Czy nadal mam syfa?? :/

[mateusznokian]

Witam
jestem tu nowy i prosze o wybaczenie ewentualnuch bledow:P ostatnio ktos przyslal mi przez komunikator plik o rozszerzeniu exe nie pamietam jaki ale chwile pozniej wyswietlila mi sie ikonka obok zegarka "RelevantKnowledge". Od razu troche poszperalem w necie i usunalem troche syfu, ale nie znam sie aż tak wiec chcialbym by ktos przegladnal log z combofix-a

Kod: Zaznacz wszystko

ComboFix 08-11-20.02 - mat 2008-11-21 19:33:08.2 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1250.1.1045.18.498 [GMT 1:00]
Uruchomiony z: c:\documents and settings\mat\Pulpit\ComboFix.exe

[COLOR=RED][B]UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !![/B][/COLOR]
.

(((((((((((((((((((((((((   Pliki utworzone od 2008-10-21 do 2008-11-21  )))))))))))))))))))))))))))))))
.

2008-11-21 18:45 . 2008-11-21 18:45   <DIR>   d--------   c:\program files\Enigma Software Group
2008-11-21 18:28 . 2008-11-21 18:28   <DIR>   d--------   c:\windows\LastGood
2008-11-20 17:26 . 2008-11-20 17:26   38   --a------   c:\windows\AviSplitter.INI
2008-11-18 23:40 . 2008-11-18 23:40   <DIR>   d--------   c:\documents and settings\mat\Dane aplikacji\OpenOffice.org
2008-11-18 23:39 . 2008-11-18 23:39   <DIR>   d--------   c:\program files\OpenOffice.org 3
2008-11-12 23:45 . 2008-10-24 12:21   455,296   -----c---   c:\windows\system32\dllcache\mrxsmb.sys
2008-11-12 23:03 . 2008-09-04 18:17   1,106,944   -----c---   c:\windows\system32\dllcache\msxml3.dll
2008-11-10 13:19 . 2008-11-10 18:54   <DIR>   d--------   c:\program files\NAPI-PROJEKT
2008-11-09 13:56 . 2005-06-13 10:05   96,224   --a------   c:\windows\system32\drivers\w800mdm.sys
2008-11-09 13:56 . 2005-06-13 10:06   87,792   --a------   c:\windows\system32\drivers\w800mgmt.sys
2008-11-09 13:56 . 2005-06-13 10:08   85,664   --a------   c:\windows\system32\drivers\w800obex.sys
2008-11-09 13:56 . 2005-06-13 10:03   60,768   --a------   c:\windows\system32\drivers\w800bus.sys
2008-11-09 13:56 . 2005-06-13 10:05   9,264   --a------   c:\windows\system32\drivers\w800mdfl.sys
2008-11-09 13:56 . 2005-06-13 10:08   6,144   --a------   c:\windows\system32\drivers\w800cmnt.sys
2008-11-09 13:56 . 2005-06-13 10:08   6,144   --a------   c:\windows\system32\drivers\w800cm.sys
2008-11-09 13:56 . 2005-06-13 10:03   5,744   --a------   c:\windows\system32\drivers\w800whnt.sys
2008-11-09 13:56 . 2005-06-13 10:03   5,744   --a------   c:\windows\system32\drivers\w800wh.sys
2008-11-09 13:53 . 2008-11-09 13:53   <DIR>   d--------   c:\program files\Sony Ericsson
2008-11-03 13:35 . 2008-11-11 23:38   <DIR>   d--------   c:\documents and settings\mat\Dane aplikacji\GanymedeNet
2008-10-28 14:31 . 2008-11-21 14:26   <DIR>   d--------   c:\documents and settings\mat\Dane aplikacji\skypePM
2008-10-28 14:31 . 2008-10-28 14:31   56   --ah-----   c:\windows\system32\ezsidmv.dat
2008-10-28 14:30 . 2008-11-21 18:14   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\Skype
2008-10-27 21:38 . 2008-11-21 00:15   <DIR>   d--------   c:\program files\SkanerOnline
2008-10-27 16:59 . 2008-10-27 16:59   23,575   --a------   c:\windows\Microsoft Outlook.FAV
2008-10-27 16:58 . 2008-10-27 17:00   212,992   --a------   c:\windows\outlook.pst
2008-10-27 16:58 . 2008-10-27 16:58   8,790   --a------   c:\windows\extend.dat
2008-10-26 14:35 . 2008-10-26 14:40   <DIR>   d--------   c:\program files\Genesys PC Camera Device
2008-10-26 14:35 . 2006-05-18 17:58   309,760   --a------   c:\windows\system32\DIFxAPI.dll
2008-10-26 14:34 . 2008-10-15 17:36   337,408   -----c---   c:\windows\system32\dllcache\netapi32.dll
2008-10-23 17:06 . 2008-11-10 20:42   <DIR>   d--------   c:\documents and settings\mat\Dane aplikacji\Winamp

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-21 18:23   ---------   d-----w   c:\documents and settings\mat\Dane aplikacji\MegauploadToolbar
2008-10-27 20:48   ---------   d-----w   c:\documents and settings\mat\Dane aplikacji\Cyberlink
2008-10-26 13:35   ---------   d--h--w   c:\program files\InstallShield Installation Information
2008-10-24 11:21   455,296   ----a-w   c:\windows\system32\drivers\mrxsmb.sys
2008-10-21 21:31   ---------   d-----w   c:\documents and settings\All Users\Dane aplikacji\Megaupload
2008-10-19 21:51   ---------   d-----w   c:\documents and settings\mat\Dane aplikacji\MyPhoneExplorer
2008-10-19 15:58   ---------   d-----w   c:\program files\Common Files\Ahead
2008-10-16 14:42   ---------   d-----w   c:\documents and settings\mat\Dane aplikacji\Media Player Classic
2008-10-16 13:13   202,776   ----a-w   c:\windows\system32\wuweb.dll
2008-10-16 13:13   1,809,944   ----a-w   c:\windows\system32\wuaueng.dll
2008-10-16 13:12   561,688   ----a-w   c:\windows\system32\wuapi.dll
2008-10-16 13:12   323,608   ----a-w   c:\windows\system32\wucltui.dll
2008-10-16 13:09   92,696   ----a-w   c:\windows\system32\cdm.dll
2008-10-16 13:09   51,224   ----a-w   c:\windows\system32\wuauclt.exe
2008-10-06 18:47   ---------   d-----w   c:\program files\Realtek
2008-10-06 15:22   ---------   d-----w   c:\program files\MegauploadToolbar
2008-10-06 15:22   ---------   d-----w   c:\documents and settings\mat\Dane aplikacji\EmailNotifier
2008-10-06 15:22   ---------   d-----w   c:\documents and settings\All Users\Dane aplikacji\EmailNotifier
2008-10-06 14:31   ---------   d-----w   c:\program files\AC3Filter
2008-10-02 15:48   ---------   d-----w   c:\program files\Java
2008-10-02 15:43   ---------   d-----w   c:\program files\Common Files\Java
2008-10-02 11:52   ---------   d-----w   c:\documents and settings\mat\Dane aplikacji\Gadu-Gadu
2008-10-02 11:11   ---------   d-----w   c:\program files\PLAY ONLINE
2008-09-15 15:27   1,846,656   ----a-w   c:\windows\system32\win32k.sys
2008-09-10 01:15   1,307,648   ------w   c:\windows\system32\msxml6.dll
2008-09-09 17:33   315,392   ----a-w   c:\windows\HideWin.exe
2008-09-04 17:17   1,106,944   ----a-w   c:\windows\system32\msxml3.dll
2008-08-26 19:11   987,136   ----a-w   c:\windows\system32\VSFilter.dll
2008-08-26 08:27   826,368   ----a-w   c:\windows\system32\wininet.dll
2006-06-23 06:48   32,768   ----a-r   c:\windows\inf\UpdateUSB.exe
2004-03-11 11:27   40,960   ----a-w   c:\program files\Uninstall_CDS.exe
.

(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-C39E-35F1D2A32EC8}]
2008-08-04 21:44   1947080   --a------   c:\progra~1\MEGAUP~1\MEGAUP~1.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{A057A204-BACC-4D26-C39E-35F1D2A32EC8}"= "c:\progra~1\MEGAUP~1\MEGAUP~1.DLL" [2008-08-04 1947080]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{A057A204-BACC-4D26-C39E-35F1D2A32EC8}"= "c:\progra~1\MEGAUP~1\MEGAUP~1.DLL" [2008-08-04 1947080]

[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-c39e-35f1d2a32ec8}]
[HKEY_CLASSES_ROOT\megauploadtoolbar.MEGAUPLOADTOOLBAR]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"NVIDIA nTune"="e:\programy\nTune\nTune\nTuneCmd.exe" [2007-09-04 81920]
"Gadu-Gadu"="e:\programy\Gadu-Gadu\gg.exe" [2008-03-20 2127296]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControl"="c:\windows\ATK0100\HControl.exe" [2006-10-14 110592]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-28 8429568]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-04-28 81920]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-29 638976]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-05-25 786521]
"Power_Gear"="e:\programy\Power4G\BatteryLife.exe" [2006-03-14 90112]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2008-04-14 171520]
"SpyHunter Security Suite"="c:\program files\Enigma Software Group\SpyHunter\SpyHunter3.exe" [2008-09-10 864256]
"nwiz"="nwiz.exe" [2007-04-28 c:\windows\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 c:\windows\RTHDCPL.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu Start\Programy\Autostart\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-05-22 2756608]
Microsoft Find Fast.lnk - c:\program files\Microsoft Office\Office\FINDFAST.EXE [1997-10-05 111376]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588]
Uruchamianie pakietu Office.lnk - c:\program files\Microsoft Office\Office\OSA.EXE [1997-10-05 51984]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.clmp3enc"= e:\programy\CYBERL~1\Power2Go\CLMP3Enc.ACM
"msacm.ac3filter"= ac3filter.acm
"vidc.ffds"= ffdshow.ax

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare]
--a------ 2006-08-01 16:04 3313664 e:\programy\Bearshare\BearShare.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
--a------ 2004-08-22 16:05 81920 e:\programy\Daemon\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FlashGet]
--a------ 2008-08-19 08:47 1795656 e:\programy\FlashGet universal\flashget.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerBar]
--------- 2003-12-22 21:15 86016 e:\programy\Cyberlink\Multimedia Launcher\PowerBar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2003-10-31 18:42 32768 e:\programy\Cyberlink\PowerDVD\PDVDServ.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"f:\\gry\\Assasin\\AssassinsCreed_Dx9.exe"=
"f:\\gry\\Assasin\\AssassinsCreed_Dx10.exe"=
"f:\\gry\\Assasin\\AssassinsCreed_Launcher.exe"=
"e:\\programy\\Gadu-Gadu\\gg.exe"=
"e:\\programy\\Bearshare\\BearShare.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"f:\\gry\\FEAR\\FEAR.exe"=
"e:\\programy\\FlashGet universal\\FlashGet.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R2 nxsIO32;NextSensor Kernel I/O Driver;\??\c:\windows\System32\DRIVERS\nxsIO32.sys [2008-09-10 2208]
R2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;c:\windows\System32\StkCSrv.exe [2008-09-09 24576]
R3 StkCMini;Syntek AVStream USB2.0 2M WebCam;c:\windows\system32\Drivers\StkCMini.sys [2008-09-09 1245056]
S1 ntiomin;ntiomin; []
S3 BIOSCHK;BIOSCHK;\??\c:\docume~1\mat\USTAWI~1\Temp\TII4.tmp\disk1\BIOSCHK.SYS []
S3 SoftFSB;SoftFSB;\??\c:\documents and settings\mat\Pulpit\SoftFSB.SYS []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\AutoRun\command - H:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6e26bf4c-9072-11dd-99cd-001e8c432b8b}]
\Shell\AutoRun\command - H:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d70b014a-92e7-11dd-99dc-001e8c432b8b}]
\Shell\AutoRun\command - H:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d70b014b-92e7-11dd-99dc-001e8c432b8b}]
\Shell\AutoRun\command - H:\AutoRun.exe

*Newly Created Service* - CATCHME
*Newly Created Service* - MCHINJDRV
*Newly Created Service* - PROCEXP90
.
.
------- Skan uzupełniający -------
.
uStart Page = google.pl/
IE: &Download All by FlashGet - e:\programy\FlashGet universal\ComDlls\Bhoall.htm
IE: &Download by FlashGet - e:\programy\FlashGet universal\ComDlls\Bholink.htm
LSP: c:\windows\system32\ua_lsp.dll

c:\windows\system32\SkanerOnlineUninstall.exe - c:\windows\system32\SkanerOnline.dll
O16 -: {68282C51-9459-467B-95BF-3C0E89627E55}
hxxp://www.mks.com.pl/skaner/SkanerOnline.cab
c:\windows\Downloaded Program Files\SkanerOnline.inf
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-21 19:35:06
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

PROCES: c:\windows\system32\winlogon.exe
-> c:\program files\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll

PROCES: c:\windows\system32\lsass.exe
-> c:\windows\system32\ua_lsp.dll
-> c:\program files\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll

PROCES: c:\windows\explorer.exe
-> c:\program files\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll
.
Czas ukończenia: 2008-11-21 19:36:09
ComboFix-quarantined-files.txt  2008-11-21 18:36:05
ComboFix2.txt  2008-11-21 17:19:05

Przed: 7 169 925 120 bajtów wolnych
Po: 7,163,301,888 bajtów wolnych

192   --- E O F ---   2008-11-12 22:53:21


[Okocza]

mateusznokian, popraw log - wstaw go w tag 'code'

[mateusznokian]

dzieki za mala podpowiedz:) czy moglbys mi pomoc?

[Okocza]

Wykonaj to co jest podane w tym temacie

Zastosuj SDFix . Po pobraniu uruchom go a rozpakuje się do C:\SDFix. Uruchom komputer w trybie awaryjnym (F8 przy stracie systemu). Będąc w awaryjnym uruchom plik RunThis.bat z folderu SDFixa. Zatwierdź czyszczenie przez Y. Poczekaj aż ukończy i komputer zresetuje

Potem wejdz do folderu C:\SDFix wrzuc zawartość pliku Report.txt + log z combofixa oraz daj loga z hijacka

[mateusznokian]

Kod: Zaznacz wszystko

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:18:07, on 2008-11-21
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
E:\programy\nTune\nTune\nTuneService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\StkCSrv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
E:\programy\Power4G\BatteryLife.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
C:\WINDOWS\system32\ctfmon.exe
E:\programy\Gadu-Gadu\gg.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = google.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget2 urlcatch - {1F364306-AA45-47B5-9F9D-39A8B94E7EF1} - E:\programy\FlashGet universal\ComDlls\bhoCATCH.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Megaupload Toolbar - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: (no name) - {37B85A29-692B-4205-9CAD-2626E4993404} - (no file)
O3 - Toolbar: Megaupload Toolbar - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Power_Gear] E:\programy\Power4G\BatteryLife.exe 1
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NVIDIA nTune] "E:\programy\nTune\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [Gadu-Gadu] "E:\programy\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Uruchamianie pakietu Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O8 - Extra context menu item: &Download All by FlashGet - E:\programy\FlashGet universal\ComDlls\Bhoall.htm
O8 - Extra context menu item: &Download by FlashGet - E:\programy\FlashGet universal\ComDlls\Bholink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=23100
O23 - Service: nTune Service (nTuneService) - NVIDIA - E:\programy\nTune\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\WINDOWS\System32\StkCSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

--
End of file - 6719 bytes


sdfix

Kod: Zaznacz wszystko

[b]SDFix: Version 1.240 [/b]
Run by Administrator on 2008-11-21 at 21:14

Microsoft Windows XP [Wersja 5.1.2600]
Running From: C:\SDFix

[b]Checking Services [/b]:


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


[b]Checking Files [/b]:

No Trojan Files Found






Removing Temp Files

[b]ADS Check [/b]:



                                 [b]Final Check [/b]:

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-21 21:16:28
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40]
"khjeh"=hex:20,02,00,00,3e,ef,c2,ab,09,91,1b,3e,da,56,ac,bc,53,3f,41,c0,9b,..
"hj34z0"=hex:4f,5e,7b,32,65,0a,ba,c8,05,63,56,b4,0a,d0,e4,d9,2a,a9,89,ff,bd,..

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


[b]Remaining Services [/b]:




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"F:\\gry\\Assasin\\AssassinsCreed_Dx9.exe"="F:\\gry\\Assasin\\AssassinsCreed_Dx9.exe:*:Enabled:Assassin's Creed Dx9"
"F:\\gry\\Assasin\\AssassinsCreed_Dx10.exe"="F:\\gry\\Assasin\\AssassinsCreed_Dx10.exe:*:Enabled:Assassin's Creed Dx10"
"F:\\gry\\Assasin\\AssassinsCreed_Launcher.exe"="F:\\gry\\Assasin\\AssassinsCreed_Launcher.exe:*:Enabled:Assassin's Creed Update"
"E:\\programy\\Gadu-Gadu\\gg.exe"="E:\\programy\\Gadu-Gadu\\gg.exe:*:Enabled:Gadu-Gadu - program gˆ˘wny"
"E:\\programy\\Bearshare\\BearShare.exe"="E:\\programy\\Bearshare\\BearShare.exe:*:Enabled:BearShare"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"F:\\gry\\FEAR\\FEAR.exe"="F:\\gry\\FEAR\\FEAR.exe:*:Enabled:FEAR"
"E:\\programy\\FlashGet universal\\FlashGet.exe"="E:\\programy\\FlashGet universal\\FlashGet.exe:*:Enabled:Flashget2"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[b]Remaining Files [/b]:



[b]Files with Hidden Attributes [/b]:

Tue  9 Sep 2008         4,438 A..H. --- "C:\Program Files\Microsoft Office\Office\Pasek skr˘t˘w\Akc18.tmp"

[b]Finished![/b]



combofix

Kod: Zaznacz wszystko

ComboFix 08-11-20.02 - mat 2008-11-21 21:19:11.3 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1250.48.1045.18.581 [GMT 1:00]
Uruchomiony z: c:\documents and settings\mat\Pulpit\ComboFix.exe

[COLOR=RED][B]UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !![/B][/COLOR]
.

(((((((((((((((((((((((((   Pliki utworzone od 2008-10-21 do 2008-11-21  )))))))))))))))))))))))))))))))
.

2008-11-21 21:17 . 2008-11-21 21:17   <DIR>   d--------   c:\program files\Trend Micro
2008-11-21 21:13 . 2008-11-21 21:13   580,096   --a--c---   c:\windows\system32\dllcache\user32.dll
2008-11-21 21:12 . 2008-11-21 21:12   <DIR>   d--------   c:\windows\ERUNT
2008-11-21 21:11 . 2008-11-21 21:21   <DIR>   d--h-----   c:\documents and settings\Administrator\Ustawienia lokalne
2008-11-21 21:11 . 2008-09-09 19:55   <DIR>   d--------   c:\documents and settings\Administrator\Ulubione
2008-11-21 21:11 . 2008-09-09 18:07   <DIR>   d--h-----   c:\documents and settings\Administrator\Szablony
2008-11-21 21:11 . 2008-11-21 21:13   <DIR>   d--------   c:\documents and settings\Administrator\Pulpit
2008-11-21 21:11 . 2008-09-09 19:55   <DIR>   d--------   c:\documents and settings\Administrator\Moje dokumenty
2008-11-21 21:11 . 2008-09-09 19:55   <DIR>   dr-------   c:\documents and settings\Administrator\Menu Start
2008-11-21 21:11 . 2008-09-09 19:55   <DIR>   dr-h-----   c:\documents and settings\Administrator\Dane aplikacji
2008-11-21 21:11 . 2008-11-21 21:11   <DIR>   d--------   c:\documents and settings\Administrator
2008-11-21 21:09 . 2008-11-21 21:17   <DIR>   d--------   C:\SDFix
2008-11-21 18:45 . 2008-11-21 18:45   <DIR>   d--------   c:\program files\Enigma Software Group
2008-11-20 17:26 . 2008-11-20 17:26   38   --a------   c:\windows\AviSplitter.INI
2008-11-18 23:40 . 2008-11-18 23:40   <DIR>   d--------   c:\documents and settings\mat\Dane aplikacji\OpenOffice.org
2008-11-18 23:39 . 2008-11-18 23:39   <DIR>   d--------   c:\program files\OpenOffice.org 3
2008-11-12 23:45 . 2008-10-24 12:21   455,296   -----c---   c:\windows\system32\dllcache\mrxsmb.sys
2008-11-12 23:03 . 2008-09-04 18:17   1,106,944   -----c---   c:\windows\system32\dllcache\msxml3.dll
2008-11-10 13:19 . 2008-11-10 18:54   <DIR>   d--------   c:\program files\NAPI-PROJEKT
2008-11-09 13:56 . 2005-06-13 10:05   96,224   --a------   c:\windows\system32\drivers\w800mdm.sys
2008-11-09 13:56 . 2005-06-13 10:06   87,792   --a------   c:\windows\system32\drivers\w800mgmt.sys
2008-11-09 13:56 . 2005-06-13 10:08   85,664   --a------   c:\windows\system32\drivers\w800obex.sys
2008-11-09 13:56 . 2005-06-13 10:03   60,768   --a------   c:\windows\system32\drivers\w800bus.sys
2008-11-09 13:56 . 2005-06-13 10:05   9,264   --a------   c:\windows\system32\drivers\w800mdfl.sys
2008-11-09 13:56 . 2005-06-13 10:08   6,144   --a------   c:\windows\system32\drivers\w800cmnt.sys
2008-11-09 13:56 . 2005-06-13 10:08   6,144   --a------   c:\windows\system32\drivers\w800cm.sys
2008-11-09 13:56 . 2005-06-13 10:03   5,744   --a------   c:\windows\system32\drivers\w800whnt.sys
2008-11-09 13:56 . 2005-06-13 10:03   5,744   --a------   c:\windows\system32\drivers\w800wh.sys
2008-11-09 13:53 . 2008-11-09 13:53   <DIR>   d--------   c:\program files\Sony Ericsson
2008-11-03 13:35 . 2008-11-11 23:38   <DIR>   d--------   c:\documents and settings\mat\Dane aplikacji\GanymedeNet
2008-10-28 14:31 . 2008-11-21 14:26   <DIR>   d--------   c:\documents and settings\mat\Dane aplikacji\skypePM
2008-10-28 14:31 . 2008-10-28 14:31   56   --ah-----   c:\windows\system32\ezsidmv.dat
2008-10-28 14:30 . 2008-11-21 18:14   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\Skype
2008-10-27 21:38 . 2008-11-21 00:15   <DIR>   d--------   c:\program files\SkanerOnline
2008-10-27 16:59 . 2008-10-27 16:59   23,575   --a------   c:\windows\Microsoft Outlook.FAV
2008-10-27 16:58 . 2008-10-27 17:00   212,992   --a------   c:\windows\outlook.pst
2008-10-27 16:58 . 2008-10-27 16:58   8,790   --a------   c:\windows\extend.dat
2008-10-26 14:35 . 2008-10-26 14:40   <DIR>   d--------   c:\program files\Genesys PC Camera Device
2008-10-26 14:35 . 2006-05-18 17:58   309,760   --a------   c:\windows\system32\DIFxAPI.dll
2008-10-26 14:34 . 2008-10-15 17:36   337,408   -----c---   c:\windows\system32\dllcache\netapi32.dll
2008-10-23 17:06 . 2008-11-10 20:42   <DIR>   d--------   c:\documents and settings\mat\Dane aplikacji\Winamp

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-21 20:06   ---------   d-----w   c:\documents and settings\mat\Dane aplikacji\MegauploadToolbar
2008-10-27 20:48   ---------   d-----w   c:\documents and settings\mat\Dane aplikacji\Cyberlink
2008-10-26 13:35   ---------   d--h--w   c:\program files\InstallShield Installation Information
2008-10-24 11:21   455,296   ----a-w   c:\windows\system32\drivers\mrxsmb.sys
2008-10-21 21:31   ---------   d-----w   c:\documents and settings\All Users\Dane aplikacji\Megaupload
2008-10-19 21:51   ---------   d-----w   c:\documents and settings\mat\Dane aplikacji\MyPhoneExplorer
2008-10-19 15:58   ---------   d-----w   c:\program files\Common Files\Ahead
2008-10-16 14:42   ---------   d-----w   c:\documents and settings\mat\Dane aplikacji\Media Player Classic
2008-10-16 13:13   202,776   ----a-w   c:\windows\system32\wuweb.dll
2008-10-16 13:13   1,809,944   ----a-w   c:\windows\system32\wuaueng.dll
2008-10-16 13:12   561,688   ----a-w   c:\windows\system32\wuapi.dll
2008-10-16 13:12   323,608   ----a-w   c:\windows\system32\wucltui.dll
2008-10-16 13:09   92,696   ----a-w   c:\windows\system32\cdm.dll
2008-10-16 13:09   51,224   ----a-w   c:\windows\system32\wuauclt.exe
2008-10-16 13:09   43,544   ----a-w   c:\windows\system32\wups2.dll
2008-10-16 13:08   34,328   ----a-w   c:\windows\system32\wups.dll
2008-10-06 18:47   ---------   d-----w   c:\program files\Realtek
2008-10-06 15:22   ---------   d-----w   c:\program files\MegauploadToolbar
2008-10-06 15:22   ---------   d-----w   c:\documents and settings\mat\Dane aplikacji\EmailNotifier
2008-10-06 15:22   ---------   d-----w   c:\documents and settings\All Users\Dane aplikacji\EmailNotifier
2008-10-06 14:31   ---------   d-----w   c:\program files\AC3Filter
2008-10-02 15:48   ---------   d-----w   c:\program files\Java
2008-10-02 15:43   ---------   d-----w   c:\program files\Common Files\Java
2008-10-02 11:52   ---------   d-----w   c:\documents and settings\mat\Dane aplikacji\Gadu-Gadu
2008-10-02 11:11   ---------   d-----w   c:\program files\PLAY ONLINE
2008-09-15 15:27   1,846,656   ----a-w   c:\windows\system32\win32k.sys
2008-09-10 01:15   1,307,648   ------w   c:\windows\system32\msxml6.dll
2008-09-09 17:33   315,392   ----a-w   c:\windows\HideWin.exe
2008-09-04 17:17   1,106,944   ----a-w   c:\windows\system32\msxml3.dll
2008-08-26 19:11   987,136   ----a-w   c:\windows\system32\VSFilter.dll
2008-08-26 08:27   826,368   ----a-w   c:\windows\system32\wininet.dll
2006-06-23 06:48   32,768   ----a-r   c:\windows\inf\UpdateUSB.exe
2004-03-11 11:27   40,960   ----a-w   c:\program files\Uninstall_CDS.exe
.

(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-C39E-35F1D2A32EC8}]
2008-08-04 21:44   1947080   --a------   c:\progra~1\MEGAUP~1\MEGAUP~1.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{A057A204-BACC-4D26-C39E-35F1D2A32EC8}"= "c:\progra~1\MEGAUP~1\MEGAUP~1.DLL" [2008-08-04 1947080]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{A057A204-BACC-4D26-C39E-35F1D2A32EC8}"= "c:\progra~1\MEGAUP~1\MEGAUP~1.DLL" [2008-08-04 1947080]

[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-c39e-35f1d2a32ec8}]
[HKEY_CLASSES_ROOT\megauploadtoolbar.MEGAUPLOADTOOLBAR]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"NVIDIA nTune"="e:\programy\nTune\nTune\nTuneCmd.exe" [2007-09-04 81920]
"Gadu-Gadu"="e:\programy\Gadu-Gadu\gg.exe" [2008-03-20 2127296]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControl"="c:\windows\ATK0100\HControl.exe" [2006-10-14 110592]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-28 8429568]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-04-28 81920]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-29 638976]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-05-25 786521]
"Power_Gear"="e:\programy\Power4G\BatteryLife.exe" [2006-03-14 90112]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"SpyHunter Security Suite"="c:\program files\Enigma Software Group\SpyHunter\SpyHunter3.exe" [2008-09-10 864256]
"nwiz"="nwiz.exe" [2007-04-28 c:\windows\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 c:\windows\RTHDCPL.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu Start\Programy\Autostart\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-05-22 2756608]
Microsoft Find Fast.lnk - c:\program files\Microsoft Office\Office\FINDFAST.EXE [1997-10-05 111376]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588]
Uruchamianie pakietu Office.lnk - c:\program files\Microsoft Office\Office\OSA.EXE [1997-10-05 51984]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.clmp3enc"= e:\programy\CYBERL~1\Power2Go\CLMP3Enc.ACM
"msacm.ac3filter"= ac3filter.acm
"vidc.ffds"= ffdshow.ax

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare]
--a------ 2006-08-01 16:04 3313664 e:\programy\Bearshare\BearShare.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
--a------ 2004-08-22 16:05 81920 e:\programy\Daemon\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FlashGet]
--a------ 2008-08-19 08:47 1795656 e:\programy\FlashGet universal\flashget.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerBar]
--------- 2003-12-22 21:15 86016 e:\programy\Cyberlink\Multimedia Launcher\PowerBar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2003-10-31 18:42 32768 e:\programy\Cyberlink\PowerDVD\PDVDServ.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"f:\\gry\\Assasin\\AssassinsCreed_Dx9.exe"=
"f:\\gry\\Assasin\\AssassinsCreed_Dx10.exe"=
"f:\\gry\\Assasin\\AssassinsCreed_Launcher.exe"=
"e:\\programy\\Gadu-Gadu\\gg.exe"=
"e:\\programy\\Bearshare\\BearShare.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"f:\\gry\\FEAR\\FEAR.exe"=
"e:\\programy\\FlashGet universal\\FlashGet.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R2 nxsIO32;NextSensor Kernel I/O Driver;\??\c:\windows\System32\DRIVERS\nxsIO32.sys [2008-09-10 2208]
R2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;c:\windows\System32\StkCSrv.exe [2008-09-09 24576]
R3 StkCMini;Syntek AVStream USB2.0 2M WebCam;c:\windows\system32\Drivers\StkCMini.sys [2008-09-09 1245056]
S1 ntiomin;ntiomin; []
S3 BIOSCHK;BIOSCHK;\??\c:\docume~1\mat\USTAWI~1\Temp\TII4.tmp\disk1\BIOSCHK.SYS []
S3 SoftFSB;SoftFSB;\??\c:\documents and settings\mat\Pulpit\SoftFSB.SYS []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\AutoRun\command - H:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6e26bf4c-9072-11dd-99cd-001e8c432b8b}]
\Shell\AutoRun\command - H:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d70b014a-92e7-11dd-99dc-001e8c432b8b}]
\Shell\AutoRun\command - H:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d70b014b-92e7-11dd-99dc-001e8c432b8b}]
\Shell\AutoRun\command - H:\AutoRun.exe
.
.
------- Skan uzupełniający -------
.
uStart Page = google.pl/
IE: &Download All by FlashGet - e:\programy\FlashGet universal\ComDlls\Bhoall.htm
IE: &Download by FlashGet - e:\programy\FlashGet universal\ComDlls\Bholink.htm
LSP: c:\windows\system32\ua_lsp.dll

c:\windows\system32\SkanerOnlineUninstall.exe - c:\windows\system32\SkanerOnline.dll
O16 -: {68282C51-9459-467B-95BF-3C0E89627E55}
hxxp://www.mks.com.pl/skaner/SkanerOnline.cab
c:\windows\Downloaded Program Files\SkanerOnline.inf
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-21 21:21:18
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

PROCES: c:\windows\system32\winlogon.exe
-> c:\program files\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll

PROCES: c:\windows\system32\lsass.exe
-> c:\windows\system32\ua_lsp.dll
-> c:\program files\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll

PROCES: c:\windows\explorer.exe
-> c:\program files\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll
.
Czas ukończenia: 2008-11-21 21:22:25
ComboFix-quarantined-files.txt  2008-11-21 20:22:21
ComboFix2.txt  2008-11-21 18:36:10

Przed: 7 108 575 232 bajtów wolnych
Po: 7,105,179,648 bajtów wolnych

201   --- E O F ---   2008-11-12 22:53:21


[wojtas]

te plik/i :

c:\docume~1\mat\USTAWI~1\Temp\TII4.tmp\disk1\BIOSCHK.SYS
c:\documents and settings\mat\Pulpit\SoftFSB.SYS

przesaknuj tu

http://virusscan.jotti.org/
http://www.virustotal.com/

i daj raporty ze skanow

[mateusznokian]

przeprzaszam kolego:(
ale albo nie ma takich plikow albo sa przede mna niezle ukryte bo te programy ich nie wykrywaja:(

a tak wogole to w folderze TEMP nie mam wogole ani jednego pliku;/

Dodano Dzisiaj, 12:27:
sorka
mam pare plikow w TEMP niestety nie moge dodac zdjecia ale napisze chociaz nazwy

Arabic.bin
Czech.bin
Danish.bin
Dutch.bin
English.bin
i wiele innych jezykow:)
no i jeden plik txt o nazwie "jusched"

czy to normalne ze w tempie jest tak malo plikow??
Jest jeszcze jeden dziwny symptom otoz ukryty folder :
C:\Documents and Settings\mat\Ustawienia lokalne\Temporary Internet Files
moge do niego wejsc tylko z paska adresow:/

[wojtas]

1. Ściągnij OTMoveIt i go włacz i odpal go z opcji CleanUp oraz skasuj folder C:\Qoobox
2. wykonaj optymalizację windowsa
3.sciagnij ATF_Cleaner
zaznacz
Windows Temp
All users Temp
Temporary internet files
Recycle Bin
i wcisnij EMPTY SELECTED
4.Wyłącz przywracanie systemu ( właściwości mój komputer-zakładka przywracanie - wyłącz przywracanie na wszystkich dyskach). Po chwili włącz je powrotem
5.Przeskanuj obszar mojego komputera http://www.kaspersky.pl/virusscanner.html (uruchom przez IE) Daj raport z niego na forum.

[mateusznokian]

sorka a gdzie szukac optymalizacji windowsa??

[wojtas]

kliknij na to optymalizacja windowsa

[mateusznokian]

to moze potrwac bo pierwszy raz skanuje kompa kaspersky-m

Dodano Dzisiaj, 13:15:
mam kolejny problem
wyskoczylo mi wlasnie okienko (pobieram aktualizacje kasperskiego)
Alert zabezpieczen systemu windows
czy nadal chce blokowac Internet Explorer;/

Dodano Dzisiaj, 15:05:

Kod: Zaznacz wszystko

--------------------------------------------------------------------------------
RAPORT KASPERSKY ONLINE SCANNER 7.0
niedziela, 23 listopad 2008
System operacyjny: Microsoft Windows XP Professional Dodatek Service Pack 3 (build 2600)
Wersja Kaspersky Online Scanner: 7.0.26.12
Data ostatniej aktualizacji bazy danych: Sunday, November 23, 2008 00:49:29
Liczba wpisów: 1404263
--------------------------------------------------------------------------------

Ustawienia skanowania:
   Typ bazy danych użytej do skanowania: rozszerzona
   Skanuj archiwa: tak
   Skanuj pocztowe bazy danych: tak

Obszar skanowania - Mój komputer:
   C:\
   D:\
   E:\
   F:\
   G:\
   H:\
   I:\

Statystyki skanowania:
   Przeskanowanych plików: 56870
   Nazwa zagrożenia: 1
   Zainfekowanych obiektów: 1
   Podejrzanych obiektów: 0
   Czas skanowania: 00:44:49


Nazwa pliku / Nazwa zagrożenia / Liczba zagrożeń
E:\programy\Instalki\cenzura!\toolbar.exe   Zainfekowany: not-a-virus:AdWare.Win32.MegaSearch.aj   1

Wybrany obszar został przeskanowany.


[djarta]

Fałszywy Alarm. "Kasper" nic nie wykrył.



==================
K.

[mateusznokian]

to znaczy ze jest czysto?? dlaczego nadal nie mam folderu temporary internet files?

Dodano Dzisiaj, 16:08:
ok wszystko jest wystarczylo pogrzebac w opcjach dziekuje wszystkim