prosze o sprawdzenie loga

[Creative_pp]

Ostatnio mam problemy z myszka! Klikam raz a komp od razy tak jakby wykuwał dwa razy i gdzie nie klikne to od razu otwiera mi sie 100 razy okno i czy inne takei przypadki! Nie jest to napewno nic w ustawieniach czułosci bo tam nic nie zmieniał ( z reszta sprawdzałem to i wszytsko jest tak jak byc powinno)

Log:

Logfile of HijackThis v1.99.1
Scan saved at 15:31:55, on 2007-05-29
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\oodtray.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Opera\Opera.exe
C:\Documents and Settings\Administrator\Pulpit\hijackthis_199\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 193.219.28.144:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: acibar toolbar - {ea443796-0ffa-44aa-9dcb-58ff72bb6db7} - C:\Program Files\acibar\tbacib.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: acibar toolbar - {ea443796-0ffa-44aa-9dcb-58ff72bb6db7} - C:\Program Files\acibar\tbacib.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: acibar toolbar - {ea443796-0ffa-44aa-9dcb-58ff72bb6db7} - C:\Program Files\acibar\tbacib.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
O4 - HKCU\..\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - Startup: Rejestrowanie produktów Corela.lnk = C:\Program Files\Corel\Graphics9\Register\Remind32.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5A09E43F-A0A7-4ABF-AF80-11367CF1DC8F} (MainControl Class) - http://mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MainControl Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,4956/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E64D1917-F60F-44CE-8B76-B129D969FB00}: NameServer = 194.204.159.1,194.204.152.34
O17 - HKLM\System\CCS\Services\Tcpip\..\{FFE1A0A6-1D10-49BF-95DE-040BBE6C64C3}: NameServer = 213.172.186.4,213.172.186.5
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lmab_device - Unknown owner - C:\WINDOWS\system32\LMabcoms.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

[wojtas]

na kasacje:

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

znasz to jesli nie usun plik pogruiobny i wpisy

R3 - URLSearchHook: acibar toolbar - {ea443796-0ffa-44aa-9dcb-58ff72bb6db7} - C:\Program Files\acibar\tbacib.dll
O2 - BHO: acibar toolbar - {ea443796-0ffa-44aa-9dcb-58ff72bb6db7} - C:\Program Files\acibar\tbacib.dll

[Creative_pp]

znasz to

toolbar organizacji antycheterskiej

[wojtas]

w logu nic nie ma daj loga z

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

[Creative_pp]

LOG kontrolny

Logfile of HijackThis v1.99.1
Scan saved at 19:23:08, on 2007-05-29
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Opera\Opera.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Administrator\Pulpit\hijackthis_199\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 193.219.28.144:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: acibar toolbar - {ea443796-0ffa-44aa-9dcb-58ff72bb6db7} - C:\Program Files\acibar\tbacib.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: acibar toolbar - {ea443796-0ffa-44aa-9dcb-58ff72bb6db7} - C:\Program Files\acibar\tbacib.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
O4 - HKCU\..\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - Startup: Rejestrowanie produktów Corela.lnk = C:\Program Files\Corel\Graphics9\Register\Remind32.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5A09E43F-A0A7-4ABF-AF80-11367CF1DC8F} (MainControl Class) - http://mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MainControl Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,4956/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E64D1917-F60F-44CE-8B76-B129D969FB00}: NameServer = 194.204.159.1,194.204.152.34
O17 - HKLM\System\CCS\Services\Tcpip\..\{FFE1A0A6-1D10-49BF-95DE-040BBE6C64C3}: NameServer = 213.172.186.4,213.172.186.5
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lmab_device - Unknown owner - C:\WINDOWS\system32\LMabcoms.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

i jeszcze Silent Runners

"Silent Runners.vbs", revision 49, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"Komunikator" = "C:\Program Files\Tlen.pl\tlen.exe" [file not found]
"Twoje TVN24" = "(empty string)" [file not found]
"(Default)" = "(empty string)" [file not found]
"Gadu-Gadu" = ""C:\Program Files\Gadu-Gadu\gg.exe" /tray" ["Gadu-Gadu S.A."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"Cmaudio" = "RunDll32 cmicnfg.cpl,CMICtrlWnd" [MS]
"SunJavaUpdateSched" = "C:\Program Files\Java\jre1.5.0\bin\jusched.exe" [null data]
"SmcService" = "C:\PROGRA~1\Sygate\SPF\smc.exe -startgui" ["Sygate Technologies, Inc."]
"NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
"avgnt" = ""C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min" ["Avira GmbH"]
"WinampAgent" = "C:\Program Files\Winamp\winampa.exe" [null data]
"OODefragTray" = "C:\WINDOWS\system32\oodtray.exe" ["O&O Software GmbH"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "AcroIEHlprObj Class"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx" [empty string]
{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Megaupload Toolbar"
\InProcServer32\(Default) = "C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL" ["MegaUpload"]
{ea443796-0ffa-44aa-9dcb-58ff72bb6db7}\(Default) = (no title provided)
-> {HKLM...CLSID} = "acibar toolbar"
\InProcServer32\(Default) = "C:\Program Files\acibar\tbacib.dll" ["Conduit Ltd."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
-> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{32020A01-506E-484D-A2A8-BE3CF17601C3}" = "AlcoholShellEx"
-> {HKLM...CLSID} = "AlcoholShellEx"
\InProcServer32\(Default) = "C:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll" ["Alcohol Soft Development Team"]
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"
-> {HKLM...CLSID} = "iTunes"
\InProcServer32\(Default) = "C:\Program Files\iTunes\iTunesMiniPlayer.dll" ["Apple Computer, Inc."]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {HKLM...CLSID} = "Portable Media Devices Menu"
\InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS]
"{45AC2688-0253-4ED8-97DE-B5370FA7D48A}" = "Shell Extension for Malware scanning"
-> {HKLM...CLSID} = "Shell Extension for Malware scanning"
\InProcServer32\(Default) = "C:\Program Files\AntiVir PersonalEdition Classic\shlext.dll" ["Avira GmbH"]
"{5464D816-CF16-4784-B9F3-75C0DB52B499}" = "Yahoo! Mail"
-> {HKLM...CLSID} = "YMailShellExt Class"
\InProcServer32\(Default) = "C:\PROGRA~1\Yahoo!\Common\ymmapi2005010104.dll" ["Yahoo! Inc."]
"{B8323370-FF27-11D2-97B6-204C4F4F5020}" = "SmartFTP Shell Extension DLL"
-> {HKLM...CLSID} = "SmartFTP Shell Extension DLL"
\InProcServer32\(Default) = "C:\Program Files\SmartFTP Client 2.0\smarthook.dll" [file not found]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]
"{5E2121EE-0300-11D4-8D3B-444553540000}" = "Catalyst Context Menu extension"
-> {HKLM...CLSID} = "SimpleShlExt Class"
\InProcServer32\(Default) = "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll" [empty string]

HKLM\System\CurrentControlSet\Control\Session Manager\
<<!>> "BootExecute" = "autocheck autochk *"|"OODBS" ["O&O Software GmbH"]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<<!>> AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]

HKLM\Software\Classes\PROTOCOLS\Filter\
<<!>> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
Shell Extension for Malware scanning\(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}"
-> {HKLM...CLSID} = "Shell Extension for Malware scanning"
\InProcServer32\(Default) = "C:\Program Files\AntiVir PersonalEdition Classic\shlext.dll" ["Avira GmbH"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
Yahoo! Mail\(Default) = "{5464D816-CF16-4784-B9F3-75C0DB52B499}"
-> {HKLM...CLSID} = "YMailShellExt Class"
\InProcServer32\(Default) = "C:\PROGRA~1\Yahoo!\Common\ymmapi2005010104.dll" ["Yahoo! Inc."]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
Shell Extension for Malware scanning\(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}"
-> {HKLM...CLSID} = "Shell Extension for Malware scanning"
\InProcServer32\(Default) = "C:\Program Files\AntiVir PersonalEdition Classic\shlext.dll" ["Avira GmbH"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]


Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Administrator\Dane aplikacji\Opera\Opera\profile\skin\sunny-beach.bmp"


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS]


Startup items in "Administrator" & "All Users" startup folders:
---------------------------------------------------------------

C:\Documents and Settings\Administrator\Menu Start\Programy\Autostart
"Rejestrowanie produktów Corela" -> shortcut to: "C:\Program Files\Corel\Graphics9\Register\Remind32.exe" [file not found]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart
"Adobe Gamma Loader" -> shortcut to: "C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 19
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}"
-> {HKLM...CLSID} = "Megaupload Toolbar"
\InProcServer32\(Default) = "C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL" ["MegaUpload"]
"{EA443796-0FFA-44AA-9DCB-58FF72BB6DB7}"
-> {HKLM...CLSID} = "acibar toolbar"
\InProcServer32\(Default) = "C:\Program Files\acibar\tbacib.dll" ["Conduit Ltd."]

HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}" = (no title provided)
-> {HKLM...CLSID} = "Megaupload Toolbar"
\InProcServer32\(Default) = "C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL" ["MegaUpload"]
"{EA443796-0FFA-44AA-9DCB-58FF72BB6DB7}" = "acibar Toolbar"
-> {HKLM...CLSID} = "acibar toolbar"
\InProcServer32\(Default) = "C:\Program Files\acibar\tbacib.dll" ["Conduit Ltd."]

Explorer Bars

HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\

HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Badanie"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL" [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

AntiVir PersonalEdition Classic Guard, AntiVirService, "C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe" ["Avira GmbH"]
AntiVir PersonalEdition Classic Scheduler, AntiVirScheduler, "C:\Program Files\AntiVir PersonalEdition Classic\sched.exe" ["Avira GmbH"]
Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\system32\Ati2evxx.exe" ["ATI Technologies Inc."]
O&O Defrag, O&O Defrag, "C:\WINDOWS\system32\oodag.exe" ["O&O Software GmbH"]
PnkBstrB, PnkBstrB, "C:\WINDOWS\system32\PnkBstrB.exe" [null data]
Sygate Personal Firewall, SmcService, "C:\Program Files\Sygate\SPF\smc.exe" ["Sygate Technologies, Inc."]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\System32\wdfmgr.exe" [MS]


Print Monitors:
---------------

HKLM\System\CurrentControlSet\Control\Print\Monitors\
Canon BJ Language Monitor PIXMA iP1000\Driver = "CNMLM6e.DLL" ["CANON INC."]
Lexmark Enhanced TCP/IP Port\Driver = "lmablmpm.dll" [empty string]
Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]


----------
<<!>>: Suspicious data at a malware launch point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer "No" at the
first message box and "Yes" at the second message box.
---------- (total run time: 43 seconds, including 3 seconds for message boxes)

[wojtas]

daj loga z:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

[Creative_pp]

"Administrator" - 99\"
2007-05-29 21:19:15 Dodatek Service Pack 2
ComboFix 07-05.27.V - Running from: "C:\Documents and Settings\Administrator\Pulpit\hijackthis_1

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


"C:\Program Files\install.log"

((((((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\nm


((((((((((((((((((((((((((((((( Files Created from 2007-04-28 to 2007-05-29 ))))))))))))))))))))))))))))))))))


2007-05-29 01:03 <DIR> d-------- C:\WINDOWS\system32\oodag
2007-05-29 00:49 <DIR> d-------- C:\Program Files\OO Software
2007-05-28 21:33 <DIR> d-------- C:\Program Files\acibar
2007-05-26 21:04 <DIR> d-------- C:\Temp\ACI
2007-05-26 21:04 <DIR> d-------- C:\Temp
2007-05-24 22:43 <DIR> d-------- C:\Documents and Settings\Administrator\Shared
2007-05-24 22:43 <DIR> d-------- C:\Documents and Settings\Administrator\Incomplete
2007-05-24 22:43 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Shared
2007-05-24 22:43 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Incomplete
2007-05-24 22:42 6,422,611 --a------ C:\Program Files\frostwire-4.13.1.6.windows.exe
2007-05-24 22:42 <DIR> d-------- C:\Program Files\FrostWire
2007-05-24 22:42 <DIR> d-------- C:\DOCUME~1\ADMINI~1\DANEAP~1\FrostWire
2007-05-21 18:07 336 --a------ C:\WINDOWS\system32\lsprst7.dll
2007-05-21 18:07 1,025 --a------ C:\WINDOWS\system32\sysprs7.dll
2007-05-21 18:06 1,024 --a------ C:\WINDOWS\system32\clauth2.dll
2007-05-21 18:06 1,024 --a------ C:\WINDOWS\system32\clauth1.dll
2007-05-21 18:06 0 --a------ C:\WINDOWS\system32\ssprs.dll
2007-05-21 18:06 0 --a------ C:\WINDOWS\system32\serauth2.dll
2007-05-21 18:06 0 --a------ C:\WINDOWS\system32\serauth1.dll
2007-05-21 18:06 0 --a------ C:\WINDOWS\system32\nsprs.dll
2007-05-20 22:03 <DIR> d-------- C:\Program Files\NAPI-PROJEKT
2007-05-16 18:24 <DIR> d-------- C:\Program Files\GSC
2007-05-16 15:59 <DIR> d-------- C:\Program Files\PBSSCollector2.8.0
2007-05-16 03:04 <DIR> d-------- C:\Program Files\Bradbury
2007-05-11 02:09 1,050,120 --a------ C:\WINDOWS\system32\oodag.exe
2007-05-11 02:08 2,512,392 --a------ C:\WINDOWS\system32\oodtray.exe
2007-05-11 02:08 194,056 --a------ C:\WINDOWS\system32\oodbs.exe
2007-05-11 02:06 202,248 --a------ C:\WINDOWS\system32\oodtrrs.dll
2007-05-11 02:06 15,880 --a------ C:\WINDOWS\system32\oodagrs.dll
2007-05-11 02:06 15,880 --a------ C:\WINDOWS\system32\oodagmg.dll
2007-05-11 02:06 10,248 --a------ C:\WINDOWS\system32\oodbsrs.dll
2007-05-10 23:52 <DIR> d-------- C:\DOCUME~1\ADMINI~1\DANEAP~1\gtk-2.0
2007-05-10 23:49 <DIR> d-------- C:\Documents and Settings\Administrator\.gimp-2.3
2007-05-10 23:49 <DIR> d-------- C:\DOCUME~1\ADMINI~1\.gimp-2.3
2007-05-10 23:19 38,160 --a------ C:\WINDOWS\system32\drivers\oobctm.sys
2007-05-10 23:18 15,368 --a------ C:\WINDOWS\system32\ootmapi.dll
2007-05-10 19:19 <DIR> d-------- C:\Program Files\Microsoft Works
2007-05-09 22:08 <DIR> d-------- C:\DOCUME~1\ADMINI~1\DANEAP~1\Gadu-Gadu
2007-05-08 02:44 520,192 --------- C:\WINDOWS\system32\ati2sgag.exe
2007-05-08 02:43 <DIR> d-------- C:\Program Files\ATI Technologies
2007-05-08 02:35 <DIR> d-------- C:\DOCUME~1\ADMINI~1\DANEAP~1\ATI
2007-05-08 02:29 <DIR> d-------- C:\ATI
2007-05-08 01:36 3,972 --a------ C:\WINDOWS\system32\drivers\PciBus.sys
2007-05-08 01:36 20,400 --a------ C:\WINDOWS\system32\drivers\Entech.sys
2007-05-08 01:36 <DIR> d-------- C:\WINDOWS\system32\Futuremark
2007-05-04 21:31 56,320 --------- C:\WINDOWS\system32\iyvu9_32.dll
2007-05-04 21:31 136,704 --a------ C:\WINDOWS\system32\iacenc.dll
2007-05-04 21:31 <DIR> d-------- C:\Program Files\Ligos
2007-05-04 00:55 <DIR> d-------- C:\Program Files\KC Softwares
2007-05-03 15:51 <DIR> d-------- C:\DOCUME~1\ADMINI~1\DANEAP~1\MusicIP
2007-05-03 03:24 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-05-03 03:24 73,728 --a------ C:\WINDOWS\system32\dpl100.dll
2007-05-03 03:24 639,066 --a------ C:\WINDOWS\system32\divx.dll
2007-05-03 03:24 438,272 --a------ C:\WINDOWS\system32\vp6vfw.dll
2007-05-03 03:24 39,936 --a------ C:\WINDOWS\system32\huffyuv.dll
2007-05-03 03:24 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-05-03 03:24 217,088 --a------ C:\WINDOWS\system32\yv12vfw.dll
2007-05-03 03:24 217,088 --a------ C:\WINDOWS\system32\i420vfw.dll
2007-05-03 03:24 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-05-03 03:24 196,608 --a------ C:\WINDOWS\system32\dtu100.dll
2007-05-03 03:24 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2007-05-03 03:24 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-05-03 03:21 <DIR> d-------- C:\DOCUME~1\ADMINI~1\DANEAP~1\Media Player Classic
2007-05-03 03:19 10,752 --a------ C:\WINDOWS\system32\ff_vfw.dll
2007-05-02 16:03 <DIR> d-------- C:\Program Files\Real Alternative
2007-05-02 16:03 <DIR> d-------- C:\Program Files\Media Player Classic
2007-05-02 16:03 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\Real
2007-05-02 16:03 <DIR> d-------- C:\DOCUME~1\ADMINI~1\DANEAP~1\Real
2007-05-02 15:58 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2007-05-02 14:07 464 --a------ C:\WINDOWS\system32\vorbisenc.dll
2007-05-02 14:07 464 --a------ C:\WINDOWS\system32\vorbis.dll
2007-05-02 14:07 464 --a------ C:\WINDOWS\system32\OggDS.dll
2007-05-02 14:07 464 --a------ C:\WINDOWS\system32\ogg.dll
2007-05-02 14:07 464 --a------ C:\WINDOWS\system32\mplvpx.dll
2007-05-02 14:07 464 --a------ C:\WINDOWS\system32\cpuinf32.dll
2007-05-02 13:35 <DIR> d-------- C:\DOCUME~1\ADMINI~1\DANEAP~1\GetRightToGo
2007-05-02 00:32 <DIR> d-------- C:\DOCUME~1\ADMINI~1\DANEAP~1\GSC


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-05-29 15:57:12 63,040 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2007-05-28 19:06:00 -------- d-----w C:\DOCUME~1\ADMINI~1\DANEAP~1\teamspeak2
2007-05-26 23:38:39 -------- d-----w C:\DOCUME~1\ADMINI~1\DANEAP~1\Xfire
2007-05-26 23:38:23 -------- d-s---w C:\Program Files\Xfire
2007-05-24 20:39:29 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-05-17 16:51:55 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2007-05-15 18:08:29 -------- d-----w C:\Program Files\AV VCS 3.0
2007-05-15 18:04:01 -------- d-----w C:\Program Files\Yahoo!
2007-05-15 18:03:17 -------- d-----w C:\Program Files\Winamp
2007-05-08 00:34:53 -------- d-----w C:\Program Files\Gadu-Gadu
2007-05-02 11:59:20 -------- d-----w C:\Program Files\QuickTime
2007-05-02 10:16:58 -------- d-----w C:\Program Files\Jasc Software Inc
2007-04-24 17:22:35 -------- d-----w C:\DOCUME~1\ADMINI~1\DANEAP~1\MegauploadToolbar
2007-04-24 17:19:13 -------- d-----w C:\Program Files\Common Files\Crystal Decisions
2007-04-24 17:19:12 -------- d-----w C:\Program Files\aLeX^rS
2007-04-22 17:23:06 -------- d-----w C:\Program Files\Microsoft Access Runtime
2007-04-17 11:36:12 -------- d-----w C:\Program Files\Anim-FX
2007-04-15 23:17:43 99,904 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2007-04-14 21:28:19 22,584 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-04-12 21:51:03 19,422 ----a-w C:\WINDOWS\War3Unin.dat
2007-04-12 21:50:59 2,829 ----a-w C:\WINDOWS\War3Unin.pif
2007-04-12 21:50:59 126,976 ----a-w C:\WINDOWS\War3Unin.exe
2007-04-11 21:05:30 -------- d-----w C:\Program Files\BitComet
2007-04-10 23:02:19 -------- d-----w C:\DOCUME~1\ADMINI~1\DANEAP~1\Skype
2007-04-02 11:34:17 -------- d-----w C:\Program Files\SkanerOnline
2007-04-01 09:57:16 80,444 ----a-w C:\WINDOWS\system32\perfc015.dat
2007-04-01 09:57:16 461,026 ----a-w C:\WINDOWS\system32\perfh015.dat
2007-03-28 10:11:23 -------- d-----w C:\Program Files\Kustom Appz Software
2007-03-15 01:58:38 315,392 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2007-03-15 01:57:34 267,776 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2007-03-15 01:55:38 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2007-03-15 01:50:39 122,880 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2007-03-15 01:50:27 114,688 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2007-03-15 01:50:19 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2007-03-15 01:50:12 42,496 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2007-03-15 01:49:59 114,688 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2007-03-15 01:48:39 450,560 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2007-03-15 01:47:52 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2007-03-15 01:40:10 2,820,544 ----a-w C:\WINDOWS\system32\ati3duag.dll
2007-03-15 01:29:47 1,315,712 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2007-03-15 01:29:32 3,107,788 ----a-w C:\WINDOWS\system32\ativvaxx.dat
2007-03-15 01:19:32 5,402,624 ----a-w C:\WINDOWS\system32\atioglxx.dll
2007-03-15 01:16:14 258,048 ----a-w C:\WINDOWS\system32\atikvmag.dll
2007-03-15 01:14:43 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2007-03-15 01:10:28 356,352 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2007-03-07 23:51:00 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2007-03-06 22:04:53 143,676 ----a-w C:\WINDOWS\system32\atiicdxx.dat


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx [2001-04-16 18:39]
{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}=C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL [2006-10-31 08:55]
{ea443796-0ffa-44aa-9dcb-58ff72bb6db7}=C:\Program Files\acibar\tbacib.dll [2007-05-27 13:17]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio"="cmicnfg.cpl" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0\bin\jusched.exe" [2006-08-06 21:35]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 19:40]
"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2007-04-23 21:31]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-04-25 17:44]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Komunikator"="C:\Program Files\Tlen.pl\tlen.exe" []
"Twoje TVN24"="" []
"@"="" []
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-05-10 16:36]



~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

backup-20070529-192012-303
R3 - URLSearchHook: acibar toolbar - {ea443796-0ffa-44aa-9dcb-58ff72bb6db7} - C:\Program Files\acibar\tbacib.dll

backup-20070529-192003-927
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

backup-20070529-002209-739
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

????????????????????????????????????????????4??????????????????????

backup-20070529-002208-929
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll

????????????????????????????????????????????

backup-20070529-002208-967
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com

backup-20070529-002208-768
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html

backup-20070529-002208-636
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

backup-20070529-002208-629
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com

backup-20070529-002208-121
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

backup-20070529-002208-384
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

backup-20070529-002208-236
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html

backup-20070529-002208-870
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com

backup-20070529-002208-860
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/

backup-20070529-002208-650
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

backup-20070529-002208-682
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com

backup-20070209-131702-103
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab

???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????:?????????????????????'????????
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

????????????????????????????????????????????4?????????????????????????????????????????????????????????????????????????????????????????????????????4???????????????????????????????????????????????????????????????

backup-20070110-000407-412
O4 - HKCU\..\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe

backup-20061207-013410-506
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL (file missing)

backup-20061203-221222-862
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h

backup-20061203-220254-844
O20 - Winlogon Notify: rpcc - C:\WINDOWS\system32\rpcc.dll

?Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\rpcc]
"DllName"="C:\\WINDOWS\\system32\\rpcc.dll"
"Asynchronous"=dword:00000001
"Impersonate"=dword:00000001
"Startup"="Startup"



backup-20061203-220254-461
O16 - DPF: {82FFA573-38AA-482A-99AD-91F697B91631} (Installer.InstallControl) - http://www.file2you.net/applet.cab

?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????6??????'?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

backup-20061118-185556-637
O4 - HKLM\..\Run: [Explorer] C:\WINDOWS\iexplore.exe
********************************************************************

catchme 0.3.681 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-29 21:22:19
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0


********************************************************************

Completion time: 2007-05-29 21:23:36 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-05-29 21:23

--- E O F ---

[wojtas]

jest ok