[wirus] worm.win32netsky i jego skutki

witam

jestem po infekcji przez wyzej wymienionego wirusa. a moze jeszcze nie do konca? usuwalem go zgodnie z tym co zalecil Picasso komus innemu z podobnym problemem na stronie
http://www.searchengines.pl/Trojany-przebr...sky-t99835.html
niestety nie moge sie tam zalogowac i bezposrednio poprosic o pomoc Picasso
ale nie watpie ze tu ktos mi pomoze
za pomoc z gory dziekuje

glowne objawy zniknely ale nie wszystko jest ok.
1. nie dziala komenda 'msconfing'
2. przy serfowaniu po necie zadko ale jednak wyskakuja samoczynie strony (albo z samochodami albo z oferta tutystyczna)
3. ladowanie stron jest zbyt dlugie (przy wylaczonych programach sciagajacych)

dolaczam loga z hijacka i drugiego loga z combofixa

log z hijacka

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 19:18:39, on 2008-01-05
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\HPQ\IAM\bin\asghost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\DC++\DCPlusPlus.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\slaj\Pulpit\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.instafinder.com/addsearch.asp?err=ADD&url=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.atcomet.com/b/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BDEX System - {0EF38B85-63BB-4A3C-B96D-43D8D6C42DBD} - C:\WINDOWS\ttvbonqld.dll (file missing)
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll
O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - C:\Program Files\Need2Find\bar\1.bin\ND2FNBAR.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: XBTBPos00 - {9D7C4A91-78AC-4400-98BC-688D7F566CFE} - C:\PROGRA~1\SLOWNI~1\toolbar.dll (file missing)
O2 - BHO: HP Credential Manager for ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\HPQ\IAM\Bin\ItIeAddIN.dll
O3 - Toolbar: The leosrv - {73959F2B-EB03-41D1-8F69-694B7B80D699} - C:\WINDOWS\leosrv.dll (file missing)
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [bm] "C:\Program Files\Common Files\PCSecureSystem\bm.exe" dm=http://pcsecuresystem.com ad=http://pcsecuresystem.com sd=http://ykeeper.pcsecuresystem.com
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Wyślij do interfejsu &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Slownik LING - {6D53ADB7-6AD5-4A59-BFE4-7B57D2F4AA89} - (no file)
O9 - Extra 'Tools' menuitem: Slownik LING - {6D53ADB7-6AD5-4A59-BFE4-7B57D2F4AA89} - (no file)
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: OneCard - C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll
O22 - SharedTaskScheduler: Moduł wstępnego ładowania interfejsu Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Demon buforu kategorii składników - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe

--
End of file - 6799 bytes


log z combofixa

ComboFix 08-01-31.1 - slaj 2008-01-30 22:54:57.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.670 [GMT 1:00]
Running from: C:\Documents and Settings\slaj\Pulpit\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Dane aplikacji\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Dane aplikacji\Microsoft\Network\Downloader\qmgr1.dat
C:\WINDOWS\Fonts\acrsecB.fon
C:\WINDOWS\Fonts\acrsecI.fon

----- BITS: Possible infected sites -----

hxxp://77.91.227.196
hxxp://onsafepro.com

.
((((((((((((((((((((((((( Files Created from 2007-12-28 to 2008-01-31 )))))))))))))))))))))))))))))))
.

2008-01-20 18:21 . 2008-01-20 18:21 <DIR> d-------- C:\Program Files\MarBit
2008-01-20 17:53 . 2008-01-20 17:53 <DIR> d-------- C:\WINDOWS\speech
2008-01-20 17:53 . 2008-01-20 17:53 <DIR> d-------- C:\Program Files\ivo
2008-01-06 15:44 . 2008-01-06 15:47 2,828 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2008-01-01 23:34 . 2008-01-01 23:34 <DIR> d-------- C:\WINDOWS\system32\DRM
2008-01-01 01:23 . 2008-01-20 18:17 1,605 --a------ C:\WINDOWS\bestplayer.ini
2007-12-30 20:41 . 2007-12-30 20:41 2,560 --a------ C:\WINDOWS\system32\bitcometres.dll
2007-12-30 20:40 . 2007-12-30 20:56 <DIR> d-------- C:\Program Files\BitComet
2007-12-26 18:58 . 2007-12-26 18:58 <DIR> d-------- C:\Program Files\Astonsoft
2007-12-26 18:58 . 2007-12-26 19:05 <DIR> d-------- C:\Documents and Settings\slaj\Dane aplikacji\DeepBurner
2007-12-26 18:32 . 2007-12-26 18:32 <DIR> d-------- C:\Documents and Settings\slaj\Dane aplikacji\Ashampoo
2007-12-26 18:23 . 2007-12-26 18:23 <DIR> d-------- C:\Program Files\Ashampoo
2007-12-26 18:23 . 2007-12-26 18:23 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\ashampoo
2007-12-26 16:46 . 2007-12-26 16:46 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-12-24 23:46 . 2007-12-24 23:46 <DIR> d-------- C:\Program Files\UltraGet Video Downloader
2007-12-24 22:04 . 2007-12-24 22:04 <DIR> d-------- C:\Program Files\Instafinder
2007-12-24 22:03 . 2007-12-24 22:03 <DIR> d-------- C:\Program Files\Need2Find
2007-12-24 21:55 . 2007-12-24 22:04 10 --a------ C:\WINDOWS\smdat32m.sys
2007-12-23 02:27 . 2007-12-23 02:27 <DIR> d-------- C:\Program Files\Avira
2007-12-23 02:27 . 2007-12-23 02:27 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Avira
2007-12-21 23:33 . 2007-12-21 23:33 1,710 --a------ C:\WINDOWS\system32\tmp.reg
2007-12-21 23:28 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-12-21 23:28 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-12-21 23:28 . 2007-12-19 22:57 81,920 --a------ C:\WINDOWS\system32\IEDFix.exe
2007-12-21 23:28 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-12-21 23:28 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-12-21 23:28 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-12-20 18:50 . 2007-12-20 18:50 <DIR> d-------- C:\Documents and Settings\slaj\Dane aplikacji\SysCleaner
2007-12-20 15:29 . 2007-12-20 15:29 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\SecurePCCleaner
2007-12-20 15:28 . 2007-12-20 15:28 <DIR> d-------- C:\Program Files\Common Files\SecurePCCleaner
2007-12-20 15:20 . 2007-12-20 15:20 <DIR> d--hs---- C:\PCSecureSystem

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-30 11:49 --------- d-----w C:\Program Files\DC++
2008-01-24 15:46 --------- d-----w C:\Program Files\Paint.NET
2008-01-21 00:29 --------- d-----w C:\Program Files\PowerArchiver
2008-01-20 20:59 --------- d-----w C:\Documents and Settings\slaj\Dane aplikacji\Skype
2008-01-19 19:57 --------- d-----w C:\Program Files\Google
2008-01-03 20:27 --------- d-----w C:\Program Files\Common Files\Adobe
2007-12-31 22:22 --------- d-----w C:\Documents and Settings\slaj\Dane aplikacji\AdobeUM
2007-12-27 15:02 --------- d-----w C:\Program Files\NAPI-PROJEKT
2007-12-24 21:03 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-20 14:30 --------- d-----w C:\Program Files\Alfa & Ariss
2007-11-14 07:28 450,560 ----a-w C:\WINDOWS\system32\dllcache\jscript.dll
2007-11-07 09:29 723,968 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-11-07 09:29 723,968 ------w C:\WINDOWS\system32\dllcache\lsasrv.dll
2007-10-30 17:20 360,064 ------w C:\WINDOWS\system32\dllcache\tcpip.sys
2007-10-30 10:14 3,086,848 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-29 22:44 1,291,264 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 22:44 1,291,264 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2007-10-25 16:44 8,488,960 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll
2007-10-11 06:11 668,672 ----a-w C:\WINDOWS\system32\wininet.dll
2007-10-11 06:11 668,672 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
2007-10-11 06:11 619,008 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-10-11 06:11 474,112 ------w C:\WINDOWS\system32\dllcache\shlwapi.dll
2007-10-11 06:11 1,498,112 ------w C:\WINDOWS\system32\dllcache\shdocvw.dll
2007-10-11 06:10 96,768 ----a-w C:\WINDOWS\system32\dllcache\inseng.dll
2007-10-11 06:10 55,808 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
2007-10-11 06:10 532,480 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
2007-10-11 06:10 449,024 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-10-11 06:10 39,424 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-10-11 06:10 357,888 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-10-11 06:10 251,904 ----a-w C:\WINDOWS\system32\dllcache\iepeers.dll
2007-10-11 06:10 205,824 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-10-11 06:10 16,384 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-10-11 06:10 151,552 ------w C:\WINDOWS\system32\dllcache\cdfview.dll
2007-10-11 06:10 146,432 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
2007-10-11 06:10 1,055,744 ------w C:\WINDOWS\system32\dllcache\danim.dll
2007-10-11 06:10 1,024,000 ------w C:\WINDOWS\system32\dllcache\browseui.dll
2007-10-10 10:48 18,432 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe
2006-09-24 17:29 22 --sha-w C:\WINDOWS\SMINST\HPCD.sys
2007-03-01 20:29 8 --sh--r C:\WINDOWS\system32\E0355B9FBF.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9D7C4A91-78AC-4400-98BC-688D7F566CFE}]
C:\PROGRA~1\SLOWNI~1\toolbar.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-10 19:04 761945]
"bm"="C:\Program Files\Common Files\PCSecureSystem\bm.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll 2005-07-25 19:41 40960 C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^BTTray.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\BTTray.lnk
backup=C:\WINDOWS\pss\BTTray.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^DVD Check.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\DVD Check.lnk
backup=C:\WINDOWS\pss\DVD Check.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^slaj^Menu Start^Programy^Autostart^PowerFolder.lnk]
path=C:\Documents and Settings\slaj\Menu Start\Programy\Autostart\PowerFolder.lnk
backup=C:\WINDOWS\pss\PowerFolder.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2005-06-06 23:46 57344 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-10-10 19:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
--a------ 2006-01-30 02:00 88203 C:\WINDOWS\AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AntivirusPCSuite]
C:\Program Files\AntivirusPCSuite\pgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
--a------ 2007-12-23 02:45 249896 C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
c:\Program Files\Common Files\Symantec Shared\ccApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CognizanceTS]
--a------ 2003-12-22 19:12 17920 C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpqset]
--a------ 2006-02-22 07:03 40960 C:\Program Files\HPQ\Default Settings\cpqset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CreativeMouse ]
--a------ 2004-06-27 14:38 503808 C:\Program Files\Mouse Driver\MouseDrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 09:00 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
--a------ 2005-08-31 04:20 122940 C:\WINDOWS\System32\DLA\DLACTRLW.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eMuleAutoStart]
C:\Program Files\eMule\emule.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu]
--a------ 2007-07-09 08:39 2119104 C:\Program Files\Gadu-Gadu\gg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-02-16 22:11 49152 C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
--a------ 2006-02-14 09:49 454656 C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
--a------ 2006-03-23 13:13 77824 C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
--a------ 2006-03-23 13:17 118784 C:\WINDOWS\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
--a------ 2006-03-23 13:17 94208 C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Instafinder]
--a------ 2007-07-12 21:32 311296 C:\Program Files\Instafinder\instafinder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2004-07-27 15:50 221184 C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2004-07-27 15:50 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerArchiver Tray]
--a------ 2007-05-23 20:17 141352 C:\Program Files\PowerArchiver\PASTARTER.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ptask]
C:\Program Files\PCSecureSystem\ptask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PTHOSTTR]
--a------ 2006-02-14 10:56 122880 C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]
--a------ 2006-03-02 14:39 131072 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
--a------ 2005-12-20 14:51 1187840 C:\WINDOWS\Sminst\Recguard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
--a------ 2006-01-23 15:11 802816 C:\WINDOWS\Creator\Remind_XP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Scheduler]
--a------ 2006-02-15 14:43 892928 C:\WINDOWS\SMINST\Scheduler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2007-09-13 13:31 22880040 C:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
-ra------ 2005-10-26 15:17 159744 C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
--a------ 2005-05-06 13:06 716800 C:\Program Files\Analog Devices\SoundMAX\Smax4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
--a------ 2005-05-20 09:11 925696 C:\Program Files\Analog Devices\Core\smax4pnp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSnD]
--a------ 2005-05-31 01:04 4393096 C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2006-10-12 03:10 49263 C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a------ 2005-11-10 19:04 761945 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uga6pcw]
C:\PROGRA~1\COMMON~1\ANTIVI~1\uga6pcw.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WatchDog]
--a------ 2005-11-08 10:59 184320 C:\Program Files\InterVideo\DVD Check\DVDCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AntiVirService"=2 (0x2)
"AntiVirScheduler"=2 (0x2)

R0 HFXP2;HFXP2;C:\WINDOWS\system32\DRIVERS\HFXP2.SYS [2006-08-01 19:20]
R2 ASChannel;Local Communication Channel;C:\WINDOWS\System32\svchost.exe [2004-08-04 09:00]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASChannel

.
Contents of the 'Scheduled Tasks' folder
"2007-05-29 18:14:51 C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job"
- C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-31 22:56:21
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-31 22:56:52
ComboFix-quarantined-files.txt 2008-01-31 21:56:37
.
2008-01-08 19:00:42 --- E O F ---

usuń ten wpis

C:\WINDOWS\system32\dllcache\shdocvw.dll


Po wykonaniu daj nowego loga

dzieki za przejrzenie tych logow

w jaki sposob ma usunac ten wpis?
i jaki potem mam ci przeslac log - z hijacka czy z combo?

Przepraszam pomyliłem się nie musisz usuwać powyższego pliku.Co do logu z hjt

Odpal hjt wybierz opcję do a system scan only i zrobi Ci się log i zaznacz kwadraty obok poniższych wpisów i daj fix.

O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - C:\Program Files\Need2Find\bar\1.bin\ND2FNBAR.DLL

O2 - BHO: BDEX System - {0EF38B85-63BB-4A3C-B96D-43D8D6C42DBD} - C:\WINDOWS\ttvbonqld.dll (file missing)

O2 - BHO: XBTBPos00 - {9D7C4A91-78AC-4400-98BC-688D7F566CFE} - C:\PROGRA~1\SLOWNI~1\toolbar.dll (file missing)

O3 - Toolbar: The leosrv - {73959F2B-EB03-41D1-8F69-694B7B80D699} - C:\WINDOWS\leosrv.dll (file missing)

Powiedz mi czy te dns sam ustawiałeś?

jaki dns? bo nie za bardzo rozumiem

czy po usunieciu tych wpisow mam przeslac loga z hjt?

dzieki

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222

208.67.220.220
Address: 50 Freemont St.
Address: 16 Floor

208.67.222.222
Address: 50 Freemont St.
Address: 16 Floo

Chodzi ote - czy je znasz?
Jeśli nie, to na wszelki wypadek użyj -->FixWareout (niżej na stronie linku).
Po jego użyciu może zajść potrzeba ustawiania od nowa DNS Twojego dostawcy internetowego.
-->Jak przywrócić prawidłowe DNS.

EDIT:
Dowiedziałem się, że te DNS-y służą do przyśpieszania połączenia internetowego, a więc są dobre, o ile sam je ustawiałeś!
ordynat

ja ich nie ustawialem. ale byc moze zakladajacy neta to ustawil. czy jest to mozliwe? z tego co pisze Picasso na podanej stronie to te dns ktore ja mam nie znajduja sie w przedziale szkodliwych. wiec teraz nie wiem czy mam je kasowac. nie chcialbym nie roztropnie zrobic sobie krzywde bo latwo jest cos skasowac ale trudniej bedzie to odzyskac.
wiec moze niech wypowie sie ktos kto jest pewien co zrobic w tej sytuacji.

wiec moze niech wypowie sie ktos kto jest pewien co zrobic w tej sytuacji.

Tak, najlepiej będzie, jak się wypowie ktoś, kto się na tym zna. Ja nie miałem z tym do czynienia.
Ale coraz bardziej uznaję, że to jest "dobre" i lepiej tego nie zmieniać.
Przeczytaj:
-->http://www.idg.pl/news/112297.html
-->http://www.opendns.com/
ordynat