles\r7f9ukbd.default\parent.lock Object is locked pominięty
C:\Documents and Settings\Andrzej\Dane aplikacji\Mozilla\Firefox\Profiles\r7f9ukbd.default\search.sqlite Object is locked pominięty
C:\Documents and Settings\Andrzej\Dane aplikacji\Mozilla\Firefox\Profiles\r7f9ukbd.default\urlclassifier2.sqlite Object is locked pominięty
C:\Documents and Settings\Andrzej\Dane aplikacji\Teleca\Telecalib\Logging\Application logs\SpecificUSB_log.txt Object is locked pominięty
C:\Documents and Settings\Andrzej\NTUSER.DAT Object is locked pominięty
C:\Documents and Settings\Andrzej\ntuser.dat.LOG Object is locked pominięty
C:\Documents and Settings\Andrzej\Ustawienia lokalne\Dane aplikacji\Microsoft\CardSpace\CardSpace.db Object is locked pominięty
C:\Documents and Settings\Andrzej\Ustawienia lokalne\Dane aplikacji\Microsoft\CardSpace\CardSpace.db.shadow Object is locked pominięty
C:\Documents and Settings\Andrzej\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat Object is locked pominięty
C:\Documents and Settings\Andrzej\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat.LOG Object is locked pominięty
C:\Documents and Settings\Andrzej\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\r7f9ukbd.default\Cache\_CACHE_001_ Object is locked pominięty
C:\Documents and Settings\Andrzej\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\r7f9ukbd.default\Cache\_CACHE_002_ Object is locked pominięty
C:\Documents and Settings\Andrzej\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\r7f9ukbd.default\Cache\_CACHE_003_ Object is locked pominięty
C:\Documents and Settings\Andrzej\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\r7f9ukbd.default\Cache\_CACHE_MAP_ Object is locked pominięty
C:\Documents and Settings\Andrzej\Ustawienia lokalne\Historia\History.IE5\index.dat Object is locked pominięty
C:\Documents and Settings\Andrzej\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat Object is locked pominięty
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked pominięty
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked pominięty
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked pominięty
C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat Object is locked pominięty
C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat.LOG Object is locked pominięty
C:\Documents and Settings\LocalService\Ustawienia lokalne\Historia\History.IE5\index.dat Object is locked pominięty
C:\Documents and Settings\LocalService\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat Object is locked pominięty
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked pominięty
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked pominięty
C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat Object is locked pominięty
C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat.LOG Object is locked pominięty
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked pominięty
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked pominięty
C:\Program Files\Alwil Software\Avast4\DATA\integ\avast.int Object is locked pominięty
C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked pominięty
C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked pominięty
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked pominięty
C:\Program Files\Alwil Software\Avast4\DATA\log\selfdef.log Object is locked pominięty
C:\Program Files\Alwil Software\Avast4\DATA\report\Osłona rezydentna.txt Object is locked pominięty
C:\QooBox\Quarantine\C\Documents and Settings\Andrzej\Dane aplikacji\Microsoft\dtsc\8491.exe.vir Zainfekowanych: Trojan-Downloader.Win32.Agent.shg pominięty
C:\QooBox\Quarantine\C\Program Files\AntispyStorm\uninstall.exe.vir Zainfekowanych: not-a-virus:FraudTool.Win32.SpyAway.q pominięty
C:\QooBox\Quarantine\C\Program Files\SpyMaxx\uninstall.exe.vir Zainfekowanych: not-a-virus:FraudTool.Win32.SpyAway.p pominięty
C:\QooBox\Quarantine\C\WINDOWS\lfn.exe.vir Zainfekowanych: not-virus:Hoax.Win32.Renos.cvz pominięty
C:\QooBox\Quarantine\C\WINDOWS\system32\iftuyszv.exe.vir Zainfekowanych: not-virus:Hoax.Win32.Renos.cvz pominięty
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked pominięty
C:\WINDOWS\444.0 Zainfekowanych: Trojan.Win32.DNSChanger.ejb pominięty
C:\WINDOWS\Debug\PASSWD.LOG Object is locked pominięty
C:\WINDOWS\SchedLgU.Txt Object is locked pominięty
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked pominięty
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked pominięty
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked pominięty
C:\WINDOWS\system32\config\ACEEvent.evt Object is locked pominięty
C:\WINDOWS\system32\config\Antivirus.Evt Object is locked pominięty
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked pominięty
C:\WINDOWS\system32\config\default Object is locked pominięty
C:\WINDOWS\system32\config\default.LOG Object is locked pominięty
C:\WINDOWS\system32\config\SAM Object is locked pominięty
C:\WINDOWS\system32\config\SAM.LOG Object is locked pominięty
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked pominięty
C:\WINDOWS\system32\config\SECURITY Object is locked pominięty
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked pominięty
C:\WINDOWS\system32\config\software Object is locked pominięty
C:\WINDOWS\system32\config\software.LOG Object is locked pominięty
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked pominięty
C:\WINDOWS\system32\config\system Object is locked pominięty
C:\WINDOWS\system32\config\system.LOG Object is locked pominięty
C:\WINDOWS\system32\drivers\atapi.sys Object is locked pominięty
C:\WINDOWS\system32\drivers\dtscsi.sys Object is locked pominięty
C:\WINDOWS\system32\drivers\sptd.sys Object is locked pominięty
C:\WINDOWS\system32\drivers\sptd5485.sys Object is locked pominięty
C:\WINDOWS\system32\h323log.txt Object is locked pominięty
C:\WINDOWS\system32\vntiho06\vntiho061083.exe Zainfekowanych: Trojan-Downloader.Win32.VB.epp pominięty
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked pominięty
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked pominięty
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked pominięty
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked pominięty
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked pominięty
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked pominięty
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked pominięty
C:\WINDOWS\Temp\Perflib_Perfdata_67c.dat Object is locked pominięty
C:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked pominięty
C:\WINDOWS\WindowsUpdate.log Object is locked pominięty
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked pominięty
E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked pominięty

Proces skanowania został zakończony.

[huber2t]

Usuń ten folder:
C:\QooBox

Usuń te pliki:
C:\WINDOWS\444.0
C:\WINDOWS\system32\vntiho06\vntiho061083.exe

[Amadeusz]

Myślę że wszystko jest już dobrze.

Bardzo dziękuje za pomoc.
Za poświęcony czas i za tak szybką odpowiedz.
Pozdrawiam serdecznie.