[wirus]Mam wirusa

Dziś przeglądając stront natknąłem się nichcąco na storne z bóg wie czym teraz mam problemy
1. nie ma panelu sterowania i konfiguracji Internetu
2. Nie mam menedżera zadań
3.Cały czas wyskakują mi jakieś okienka z ostrzerzeniami
4 znikneło mi wi ększość ikonek z pulpitu
5. E SET Semart securuisty już sobie chyba nie radzi
6.Znikneło w menu start "wyloguj "

Pomóżcie ludzie
Proszę !!!!!!

Daj logi z ComboFixa i Hijacka, jeśli możesz uruchomić te programy

Oto ON :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:52: VIRUS ALERT!, on 2008-07-22
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=...6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O3 - Toolbar: qndsfmao - {3FCAEB7D-F8AE-4A67-AE6C-57EE1416BB6D} - C:\WINDOWS\qndsfmao.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [cc30addf] rundll32.exe "C:\WINDOWS\system32\rnutopdr.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Pobierz z &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O21 - SSODL: kvxqmtre - {AA3240A7-0E42-4695-813E-74454951E5E1} - C:\WINDOWS\kvxqmtre.dll
O21 - SSODL: evgratsm - {4C49ADC2-88D3-4FDC-B046-2FB1BA11E7A7} - C:\WINDOWS\evgratsm.dll
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 3721 bytes


Ale już jest raczej wszystko OK dlatego że Cobo FIX pewnie wszystko usunął wszystko wróciło na swoje miejsce




(LoG Z HijackThis Był wykonany przed użyciem Combo Fixa)

Kurde a co zrobić z tym bo przy każdym uruchomieniu kompa pokazuje się takie coś
http://img410.imageshack.us/my.php?image=beztytuues3.jpg

Taki komunikat wyskakuje, bo masz ten plik infekcji w Autostarcie:

O4 - HKLM\..\Run: [cc30addf] rundll32.exe "C:\WINDOWS\system32\rnutopdr.dll",b

Gdzie ten log z ComboFixa?


EDIT:

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

Te w/w wpisy sfiksuj w Hijacku:
>>Hijack>>scan(Do a system scan only)>>zaznacz je >>Fix checked.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=...6Ojg5&lid=2
O3 - Toolbar: qndsfmao - {3FCAEB7D-F8AE-4A67-AE6C-57EE1416BB6D} - C:\WINDOWS\qndsfmao.dll
O21 - SSODL: kvxqmtre - {AA3240A7-0E42-4695-813E-74454951E5E1} - C:\WINDOWS\kvxqmtre.dll
O21 - SSODL: evgratsm - {4C49ADC2-88D3-4FDC-B046-2FB1BA11E7A7} - C:\WINDOWS\evgratsm.dll

Tych powyższych wpisów i plików juz chyba nie ma po użyciu ComboFixa, bo on powinien je usunąć samoczynnie.


ordynat

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

Tych plików nie ma
A log z Combo FIX nie powstał zatrzymało się skanowanie z tą informacją co screena podałem

O4 - HKLM\..\Run: [cc30addf] rundll32.exe "C:\WINDOWS\system32\rnutopdr.dll",b

To oczywiście też możesz sfiksować:
>>Hijack>>scan(Do a system scan only)>>zaznacz >>Fix checked.

Możesz zrobić nowy log z ComboFixa - będzie widać aktualną sytuację.

ordynat

Log z Combo FIX



ComboFix 08-07-21.2 - usr 2008-07-22 17:07:27.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.711 [GMT 2:00]
Running from: C:\Documents and Settings\usr\Pulpit\ComboFix.exe
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED
.

((((((((((((((((((((((((( Files Created from 2008-06-22 to 2008-07-22 )))))))))))))))))))))))))))))))
.

2008-07-21 22:53 . 2008-07-17 12:14 155,648 --a------ C:\WINDOWS\agpqlrfm.exe
2008-07-20 12:33 . 2008-07-20 12:33 1,887 --a------ C:\WINDOWS\diagwrn.xml
2008-07-20 12:33 . 2008-07-20 12:33 1,887 --a------ C:\WINDOWS\diagerr.xml
2008-07-18 20:26 . 2008-07-18 20:26 <DIR> d-------- C:\Program Files\Smart Projects
2008-07-16 18:37 . 2008-07-19 23:46 <DIR> d-------- C:\Program Files\Gadu-Gadu
2008-07-16 16:07 . 2006-08-29 16:56 32,377 --a------ C:\WINDOWS\system32\drivers\prodigy.sys
2008-07-15 00:12 . 2008-07-15 00:12 249,856 --------- C:\WINDOWS\Setup1.exe
2008-07-15 00:12 . 2008-07-15 00:12 73,216 --a------ C:\WINDOWS\ST6UNST.EXE
2008-07-14 17:28 . 2001-10-26 16:57 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-07-14 17:28 . 2001-10-26 16:57 12,160 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2008-07-14 14:15 . 2008-07-14 14:16 <DIR> d-------- C:\Program Files\DivX
2008-07-14 13:40 . 2008-07-14 13:41 <DIR> d-------- C:\Documents and Settings\usr\Dane aplikacji\Nowe Gadu-Gadu
2008-07-13 20:45 . 2008-07-13 21:24 <DIR> d-------- C:\Program Files\eMule
2008-07-13 20:45 . 2008-07-13 20:45 <DIR> d-------- C:\Documents and Settings\usr\Dane aplikacji\eMule
2008-07-13 20:43 . 2008-07-13 20:43 <DIR> d-------- C:\Program Files\WisePixel Multimedia
2008-07-13 20:43 . 2008-07-13 20:44 <DIR> d-------- C:\Program Files\SIW
2008-07-11 22:07 . 2008-07-11 22:07 <DIR> d-------- C:\Documents and Settings\usr\Dane aplikacji\IDM
2008-07-11 14:49 . 2008-07-11 14:49 <DIR> d-------- C:\Program Files\PC Connectivity Solution
2008-07-11 14:49 . 2007-09-17 15:53 21,632 --a------ C:\WINDOWS\system32\drivers\pccsmcfd.sys
2008-07-11 14:16 . 2008-07-11 15:02 <DIR> d-------- C:\Documents and Settings\usr\Dane aplikacji\foobar2000
2008-07-11 11:51 . 2008-07-18 00:04 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\TrackMania
2008-07-11 11:50 . 2008-07-11 11:50 <DIR> d-------- C:\Documents and Settings\usr\Dane aplikacji\CDBurnerXP_Soft
2008-07-11 11:44 . 2008-07-11 11:50 <DIR> d-------- C:\Program Files\TmNationsForever
2008-07-11 11:42 . 2008-07-11 11:42 <DIR> d-------- C:\Program Files\Audacity 1.3 Beta
2008-07-11 11:31 . 2008-07-11 11:31 <DIR> d-------- C:\Program Files\foobar2000
2008-07-11 11:31 . 2008-07-11 11:32 <DIR> d-------- C:\Program Files\CDBurnerXP
2008-07-11 11:24 . 2008-05-07 07:39 1,419,232 --a------ C:\WINDOWS\system32\wdfcoinstaller01005.dll
2008-07-11 11:24 . 2008-05-07 07:38 659,968 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
2008-07-11 11:24 . 2008-05-07 07:38 20,864 --a------ C:\WINDOWS\system32\drivers\ccdcmbo.sys
2008-07-11 11:24 . 2008-05-07 07:38 17,536 --a------ C:\WINDOWS\system32\drivers\ccdcmb.sys
2008-07-11 11:24 . 2008-05-07 07:38 8,064 --a------ C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys
2008-07-11 11:24 . 2008-06-06 09:24 8,064 --a------ C:\WINDOWS\system32\drivers\usbser_lowerflt.sys
2008-07-11 11:23 . 2008-07-11 14:49 <DIR> d-------- C:\Program Files\Nokia
2008-07-10 10:42 . 2004-08-04 00:44 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-07-10 10:42 . 2001-10-26 17:29 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2008-07-09 18:50 . 2008-07-09 18:50 30,229 --a------ C:\WINDOWS\BricoPackUninst.cmd
2008-07-09 18:49 . 2008-07-09 18:49 <DIR> d-------- C:\WINDOWS\BricoPacks
2008-07-09 18:49 . 2008-07-09 18:50 2,498 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-07-02 13:20 . 2008-07-02 13:20 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Nero
2008-07-02 12:46 . 2008-07-02 12:46 <DIR> d-------- C:\Program Files\Defraggler
2008-07-02 12:37 . 2008-07-22 16:58 <DIR> d-------- C:\Program Files\Mozilla Thunderbird
2008-07-02 12:22 . 2008-07-02 12:22 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-07-02 12:22 . 2008-07-02 12:22 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-07-02 12:22 . 2008-07-02 12:22 <DIR> d-------- C:\Program Files\Common Files\EasyInfo
2008-07-02 12:22 . 2008-07-02 12:22 <DIR> d-------- C:\Program Files\Common Files\AVSMedia
2008-07-02 12:22 . 2008-07-02 12:22 <DIR> d-------- C:\Documents and Settings\usr\Phone Browser
2008-07-02 12:22 . 2008-07-02 12:22 <DIR> d-------- C:\Documents and Settings\usr\Dane aplikacji\Toshiba
2008-07-02 12:22 . 2008-07-22 13:30 <DIR> d-------- C:\Documents and Settings\usr\Dane aplikacji\skypePM
2008-07-02 12:22 . 2008-07-02 12:22 <DIR> d-------- C:\Documents and Settings\usr\Dane aplikacji\SecuROM
2008-07-02 12:22 . 2008-07-11 22:09 <DIR> d-------- C:\Documents and Settings\usr\Dane aplikacji\DMCache
2008-07-02 12:22 . 2008-07-02 12:22 <DIR> d-------- C:\Documents and Settings\usr\Dane aplikacji\Apple Computer
2008-07-02 12:22 . 2008-07-02 12:22 <DIR> d--h----- C:\Documents and Settings\Gość\Ustawienia lokalne
2008-07-02 12:22 . 2008-07-02 12:22 <DIR> d--h----- C:\Documents and Settings\Gość\Ustawienia lokalne
2008-07-02 12:22 . 2008-07-02 12:22 <DIR> d--h----- C:\Documents and Settings\Gość\Szablony
2008-07-02 12:22 . 2008-07-02 12:22 <DIR> d--h----- C:\Documents and Settings\Gość\Szablony
2008-07-02 12:22 . 2008-07-02 12:22 <DIR> d-------- C:\Documents and Settings\Gość\Pulpit
2008-07-02 12:22 . 2008-07-02 12:22 <DIR> d-------- C:\Documents and Settings\Gość\Pulpit
2008-07-02 12:22 . 2008-07-02 12:22 <DIR> dr------- C:\Documents and Settings\Gość\Menu Start
2008-07-02 12:22 . 2008-07-02 12:22 <DIR> dr------- C:\Documents and Settings\Gość\Menu Start
2008-07-02 12:22 . 2008-07-02 12:22 <DIR> d-------- C:\Documents and Settings\Gość\Dane aplikacji\ESET
2008-07-02 12:22 . 2008-07-02 12:22 <DIR> dr-h----- C:\Documents and Settings\Gość\Dane aplikacji
2008-07-02 12:22 . 2008-07-02 12:22 <DIR> dr-h----- C:\Documents and Settings\Gość\Dane aplikacji
2008-07-02 12:22 . 2008-07-02 12:22 <DIR> d-------- C:\Documents and Settings\Gość
2008-07-02 12:22 . 2008-07-02 12:22 <DIR> d-a------ C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2008-07-02 12:22 . 2008-07-02 12:22 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\nView_Profiles
2008-07-02 12:22 . 2008-07-02 12:22 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Nokia
2008-07-02 12:22 . 2008-07-02 12:22 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Cerience
2008-07-02 12:22 . 2008-07-02 12:22 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\AVS4YOU
2008-07-02 12:21 . 2008-07-02 14:29 <DIR> d-------- C:\Program Files\AIDA32 - Enterprise System Information
2008-06-30 18:26 . 2008-07-02 12:17 <DIR> d-------- C:\Documents and Settings\usr\Dane aplikacji\eMule(2)
2008-06-29 23:30 . 2008-07-02 12:37 <DIR> d-------- C:\Documents and Settings\usr\Dane aplikacji\Thunderbird
2008-06-29 19:47 . 2008-06-29 19:47 704 --a------ C:\WINDOWS\unins001.dat
2008-06-29 19:47 . 2008-06-29 19:47 704 --a------ C:\WINDOWS\unins000.dat
2008-06-28 21:55 . 2008-07-02 12:18 <DIR> d-------- C:\Program Files\Common Files\LightScribe
2008-06-27 03:16 . 2008-07-09 18:50 3,932,214 --a------ C:\WINDOWS\BricoPack Wallpaper.bmp
2008-06-26 20:36 . 2008-07-11 11:25 <DIR> d-------- C:\Program Files\CyberLink DVD Solution
2008-06-26 02:30 . 2008-07-02 12:39 <DIR> d-------- C:\Program Files\xp-AntiSpy

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-22 11:53 --------- d-----w C:\Program Files\EA Sports
2008-07-22 10:25 --------- d-----w C:\Documents and Settings\usr\Dane aplikacji\Skype
2008-07-21 16:15 --------- d-----w C:\Program Files\SpeedFan
2008-07-21 15:42 --------- d-----w C:\Program Files\Google
2008-07-20 16:16 --------- d-----w C:\Documents and Settings\usr\Dane aplikacji\Any Video Converter
2008-07-20 14:37 --------- d-----w C:\Program Files\IrfanView
2008-07-18 18:00 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-14 22:40 --------- d-----w C:\Documents and Settings\usr\Dane aplikacji\gtk-2.0
2008-07-14 11:35 --------- d-----w C:\Program Files\Hasła
2008-07-12 15:52 --------- d-----w C:\Program Files\NAPI-PROJEKT
2008-07-11 12:49 --------- d-----w C:\Program Files\Common Files\PCSuite
2008-07-11 12:49 --------- d-----w C:\Documents and Settings\usr\Dane aplikacji\Nokia
2008-07-11 12:49 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Installations
2008-07-11 09:23 --------- d-----w C:\Program Files\Common Files\Nokia
2008-07-09 16:50 219,648 ----a-w C:\WINDOWS\system32\uxtheme.dll
2008-07-02 11:24 --------- d-----w C:\Program Files\Common Files\Ahead
2008-07-02 11:16 --------- d-----w C:\Program Files\Winamp
2008-06-28 21:56 --------- d-----w C:\Documents and Settings\usr\Dane aplikacji\OpenOffice.ux.pl2
2008-06-20 14:27 --------- d-----w C:\Program Files\Odkurzacz
2008-06-19 11:58 --------- d-----w C:\Program Files\Aspyr Media, Inc
2008-06-17 17:37 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-06-17 17:04 --------- d-----w C:\Program Files\Rockstar Games
2008-06-17 13:51 --------- d-----w C:\Program Files\CCleaner
2008-06-17 11:59 --------- d-----w C:\Program Files\GIMP-2.0
2008-06-16 21:18 --------- d-----w C:\Program Files\Realtek
2008-06-16 21:17 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-06-15 10:04 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-06-15 10:04 --------- d-----w C:\Program Files\7-Zip
2008-06-15 10:03 --------- d-----w C:\Documents and Settings\usr\Dane aplikacji\IDM(3)
2008-06-15 09:59 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\CyberLink
2008-06-14 20:10 --------- d-----w C:\Documents and Settings\usr\Dane aplikacji\Winamp
2008-06-13 14:25 --------- d-----w C:\Documents and Settings\usr\Dane aplikacji\InstallShield
2008-06-13 11:46 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2008-06-13 08:37 --------- d-----w C:\Program Files\Activision
2008-06-12 11:00 --------- d-----w C:\Program Files\CamStudio
2008-06-12 10:18 --------- d-----w C:\Program Files\Electronic Arts
2008-06-12 10:02 --------- d-----w C:\Program Files\Common Files\DirectX
2008-06-10 17:47 --------- d-----w C:\Program Files\QuickTime
2008-06-09 18:03 --------- d-----w C:\Program Files\CubeDesktop
2008-06-09 18:00 --------- d-----w C:\Documents and Settings\usr\Dane aplikacji\HateML
2008-06-09 17:56 --------- d-----w C:\Program Files\Mario Forever
2008-06-09 17:52 --------- d-----w C:\Program Files\Artweaver 0.4
2008-06-09 17:50 219,648 ----a-w C:\WINDOWS\system32\uxtheme(2).dll
2008-06-09 13:48 --------- d-----w C:\Documents and Settings\usr\Dane aplikacji\Artweaver
2008-06-09 13:33 --------- d-----w C:\Documents and Settings\usr\Dane aplikacji\Thinking Minds Budiling Bytes
2008-06-08 18:47 --------- d-----w C:\Program Files\Empire Interactive
2008-06-08 18:41 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Apple Computer
2008-06-08 11:39 --------- d-----w C:\Program Files\Team17 Software Ltd
2008-06-08 11:16 --------- d-----w C:\Program Files\Starbreeze Studios
2008-06-07 19:51 --------- d-----w C:\Documents and Settings\usr\Dane aplikacji\GetRightToGo
2008-06-02 21:22 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help
2008-06-02 12:05 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-06-02 12:05 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-05-30 18:59 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Nero(2)
2008-05-30 14:00 --------- d-----w C:\Program Files\Nero
2008-05-30 13:48 --------- d-----w C:\Documents and Settings\usr\Dane aplikacji\Nero
2008-05-27 13:08 --------- d-----w C:\Documents and Settings\usr\Dane aplikacji\DVD Flick
2008-05-25 10:36 --------- d-----w C:\Documents and Settings\usr\Dane aplikacji\USBSafelyRemove
2008-05-24 21:28 --------- d-----w C:\Program Files\Team17
2008-05-24 21:06 --------- d-----w C:\Program Files\Codemasters
2008-05-23 15:40 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files
2008-05-23 10:52 --------- d-----w C:\Program Files\Trend Micro
2008-05-22 20:37 --------- d-----w C:\Program Files\EA GAMES
2008-05-22 12:19 --------- d-----w C:\Program Files\Unlocker
2008-05-22 12:17 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-22 12:17 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Trymedia
2008-05-22 12:14 --------- d-----w C:\Program Files\Picasa2
2008-05-22 12:14 --------- d-----w C:\Program Files\BitSpirit
2008-05-22 12:13 --------- d-----w C:\Program Files\Any Video Converter
2008-05-22 11:40 --------- d-----w C:\Documents and Settings\usr\Dane aplikacji\Desktopicon
2008-05-16 12:39 16,862,720 ----a-w C:\WINDOWS\RTHDCPL.exe
2008-05-07 05:38 90,624 ----a-w C:\WINDOWS\system32\nmwcdcls.dll
2008-04-17 07:09 32 ----a-w C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-04 17:14 8491008]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2008-02-20 11:06 1443072]
"nwiz"="nwiz.exe" [2007-10-04 17:14 1626112 C:\WINDOWS\system32\nwiz.exe]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 17:07 61952 C:\WINDOWS\system32\HdAShCut.exe]
"NvMediaCenter"="NvMCTray.dll" [2007-10-04 17:14 81920 C:\WINDOWS\system32\nvmctray.dll]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:44 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.X264"= x264vfw.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^usr^Menu Start^Programy^Autostart^Y'z Toolbar.lnk]
path=C:\Documents and Settings\usr\Menu Start\Programy\Autostart\Y'z Toolbar.lnk
backup=C:\WINDOWS\pss\Y'z Toolbar.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 00:44 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-15 20:02 153136 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2004-11-02 20:24 32768 C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 04:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tweak UI]
--a------ 2000-06-18 14:03 106544 C:\WINDOWS\system32\TWEAKUI.CPL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Pml Driver HPZ12"=2 (0x2)
"NMIndexingService"=3 (0x3)
"NBService"=3 (0x3)
"gusvc"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Team17 Software Ltd\\WormsForts\\WF.exe"=
"C:\\Program Files\\BearShare\\BearShare.exe"=
"C:\\Program Files\\NovaLogic\\Delta Force Xtreme\\dfx.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\WINDOWS\\system32\\mmc.exe"=
"C:\\Program Files\\Quake III Arena\\quake3.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"C:\\Program Files\\BitSpirit\\BitSpirit.exe"=
"C:\\Program Files\\EA GAMES\\Need for Speed Most Wanted\\speed.exe"=
"C:\\Program Files\\Gadu-Gadu\\gg.exe"=
"C:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"C:\\Program Files\\Electronic Arts\\Need for Speed Carbon\\NFSC.exe"=
"C:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"C:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"C:\\Program Files\\TmNationsForever\\TmForever.exe"=
"C:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"16633:TCP"= 16633:TCP:BitComet 16633 TCP
"16633:UDP"= 16633:UDP:BitComet 16633 UDP

R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-10-18 21:22]
R0 xfilt;VIA SATA IDE Hot-plug Driver;C:\WINDOWS\system32\DRIVERS\xfilt.sys [2006-10-19 18:39]
R2 NMSAccessU;NMSAccessU;C:\Program Files\CDBurnerXP\NMSAccessU.exe [2008-03-09 11:20]
S2 NOD32FiXTemDono;Eset Nod32 Boot;C:\WINDOWS\system32\regedt32.exe [2001-10-26 19:30]
S3 PRODIGY;PRODIGY;C:\WINDOWS\system32\Drivers\PRODIGY.SYS [2006-08-29 16:56]
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{3FCAEB7D-F8AE-4A67-AE6C-57EE1416BB6D} - C:\WINDOWS\qndsfmao.dll
HKCU-Run-CubeDesktop - (no file)
SSODL-kvxqmtre-{AA3240A7-0E42-4695-813E-74454951E5E1} - C:\WINDOWS\kvxqmtre.dll
SSODL-evgratsm-{4C49ADC2-88D3-4FDC-B046-2FB1BA11E7A7} - C:\WINDOWS\evgratsm.dll


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
R0 -: HKCU-Main,Default_Search_URL = hxxp://www.google.com/ie
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
R1 -: HKCU-Internet Connection Wizard,ShellNext = iexplore
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
O8 -: E&ksportuj do programu Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 -: Pobierz z &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
O8 -: ÓñČĚŘľ«ÁéĎÂÔŘ(&

O16 -: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab
C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-22 17:09:30
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-07-22 17:10:12
ComboFix-quarantined-files.txt 2008-07-22 15:10:08

Pre-Run: 24,639,352,832 bajtów wolnych
Post-Run: 24,644,849,664 bajtów wolnych

279

C:\WINDOWS\agpqlrfm.exe

Nie ma tu zbyt wiele do usuwania. Masz chyba Unlockera, więc przy jego pomocy usuń ten powyższy, zaznaczony na czerwono, plik

ordynat

Usunąłem