SafeGroup

[code:1] Logfile of HijackThis v1.99.1
Scan saved at 22:30:27, on 2007-11-07
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32ZoneLabsvsmon.exe
Crogram FilesLavasoftAd-Aware 2007aawservice.exe
C:WINDOWSsystem32spoolsv.exe
Crogram FilesAntiVir PersonalEdition Premiumavguard.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSExplorer.EXE
Crogram Filesa-squared Freea2service.exe
Crogram FilesAntiVir PersonalEdition Premiumsched.exe
Crogram FilesAntiVir PersonalEdition Premiumavesvc.exe
Crogram FilesWIDCOMMOprogramowanie interfejsu Bluetoothbinbtwdins.exe
Crogram FilesioloCommonLibioloDMVSvc.exe
crogram FilesCommon FilesLightScribeLSSrvc.exe
C:WINDOWSsystem32svchost.exe
Crogram FilesAntiVir PersonalEdition Premiumavmailc.exe
C:WINDOWSRTHDCPL.EXE
Crogram FilesASUSPower4 GearBatteryLife.exe
Crogram FilesAntiVir PersonalEdition Premiumavgnt.exe
Crogram FilesioloSystem Mechanic 7SMSystemAnalyzer.exe
Crogram FilesZone LabsZoneAlarmzlclient.exe
C:WINDOWSvsnpstd.exe
Crogram FilesSpybot - Search & DestroyTeaTimer.exe
Crogram FilesDNAbtdna.exe
Crogram FilesLavasoftAd-Aware 2007Ad-Watch2007.exe
Crogram FilesASUSAsus ChkMailChkMail.exe
Crogram FilesWIDCOMMOprogramowanie interfejsu BluetoothBTTray.exe
Crogram FilesTlen.pltlen.exe
Crogram FilesMozilla Firefoxfirefox.exe
C:WINDOWSsystem32ctfmon.exe
Cocuments and SettingsLucasPulpitHijackThis.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page =

[Aby zobaczyć linki, zarejestruj się tutaj]

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL =

[Aby zobaczyć linki, zarejestruj się tutaj]

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page =
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page =
R1 - HKCUSoftwareMicrosoftInternet Connection Wizard,ShellNext =

[Aby zobaczyć linki, zarejestruj się tutaj]

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Window Title = Di-Rect
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - Crogram FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll
O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-F6C9-A83FF099B532} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - CROGRA~1SPYBOT~1SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - Crogram FilesJavajre1.6.0_03binssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - Crogram FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Crogram FilesWindows Live Toolbarmsntb.dll
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-F6C9-A83FF099B532} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Crogram FilesWindows Live Toolbarmsntb.dll
O4 - HKLM..Run: [RTHDCPL]RTHDCPL.EXE
O4 - HKLM..Run: [Alcmtr]ALCMTR.EXE
O4 - HKLM..Run: [Power_Gear]Crogram FilesASUSPower4 GearBatteryLife.exe 1
O4 - HKLM..Run: [avgnt]"Crogram FilesAntiVir PersonalEdition Premiumavgnt.exe" /min
O4 - HKLM..Run: [SMSystemAnalyzer]"Crogram FilesioloSystem Mechanic 7SMSystemAnalyzer.exe"
O4 - HKLM..Run: [Ad-Watch]Crogram FilesLavasoftAd-Aware 2007Ad-Watch2007.exe
O4 - HKLM..Run: [ZoneAlarm Client]"Crogram FilesZone LabsZoneAlarmzlclient.exe"
O4 - HKLM..Run: [snpstd]C:WINDOWSvsnpstd.exe
O4 - HKLM..Run: [SBAutoUpdate]"Crogram FilesSpywareBlastersbautoupdate.exe"
O4 - HKCU..Run: [SpybotSD TeaTimer]Crogram FilesSpybot - Search & DestroyTeaTimer.exe
O4 - HKCU..Run: [BitTorrent DNA]"Crogram FilesDNAbtdna.exe"
O4 - Global Startup: ASUS ChkMail.lnk = Crogram FilesASUSAsus ChkMailChkMail.exe
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: &Windows Live Search -

[Aby zobaczyć linki, zarejestruj się tutaj]

FilesWindows Live Toolbarmsntb.dll/search.htm
O8 - Extra context menu item: Wyślij do interfejsu &Bluetooth - Crogram FilesWIDCOMMOprogramowanie interfejsu Bluetoothbtsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Crogram FilesJavajre1.6.0_03binssv.dll
O9 - Extra ''Tools'' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Crogram FilesJavajre1.6.0_03binssv.dll
O9 - Extra button: .dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - Crogram FilesWIDCOMMOprogramowanie interfejsu Bluetoothbtsendto_ie.htm
O9 - Extra ''Tools'' menuitem: .dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - Crogram FilesWIDCOMMOprogramowanie interfejsu Bluetoothbtsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - CROGRA~1SPYBOT~1SDHelper.dll
O9 - Extra ''Tools'' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - CROGRA~1SPYBOT~1SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network Diagnosticxpnetdiag.exe (file missing)
O9 - Extra ''Tools'' menuitem: .dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network Diagnosticxpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Crogram FilesMessengermsmsgs.exe
O9 - Extra ''Tools'' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Crogram FilesMessengermsmsgs.exe
O10 - Broken Internet access because of LSP provider ''avsda.dll'' missing
O11 - Options group: [INTERNATIONAL]International*
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

[Aby zobaczyć linki, zarejestruj się tutaj]

O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) -

[Aby zobaczyć linki, zarejestruj się tutaj]

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - CROGRA~1MSNMES~1MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - CROGRA~1MSNMES~1MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - CROGRA~1COMMON~1SkypeSKYPE4~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:WINDOWSsystem32WPDShServiceObj.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - Crogram Filesa-squared Freea2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - Crogram FilesLavasoftAd-Aware 2007aawservice.exe
O23 - Service: AntiVir PersonalEdition Premium MailGuard (AntiVirMailService) - Avira GmbH - Crogram FilesAntiVir PersonalEdition Premiumavmailc.exe
O23 - Service: AntiVir PersonalEdition Premium Scheduler (AntiVirScheduler) - Avira GmbH - Crogram FilesAntiVir PersonalEdition Premiumsched.exe
O23 - Service: AntiVir PersonalEdition Premium Guard (AntiVirService) - Avira GmbH - Crogram FilesAntiVir PersonalEdition Premiumavguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:WINDOWSsystem32Ati2evxx.exe
O23 - Service: AntiVir PersonalEdition Premium MailGuard helper service (AVEService) - Avira GmbH - Crogram FilesAntiVir PersonalEdition Premiumavesvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - Crogram FilesWIDCOMMOprogramowanie interfejsu Bluetoothbinbtwdins.exe
O23 - Service: iolo DMV Service (ioloDMV) - Unknown owner - Crogram FilesioloCommonLibioloDMVSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - crogram FilesCommon FilesLightScribeLSSrvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:WINDOWSsystem32ZoneLabsvsmon.exe
[/code:1]



Jest tu parę wpisów które mi się nie podobają

Cytat: R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page =
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page =
O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-F6C9-A83FF099B532} - (no file)
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-F6C9-A83FF099B532} - (no file)
O4 - HKLM..Run: [Alcmtr]ALCMTR.EXE

Skasuj te wpisy w hijacku. Możesz dać log z

[Aby zobaczyć linki, zarejestruj się tutaj]

Daje jeszcze raz log z hijackthis

[code:1] Logfile of HijackThis v1.99.1
Scan saved at 23:34:27, on 2007-11-08
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
Crogram FilesLavasoftAd-Aware 2007aawservice.exe
C:WINDOWSsystem32spoolsv.exe
Crogram FilesAntiVir PersonalEdition Premiumavguard.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSExplorer.EXE
Crogram Filesa-squared Freea2service.exe
Crogram FilesAntiVir PersonalEdition Premiumsched.exe
Crogram FilesAntiVir PersonalEdition Premiumavesvc.exe
Crogram FilesWIDCOMMOprogramowanie interfejsu Bluetoothbinbtwdins.exe
Crogram FilesioloCommonLibioloDMVSvc.exe
crogram FilesCommon FilesLightScribeLSSrvc.exe
Crogram FilesSandboxieSbieSvc.exe
C:WINDOWSsystem32svchost.exe
Crogram FilesAntiVir PersonalEdition Premiumavmailc.exe
C:WINDOWSRTHDCPL.EXE
Crogram FilesASUSPower4 GearBatteryLife.exe
Crogram FilesAntiVir PersonalEdition Premiumavgnt.exe
Crogram FilesioloSystem Mechanic 7SMSystemAnalyzer.exe
C:WINDOWSvsnpstd.exe
Crogram FilesSpybot - Search & DestroyTeaTimer.exe
Crogram FilesDNAbtdna.exe
Crogram FilesASUSAsus ChkMailChkMail.exe
Crogram FilesWIDCOMMOprogramowanie interfejsu BluetoothBTTray.exe
Crogram FilesLavasoftAd-Aware 2007Ad-Watch2007.exe
C:WINDOWSsystem32ctfmon.exe
Crogram FilesZone LabsZoneAlarmzlclient.exe
C:WINDOWSsystem32ZoneLabsvsmon.exe
Crogram FilesMozilla Firefoxfirefox.exe
Crogram FilesTlen.pltlen.exe
Crogram FilesSpamihilatorspamihilator.exe
Cocuments and SettingsLucasPulpitHijackThis.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page =

[Aby zobaczyć linki, zarejestruj się tutaj]

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL =

[Aby zobaczyć linki, zarejestruj się tutaj]

R1 - HKCUSoftwareMicrosoftInternet Connection Wizard,ShellNext =

[Aby zobaczyć linki, zarejestruj się tutaj]

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Window Title = Di-Rect
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - Crogram FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll
O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-F6C9-A83FF099B532} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - CROGRA~1SPYBOT~1SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - Crogram FilesJavajre1.6.0_03binssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - Crogram FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll
O4 - HKLM..Run: [RTHDCPL]RTHDCPL.EXE
O4 - HKLM..Run: [Power_Gear]Crogram FilesASUSPower4 GearBatteryLife.exe 1
O4 - HKLM..Run: [avgnt]"Crogram FilesAntiVir PersonalEdition Premiumavgnt.exe" /min
O4 - HKLM..Run: [SMSystemAnalyzer]"Crogram FilesioloSystem Mechanic 7SMSystemAnalyzer.exe"
O4 - HKLM..Run: [Ad-Watch]Crogram FilesLavasoftAd-Aware 2007Ad-Watch2007.exe
O4 - HKLM..Run: [ZoneAlarm Client]"Crogram FilesZone LabsZoneAlarmzlclient.exe"
O4 - HKLM..Run: [snpstd]C:WINDOWSvsnpstd.exe
O4 - HKLM..Run: [SBAutoUpdate]"Crogram FilesSpywareBlastersbautoupdate.exe"
O4 - HKCU..Run: [SpybotSD TeaTimer]Crogram FilesSpybot - Search & DestroyTeaTimer.exe
O4 - HKCU..Run: [BitTorrent DNA]"Crogram FilesDNAbtdna.exe"
O4 - HKCU..Run: [SandboxieControl]Crogram FilesSandboxieControl.exe
O4 - Global Startup: ASUS ChkMail.lnk = Crogram FilesASUSAsus ChkMailChkMail.exe
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: Wyślij do interfejsu &Bluetooth - Crogram FilesWIDCOMMOprogramowanie interfejsu Bluetoothbtsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Crogram FilesJavajre1.6.0_03binssv.dll
O9 - Extra ''Tools'' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Crogram FilesJavajre1.6.0_03binssv.dll
O9 - Extra button: .dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - Crogram FilesWIDCOMMOprogramowanie interfejsu Bluetoothbtsendto_ie.htm
O9 - Extra ''Tools'' menuitem: .dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - Crogram FilesWIDCOMMOprogramowanie interfejsu Bluetoothbtsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - CROGRA~1SPYBOT~1SDHelper.dll
O9 - Extra ''Tools'' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - CROGRA~1SPYBOT~1SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network Diagnosticxpnetdiag.exe (file missing)
O9 - Extra ''Tools'' menuitem: .dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network Diagnosticxpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Crogram FilesMessengermsmsgs.exe
O9 - Extra ''Tools'' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Crogram FilesMessengermsmsgs.exe
O10 - Broken Internet access because of LSP provider ''avsda.dll'' missing
O11 - Options group: [INTERNATIONAL]International*
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

[Aby zobaczyć linki, zarejestruj się tutaj]

O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) -

[Aby zobaczyć linki, zarejestruj się tutaj]

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - CROGRA~1MSNMES~1MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - CROGRA~1MSNMES~1MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - CROGRA~1COMMON~1SkypeSKYPE4~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:WINDOWSsystem32WPDShServiceObj.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - Crogram Filesa-squared Freea2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - Crogram FilesLavasoftAd-Aware 2007aawservice.exe
O23 - Service: AntiVir PersonalEdition Premium MailGuard (AntiVirMailService) - Avira GmbH - Crogram FilesAntiVir PersonalEdition Premiumavmailc.exe
O23 - Service: AntiVir PersonalEdition Premium Scheduler (AntiVirScheduler) - Avira GmbH - Crogram FilesAntiVir PersonalEdition Premiumsched.exe
O23 - Service: AntiVir PersonalEdition Premium Guard (AntiVirService) - Avira GmbH - Crogram FilesAntiVir PersonalEdition Premiumavguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:WINDOWSsystem32Ati2evxx.exe
O23 - Service: AntiVir PersonalEdition Premium MailGuard helper service (AVEService) - Avira GmbH - Crogram FilesAntiVir PersonalEdition Premiumavesvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - Crogram FilesWIDCOMMOprogramowanie interfejsu Bluetoothbinbtwdins.exe
O23 - Service: iolo DMV Service (ioloDMV) - Unknown owner - Crogram FilesioloCommonLibioloDMVSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - crogram FilesCommon FilesLightScribeLSSrvc.exe
O23 - Service: Sandboxie Service (SbieSvc) - tzuk - Crogram FilesSandboxieSbieSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:WINDOWSsystem32ZoneLabsvsmon.exe

Cytat:

[/code:1]

Log z combo

[code:1] ComboFix 07-11-08.1 - Lucas 2007-11-08 23:36:35.1 - NTFSx86
Microsoft Windows XP Home Edition5.1.2600.2.1250.1.1045.18.261 [GMT 1:00]
Running from: Cocuments and SettingsLucasPulpitComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2007-10-08 to 2007-11-08)))))))))))))))))))))))))))))))
.

2007-11-08 23:35 51,200 --a------ C:WINDOWSNirCmd.exe
2007-11-07 23:43 <DIR> d-------- Crogram FilesAxBx
2007-11-07 23:04 <DIR> d-------- Cocuments and SettingsLucasDane aplikacjiSandbox
2007-11-07 22:58 <DIR> d-------- Crogram FilesSandboxie
2007-11-06 11:11 <DIR> d-------- Crogram FilesFotosik Manager
2007-11-04 21:03 <DIR> d-------- Crogram FilesMicrosoft Games
2007-11-04 16:06 <DIR> d-------- C:WINDOWSSun
2007-11-04 16:04 <DIR> d-------- Crogram FilesJava
2007-11-04 16:03 <DIR> d-------- Crogram FilesCommon FilesJava
2007-11-04 12:05 <DIR> d-------- Cocuments and SettingsLucasBluetooth Software
2007-11-04 11:59 <DIR> d-------- Crogram FilesWIDCOMM
2007-11-04 09:27 <DIR> d-------- Cocuments and SettingsAll UsersDane aplikacjiWindows Live Toolbar
2007-11-04 09:26 <DIR> d-------- Crogram FilesWindows Live Toolbar
2007-11-04 09:22 <DIR> d-------- Crogram FilesFREETOOLBAR20 Toolbar
2007-11-03 21:53 <DIR> d-------- Cocuments and SettingsLucasContacts
2007-11-03 21:52 <DIR> d----c--- C:WINDOWSsystem32DRVSTORE
2007-11-03 21:48 <DIR> d-------- Crogram FilesMSN Messenger
2007-11-03 20:02 <DIR> d-------- Crogram FilesGrupa33
2007-11-03 19:06 5,504 --a------ C:WINDOWSsystem32driversMSTEE.sys
2007-11-03 19:06 5,504 --a------ C:WINDOWSsystem32dllcachemstee.sys
2007-11-03 19:05 <DIR> d-------- Crogram Filesdirectx
2007-11-03 19:04 <DIR> d-------- Crogram FilesTRUST 120 SPACEC@M
2007-11-03 19:04 299,776 --a------ C:WINDOWSsystem32driverssnpstd.sys
2007-11-03 19:04 245,408 --a------ C:WINDOWSUnicows.dll
2007-11-03 19:04 57,344 --a------ C:WINDOWSsystem32csnpstd.dll
2007-11-03 19:04 53,248 --a------ C:WINDOWSsystem32dsnpstd.dll
2007-11-03 19:04 40,960 --a------ C:WINDOWSvsnpstd.exe
2007-11-03 19:04 40,960 --a------ C:WINDOWSCleanDev.exe
2007-11-03 19:04 36,864 --a------ C:WINDOWSsystem32vsnpstd.dll
2007-11-03 18:35 <DIR> d-------- Cocuments and SettingsLucasDane aplikacjiSkype
2007-11-03 18:33 <DIR> d-------- Crogram FilesSkype
2007-11-03 18:33 <DIR> d-------- Crogram FilesCommon FilesSkype
2007-11-03 18:33 <DIR> d-------- Cocuments and SettingsAll UsersDane aplikacjiSkype
2007-11-03 17:25 <DIR> d-------- Crogram Files10 voor Taal Deluxe
2007-11-03 16:51 4,096 --a------ C:WINDOWSd3dx.dat
2007-11-03 16:49 <DIR> d-------- Crogram FilesRayStorm
2007-11-03 16:44 <DIR> d-------- Cocuments and SettingsLucasDane aplikacjiLeadertech
2007-11-03 16:20 <DIR> d-------- Cocuments and SettingsLucasDane aplikacjiAdobeUM
2007-11-03 00:43 <DIR> d-------- Crogram FilesSony Ericsson
2007-11-03 00:14 45,056 --a------ C:WINDOWSsystem32WNASPI32.DLL
2007-11-03 00:14 16,877 --a------ C:WINDOWSsystem32driversASPI32.SYS
2007-11-03 00:14 5,600 --a------ C:WINDOWSsystemWINASPI.DLL
2007-11-03 00:14 4,672 --a------ C:WINDOWSsystemWOWPOST.EXE
2007-11-02 23:58 <DIR> d--hs---- C:INCINERATE
2007-11-02 23:38 <DIR> d-------- Crogram FilesDNA
2007-11-02 23:38 <DIR> d-------- Crogram FilesBitTorrent
2007-11-02 23:38 <DIR> d-------- Cocuments and SettingsLucasDane aplikacjiDNA
2007-11-02 23:38 <DIR> d-------- Cocuments and SettingsLucasDane aplikacjiBitTorrent
2007-11-02 23:32 <DIR> d-------- Cocuments and SettingsLucasDane aplikacji.phish
2007-11-02 22:23 18,462,752 --ahs---- C:WINDOWSsystem32driversfidbox.dat
2007-11-02 21:46 <DIR> d-------- Cocuments and SettingsAll UsersDane aplikacjiMailFrontier
2007-11-02 21:46 75,248 --a------ C:WINDOWSzllsputility.exe
2007-11-02 21:46 4,212 ---h----- C:WINDOWSsystem32zllictbl.dat
2007-11-02 21:45 <DIR> d-------- C:WINDOWSsystem32ZoneLabs
2007-11-02 21:45 1,086,952 --a------ C:WINDOWSsystem32zpeng24.dll
2007-11-02 21:44 <DIR> d-------- C:WINDOWSInternet Logs
2007-11-02 20:51 <DIR> d-------- Cocuments and SettingsLucasDane aplikacjiOfficeUpdate12
2007-11-02 20:48 <DIR> d-------- Crogram FilesQuickTime Alternative
2007-11-02 20:48 <DIR> d-------- Cocuments and SettingsAll UsersDane aplikacjiApple Computer
2007-11-02 20:47 <DIR> d-------- Crogram FilesReal Alternative
2007-11-02 20:24 1,467 --a------ C:WINDOWSmozver.dat
2007-11-02 20:14 <DIR> d-------- Crogram FilesXP Codec Pack
2007-11-02 20:07 <DIR> d-------- Crogram FilesTlen.pl
2007-11-02 20:07 <DIR> d-------- Cocuments and SettingsLucasDane aplikacjiTlen.pl
2007-11-02 20:04 <DIR> d-------- Crogram FilesSpamihilator
2007-11-02 19:54 6,058,496 --a------ C:WINDOWSsystem32dllcacheieframe.dll
2007-11-02 19:54 2,455,488 --a------ C:WINDOWSsystem32dllcacheieapfltr.dat
2007-11-02 19:54 459,264 --a------ C:WINDOWSsystem32dllcachemsfeeds.dll
2007-11-02 19:54 383,488 --a------ C:WINDOWSsystem32dllcacheieapfltr.dll
2007-11-02 19:54 267,776 --a------ C:WINDOWSsystem32dllcacheiertutil.dll
2007-11-02 19:54 63,488 --a------ C:WINDOWSsystem32dllcacheicardie.dll
2007-11-02 19:54 52,224 --a------ C:WINDOWSsystem32dllcachemsfeedsbs.dll
2007-11-02 19:54 13,824 --a------ C:WINDOWSsystem32dllcacheieudinit.exe
2007-11-02 19:44 <DIR> d-------- Crogram FilesMSXML 6.0
2007-11-02 19:32 <DIR> d-------- Crogram FilesMSBuild
2007-11-02 19:29 <DIR> d-------- C:WINDOWSsystem32XPSViewer
2007-11-02 19:28 <DIR> d-------- Crogram FilesReference Assemblies
2007-11-02 19:28 14,048 --a------ C:WINDOWSsystem32spmsg2.dll
2007-11-02 19:27 <DIR> d-------- Crogram FilesWindows Media Connect 2
2007-11-02 19:26 <DIR> d-------- C:WINDOWSsystem32LogFiles
2007-11-02 19:26 <DIR> d-------- C:WINDOWSsystem32driversUMDF
2007-11-02 19:21 <DIR> d-------- C:WINDOWSsystem32URTTemp
2007-11-02 19:05 584,192 --a------ C:WINDOWSsystem32dllcacherpcrt4.dll
2007-11-02 19:00 <DIR> d--hs---- Cocuments and SettingsLucasUserData
2007-11-02 18:59 <DIR> d-------- Crogram FilesCCleaner
2007-11-02 18:53 <DIR> d-------- C:WINDOWSShellNew
2007-11-02 18:53 <DIR> d-------- Crogram FilesPrzeglądarka migawek
2007-11-02 18:52 <DIR> d-------- C:WINDOWSTwain32
2007-11-02 18:52 <DIR> d-------- Cocuments and SettingsLucasDane aplikacjiMicrosoft Web Folders
2007-11-02 18:50 <DIR> d-------- Crogram FilesDAEMON Tools
2007-11-02 18:47 646,392 --a------ C:WINDOWSsystem32driverssptd.sys
2007-11-02 18:42 <DIR> d-------- Crogram Filesa-squared Free
2007-11-02 18:30 <DIR> d-------- Crogram FilesLavasoft
2007-11-02 18:30 <DIR> d-------- Cocuments and SettingsAll UsersDane aplikacjiLavasoft
2007-11-02 18:29 <DIR> d-------- Crogram FilesCommon FilesWise Installation Wizard
2007-11-02 18:24 <DIR> d-------- Crogram Filesiolo
2007-11-02 18:24 <DIR> d-------- Cocuments and SettingsLocalServiceDane aplikacjiiolo
2007-11-02 18:24 378,216 --a------ C:WINDOWSsystem32Incinerator.dll
2007-11-02 18:24 41,472 --a------ C:WINDOWSsystem32iolobtdfg.exe
2007-11-02 18:24 25,264 --a------ C:WINDOWSsystem32smrgdf.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-08 17:02 218,564 --sha-w C:WINDOWSsystem32driversfidbox.idx
2007-11-03 18:04 --------- d--h--w Crogram FilesInstallShield Installation Information
2007-11-03 15:29 --------- d-----w Crogram FilesCommon FilesAdobe
2007-11-02 22:38 --------- d-----w Cocuments and SettingsLucasDane aplikacji.phish
2007-11-02 17:36 9,344 ----a-w C:WINDOWSsystem32driversNSDriver.sys
2007-11-02 17:36 8,320 ----a-w C:WINDOWSsystem32driversAWRTRD.sys
2007-08-22 12:58 474,112 ----a-w C:WINDOWSsystem32dllcacheshlwapi.dll
2007-08-22 12:58 151,552 ----a-w C:WINDOWSsystem32dllcachecdfview.dll
2007-08-22 12:58 1,498,112 ----a-w C:WINDOWSsystem32dllcacheshdocvw.dll
2007-08-22 12:58 1,055,744 ----a-w C:WINDOWSsystem32dllcachedanim.dll
2007-08-22 12:58 1,022,976 ----a-w C:WINDOWSsystem32dllcachebrowseui.dll
2007-08-21 06:18 683,520 ----a-w C:WINDOWSsystem32inetcomm.dll
2007-08-20 14:31 3,584,512 ----a-w C:WINDOWSsystem32dllcachemshtml.dll
2007-08-20 10:01 824,832 ----a-w C:WINDOWSsystem32dllcachewininet.dll
2007-08-20 10:01 671,232 ----a-w C:WINDOWSsystem32dllcachemstime.dll
2007-08-20 10:01 477,696 ----a-w C:WINDOWSsystem32dllcachemshtmled.dll
2007-08-20 10:01 44,544 ----a-w C:WINDOWSsystem32dllcacheiernonce.dll
2007-08-20 10:01 384,512 ----a-w C:WINDOWSsystem32dllcacheiedkcs32.dll
2007-08-20 10:01 27,648 ----a-w C:WINDOWSsystem32dllcachejsproxy.dll
2007-08-20 10:01 232,960 ----a-w C:WINDOWSsystem32dllcachewebcheck.dll
2007-08-20 10:01 230,400 ----a-w C:WINDOWSsystem32dllcacheieaksie.dll
2007-08-20 10:01 214,528 ----a-w C:WINDOWSsystem32dllcachedxtrans.dll
2007-08-20 10:01 193,024 ----a-w C:WINDOWSsystem32dllcachemsrating.dll
2007-08-20 10:01 153,088 ----a-w C:WINDOWSsystem32dllcacheieakeng.dll
2007-08-20 10:01 132,608 ----a-w C:WINDOWSsystem32dllcacheextmgr.dll
2007-08-20 10:01 124,928 ----a-w C:WINDOWSsystem32dllcacheadvpack.dll
2007-08-20 10:01 105,984 ----a-w C:WINDOWSsystem32dllcacheurl.dll
2007-08-20 10:01 102,400 ----a-w C:WINDOWSsystem32dllcacheoccache.dll
2007-08-20 10:01 1,152,000 ----a-w C:WINDOWSsystem32dllcacheurlmon.dll
2007-08-17 15:23 679,936 ----a-w C:WINDOWSsystem32spsplib1.dll
2007-08-17 10:24 63,488 ----a-w C:WINDOWSsystem32dllcacheie4uinit.exe
2007-08-17 10:24 625,152 ----a-w C:WINDOWSsystem32dllcacheiexplore.exe
2007-08-17 07:34 161,792 ----a-w C:WINDOWSsystem32dllcacheieakui.dll
2007-08-13 17:54 413,696 ----a-w C:WINDOWSsystem32vbscript.dll
2007-08-13 17:54 413,696 ----a-w C:WINDOWSsystem32dllcachevbscript.dll
2007-08-13 17:54 33,792 ----a-w C:WINDOWSsystem32dllcachecustsat.dll
2007-08-13 17:54 191,488 ----a-w C:WINDOWSsystem32dllcacheiepeers.dll
2007-08-13 17:54 156,160 ----a-w C:WINDOWSsystem32msls31.dll
2007-08-13 17:54 156,160 ----a-w C:WINDOWSsystem32dllcachemsls31.dll
2007-08-13 17:45 78,336 ----a-w C:WINDOWSsystem32ieencode.dll
2007-08-13 17:45 78,336 ----a-w C:WINDOWSsystem32dllcacheieencode.dll
2007-08-13 17:44 69,120 ----a-w C:WINDOWSsystem32dllcacheiedw.exe
2007-08-13 17:44 40,960 ----a-w C:WINDOWSsystem32licmgr10.dll
2007-08-13 17:44 40,960 ----a-w C:WINDOWSsystem32dllcachelicmgr10.dll
2007-08-13 17:42 17,408 ----a-w C:WINDOWSsystem32dllcachecorpol.dll
2007-08-13 17:39 92,672 ----a-w C:WINDOWSsystem32dllcacheinseng.dll
2007-08-13 17:39 71,680 ----a-w C:WINDOWSsystem32dllcacheadmparse.dll
2007-08-13 17:39 71,680 ----a-w C:WINDOWSsystem32admparse.dll
2007-08-13 17:39 55,296 ----a-w C:WINDOWSsystem32iesetup.dll
2007-08-13 17:39 55,296 ----a-w C:WINDOWSsystem32dllcacheiesetup.dll
2007-08-13 17:38 491,520 ----a-w C:WINDOWSsystem32dllcachejscript.dll
2007-08-13 17:36 44,544 ----a-w C:WINDOWSsystem32dllcachepngfilt.dll
2007-08-13 17:36 36,352 ----a-w C:WINDOWSsystem32imgutil.dll
2007-08-13 17:36 36,352 ----a-w C:WINDOWSsystem32dllcacheimgutil.dll
2007-08-13 17:35 346,624 ----a-w C:WINDOWSsystem32dllcachedxtmsft.dll
2007-08-13 17:32 45,568 ----a-w C:WINDOWSsystem32mshta.exe
2007-08-13 17:32 45,568 ----a-w C:WINDOWSsystem32dllcachemshta.exe
2007-08-13 17:18 60,416 ----a-w C:WINDOWSsystem32dllcachehmmapi.dll
2007-08-13 17:01 48,128 ----a-w C:WINDOWSsystem32mshtmler.dll
2007-08-13 17:01 48,128 ----a-w C:WINDOWSsystem32dllcachemshtmler.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE~Browser Helper Objects{4E7BD74F-2B8D-469E-F6C9-A83FF099B532}]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
"RTHDCPL"="RTHDCPL.EXE" [2006-04-17 03:34 C:WINDOWSRTHDCPL.exe]
"Power_Gear"="Crogram FilesASUSPower4 GearBatteryLife.exe" [2006-03-14 17:46]
"avgnt"="Crogram FilesAntiVir PersonalEdition Premiumavgnt.exe" [2007-11-02 18:20]
"SMSystemAnalyzer"="Crogram FilesioloSystem Mechanic 7SMSystemAnalyzer.exe" [2007-10-03 09:05]
"Ad-Watch"="Crogram FilesLavasoftAd-Aware 2007Ad-Watch2007.exe" [2007-11-02 18:37]
"ZoneAlarm Client"="Crogram FilesZone LabsZoneAlarmzlclient.exe" [2007-09-06 16:14]
"snpstd"="C:WINDOWSvsnpstd.exe" [2003-12-31 17:39]
"SBAutoUpdate"="Crogram FilesSpywareBlastersbautoupdate.exe" [2006-01-01 15:08]

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
"SpybotSD TeaTimer"="Crogram FilesSpybot - Search & DestroyTeaTimer.exe" [2007-08-31 16:46]
"BitTorrent DNA"="Crogram FilesDNAbtdna.exe" [2007-11-02 23:38]
"SandboxieControl"="Crogram FilesSandboxieControl.exe" [2007-10-19 23:13]

R2 AntiVirMailService;AntiVir PersonalEdition Premium MailGuard;"Crogram FilesAntiVir PersonalEdition Premiumavmailc.exe"
R2 AVEService;AntiVir PersonalEdition Premium MailGuard helper service;"Crogram FilesAntiVir PersonalEdition Premiumavesvc.exe"
R3 SbieDrv;SbieDrv;??Crogram FilesSandboxieSbieDrv.sys
R3 ZD1211BU(ASUS);ASUS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ASUS);C:WINDOWSsystem32DRIVERSzd1211Bu.sys
S3 ASNDIS5;ASNDIS5 Protocol Driver;??C:WINDOWSsystem32ASNDIS5.SYS
S3 USBSTOR;Sterownik magazynu masowego USB;C:WINDOWSsystem32DRIVERSUSBSTOR.SYS

*Newly Created Service* - AD-WATCH_REGISTRY_FILTER
*Newly Created Service* - CATCHME
.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

[Aby zobaczyć linki, zarejestruj się tutaj]

Rootkit scan 2007-11-08 23:38:11
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-08 23:39:11
.
--- E O F ---

Cytat:

[/code:1]


ok mam nadzieje ze tu tez wszystko ok

Cytat: Crogram FilesAxBx
Crogram Files10 voor Taal Deluxe

Znasz te foldery?

Cytat: C:WINDOWSsystem32iolobtdfg.exe

Przeskanujplik na

[Aby zobaczyć linki, zarejestruj się tutaj]

lub

[Aby zobaczyć linki, zarejestruj się tutaj]

W hijacku skasuj

Cytat: O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-F6C9-A83FF099B532} - (no file)

bodek napisał(a):

Cytat: Crogram FilesAxBx
Crogram Files10 voor Taal Deluxe

Znasz te foldery?

Cytat: C:WINDOWSsystem32iolobtdfg.exe

Przeskanujplik na

[Aby zobaczyć linki, zarejestruj się tutaj]

lub

[Aby zobaczyć linki, zarejestruj się tutaj]

W hijacku skasuj

Cytat: O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-F6C9-A83FF099B532} - (no file)

Foldery znama to iolobtdfg.exe to jest czesc programu System Mechanic 7 wiec tez nie szkodliwewpis w hijacku wykasowany

W takim razie zastosuj jeszcze

[Aby zobaczyć linki, zarejestruj się tutaj]

Instrukcja:

Cytat:
- Dwuklik na SDFix.exe następnie program wypakuje się na dysk systemowy (standardowo C:SDFix)
- Zrestartuj komputer i wejdź do trybu awaryjnego (klawisz F8 przed bootem Windowsa)
- Wejdź do folderu z SDFix kliknij dwa razy na plik RunThis.bat
- Wciśnij Y nastąpi proces usuwania.
- Kiedy usuwanie się ukończy wciśnij dowolny klawisz (Any Key). Nastąpi restart komputera.
- Po restarcie SDFix uruchomi się ponownie, żeby dokończyć proces usuwania kiedy pojawi się w oknie programu Finished, wciśnij dowolny klawisz do zakończenia scryptu i załadowania ikon na pulpicie.
- Pokaż Report.txt znajdujący się w folderze SDFix.

Cytat:

SDFix: Version 1.114

Run by Lucas on 2007-11-18 at 11:59

Microsoft Windows XP [Wersja 5.1.2600]

Running From: COCUME~1LucasPulpitNOWYFO~1SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

No Trojan Files Found




Removing Temp Files...

ADS Check:

C:WINDOWS
No streams found.

C:WINDOWSsystem32
No streams found.

C:WINDOWSsystem32svchost.exe
No streams found.

C:WINDOWSsystem32ntoskrnl.exe
No streams found.



Final Check:

catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

[Aby zobaczyć linki, zarejestruj się tutaj]

Rootkit scan 2007-11-18 12:06:10
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicessptdCfg]
"s1"=dword:34e39fd6
"s2"=dword:ada9a0a9
"h0"=dword:00000001

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicessptdCfg19659239224E364682FA4BAF72C53EA4]
"p0"="Crogram FilesDAEMON Tools"
"h0"=dword:00000000
"khjeh"=hex:e5,b7,3d,50,d0,3a,0a,9e,db,f6,c5,37,f3,50,12,44,70,f2,b1,bc,b4,..

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicessptdCfg19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,92,56,c8,75,ab,42,a5,bf,26,b1,2e,18,d2,64,43,d9,24,..
"khjeh"=hex:62,63,3c,be,6f,3c,e0,c7,26,9f,f4,82,5c,fd,ae,ed,19,51,00,a4,a8,..

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicessptdCfg19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:4e,fc,64,f0,15,8f,d3,2f,04,30,82,82,6e,bf,f4,49,f8,ec,a9,33,29,..
[HKEY_LOCAL_MACHINESYSTEMControlSet003ServicessptdCfg19659239224E364682FA4BAF72C53EA4]
"p0"="Crogram FilesDAEMON Tools"
"h0"=dword:00000000
"khjeh"=hex:e5,b7,3d,50,d0,3a,0a,9e,db,f6,c5,37,f3,50,12,44,70,f2,b1,bc,b4,..

[HKEY_LOCAL_MACHINESYSTEMControlSet003ServicessptdCfg19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,92,56,c8,75,ab,42,a5,bf,26,b1,2e,18,d2,64,43,d9,24,..
"khjeh"=hex:62,63,3c,be,6f,3c,e0,c7,26,9f,f4,82,5c,fd,ae,ed,19,51,00,a4,a8,..

[HKEY_LOCAL_MACHINESYSTEMControlSet003ServicessptdCfg19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:4e,fc,64,f0,15,8f,d3,2f,04,30,82,82,6e,bf,f4,49,f8,ec,a9,33,29,..

scanning hidden registry entries ...

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorerMenuOrderFavoritesA151c]
"Order"=hex:08,00,00,00,02,00,00,00,c4,01,00,00,01,00,00,00,04,00,00,00,98,..

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:EnabledNA"

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]

Remaining Files:
---------------


Files with Hidden Attributes:

Fri2 Nov 2007 678,766 A..H. --- "Crogram FilesioloSystem Mechanic 7unins000.exe"

Finished!
[code:1] [/code:1]

Log jest ok

Dzieki wielkie za pomoc

Cytat: Logfile of HijackThis v1.99.1
Scan saved at 16:22:53, on 2007-11-21
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
Crogram FilesLavasoftAd-Aware 2007aawservice.exe
C:WINDOWSsystem32spoolsv.exe
Crogram FilesAntiVir PersonalEdition Classicavguard.exe
Crogram Filesa-squared Freea2service.exe
Crogram FilesAntiVir PersonalEdition Classicsched.exe
C:WINDOWSExplorer.EXE
Crogram FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
Crogram FilesWIDCOMMBluetooth Softwarebinbtwdins.exe
Crogram FilesioloCommonLibioloDMVSvc.exe
Crogram FilesCommon FilesLightScribeLSSrvc.exe
C:WINDOWSRTHDCPL.EXE
Crogram FilesSynapticsSynTPSynTPEnh.exe
Crogram FilesIntelWirelessBinEOUWiz.exe
Crogram FilesAntiVir PersonalEdition Classicavgnt.exe
Crogram FilesZone LabsZoneAlarmzlclient.exe
C:WINDOWSSystem32nvsvc32.exe
C:WINDOWSsystem32rundll32.exe
Crogram FilesioloSystem Mechanic 7SMSystemAnalyzer.exe
C:WINDOWSsystem32ctfmon.exe
Crogram FilesSpybot - Search & DestroyTeaTimer.exe
Crogram FilesKalendarz XPKalendarz.exe
COCUME~1adminUSTAWI~1TempRtkBtMnt.exe
CROGRA~1ZONELA~1ZONEAL~1MAILFR~1mantispm.exe
Crogram FilesAresAres.exe
Crogram FilesGadu-Gadugg.exe
C:WINDOWSsystem32ZoneLabsvsmon.exe
C:WINDOWSsystem32wuauclt.exe
Cocuments and SettingsadminPulpitHijackThis.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page =

[Aby zobaczyć linki, zarejestruj się tutaj]

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page =
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page =
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - CROGRA~1SPYBOT~1SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - Crogram FilesJavajre1.6.0_01binssv.dll
O4 - HKLM..Run: [NvCplDaemon]RUNDLL32.EXE C:WINDOWSSystem32NvCpl.dll,NvStartup
O4 - HKLM..Run: [nwiz]nwiz.exe /install
O4 - HKLM..Run: [RTHDCPL]RTHDCPL.EXE
O4 - HKLM..Run: [SkyTel]SkyTel.EXE
O4 - HKLM..Run: [AzMixerSel]Crogram FilesRealtekInstallShieldAzMixerSel.exe
O4 - HKLM..Run: [SynTPEnh]Crogram FilesSynapticsSynTPSynTPEnh.exe
O4 - HKLM..Run: [EOUApp]"Crogram FilesIntelWirelessBinEOUWiz.exe"
O4 - HKLM..Run: [avgnt]"Crogram FilesAntiVir PersonalEdition Classicavgnt.exe" /min
O4 - HKLM..Run: [ZoneAlarm Client]"Crogram FilesZone LabsZoneAlarmzlclient.exe"
O4 - HKLM..Run: [BluetoothAuthenticationAgent]rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM..Run: [SMSystemAnalyzer]"Crogram FilesioloSystem Mechanic 7SMSystemAnalyzer.exe"
O4 - HKCU..Run: [CTFMON.EXE]C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [ares]"Crogram FilesAresAres.exe" -h
O4 - HKCU..Run: [SpybotSD TeaTimer]Crogram FilesSpybot - Search & DestroyTeaTimer.exe
O4 - HKCU..Run: [OM2_Monitor]"Crogram FilesOLYMPUSOLYMPUS Master 2MMonitor.exe" -NoStart
O4 - Global Startup: Kalendarz XP.lnk = Crogram FilesKalendarz XPKalendarz.exe
O4 - Global Startup: Microsoft Office.lnk = Crogram FilesMicrosoft OfficeOfficeOSA9.EXE
O8 - Extra context menu item: Transfer by Image Converter 3 - CROGRAM FILESSONYIMAGE CONVERTER 3menu.htm
O8 - Extra context menu item: Wyślij do urządzenia &Bluetooth... - Crogram FilesWIDCOMMBluetooth Softwarebtsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Crogram FilesJavajre1.6.0_01binssv.dll
O9 - Extra ''Tools'' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Crogram FilesJavajre1.6.0_01binssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - Crogram FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll
O9 - Extra button: .dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - Crogram FilesWIDCOMMBluetooth Softwarebtsendto_ie.htm
O9 - Extra ''Tools'' menuitem: .dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - Crogram FilesWIDCOMMBluetooth Softwarebtsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - CROGRA~1SPYBOT~1SDHelper.dll
O9 - Extra ''Tools'' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - CROGRA~1SPYBOT~1SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Crogram FilesMessengermsmsgs.exe
O9 - Extra ''Tools'' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Crogram FilesMessengermsmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) -

[Aby zobaczyć linki, zarejestruj się tutaj]

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - CROGRA~1COMMON~1SkypeSKYPE4~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:WINDOWSsystem32WPDShServiceObj.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - Crogram Filesa-squared Freea2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - Crogram FilesLavasoftAd-Aware 2007aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - Crogram FilesAntiVir PersonalEdition Classicsched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - Crogram FilesAntiVir PersonalEdition Classicavguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - Crogram FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - Crogram FilesAreschatServer.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - Crogram FilesWIDCOMMBluetooth Softwarebinbtwdins.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - Crogram FilesIntelWirelessBinEvtEng.exe
O23 - Service: Image Converter SCSI Service (ICScsiSV) - Sony Corporation - Crogram FilesSonyIMAGE CONVERTER 3ICScsiSV.exe
O23 - Service: IcVzMonLauncher - Sony Corporation - Crogram FilesSonyIMAGE CONVERTER 3IcVzMonLauncher.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - Crogram FilesCommon FilesInstallShieldDriver1150Intel 32IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - Crogram FilesSonyIMAGE CONVERTER 3IcVzMon.exe
O23 - Service: iolo DMV Service (ioloDMV) - Unknown owner - Crogram FilesioloCommonLibioloDMVSvc.exe
O23 - Service: iPod Service - Apple Inc. - Crogram FilesiPodbiniPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - Crogram FilesCommon FilesLightScribeLSSrvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - Crogram FilesCommon FilesSony SharedAVLibMSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSSystem32nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - Crogram FilesCommon FilesSony SharedAVLibPACSPTISVR.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - Crogram FilesIntelWirelessBinRegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation- Crogram FilesIntelWirelessBinS24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - Crogram FilesCommon FilesPCSuiteServicesServiceLayer.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - Crogram FilesCommon FilesSony SharedAVLibSsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - Crogram FilesCommon FilesSony SharedAVLibSPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - Crogram FilesCommon FilesSony SharedAVLibSSScsiSV.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:WINDOWSsystem32ZoneLabsvsmon.exe
[code:1]

Mozesz jesz cze tu zerknac czy wszystko ok
[/code:1]

Cytat: R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page =
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page =

Skasuj te wpisy w hijacku
Zobacz

[Aby zobaczyć linki, zarejestruj się tutaj]

Cytat: ComboFix 07-10-23.1 - admin 2007-10-24 16:55:46.1 - NTFSx86
Microsoft Windows XP Professional5.1.2600.2.1250.1.1045.18.431 [GMT 2:00]
Running from: Cocuments and SettingsadminPulpitComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

Cocuments and SettingsadminDane aplikacjiinst.exe
C:WINDOWSsystem32_003999_.tmp.dll
C:WINDOWSsystem32_004001_.tmp.dll

.
((((((((((((((((((((((((( Files Created from 2007-09-24 to 2007-10-24)))))))))))))))))))))))))))))))
.

2007-10-24 16:54 51,200 --a------ C:WINDOWSNirCmd.exe
2007-10-22 23:52 <DIR> d-------- Crogram FilesKalendarz XP
2007-10-11 17:11 <DIR> d-------- Cocuments and SettingsadminDane aplikacjiGRETECH
2007-10-11 17:10 <DIR> d-------- Crogram FilesGRETECH
2007-10-10 19:35 584,192 -----c--- C:WINDOWSsystem32dllcacherpcrt4.dll
2007-10-10 19:27 <DIR> d-------- Crogram FilesWindows Media Connect 2
2007-10-10 19:25 <DIR> d-------- C:WINDOWSsystem32LogFiles
2007-10-10 19:25 <DIR> d-------- C:WINDOWSsystem32driversUMDF
2007-10-09 10:58 <DIR> d-------- Cocuments and SettingsadminDane aplikacjiDealio
2007-10-09 10:57 <DIR> d-------- Crogram FilesFree Audio Pack
2007-10-09 10:57 141,312 --a------ C:WINDOWSsystem32MSCMCFR.DLL
2007-10-09 10:57 119,568 --a------ C:WINDOWSsystem32VB6FR.DLL
2007-10-09 10:57 101,888 --a------ C:WINDOWSsystem32VB6STKIT.DLL
2007-10-09 10:57 59,904 --a------ C:WINDOWSsystem32Mscc2fr.dll
2007-10-09 10:57 32,768 --a------ C:WINDOWSsystem32CMDLGFR.DLL
2007-10-09 10:57 21,504 --a------ C:WINDOWSsystem32TABCTFR.DLL
2007-10-09 10:57 15,360 --a------ C:WINDOWSsystem32inetfr.DLL
2007-10-08 17:48 <DIR> d-------- Cocuments and SettingsDefault UserDane aplikacjiDesperate Housewives
2007-10-08 17:48 <DIR> d-------- Cocuments and SettingsadminDane aplikacjiDesperate Housewives
2007-10-08 17:48 98,304 --a------ C:WINDOWSsystem32CmdLineExt.dll
2007-10-08 17:39 <DIR> d-------- Crogram FilesBuena Vista Games
2007-10-07 19:57 <DIR> d-------- C:WINDOWSsystem32Smsung PC Studio Codecs
2007-10-07 19:57 <DIR> d-------- C:WINDOWSsystem32Samsung
2007-10-07 19:57 <DIR> d-------- Crogram FilesSamsung
2007-10-07 19:57 84,512 --a------ C:WINDOWSsystem32driversss_mdm.sys
2007-10-07 19:57 52,384 --a------ C:WINDOWSsystem32driversss_bus.sys
2007-10-07 19:57 6,080 --a------ C:WINDOWSsystem32driversss_cmnt.sys
2007-10-07 19:57 6,080 --a------ C:WINDOWSsystem32driversss_cm.sys
2007-10-07 19:57 6,064 --a------ C:WINDOWSsystem32driversss_mdfl.sys
2007-10-07 19:57 5,744 --a------ C:WINDOWSsystem32driversss_whnt.sys
2007-10-07 19:57 5,744 --a------ C:WINDOWSsystem32driversss_wh.sys
2007-10-07 18:03 <DIR> d-------- Crogram FilesBearShare Applications
2007-10-01 19:08 <DIR> d-------- Crogram FilesVSO
2007-10-01 19:08 <DIR> d-------- Cocuments and SettingsadminDane aplikacjiVso
2007-10-01 19:08 217,127 --a------ C:WINDOWSsystem32drv43260.dll
2007-10-01 19:08 208,935 --a------ C:WINDOWSsystem32drv33260.dll
2007-10-01 19:08 176,165 --a------ C:WINDOWSsystem32drv23260.dll
2007-10-01 19:08 47,360 --a------ C:WINDOWSsystem32driverspcouffin.sys
2007-10-01 19:08 47,360 --a------ Cocuments and SettingsadminDane aplikacjipcouffin.sys
2007-09-30 23:36 <DIR> d-------- Cocuments and SettingsadminDane aplikacjiDroppix
2007-09-30 23:36 1,012,736 --a------ C:WINDOWSsystem32vorbis.dll
2007-09-30 23:36 462,848 --a------ C:WINDOWSsystem32HHActiveX.dll
2007-09-30 23:36 12,800 --a------ C:WINDOWSsystem32ogg.dll
2007-09-30 23:35 <DIR> d-------- Crogram FilesCommon FilesLightScribe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-24 15:01 11,726,880 --sha-w C:WINDOWSsystem32driversfidbox.dat
2007-10-24 14:59 141,488 --sha-w C:WINDOWSsystem32driversfidbox.idx
2007-10-21 20:49 --------- d-----w Crogram Filesa-squared Free
2007-10-19 04:55 --------- d-----w Crogram FilesSpywareBlaster
2007-10-13 20:12 --------- d-----w Crogram FilesGadu-Gadu
2007-10-13 18:15 --------- d-----w Crogram FilesNative Instruments
2007-10-08 15:38 --------- d--h--w Crogram FilesInstallShield Installation Information
2007-10-07 15:31 --------- d-----w Crogram FileseMule
2007-10-06 15:40 --------- d-----w Crogram FilesDigimaxReader Eng
2007-09-30 22:02 --------- d-----w Crogram FilesWinamp
2007-09-23 10:17 --------- d-----w Crogram FilesGoogle
2007-09-22 18:46 --------- d-----w Cocuments and SettingsadminDane aplikacjiReallusion
2007-09-22 16:38 --------- d-----w Crogram FilesSereneScreen
2007-09-22 15:58 --------- d-----w Crogram FilesBitSpirit
2007-09-21 15:55 --------- d-----w Crogram FilesG DATA Software
2007-09-09 16:33 --------- d-----w Crogram FilesGrupa IMAGE
2007-09-06 14:14 75,248 ----a-w C:WINDOWSzllsputility.exe
2007-08-29 20:35 --------- d-----w Cocuments and SettingsadminDane aplikacjiBitSpirit
2007-08-28 14:13 --------- d-----w Cocuments and SettingsadminDane aplikacjiAdobeUM
2007-08-25 22:45 --------- d-----w Crogram FilesAres
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
"NvCplDaemon"="C:WINDOWSSystem32NvCpl.dll" [2006-06-12 16:11]
"nwiz"="nwiz.exe" [2006-06-12 16:11 C:WINDOWSsystem32nwiz.exe]
"NvMediaCenter"="C:WINDOWSSystem32NvMcTray.dll" [2006-06-12 16:11]
"RTHDCPL"="RTHDCPL.EXE" [2006-08-16 11:23 C:WINDOWSRTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-08-16 11:21 C:WINDOWSSkyTel.exe]
"AzMixerSel"="Crogram FilesRealtekInstallShieldAzMixerSel.exe" [2006-08-16 11:20]
"SynTPEnh"="Crogram FilesSynapticsSynTPSynTPEnh.exe" [2006-03-03 13:07]
"EOUApp"="Crogram FilesIntelWirelessBinEOUWiz.exe" [2006-04-14 11:56]
"avgnt"="Crogram FilesAntiVir PersonalEdition Classicavgnt.exe" [2007-10-10 21:08]
"ZoneAlarm Client"="Crogram FilesZone LabsZoneAlarmzlclient.exe" [2007-09-06 16:14]
"RegistryMechanic"="" []
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 00:44 C:WINDOWSsystem32bthprops.cpl]

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
"CTFMON.EXE"="C:WINDOWSsystem32ctfmon.exe" [2004-08-04 00:44]
"ares"="Crogram FilesAresAres.exe" [2007-05-15 00:37]
"SpybotSD TeaTimer"="Crogram FilesSpybot - Search & DestroyTeaTimer.exe" [2007-08-31 16:46]
"SMSystemAnalyzer"="Crogram FilesioloSystem Mechanic 6SMSystemAnalyzer.exe" [2006-12-20 12:38]
"OM2_Monitor"="Crogram FilesOLYMPUSOLYMPUS Master 2MMonitor.exe" [2007-02-08 20:43]

R0 avgntmgr;avgntmgr;C:WINDOWSsystem32DRIVERSavgntmgr.sys
R0 FO_PAnt;FotoOffice VirtualDisc Driver;C:WINDOWSsystem32DriversFO_PAnt.sys
R1 avgntdd;avgntdd;C:WINDOWSsystem32DRIVERSavgntdd.sys
R3 DKbFltr;Dritek Keyboard Filter Driver;C:WINDOWSsystem32DRIVERSDKbFltr.sys
R3 EMSCR;EMSCR;C:WINDOWSsystem32DRIVERSEMS7SK.sys
R3 ESDCR;ESDCR;C:WINDOWSsystem32DRIVERSESD7SK.sys
R3 ESMCR;ESMCR;C:WINDOWSsystem32DRIVERSESM7SK.sys
S3 ICScsiSV;Image Converter SCSI Service;Crogram FilesSonyIMAGE CONVERTER 3ICScsiSV.exe
S3 IcVzMonLauncher;IcVzMonLauncher;"Crogram FilesSonyIMAGE CONVERTER 3IcVzMonLauncher.exe"
S3 Image Converter video recording monitor for VAIO Entertainment;Image Converter video recording monitor for VAIO Entertainment;Crogram FilesSonyIMAGE CONVERTER 3IcVzMon.exe
S3 ss_bus;Samsung Mobile USB Device 1.0 driver (WDM);C:WINDOWSsystem32DRIVERSss_bus.sys
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:WINDOWSsystem32DRIVERSss_mdfl.sys
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:WINDOWSsystem32DRIVERSss_mdm.sys


[HKEY_LOCAL_MACHINEsoftwaremicrosoftactive setupinstalled components{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"Crogram FilesCommon FilesLightScribeLSRunOnce.exe"
.
Contents of the ''Scheduled Tasks'' folder
"2007-10-17 18:50:01 C:WINDOWSTasksAppleSoftwareUpdate.job"
.
**************************************************************************

catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

[Aby zobaczyć linki, zarejestruj się tutaj]

Rootkit scan 2007-10-24 17:01:26
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-24 17:02:12 - machine was rebooted
.
--- E O F ---
[code:1]

a tu ok[/code:1]

Cytat: Cocuments and SettingsadminDane aplikacjiDealio
Crogram FilesBearShare Applications

Skasuj te foldery ręcznie z dysku. Zainstaluj wersją LiteBearshara