Spyware/virtumonde [logi otl]

[waglik]

Witam,
Panda online wykryła mi spyware/virtumonde w hkey_local_machine\software\microsoft\rdfa
no i powstal problem bo za jej pomoca nie moge go usunac a takie narzedzia jak a-squared, spybot nie wykrywaja tego jak sie pozbyc tego dziadostwa?

[ToServeAndProtect]

umieść logi z RSIT albo OTL - instrukcje w tematach przyklejonych

[waglik]

Chyba tak ma byc
Extras
http://wklej.org/id/147546/
Otl
http://wklej.org/id/147548/

[wojtas]

Daj loga z combofixa ale zainstaluj wraz z nim konsolę odzyskiwania ( instrukcja programu )

[waglik]

Kod: Zaznacz wszystko

ComboFix 09-09-09.09 - wegierek 2009-09-10 18:00.1.2 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1250.48.1033.18.895.506 [GMT 2:00]
Uruchomiony z: c:\documents and settings\wegierek\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1351 [VPS 090908-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\wegierek\Local Settings\Application Data\DoubleD
c:\documents and settings\wegierek\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}
c:\documents and settings\wegierek\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\bg.jpg
c:\documents and settings\wegierek\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\CurrentVersion.xml
c:\documents and settings\wegierek\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\Data\ProductInfo.mx
c:\documents and settings\wegierek\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\icon.ico
c:\documents and settings\wegierek\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\tdf.dat
C:\Documents
c:\windows\g32.txt
c:\windows\Installer\138ee6cf.msp
c:\windows\Installer\138ee6d0.msp
c:\windows\Installer\138ee6d1.msp
c:\windows\Installer\138ee6d2.msp
c:\windows\Installer\138ee6d3.msp
c:\windows\Installer\138ee6d4.msp
c:\windows\Installer\138ee6d5.msp
c:\windows\Installer\138ee6d6.msp
c:\windows\Installer\138ee6d7.msp
c:\windows\Installer\1a25ff.msp
c:\windows\Installer\1f84c122.msp
c:\windows\Installer\22eb57fc.msp
c:\windows\Installer\8c1375e.msi
c:\windows\system\msvbvm60.dll

.
(((((((((((((((((((((((((   Pliki utworzone od 2009-08-10 do 2009-09-10  )))))))))))))))))))))))))))))))
.

2009-09-09 15:58 . 2009-09-09 15:58   --------   d-----w-   C:\_OTL
2009-09-09 15:52 . 2009-09-09 15:53   --------   d-----w-   C:\rsit
2009-09-09 12:55 . 2008-06-19 15:24   28544   ----a-w-   c:\windows\system32\drivers\pavboot.sys
2009-09-09 09:21 . 2009-09-09 12:51   --------   d-----w-   c:\program files\a-squared Free
2009-09-09 00:01 . 2009-06-21 21:44   153088   -c----w-   c:\windows\system32\dllcache\triedit.dll
2009-09-08 23:46 . 2009-09-08 23:46   --------   d-----w-   c:\program files\Windows Defender
2009-09-08 22:37 . 2009-09-08 22:37   --------   d-----w-   c:\program files\ESET
2009-09-08 18:49 . 2009-09-08 20:22   --------   d-----w-   c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-09-08 18:49 . 2009-09-08 18:53   --------   d-----w-   c:\program files\Spybot - Search & Destroy
2009-09-05 16:29 . 2009-09-05 16:29   --------   d-----w-   c:\program files\INTERIAPL
2009-09-05 16:10 . 2009-09-06 08:42   230454   ----a-w-   C:\StiImg.dat
2009-09-05 14:32 . 2008-04-13 18:39   5504   -c--a-w-   c:\windows\system32\dllcache\mstee.sys
2009-09-05 14:32 . 2008-04-13 18:39   5504   ----a-w-   c:\windows\system32\drivers\MSTEE.sys
2009-09-05 14:32 . 2008-04-13 18:46   10880   -c--a-w-   c:\windows\system32\dllcache\ndisip.sys
2009-09-05 14:32 . 2008-04-13 18:46   10880   ----a-w-   c:\windows\system32\drivers\NdisIP.sys
2009-09-05 14:32 . 2008-04-13 18:46   15232   -c--a-w-   c:\windows\system32\dllcache\streamip.sys
2009-09-05 14:32 . 2008-04-13 18:46   15232   ----a-w-   c:\windows\system32\drivers\StreamIP.sys
2009-09-05 14:32 . 2008-04-13 18:46   11136   -c--a-w-   c:\windows\system32\dllcache\slip.sys
2009-09-05 14:32 . 2008-04-13 18:46   11136   ----a-w-   c:\windows\system32\drivers\SLIP.sys
2009-09-05 14:32 . 2008-04-13 18:46   19200   -c--a-w-   c:\windows\system32\dllcache\wstcodec.sys
2009-09-05 14:32 . 2008-04-13 18:46   19200   ----a-w-   c:\windows\system32\drivers\WSTCODEC.SYS
2009-09-05 14:32 . 2008-04-13 18:46   85248   -c--a-w-   c:\windows\system32\dllcache\nabtsfec.sys
2009-09-05 14:32 . 2008-04-13 18:46   85248   ----a-w-   c:\windows\system32\drivers\NABTSFEC.sys
2009-09-05 14:31 . 2008-04-13 18:46   17024   -c--a-w-   c:\windows\system32\dllcache\ccdecode.sys
2009-09-05 14:31 . 2008-04-13 18:46   17024   ----a-w-   c:\windows\system32\drivers\CCDECODE.sys
2009-09-05 14:31 . 2008-04-14 00:12   53760   -c--a-w-   c:\windows\system32\dllcache\vfwwdm32.dll
2009-09-05 14:31 . 2008-04-14 00:12   53760   ----a-w-   c:\windows\system32\vfwwdm32.dll
2009-09-05 13:58 . 2009-09-09 07:14   --------   d-----w-   c:\windows\PAC207
2009-09-05 13:58 . 2009-09-05 13:58   --------   d-----w-   c:\program files\Common Files\PCCamera
2009-09-05 13:58 . 2009-09-05 13:58   --------   d-----w-   c:\program files\PC Camera
2009-09-05 13:57 . 2009-09-05 13:57   --------   d-----w-   c:\windows\Downloaded Installations
2009-09-03 22:25 . 2009-09-03 22:25   56   ---ha-w-   c:\windows\system32\ezsidmv.dat
2009-09-03 22:23 . 2009-09-03 22:23   --------   d-----w-   c:\program files\Common Files\Skype
2009-09-03 22:23 . 2009-09-03 22:23   --------   d-----r-   c:\program files\Skype
2009-09-03 11:01 . 2009-09-03 11:01   --------   d-----w-   c:\documents and settings\wegierek\Local Settings\Application Data\cache
2009-09-03 10:58 . 2009-09-03 11:00   --------   d-----w-   c:\program files\Nowe Gadu-Gadu
2009-08-25 08:47 . 2009-08-25 08:47   --------   d-----w-   c:\program files\CGArchive.com
2009-08-25 08:45 . 2009-08-25 08:45   --------   d-sh--w-   c:\documents and settings\LocalService\IETldCache
2009-08-20 07:25 . 2009-09-08 13:08   --------   d-----w-   c:\documents and settings\wegierek\.gimp-2.6
2009-08-13 14:57 . 2009-07-10 13:27   1315328   -c----w-   c:\windows\system32\dllcache\msoe.dll

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-10 16:10 . 2008-04-24 21:52   --------   d-----w-   c:\program files\Microsoft Silverlight
2009-09-10 13:49 . 2007-09-22 10:41   --------   d-----w-   c:\documents and settings\wegierek\Application Data\foobar2000
2009-09-09 13:11 . 2007-09-21 12:17   --------   d-----w-   c:\documents and settings\All Users\Application Data\Microsoft Help
2009-09-09 08:36 . 2007-11-19 11:11   --------   d-----w-   c:\documents and settings\wegierek\Application Data\Skype
2009-09-09 08:36 . 2008-06-11 18:54   --------   d-----w-   c:\documents and settings\wegierek\Application Data\ipla
2009-09-09 07:16 . 2007-12-03 08:11   --------   d-----w-   c:\documents and settings\wegierek\Application Data\skypePM
2009-09-08 18:39 . 2008-01-16 18:50   --------   d---a-w-   c:\documents and settings\All Users\Application Data\TEMP
2009-09-08 13:05 . 2007-10-10 09:36   --------   d-----w-   c:\documents and settings\wegierek\Application Data\gtk-2.0
2009-09-08 08:13 . 2008-07-29 21:46   664   ----a-w-   c:\windows\system32\d3d9caps.dat
2009-09-05 14:31 . 2008-09-08 14:10   --------   d-----w-   c:\program files\Mozilla Thunderbird
2009-09-05 14:06 . 2007-09-21 11:48   --------   d--h--w-   c:\program files\InstallShield Installation Information
2009-09-03 22:23 . 2007-11-19 11:10   --------   d-----w-   c:\documents and settings\All Users\Application Data\Skype
2009-09-02 16:44 . 2008-11-14 12:23   --------   d-----w-   c:\documents and settings\All Users\Application Data\Installations
2009-09-02 16:43 . 2008-11-14 12:27   --------   d-----w-   c:\program files\Common Files\Nokia
2009-09-02 16:43 . 2008-11-14 12:25   --------   d-----w-   c:\program files\Nokia
2009-08-31 21:37 . 2008-06-11 18:54   --------   d-----w-   c:\documents and settings\All Users\Application Data\ipla
2009-08-24 19:46 . 2009-08-24 19:46   0   ---ha-w-   c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-08-21 07:33 . 2008-03-08 16:38   --------   d-----w-   c:\documents and settings\wegierek\Application Data\BESTplayer
2009-08-20 07:23 . 2007-10-03 10:46   --------   d-----w-   c:\program files\GIMP-2.0
2009-08-17 16:10 . 2008-02-06 12:39   1279456   ----a-w-   c:\windows\system32\aswBoot.exe
2009-08-17 16:06 . 2008-02-06 12:39   93392   ----a-w-   c:\windows\system32\drivers\aswmon.sys
2009-08-17 16:06 . 2008-02-06 12:39   94160   ----a-w-   c:\windows\system32\drivers\aswmon2.sys
2009-08-17 16:05 . 2008-03-31 17:47   114768   ----a-w-   c:\windows\system32\drivers\aswSP.sys
2009-08-17 16:05 . 2008-03-31 17:47   20560   ----a-w-   c:\windows\system32\drivers\aswFsBlk.sys
2009-08-17 16:04 . 2008-02-06 12:39   51376   ----a-w-   c:\windows\system32\drivers\aswTdi.sys
2009-08-17 16:04 . 2008-02-06 12:39   23152   ----a-w-   c:\windows\system32\drivers\aswRdr.sys
2009-08-17 16:03 . 2008-02-06 12:39   26944   ----a-w-   c:\windows\system32\drivers\aavmker4.sys
2009-08-17 16:02 . 2008-02-06 12:39   97480   ----a-w-   c:\windows\system32\AvastSS.scr
2009-08-05 09:01 . 2004-08-04 12:00   204800   ----a-w-   c:\windows\system32\mswebdvd.dll
2009-07-27 21:21 . 2009-07-14 16:22   --------   d-----w-   c:\program files\KaraFun
2009-07-23 14:54 . 2007-10-04 10:36   318584   -c--a-w-   c:\documents and settings\Guest\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-17 19:01 . 2004-08-04 12:00   58880   ----a-w-   c:\windows\system32\atl.dll
2009-07-13 21:43 . 2004-08-04 12:00   286208   ----a-w-   c:\windows\system32\wmpdxm.dll
2009-07-12 21:06 . 2007-09-21 18:22   318584   -c--a-w-   c:\documents and settings\wegierek\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-03 17:09 . 2004-08-04 12:00   915456   ----a-w-   c:\windows\system32\wininet.dll
2009-06-25 08:25 . 2004-08-04 12:00   730112   ----a-w-   c:\windows\system32\lsasrv.dll
2009-06-25 08:25 . 2004-08-04 12:00   56832   ----a-w-   c:\windows\system32\secur32.dll
2009-06-25 08:25 . 2004-08-04 12:00   54272   ----a-w-   c:\windows\system32\wdigest.dll
2009-06-25 08:25 . 2004-08-04 12:00   301568   ----a-w-   c:\windows\system32\kerberos.dll
2009-06-25 08:25 . 2004-08-04 12:00   147456   ----a-w-   c:\windows\system32\schannel.dll
2009-06-25 08:25 . 2004-08-04 12:00   136192   ----a-w-   c:\windows\system32\msv1_0.dll
2009-06-24 11:18 . 2004-08-04 12:00   92928   ----a-w-   c:\windows\system32\drivers\ksecdd.sys
2009-06-16 14:36 . 2004-08-04 12:00   81920   ----a-w-   c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2004-08-04 12:00   119808   ----a-w-   c:\windows\system32\t2embed.dll
.

(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"Google Update"="c:\documents and settings\wegierek\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-03 133104]
"Nowe Gadu-Gadu"="c:\program files\Nowe Gadu-Gadu\gg.exe" [2009-08-31 11391592]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Gadu-Gadu"="e:\gadu-gadu\gg.exe" [2008-03-20 2127296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-27 1040384]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-01-05 872448]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-01-10 472776]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Guest\Start Menu\Programs\Startup\
Tworzenie wycink˘w ekranu i uruchamianie programu OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]

c:\documents and settings\wegierek\Start Menu\Programs\Startup\
CCC.lnk - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-9-29 49152]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BTTray.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BTTray.lnk
backup=c:\windows\pss\BTTray.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Przypominacz.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Przypominacz.lnk
backup=c:\windows\pss\Przypominacz.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^wegierek^Start Menu^Programs^Startup^Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk]
path=c:\documents and settings\wegierek\Start Menu\Programs\Startup\Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk
backup=c:\windows\pss\Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TapiSrv"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Gadu-Gadu\\gg.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"e:\\Gadu-Gadu\\gg.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\Octoshape Streaming Services\\wegierek\\OctoshapeClient.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\Nowe Gadu-Gadu\\gg.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"19711:TCP"= 19711:TCP:BitComet 19711 TCP
"19711:UDP"= 19711:UDP:BitComet 19711 UDP

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-09-09 28544]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-03-31 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-03-31 20560]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S3 HP24X;HP PC Card Smart Card Reader;c:\windows\system32\drivers\HP24X.sys [2008-01-13 33024]
S3 SDTHOOK;SDTHOOK;c:\windows\system32\drivers\SDTHOOK.SYS [2008-01-05 44928]
S4 Harmonogram automatycznej uslugi LiveUpdate;Harmonogram automatycznej uslugi LiveUpdate;"c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" --> c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]
msiexec /fums {09258F12-48E7-B18E-C414-1F48C215685F} /qb
.
Zawartość folderu 'Zaplanowane zadania'

2009-09-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-1343024091-682003330-1003Core.job
- c:\documents and settings\wegierek\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 15:51]

2009-09-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-1343024091-682003330-1003UA.job
- c:\documents and settings\wegierek\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 15:51]

2009-09-10 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.ebay.pl/
uInternet Settings,ProxyServer = w3cache.icm.edu.pl:8080
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Wyślij do urządzenia &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
FF - ProfilePath - c:\documents and settings\wegierek\Application Data\Mozilla\Firefox\Profiles\dreqq3xm.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - plugin: c:\documents and settings\wegierek\Application Data\Mozilla\plugins\npoctoshape.dll
FF - plugin: c:\documents and settings\wegierek\Application Data\Nowe Gadu-Gadu\_userdata\npgg.1.dll
FF - plugin: c:\documents and settings\wegierek\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPBILLARD8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPBILLARD8UK.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPBILLARD9.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPSignPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPSNOOKER.dll
FF - plugin: c:\program files\Octoshape Streaming Services\wegierek\octoprogram-L03-NMS0806060_SUA_000\npoctoshape.dll
FF - plugin: c:\program files\Octoshape Streaming Services\wegierek\octoprogram-L03-NMS0806091_SUA_000\npoctoshape.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - USUNIĘTO PUSTE WPISY - - - -

WebBrowser-{4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-10 18:12
Windows 5.1.2600 Service Pack 3 NTFS

skanowanie ukrytych procesów ... 

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ... 

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

- - - - - - - > 'winlogon.exe'(1032)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(676)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\program files\Common Files\Nero\Lib\NeroDigitalExt.dll
c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\MFC80.DLL
c:\windows\system32\webcheck.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\windows\system32\hnetcfg.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_pol.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\scardsvr.exe
c:\program files\a-squared Free\a2service.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\IoctlSvc.exe
c:\windows\system32\searchindexer.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Alwil Software\Avast4\Setup\avast.setup
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\Nowe Gadu-Gadu\spellchecker_gg.exe
.
**************************************************************************
.
Czas ukończenia: 2009-09-10 18:17 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt  2009-09-10 16:17

Przed: 2 094 342 144 bytes free
Po: 2 547 445 760 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer

305   --- E O F ---   2009-09-09 13:14


[wojtas]

2. wykonaj optymalizację windowsa
3.Wyłącz przywracanie systemu ( właściwości mój komputer-zakładka przywracanie - wyłącz przywracanie na wszystkich dyskach). Po chwili włącz je powrotem]
4. zrób skan Malwarebytes Anti-Malware (usuń co znajdzie )



Przeskanuj obszar mojego komputera http://www.kaspersky.pl/virusscanner.html (uruchom przez IE) Daj raport z niego na forum.

Autor postu otrzymał pochwałę