Wirus czy błąd explorera?

Witam! Od niedawna mam pewien bardzo specyficzny problem. Otóż co jakiś czas, najczęsciej jak zamykam okno explorera (nie internetu tylko menedżera plików ) lub jak otwieram filmy to dzieje się coś takiego. Znikają mi wszystkie ikony oraz pasek narzędzi i robi się goły pulpit. Czekam chwilę i znowu mam wsyztsko tak jak miałem łącznie zew zminimalizowanymi oknami. Okna które były otwarte nie są już otwarte. I wszytsko jest tak jak było. Gorzej jeśli ten bvłąd wystąpi więcej razy./ Wtedy nie wracają już wsyztskie ikony tylko mam pusty pulpit. Może mi ktoś powiedzieć czy to jest jakiś wirus? Bo skanowałem mks'em i avastem i nic. A może to po prostu błąd explorera i jest na to jakaś łatka albo coś w tym wtylu? Proszę o pomoc. Z góry thx

Daj loga z hjt

Proszę bardzo:

Logfile of HijackThis v1.99.1
Scan saved at 18:29:14, on 2007-12-11
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\qttask.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\vsnpstd.exe
C:\Program Files\Spik\Spik.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
D:\Program Files\Ares\Ares.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\eMule\emule.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Hamachi\hamachi.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.neostrada.pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O3 - Toolbar: Earn2Life Bar - {93344865-74BD-4873-BE65-56539D41A65C} - C:\WINDOWS\Downloaded Program Files\Earn2Life.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\system32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [Spik] C:\Program Files\Spik\Spik.exe -autostart
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [24b14616] rundll32.exe "C:\WINDOWS\system32\lqhftsfd.dll",b
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ares] "D:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Earn2Life Bar - {07328B93-AFD8-4c6a-99E9-D0B3B5D6DAD9} - C:\WINDOWS\Downloaded Program Files\Earn2Life.dll
O9 - Extra 'Tools' menuitem: Earn2Life Bar - {07328B93-AFD8-4c6a-99E9-D0B3B5D6DAD9} - C:\WINDOWS\Downloaded Program Files\Earn2Life.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {93344865-74BD-4873-BE65-56539D41A65C} (Earn2Life Bar) - http://www.earn2life.com/plugin/Earn2Life.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.adobe.com/pub/shockwave/...ash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wpmsg - {2E0AC5A0-3597-11D6-B3ED-0001021DC1C3} - C:\Program Files\Spik\url_wpmsg.dll
O20 - AppInit_DLLs: c:\windows\system32\awtqnmk.dll
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - D:\Program Files\Ares\chatServer.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

Nie wiem czy to o to chodziło ale no cóż

Odpal hjt.Wybierz opcję do a system scan only.Zrobi Ci się log i zaznacz kwadraty obok poniższych wpisów i daj fix



O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O9 - Extra 'Tools' menuitem: Earn2Life Bar - {07328B93-AFD8-4c6a-99E9-D0B3B5D6DAD9} - C:\WINDOWS\Downloaded Program Files\Earn2Life.dll
O9 - Extra button: Earn2Life Bar - {07328B93-AFD8-4c6a-99E9-D0B3B5D6DAD9} - C:\WINDOWS\Downloaded Program Files\Earn2Life.dll

Myślisz że to pomoże? Dzięki za help. Zobaczymy co to dało.

Zamiast nabijać, pokaż nam kolejny log.

Proszę bardzo:
Logfile of HijackThis v1.99.1
Scan saved at 21:26:26, on 2007-12-11
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\qttask.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\vsnpstd.exe
C:\Program Files\Spik\Spik.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
D:\Program Files\Ares\Ares.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\eMule\emule.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Hamachi\hamachi.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
D:\Program Files\Microsoft Office\Office\OUTLOOK.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.neostrada.pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O3 - Toolbar: Earn2Life Bar - {93344865-74BD-4873-BE65-56539D41A65C} - C:\WINDOWS\Downloaded Program Files\Earn2Life.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\system32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [Spik] C:\Program Files\Spik\Spik.exe -autostart
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [24b14616] rundll32.exe "C:\WINDOWS\system32\lqhftsfd.dll",b
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ares] "D:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {93344865-74BD-4873-BE65-56539D41A65C} (Earn2Life Bar) - http://www.earn2life.com/plugin/Earn2Life.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.adobe.com/pub/shockwave/...ash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wpmsg - {2E0AC5A0-3597-11D6-B3ED-0001021DC1C3} - C:\Program Files\Spik\url_wpmsg.dll
O20 - AppInit_DLLs: c:\windows\system32\awtqnmk.dll
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - D:\Program Files\Ares\chatServer.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

 

Użytkownik bipiw edytował ten post 22 05 2013 - 00:38

A daj no logi z combofixa

O4 - HKLM\..\Run: [24b14616] rundll32.exe "C:\WINDOWS\system32\lqhftsfd.dll",b
O20 - AppInit_DLLs: c:\windows\system32\awtqnmk.dll

Vundo siedzi.
Ściagnij VundoFix i uzyj. (Scan for Vundo, Remove Vundo). VundoFix loga wygeneruje (plik VundoFix.txt na partycji systemowej) - do obejrzenia on jest.
Ten log ComboFixa obowiazkowy równiez.

Oto log z combofixa:

ComboFix 07-12-12.3 - robomanus 2007-12-11 22:21:25.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.182 [GMT 1:00]
Running from: D:\Documents and Settings\dom\Moje dokumenty\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\dom\Dane aplikacji\macromedia\Flash Player\#SharedObjects\48TYRVVQ\www.broadcaster.com
C:\Documents and Settings\dom\Dane aplikacji\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\dom\Dane aplikacji\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\Documents and Settings\robomanus\Dane aplikacji\tmp27.tmp.exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\msettings.ini
C:\WINDOWS\system32\busrsumi.dll
C:\WINDOWS\system32\chllpdik.dll
C:\WINDOWS\system32\dfstfhql.ini
C:\WINDOWS\system32\diunliox.dll
C:\WINDOWS\system32\dn24b146b9.dat
C:\WINDOWS\system32\fgjlm.ini
C:\WINDOWS\system32\fgjlm.ini2
C:\WINDOWS\system32\fmgcylmh.ini
C:\WINDOWS\system32\hmlycgmf.dll
C:\WINDOWS\system32\imusrsub.ini
C:\WINDOWS\system32\jlyxbnyq.dll
C:\WINDOWS\system32\kabqgvbv.dll
C:\WINDOWS\system32\kidpllhc.ini
C:\WINDOWS\system32\ljjheca.dll
C:\WINDOWS\system32\lqhftsfd.dll
C:\WINDOWS\system32\mljgf.dll
C:\WINDOWS\system32\pkvdbvyw.dll
C:\WINDOWS\system32\qomtyoav.dll
C:\WINDOWS\system32\qynbxylj.ini
C:\WINDOWS\system32\umvwtylh.dll
C:\WINDOWS\system32\xoilnuid.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE


((((((((((((((((((((((((( Files Created from 2007-11-12 to 2007-12-12 )))))))))))))))))))))))))))))))
.

2007-12-07 20:29 . 2007-12-09 22:55 834,700 ---hs---- C:\WINDOWS\system32\kgoaayhm.ini
2007-12-06 20:32 . 2007-12-07 07:39 831,477 ---hs---- C:\WINDOWS\system32\eovrsjkh.ini
2007-12-03 20:26 . 2007-12-04 20:26 806,400 ---hs---- C:\WINDOWS\system32\gfpjmjcc.ini
2007-12-02 20:25 . 2007-12-03 20:25 790,653 ---hs---- C:\WINDOWS\system32\jjnegjuj.ini
2007-12-01 20:25 . 2007-12-02 10:37 789,959 ---hs---- C:\WINDOWS\system32\jirdxjvv.ini
2007-11-30 20:24 . 2007-12-01 11:01 789,839 ---hs---- C:\WINDOWS\system32\hqqfxsam.ini
2007-11-29 20:25 . 2007-11-30 20:24 793,724 ---hs---- C:\WINDOWS\system32\xebjvgwv.ini
2007-11-27 20:23 . 2007-11-28 08:44 784,545 ---hs---- C:\WINDOWS\system32\lhyvskaa.ini
2007-11-26 20:21 . 2007-11-27 20:22 784,425 ---hs---- C:\WINDOWS\system32\mqmquour.ini
2007-11-25 20:23 . 2007-11-26 07:37 775,892 ---hs---- C:\WINDOWS\system32\npnbyxlx.ini
2007-11-25 14:21 . 2007-11-25 14:21 38 --a------ C:\WINDOWS\osAviSplitter.INI
2007-11-23 20:21 . 2007-11-24 09:42 776,252 ---hs---- C:\WINDOWS\system32\cirhrrmi.ini
2007-11-23 19:39 . 2007-06-26 08:40 823,296 --a------ C:\WINDOWS\j3dcore-d3d.dll
2007-11-23 19:39 . 2007-06-26 08:40 163,840 --a------ C:\WINDOWS\j3dcore-ogl.dll
2007-11-23 19:39 . 2007-06-26 08:40 49,152 --a------ C:\WINDOWS\j3dcore-ogl-chk.dll
2007-11-23 19:39 . 2007-06-26 08:40 40,960 --a------ C:\WINDOWS\j3dcore-ogl-cg.dll
2007-11-23 19:39 . 2007-12-06 20:39 143 --a------ C:\WINDOWS\system32\mcrh.tmp
2007-11-23 19:05 . 2000-05-22 22:58 608,448 --a------ C:\WINDOWS\system32\comctl32.ocx
2007-11-23 18:58 . 2007-11-23 18:58 <DIR> d-------- C:\ConverterOutput
2007-11-23 18:54 . 2007-11-23 18:54 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2007-11-22 20:19 . 2007-11-23 20:20 776,012 ---hs---- C:\WINDOWS\system32\bixgkpkv.ini
2007-11-18 17:54 . 2007-12-11 13:05 <DIR> d-------- C:\Program Files\Spik
2007-11-18 17:54 . 2007-11-18 17:54 <DIR> d-------- C:\Documents and Settings\robomanus\Dane aplikacji\Spik
2007-11-18 17:51 . 2007-11-18 17:51 <DIR> d-------- C:\Documents and Settings\robomanus\Dane aplikacji\Tlen.pl
2007-11-18 17:50 . 2007-11-18 17:51 <DIR> d-------- C:\Program Files\Tlen.pl
2007-11-15 19:58 . 2007-11-15 19:58 43,698 --a------ C:\WINDOWS\system32\xvid-uninstall.exe
2007-11-15 18:52 . 2007-11-15 18:54 13,288,228 --a------ C:\output.avi
2007-11-15 18:28 . 2007-11-15 18:28 <DIR> d-------- C:\WINDOWS\system32\pl-PL
2007-11-15 18:27 . 2007-11-15 18:27 <DIR> d-------- C:\Program Files\MSBuild
2007-11-15 18:23 . 2007-11-15 18:28 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2007-11-15 18:23 . 2007-11-15 18:23 <DIR> d-------- C:\Program Files\Reference Assemblies
2007-11-15 18:22 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2007-11-15 18:09 . 2007-11-15 18:09 <DIR> d-------- C:\Program Files\Orban
2007-11-15 18:04 . 2007-11-15 18:04 <DIR> d-------- C:\Documents and Settings\robomanus\Dane aplikacji\Gadu-Gadu
2007-11-14 17:49 . 2007-11-14 17:53 <DIR> d-------- C:\Documents and Settings\robomanus\.freemind

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-12 21:33 --------- d-----w C:\Program Files\eMule
2007-12-12 21:33 --------- d-----w C:\Documents and Settings\robomanus\Dane aplikacji\Skype
2007-12-10 19:43 --------- d-----w C:\Program Files\Finale 2007
2007-12-09 22:39 --------- d-----w C:\Documents and Settings\robomanus\Dane aplikacji\Hamachi
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
2007-11-18 16:46 --------- d-----w C:\Program Files\Gadu-Gadu
2007-11-09 18:32 --------- d-----w C:\Program Files\Photosynth
2007-10-29 20:45 25,280 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
2007-10-28 21:32 --------- d-----w C:\Documents and Settings\robomanus\Dane aplikacji\PDF Explorer
2007-10-20 16:19 --------- d-----w C:\Documents and Settings\robomanus\Dane aplikacji\Emulators
2007-10-15 17:58 --------- d-----w C:\Program Files\Java
2007-10-15 17:25 --------- d-----w C:\Program Files\DAEMON Tools
2007-10-15 17:01 --------- d-----w C:\Program Files\SkanerOnline
2007-10-12 19:13 --------- d-----w C:\Documents and Settings\robomanus\Dane aplikacji\SecondLife
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9c732deb-f043-434e-8295-b9bc07899ace}]
C:\WINDOWS\system32\ieengmt.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{93344865-74BD-4873-BE65-56539D41A65C}"= C:\WINDOWS\Downloaded Program Files\Earn2Life.dll [2007-05-14 17:18 303104]

[HKEY_CLASSES_ROOT\clsid\{93344865-74bd-4873-be65-56539d41a65c}]
[HKEY_CLASSES_ROOT\Earn2Life.LeadBar.1]
[HKEY_CLASSES_ROOT\TypeLib\{92F9C4A2-C2A5-41f6-9829-49B8C6FF0709}]
[HKEY_CLASSES_ROOT\Earn2Life.LeadBar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:44]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-03 23:29]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2007-01-23 22:03]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2006-12-18 16:46]
"ares"="D:\Program Files\Ares\Ares.exe" [2007-05-04 01:32]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-07-09 08:39]
"Komunikator"="C:\Program Files\Tlen.pl\tlen.exe" []
"eMuleAutoStart"="C:\Program Files\eMule\emule.exe" [2006-09-14 15:15]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 15:17]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-03 23:44 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2007-04-19 13:26 C:\WINDOWS\system32\nwiz.exe]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00]
"QuickTime Task"="C:\WINDOWS\system32\qttask.exe" [2007-07-19 15:39]
"RTHDCPL"="RTHDCPL.EXE" [2006-04-17 08:34 C:\WINDOWS\RTHDCPL.exe]
"snpstd"="C:\WINDOWS\vsnpstd.exe" [2003-12-31 15:39]
"Spik"="C:\Program Files\Spik\Spik.exe" [2007-10-08 14:11]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12]
"NvMediaCenter"="RunDLL32.exe" [2004-08-03 23:44 C:\WINDOWS\system32\rundll32.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:44]

C:\Documents and Settings\robomanus\Menu Start\Programy\Autostart\
hamachi.lnk - C:\Program Files\Hamachi\hamachi.exe [2007-09-04 15:14:33]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-07-19 13:23:19]
Microsoft Office.lnk - D:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 19:05:56]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ieengmt]
ieengmt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\awtqnmk.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\mljgf.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]
\Shell\AutoRun\command - I:\PlayDiskStart.exe

.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-12 22:32:46
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.2180]
-> C:\Program Files\Spik\idlehk.dll
.
Completion time: 2007-12-12 22:34:40 - machine was rebooted

Vundo też przeskanowałem ale nic nie znalazł. Widocznie combofix już to usunął

Vundo też przeskanowałem ale nic nie znalazł. Widocznie combofix już to usunął

Guzik tam usunął. Mocno sie trzyma.
Pociągnij tym -> VirtmundoBeGone

I daj po tym log Combofixa. Reszta ręcznie.

Użytkownik bipiw edytował ten post 22 05 2013 - 00:37

Oto log z tego programiku:

[12/12/2007, 23:23:20] - VirtumundoBeGone v1.5 ( "D:\Documents and Settings\dom\Moje dokumenty\VirtumundoBeGone.exe" )
[12/12/2007, 23:24:05] - Detected System Information:
[12/12/2007, 23:24:05] - Windows Version: 5.1.2600, Dodatek Service Pack 2
[12/12/2007, 23:24:05] - Current Username: robomanus (Admin)
[12/12/2007, 23:24:05] - Windows is in NORMAL mode.
[12/12/2007, 23:24:05] - Searching for Browser Helper Objects:
[12/12/2007, 23:24:05] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[12/12/2007, 23:24:05] - BHO 2: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[12/12/2007, 23:24:05] - BHO 3: {9c732deb-f043-434e-8295-b9bc07899ace} ()
[12/12/2007, 23:24:05] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/12/2007, 23:24:05] - Checking for HKLM\...\Winlogon\Notify\ieengmt
[12/12/2007, 23:24:05] - Found: HKLM\...\Winlogon\Notify\ieengmt - This is probably Virtumundo.
[12/12/2007, 23:24:05] - Assigning {9c732deb-f043-434e-8295-b9bc07899ace} MSEvents Object
[12/12/2007, 23:24:05] - BHO list has been changed! Starting over...
[12/12/2007, 23:24:06] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[12/12/2007, 23:24:06] - BHO 2: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[12/12/2007, 23:24:06] - BHO 3: {9c732deb-f043-434e-8295-b9bc07899ace} (MSEvents Object)
[12/12/2007, 23:24:06] - ALERT: Found MSEvents Object!
[12/12/2007, 23:24:06] - Finished Searching Browser Helper Objects
[12/12/2007, 23:24:06] - *** Detected MSEvents Object
[12/12/2007, 23:24:06] - Trying to remove MSEvents Object...
[12/12/2007, 23:24:07] - Terminating Process: IEXPLORE.EXE
[12/12/2007, 23:24:07] - Terminating Process: RUNDLL32.EXE
[12/12/2007, 23:24:07] - Disabling Automatic Shell Restart
[12/12/2007, 23:24:07] - Terminating Process: EXPLORER.EXE
[12/12/2007, 23:24:07] - Suspending the NT Session Manager System Service
[12/12/2007, 23:24:07] - Terminating Windows NT Logon/Logoff Manager
[12/12/2007, 23:24:08] - Re-enabling Automatic Shell Restart
[12/12/2007, 23:24:08] - File to disable: C:\WINDOWS\system32\ieengmt.dll
[12/12/2007, 23:24:08] - Removing HKLM\...\Browser Helper Objects\{9c732deb-f043-434e-8295-b9bc07899ace}
[12/12/2007, 23:24:08] - Removing HKCR\CLSID\{9c732deb-f043-434e-8295-b9bc07899ace}
[12/12/2007, 23:24:08] - Adding Kill Bit for ActiveX for GUID: {9c732deb-f043-434e-8295-b9bc07899ace}
[12/12/2007, 23:24:08] - Deleting ATLEvents/MSEvents Registry entries
[12/12/2007, 23:24:08] - Removing HKLM\...\Winlogon\Notify\ieengmt
[12/12/2007, 23:24:08] - Searching for Browser Helper Objects:
[12/12/2007, 23:24:08] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[12/12/2007, 23:24:08] - BHO 2: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[12/12/2007, 23:24:08] - Finished Searching Browser Helper Objects
[12/12/2007, 23:24:08] - Finishing up...
[12/12/2007, 23:24:09] - A restart is needed.
[12/12/2007, 23:24:10] - Attempting to Restart via STOP error (Blue Screen!)

Dzisiaj już nie zrobie combofixem może jutro. Więc cierpliwości.

No więc oto długo oczekiwany log z comobfixa mam nadzieje że już ostatni:

ComboFix 07-12-12.3 - robomanus 2007-12-13 19:00:40.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.204 [GMT 1:00]
Running from: D:\Documents and Settings\dom\Moje dokumenty\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2007-11-13 to 2007-12-13 )))))))))))))))))))))))))))))))
.

2007-12-13 18:36 . 2007-12-13 18:36 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-13 18:36 . 2007-12-13 18:36 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-12 22:37 . 2007-12-12 22:37 <DIR> d-------- C:\VundoFix Backups
2007-12-07 20:29 . 2007-12-09 22:55 834,700 ---hs---- C:\WINDOWS\system32\kgoaayhm.ini
2007-12-06 20:32 . 2007-12-07 07:39 831,477 ---hs---- C:\WINDOWS\system32\eovrsjkh.ini
2007-12-03 20:26 . 2007-12-04 20:26 806,400 ---hs---- C:\WINDOWS\system32\gfpjmjcc.ini
2007-12-02 20:25 . 2007-12-03 20:25 790,653 ---hs---- C:\WINDOWS\system32\jjnegjuj.ini
2007-12-01 20:25 . 2007-12-02 10:37 789,959 ---hs---- C:\WINDOWS\system32\jirdxjvv.ini
2007-11-30 20:24 . 2007-12-01 11:01 789,839 ---hs---- C:\WINDOWS\system32\hqqfxsam.ini
2007-11-29 20:25 . 2007-11-30 20:24 793,724 ---hs---- C:\WINDOWS\system32\xebjvgwv.ini
2007-11-27 20:23 . 2007-11-28 08:44 784,545 ---hs---- C:\WINDOWS\system32\lhyvskaa.ini
2007-11-26 20:21 . 2007-11-27 20:22 784,425 ---hs---- C:\WINDOWS\system32\mqmquour.ini
2007-11-25 20:23 . 2007-11-26 07:37 775,892 ---hs---- C:\WINDOWS\system32\npnbyxlx.ini
2007-11-25 14:21 . 2007-11-25 14:21 38 --a------ C:\WINDOWS\osAviSplitter.INI
2007-11-23 20:21 . 2007-11-24 09:42 776,252 ---hs---- C:\WINDOWS\system32\cirhrrmi.ini
2007-11-23 19:39 . 2007-06-26 08:40 823,296 --a------ C:\WINDOWS\j3dcore-d3d.dll
2007-11-23 19:39 . 2007-06-26 08:40 163,840 --a------ C:\WINDOWS\j3dcore-ogl.dll
2007-11-23 19:39 . 2007-06-26 08:40 49,152 --a------ C:\WINDOWS\j3dcore-ogl-chk.dll
2007-11-23 19:39 . 2007-06-26 08:40 40,960 --a------ C:\WINDOWS\j3dcore-ogl-cg.dll
2007-11-23 19:39 . 2007-12-06 20:39 143 --a------ C:\WINDOWS\system32\mcrh.tmp
2007-11-23 19:05 . 2000-05-22 22:58 608,448 --a------ C:\WINDOWS\system32\comctl32.ocx
2007-11-23 18:58 . 2007-11-23 18:58 <DIR> d-------- C:\ConverterOutput
2007-11-23 18:54 . 2007-11-23 18:54 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2007-11-22 20:19 . 2007-11-23 20:20 776,012 ---hs---- C:\WINDOWS\system32\bixgkpkv.ini
2007-11-18 17:54 . 2007-12-11 13:05 <DIR> d-------- C:\Program Files\Spik
2007-11-18 17:54 . 2007-11-18 17:54 <DIR> d-------- C:\Documents and Settings\robomanus\Dane aplikacji\Spik
2007-11-18 17:51 . 2007-11-18 17:51 <DIR> d-------- C:\Documents and Settings\robomanus\Dane aplikacji\Tlen.pl
2007-11-18 17:50 . 2007-11-18 17:51 <DIR> d-------- C:\Program Files\Tlen.pl
2007-11-15 19:58 . 2007-11-15 19:58 43,698 --a------ C:\WINDOWS\system32\xvid-uninstall.exe
2007-11-15 18:52 . 2007-11-15 18:54 13,288,228 --a------ C:\output.avi
2007-11-15 18:28 . 2007-11-15 18:28 <DIR> d-------- C:\WINDOWS\system32\pl-PL
2007-11-15 18:27 . 2007-11-15 18:27 <DIR> d-------- C:\Program Files\MSBuild
2007-11-15 18:23 . 2007-11-15 18:28 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2007-11-15 18:23 . 2007-11-15 18:23 <DIR> d-------- C:\Program Files\Reference Assemblies
2007-11-15 18:22 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2007-11-15 18:09 . 2007-11-15 18:09 <DIR> d-------- C:\Program Files\Orban
2007-11-15 18:04 . 2007-11-15 18:04 <DIR> d-------- C:\Documents and Settings\robomanus\Dane aplikacji\Gadu-Gadu
2007-11-14 17:49 . 2007-11-14 17:53 <DIR> d-------- C:\Documents and Settings\robomanus\.freemind

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-13 18:06 --------- d-----w C:\Program Files\eMule
2007-12-13 18:06 --------- d-----w C:\Documents and Settings\robomanus\Dane aplikacji\Skype
2007-12-10 19:43 --------- d-----w C:\Program Files\Finale 2007
2007-12-09 22:39 --------- d-----w C:\Documents and Settings\robomanus\Dane aplikacji\Hamachi
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
2007-11-18 16:46 --------- d-----w C:\Program Files\Gadu-Gadu
2007-11-09 18:32 --------- d-----w C:\Program Files\Photosynth
2007-10-29 20:45 25,280 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
2007-10-28 21:32 --------- d-----w C:\Documents and Settings\robomanus\Dane aplikacji\PDF Explorer
2007-10-20 16:19 --------- d-----w C:\Documents and Settings\robomanus\Dane aplikacji\Emulators
2007-10-15 17:58 --------- d-----w C:\Program Files\Java
2007-10-15 17:25 --------- d-----w C:\Program Files\DAEMON Tools
2007-10-15 17:01 --------- d-----w C:\Program Files\SkanerOnline
.

((((((((((((((((((((((((((((( snapshot@2007-12-12_22.33.56.10 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-12-13 18:05:11 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_1c0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{93344865-74BD-4873-BE65-56539D41A65C}"= C:\WINDOWS\Downloaded Program Files\Earn2Life.dll [2007-05-14 17:18 303104]

[HKEY_CLASSES_ROOT\clsid\{93344865-74bd-4873-be65-56539d41a65c}]
[HKEY_CLASSES_ROOT\Earn2Life.LeadBar.1]
[HKEY_CLASSES_ROOT\TypeLib\{92F9C4A2-C2A5-41f6-9829-49B8C6FF0709}]
[HKEY_CLASSES_ROOT\Earn2Life.LeadBar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:44]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-03 23:29]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2007-01-23 22:03]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2006-12-18 16:46]
"ares"="D:\Program Files\Ares\Ares.exe" [2007-05-04 01:32]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-07-09 08:39]
"Komunikator"="C:\Program Files\Tlen.pl\tlen.exe" []
"eMuleAutoStart"="C:\Program Files\eMule\emule.exe" [2006-09-14 15:15]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 15:17]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-03 23:44 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2007-04-19 13:26 C:\WINDOWS\system32\nwiz.exe]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00]
"QuickTime Task"="C:\WINDOWS\system32\qttask.exe" [2007-07-19 15:39]
"RTHDCPL"="RTHDCPL.EXE" [2006-04-17 08:34 C:\WINDOWS\RTHDCPL.exe]
"snpstd"="C:\WINDOWS\vsnpstd.exe" [2003-12-31 15:39]
"Spik"="C:\Program Files\Spik\Spik.exe" [2007-10-08 14:11]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12]
"NvMediaCenter"="RunDLL32.exe" [2004-08-03 23:44 C:\WINDOWS\system32\rundll32.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:44]

C:\Documents and Settings\robomanus\Menu Start\Programy\Autostart\
hamachi.lnk - C:\Program Files\Hamachi\hamachi.exe [2007-09-04 15:14:33]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-07-19 13:23:19]
Microsoft Office.lnk - D:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 19:05:56]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\awtqnmk.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]
\Shell\AutoRun\command - I:\PlayDiskStart.exe

.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-13 19:05:44
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.2180]
-> C:\Program Files\Spik\idlehk.dll
.
Completion time: 2007-12-13 19:07:59 - machine was rebooted