proszę o sprawdzenie loga,kompa mi muli

29 lipca 2007

Witam wszystkich,to mój pierwszy post,proszę o sprawdzenie logów

Logfile of HijackThis v1.99.1

Scan saved at 17:14:31, on 2007-07-29

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:WINDOWSSystem32smss.exe

C:WINDOWSsystem32winlogon.exe

C:WINDOWSsystem32services.exe

C:WINDOWSsystem32lsass.exe

C:WINDOWSsystem32svchost.exe

C:WINDOWSSystem32svchost.exe

C:WINDOWSsystem32spoolsv.exe

C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe

C:Program FilesAlwil SoftwareAvast4ashServ.exe

C:Program FilesavmwlanstickWlanNetService.exe

C:Program FilesIVT CorporationBlueSoleilBTNtService.exe

C:Program FilesCommon FilesLightScribeLSSrvc.exe

C:WINDOWSExplorer.EXE

C:WINDOWSSystem32svchost.exe

C:WINDOWSsystem32MsPMSPSv.exe

C:WINDOWSAGRSMMSG.exe

C:Program FilesSynapticsSynTPSynTPLpr.exe

C:Program FilesSynapticsSynTPSynTPEnh.exe

C:PROGRA~1ALWILS~1Avast4ashDisp.exe

C:WINDOWSsystem32BtUsrBdg.exe

C:Program Filesavmwlanstickwlangui.exe

C:Program FilesRestore DesktopRestoreDesktop.exe

C:Program FilesGadu-Gadugg.exe

C:Program FileseMuleemule.exe

C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe

C:Program FilesAlwil SoftwareAvast4ashWebSv.exe

D:noweWitajWit2000.exe

C:Program FilesMozilla Firefoxfirefox.exe

C:Program FilesWinRARWinRAR.exe

C:DOCUME~1KacperUSTAWI~1TempRar$EX00.063HijackThis.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.google.pl/

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Window Title = Neostrada TP

R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:PROGRA~1NEOSTR~1SEARCH~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.6.0_01binssv.dll

O4 - HKLM..Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM..Run: [synTPLpr] C:Program FilesSynapticsSynTPSynTPLpr.exe

O4 - HKLM..Run: [synTPEnh] C:Program FilesSynapticsSynTPSynTPEnh.exe

O4 - HKLM..Run: [avast!] C:PROGRA~1ALWILS~1Avast4ashDisp.exe

O4 - HKLM..Run: [Resume copy] copyfstq.exe /startup

O4 - HKLM..Run: [bTUSRBDG] BtUsrBdg.exe

O4 - HKLM..Run: [AVMWlanClient] C:Program Filesavmwlanstickwlangui.exe

O4 - HKCU..Run: [RestoreDesktop] C:Program FilesRestore DesktopRestoreDesktop.exe

O4 - HKCU..Run: [Gadu-Gadu] "C:Program FilesGadu-Gadugg.exe" /tray

O4 - HKCU..Run: [WITaj!] D:noweWitajWit2000.exe /ikona

O4 - HKCU..Run: [eMuleAutoStart] C:Program FileseMuleemule.exe -AutoStart

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_01binssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_01binssv.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virussca...can_unicode.cab

O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab

O16 - DPF: {5A09E43F-A0A7-4ABF-AF80-11367CF1DC8F} (MainControl Class) - http://mks.com.pl/skaner/SkanerOnline.cab

O16 - DPF: {5F4D3335-3194-4167-85AE-E7325F2695EF} - http://es6-scripts.dlv4.com/binaries/egacc..._1068_em_XP.cab

O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MainControl Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL

O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe (file missing)

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe

O23 - Service: avast! Antivirus - Unknown owner - C:Program FilesAlwil SoftwareAvast4ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:Program FilesAlwil SoftwareAvast4ashWebSv.exe" /service (file missing)

O23 - Service: AVM WLAN Connection Service - AVM Berlin - C:Program FilesavmwlanstickWlanNetService.exe

O23 - Service: BlueSoleil Hid Service - Unknown owner - C:Program FilesIVT CorporationBlueSoleilBTNtService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:Program FilesCommon FilesLightScribeLSSrvc.exe

"Silent Runners.vbs", revision R50, http://www.silentrunners.org/

Operating System: Windows XP SP2

Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:

---------------------------------

HKCUSoftwareMicrosoftWindowsCurrentVersionRun {++}

"RestoreDesktop" = "C:Program FilesRestore DesktopRestoreDesktop.exe" ["Kanex Group, Inc."]

"Gadu-Gadu" = ""C:Program FilesGadu-Gadugg.exe" /tray" ["Gadu-Gadu S.A."]

"WITaj!" = "D:noweWitajWit2000.exe /ikona" ["Haudek"]

"eMuleAutoStart" = "C:Program FileseMuleemule.exe -AutoStart" ["http://www.emule-project.net]

HKLMSoftwareMicrosoftWindowsCurrentVersionRun {++}

"AGRSMMSG" = "AGRSMMSG.exe" ["Agere Systems"]

"SynTPLpr" = "C:Program FilesSynapticsSynTPSynTPLpr.exe" ["Synaptics, Inc."]

"SynTPEnh" = "C:Program FilesSynapticsSynTPSynTPEnh.exe" ["Synaptics, Inc."]

"avast!" = "C:PROGRA~1ALWILS~1Avast4ashDisp.exe" [null data]

"Resume copy" = "copyfstq.exe /startup" [null data]

"BTUSRBDG" = "BtUsrBdg.exe" ["Extended Systems, Inc."]

"AVMWlanClient" = "C:Program Filesavmwlanstickwlangui.exe" ["AVM Berlin"]

HKLMSoftwareMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}(Default) = (no title provided)

-> {HKLM...CLSID} = "SSVHelper Class"

InProcServer32(Default) = "C:Program FilesJavajre1.6.0_01binssv.dll" ["Sun Microsystems, Inc."]

HKLMSoftwareMicrosoftWindowsCurrentVersionShell ExtensionsApproved

"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"

-> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"

InProcServer32(Default) = "deskpan.dll" [file not found]

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"

-> {HKLM...CLSID} = "HyperTerminal Icon Ext"

InProcServer32(Default) = "C:WINDOWSSystem32hticons.dll" ["Hilgraeve, Inc."]

"{2F603045-309F-11CF-9774-0020AFD0CFF6}" = "Synaptics Control Panel"

-> {HKLM...CLSID} = (no title provided)

InProcServer32(Default) = "C:Program FilesSynapticsSynTPSynTPCpl.dll" ["Synaptics, Inc."]

"{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"

-> {HKLM...CLSID} = "avast"

InProcServer32(Default) = "C:Program FilesAlwil SoftwareAvast4ashShell.dll" ["ALWIL Software"]

"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"

-> {HKLM...CLSID} = "Portable Media Devices Menu"

InProcServer32(Default) = "C:WINDOWSSystem32Audiodev.dll" [MS]

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"

-> {HKLM...CLSID} = "WinRAR"

InProcServer32(Default) = "C:Program FilesWinRARrarext.dll" [null data]

"{A4D78B20-6E05-1069-8758-4E73FD83DEAD}" = "QCopy"

-> {HKLM...CLSID} = "QCopy"

InProcServer32(Default) = "dropcpyr.dll" [null data]

"{EF14A54A-4901-4481-8391-3F43FD056479}" = "Restore Desktop Context Menu"

-> {HKLM...CLSID} = "RDShellMenu Class"

InProcServer32(Default) = "C:Program FilesRestore DesktopRestoreDesktop.dll" ["Ganex Group, Inc."]

"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"

-> {HKLM...CLSID} = "RealOne Player Context Menu Class"

InProcServer32(Default) = "C:Program FilesRealRealPlayerrpshell.dll" ["RealNetworks, Inc."]

HKLMSoftwareClassesFoldershellexColumnHandlers

{F9DB5320-233E-11D1-9F84-707F02C10627}(Default) = "PDF Column Info"

-> {HKLM...CLSID} = "PDF Shell Extension"

InProcServer32(Default) = "C:Program FilesAdobeAcrobat 7.0ActiveXPDFShell.dll" ["Adobe Systems, Inc."]

HKLMSoftwareClasses*shellexContextMenuHandlers

avast(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"

-> {HKLM...CLSID} = "avast"

InProcServer32(Default) = "C:Program FilesAlwil SoftwareAvast4ashShell.dll" ["ALWIL Software"]

WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

InProcServer32(Default) = "C:Program FilesWinRARrarext.dll" [null data]

HKLMSoftwareClassesDirectoryshellexContextMenuHandlers

RestoreDesktop(Default) = "{EF14A54A-4901-4481-8391-3F43FD056479}"

-> {HKLM...CLSID} = "RDShellMenu Class"

InProcServer32(Default) = "C:Program FilesRestore DesktopRestoreDesktop.dll" ["Ganex Group, Inc."]

WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

InProcServer32(Default) = "C:Program FilesWinRARrarext.dll" [null data]

HKLMSoftwareClassesFoldershellexContextMenuHandlers

avast(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"

-> {HKLM...CLSID} = "avast"

InProcServer32(Default) = "C:Program FilesAlwil SoftwareAvast4ashShell.dll" ["ALWIL Software"]

WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

InProcServer32(Default) = "C:Program FilesWinRARrarext.dll" [null data]

Group Policies {GPedit.msc branch and setting}:

-----------------------------------------------

Note: detected settings may not have any effect.

HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer

"NoRecentDocsHistory" = (REG_DWORD) hex:0x00000001

{unrecognized setting}

"NoCDBurning" = (REG_DWORD) hex:0x00000001

{unrecognized setting}

HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem

"DisableRegistryTools" = (REG_DWORD) hex:0x00000000

{User Configuration|Administrative Templates|System|

Prevent access to registry editing tools}

HKLMSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem

"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) hex:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Devices: Allow undock without having to log on}

Active Desktop and Wallpaper:

-----------------------------

Active Desktop may be disabled at this entry:

HKCUSoftwareMicrosoftWindowsCurrentVersionExplorerShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:

HKCUSoftwareMicrosoftInternet ExplorerDesktopGeneral

"Wallpaper" = "%APPDATA%IrfanViewIrfanView_Wallpaper.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:

HKCUControl PanelDesktop

"Wallpaper" = "C:Documents and SettingsKacperDane aplikacjiIrfanViewIrfanView_Wallpaper.bmp"

Enabled Screen Saver:

---------------------

HKCUControl PanelDesktop

"SCRNSAVE.EXE" = "C:WINDOWSSystem32ssmypics.scr" [MS]

Enabled Scheduled Tasks:

------------------------

"AE2353DA9288C746" -> launches: "c:docume~1kacperdaneap~1atomdo~1Data Inside Obj.exe" [file not found]

Winsock2 Service Provider DLLs:

-------------------------------

Namespace Service Providers

HKLMSystemCurrentControlSetServicesWinsock2ParametersNameSpace_Catalog5Catalog_E

tries {++}

000000000001LibraryPath = "%SystemRoot%System32mswsock.dll" [MS]

000000000002LibraryPath = "%SystemRoot%System32winrnr.dll" [MS]

000000000003LibraryPath = "%SystemRoot%System32mswsock.dll" [MS]

000000000004LibraryPath = "%SystemRoot%system32wshbth.dll" [MS]

Transport Service Providers

HKLMSystemCurrentControlSetServicesWinsock2ParametersProtocol_Catalog9Catalog_En

ries {++}

0000000000##PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SystemRoot%system32mswsock.dll [MS], 01 - 03, 06 - 25

%SystemRoot%system32rsvpsp.dll [MS], 04 - 05

Toolbars, Explorer Bars, Extensions:

------------------------------------

Explorer Bars

HKLMSoftwareMicrosoftInternet ExplorerExplorer Bars

HKLMSoftwareClassesCLSID{01002DB2-8170-4D9B-A8B1-DDC9DD114E03}(Default) = "Volet Wanadoo"

Implemented Categories{00021494-0000-0000-C000-000000000046} [horizontal bar]

InProcServer32(Default) = "C:PROGRA~1NEOSTR~1audienceaudience.dll" [empty string]

HKLMSoftwareClassesCLSID{3BAF4A27-C764-4E1A-A6F4-62F7A7E5E51C}(Default) = "ToolBand Class"

Implemented Categories{00021494-0000-0000-C000-000000000046} [horizontal bar]

InProcServer32(Default) = "C:PROGRA~1NEOSTR~1audienceaudience.dll" [empty string]

HKLMSoftwareClassesCLSID{5BF498C0-931E-4A4F-B33F-456D07137EAA}(Default) = "Volet Wanadoo"

Implemented Categories{00021494-0000-0000-C000-000000000046} [horizontal bar]

InProcServer32(Default) = "C:PROGRA~1NEOSTR~1audienceaudience.dll" [empty string]

Extensions (Tools menu items, main toolbar menu buttons)

HKLMSoftwareMicrosoftInternet ExplorerExtensions

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}

"MenuText" = "Sun Java Console"

"CLSIDExtension" = "{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}"

-> {HKCU...CLSID} = "Java Plug-in 1.6.0_01"

InProcServer32(Default) = "C:Program FilesJavajre1.6.0_01binssv.dll" ["Sun Microsystems, Inc."]

-> {HKLM...CLSID} = "Java Plug-in 1.6.0_01"

InProcServer32(Default) = "C:Program FilesJavajre1.6.0_01binnpjpi160_01.dll" ["Sun Microsystems, Inc."]

{FB5F1910-F110-11D2-BB9E-00C04F795683}

"ButtonText" = "Messenger"

"MenuText" = "Windows Messenger"

"Exec" = "C:Program FilesMessengermsmsgs.exe" [MS]

Miscellaneous IE Hijack Points

------------------------------

HKCUSoftwareMicrosoftInternet ExplorerURLSearchHooks

<<H>> "{08C06D61-F1F3-4799-86F8-BE1A89362C85}" = (no title provided)

-> {HKLM...CLSID} = "Search Class"

InProcServer32(Default) = "C:PROGRA~1NEOSTR~1SEARCH~1.DLL" [empty string]

Running Services (Display Name, Service Name, Path {Service DLL}):

------------------------------------------------------------------

avast! Antivirus, avast! Antivirus, ""C:Program FilesAlwil SoftwareAvast4ashServ.exe"" [null data]

avast! iAVS4 Control Service, aswUpdSv, ""C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe"" [null data]

avast! Mail Scanner, avast! Mail Scanner, ""C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe" /service" ["ALWIL Software"]

avast! Web Scanner, avast! Web Scanner, ""C:Program FilesAlwil SoftwareAvast4ashWebSv.exe" /service" ["ALWIL Software"]

AVM WLAN Connection Service, AVM WLAN Connection Service, "C:Program FilesavmwlanstickWlanNetService.exe" ["AVM Berlin"]

BlueSoleil Hid Service, BlueSoleil Hid Service, "C:Program FilesIVT CorporationBlueSoleilBTNtService.exe" [null data]

Bluetooth Support Service, BthServ, "C:WINDOWSsystem32svchost.exe -k bthsvcs" {"C:WINDOWSSystem32bthserv.dll" [MS]}

LightScribeService Direct Disc Labeling Service, LightScribeService, ""C:Program FilesCommon FilesLightScribeLSSrvc.exe"" ["Hewlett-Packard Company"]

Windows User Mode Driver Framework, UMWdf, "C:WINDOWSSystem32wdfmgr.exe" [MS]

WMDM PMSP Service, WMDM PMSP Service, "C:WINDOWSsystem32MsPMSPSv.exe" [MS]

----------

<<H>>: Suspicious data at a browser hijack point.

+ This report excludes default entries except where indicated.

+ To see *everywhere* the script checks and *everything* it finds,

launch it from a command prompt or a shortcut with the -all parameter.

+ To search all directories of local fixed drives for DESKTOP.INI

DLL launch points, use the -supp parameter or answer "No" at the

first message box and "Yes" at the second message box.

---------- (total run time: 45 seconds, including 2 seconds for message boxes)

Z góry dziękuję za wszelkie sugestie

29 lipca 2007

Znasz tą aplikację i kontrolkę?

C:WINDOWSsystem32BtUsrBdg.exe
O16 - DPF: {5F4D3335-3194-4167-85AE-E7325F2695EF} - http://es6-scripts.dlv4.c..._1068_em_XP.cab

Wklej log z ComboFix.

29 lipca 2007

tą aplikację znam a nie wiem czy dobry log wkleiłem z tego Combo Fix

2006-11-24 00:00	  11516	--a------	C:QooboxQuarantineCProgram FilesInstant AccessDialer237338673www.bestofmp3.bizpdvpv01imagesa4.gif.vir2006-11-24 00:00	  1152	--a------	C:QooboxQuarantineCProgram FilesInstant AccessDialer237338673es6-scripts.dlv4.comcustom4239ENbutton1.gif.vir2006-11-24 00:00	  11958	--a------	C:QooboxQuarantineCProgram FilesInstant AccessDialer237338673es6-external-api.dlv4.comjs14e4490a1eb84644e91eadc62ccb1a01.vir2006-11-24 00:00	  1368	--a------	C:QooboxQuarantineCProgram FilesInstant AccessDialer237338673es6-scripts.dlv4.comcustom4239ENbutton4.gif.vir2006-11-24 00:00	  1371	--a------	C:QooboxQuarantineCProgram FilesInstant AccessDialer237338673www.bestofmp3.bizpdvpv01images07.jpg.vir2006-11-24 00:00	  1513	--a------	C:QooboxQuarantineCProgram FilesInstant AccessDialer237338673www.bestofmp3.bizpdvpv01images14.jpg.vir2006-11-24 00:00	  2104	--a------	C:QooboxQuarantineCProgram FilesInstant AccessDialer237338673www.bestofmp3.bizpdvpv01images05.jpg.vir2006-11-24 00:00	  2238	--a------	C:QooboxQuarantineCProgram FilesInstant AccessDialer237338673es6-scripts.dlv4.comcustom42394239_dialer.ico.vir2006-11-24 00:00	  2339	--a------	C:QooboxQuarantineCProgram FilesInstant AccessDialer237338673www.bestofmp3.bizpdvpv01images16.jpg.vir2006-11-24 00:00	  2757	--a------	C:QooboxQuarantineCProgram FilesInstant AccessDialer237338673www.bestofmp3.bizpdvpv01images04.jpg.vir2006-11-24 00:00	  3283	--a------	C:QooboxQuarantineCProgram FilesInstant AccessDialer237338673www.bestofmp3.bizpdvpv01images11.jpg.vir2006-11-24 00:00	  3306	--a------	C:QooboxQuarantineCProgram FilesInstant AccessDialer237338673www.bestofmp3.bizpdvpv01imagesa3.gif.vir2006-11-24 00:00	  3380	--a------	C:QooboxQuarantineCProgram FilesInstant AccessDialer237338673www.bestofmp3.bizpdvpv01images08.jpg.vir2006-11-24 00:00	  3503	--a------	C:QooboxQuarantineCProgram FilesInstant AccessDialer237338673www.bestofmp3.bizpdvpv01images10.jpg.vir2006-11-24 00:00	  3598	--a------	C:QooboxQuarantineCProgram FilesInstant AccessDialer237338673www.bestofmp3.bizpdvpv01images09.jpg.vir2006-11-24 00:00	  42	--a------	C:QooboxQuarantineCProgram FilesInstant AccessDialer237338673www.rapid-pass.nete0e045a14502bfb09f7c22938703e7ca.vir2006-11-24 00:00	  4229	--a------	C:QooboxQuarantineCProgram FilesInstant AccessDialer237338673www.bestofmp3.bizpdvpv01images13.jpg.vir2006-11-24 00:00	  42449	--a------	C:QooboxQuarantineCProgram FilesInstant AccessDialer237338673www.bestofmp3.bizpdvpv01imagesa1.gif.vir2006-11-24 00:00	  4891	--a------	C:QooboxQuarantineCProgram FilesInstant AccessDialer237338673www.bestofmp3.bizpdvpv01images17.jpg.vir2006-11-24 00:00	  5370	--a------	C:QooboxQuarantineCProgram FilesInstant AccessDialer237338673www.bestofmp3.bizpdvpv01images01.jpg.vir2006-11-24 00:00	  598	--a------	C:QooboxQuarantineCProgram FilesInstant AccessCenterSevenline.upd.vir2006-11-24 00:00	  6590	--a------	C:QooboxQuarantineCProgram FilesInstant AccessDialer237338673www.bestofmp3.bizpdvpv01images03.jpg.vir2006-11-24 00:00	  667	--a------	C:QooboxQuarantineCProgram FilesInstant AccessDialer237338673es6-scripts.dlv4.comcustom4239ENbutton2.gif.vir2006-11-24 00:00	  703	--a------	C:QooboxQuarantineCProgram FilesInstant AccessDialer237338673www.bestofmp3.bizpdvpv01images15.jpg.vir2006-11-24 00:00	  711	--a------	C:QooboxQuarantineCProgram FilesInstant AccessDialer237338673www.bestofmp3.bizpdvpv01images02.jpg.vir2006-11-24 00:00	  796	--a------	C:QooboxQuarantineCProgram FilesInstant AccessDialer237338673es6-scripts.dlv4.comcustom4239ENbutton3.gif.vir2006-11-24 00:00	  8214	--a------	C:QooboxQuarantineCProgram FilesInstant AccessDialer237338673www.bestofmp3.bizpdvpv01imagesa2.gif.vir2006-11-24 00:00	  879	--a------	C:QooboxQuarantineCProgram FilesInstant AccessDialer237338673www.bestofmp3.bizpdvpv01images06.jpg.vir2006-11-24 00:00	  9043	--a------	C:QooboxQuarantineCProgram FilesInstant AccessDialer237338673www.bestofmp3.bizpdvpv01images12.jpg.vir2006-11-24 00:01	  19298	--a------	C:QooboxQuarantineCProgram FilesInstant AccessDialer237338673es6-scripts.dlv4.comCommon949ae5636a4a4d8e483ec5c380b6541c.html.vir2006-11-24 00:01	  1987	--a------	C:QooboxQuarantineCProgram FilesInstant AccessCenterIconsSevenline.lnk.vir2006-11-24 00:01	  5481	--a------	C:QooboxQuarantineCProgram FilesInstant AccessDialer237338673www.bestofmp3.biz7ba7bdeba4058b9d204ebc9bdc8ee39f.html.vir2006-12-18 09:32	  1078	--a------	C:QooboxQuarantineCProgram FilesInstant AccessCentertray1.ico.vir2006-12-18 22:57	  1152	--a------	C:QooboxQuarantineCProgram FilesInstant AccessMulti20061123231120mediasbutton1.gif.vir2006-12-18 22:57	  11954	--a------	C:QooboxQuarantineCProgram FilesInstant AccessMulti20061123231120jsjs_api_dialer.php.vir2006-12-18 22:57	  1368	--a------	C:QooboxQuarantineCProgram FilesInstant AccessMulti20061123231120mediasbutton4.gif.vir2006-12-18 22:57	  155947	--a------	C:QooboxQuarantineCProgram FilesInstant AccessMulti20061123231120instant access.exe.vir2006-12-18 22:57	  18319	--a------	C:QooboxQuarantineCProgram FilesInstant AccessMulti20061123231120Commonmodule.php.vir2006-12-18 22:57	  1895	--a------	C:QooboxQuarantineCProgram FilesInstant AccessDesktopIconsSevenline.lnk.vir2006-12-18 22:57	  1965	--a------	C:QooboxQuarantineCProgram FilesInstant AccessCenterSevenline.lnk.vir2006-12-18 22:57	  2238	--a------	C:QooboxQuarantineCProgram FilesInstant AccessMulti20061123231120medias4239_dialer.ico.vir2006-12-18 22:57	  667	--a------	C:QooboxQuarantineCProgram FilesInstant AccessMulti20061123231120mediasbutton2.gif.vir2006-12-18 22:57	  776	--a------	C:QooboxQuarantineCProgram FilesInstant AccessMulti20061123231120dialerexe.ini.vir2006-12-18 22:57	  776	--a------	C:QooboxQuarantineCWINDOWSdialerexe.ini.vir2006-12-18 22:57	  796	--a------	C:QooboxQuarantineCProgram FilesInstant AccessMulti20061123231120mediasbutton3.gif.vir2006-12-23 20:22	  0	--a------	C:QooboxQuarantineCWINDOWSsystem32.exe.vir2007-01-12 22:00	  18031	--a------	C:QooboxQuarantineCProgram FilesOuterinfoTerms.rtf.vir2007-03-06 17:59	  34494	--a------	C:QooboxQuarantineCProgram FilesOuterinfoouterinfo.ico.vir2007-05-16 21:53	  141064	--a------	C:QooboxQuarantineCProgram FilesOuterinfoOiUninstaller.exe.vir2007-07-09 21:44	  66824	--a------	C:QooboxQuarantineCProgram FilesOuterinfoOinUninstall.exe.virZmienna PATH folderuNumer seryjny woluminu: 5842-1F60C:QOOBOX---Quarantine	+---C	|   +---Program Files	|   |   +---Instant Access	|   |   |   +---Center	|   |   |   |   |   Sevenline.lnk.vir	|   |   |   |   |   Sevenline.upd.vir	|   |   |   |   |   tray1.ico.vir	|   |   |   |   |   	|   |   |   |   ---Icons	|   |   |   |		   Sevenline.lnk.vir	|   |   |   |		   	|   |   |   +---DesktopIcons	|   |   |   |	   Sevenline.lnk.vir	|   |   |   |	   	|   |   |   +---Dialer	|   |   |   |   ---237338673	|   |   |   |	   +---es6-external-api.dlv4.com	|   |   |   |	   |   ---js	|   |   |   |	   |		   14e4490a1eb84644e91eadc62ccb1a01.vir	|   |   |   |	   |		   	|   |   |   |	   +---es6-scripts.dlv4.com	|   |   |   |	   |   +---Common	|   |   |   |	   |   |	   949ae5636a4a4d8e483ec5c380b6541c.html.vir	|   |   |   |	   |   |	   	|   |   |   |	   |   ---custom	|   |   |   |	   |	   ---4239	|   |   |   |	   |		   |   4239_dialer.ico.vir	|   |   |   |	   |		   |   	|   |   |   |	   |		   ---EN	|   |   |   |	   |				   button1.gif.vir	|   |   |   |	   |				   button2.gif.vir	|   |   |   |	   |				   button3.gif.vir	|   |   |   |	   |				   button4.gif.vir	|   |   |   |	   |				   	|   |   |   |	   +---www.bestofmp3.biz	|   |   |   |	   |   |   7ba7bdeba4058b9d204ebc9bdc8ee39f.html.vir	|   |   |   |	   |   |   	|   |   |   |	   |   ---pdv	|   |   |   |	   |	   ---pv01	|   |   |   |	   |		   ---images	|   |   |   |	   |				   01.jpg.vir	|   |   |   |	   |				   02.jpg.vir	|   |   |   |	   |				   03.jpg.vir	|   |   |   |	   |				   04.jpg.vir	|   |   |   |	   |				   05.jpg.vir	|   |   |   |	   |				   06.jpg.vir	|   |   |   |	   |				   07.jpg.vir	|   |   |   |	   |				   08.jpg.vir	|   |   |   |	   |				   09.jpg.vir	|   |   |   |	   |				   10.jpg.vir	|   |   |   |	   |				   11.jpg.vir	|   |   |   |	   |				   12.jpg.vir	|   |   |   |	   |				   13.jpg.vir	|   |   |   |	   |				   14.jpg.vir	|   |   |   |	   |				   15.jpg.vir	|   |   |   |	   |				   16.jpg.vir	|   |   |   |	   |				   17.jpg.vir	|   |   |   |	   |				   a1.gif.vir	|   |   |   |	   |				   a2.gif.vir	|   |   |   |	   |				   a3.gif.vir	|   |   |   |	   |				   a4.gif.vir	|   |   |   |	   |				   	|   |   |   |	   ---www.rapid-pass.net	|   |   |   |			   e0e045a14502bfb09f7c22938703e7ca.vir	|   |   |   |			   	|   |   |   ---Multi	|   |   |	   ---20061123231120	|   |   |		   |   dialerexe.ini.vir	|   |   |		   |   instant access.exe.vir	|   |   |		   |   	|   |   |		   +---Common	|   |   |		   |	   module.php.vir	|   |   |		   |	   	|   |   |		   +---js	|   |   |		   |	   js_api_dialer.php.vir	|   |   |		   |	   	|   |   |		   ---medias	|   |   |				   4239_dialer.ico.vir	|   |   |				   button1.gif.vir	|   |   |				   button2.gif.vir	|   |   |				   button3.gif.vir	|   |   |				   button4.gif.vir	|   |   |				   	|   |   ---Outerinfo	|   |		   OinUninstall.exe.vir	|   |		   OiUninstaller.exe.vir	|   |		   outerinfo.ico.vir	|   |		   Terms.rtf.vir	|   |		   	|   ---WINDOWS	|	   |   dialerexe.ini.vir	|	   |   	|	   ---system32	|			   .exe.vir	|			   	---Registry_backups

[ Dodano: 2007-07-29, 22:05 ]

chyba to będzie ten log,sorry za pomyłkę ale nie używałem jeszcze tego programu

"Kacper" - 2007-07-29 21:59:33 - ComboFix 07-07-23.6 - Dodatek Service Pack 2 NTFS

((((((((((((((((((((((((( Files Created from 2007-06-28 to 2007-07-29 )))))))))))))))))))))))))))))))

2007-07-29 21:41 51,200 --a------ C:WINDOWSnircmd.exe

2007-07-28 17:14 <DIR> d-------- C:Program Filesilliminable

2007-07-20 20:26 <DIR> d-------- C:Program FilesPlayer Tool

2007-07-20 20:26 <DIR> d-------- C:Program FilesAtomDogSettings

2007-07-20 20:26 <DIR> d-------- C:DOCUME~1ALLUSE~1DANEAP~1soft chic meet great

2007-07-20 20:26 <DIR> d-------- C:DOCUME~1ALLUSE~1DANEAP~1soap thunk lies soft

2007-07-19 18:23 <DIR> d-------- C:Program FilesSony Handheld

2007-07-18 20:47 <DIR> d-------- C:Program FilesSony

2007-07-09 22:21 <DIR> d-------- C:Program FilesAVM_update

2007-07-09 06:05 <DIR> d-------- C:WINDOWSAVM_Driver

2007-07-09 06:05 <DIR> d-------- C:DOCUME~1KacperAVM_Driver

2007-07-08 18:45 <DIR> d-------- C:Program Filesavmwlanstick

2007-07-08 18:44 97,360 --a------ C:WINDOWSsystem32driversFwusb1b.bin

2007-07-08 18:44 74,240 --a------ C:WINDOWSsystem32fwlanci.dll

2007-07-08 18:44 265,088 --a------ C:WINDOWSsystem32driversfwlanusb.sys

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-29 19:50:33 -------- d-----w C:Program FileseMule

2007-07-25 15:20:50 -------- d-----w C:DOCUME~1KacperDANEAP~1Skype

2007-07-24 18:10:07 -------- d-----w C:Program FilesSkanerOnline

2007-07-20 18:52:09 -------- d-----w C:Program FilesReal

2007-07-19 20:43:54 -------- d-----w C:Program FilesCommon FilesLightScribe

2007-07-18 19:31:05 -------- d-----w C:Program FilesMozilla Thunderbird

2007-07-18 18:50:19 -------- d-----w C:Program FilesMicrosoft ActiveSync

2007-07-18 18:47:28 -------- d--h--w C:Program FilesInstallShield Installation Information

2007-07-10 12:28:53 65,056 ----a-w C:WINDOWSsystem32perfc015.dat

2007-07-10 12:28:53 383,476 ----a-w C:WINDOWSsystem32perfh015.dat

2007-06-27 17:39:36 -------- d-----w C:DOCUME~1KacperDANEAP~1MSN6

2007-06-22 14:01:16 -------- d-----w C:DOCUME~1KacperDANEAP~1DivX

2007-06-21 20:24:40 8,864 ----a-w C:WINDOWSsystem32driversCDAC15BA.SYS

2007-06-21 20:22:47 -------- d-----w C:Program FilesGrundig

2007-06-20 20:07:07 -------- d-----w C:Program FilesGadu-Gadu

2007-06-20 18:35:34 -------- d-----w C:Program FilesRegCleaner

2007-06-13 18:51:30 -------- d-----w C:Program FilesDivX

2007-06-13 18:41:06 -------- d-----w C:Program FilesIrfanView

2007-06-12 18:23:00 -------- d-----w C:Program FilesNeostrada TP

2007-06-10 18:44:45 -------- d-----w C:Program FilesVAG-COM-PL

2007-05-31 13:55:12 716 ----a-w C:BOWLDA.DAT

2007-05-31 06:45:07 524,288 ----a-w C:WINDOWSsystem32DivXsm.exe

2007-05-31 06:44:55 823,296 ----a-w C:WINDOWSsystem32divx_xx07.dll

2007-05-31 06:44:54 823,296 ----a-w C:WINDOWSsystem32divx_xx0c.dll

2007-05-31 06:44:54 802,816 ----a-w C:WINDOWSsystem32divx_xx11.dll

2007-05-31 06:44:54 740,442 ----a-w C:WINDOWSsystem32DivX.dll

1999-03-11 19:11:06 18,135 ------w C:Program FilesErrcode4.cs_

1999-03-11 15:50:52 45,227 ------w C:Program FilesVwtool.ex_

1999-03-11 11:52:02 9,239 ------w C:Program FilesDataview.ex_

1999-02-02 12:51:52 15,520 ------w C:Program FilesLabels.cs_

1997-08-08 08:38:54 14,801 ------w C:Program FilesSetup1.ex_

1997-08-08 08:37:04 51 ------w C:Program FilesSetup.lst

1997-06-25 18:21:30 3,356 ------w C:Program FilesConfigvw.ex_

1997-05-09 09:56:36 882 ------w C:Program FilesCapture.da_

1997-05-09 09:04:52 874 ------w C:Program FilesSample.da_

1997-05-09 08:48:06 65 ------w C:Program FilesVwtool.in_

1995-04-25 07:37:56 5,885 ------w C:Program FilesHitime1.vb_

1993-11-01 01:11:00 9,696 ------w C:Program FilesVer.dl_

1993-11-01 01:11:00 54,547 ------w C:Program FilesCommdlg.dl_

1993-11-01 01:11:00 23,670 ------w C:Program FilesDdeml.dl_

1993-05-12 10:21:50 14,788 ------w C:Program FilesMscomm.vb_

1993-05-11 22:00:00 276,684 ------w C:Program FilesVbrun300.dl_

1993-04-27 22:00:00 33,649 ------w C:Program FilesThreed.vb_

1993-04-27 22:00:00 3,657 ------w C:Program FilesSetupkit.dl_

1993-04-27 22:00:00 10,978 ------w C:Program FilesSpin.vb_

1993-04-27 22:00:00 10,865 ------w C:Program FilesCmdialog.vb_

1991-11-29 15:31:00 73,950 ------w C:Program FilesQpro.dl_

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]

"AGRSMMSG"="AGRSMMSG.exe" [2003-11-20 01:41 C:WINDOWSAGRSMMSG.exe]

"SynTPLpr"="C:Program FilesSynapticsSynTPSynTPLpr.exe" [2004-10-08 08:44]

"SynTPEnh"="C:Program FilesSynapticsSynTPSynTPEnh.exe" [2004-10-08 08:43]

"avast!"="C:PROGRA~1ALWILS~1Avast4ashDisp.exe" [2006-09-25 18:42]

"Resume copy"="copyfstq.exe" [2006-11-11 22:27 C:WINDOWScopyfstq.exe]

"BTUSRBDG"="BtUsrBdg.exe" [2003-11-05 23:21 C:WINDOWSsystem32BtUsrBdg.exe]

"AVMWlanClient"="C:Program Filesavmwlanstickwlangui.exe" [2006-12-28 01:02]

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]

"RestoreDesktop"="C:Program FilesRestore DesktopRestoreDesktop.exe" [2003-03-11 10:52]

"Gadu-Gadu"="C:Program FilesGadu-Gadugg.exe" [2006-10-10 17:51]

"WITaj!"="D:noweWitajWit2000.exe" [2002-12-30 00:09]

"eMuleAutoStart"="C:Program FileseMuleemule.exe" [2007-05-13 16:57]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem]

"SynchronousMachineGroupPolicy"=1 (0x1)

"SynchronousUserGroupPolicy"=1 (0x1)

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]

"NoRecentDocsHistory"=1 (0x1)

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk]

path=C:Documents and SettingsAll UsersMenu StartProgramyAutostartAdobe Reader Speed Launch.lnk

backup=C:WINDOWSpssAdobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Utility Tray.lnk]

path=C:Documents and SettingsAll UsersMenu StartProgramyAutostartUtility Tray.lnk

backup=C:WINDOWSpssUtility Tray.lnkCommon Startup

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregRestore Desktop]

"C:Program FilesRestore DesktopRestore Desktop.exe"

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSoundMan]

SOUNDMAN.EXE

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSpybotSD TeaTimer]

C:Program FilesSpybot - Search & DestroyTeaTimer.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregTomTomHOME.exe]

"C:Program FilesTomTom HOMETomTomHOME.exe" -s

R0 BTHidMgr;Bluetooth HID Manager Service;C:WINDOWSsystem32DriversBTHidMgr.sys

R1 NetBT;NetBios przez TCP/IP;C:WINDOWSsystem32DRIVERSnetbt.sys

R2 BlueSoleil Hid Service;BlueSoleil Hid Service;C:Program FilesIVT CorporationBlueSoleilBTNtService.exe

R2 BthServ;Bluetooth Support Service;C:WINDOWSsystem32svchost.exe -k bthsvcs

R2 XPROTECTOR;XPROTECTOR;??C:WINDOWSsystem32driversXPROTECTOR.SYS

R3 BlueletAudio;Bluetooth Audio Service;C:WINDOWSsystem32DRIVERSblueletaudio.sys

R3 BTCOMM;BTCOMM;C:WINDOWSsystem32driversBtcomm.sys

R3 BTHidEnum;Bluetooth HID Enumerator;C:WINDOWSsystem32DRIVERSvbtenum.sys

R3 BTKRNBDG;Bluetooth COM Bridge;C:WINDOWSsystem32DRIVERSbtkrnbdg.sys

R3 dtscsi;dtscsi;C:WINDOWSsystem32Driversdtscsi.sys

R3 FWLANUSB;AVM FRITZ!WLAN;C:WINDOWSsystem32DRIVERSfwlanusb.sys

R3 hidusb;Sterownik Microsoft klasy HID;C:WINDOWSsystem32DRIVERShidusb.sys

R3 ltck000c;Xircom MPCI Modem 56 Driver;C:WINDOWSsystem32DRIVERSltck000c.sys

R3 ROOTMODEM;Microsoft Legacy Modem Driver;C:WINDOWSsystem32DriversRootMdm.sys

R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver;C:WINDOWSsystem32DRIVERSRtnicxp.sys

R3 SynTP;Synaptics TouchPad Driver;C:WINDOWSsystem32DRIVERSSynTP.sys

R3 usbehci;Sterownik Miniport rozszerzonego kontrolera hosta USB 2.0 Microsoft;C:WINDOWSsystem32DRIVERSusbehci.sys

R3 usbhub;Koncentrator z obsugĄ USB2;C:WINDOWSsystem32DRIVERSusbhub.sys

R3 usbohci;Sterownik Miniport otwartego kontrolera hosta USB Microsoft;C:WINDOWSsystem32DRIVERSusbohci.sys

R3 vad_multi;Windigo Virtual Audio Device (WDM);C:WINDOWSsystem32driversvadmulti.sys

R3 VComm;Virtual Serial port driver;C:WINDOWSsystem32DRIVERSVComm.sys

R3 VcommMgr;Bluetooth VComm Manager Service;C:WINDOWSsystem32DriversVcommMgr.sys

S3 alcan5wn;SpeedTouch USB ADSL PPP Networking Driver (NDISWAN);C:WINDOWSsystem32DRIVERSalcan5wn.sys

S3 alcaudsl;SpeedTouch ADSL Modem ATM Transport;C:WINDOWSsystem32DRIVERSalcaudsl.sys

S3 ASFWHide;ASFWHide;??C:DOCUME~1KacperUSTAWI~1TempASFWHide

S3 avmeject;AVM Eject;C:WINDOWSsystem32driversavmeject.sys

S3 BT;Bluetooth PAN Network Adapter;C:WINDOWSsystem32DRIVERSbtnetdrv.sys

S3 Btcsrusb;Bluetooth USB For Bluetooth Service;C:WINDOWSsystem32Driversbtcusb.sys

S3 BthEnum;Sterownik Bluetooth Request Block;C:WINDOWSsystem32DRIVERSBthEnum.sys

S3 BTHMODEM;Sterownik Bluetooth Serial Communications;C:WINDOWSsystem32DRIVERSbthmodem.sys

S3 BthPan;Bluetooth Device (Personal Area Network);C:WINDOWSsystem32DRIVERSbthpan.sys

S3 BTHPORT;Sterownik portu Bluetooth;C:WINDOWSsystem32DriversBTHport.sys

S3 BTHUSB;Sterownik USB odbiornika radiowego Bluetooth;C:WINDOWSsystem32DriversBTHUSB.sys

S3 BTNetFilter;Bluetooth Network Filter;??C:WINDOWSsystem32driversBTNetFilter.sys

S3 CdaC15BA;CdaC15BA;??C:WINDOWSsystem32driversCDAC15BA.SYS

S3 CSRBC01;%CSRBC01.SvcDesc%;C:WINDOWSsystem32Driverscsrbc01.sys

S3 MSIRCOMM;Microsoft IR Communications Driver;C:WINDOWSsystem32DRIVERSMSIRCOMM.sys

S3 NABTSFEC;NABTS/FEC VBI Codec;C:WINDOWSsystem32DRIVERSNABTSFEC.sys

S3 PEEK5;PEEK5 Protocol Driver;??C:DOCUME~1KacperUSTAWI~1TempRar$EX05.922LINKSY~1PEEK5.SYS

S3 RFCOMM;UrzĄdzenie Bluetooth (Protok˘ TDI RFCOMM);C:WINDOWSsystem32DRIVERSrfcomm.sys

S3 SF-620;Kingsun SF-620 USB Infrared Adapter;C:WINDOWSsystem32DRIVERSSF-620.sys

S3 SNPSTD3;USB PC Camera (SNPSTD3);C:WINDOWSsystem32DRIVERSsnpstd3.sys

S3 TVICHW32;TVICHW32;??C:WINDOWSSystem32DRIVERSTVICHW32.SYS

S3 usb2vcom;USB Data Cable;C:WINDOWSsystem32DRIVERSusb2vcom.sys

S3 usbaudio;Sterownik audio USB (WDM);C:WINDOWSsystem32driversusbaudio.sys

S3 usbccgp;Rodzajowy sterownik nadrz©dny USB Microsoft;C:WINDOWSsystem32DRIVERSusbccgp.sys

S3 usbstor;Sterownik magazynu masowego USB;C:WINDOWSsystem32DRIVERSUSBSTOR.SYS

S3 wceusbsh;Windows CE USB Serial Host Driver;C:WINDOWSsystem32DRIVERSwceusbsh.sys

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionsvchost]

bthsvcs BthServ

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{fa3

8860-71ce-11db-9338-00115bed1c05}]

AutoRuncommand- K:InstallTomTomHOME.exe

Contents of the 'Scheduled Tasks' folder

2007-07-29 20:00:00 C:WINDOWStasksAE2353DA9288C746.job

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-07-29 22:00:50

Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorerMenuOrderFavorit

sA151c]

"Order"=hex:08,00,00,00,02,00,00,00,b8,01,00,00,01,00,00,00,04,00,00,00,8c,..

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionShell ExtensionsApproved{D4855B8C-41A1-9C43-BC1C-F40E25A790DB}]

"abkneojnliehombaiddjjphgmainccfjik"=hex:61,61,00,00

"bbkneojnliehombaidiimokhjbjgcfpoinmi"=hex:61,61,00,00

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

Completion time: 2007-07-29 22:01:54

C:ComboFix-quarantined-files.txt ... 2007-07-29 22:01

--- E O F ---

30 lipca 2007

Użyj: http://stopwirusom.pl/index.php?option=com...47&Itemid=4 i zablokuj porty programami WWDC i Seconfig XP. Następnie wklej nowe logi.

30 lipca 2007

zablokowałem te porty oto nowe logi

Logfile of HijackThis v1.99.1

Scan saved at 22:34:09, on 2007-07-30

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:WINDOWSSystem32smss.exe

C:WINDOWSsystem32winlogon.exe

C:WINDOWSsystem32services.exe

C:WINDOWSsystem32lsass.exe

C:WINDOWSsystem32svchost.exe

C:WINDOWSSystem32svchost.exe

C:WINDOWSsystem32spoolsv.exe

C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe

C:Program FilesAlwil SoftwareAvast4ashServ.exe

C:Program FilesavmwlanstickWlanNetService.exe

C:Program FilesIVT CorporationBlueSoleilBTNtService.exe

C:WINDOWSExplorer.EXE

C:Program FilesCommon FilesLightScribeLSSrvc.exe

C:WINDOWSSystem32svchost.exe

C:WINDOWSsystem32MsPMSPSv.exe

C:WINDOWSAGRSMMSG.exe

C:Program FilesSynapticsSynTPSynTPLpr.exe

C:Program FilesSynapticsSynTPSynTPEnh.exe

C:PROGRA~1ALWILS~1Avast4ashDisp.exe

C:WINDOWSsystem32BtUsrBdg.exe

C:Program Filesavmwlanstickwlangui.exe

C:Program FilesRestore DesktopRestoreDesktop.exe

C:Program FilesGadu-Gadugg.exe

D:noweWitajWit2000.exe

C:Program FileseMuleemule.exe

C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe

C:Program FilesAlwil SoftwareAvast4ashWebSv.exe

C:Program FilesWinRARWinRAR.exe

C:DOCUME~1KacperUSTAWI~1TempRar$EX00.016HijackThis.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.google.pl/

R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:PROGRA~1NEOSTR~1SEARCH~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.6.0_01binssv.dll

O4 - HKLM..Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM..Run: [synTPLpr] C:Program FilesSynapticsSynTPSynTPLpr.exe

O4 - HKLM..Run: [synTPEnh] C:Program FilesSynapticsSynTPSynTPEnh.exe

O4 - HKLM..Run: [avast!] C:PROGRA~1ALWILS~1Avast4ashDisp.exe

O4 - HKLM..Run: [Resume copy] copyfstq.exe /startup

O4 - HKLM..Run: [bTUSRBDG] BtUsrBdg.exe

O4 - HKLM..Run: [AVMWlanClient] C:Program Filesavmwlanstickwlangui.exe

O4 - HKCU..Run: [RestoreDesktop] C:Program FilesRestore DesktopRestoreDesktop.exe

O4 - HKCU..Run: [Gadu-Gadu] "C:Program FilesGadu-Gadugg.exe" /tray

O4 - HKCU..Run: [WITaj!] D:noweWitajWit2000.exe /ikona

O4 - HKCU..Run: [eMuleAutoStart] C:Program FileseMuleemule.exe -AutoStart

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_01binssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_01binssv.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe (file missing)