wirus; prosze o sprawdzenie loga

[fugas761]

Przy uruchamianiu systemu pokazuje sie coś takiego . Zadnym antywirusem nie chce sie usunąc .

[fugas761]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:15:36, on 2009-06-11
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\VDOTool\TBPanel.exe
C:\Program Files\A4Tech\Mouse\Amoumain.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Multimedia Combo Set\PS2USBKbdDrv.exe
C:\Program Files\KeyBoardWindow\kbw.exe
C:\Program Files\Tapeter\Tapeter.exe
C:\WINDOWS\Philips\SPC220NC\Monitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Philips\Philips SPC220NC Webcam\TrayMin220.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\VSD Software\Dzieńdobry!\ddsched.exe
C:\Program Files\Outlook Express\msimn.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Nowe Gadu-Gadu\gg.exe
C:\Program Files\Nowe Gadu-Gadu\spellchecker_gg.exe
C:\Documents and Settings\Tomek\Pulpit\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.eu.microsoft.com/poland/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: IEPluginBHO - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\Tomek\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: Foxit Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [Gainward] C:\Program Files\VDOTool\TBPanel.exe /A
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1045
O4 - HKLM\..\Run: [WireLessKeyboard ] C:\Program Files\Multimedia Combo Set\PS2USBKbdDrv.exe
O4 - HKLM\..\Run: [KeyBoardWindow] "C:\Program Files\KeyBoardWindow\kbw.exe"
O4 - HKLM\..\Run: [Tapeter] C:\Program Files\Tapeter\Tapeter.exe hide
O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\Philips\SPC220NC\Monitor.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Dzieńdobry!] C:\Program Files\VSD Software\Dzieńdobry!\ddsched.exe /t=06:00
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SkinClock] C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [Odkurzacz-MCD] C:\Program Files\Odkurzacz\odk_mcd.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\utorrent.exe"
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: rncsys32.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi ... p=ZRfox000
O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 4.00\AMVConverter\grab.html
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.00\MediaManager\grab.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 8743307343
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game07.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Skype\toolbars\Shared\Skype4ComAPI.dll
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Usługa inteligentnego transferu w tle (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Aktualizacje automatyczne (wuauserv) - Unknown owner - C:\WINDOWS\

--
End of file - 9593 bytes

[fugas761]

ComboFix 09-06-10.02 - Tomek 2009-06-11 13:26.5 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.48.1045.18.1023.565 [GMT 2:00]
Uruchomiony z: c:\documents and settings\Tomek\Pulpit\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090610-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\c7fcb012.sys
C:\ADSFI713.exe
c:\documents and settings\Tomek\Dane aplikacji\wiaserva.log
c:\documents and settings\Tomek\Menu Start\Programy\Autostart\rncsys32.exe
c:\windows\system32\dumphive.exe
c:\windows\system32\f3PSSavr.scr
c:\windows\system32\img_utils.dll
c:\windows\system32\imgscaler.dll
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg

.
((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_c7fcb012


((((((((((((((((((((((((( Pliki utworzone od 2009-05-11 do 2009-06-11 )))))))))))))))))))))))))))))))
.

2009-05-28 12:57 . 2009-06-01 12:02 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\OpenFM
2009-05-26 16:01 . 2009-05-26 16:01 42088 ----a-w- c:\documents and settings\Tomek\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll
2009-05-19 22:50 . 2009-05-19 22:50 -------- d-----w- c:\program files\INTERIAPL
2009-05-14 06:22 . 2009-05-14 06:22 -------- d-----w- c:\documents and settings\Tomek\Dane aplikacji\ArcSoft
2009-05-14 06:03 . 2009-05-14 06:03 -------- d-----w- c:\windows\Philips
2009-05-14 06:00 . 2009-05-14 06:00 -------- d-----w- c:\program files\ArcSoft
2009-05-14 06:00 . 1995-08-01 02:44 212480 ----a-w- c:\windows\PCDLIB32.DLL
2009-05-14 05:59 . 2007-01-09 15:59 507136 ----a-w- c:\windows\system32\drivers\SPC220NC.SYS
2009-05-14 05:59 . 2006-11-20 07:04 6656 ----a-w- c:\windows\system32\CoInst.dll
2009-05-14 05:59 . 2009-05-14 05:59 -------- d-----w- c:\program files\Philips
2009-05-14 05:58 . 2009-05-14 05:58 -------- d-----w- c:\documents and settings\Tomek\Dane aplikacji\InstallShield

.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-11 11:32 . 2008-01-13 07:13 -------- d-----w- c:\documents and settings\Tomek\Dane aplikacji\uTorrent
2009-06-10 17:05 . 2008-12-24 00:53 -------- d-----w- c:\program files\Metin2_PL
2009-06-04 20:58 . 2008-05-14 11:06 -------- d-----w- c:\program files\Jewel Quest 2
2009-06-01 23:52 . 2007-08-16 22:09 -------- d-----w- c:\documents and settings\Tomek\Dane aplikacji\Skype
2009-06-01 12:01 . 2009-02-18 06:50 -------- d-----w- c:\program files\Nowe Gadu-Gadu
2009-05-31 22:21 . 2007-02-12 23:04 -------- d-----w- c:\program files\Luxor
2009-05-16 06:04 . 2009-05-07 20:34 -------- d---a-w- c:\documents and settings\All Users\Dane aplikacji\TEMP
2009-05-14 06:00 . 2007-01-18 18:17 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-11 23:01 . 2007-02-12 20:45 10 ---ha-w- c:\windows\popcinfo.dat
2009-05-11 15:33 . 2009-05-11 15:33 157184 ----a-w- c:\documents and settings\Tomek\Dane aplikacji\Thinstall\Microsoft Office Professional Edition 2003\4000009c00002i\MSTORDB.EXE
2009-05-09 08:40 . 2008-09-03 18:20 -------- d-----w- c:\program files\Odkurzacz
2009-05-07 18:33 . 2009-04-14 15:25 -------- d-----w- c:\program files\AskBarDis
2009-05-03 12:21 . 2009-05-03 12:19 163712 ----a-w- c:\windows\system32\drivers\vidstub.sys
2009-05-03 12:19 . 2009-05-03 12:19 -------- d-----w- c:\program files\Common Files\Stardock
2009-04-28 20:31 . 2007-11-18 19:11 -------- d-----w- c:\program files\The Treasures Of Montezuma
2009-04-27 20:24 . 2009-02-18 06:51 -------- d-----w- c:\documents and settings\Tomek\Dane aplikacji\Nowe Gadu-Gadu
2009-04-24 16:22 . 2009-04-24 15:25 -------- d-----w- c:\program files\Tapeter
2009-04-20 10:03 . 2009-04-20 10:03 -------- d-----w- c:\program files\Common Files\Windows Live
2009-04-19 13:01 . 2009-04-19 13:01 -------- d-----w- c:\documents and settings\Tomek\Dane aplikacji\OpenFM
2009-04-18 10:12 . 2006-03-02 12:00 76188 ----a-w- c:\windows\system32\perfc015.dat
2009-04-18 10:12 . 2006-03-02 12:00 454442 ----a-w- c:\windows\system32\perfh015.dat
2009-04-15 13:10 . 2009-04-03 07:33 -------- d-----w- c:\program files\KeyBoardWindow
2009-04-14 15:25 . 2009-04-14 15:25 -------- d-----w- c:\documents and settings\Tomek\Dane aplikacji\Foxit
2009-04-12 20:06 . 2008-06-21 16:21 -------- d-----w- c:\program files\Ubisoft
2009-03-30 16:29 . 2007-11-29 12:22 2516 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-03-22 20:24 . 2009-03-22 20:24 131072 ----a-w- c:\documents and settings\Tomek\Dane aplikacji\Netscape\Plugins\npPxPlay.dll
2009-03-22 20:24 . 2009-03-22 20:24 131072 ----a-w- c:\documents and settings\Tomek\Dane aplikacji\Mozilla\Plugins\npPxPlay.dll
2008-12-19 18:32 . 2008-07-02 19:26 67688 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2008-12-19 18:32 . 2008-07-02 19:26 54368 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2008-12-19 18:32 . 2008-07-02 19:26 34944 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2008-12-19 18:32 . 2008-07-02 19:26 46712 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2008-12-19 18:32 . 2008-07-02 19:26 172136 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-11-18 10:58 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D}]
2009-05-26 16:01 42088 ----a-w- c:\documents and settings\Tomek\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-08-30 139264]
"Dzieńdobry!"="c:\program files\VSD Software\Dzieńdobry!\ddsched.exe" [2005-03-16 10240]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-13 68856]
"SkinClock"="c:\program files\Atomic Alarm Clock\AtomicAlarmClock.exe" [2008-02-20 524800]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-07-02 220544]
"Odkurzacz-MCD"="c:\program files\Odkurzacz\odk_mcd.exe" [2008-08-16 264704]
"uTorrent"="c:\program files\uTorrent\utorrent.exe" [2009-02-09 270128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gainward"="c:\program files\VDOTool\TBPanel.exe" [2007-11-01 2165272]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2006-03-02 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2006-03-02 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2006-03-02 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2006-03-02 455168]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-16 8491008]
"WheelMouse"="c:\program files\A4Tech\Mouse\Amoumain.exe" [2007-02-10 188416]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2005-12-10 133016]
"WireLessKeyboard "="c:\program files\Multimedia Combo Set\PS2USBKbdDrv.exe" [2005-08-02 253952]
"KeyBoardWindow"="c:\program files\KeyBoardWindow\kbw.exe" [2005-08-05 540672]
"Tapeter"="c:\program files\Tapeter\Tapeter.exe" [2005-07-09 434176]
"Monitor"="c:\windows\Philips\SPC220NC\Monitor.exe" [2006-11-03 319488]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-09-16 1626112]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^BlueSoleil VoIP Plugin.lnk]
backup=c:\windows\pss\BlueSoleil VoIP Plugin.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^BlueSoleil.lnk]
backup=c:\windows\pss\BlueSoleil.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^InterVideo WinCinema Manager.lnk]
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^PC Alert 4.lnk]
backup=c:\windows\pss\PC Alert 4.lnkCommon Startup

[HKLM\~\startupfolder\c:^documents and settings^all users^menu start^programy^autostart^traymin220.lnk]
path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\TrayMin220.lnk
backup=c:\windows\pss\TrayMin220.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Tomek^Menu Start^Programy^Autostart^Registration SETTLERS - Dziedzictwo Królów.LNK]
backup=c:\windows\pss\Registration SETTLERS - Dziedzictwo Królów.LNKStartup
path=c:\documents and settings\Tomek\Menu Start\Programy\Autostart\Registration SETTLERS - Dziedzictwo Królów.LNK

[HKLM\~\startupfolder\C:^Documents and Settings^Tomek^Menu Start^Programy^Autostart^UniSpiker-2.6.lnk]
backup=c:\windows\pss\UniSpiker-2.6.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Tomek^Menu Start^Programy^Autostart^Yahoo! Widget Engine.lnk]
backup=c:\windows\pss\Yahoo! Widget Engine.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CBitSpirit
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstalkiLite

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Alwil Software\\Avast4\\ashAvast.exe"=
"c:\\WINDOWS\\system32\\javaw.exe"=
"c:\\Program Files\\NAPI-PROJEKT\\napisy.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Outlook Express\\msimn.exe"=
"c:\\Documents and Settings\\Tomek\\Pulpit\\Radio Internauty.lnk"=
"c:\\Program Files\\Winamp\\winamp.exe"=
"c:\\Dzony-Loker\\mirc.exe"=
"c:\\Program Files\\InterVideo\\DVD7\\WinDVD.exe"=
"c:\\Program Files\\WapSter\\AQQ\\AQQ.exe"=
"c:\\Program Files\\Ubisoft\\THE SETTLERS - Narodziny Imperium\\base\\bin\\Settlers6.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Documents and Settings\\Tomek\\Pulpit\\Jardin_Secret_-_Secret_Garden\\HandyCache\\HandyCache.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\Tomek\\Pulpit\\Dżony Łoker 5.0.lnk"=
"c:\\Program Files\\Metin2_PL\\metin2.bin"=
"c:\\Program Files\\Nowe Gadu-Gadu\\gg.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 BootScreen;BootScreen;\SystemRoot\\SystemRoot\System32\drivers\vidstub.sys --> \SystemRoot\\SystemRoot\System32\drivers\vidstub.sys [?]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-06-14 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-06-14 20560]
R2 SVKP;SVKP;c:\windows\system32\SVKP.sys [2008-03-09 2368]
R3 cmudax;C-Media High Definition Audio Interface;c:\windows\system32\drivers\cmudax.sys [2007-01-18 1287296]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-03-25 24592]
R3 SPC220NC;Philips SPC220NC Webcam;c:\windows\system32\drivers\SPC220NC.SYS [2009-05-14 507136]
R3 uscsc108;uscsc108;c:\windows\system32\drivers\uscsc108.sys [2003-03-09 102336]
S3 ATE_PROCMON;ATE_PROCMON;\??\c:\program files\Anti Trojan Elite\ATEPMon.sys --> c:\program files\Anti Trojan Elite\ATEPMon.sys [?]
S3 MemStPCI;Kontroler modułów pamięci Memory Stick Sony (PCI);c:\windows\system32\drivers\memstpci.sys [2007-01-24 26112]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8ebbc35f-f91a-11dd-b8cb-00110927ff82}]
\Shell\AutoRun\command - J:\Autorun.exe
\Shell\INSTALL\COMMAND - J:\SETUP.EXE
.
- - - - USUNIĘTO PUSTE WPISY - - - -

HKCU-Run-Twoje TVN24 - (no file)
Notify-AtiExtEvent - (no file)


.
------- Skan uzupełniający -------
.
mStart Page = about:blank
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = 127.0.0.1:8080
IE: &Search - http://edits.mywebsearch.com/toolbaredi ... p=ZRfox000
IE: Add to AMV Convert Tool... - c:\program files\MP3 Player Utilities 4.00\AMVConverter\grab.html
IE: MediaManager tool grab multimedia file - c:\program files\MP3 Player Utilities 4.00\MediaManager\grab.html
IE: Pobierz z &BitSpirit
Trusted Zone: microsoft.com\.update
Trusted Zone: mks.com.pl\.www
DPF: {68282C51-9459-467B-95BF-3C0E89627E55} - hxxp://www.mks.com.pl/skaner/SkanerOnline.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game07.zylom.com/activex/zylomgamesplayer.cab
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-11 13:31
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------

[HKEY_USERS\S-1-5-21-1844237615-602162358-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*X*v*i*D*-*N*o*R*A*R*s*"!\OpenWithList]
@Class="Shell"
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

- - - - - - - > 'explorer.exe'(1312)
c:\program files\Atomic Alarm Clock\Clock.dll
c:\windows\system32\Amhooker.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PSIService.exe
c:\program files\Photodex\ProShowGold\scsiaccess.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\VSD Software\Dziec:\windows\system32\wbem\wmiprvse.exe
.
**************************************************************************
.
Czas ukończenia: 2009-06-11 13:34 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt 2009-06-11 11:34

Przed: 9 644 032 000 bajtów wolnych
Po: 10 245 894 144 bajtów wolnych

225 --- E O F --- 2009-05-13 14:56

[Michael Parker]

R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: Foxit Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - Startup: rncsys32.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi ... p=ZRfox000
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game07.zylom.com/activex/zylomgamesplayer.cab

Fix w HijackThis. Instrukcja viewtopic.php?f=22&t=13967

Wylecz pendriva lub kartę pamięci
Flash Disinfector, Perlovga Removal Tool
lub format

Pobierz ComboFix, ale nie uruchamiaj
Wklej do notatnika:

Kod: Zaznacz wszystko

File::
J:\SETUP.EXE
J:\Autorun.exe
C:\Autorun.exe
C:\SETUP.exe

Folder::
c:\program files\AskBarDis

Registry::
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8ebbc35f-f91a-11dd-b8cb-00110927ff82}]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000000


Z menu notatnika wybierz Plik Zapisz jako CFScript.txt.
Przeciągnij i upuść zapisany plik (CFScript.txt) na ikonę ComboFix.exe.
Rozpocznie się usuwanie, program wygeneruje log, dasz go na forum.
Na czas skanowania Combofixem wyłącz wszystkie antywirusy i firewalle.

Logi dajesz na wklej.org lub wklej.eu a w poście podajesz tylko link.

Pobierz Malwarebytes' Anti-Malware Uruchom pełne skanowanie. Jeżeli coś znajdzie, to usuń. Następnie daj log na forum.

Przeskanuj system programem SDFix i daj raport z niego. Instrukcja viewtopic.php?f=22&t=13967

Przeskanuj obszar całego systemu Dr.WEB CureIt!

[fugas761]

Malwarebytes' Anti-Malware 1.37
Wersja bazy definicji: 2261
Windows 5.1.2600 Dodatek Service Pack 3

2009-06-11 17:33:40
mbam-log-2009-06-11 (17-33-40).txt

Typ skanowania: Pełne skanowanie (C:\|)
Przeskanowane obiekty: 174834
Upłynęło: 34 minute(s), 17 second(s)

Zainfekowane procesy w pamięci: 0
Zainfekowane moduły pamięci: 0
Zainfekowane klucze rejestru: 21
Zainfekowane wartości rejestru: 1
Zainfekowane pliki rejestru: 0
Zainfekowane foldery: 0
Zainfekowane pliki: 32

Zainfekowane procesy w pamięci:
(Nie wykryto groźnych plików)

Zainfekowane moduły pamięci:
(Nie wykryto groźnych plików)

Zainfekowane klucze rejestru:
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{0d26bc71-a633-4e71-ad31-eadc3a1b6a3a} (Adware.MyWebSearch) Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{29d67d3c-509a-4544-903f-c8c1b8236554} (Adware.MyWebSearch) Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{3e720450-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{7473d290-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{8ca01f0e-987c-49c3-b852-2f1ac4a7094c} (Adware.MyWebSearch) Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{8e6f1830-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c8cecde3-1ae1-4c4a-ad82-6d5b00212144} (Adware.MyWebSearch) Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e47caee0-deea-464a-9326-3f2801535a4d} (Adware.MyWebSearch) Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e79dfbc0-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{f42228fb-e84e-479e-b922-fbbd096e792c} (Adware.MyWebSearch) Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) Quarantined and deleted successfully.

Zainfekowane wartości rejestru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3PopularScreensavers (Adware.MyWebSearch) Quarantined and deleted successfully.

Zainfekowane pliki rejestru:
(Nie wykryto groźnych plików)

Zainfekowane foldery:
(Nie wykryto groźnych plików)

Zainfekowane pliki:
c:\program files\mozilla firefox\plugins\NPMyWebS.dll (Adware.MyWeb) Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\documents and settings\Tomek\menu start\Programy\autostart\rncsys32.exe.vir (Trojan.Agent) Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\system32\f3PSSavr.scr.vir (Adware.MyWebSearch) Quarantined and deleted successfully.
c:\system volume information\_restore{67fd7104-0bce-46fc-aaae-28b550efde84}\RP841\A0403875.DLL (Adware.MyWeb) Quarantined and deleted successfully.
c:\system volume information\_restore{67fd7104-0bce-46fc-aaae-28b550efde84}\RP841\A0403876.EXE (Adware.MyWeb) Quarantined and deleted successfully.
c:\system volume information\_restore{67fd7104-0bce-46fc-aaae-28b550efde84}\RP841\A0403877.DLL (Adware.MyWeb) Quarantined and deleted successfully.
c:\system volume information\_restore{67fd7104-0bce-46fc-aaae-28b550efde84}\RP841\A0403878.DLL (Adware.MyWeb) Quarantined and deleted successfully.
c:\system volume information\_restore{67fd7104-0bce-46fc-aaae-28b550efde84}\RP841\A0403879.DLL (Adware.MyWeb) Quarantined and deleted successfully.
c:\system volume information\_restore{67fd7104-0bce-46fc-aaae-28b550efde84}\RP841\A0403880.EXE (Adware.MyWeb) Quarantined and deleted successfully.
c:\system volume information\_restore{67fd7104-0bce-46fc-aaae-28b550efde84}\RP841\A0403881.EXE (Adware.MyWeb) Quarantined and deleted successfully.
c:\system volume information\_restore{67fd7104-0bce-46fc-aaae-28b550efde84}\RP841\A0403882.EXE (Adware.MyWeb) Quarantined and deleted successfully.
c:\system volume information\_restore{67fd7104-0bce-46fc-aaae-28b550efde84}\RP841\A0403883.DLL (Adware.MyWeb) Quarantined and deleted successfully.
c:\system volume information\_restore{67fd7104-0bce-46fc-aaae-28b550efde84}\RP841\A0403884.DLL (Adware.MyWeb) Quarantined and deleted successfully.
c:\system volume information\_restore{67fd7104-0bce-46fc-aaae-28b550efde84}\RP841\A0403885.DLL (Adware.MyWeb) Quarantined and deleted successfully.
c:\system volume information\_restore{67fd7104-0bce-46fc-aaae-28b550efde84}\RP841\A0403887.DLL (Adware.MyWeb) Quarantined and deleted successfully.
c:\system volume information\_restore{67fd7104-0bce-46fc-aaae-28b550efde84}\RP841\A0403888.EXE (Adware.MyWeb) Quarantined and deleted successfully.
c:\system volume information\_restore{67fd7104-0bce-46fc-aaae-28b550efde84}\RP841\A0403889.EXE (Adware.MyWeb) Quarantined and deleted successfully.
c:\system volume information\_restore{67fd7104-0bce-46fc-aaae-28b550efde84}\RP841\A0403890.DLL (Adware.MyWeb) Quarantined and deleted successfully.
c:\system volume information\_restore{67fd7104-0bce-46fc-aaae-28b550efde84}\RP841\A0403891.DLL (Adware.MyWeb) Quarantined and deleted successfully.
c:\system volume information\_restore{67fd7104-0bce-46fc-aaae-28b550efde84}\RP841\A0403892.EXE (Adware.MyWeb) Quarantined and deleted successfully.
c:\system volume information\_restore{67fd7104-0bce-46fc-aaae-28b550efde84}\RP841\A0403897.DLL (Adware.MyWebSearch) Quarantined and deleted successfully.
c:\system volume information\_restore{67fd7104-0bce-46fc-aaae-28b550efde84}\RP841\A0403899.DLL (Adware.MyWeb) Quarantined and deleted successfully.
c:\system volume information\_restore{67fd7104-0bce-46fc-aaae-28b550efde84}\RP841\A0403900.SCR (Adware.MyWebSearch) Quarantined and deleted successfully.
c:\system volume information\_restore{67fd7104-0bce-46fc-aaae-28b550efde84}\RP841\A0403904.DLL (Adware.MyWeb) Quarantined and deleted successfully.
c:\system volume information\_restore{67fd7104-0bce-46fc-aaae-28b550efde84}\RP841\A0403907.DLL (Adware.MyWebSearch) Quarantined and deleted successfully.
c:\system volume information\_restore{67fd7104-0bce-46fc-aaae-28b550efde84}\RP841\A0404848.DLL (Adware.MyWeb) Quarantined and deleted successfully.
c:\system volume information\_restore{67fd7104-0bce-46fc-aaae-28b550efde84}\RP841\A0404849.EXE (Adware.MyWeb) Quarantined and deleted successfully.
c:\system volume information\_restore{67fd7104-0bce-46fc-aaae-28b550efde84}\RP842\A0404923.exe (Adware.MyWeb) Quarantined and deleted successfully.
c:\system volume information\_restore{67fd7104-0bce-46fc-aaae-28b550efde84}\RP854\A0408523.exe (Trojan.Agent) Quarantined and deleted successfully.
c:\system volume information\_restore{67fd7104-0bce-46fc-aaae-28b550efde84}\RP861\A0410643.scr (Adware.MyWebSearch) Quarantined and deleted successfully.
c:\system volume information\_restore{67fd7104-0bce-46fc-aaae-28b550efde84}\RP861\A0410648.exe (Trojan.Agent) Quarantined and deleted successfully.
c:\WINDOWS\system32\videocore.dll (Trojan.Vundo) Quarantined and deleted successfully.

[fugas761]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:40:01, on 2009-06-11
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\VDOTool\TBPanel.exe
C:\Program Files\A4Tech\Mouse\Amoumain.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Multimedia Combo Set\PS2USBKbdDrv.exe
C:\Program Files\KeyBoardWindow\kbw.exe
C:\Program Files\Tapeter\Tapeter.exe
C:\WINDOWS\Philips\SPC220NC\Monitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\VSD Software\Dzieńdobry!\ddsched.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Tomek\Pulpit\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.eu.microsoft.com/poland/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: IEPluginBHO - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\Tomek\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll
O4 - HKLM\..\Run: [Gainward] C:\Program Files\VDOTool\TBPanel.exe /A
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1045
O4 - HKLM\..\Run: [WireLessKeyboard ] C:\Program Files\Multimedia Combo Set\PS2USBKbdDrv.exe
O4 - HKLM\..\Run: [KeyBoardWindow] "C:\Program Files\KeyBoardWindow\kbw.exe"
O4 - HKLM\..\Run: [Tapeter] C:\Program Files\Tapeter\Tapeter.exe hide
O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\Philips\SPC220NC\Monitor.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Dzieńdobry!] C:\Program Files\VSD Software\Dzieńdobry!\ddsched.exe /t=06:00
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SkinClock] C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [Odkurzacz-MCD] C:\Program Files\Odkurzacz\odk_mcd.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\utorrent.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 4.00\AMVConverter\grab.html
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.00\MediaManager\grab.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 8743307343
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Skype\toolbars\Shared\Skype4ComAPI.dll
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 8250 bytes

[Michael Parker]

Daj log z usuwania Combofixem.

Logi dajesz na wklej.org lub wklej.eu a w poście podajesz tylko link.

[fugas761]

http://wklej.eu/index.php?id=9c21afab73

[AJAN]

usuń ręcznie folder C: \Qoobox oraz instalkę Combofix z dysku.

Wykonaj optymalizację autostartu

Pobierz CCleaner
lub
CleanGP
przeskanuj nim i wyczyść rejestr.

Wyłącz I włącz przywracanie systemu na wszystkich dyskach.INSTRUKCJA[/quote]

przeskanuj komputer Kaspersky Virusscaner lub Dr.Web Cure It!
gdy będą wirusy pokaż raport