Prosze o sprawdzenie loga- zamulenie komputera

[optimus9292]

No i znowu mam problem z wirusami komp max muli Podkreślam , ze log robiony był zaraz po skanowaniu, kasperky wykrył wirusa w combofixie(stwierdziłem że powstały jakieś dziwne pliki i foldery które są pod nazwą Combofix i QooBox a o ile pamiętam ten drugi na bank kasowałem ostatnio)dlatego daje tylko log z Hijacka. Jest jeszcze problem z jakimś procesem rundll32.exe zawsze przy wyłączaniu komptera aplikacja nie chce się zamkonąć i trzeba wyłączać procesy.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:42:14, on 2008-01-16
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\igfxsrvc32.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Netia\Net\netianet.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [WinDLL (msygl32.exe)] rundll32.exe C:\WINDOWS\System32\msygl32.exe,start
O4 - HKLM\..\Run: [MicroSoft Visual SP2] igfxsrvc32.exe
O4 - HKLM\..\Run: [WinDLL (mysnlive.exe)] rundll32.exe C:\WINDOWS\System32\mysnlive.exe,start
O4 - HKLM\..\Run: [WinDLL (vinampd.exe)] rundll32.exe C:\WINDOWS\System32\vinampd.exe,start
O4 - HKLM\..\RunServices: [MicroSoft Visual SP2] igfxsrvc32.exe
O4 - HKLM\..\RunOnce: [MicroSoft Visual SP2] igfxsrvc32.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [MicroSoft Visual SP2] igfxsrvc32.exe
O4 - HKCU\..\RunOnce: [MicroSoft Visual SP2] igfxsrvc32.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-21-1757981266-1343024091-725345543-1003\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray (User '?')
O4 - HKUS\S-1-5-21-1757981266-1343024091-725345543-1003\..\RunOnce: [MicroSoft Visual SP2] igfxsrvc32.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-18\..\RunOnce: [MicroSoft Visual SP2] igfxsrvc32.exe (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [MicroSoft Visual SP2] igfxsrvc32.exe (User 'Default user')
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Statystyki dla ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O17 - HKLM\System\CCS\Services\Tcpip\..\{FE59346C-5E89-47E8-A922-EC0502647C49}: NameServer = 213.241.79.37 83.238.255.76
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 5048 bytes

[pp3088]

O4 - HKLM\..\Run: [WinDLL (msygl32.exe)] rundll32.exe C:\WINDOWS\System32\msygl32.exe,start
O4 - HKLM\..\Run: [MicroSoft Visual SP2] igfxsrvc32.exe
O4 - HKLM\..\Run: [WinDLL (mysnlive.exe)] rundll32.exe C:\WINDOWS\System32\mysnlive.exe,start
O4 - HKLM\..\Run: [WinDLL (vinampd.exe)] rundll32.exe C:\WINDOWS\System32\vinampd.exe,start
O4 - HKLM\..\RunServices: [MicroSoft Visual SP2] igfxsrvc32.exe
O4 - HKLM\..\RunOnce: [MicroSoft Visual SP2] igfxsrvc32.exe
O4 - HKCU\..\Run: [MicroSoft Visual SP2] igfxsrvc32.exe
O4 - HKCU\..\RunOnce: [MicroSoft Visual SP2] igfxsrvc32.exe

Wpisy usuwasz. Pogrubione pliki ręcznie=do kosza i usuń.

[optimus9292]

Tych trzech pierwszych plików to nie ma a igfxsrvc32.exe nie można usunąć jest odmowa dostępu. a to nowy log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:45:34, on 2008-01-17
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\igfxsrvc32.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\WINDOWS\SynCor.exe
C:\Program Files\Netia\Net\netianet.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [MicroSoft Visual SP2] igfxsrvc32.exe
O4 - HKLM\..\RunServices: [MicroSoft Visual SP2] igfxsrvc32.exe
O4 - HKLM\..\RunOnce: [MicroSoft Visual SP2] igfxsrvc32.exe
O4 - HKCU\..\Run: [MicroSoft Visual SP2] igfxsrvc32.exe
O4 - HKCU\..\RunOnce: [MicroSoft Visual SP2] igfxsrvc32.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-21-1757981266-1343024091-725345543-1003\..\Run: [MicroSoft Visual SP2] igfxsrvc32.exe (User '?')
O4 - HKUS\S-1-5-21-1757981266-1343024091-725345543-1003\..\RunOnce: [MicroSoft Visual SP2] igfxsrvc32.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-18\..\RunOnce: [MicroSoft Visual SP2] igfxsrvc32.exe (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [MicroSoft Visual SP2] igfxsrvc32.exe (User 'Default user')
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Statystyki dla ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O17 - HKLM\System\CCS\Services\Tcpip\..\{FE59346C-5E89-47E8-A922-EC0502647C49}: NameServer = 213.241.79.37 83.238.255.76
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 4662 bytes

[Bozz]

Start Uruchom wpisujesz 'msconfig' Zakładka uruchamianie i zostaw zaznaczone tylko:
ATIptaxx
Kaspersky

Później restart

[optimus9292]

No dobra zrobiłem to co kazałeś,tylko o ile się orientuje to tylko wyłączy "działanie tego czegoś" znaczy nie będzie mi zwalniało kompa bo się nie będzie włączało ale to chyba do końc NIE USUWA PROBLEMU, a może się myle???

[Bozz]

Jak nadal nie można usunąć tych plików to spróbuj KillBox'em

[optimus9292]

usunąłem te pliki KillBoxem tylko że chyba znowu mam sassera bo znowu pokazuje się błąd z plikiem lsass.exe i system resetuje się po 60s

[tirex52]

hmm.. miałem coś takiego, mam pytanie, nie podłączałeś ostatnio pendriva do kompa np. w szkole, pracy etc. Ja miałem coś takiego działo się dokładnie to samo co ty masz jakiś błąd wyskakiwał
Zobacz tutaj
http://www.searchengines.pl/lofiversion ... 94761.html

[optimus9292]

nie nie przypominam sobie żebym podłączał w ostatnim czasie, proszę o pomoc bo to jest już nie do zniesienia. na komputerze nie idzie nic zrobić bo nie dość że muli to się jeszcze wyłącza

[pp3088]

Dobra startujesz do awaryjnego(start>>uruchom>>msconfig>>boot.ini>>safeboot>>reset) i usuwasz C:\WINDOWS\System32\igfxsrvc32.exe

[optimus9292]

Nie ma opcji reset, no chyba że jestem ślepy i czytać nie umiem, Komputer już chodzi w miare dobrze dodaje nowy log


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:04:23, on 2008-01-19
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Netia\Net\netianet.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [MicroSoft Visual SP2] igfxsrvc32.exe
O4 - HKLM\..\RunServices: [MicroSoft Visual SP2] igfxsrvc32.exe
O4 - HKCU\..\Run: [MicroSoft Visual SP2] igfxsrvc32.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-21-1757981266-1343024091-725345543-1003\..\Run: [MicroSoft Visual SP2] igfxsrvc32.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-18\..\Run: [MicroSoft Visual SP2] igfxsrvc32.exe (User '?')
O4 - HKUS\S-1-5-18\..\RunOnce: [MicroSoft Visual SP2] igfxsrvc32.exe (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [MicroSoft Visual SP2] igfxsrvc32.exe (User 'Default user')
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Statystyki dla ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O17 - HKLM\System\CCS\Services\Tcpip\..\{FE59346C-5E89-47E8-A922-EC0502647C49}: NameServer = 213.241.79.37 83.238.255.76
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 4198 bytes

[pp3088]

Aj reset własnoręczny.

[optimus9292]

Ah dobra dzięki , teraz jest ok, ale zobaczymy jak długo Dla pewności dodaje log z Combofixa


ComboFix 08-01-20.1 - Dom 2008-01-20 16:18:27.7 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.0.1250.1.1045.18.590 [GMT 1:00]
Running from: C:\Documents and Settings\Dom\Pulpit\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\.exe
C:\WINDOWS\system32\ftpupd.exe
C:\WINDOWS\system32\micr0st.dll
C:\WINDOWS\system32\msssc.dll

.
((((((((((((((((((((((((( Files Created from 2007-12-20 to 2008-01-20 )))))))))))))))))))))))))))))))
.

2008-01-20 00:13 . 2008-01-20 00:14 72,552 --a------ C:\WINDOWS\system32\hqghumea.dll
2008-01-20 00:11 . 2008-01-20 16:17 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab
2008-01-20 00:11 . 2008-01-20 12:42 1,600,288 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-01-20 00:11 . 2008-01-20 00:15 91,492 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-01-20 00:11 . 2008-01-20 00:15 85,860 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-01-20 00:11 . 2008-01-20 14:44 5,408 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-01-20 00:11 . 2008-01-20 00:16 1,556 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-01-20 00:11 . 2008-01-20 00:16 1,148 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-01-19 18:13 . 2008-01-19 18:14 <DIR> d-------- C:\Program Files\No1 DVD Ripper
2008-01-19 18:13 . 2008-01-19 18:13 <DIR> d-------- C:\Documents and Settings\Dom\Dane aplikacji\dvdcss
2008-01-19 18:13 . 2008-01-19 18:13 67 --a------ C:\WINDOWS\#1 DVD Ripper.INI
2008-01-19 18:12 . 2008-01-19 18:12 67 --a------ C:\WINDOWS\Amadis DVD Ripper.INI
2008-01-19 18:11 . 2008-01-19 18:11 <DIR> d-------- C:\Program Files\Amadis Software
2008-01-19 17:47 . 2008-01-19 18:13 <DIR> d-------- C:\Program Files\1st DVD Ripper
2008-01-19 14:31 . 2008-01-19 14:31 <DIR> d-------- C:\Program Files\Super DVD Ripper
2008-01-19 14:19 . 2008-01-19 14:19 <DIR> d-------- C:\Documents and Settings\Dom\Dane aplikacji\DAEMON Tools
2008-01-19 12:58 . 2008-01-19 13:00 <DIR> d-------- C:\Program Files\DaemonScript
2008-01-14 16:26 . 2008-01-14 16:26 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-01-07 19:51 . 2008-01-07 20:10 <DIR> d-------- C:\Program Files\Deutsch Translator 2
2008-01-06 19:59 . 2008-01-06 19:59 492 --a------ C:\WINDOWS\MAXLINK.INI
2008-01-06 19:58 . 2008-01-13 22:10 <DIR> d-------- C:\Program Files\ABBYY FineReader 4.0 Sprint
2008-01-06 19:49 . 2002-04-15 15:08 196,608 -ra------ C:\WINDOWS\system32\SBMiniDrv.dll
2008-01-06 19:49 . 2003-05-13 17:02 118,784 -ra------ C:\WINDOWS\system32\MKCoInstaller.dll
2008-01-06 19:49 . 2008-01-06 19:49 86,400 --a------ C:\WINDOWS\~GLC0000.TMP
2008-01-06 19:49 . 2003-02-18 09:08 17,504 -ra------ C:\WINDOWS\system32\drivers\gt680x.sys
2008-01-06 19:49 . 2001-11-29 14:17 8,192 -ra------ C:\WINDOWS\system32\drivers\SBfw.usb
2008-01-06 14:59 . 2008-01-06 14:59 <DIR> d-------- C:\Program Files\EA GAMES
2008-01-05 12:29 . 2008-01-05 12:29 <DIR> d-------- C:\Documents and Settings\Dom\Dane aplikacji\InterVideo
2008-01-05 11:55 . 2008-01-05 11:55 <DIR> d-------- C:\Program Files\InterVideo
2008-01-04 20:51 . 2004-08-18 09:34 442,368 -ra------ C:\WINDOWS\system32\vp6vfw.dll
2008-01-03 21:51 . 2008-01-03 21:51 2,855 --a------ C:\WINDOWS\system32\win32.PIF
2008-01-03 21:50 . 2008-01-03 21:50 <DIR> d--h----- C:\WINDOWS\PIF
2008-01-03 19:00 . 2008-01-18 17:57 0 --a------ C:\adware.exe
2008-01-03 15:52 . 2008-01-03 21:26 73 --a------ C:\WINDOWS\system32\i
2008-01-03 15:48 . 2008-01-16 20:36 <DIR> d-------- C:\Program Files\Silent
2008-01-03 15:43 . 2008-01-03 15:43 <DIR> d-------- C:\WINDOWS\ERUNT
2008-01-03 15:42 . 2008-01-03 15:42 <DIR> dr------- C:\Documents and Settings\Administrator\Ulubione
2008-01-03 15:42 . 2008-01-03 15:44 <DIR> d-------- C:\Documents and Settings\Administrator\Pulpit
2008-01-03 15:42 . 2008-01-03 15:42 <DIR> d-------- C:\Documents and Settings\Administrator\Menu Start
2008-01-02 14:34 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-12-30 19:14 . 2008-01-19 13:10 <DIR> d-------- C:\Program Files\D-Tools
2007-12-30 19:11 . 2007-12-30 19:11 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2007-12-28 00:48 . 2007-12-28 10:52 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2007-12-28 00:32 . 2007-12-28 00:32 <DIR> d-------- C:\Program Files\GameSpy Arcade
2007-12-25 19:10 . 2007-12-25 19:10 <DIR> d-------- C:\WINDOWS\system32\Nowy folder
2007-12-24 14:08 . 2008-01-20 00:11 <DIR> d-------- C:\Program Files\Kaspersky Lab
2007-12-24 14:04 . 2008-01-20 00:05 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files
2007-12-24 11:34 . 2007-12-24 11:39 20,101 --a------ C:\WINDOWS\system32\cx.exe
2007-12-24 08:32 . 2007-12-24 08:32 <DIR> d---s---- C:\WINDOWS\system32\Microsoft
2007-12-24 08:32 . 2007-12-24 08:33 <DIR> d-------- C:\Program Files\TuneUp Utilities 2007
2007-12-24 08:32 . 2007-12-24 08:32 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-24 08:32 . 2007-12-24 08:32 <DIR> d-------- C:\Documents and Settings\Dom\Dane aplikacji\TuneUp Software
2007-12-24 08:32 . 2007-12-24 08:32 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\TuneUp Software
2007-12-24 08:32 . 2007-05-16 09:41 29,704 --a------ C:\WINDOWS\system32\uxtuneup.dll
2007-12-24 08:06 . 2007-12-24 08:14 20,102 --a------ C:\WINDOWS\system32\dfs.exe
2007-12-24 07:13 . 2007-12-29 21:47 <DIR> d-------- C:\Program Files\dfrerter
2007-12-24 07:10 . 2007-12-24 11:18 625,789 --a------ C:\WINDOWS\system32\dfsdfs.exe
2007-12-23 23:51 . 2007-12-24 08:43 <DIR> d-------- C:\Program Files\Spyware Doctor
2007-12-23 23:51 . 2007-12-23 23:51 <DIR> d-------- C:\Documents and Settings\Dom\Dane aplikacji\PC Tools
2007-12-23 23:51 . 2007-10-18 00:16 79,688 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2007-12-23 23:51 . 2007-10-18 00:15 62,280 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2007-12-23 23:51 . 2007-10-18 00:14 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-12-23 23:51 . 2007-10-18 00:16 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2007-12-23 22:54 . 2007-12-23 22:54 20,117 --a------ C:\WINDOWS\system32\cgdfs.exe
2007-12-23 17:56 . 2008-01-10 20:11 <DIR> d--h----- C:\Documents and Settings\Administrator\Ustawienia lokalne
2007-12-23 17:56 . 2007-12-23 18:01 <DIR> d-------- C:\Documents and Settings\Administrator\Szablony
2007-12-23 17:56 . 2007-12-23 18:01 <DIR> d-------- C:\Documents and Settings\Administrator\Dane aplikacji
2007-12-23 10:41 . 2008-01-19 22:20 116 --a------ C:\WINDOWS\NeroDigital.ini
2007-12-22 16:48 . 2007-12-22 16:48 <DIR> d-------- C:\Program Files\Common Files\Ahead
2007-12-22 16:48 . 2007-12-22 16:48 <DIR> d-------- C:\Program Files\Ahead
2007-12-22 16:48 . 2004-07-26 17:16 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
2007-12-22 16:48 . 2004-07-26 17:16 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
2007-12-22 16:48 . 2004-07-26 17:16 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
2007-12-22 16:48 . 2004-07-09 09:43 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll
2007-12-22 16:48 . 2004-07-26 17:16 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
2007-12-22 16:48 . 2006-01-12 16:40 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2007-12-22 16:48 . 2005-09-01 12:03 127,488 --------- C:\WINDOWS\system32\drivers\imagesrv.sys
2007-12-22 16:48 . 2000-06-26 11:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2007-12-22 16:48 . 2005-09-01 12:03 5,888 --------- C:\WINDOWS\system32\drivers\imagedrv.sys
2007-12-21 15:26 . 2007-12-21 15:26 269,334 --a------ C:\WINDOWS\system32\epsbat.bmp
2007-12-21 15:19 . 2007-12-21 15:19 269,334 --a------ C:\WINDOWS\system32\ihkred.bmp
2007-12-21 13:29 . 2007-12-21 13:29 269,334 --a------ C:\WINDOWS\system32\ehcfml.bmp
2007-12-21 13:19 . 2007-12-21 13:19 33,952 --a------ C:\WINDOWS\system32\drivers\oreans32.sys
2007-12-21 13:14 . 2007-12-21 13:14 269,334 --a------ C:\WINDOWS\system32\cfqtgr.bmp
2007-12-21 12:55 . 2007-12-21 12:55 269,334 --a------ C:\WINDOWS\system32\lcnidojahsnih.bmp
2007-12-21 11:03 . 2007-12-21 11:03 269,334 --a------ C:\WINDOWS\system32\dgnmdkred.bmp
2007-12-21 10:11 . 2007-12-21 10:12 109 --ahs---- C:\WINDOWS\system32\2958199783.dat
2007-12-21 08:11 . 2007-12-21 08:11 269,334 --a------ C:\WINDOWS\system32\nelgbehkn.bmp
2007-12-21 08:09 . 2007-12-21 08:09 269,334 --a------ C:\WINDOWS\system32\apgrmhsrepor.bmp
2007-12-20 23:04 . 2007-12-20 23:04 269,334 --a------ C:\WINDOWS\system32\cbmlofqd.bmp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-19 23:02 1,388,544 ----a-w C:\WINDOWS\system32\msvbvm60.dll
2008-01-19 12:11 716,272 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-01-11 15:14 --------- d-----w C:\Documents and Settings\Dom\Dane aplikacji\Skype
2008-01-11 15:13 --------- d-----w C:\Documents and Settings\Dom\Dane aplikacji\skypePM
2008-01-06 18:49 86,400 ----a-w C:\WINDOWS\~GLC0000.TMP
2008-01-05 10:55 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-02 16:51 --------- d-----w C:\Program Files\Trend Micro
2007-12-29 20:50 --------- d---a-w C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2007-12-27 23:02 --------- d-----w C:\Program Files\Gadu-Gadu
2007-12-26 22:15 --------- d-----w C:\Program Files\Google
2007-12-14 20:00 32 ----a-w C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat
2007-12-14 19:57 --------- d-----w C:\Program Files\Skype
2007-12-14 19:57 --------- d-----w C:\Program Files\Common Files\Skype
2007-12-14 19:57 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Skype
2007-12-13 20:50 --------- d-----w C:\Program Files\Hewlett-Packard
2007-12-13 19:13 --------- d-----w C:\Program Files\HP
2007-12-10 15:45 --------- d-----w C:\Program Files\Common Files\Adobe
2007-12-09 14:25 --------- d-----w C:\Program Files\BearShare Applications
2007-12-08 18:17 --------- d-----w C:\Documents and Settings\Dom\Dane aplikacji\Gadu-Gadu
2007-12-08 16:28 --------- d-----w C:\Program Files\Neostrada TP
2007-12-08 15:31 --------- d-----w C:\Program Files\Thomson
2007-12-08 15:30 --------- d-----w C:\Program Files\Java
2007-12-08 15:27 --------- d-----w C:\Program Files\Netia
2007-12-08 15:20 --------- d-----w C:\Program Files\Alwil Software
2007-12-08 12:33 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-12-07 22:41 108,144 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-12-07 19:20 --------- d-----w C:\Program Files\SubEdit-Player
2007-12-07 19:17 --------- d-----w C:\Program Files\Winamp
2007-12-07 19:13 --------- d-----w C:\Program Files\Microsoft.NET
2007-12-07 19:13 --------- d-----w C:\Program Files\Microsoft Works
2007-12-07 19:05 --------- d-----w C:\Program Files\ATI Technologies
2007-12-07 18:50 --------- d-----w C:\Program Files\ASUS
2007-12-07 18:48 --------- d-----w C:\Program Files\Analog Devices
2007-12-07 18:46 --------- d--h--w C:\Program Files\Uninstall Information
2007-12-07 18:43 --------- d-----w C:\Program Files\microsoft frontpage
2007-12-07 18:40 --------- d-----w C:\Program Files\Usługi online
2001-10-26 17:29 502,784 --sh--r C:\WINDOWS\system32\azwkpo.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MicroSoft Visual SP2"="igfxsrvc32.exe" []
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-11-14 11:54 2131392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2007-06-28 12:51 218376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2001-10-26 18:29 13312]
"Microsoft Winedows rpdate"="zpacdh.exe" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~2.0\adialhk.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Bfj36.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Fjm72.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^InterVideo WinCinema Manager.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\InterVideo WinCinema Manager.lnk
backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AntiVirusPro]
C:\Program Files\AntiVirusPro\AntiVirusPro.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2001-10-26 18:29 13312 C:\WINDOWS\System32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmona]
C:\WINDOWS\System32\ctfmona.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
C:\Program Files\D-Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu]
--a------ 2007-11-14 11:54 2131392 C:\Program Files\Gadu-Gadu\gg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
--a------ 2003-12-22 08:38 241664 C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2004-02-18 18:55 49152 C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
--a------ 2004-03-04 16:46 172032 C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Internet Firewall Layer]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MicroSoft Legal Syst3m32]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MicroSoft Visual SP2]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Windows Updeta]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2001-08-02 07:14 1077277 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 16:40 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NETIANET]
--a------ 2007-12-01 18:08 493568 C:\Program Files\Netia\Net\netianet.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2007-12-07 15:08 21686568 C:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedTouch USB Diagnostics]
--a------ 2004-01-26 11:38 866816 C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sysrest32.exe]
C:\WINDOWS\System32\sysrest32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinDLL (mysnlive.exe)]
C:\WINDOWS\System32\mysnlive.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinDLL (vinampd.exe)]
C:\WINDOWS\System32\vinampd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Logon Application]
C:\WINDOWS\System32\winIogon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WintelUpdate]
C:\otfd.exe

R1 oreans32;oreans32;C:\WINDOWS\system32\drivers\oreans32.sys [2007-12-21 13:19]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2001-10-26 18:30]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\System32\DRIVERS\klim5.sys [2007-04-04 14:58]
S0 Bfj36;Bfj36;C:\WINDOWS\System32\Drivers\Bfj36.sys []
S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2001-08-17 22:03]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

.
Contents of the 'Scheduled Tasks' folder
"2008-01-04 16:17:58 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-20 16:20:00
Windows 5.1.2600 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-20 16:20:39
ComboFix-quarantined-files.txt 2008-01-20 15:20:28

[optimus9292]

A jednak nie jest wporządku, komputer chodzi dalej wolno, a przeglądarka się zacina i trzeba resetować komputer bo nie idzie jej wyłączyć pisze że brak odpowiedzi.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:37:42, on 2008-01-21
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Netia\Net\netianet.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKCU\..\Run: [MicroSoft Visual SP2] igfxsrvc32.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Dodaj do blokowanych banerów - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Statystyki dla ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O17 - HKLM\System\CCS\Services\Tcpip\..\{FE59346C-5E89-47E8-A922-EC0502647C49}: NameServer = 213.241.79.37 83.238.255.76
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~2.0\adialhk.dll
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 3738 bytes