Trojan(?) Proszę o sprawdzenie loga

[Kooriyume]

Witam! W ogóle się nie znam na wirusach etc. i mam jeden problem (chyba) z trojanem T_T
Na pulpicie i w Menu Start za każdym razem jak włączę komputer pojawiają mi się 2 ikony:
"Live Safety Center" i "Online Security Guide", wyskakują ciągle komunikaty o możliwości pobrania programów, które rzekomo mają się tego pozbyć, przy czym nie mogę żadnego pliku czy folderu skopiować ani przenieść. W dodatku te ikony jak sprawdziłam mają swoje miejsce docelowe na jakiejś stronie. Bardzo bym prosiła o pomoc, bo nie chciałabym tak od razu formatować wszystkiego . Może to coś da, a na logach się nie znam. Z góry dzięki!

Kod: Zaznacz wszystko

ComboFix 07-11-08.1 - prywatny 2007-11-15 13:10:47.1 - NTFSx86
Running from: C:\Documents and Settings\prywatny\Pulpit\ComboFix.exe
.

   Unable to gain System Privileges

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Menu Start\Live Safety Center.lnk
C:\Documents and Settings\All Users\Menu Start\Online Security Guide.lnk
C:\Program Files\comet
C:\Program Files\comet\MCC_Install.exe
C:\Program Files\instant access
C:\Program Files\instant access\Center\Icons\Sevenline.lnk
C:\Program Files\instant access\Center\Sevenline.upd
C:\Program Files\instant access\Center\tray1.ico
C:\Program Files\instant access\Dialer\1010800026\us2-external-api.dlv4.com\js\c8ad388446f8f7d5aba829ca591b4de1
C:\Program Files\instant access\Dialer\1010800026\us2-scripts.dlv4.com\Common\c66091f0d1a3ad8b27dca923e11d5d3e.html
C:\Program Files\instant access\Dialer\1010800026\us2-scripts.dlv4.com\custom\4239\EN\button1.gif
C:\Program Files\instant access\Dialer\1010800026\us2-scripts.dlv4.com\custom\4239\EN\button2.gif
C:\Program Files\instant access\Dialer\1010800026\us2-scripts.dlv4.com\custom\4239\EN\button3.gif
C:\Program Files\instant access\Dialer\1010800026\us2-scripts.dlv4.com\custom\4239\EN\button4.gif
C:\Program Files\instant access\Dialer\1027949407\us2-external-api.dlv4.com\js\76f1afb26916607fd542445aa25b9a0d
C:\Program Files\instant access\Dialer\1027949407\us2-scripts.dlv4.com\Common\c66091f0d1a3ad8b27dca923e11d5d3e.html
C:\Program Files\instant access\Dialer\1027949407\us2-scripts.dlv4.com\custom\4239\EN\button1.gif
C:\Program Files\instant access\Dialer\1027949407\us2-scripts.dlv4.com\custom\4239\EN\button2.gif
C:\Program Files\instant access\Dialer\1027949407\us2-scripts.dlv4.com\custom\4239\EN\button3.gif
C:\Program Files\instant access\Dialer\1027949407\us2-scripts.dlv4.com\custom\4239\EN\button4.gif
C:\Program Files\instant access\Dialer\1074308498\us2-external-api.dlv4.com\js\c8ad388446f8f7d5aba829ca591b4de1
C:\Program Files\instant access\Dialer\1074308498\us2-scripts.dlv4.com\Common\c66091f0d1a3ad8b27dca923e11d5d3e.html
C:\Program Files\instant access\Dialer\1074308498\us2-scripts.dlv4.com\custom\4239\EN\button1.gif
C:\Program Files\instant access\Dialer\1074308498\us2-scripts.dlv4.com\custom\4239\EN\button2.gif
C:\Program Files\instant access\Dialer\1074308498\us2-scripts.dlv4.com\custom\4239\EN\button3.gif
C:\Program Files\instant access\Dialer\1074308498\us2-scripts.dlv4.com\custom\4239\EN\button4.gif
C:\Program Files\instant access\Dialer\1147297280\us2-external-api.dlv4.com\js\7064f31e9b17c9311de45135d4844623
C:\Program Files\instant access\Dialer\1147297280\us2-scripts.dlv4.com\Common\c66091f0d1a3ad8b27dca923e11d5d3e.html
C:\Program Files\instant access\Dialer\1147297280\us2-scripts.dlv4.com\custom\4239\EN\button1.gif
C:\Program Files\instant access\Dialer\1147297280\us2-scripts.dlv4.com\custom\4239\EN\button2.gif
C:\Program Files\instant access\Dialer\1147297280\us2-scripts.dlv4.com\custom\4239\EN\button3.gif
C:\Program Files\instant access\Dialer\1147297280\us2-scripts.dlv4.com\custom\4239\EN\button4.gif
C:\Program Files\instant access\Dialer\15779549\us2-external-api.dlv4.com\js\c8ad388446f8f7d5aba829ca591b4de1
C:\Program Files\instant access\Dialer\15779549\us2-scripts.dlv4.com\Common\c66091f0d1a3ad8b27dca923e11d5d3e.html
C:\Program Files\instant access\Dialer\15779549\us2-scripts.dlv4.com\custom\4239\EN\button1.gif
C:\Program Files\instant access\Dialer\15779549\us2-scripts.dlv4.com\custom\4239\EN\button2.gif
C:\Program Files\instant access\Dialer\15779549\us2-scripts.dlv4.com\custom\4239\EN\button3.gif
C:\Program Files\instant access\Dialer\15779549\us2-scripts.dlv4.com\custom\4239\EN\button4.gif
C:\Program Files\instant access\Dialer\261872084\us2-external-api.dlv4.com\js\76f1afb26916607fd542445aa25b9a0d
C:\Program Files\instant access\Dialer\261872084\us2-scripts.dlv4.com\Common\c66091f0d1a3ad8b27dca923e11d5d3e.html
C:\Program Files\instant access\Dialer\261872084\us2-scripts.dlv4.com\custom\4239\EN\button1.gif
C:\Program Files\instant access\Dialer\261872084\us2-scripts.dlv4.com\custom\4239\EN\button2.gif
C:\Program Files\instant access\Dialer\261872084\us2-scripts.dlv4.com\custom\4239\EN\button3.gif
C:\Program Files\instant access\Dialer\261872084\us2-scripts.dlv4.com\custom\4239\EN\button4.gif
C:\Program Files\instant access\Dialer\262320515\us2-external-api.dlv4.com\js\8c6ad3f5c3bbf99e41e32385a966877f
C:\Program Files\instant access\Dialer\262320515\us2-scripts.dlv4.com\Common\c66091f0d1a3ad8b27dca923e11d5d3e.html
C:\Program Files\instant access\Dialer\262320515\us2-scripts.dlv4.com\custom\4239\EN\button1.gif
C:\Program Files\instant access\Dialer\262320515\us2-scripts.dlv4.com\custom\4239\EN\button2.gif
C:\Program Files\instant access\Dialer\262320515\us2-scripts.dlv4.com\custom\4239\EN\button3.gif
C:\Program Files\instant access\Dialer\262320515\us2-scripts.dlv4.com\custom\4239\EN\button4.gif
C:\Program Files\instant access\Dialer\265636660\us2-external-api.dlv4.com\js\c6eceee451ff65ca189b400d4b0380a9
C:\Program Files\instant access\Dialer\265636660\us2-scripts.dlv4.com\Common\d204a72d676730720e02a9d4ada9fc8d.html
C:\Program Files\instant access\Dialer\265636660\us2-scripts.dlv4.com\custom\4239\4239_dialer.ico
C:\Program Files\instant access\Dialer\265636660\us2-scripts.dlv4.com\custom\4239\EN\button1.gif
C:\Program Files\instant access\Dialer\265636660\us2-scripts.dlv4.com\custom\4239\EN\button2.gif
C:\Program Files\instant access\Dialer\265636660\us2-scripts.dlv4.com\custom\4239\EN\button3.gif
C:\Program Files\instant access\Dialer\265636660\us2-scripts.dlv4.com\custom\4239\EN\button4.gif
C:\Program Files\instant access\Dialer\265636660\www.bestofmp3.biz\7ba7bdeba4058b9d204ebc9bdc8ee39f.html
C:\Program Files\instant access\Dialer\265636660\www.bestofmp3.biz\pdv\pv01\images\[u]0[/u]1.jpg
C:\Program Files\instant access\Dialer\265636660\www.bestofmp3.biz\pdv\pv01\images\[u]0[/u]2.jpg
C:\Program Files\instant access\Dialer\265636660\www.bestofmp3.biz\pdv\pv01\images\[u]0[/u]3.jpg
C:\Program Files\instant access\Dialer\265636660\www.bestofmp3.biz\pdv\pv01\images\[u]0[/u]4.jpg
C:\Program Files\instant access\Dialer\265636660\www.bestofmp3.biz\pdv\pv01\images\[u]0[/u]5.jpg
C:\Program Files\instant access\Dialer\265636660\www.bestofmp3.biz\pdv\pv01\images\[u]0[/u]6.jpg
C:\Program Files\instant access\Dialer\265636660\www.bestofmp3.biz\pdv\pv01\images\[u]0[/u]7.jpg
C:\Program Files\instant access\Dialer\265636660\www.bestofmp3.biz\pdv\pv01\images\[u]0[/u]8.jpg
C:\Program Files\instant access\Dialer\265636660\www.bestofmp3.biz\pdv\pv01\images\[u]0[/u]9.jpg
C:\Program Files\instant access\Dialer\265636660\www.bestofmp3.biz\pdv\pv01\images\10.jpg
C:\Program Files\instant access\Dialer\265636660\www.bestofmp3.biz\pdv\pv01\images\11.jpg
C:\Program Files\instant access\Dialer\265636660\www.bestofmp3.biz\pdv\pv01\images\12.jpg
C:\Program Files\instant access\Dialer\265636660\www.bestofmp3.biz\pdv\pv01\images\13.jpg
C:\Program Files\instant access\Dialer\265636660\www.bestofmp3.biz\pdv\pv01\images\14.jpg
C:\Program Files\instant access\Dialer\265636660\www.bestofmp3.biz\pdv\pv01\images\15.jpg
C:\Program Files\instant access\Dialer\265636660\www.bestofmp3.biz\pdv\pv01\images\16.jpg
C:\Program Files\instant access\Dialer\265636660\www.bestofmp3.biz\pdv\pv01\images\17.jpg
C:\Program Files\instant access\Dialer\265636660\www.bestofmp3.biz\pdv\pv01\images\a1.gif
C:\Program Files\instant access\Dialer\265636660\www.bestofmp3.biz\pdv\pv01\images\a2.gif
C:\Program Files\instant access\Dialer\265636660\www.bestofmp3.biz\pdv\pv01\images\a3.gif
C:\Program Files\instant access\Dialer\265636660\www.bestofmp3.biz\pdv\pv01\images\a4.gif
C:\Program Files\instant access\Dialer\265636660\www.rapid-pass.net\4c5296e860e1f7c3e8dd8c807c0b850c
C:\Program Files\instant access\Dialer\343074788\us2-external-api.dlv4.com\js\8c6ad3f5c3bbf99e41e32385a966877f
C:\Program Files\instant access\Dialer\343074788\us2-scripts.dlv4.com\Common\c66091f0d1a3ad8b27dca923e11d5d3e.html
C:\Program Files\instant access\Dialer\343074788\us2-scripts.dlv4.com\custom\4239\4239_dialer.ico
C:\Program Files\instant access\Dialer\343074788\us2-scripts.dlv4.com\custom\4239\EN\button1.gif
C:\Program Files\instant access\Dialer\343074788\us2-scripts.dlv4.com\custom\4239\EN\button2.gif
C:\Program Files\instant access\Dialer\343074788\us2-scripts.dlv4.com\custom\4239\EN\button3.gif
C:\Program Files\instant access\Dialer\343074788\us2-scripts.dlv4.com\custom\4239\EN\button4.gif
C:\Program Files\instant access\Dialer\343074788\www.rapid-pass.net\a8626ad8693aab4cc7922e4151b0ffd3_
C:\Program Files\instant access\Dialer\346353612\us2-external-api.dlv4.com\js\76f1afb26916607fd542445aa25b9a0d
C:\Program Files\instant access\Dialer\346353612\us2-scripts.dlv4.com\Common\c66091f0d1a3ad8b27dca923e11d5d3e.html
C:\Program Files\instant access\Dialer\346353612\us2-scripts.dlv4.com\custom\4239\4239_dialer.ico
C:\Program Files\instant access\Dialer\346353612\us2-scripts.dlv4.com\custom\4239\EN\button1.gif
C:\Program Files\instant access\Dialer\346353612\us2-scripts.dlv4.com\custom\4239\EN\button2.gif
C:\Program Files\instant access\Dialer\346353612\us2-scripts.dlv4.com\custom\4239\EN\button3.gif
C:\Program Files\instant access\Dialer\346353612\us2-scripts.dlv4.com\custom\4239\EN\button4.gif
C:\Program Files\instant access\Dialer\346353612\www.rapid-pass.net\a8626ad8693aab4cc7922e4151b0ffd3
C:\Program Files\instant access\Dialer\527320258\us2-external-api.dlv4.com\js\8c6ad3f5c3bbf99e41e32385a966877f
C:\Program Files\instant access\Dialer\527320258\us2-scripts.dlv4.com\Common\c66091f0d1a3ad8b27dca923e11d5d3e.html
C:\Program Files\instant access\Dialer\527320258\us2-scripts.dlv4.com\custom\4239\EN\button1.gif
C:\Program Files\instant access\Dialer\527320258\us2-scripts.dlv4.com\custom\4239\EN\button2.gif
C:\Program Files\instant access\Dialer\527320258\us2-scripts.dlv4.com\custom\4239\EN\button3.gif
C:\Program Files\instant access\Dialer\527320258\us2-scripts.dlv4.com\custom\4239\EN\button4.gif
C:\Program Files\instant access\Dialer\576194817\us2-external-api.dlv4.com\js\c8ad388446f8f7d5aba829ca591b4de1
C:\Program Files\instant access\Dialer\576194817\us2-scripts.dlv4.com\Common\c66091f0d1a3ad8b27dca923e11d5d3e.html
C:\Program Files\instant access\Dialer\576194817\us2-scripts.dlv4.com\custom\4239\4239_dialer.ico
C:\Program Files\instant access\Dialer\576194817\us2-scripts.dlv4.com\custom\4239\EN\button1.gif
C:\Program Files\instant access\Dialer\576194817\us2-scripts.dlv4.com\custom\4239\EN\button2.gif
C:\Program Files\instant access\Dialer\576194817\us2-scripts.dlv4.com\custom\4239\EN\button3.gif
C:\Program Files\instant access\Dialer\576194817\us2-scripts.dlv4.com\custom\4239\EN\button4.gif
C:\Program Files\instant access\Dialer\576194817\www.rapid-pass.net\a8626ad8693aab4cc7922e4151b0ffd3
C:\Program Files\instant access\Dialer\595695933\us2-external-api.dlv4.com\js\e02b4900fa451efc4179ba7ec1526d00
C:\Program Files\instant access\Dialer\595695933\us2-scripts.dlv4.com\Common\c66091f0d1a3ad8b27dca923e11d5d3e.html
C:\Program Files\instant access\Dialer\595695933\us2-scripts.dlv4.com\custom\4239\4239_dialer.ico
C:\Program Files\instant access\Dialer\595695933\us2-scripts.dlv4.com\custom\4239\EN\button1.gif
C:\Program Files\instant access\Dialer\595695933\us2-scripts.dlv4.com\custom\4239\EN\button2.gif
C:\Program Files\instant access\Dialer\595695933\us2-scripts.dlv4.com\custom\4239\EN\button3.gif
C:\Program Files\instant access\Dialer\595695933\us2-scripts.dlv4.com\custom\4239\EN\button4.gif
C:\Program Files\instant access\Dialer\595695933\www.rapid-pass.net\a8626ad8693aab4cc7922e4151b0ffd3
C:\Program Files\instant access\Dialer\625691585\us2-external-api.dlv4.com\js\76f1afb26916607fd542445aa25b9a0d
C:\Program Files\instant access\Dialer\625691585\us2-scripts.dlv4.com\Common\c66091f0d1a3ad8b27dca923e11d5d3e.html
C:\Program Files\instant access\Dialer\625691585\us2-scripts.dlv4.com\custom\4239\EN\button1.gif
C:\Program Files\instant access\Dialer\625691585\us2-scripts.dlv4.com\custom\4239\EN\button2.gif
C:\Program Files\instant access\Dialer\625691585\us2-scripts.dlv4.com\custom\4239\EN\button3.gif
C:\Program Files\instant access\Dialer\625691585\us2-scripts.dlv4.com\custom\4239\EN\button4.gif
C:\Program Files\instant access\Dialer\646408960\us2-external-api.dlv4.com\js\c8ad388446f8f7d5aba829ca591b4de1
C:\Program Files\instant access\Dialer\646408960\us2-scripts.dlv4.com\Common\c66091f0d1a3ad8b27dca923e11d5d3e.html
C:\Program Files\instant access\Dialer\646408960\us2-scripts.dlv4.com\custom\4239\EN\button1.gif
C:\Program Files\instant access\Dialer\646408960\us2-scripts.dlv4.com\custom\4239\EN\button2.gif
C:\Program Files\instant access\Dialer\646408960\us2-scripts.dlv4.com\custom\4239\EN\button3.gif
C:\Program Files\instant access\Dialer\646408960\us2-scripts.dlv4.com\custom\4239\EN\button4.gif
C:\Program Files\instant access\Dialer\649509827\us2-external-api.dlv4.com\js\8c6ad3f5c3bbf99e41e32385a966877f
C:\Program Files\instant access\Dialer\649509827\us2-scripts.dlv4.com\Common\c66091f0d1a3ad8b27dca923e11d5d3e.html
C:\Program Files\instant access\Dialer\649509827\us2-scripts.dlv4.com\custom\4239\4239_dialer.ico
C:\Program Files\instant access\Dialer\649509827\us2-scripts.dlv4.com\custom\4239\EN\button1.gif
C:\Program Files\instant access\Dialer\649509827\us2-scripts.dlv4.com\custom\4239\EN\button2.gif
C:\Program Files\instant access\Dialer\649509827\us2-scripts.dlv4.com\custom\4239\EN\button3.gif
C:\Program Files\instant access\Dialer\649509827\us2-scripts.dlv4.com\custom\4239\EN\button4.gif
C:\Program Files\instant access\Dialer\649509827\www.rapid-pass.net\a8626ad8693aab4cc7922e4151b0ffd3
C:\Program Files\instant access\Dialer\664171507\us2-external-api.dlv4.com\js\c8ad388446f8f7d5aba829ca591b4de1
C:\Program Files\instant access\Dialer\664171507\us2-scripts.dlv4.com\Common\c66091f0d1a3ad8b27dca923e11d5d3e.html
C:\Program Files\instant access\Dialer\664171507\us2-scripts.dlv4.com\custom\4239\EN\button1.gif
C:\Program Files\instant access\Dialer\664171507\us2-scripts.dlv4.com\custom\4239\EN\button2.gif
C:\Program Files\instant access\Dialer\664171507\us2-scripts.dlv4.com\custom\4239\EN\button3.gif
C:\Program Files\instant access\Dialer\664171507\us2-scripts.dlv4.com\custom\4239\EN\button4.gif
C:\Program Files\instant access\Dialer\705995849\us2-external-api.dlv4.com\js\76f1afb26916607fd542445aa25b9a0d
C:\Program Files\instant access\Dialer\705995849\us2-scripts.dlv4.com\Common\c66091f0d1a3ad8b27dca923e11d5d3e.html
C:\Program Files\instant access\Dialer\705995849\us2-scripts.dlv4.com\custom\4239\EN\button1.gif
C:\Program Files\instant access\Dialer\705995849\us2-scripts.dlv4.com\custom\4239\EN\button2.gif
C:\Program Files\instant access\Dialer\705995849\us2-scripts.dlv4.com\custom\4239\EN\button3.gif
C:\Program Files\instant access\Dialer\705995849\us2-scripts.dlv4.com\custom\4239\EN\button4.gif
C:\Program Files\instant access\Dialer\718937629\us2-external-api.dlv4.com\js\8c6ad3f5c3bbf99e41e32385a966877f
C:\Program Files\instant access\Dialer\718937629\us2-scripts.dlv4.com\Common\c66091f0d1a3ad8b27dca923e11d5d3e.html
C:\Program Files\instant access\Dialer\718937629\us2-scripts.dlv4.com\custom\4239\EN\button1.gif
C:\Program Files\instant access\Dialer\718937629\us2-scripts.dlv4.com\custom\4239\EN\button2.gif
C:\Program Files\instant access\Dialer\718937629\us2-scripts.dlv4.com\custom\4239\EN\button3.gif
C:\Program Files\instant access\Dialer\718937629\us2-scripts.dlv4.com\custom\4239\EN\button4.gif
C:\Program Files\instant access\Dialer\863635707\us2-external-api.dlv4.com\js\7064f31e9b17c9311de45135d4844623
C:\Program Files\instant access\Dialer\863635707\us2-scripts.dlv4.com\Common\c66091f0d1a3ad8b27dca923e11d5d3e.html
C:\Program Files\instant access\Dialer\863635707\us2-scripts.dlv4.com\custom\4239\EN\button1.gif
C:\Program Files\instant access\Dialer\863635707\us2-scripts.dlv4.com\custom\4239\EN\button2.gif
C:\Program Files\instant access\Dialer\863635707\us2-scripts.dlv4.com\custom\4239\EN\button3.gif
C:\Program Files\instant access\Dialer\863635707\us2-scripts.dlv4.com\custom\4239\EN\button4.gif
C:\Program Files\instant access\Dialer\955805996\us2-external-api.dlv4.com\js\c8ad388446f8f7d5aba829ca591b4de1
C:\Program Files\instant access\Dialer\955805996\us2-scripts.dlv4.com\Common\c66091f0d1a3ad8b27dca923e11d5d3e.html
C:\Program Files\instant access\Dialer\955805996\us2-scripts.dlv4.com\custom\4239\EN\button1.gif
C:\Program Files\instant access\Dialer\955805996\us2-scripts.dlv4.com\custom\4239\EN\button2.gif
C:\Program Files\instant access\Dialer\955805996\us2-scripts.dlv4.com\custom\4239\EN\button3.gif
C:\Program Files\instant access\Dialer\955805996\us2-scripts.dlv4.com\custom\4239\EN\button4.gif
C:\Program Files\instant access\Dialer\991251126\us2-external-api.dlv4.com\js\76f1afb26916607fd542445aa25b9a0d
C:\Program Files\instant access\Dialer\991251126\us2-scripts.dlv4.com\Common\c66091f0d1a3ad8b27dca923e11d5d3e.html
C:\Program Files\instant access\Dialer\991251126\us2-scripts.dlv4.com\custom\4239\EN\button1.gif
C:\Program Files\instant access\Dialer\991251126\us2-scripts.dlv4.com\custom\4239\EN\button2.gif
C:\Program Files\instant access\Dialer\991251126\us2-scripts.dlv4.com\custom\4239\EN\button3.gif
C:\Program Files\instant access\Dialer\991251126\us2-scripts.dlv4.com\custom\4239\EN\button4.gif
C:\Program Files\myglobalsearch
C:\Program Files\myglobalsearch\bar\1.bin\M9FFXTBR.JAR
C:\Program Files\myglobalsearch\bar\1.bin\M9FFXTBR.MANIFEST
C:\Program Files\myglobalsearch\bar\1.bin\M9NTSTBR.JAR
C:\Program Files\myglobalsearch\bar\1.bin\M9NTSTBR.MANIFEST
C:\Program Files\myglobalsearch\bar\1.bin\M9PLUGIN.DLL
C:\Program Files\myglobalsearch\bar\1.bin\MGSBAR.DLL
C:\Program Files\myglobalsearch\bar\1.bin\NPMYGLSH.DLL
C:\Program Files\myglobalsearch\bar\Cache\[u]0[/u]01BE58E
C:\Program Files\myglobalsearch\bar\Cache\[u]0[/u]042368B.bin
C:\Program Files\myglobalsearch\bar\Cache\[u]0[/u]0423AC5.bin
C:\Program Files\myglobalsearch\bar\Cache\[u]0[/u]0423D46.bin
C:\Program Files\myglobalsearch\bar\Cache\files.ini
C:\Program Files\myglobalsearch\bar\History\search
C:\Program Files\myglobalsearch\bar\Settings\prevcfg.htm
C:\WINNT\NDNuninstall6_38.exe
C:\WINNT\NDNuninstall6_90.exe
C:\WINNT\NDNuninstall6_98.exe
C:\WINNT\NDNuninstall7_14.exe
C:\WINNT\NDNuninstall7_22.exe
C:\WINNT\NDNuninstall7_48.exe
C:\WINNT\system32\linkprd.exe
C:\WINNT\system32\mulzfvx.dat
c:\winnt\system32\mulzfvx.exe
c:\WINNT\system32\mulzfvx_nav.dat
c:\WINNT\system32\mulzfvx_navps.dat
C:\WINNT\system32\npisbwtj.dllbox
C:\WINNT\system32\nvs2.inf
C:\WINNT\system32\pac.txt
C:\WINNT\system32\prosvsys.exe
C:\WINNT\system32\qtwxx.bak1
C:\WINNT\system32\qtwxx.bak2
C:\WINNT\system32\qtwxx.ini
C:\WINNT\System32\xxwtq.dll

.
(((((((((((((((((((((((((   Files Created from 2007-10-15 to 2007-11-15  )))))))))))))))))))))))))))))))
.

2007-11-15 12:14   51,200   --a------   C:\WINNT\NirCmd.exe
2007-11-15 10:18   36,352   --a------   C:\WINNT\system32\ddcbcdc.dll
2007-11-15 10:17   <DIR>   d--------   C:\WINNT\system32\rMa18yy
2007-11-15 10:17   <DIR>   d--------   C:\Temp\abW9
2007-11-14 22:03   25,280   --a------   C:\WINNT\system32\drivers\hamachi.sys
2007-11-14 21:14   <DIR>   d--------   C:\Program Files\Hamachi
2007-11-14 15:55   37,376   --a------   C:\WINNT\system32\ddcawtt.dll
2007-11-13 21:23   <DIR>   d--------   C:\Documents and Settings\prywatny\Dane aplikacji\Lavasoft
2007-11-13 21:22   <DIR>   d--------   C:\Program Files\Lavasoft
2007-11-13 21:11   <DIR>   d--------   C:\Program Files\SpywareBlaster
2007-11-13 18:35   <DIR>   d--------   C:\Program Files\Warcraft II BNE
2007-11-13 12:28   <DIR>   d--------   C:\quarantine
2007-11-13 12:28   88,128   --a------   C:\WINNT\system32\vxcxfcyk.dll
2007-11-13 12:28   77,659   --a------   C:\WINNT\system32\pxdejlcl.dll
2007-11-13 12:25   144,480   --a------   C:\WINNT\system32\npisbwtj.dll
2007-11-13 12:24   144,480   --a------   C:\WINNT\system32\cwkcmmle.dll
2007-11-13 12:23   36,352   --a------   C:\WINNT\system32\opnopqp.dll
2007-11-12 17:55   <DIR>   d--------   C:\Documents and Settings\prywatny\Dane aplikacji\Hamachi
2007-11-12 17:32   <DIR>   d--------   C:\Program Files\Starcraft
2007-11-12 17:04   147,456   --a------   C:\WINNT\system32\vbzip10.dll
2007-11-12 17:01   36,352   --a------   C:\WINNT\system32\gebxxwx.dll
2007-11-12 17:00   172,032   --a------   C:\winlogon.exe
2007-11-12 16:59   <DIR>   d-a------   C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2007-11-11 16:24   <DIR>   d--------   C:\Program Files\NAPI-PROJEKT
2007-11-10 22:32   <DIR>   d--------   C:\Program Files\Full Tilt Poker
2007-11-04 20:10   <DIR>   d--------   C:\Documents and Settings\prywatny\.narya

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-15 10:59   ---------   d---a-w   C:\Program Files\Date Manager
2007-11-15 10:59   ---------   d-----w   C:\Documents and Settings\prywatny\Dane aplikacji\uTorrent
2007-11-11 11:24   ---------   d---a-w   C:\Program Files\PrecisionTime
2007-11-10 21:32   ---------   d--h--w   C:\Program Files\InstallShield Installation Information
2007-10-26 17:36   ---------   d-----w   C:\Documents and Settings\prywatny\Dane aplikacji\Ahead
2007-10-24 22:05   ---------   d-----w   C:\Program Files\eMule
2007-09-24 21:21   ---------   d-----w   C:\Documents and Settings\prywatny\Dane aplikacji\mIRC
2007-09-24 21:13   ---------   d-----w   C:\Program Files\Java
2007-09-24 20:57   ---------   d-----w   C:\Program Files\mIRC
2007-09-18 16:58   ---------   d-----w   C:\Program Files\Gadu-Gadu
2007-09-16 14:13   ---------   d-----w   C:\Program Files\Winamp
2007-09-16 10:49   ---------   d-----w   C:\Program Files\Common Files\NSV
2007-09-15 08:39   ---------   d-----w   C:\Program Files\ABBYY PDF Transformer 2.0
2007-09-14 21:15   74,752   ----a-w   C:\WINNT\cadkasdeinst01e.exe
2007-01-10 11:15   839,694   ----a-w   C:\WINNT\Fonts\Crack.exe
2007-01-10 11:15   839,693   --sh--w   C:\WINNT\Fonts\svchost.exe
2006-10-24 19:31   603   ----a-w   C:\Program Files\Common Files\Exif.Cfg
2006-10-24 19:31   3   ----a-w   C:\Program Files\Common Files\Exif Viewer.Jpg
2006-10-24 19:31   2,255   ----a-w   C:\Program Files\Common Files\ExifVgl.Cfg
2006-10-24 19:31   2,255   ----a-w   C:\Program Files\Common Files\ExifExc.cfg
2006-10-24 19:31   14,790   ----a-w   C:\Program Files\Common Files\Kamera2.Cfg
2005-03-12 13:49   609,358   ----a-w   C:\Program Files\Common Files\EXIF Viewer.HLP
2005-03-12 13:39   1,347,584   ----a-w   C:\Program Files\Common Files\EXIF Viewer.exe
2005-02-06 19:16   418   ----a-w   C:\Program Files\INSTALL.LOG
2005-02-03 17:45   26,097   ----a-w   C:\Program Files\Common Files\TIF.jpg
2004-08-19 16:40   29,532   ----a-w   C:\Program Files\Common Files\Nikon.jpg
2002-09-17 10:20   35,456   ----a-w   C:\Program Files\Common Files\EXIF Glossar.HLP
2001-11-01 20:27   271   ---h--w   C:\Program Files\desktop.ini
2001-11-01 20:27   22,039   ---h--w   C:\Program Files\folder.htt
2001-06-21 14:43   1,259,448   ----a-r   C:\Program Files\winzip80.exe
2001-06-13 00:00   32,528   ----a-w   C:\WINNT\inf\wbfirdma.sys
1998-04-30 13:56   129,024   ----a-w   C:\Program Files\UNWISE.EXE
2007-01-10 11:15:15   839,693   --sh--w   C:\WINNT\Fonts\svchost.exe
2006-01-22 21:42:20   56   --sh--r   C:\WINNT\system32\906DDA4DA2.sys
2006-01-22 21:42:24   1,890   --sha-w   C:\WINNT\system32\KGyGaAvL.sys
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{01CD0B31-9154-45F2-9414-F5D64B74EAF6}]
07-11-12 17:01    36352   --a------   C:\WINNT\System32\gebxxwx.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0421701D-CF13-4E70-ADF0-45A953E7CB8B}]
         C:\Program Files\Network Essentials\v16\NE.DLL

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4E7BD74F-2B8D-469E-90F0-F66AB581A933}]
         C:\PROGRA~1\INSTAF~1\INSTAF~1.DLL

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{84FC4388-5E4B-4EA7-8E84-664B143A70D3}]
         C:\WINNT\System32\hneo.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
07-11-13 12:25    144480   --a------   C:\WINNT\system32\npisbwtj.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINNT\system32\npisbwtj.dll [07-11-13 12:25  144480]

[HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [01-06-13 01:00  C:\WINNT\system32\mobsync.exe]
"AtiPTA"="atiptaxx.exe" [00-04-07 15:53  C:\WINNT\system32\atiptaxx.exe]
"AudioHQ"="C:\Program Files\Creative\SBLive2k\AudioHQ\AHQTB.EXE" [99-11-30 01:00 ]
"UpdReg"="C:\WINNT\Updreg.exe" [99-11-12 01:00 ]
"Speed racer"="C:\Program Files\Creative\SBLive2k\PlayCenter\CTSRReg.exe" [99-11-16 02:00 ]
"Disc Detector"="C:\Program Files\Creative\ShareDLL\CtNotify.exe" [99-05-18 01:54 ]
"SysR"="C:\WINNT\sysmd.exe" []
"SystemMD"="C:\WINNT\md.exe" []
"CMESys"="C:\Program Files\Common Files\CMEII\CMESys.exe" []
"NeroCheck"="C:\WINNT\System32\NeroCheck.exe" [01-07-09 09:50 ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [05-02-26 23:21 ]
"WheelMouse"="C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe" [03-12-21 23:32 ]
"SSC_UserPrompt"="C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" [04-12-20 16:22 ]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [04-09-22 19:00 ]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [04-08-06 02:50 ]
"Network Associates Error Reporting Service"="C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" [03-10-07 08:48 ]
"Siemka"="C:\Documents and Settings\prywatny\Pulpit\" [07-11-15 13:28 ]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [05-10-26 17:17 ]
"NeroFilterCheck"="C:\WINNT\System32\NeroCheck.exe" [01-07-09 09:50 ]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [07-05-14 23:22 ]
"Host Process"="C:\WINNT\Fonts\svchost.exe" [07-01-10 12:15 ]
"d09e0440"="C:\WINNT\System32\vxcxfcyk.dll" [07-11-13 12:28 ]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Komunikator"="C:\Program Files\Tlen.pl\tlen.exe" []
"CursorXP"="C:\Program Files\CursorXP\CursorXP.exe" [05-01-19 16:34 ]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" []
"µTorrent"="C:\Program Files\uTorrent\uTorrent.exe" [06-07-02 17:29 ]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [05-10-28 15:25 ]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [07-07-09 08:39 ]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"^SetupICWDesktop"=C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"ALUAlert"=C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe

C:\Documents and Settings\prywatny\Menu Start\Programy\Autostart\
hamachi.lnk - C:\Program Files\Hamachi\hamachi.exe [2007-11-14 21:26:27]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{01CD0B31-9154-45F2-9414-F5D64B74EAF6}"= C:\WINNT\System32\gebxxwx.dll [07-11-12 17:01  36352]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gebxxwx]
gebxxwx.dll 07-11-12 17:01  36352 C:\WINNT\system32\gebxxwx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\npisbwtj]
npisbwtj.dll 07-11-13 12:25  144480 C:\WINNT\system32\npisbwtj.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINNT\System32\xxwtq.dll C:\\WINNT\\System32\\ddcca

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders   msapsspc.dll, schannel.dll, msnsspc.dll


*Newly Created Service* - IPNAT
*Newly Created Service* - RASAUTO
*Newly Created Service* - SHAREDACCESS
.
Contents of the 'Scheduled Tasks' folder
"2007-10-16 10:41:29 C:\WINNT\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1187260602.job"
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe
"2007-11-15 12:30:21 C:\WINNT\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-15 13:30:02
Windows 5.0.2195 Dodatek Service Pack. 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  Disc Detector = C:\Program Files\Creative\ShareDLL\CtNotify.exe?X???&?????????????C?????Disc Detector?B???A???????A???????B?s?@???@???C???????@????????? ?B???A???????A?? ????B???@?????P?????@??????????N?w??????????@?"?????????????????B?????? ????????????????????????????B

scanning hidden files ...

**************************************************************************
.
Completion time: 2007-11-15 13:37:39 - machine was rebooted
.
   --- E O F ---

[Bozz]

W oczekiwaniu na sprawdzenie dorzuć jeszcze dwa logi, na pewno sie przydadzą...
http://instalki.pl/forum/viewtopic.php?t=10871
http://instalki.pl/forum/viewtopic.php?t=7444

[pp3088]

Jezu co za syf. Konecznie skan jakimiś antywirusami. Możeby być nawet kilka, bo jest masakra.

[Kooriyume]

Ok, przeskanuję kilkoma i dorzucę loga. Dzięki za odpowiedz, przynajmniej wiem jaki mam syf;)

[Leon$]

Otwórz notatnik i wklej

Kod: Zaznacz wszystko

File::
C:\WINNT\system32\ddcbcdc.dll
C:\WINNT\system32\ddcawtt.dll
C:\WINNT\system32\vxcxfcyk.dll
C:\WINNT\system32\pxdejlcl.dll
C:\WINNT\system32\npisbwtj.dll
C:\WINNT\system32\cwkcmmle.dll
C:\WINNT\system32\opnopqp.dll
C:\WINNT\system32\vbzip10.dll
C:\WINNT\system32\gebxxwx.dll
C:\winlogon.exe

Folder::
C:\WINNT\system32\rMa18yy
C:\Temp\abW9

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{01CD0B31-9154-45F2-9414-F5D64B74EAF6}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0421701D-CF13-4E70-ADF0-45A953E7CB8B}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4E7BD74F-2B8D-469E-90F0-F66AB581A933}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{84FC4388-5E4B-4EA7-8E84-664B143A70D3}] 
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"=-
[-HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"d09e0440"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{01CD0B31-9154-45F2-9414-F5D64B74EAF6}"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gebxxwx]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\npisbwtj]

zapisz jako CFScript (zapisz by ikonka CFScript.txt była obok ikonki ComboFix.exe) >> Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe
[obrazek nie jest już dostępny]
na pytanie "1 or 2" - to wpisz 1 i naciśnij ENTER
Powinno rozpocząć się usuwanie
Po restarcie usuń ręcznie folder C: \Qoobox

Potem nowy log Combo i HijackThis

[Kooriyume]

(Dzięki Leon$^^ jak nadal będzie źle to zaraz i to zrobię)
Na razie skończyłam skanować i teraz jest tak:

Kod: Zaznacz wszystko

ComboFix 07-11-08.1 - prywatny 2007-11-15 22:36:48.2 - NTFSx86
Microsoft Windows 2000 Professional  5.0.2195.2.1250.1.1045.18.7 [GMT 1:00]
Running from: C:\Documents and Settings\prywatny\Pulpit\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\prywatny\Pulpit\Live Safety Center.lnk
C:\Documents and Settings\prywatny\Pulpit\Online Security Guide.lnk
C:\Documents and Settings\prywatny\Ulubione\Online Security Guide.lnk
C:\WINNT\system32\accdd.bak1
C:\WINNT\system32\accdd.ini
C:\WINNT\system32\ddcca.dll
C:\WINNT\system32\npisbwtj.dllbox

.
(((((((((((((((((((((((((   Files Created from 2007-10-15 to 2007-11-15  )))))))))))))))))))))))))))))))
.

2007-11-15 17:20   <DIR>   d--------   C:\Program Files\AVPersonal
2007-11-15 17:05   <DIR>   d--------   C:\Program Files\Trend Micro
2007-11-15 12:14   51,200   --a------   C:\WINNT\NirCmd.exe
2007-11-15 10:18   36,352   --a------   C:\WINNT\system32\ddcbcdc.dll
2007-11-15 10:17   <DIR>   d--------   C:\WINNT\system32\rMa18yy
2007-11-15 10:17   <DIR>   d--------   C:\Temp\abW9
2007-11-14 22:03   25,280   --a------   C:\WINNT\system32\drivers\hamachi.sys
2007-11-14 21:14   <DIR>   d--------   C:\Program Files\Hamachi
2007-11-14 15:55   37,376   --a------   C:\WINNT\system32\ddcawtt.dll
2007-11-13 21:23   <DIR>   d--------   C:\Documents and Settings\prywatny\Dane aplikacji\Lavasoft
2007-11-13 21:22   <DIR>   d--------   C:\Program Files\Lavasoft
2007-11-13 21:11   <DIR>   d--------   C:\Program Files\SpywareBlaster
2007-11-13 18:35   <DIR>   d--------   C:\Program Files\Warcraft II BNE
2007-11-13 12:28   <DIR>   d--------   C:\quarantine
2007-11-13 12:28   88,128   --a------   C:\WINNT\system32\vxcxfcyk.dll
2007-11-13 12:28   77,659   --a------   C:\WINNT\system32\pxdejlcl.dll
2007-11-13 12:25   144,480   --a------   C:\WINNT\system32\npisbwtj.dll
2007-11-13 12:24   144,480   --a------   C:\WINNT\system32\cwkcmmle.dll
2007-11-13 12:23   36,352   --a------   C:\WINNT\system32\opnopqp.dll
2007-11-12 17:55   <DIR>   d--------   C:\Documents and Settings\prywatny\Dane aplikacji\Hamachi
2007-11-12 17:32   <DIR>   d--------   C:\Program Files\Starcraft
2007-11-12 17:04   147,456   --a------   C:\WINNT\system32\vbzip10.dll
2007-11-12 17:01   36,352   --a------   C:\WINNT\system32\gebxxwx.dll
2007-11-12 17:00   172,032   --a------   C:\winlogon.exe
2007-11-12 16:59   <DIR>   d-a------   C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2007-11-11 16:24   <DIR>   d--------   C:\Program Files\NAPI-PROJEKT
2007-11-10 22:32   <DIR>   d--------   C:\Program Files\Full Tilt Poker
2007-11-04 20:10   <DIR>   d--------   C:\Documents and Settings\prywatny\.narya

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-15 21:52   ---------   d-----w   C:\Documents and Settings\prywatny\Dane aplikacji\uTorrent
2007-11-15 12:32   ---------   d---a-w   C:\Program Files\Date Manager
2007-11-11 11:24   ---------   d---a-w   C:\Program Files\PrecisionTime
2007-11-10 21:32   ---------   d--h--w   C:\Program Files\InstallShield Installation Information
2007-10-26 17:36   ---------   d-----w   C:\Documents and Settings\prywatny\Dane aplikacji\Ahead
2007-10-24 22:05   ---------   d-----w   C:\Program Files\eMule
2007-09-24 21:21   ---------   d-----w   C:\Documents and Settings\prywatny\Dane aplikacji\mIRC
2007-09-24 21:13   ---------   d-----w   C:\Program Files\Java
2007-09-24 20:57   ---------   d-----w   C:\Program Files\mIRC
2007-09-18 16:58   ---------   d-----w   C:\Program Files\Gadu-Gadu
2007-09-16 14:13   ---------   d-----w   C:\Program Files\Winamp
2007-09-16 10:49   ---------   d-----w   C:\Program Files\Common Files\NSV
2007-09-15 08:39   ---------   d-----w   C:\Program Files\ABBYY PDF Transformer 2.0
2007-09-14 21:15   74,752   ----a-w   C:\WINNT\cadkasdeinst01e.exe
2007-01-10 11:15   839,694   ----a-w   C:\WINNT\Fonts\Crack.exe
2007-01-10 11:15   839,693   --sh--w   C:\WINNT\Fonts\svchost.exe
2006-10-24 19:31   603   ----a-w   C:\Program Files\Common Files\Exif.Cfg
2006-10-24 19:31   3   ----a-w   C:\Program Files\Common Files\Exif Viewer.Jpg
2006-10-24 19:31   2,255   ----a-w   C:\Program Files\Common Files\ExifVgl.Cfg
2006-10-24 19:31   2,255   ----a-w   C:\Program Files\Common Files\ExifExc.cfg
2006-10-24 19:31   14,790   ----a-w   C:\Program Files\Common Files\Kamera2.Cfg
2005-03-12 13:49   609,358   ----a-w   C:\Program Files\Common Files\EXIF Viewer.HLP
2005-03-12 13:39   1,347,584   ----a-w   C:\Program Files\Common Files\EXIF Viewer.exe
2005-02-06 19:16   418   ----a-w   C:\Program Files\INSTALL.LOG
2005-02-03 17:45   26,097   ----a-w   C:\Program Files\Common Files\TIF.jpg
2004-08-19 16:40   29,532   ----a-w   C:\Program Files\Common Files\Nikon.jpg
2002-09-17 10:20   35,456   ----a-w   C:\Program Files\Common Files\EXIF Glossar.HLP
2001-11-01 20:27   271   ---h--w   C:\Program Files\desktop.ini
2001-11-01 20:27   22,039   ---h--w   C:\Program Files\folder.htt
2001-06-21 14:43   1,259,448   ----a-r   C:\Program Files\winzip80.exe
2001-06-13 00:00   32,528   ----a-w   C:\WINNT\inf\wbfirdma.sys
1998-04-30 13:56   129,024   ----a-w   C:\Program Files\UNWISE.EXE
2007-01-10 11:15:15   839,693   --sh--w   C:\WINNT\Fonts\svchost.exe
2006-01-22 21:42:20   56   --sh--r   C:\WINNT\system32\906DDA4DA2.sys
2006-01-22 21:42:24   1,890   --sha-w   C:\WINNT\system32\KGyGaAvL.sys
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{01CD0B31-9154-45F2-9414-F5D64B74EAF6}]
07-11-12 17:01    36352   --a------   C:\WINNT\System32\gebxxwx.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0421701D-CF13-4E70-ADF0-45A953E7CB8B}]
         C:\Program Files\Network Essentials\v16\NE.DLL

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4E7BD74F-2B8D-469E-90F0-F66AB581A933}]
         C:\PROGRA~1\INSTAF~1\INSTAF~1.DLL

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7B67BE04-E0C8-4FEA-8B47-27930F34C427}]
07-11-15 22:53    321632   --a------   C:\WINNT\System32\urqrq.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{84FC4388-5E4B-4EA7-8E84-664B143A70D3}]
         C:\WINNT\System32\hneo.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
07-11-13 12:25    144480   --a------   C:\WINNT\system32\npisbwtj.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINNT\system32\npisbwtj.dll [07-11-13 12:25  144480]

[HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINNT\system32\npisbwtj.dll [07-11-13 12:25  144480]

[HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [01-06-13 01:00  C:\WINNT\system32\mobsync.exe]
"AtiPTA"="atiptaxx.exe" [00-04-07 15:53  C:\WINNT\system32\atiptaxx.exe]
"AudioHQ"="C:\Program Files\Creative\SBLive2k\AudioHQ\AHQTB.EXE" [99-11-30 01:00 ]
"UpdReg"="C:\WINNT\Updreg.exe" [99-11-12 01:00 ]
"Speed racer"="C:\Program Files\Creative\SBLive2k\PlayCenter\CTSRReg.exe" [99-11-16 02:00 ]
"Disc Detector"="C:\Program Files\Creative\ShareDLL\CtNotify.exe" [99-05-18 01:54 ]
"SysR"="C:\WINNT\sysmd.exe" []
"SystemMD"="C:\WINNT\md.exe" []
"CMESys"="C:\Program Files\Common Files\CMEII\CMESys.exe" []
"NeroCheck"="C:\WINNT\System32\NeroCheck.exe" [01-07-09 09:50 ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [05-02-26 23:21 ]
"WheelMouse"="C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe" [03-12-21 23:32 ]
"SSC_UserPrompt"="C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" [04-12-20 16:22 ]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [04-09-22 19:00 ]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [04-08-06 02:50 ]
"Network Associates Error Reporting Service"="C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" [03-10-07 08:48 ]
"Siemka"="C:\Documents and Settings\prywatny\Pulpit\" [07-11-15 22:51 ]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [05-10-26 17:17 ]
"NeroFilterCheck"="C:\WINNT\System32\NeroCheck.exe" [01-07-09 09:50 ]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [07-05-14 23:22 ]
"Host Process"="C:\WINNT\Fonts\svchost.exe" [07-01-10 12:15 ]
"d09e0440"="C:\WINNT\System32\vxcxfcyk.dll" [07-11-13 12:28 ]
"AVGCtrl"="C:\Program Files\AVPersonal\AVGNT.exe" [05-11-03 17:06 ]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Komunikator"="C:\Program Files\Tlen.pl\tlen.exe" []
"CursorXP"="C:\Program Files\CursorXP\CursorXP.exe" [05-01-19 16:34 ]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" []
"µTorrent"="C:\Program Files\uTorrent\uTorrent.exe" [06-07-02 17:29 ]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [05-10-28 15:25 ]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [07-07-09 08:39 ]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"^SetupICWDesktop"=C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"ALUAlert"=C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe

C:\Documents and Settings\prywatny\Menu Start\Programy\Autostart\
hamachi.lnk - C:\Program Files\Hamachi\hamachi.exe [2007-11-14 21:26:27]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-07-16 18:35:45]
Date Manager.lnk - C:\Program Files\Date Manager\DateManager.exe [2002-11-12 20:05:48]
hp psc 1000 series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-04-06 00:17:18]
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-06 00:06:58]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 07:15:54]
PrecisionTime.lnk - C:\Program Files\PrecisionTime\PrecisionTime.exe [2002-11-12 19:31:07]
Wireless-G Notebook Adapter Utility.lnk - C:\Program Files\Linksys\Wireless-G Notebook Adapter\Startup.exe [2005-10-14 20:10:29]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{01CD0B31-9154-45F2-9414-F5D64B74EAF6}"= C:\WINNT\System32\gebxxwx.dll [07-11-12 17:01  36352]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gebxxwx]
gebxxwx.dll 07-11-12 17:01  36352 C:\WINNT\system32\gebxxwx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\npisbwtj]
npisbwtj.dll 07-11-13 12:25  144480 C:\WINNT\system32\npisbwtj.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\\WINNT\\System32\\urqrq

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders   msapsspc.dll, schannel.dll, msnsspc.dll

R2 AmosNT;AmosNT;C:\WINNT\System32\DRIVERS\amosnt.sys
R3 ati2mtaa;ati2mtaa;C:\WINNT\System32\DRIVERS\ati2mtaa.sys
R3 avgntdw;avgntdw;\??\C:\Program Files\AVPersonal\AVGNTDW.SYS
R3 EL90BC;Sterownik karty 3Com EtherLink XL B/C;C:\WINNT\System32\DRIVERS\el90xbc5.sys
S2 BulkUsb;Plustek USB Scanner;C:\WINNT\System32\DRIVERS\usbscan.sys
S3 CBTNDIS5;CBTNDIS5 NDIS Protocol Driver;\??\C:\WINNT\System32\CBTNDIS5.SYS
S3 EntDrv50;EntDrv50;\??\C:\WINNT\System32\drivers\EntDrv50.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-10-16 10:41:29 C:\WINNT\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1187260602.job"
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe
"2007-11-15 21:52:25 C:\WINNT\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-15 22:52:03
Windows 5.0.2195 Dodatek Service Pack. 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  Disc Detector = C:\Program Files\Creative\ShareDLL\CtNotify.exe?X?????????????????C?????Disc Detector?B???A???????A???????B?s?@???@???C???????@????????? ?B???A???????A?? ????B???@?????P?????@??????????N?w??????????@?S?????????????????B?????? ????????????????????????????B

scanning hidden files ...

C:\WINNT\system32\qrqru.ini 372 bytes
C:\WINNT\system32\urqrq.dll 321632 bytes executable
C:\WINNT\system32\Perflib_Perfdata_110.dat 16384 bytes

scan completed successfully
hidden files: 3

**************************************************************************
.
Completion time: 2007-11-15 22:58:55 - machine was rebooted
C:\ComboFix2.txt ... 07-11-15 13:37
.
   --- E O F ---