Problem z antivirus xp 2008

[Corazon]

Kod: Zaznacz wszystko

Deckard's System Scanner v20071014.68
Run by Szymon on 2008-08-08 09:58:41
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
9: 2008-08-08 07:58:44 UTC - RP84 - Deckard's System Scanner Restore Point
8: 2008-08-07 02:04:01 UTC - RP83 - Usunięto WOS EURO Online
7: 2008-08-06 15:42:29 UTC - RP82 - Punkt kontrolny systemu
6: 2008-08-05 15:19:30 UTC - RP81 - Installed Samsung Master
5: 2008-08-05 15:19:13 UTC - RP80 - Installed Windows Media Format 9 Series Runtime Setup


-- First Restore Point --
1: 2008-08-05 09:22:23 UTC - RP76 - Punkt kontrolny systemu


Backed up registry hives.
Performed disk cleanup.

[color=red]Percentage of Memory in Use: 80% (more than 75%).[/color]


-- HijackThis (run as Szymon.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:59, on 2008-08-08
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\RUNDLL32.EXE
D:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\WINDOWS\SOUNDMAN.EXE
D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\System32\ctfmon.exe
D:\Program Files\Nowe Gadu-Gadu\gg.exe
D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\System32\nvsvc32.exe
d:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
D:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\wuauclt.exe
D:\Program Files\foobar2000\foobar2000.exe
C:\Program Files\Last.fm\LastFM.exe
C:\Documents and Settings\Szymon\Pulpit\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Szymon.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [VirtualCloneDrive] "D:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avgnt] "D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Nowe Gadu-Gadu] "D:\Program Files\Nowe Gadu-Gadu\gg.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Anno 1503 Zlota Edycja Drivers Auto Removal (pr2ajfae) (pr2ajfae) - Cenega Poland - C:\WINDOWS\system32\pr2ajfae.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - d:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 4564 bytes

-- File Associations -----------------------------------------------------------

[COLOR=red].cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*[/COLOR]


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - c:\windows\system32\drivers\sfdrv01.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - c:\windows\system32\drivers\sfhlp02.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfvfs02 (StarForce Protection VFS Driver (version 2.x)) - c:\windows\system32\drivers\sfvfs02.sys <Not Verified; Protection Technology; StarForce Protection System>
R1 VClone - c:\windows\system32\drivers\vclone.sys <Not Verified; Elaborate Bytes AG; Virtual CloneDrive>
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.2.0.3) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.2.0.3>
R3 EuMusDesignVirtualAudioCableWdm_s2x (Sound2x Audio Cable (WDM)) - c:\windows\system32\drivers\vacs2xkd.sys <Not Verified; Eugene V. Muzychenko; Sound2x Audio Cable>

S3 ASPI (Advanced SCSI Programming Interface Driver) - c:\windows\system32\drivers\aspi32.sys <Not Verified; Adaptec; Adaptec's ASPI Layer>
S3 DNINDIS5 (DNINDIS5 NDIS Protocol Driver) - c:\windows\system32\dnindis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
S3 hwdatacard (Huawei DataCard USB Modem and USB Serial) - c:\windows\system32\drivers\ewusbmdm.sys (file missing)
S3 mcdbus (Driver for MagicISO SCSI Host Controller) - c:\windows\system32\drivers\mcdbus.sys (file missing)
S3 NPF (NetGroup Packet Filter Driver) - c:\windows\system32\drivers\npf.sys <Not Verified; CACE Technologies; WinPcap Netgroup Packet Filter Driver>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 AntiVirScheduler (AntiVir PersonalEdition Classic Scheduler) - "d:\program files\avira\antivir personaledition classic\sched.exe" <Not Verified; Avira GmbH; AntiVir Workstation>
R2 StarWindServiceAE (StarWind AE Service) - d:\program files\alcohol soft\alcohol 120\starwind\starwindserviceae.exe <Not Verified; Rocket Division Software; StarWind Alcohol Edition>

S3 rpcapd (Remote Packet Capture Protocol v.0 (experimental)) - "c:\program files\winpcap\rpcapd.exe" -d -f "c:\program files\winpcap\rpcapd.ini" <Not Verified; CACE Technologies; Remote Packet Capture Daemon>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Kontroler Ethernet
Device ID: PCI\VEN_10EC&DEV_8167&SUBSYS_816710EC&REV_10\4&1F2C41BC&0&2810
Manufacturer:
Name: Kontroler Ethernet
PNP Device ID: PCI\VEN_10EC&DEV_8167&SUBSYS_816710EC&REV_10\4&1F2C41BC&0&2810
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Kontroler Ethernet
Device ID: PCI\VEN_10B9&DEV_5263&SUBSYS_52631849&REV_40\3&267A616A&0&68
Manufacturer:
Name: Kontroler Ethernet
PNP Device ID: PCI\VEN_10B9&DEV_5263&SUBSYS_52631849&REV_40\3&267A616A&0&68
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Kontroler magazynu masowego
Device ID: PCI\VEN_10B9&DEV_5289&SUBSYS_52891849&REV_10\3&267A616A&0&71
Manufacturer:
Name: Kontroler magazynu masowego
PNP Device ID: PCI\VEN_10B9&DEV_5289&SUBSYS_52891849&REV_10\3&267A616A&0&71
Service:


-- Files created between 2008-07-08 and 2008-08-08 -----------------------------

2008-08-07 04:04:04         0 d-------- C:\WINDOWS\System32\appmgmt
2008-08-07 02:58:21    416304 --a------ C:\WINDOWS\System32\MPG4C32.DLL <Not Verified; Microsoft Corporation; Microsoft MPEG-4 Video Codec>
2008-08-05 17:19:54      8704 --a------ C:\WINDOWS\System32\vidccleaner.exe <Not Verified; ; vidccleaner Application>
2008-08-05 17:19:35    217088 --a------ C:\WINDOWS\System32\skjpeg40.dll <Not Verified; STOIK Software; STOIK Software skjpeg>
2008-08-05 17:19:35     83968 --a------ C:\WINDOWS\System32\Skbase40.dll <Not Verified; STOIK Software Ltd.; STOIK Software Ltd. skbase>
2008-08-05 17:19:32         0 d-------- C:\Program Files\Samsung
2008-08-05 17:19:20    997888 --a------ C:\WINDOWS\System32\wmvdmoe2.dll <Not Verified; Microsoft Corporation; Microsoft® Windows Media Services>
2008-08-05 17:19:20    892416 --a------ C:\WINDOWS\System32\wmspdmoe.dll <Not Verified; Microsoft Corporation; Microsoft® Windows Media Services>
2008-08-05 17:19:20   1111040 --a------ C:\WINDOWS\System32\wmsdmoe2.dll <Not Verified; Microsoft Corporation; Microsoft® Windows Media Services>
2008-08-05 11:30:56     68096 --a------ C:\WINDOWS\zip.exe
2008-08-05 11:30:56     49152 --a------ C:\WINDOWS\VFind.exe
2008-08-05 11:30:56    212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-08-05 11:30:56    136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-08-05 11:30:56    161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-08-05 11:30:56     98816 --a------ C:\WINDOWS\sed.exe
2008-08-05 11:30:56     80412 --a------ C:\WINDOWS\grep.exe
2008-08-05 11:30:56     89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-08-05 11:11:25         0 d-------- C:\Program Files\Trend Micro
2008-08-05 10:49:21     21840 --a------ C:\WINDOWS\System32\SIntfNT.dll
2008-08-05 10:49:21     17212 --a------ C:\WINDOWS\System32\SIntf32.dll
2008-08-05 10:49:21     12067 --a------ C:\WINDOWS\System32\SIntf16.dll
2008-08-05 10:47:41    151552 --a------ C:\WINDOWS\System32\MSOSS.DLL <Not Verified; Microsoft Corporation; Microsoft(R) Windows NT(R) Operating System>
2008-08-05 07:22:56         0 d-------- C:\Program Files\KONAMI
2008-08-05 06:59:01         0 d-------- C:\Gry
2008-08-01 23:29:08         0 d-------- C:\Program Files\AVD Graphic Studio 6.7 TRIAL
2008-07-21 19:12:47         0 d-------- C:\Program Files\Common Files\Adobe
2008-07-13 00:10:46    685816 --a------ C:\WINDOWS\System32\drivers\sptd.sys
2008-07-12 23:50:16    765952 --a------ C:\WINDOWS\System32\xvidcore.dll
2008-07-12 23:50:15    180224 --a------ C:\WINDOWS\System32\xvidvfw.dll
2008-07-12 23:50:15         0 d-------- C:\Program Files\Xvid
2008-07-11 14:29:34         0 d-------- C:\Program Files\Diablo Mod PL
2008-07-11 14:24:21     61440 --a------ C:\WINDOWS\diabunin.exe
2008-07-11 14:24:21     86528 --a------ C:\WINDOWS\bnetunin.exe
2008-07-11 13:15:57     60416 --a------ C:\WINDOWS\ALCFDRTM.EXE <Not Verified; Realtek Semiconductor Corp.; Realtek ALCFDRTM>
2008-07-11 13:15:49         0 d-------- C:\WINDOWS\System32\Lang


-- Find3M Report ---------------------------------------------------------------

2008-08-07 23:14:00         0 d-------- C:\Documents and Settings\Szymon\Dane aplikacji\foobar2000
2008-08-07 04:03:34    355486 --a------ C:\WINDOWS\System32\perfh015.dat
2008-08-07 04:03:34     49492 --a------ C:\WINDOWS\System32\perfc015.dat
2008-08-07 04:03:30         0 d-------- C:\Program Files\Usługi online
2008-08-07 02:57:20         0 d--h----- C:\Program Files\InstallShield Installation Information
2008-08-05 13:30:03         0 d-------- C:\Documents and Settings\Szymon\Dane aplikacji\Ford Street Racing
2008-08-05 11:33:07         0 d-------- C:\Program Files\Common Files
2008-08-05 11:12:25         0 d-------- C:\Documents and Settings\Szymon\Dane aplikacji\MegauploadToolbar
2008-07-26 22:04:09         0 d-------- C:\Documents and Settings\Szymon\Dane aplikacji\Nowe Gadu-Gadu
2008-07-24 02:26:41         0 d-------- C:\Documents and Settings\Szymon\Dane aplikacji\Adobe
2008-07-21 18:56:18         0 d-------- C:\Documents and Settings\Szymon\Dane aplikacji\InstallShield
2008-07-13 03:33:20         0 d-------- C:\Documents and Settings\Szymon\Dane aplikacji\DeepBurner
2008-07-05 02:09:23         0 d-------- C:\Documents and Settings\Szymon\Dane aplikacji\Mozilla
2008-07-04 02:13:59         0 d-------- C:\Program Files\Google
2008-06-28 20:45:38         0 d-------- C:\Program Files\Common Files\EasyInfo
2008-06-23 08:39:35         0 d-------- C:\Program Files\directx
2008-06-21 19:31:28         0 d-------- C:\Documents and Settings\Szymon\Dane aplikacji\Talkback
2008-06-19 01:42:13         0 d-------- C:\Documents and Settings\Szymon\Dane aplikacji\Media Player Classic
2008-06-19 01:41:59         0 d-------- C:\Program Files\Real Alternative
2008-06-19 01:41:53         0 d-------- C:\Documents and Settings\Szymon\Dane aplikacji\Real
2008-06-17 07:20:09         0 d-------- C:\Program Files\7-Zip
2008-06-13 04:46:03       711 --a------ C:\WINDOWS\eReg.dat
2008-06-13 04:35:51         0 d-------- C:\Program Files\Maxis
2008-06-11 01:56:50         0 d-------- C:\Program Files\%systemdir%
2008-06-02 05:43:24    286720 --a------ C:\WINDOWS\iun506.exe <Not Verified; Indigo Rose Corporation; Setup Factory 5.0 Uninstaller>
2008-06-02 02:10:06        58 --a------ C:\WINDOWS\winvidni.sys


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2006-10-22 12:22]
"nwiz"="nwiz.exe" [2006-10-22 12:22 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2006-10-22 12:22]
"VirtualCloneDrive"="D:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2006-04-29 15:21]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 15:28 C:\WINDOWS\soundman.exe]
"avgnt"="D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-18 20:50]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2002-09-29 00:00]
"Nowe Gadu-Gadu"="D:\Program Files\Nowe Gadu-Gadu\gg.exe" [2008-06-27 10:28]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 14:44:06]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2 (0x2)




-- End of Deckard's System Scanner: finished at 2008-08-08 09:59:53 ------------



Kod: Zaznacz wszystko

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:53, on 2008-08-07
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\RUNDLL32.EXE
D:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\WINDOWS\SOUNDMAN.EXE
D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\System32\ctfmon.exe
D:\Program Files\foobar2000\foobar2000.exe
C:\Program Files\Last.fm\LastFM.exe
D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\System32\nvsvc32.exe
d:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\wuauclt.exe
D:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [VirtualCloneDrive] "D:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avgnt] "D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Nowe Gadu-Gadu] "D:\Program Files\Nowe Gadu-Gadu\gg.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Anno 1503 Zlota Edycja Drivers Auto Removal (pr2ajfae) (pr2ajfae) - Cenega Poland - C:\WINDOWS\system32\pr2ajfae.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - d:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 4489 bytes

Złapałem z tego co zauważyłem dwa wirusy. Jednego którego nazwy nie znam i on zablokował tapetę, managera zadań, spowolnił maksymalnie komputer oraz "sprowadził" Antyvirusa Xp 2008. Odpaliłem Combofixa i po restarcie systemu wszystko wyglądało ok lecz jednak wolę wstawić logi gdyż mimo wszystko coś mi tu nie pasuje.

[Okocza]

Wykonaj to co jest podane w tym temacie

Zastosuj SDFix . Po pobraniu uruchom go a rozpakuje się do C:\SDFix. Uruchom komputer w trybie awaryjnym (F8 przy stracie systemu). Będąc w awaryjnym uruchom plik RunThis.bat z folderu SDFixa. Zatwierdź czyszczenie przez Y. Poczekaj aż ukończy i komputer zresetuje

Potem wejdz do folderu C:\SDFix wrzuc zawartość pliku Report.txt + log z combofixa oraz daj loga z hijacka

Kod: Zaznacz wszystko

C:\WINDOWS\sed.exe
C:\WINDOWS\zip.exe
C:\WINDOWS\grep.exe
C:\WINDOWS\VFind.exe
C:\WINDOWS\fdsv.exe


usuń te pliki z podanych lokalizacji

[Corazon]

Kod: Zaznacz wszystko

[b]SDFix: Version 1.214 [/b]
Run by Administrator on 2008-08-08 at 11:00

Microsoft Windows XP [Wersja 5.1.2600]
Running From: C:\SDFix

[b]Checking Services [/b]:


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


[b]Checking Files [/b]:

No Trojan Files Found




Folder C:\Documents and Settings\Szymon\Dane aplikacji\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.redtube.com - Removed


Removing Temp Files

[b]ADS Check [/b]:



                                 [b]Final Check [/b]:

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-08 11:03:01
Windows 5.1.2600 Dodatek Service Pack. 1 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="d:\Program Files\Alcohol Soft\Alcohol 120\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="d:\Program Files\Alcohol Soft\Alcohol 120\"

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


[b]Remaining Services [/b]:




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[b]Remaining Files [/b]:


File Backups: - C:\SDFix\backups\backups.zip

[b]Files with Hidden Attributes [/b]:

Mon 31 Mar 2008             0 ..SH. --- "C:\WINDOWS\S3A626815.tmp"
Tue 20 Aug 2002     1,511,453 ...H. --- "C:\Program Files\Messenger\msmsgs.exe"
Sun 29 Sep 2002        57,856 A.SH. --- "C:\Program Files\Outlook Express\msimn.exe"

[b]Finished![/b]



Kod: Zaznacz wszystko

ComboFix 08-08-04.01 - Szymon 2008-08-08 11:07:23.2 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.1.1250.1.1045.18.210 [GMT 2:00]
Running from: C:\Documents and Settings\Szymon\Pulpit\ComboFix.exe

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

(((((((((((((((((((((((((   Files Created from 2008-07-08 to 2008-08-08  )))))))))))))))))))))))))))))))
.

2008-08-08 10:59 . 2008-08-08 10:59   <DIR>   d--------   C:\WINDOWS\ERUNT
2008-08-08 10:59 . 2008-08-08 10:59   <DIR>   d--------   C:\Documents and Settings\Administrator
2008-08-08 10:47 . 2008-08-08 11:04   <DIR>   d--------   C:\SDFix
2008-08-08 09:58 . 2008-08-08 09:58   <DIR>   d--------   C:\Deckard
2008-08-07 02:58 . 1999-04-09 02:14   416,304   --a------   C:\WINDOWS\system32\MPG4C32.DLL
2008-08-05 17:19 . 2008-08-05 17:19   <DIR>   d--------   C:\Program Files\Samsung
2008-08-05 13:24 . 2008-08-05 13:30   <DIR>   d--------   C:\Documents and Settings\Szymon\Dane aplikacji\Ford Street Racing
2008-08-05 11:11 . 2008-08-05 11:11   <DIR>   d--------   C:\Program Files\Trend Micro
2008-08-05 10:49 . 2008-08-05 10:49   21,840   --a------   C:\WINDOWS\system32\SIntfNT.dll
2008-08-05 10:49 . 2008-08-05 10:49   17,212   --a------   C:\WINDOWS\system32\SIntf32.dll
2008-08-05 10:49 . 2008-08-05 10:49   12,067   --a------   C:\WINDOWS\system32\SIntf16.dll
2008-08-05 10:47 . 1999-04-23 22:22   151,552   --a------   C:\WINDOWS\system32\MSOSS.DLL
2008-08-05 07:22 . 2008-08-05 07:22   <DIR>   d--------   C:\Program Files\KONAMI
2008-08-05 06:59 . 2008-08-05 06:59   <DIR>   d--------   C:\Gry
2008-08-02 02:24 . 2008-08-02 02:24   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\Trymedia
2008-08-01 23:29 . 2008-08-01 23:29   <DIR>   d--------   C:\Program Files\AVD Graphic Studio 6.7 TRIAL
2008-07-21 19:12 . 2008-07-21 19:12   <DIR>   d--------   C:\Program Files\Common Files\Adobe
2008-07-21 18:56 . 2008-07-21 18:56   <DIR>   d--------   C:\Documents and Settings\Szymon\Dane aplikacji\InstallShield
2008-07-13 00:24 . 2008-07-13 03:33   <DIR>   d--------   C:\Documents and Settings\Szymon\Dane aplikacji\DeepBurner
2008-07-13 00:10 . 2008-07-13 00:10   685,816   --a------   C:\WINDOWS\system32\drivers\sptd.sys
2008-07-12 23:50 . 2008-07-12 23:50   <DIR>   d--------   C:\Program Files\Xvid
2008-07-12 23:50 . 2006-11-01 15:52   765,952   --a------   C:\WINDOWS\system32\xvidcore.dll
2008-07-12 23:50 . 2006-11-01 15:54   180,224   --a------   C:\WINDOWS\system32\xvidvfw.dll
2008-07-12 23:50 . 2006-11-01 16:26   77,824   --a------   C:\WINDOWS\system32\xvid.ax
2008-07-11 14:29 . 2008-07-29 04:27   <DIR>   d--------   C:\Program Files\Diablo Mod PL
2008-07-11 14:24 . 2008-07-11 14:24   86,528   --a------   C:\WINDOWS\bnetunin.exe
2008-07-11 14:24 . 2008-07-11 14:24   61,440   --a------   C:\WINDOWS\diabunin.exe
2008-07-11 13:15 . 2008-07-11 13:15   <DIR>   d--------   C:\WINDOWS\system32\Lang
2008-07-11 13:15 . 2008-07-11 13:15   940,794   --a------   C:\WINDOWS\system32\LoopyMusic.wav
2008-07-11 13:15 . 2008-07-11 13:15   146,650   --a------   C:\WINDOWS\system32\BuzzingBee.wav
2008-07-11 13:15 . 2008-07-23 19:37   60,416   --a------   C:\WINDOWS\ALCFDRTM.VER
2008-07-11 13:15 . 2008-07-11 13:15   60,416   --a------   C:\WINDOWS\ALCFDRTM.EXE

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-08 08:41   ---------   d-----w   C:\Documents and Settings\Szymon\Dane aplikacji\foobar2000
2008-08-07 02:03   ---------   d-----w   C:\Program Files\Usługi online
2008-08-07 00:57   ---------   d--h--w   C:\Program Files\InstallShield Installation Information
2008-08-05 09:12   ---------   d-----w   C:\Documents and Settings\Szymon\Dane aplikacji\MegauploadToolbar
2008-07-26 20:04   ---------   d-----w   C:\Documents and Settings\Szymon\Dane aplikacji\Nowe Gadu-Gadu
2008-07-07 14:39   17,801   ----a-w   C:\WINDOWS\system32\drivers\AegisP.sys
2008-07-04 00:13   ---------   d-----w   C:\Program Files\Google
2008-06-28 18:45   ---------   d-----w   C:\Program Files\Common Files\EasyInfo
2008-06-23 06:39   ---------   d-----w   C:\Program Files\directx
2008-06-21 17:31   ---------   d-----w   C:\Documents and Settings\Szymon\Dane aplikacji\Talkback
2008-06-18 23:42   ---------   d-----w   C:\Documents and Settings\Szymon\Dane aplikacji\Media Player Classic
2008-06-18 23:41   ---------   d-----w   C:\Program Files\Real Alternative
2008-06-17 05:20   ---------   d-----w   C:\Program Files\7-Zip
2008-06-13 02:35   ---------   d-----w   C:\Program Files\Maxis
2008-06-10 23:56   ---------   d-----w   C:\Program Files\%systemdir%
2008-06-09 23:04   ---------   d-----w   C:\Documents and Settings\All Users\Dane aplikacji\HipSoft
2008-06-08 15:28   ---------   d-----w   C:\Program Files\Mafia
2008-06-02 03:43   286,720   ----a-w   C:\WINDOWS\iun506.exe
2008-05-16 09:38   1,386,496   ----a-w   C:\WINDOWS\system32\msvbvm60.dll
.

(((((((((((((((((((((((((((((   snapshot@2008-08-05_11.37.55.18   )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-08-07 14:27:05   163,328   ----a-w   C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2008-08-08 09:00:00   376,832   ----a-w   C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000001\NTUSER.DAT
+ 2008-08-08 09:00:00   8,192   ----a-w   C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000002\UsrClass.dat
+ 2008-08-07 14:27:05   163,328   ----a-w   C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-08-08 08:59:59   376,832   ----a-w   C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000001\NTUSER.DAT
+ 2008-08-08 08:59:59   8,192   ----a-w   C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000002\UsrClass.dat
- 2002-09-28 22:00:00   204,800   ----a-w   C:\WINDOWS\system32\blackbox.dll
+ 2002-12-11 16:09:20   232,960   ----a-w   C:\WINDOWS\system32\blackbox.dll
- 2008-08-05 09:19:20   16,384   ----a-w   C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-08-08 09:02:14   16,384   ----a-w   C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-08-05 09:19:20   32,768   ----a-w   C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\index.dat
+ 2008-08-08 09:02:14   32,768   ----a-w   C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\index.dat
- 2008-08-05 09:19:20   49,152   ----a-w   C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat
+ 2008-08-08 09:02:14   49,152   ----a-w   C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat
- 2002-09-28 22:00:00   204,800   -c--a-w   C:\WINDOWS\system32\dllcache\blackbox.dll
+ 2002-12-11 16:09:20   232,960   -c--a-w   C:\WINDOWS\system32\dllcache\blackbox.dll
- 2002-09-28 22:00:00   266,240   -c--a-w   C:\WINDOWS\system32\dllcache\drmclien.dll
+ 2002-12-11 16:50:18   301,712   -c--a-w   C:\WINDOWS\system32\dllcache\drmclien.dll
- 2002-09-28 22:00:00   76,830   -c--a-w   C:\WINDOWS\system32\dllcache\drmstor.dll
+ 2002-12-11 15:34:42   82,432   -c--a-w   C:\WINDOWS\system32\dllcache\drmstor.dll
- 2002-09-28 22:00:00   602,112   -c--a-w   C:\WINDOWS\system32\dllcache\drmv2clt.dll
+ 2002-12-11 16:09:22   678,912   -c--a-w   C:\WINDOWS\system32\dllcache\drmv2clt.dll
- 2002-09-28 22:00:00   6,656   -c--a-w   C:\WINDOWS\system32\dllcache\laprxy.dll
+ 2002-12-11 13:16:58   6,656   -c--a-w   C:\WINDOWS\system32\dllcache\laprxy.dll
- 2002-09-28 22:00:00   24,576   -c--a-w   C:\WINDOWS\system32\dllcache\logagent.exe
+ 2002-12-11 13:04:20   81,408   -c--a-w   C:\WINDOWS\system32\dllcache\logagent.exe
- 2002-09-28 22:00:00   233,472   -c--a-w   C:\WINDOWS\system32\dllcache\mpg4dmod.dll
+ 2002-12-11 15:34:40   241,664   -c--a-w   C:\WINDOWS\system32\dllcache\mpg4dmod.dll
- 2002-09-28 22:00:00   174,592   -c--a-w   C:\WINDOWS\system32\dllcache\msnetobj.dll
+ 2002-12-11 16:09:22   253,952   -c--a-w   C:\WINDOWS\system32\dllcache\msnetobj.dll
- 2002-09-28 22:00:00   157,696   -c--a-w   C:\WINDOWS\system32\dllcache\npdrmv2.dll
+ 2002-12-11 16:09:24   217,600   -c--a-w   C:\WINDOWS\system32\dllcache\npdrmv2.dll
- 2002-09-28 22:00:00   8,223   -c--a-w   C:\WINDOWS\system32\dllcache\npwmsdrm.dll
+ 2002-12-11 15:34:42   9,728   -c--a-w   C:\WINDOWS\system32\dllcache\npwmsdrm.dll
- 2002-12-11 22:14:32   173,056   -c--a-w   C:\WINDOWS\system32\dllcache\qasf.dll
+ 2002-12-11 15:34:40   241,664   -c--a-w   C:\WINDOWS\system32\dllcache\qasf.dll
- 2002-09-28 22:00:00   184,320   -c--a-w   C:\WINDOWS\system32\dllcache\wmadmod.dll
+ 2002-12-11 17:11:02   410,248   -c--a-w   C:\WINDOWS\system32\dllcache\wmadmod.dll
- 2002-09-28 22:00:00   442,398   -c--a-w   C:\WINDOWS\system32\dllcache\wmadmoe.dll
+ 2002-12-11 15:34:40   670,208   -c--a-w   C:\WINDOWS\system32\dllcache\wmadmoe.dll
- 2002-09-28 22:00:00   274,432   -c--a-w   C:\WINDOWS\system32\dllcache\wmasf.dll
+ 2002-12-11 15:23:48   218,112   -c--a-w   C:\WINDOWS\system32\dllcache\wmasf.dll
- 2002-09-28 22:00:00   253,952   -c--a-w   C:\WINDOWS\system32\dllcache\wmnetmgr.dll
+ 2002-12-11 15:23:58   981,504   -c--a-w   C:\WINDOWS\system32\dllcache\wmnetmgr.dll
- 2002-09-28 22:00:00   110,592   -c--a-w   C:\WINDOWS\system32\dllcache\wmsdmod.dll
+ 2002-12-11 17:12:50   760,968   -c--a-w   C:\WINDOWS\system32\dllcache\wmsdmod.dll
- 2002-09-28 22:00:00   1,220,608   -c--a-w   C:\WINDOWS\system32\dllcache\wmvcore.dll
+ 2002-12-11 17:02:38   2,058,888   -c--a-w   C:\WINDOWS\system32\dllcache\wmvcore.dll
- 2002-09-28 22:00:00   294,912   -c--a-w   C:\WINDOWS\system32\dllcache\wmvdmod.dll
+ 2002-12-11 17:10:00   816,264   -c--a-w   C:\WINDOWS\system32\dllcache\wmvdmod.dll
- 2002-09-28 22:00:00   266,240   ----a-w   C:\WINDOWS\system32\drmclien.dll
+ 2002-12-11 16:50:18   301,712   ----a-w   C:\WINDOWS\system32\drmclien.dll
- 2002-09-28 22:00:00   76,830   ----a-w   C:\WINDOWS\system32\drmstor.dll
+ 2002-12-11 15:34:42   82,432   ----a-w   C:\WINDOWS\system32\drmstor.dll
- 2002-09-28 22:00:00   602,112   ----a-w   C:\WINDOWS\system32\drmv2clt.dll
+ 2002-12-11 16:09:22   678,912   ----a-w   C:\WINDOWS\system32\drmv2clt.dll
- 2002-09-28 22:00:00   6,656   ----a-w   C:\WINDOWS\system32\laprxy.dll
+ 2002-12-11 13:16:58   6,656   ----a-w   C:\WINDOWS\system32\laprxy.dll
- 2002-09-28 22:00:00   24,576   ----a-w   C:\WINDOWS\system32\logagent.exe
+ 2002-12-11 13:04:20   81,408   ----a-w   C:\WINDOWS\system32\logagent.exe
+ 2002-12-11 17:12:02   316,040   ----a-w   C:\WINDOWS\system32\mp43dmod.dll
+ 2002-12-11 13:16:58   384,512   ----a-w   C:\WINDOWS\system32\mp4sdmod.dll
- 2002-09-28 22:00:00   233,472   ----a-w   C:\WINDOWS\system32\mpg4dmod.dll
+ 2002-12-11 15:34:40   241,664   ----a-w   C:\WINDOWS\system32\mpg4dmod.dll
- 2002-09-28 22:00:00   174,592   ----a-w   C:\WINDOWS\system32\msnetobj.dll
+ 2002-12-11 16:09:22   253,952   ----a-w   C:\WINDOWS\system32\msnetobj.dll
- 2003-02-21 02:42:22   348,160   ----a-w   C:\WINDOWS\system32\msvcr71.dll
+ 2003-02-21 13:42:22   348,160   ----a-w   C:\WINDOWS\system32\msvcr71.dll
- 2008-06-07 10:34:33   39,992   ----a-w   C:\WINDOWS\system32\perfc009.dat
+ 2008-08-07 02:03:34   39,992   ----a-w   C:\WINDOWS\system32\perfc009.dat
- 2008-06-07 10:34:33   49,492   ----a-w   C:\WINDOWS\system32\perfc015.dat
+ 2008-08-07 02:03:34   49,492   ----a-w   C:\WINDOWS\system32\perfc015.dat
- 2008-06-07 10:34:33   311,604   ----a-w   C:\WINDOWS\system32\perfh009.dat
+ 2008-08-07 02:03:34   311,604   ----a-w   C:\WINDOWS\system32\perfh009.dat
- 2008-06-07 10:34:33   355,486   ----a-w   C:\WINDOWS\system32\perfh015.dat
+ 2008-08-07 02:03:34   355,486   ----a-w   C:\WINDOWS\system32\perfh015.dat
- 2002-12-11 22:14:32   173,056   ----a-w   C:\WINDOWS\system32\qasf.dll
+ 2002-12-11 15:34:40   241,664   ----a-w   C:\WINDOWS\system32\qasf.dll
+ 1998-03-04 09:40:50   83,968   ----a-w   C:\WINDOWS\system32\Skbase40.dll
+ 1998-07-09 18:41:12   217,088   ----a-w   C:\WINDOWS\system32\skjpeg40.dll
+ 2004-03-09 09:39:28   8,704   ----a-w   C:\WINDOWS\system32\vidccleaner.exe
- 2002-09-28 22:00:00   184,320   ----a-w   C:\WINDOWS\system32\wmadmod.dll
+ 2002-12-11 17:11:02   410,248   ----a-w   C:\WINDOWS\system32\wmadmod.dll
- 2002-09-28 22:00:00   442,398   ----a-w   C:\WINDOWS\system32\wmadmoe.dll
+ 2002-12-11 15:34:40   670,208   ----a-w   C:\WINDOWS\system32\wmadmoe.dll
- 2002-09-28 22:00:00   274,432   ----a-w   C:\WINDOWS\system32\wmasf.dll
+ 2002-12-11 15:23:48   218,112   ----a-w   C:\WINDOWS\system32\wmasf.dll
+ 2002-12-11 13:16:58   143,360   ----a-w   C:\WINDOWS\system32\wmidx.dll
- 2002-09-28 22:00:00   253,952   ----a-w   C:\WINDOWS\system32\wmnetmgr.dll
+ 2002-12-11 15:23:58   981,504   ----a-w   C:\WINDOWS\system32\wmnetmgr.dll
- 2002-09-28 22:00:00   110,592   ----a-w   C:\WINDOWS\system32\wmsdmod.dll
+ 2002-12-11 17:12:50   760,968   ----a-w   C:\WINDOWS\system32\wmsdmod.dll
+ 2002-12-11 15:34:40   1,111,040   ----a-w   C:\WINDOWS\system32\wmsdmoe2.dll
+ 2002-12-11 17:07:54   486,536   ----a-w   C:\WINDOWS\system32\wmspdmod.dll
+ 2002-12-11 15:34:40   892,416   ----a-w   C:\WINDOWS\system32\wmspdmoe.dll
- 2002-09-28 22:00:00   1,220,608   ----a-w   C:\WINDOWS\system32\wmvcore.dll
+ 2002-12-11 17:02:38   2,058,888   ----a-w   C:\WINDOWS\system32\wmvcore.dll
- 2002-09-28 22:00:00   294,912   ----a-w   C:\WINDOWS\system32\wmvdmod.dll
+ 2002-12-11 17:10:00   816,264   ----a-w   C:\WINDOWS\system32\wmvdmod.dll
+ 2002-12-11 15:34:40   997,888   ----a-w   C:\WINDOWS\system32\wmvdmoe2.dll
.
-- Snapshot reset to current date --
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2002-09-29 00:00 13312]
"Nowe Gadu-Gadu"="D:\Program Files\Nowe Gadu-Gadu\gg.exe" [2008-06-27 10:28 8798816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2006-10-22 12:22 7700480]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2006-10-22 12:22 86016]
"VirtualCloneDrive"="D:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2006-04-29 15:21 94208]
"avgnt"="D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-18 20:50 266497]
"nwiz"="nwiz.exe" [2006-10-22 12:22 1622016 C:\WINDOWS\system32\nwiz.exe]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 15:28 577536 C:\WINDOWS\soundman.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2002-09-29 00:00 13312]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 14:44:06 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2 (0x2)

R0 avgntmgr;avgntmgr;C:\WINDOWS\System32\DRIVERS\avgntmgr.sys [2008-04-19 23:46]
R0 pe3ajfae;Anno 1503 Zlota Edycja Environment Driver (pe3ajfae);C:\WINDOWS\System32\drivers\pe3ajfae.sys [2007-02-13 18:26]
R0 ps6ajfae;Anno 1503 Zlota Edycja Synchronization Driver (ps6ajfae);C:\WINDOWS\System32\drivers\ps6ajfae.sys [2007-02-13 18:25]
R1 avgntdd;avgntdd;C:\WINDOWS\System32\DRIVERS\avgntdd.sys [2008-07-21 20:45]
R3 EuMusDesignVirtualAudioCableWdm_s2x;Sound2x Audio Cable (WDM);C:\WINDOWS\System32\DRIVERS\vacs2xkd.sys [2007-11-01 17:53]
R3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;C:\WINDOWS\System32\DRIVERS\WPN111.sys [2005-09-26 10:02]
S2 pr2ajfae;Anno 1503 Zlota Edycja Drivers Auto Removal (pr2ajfae);C:\WINDOWS\system32\pr2ajfae.exe svc []
S3 ASPI;Advanced SCSI Programming Interface Driver;C:\WINDOWS\System32\DRIVERS\ASPI32.sys [2002-07-17 08:05]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;C:\WINDOWS\System32\DNINDIS5.SYS [2003-07-24 12:10]
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\System32\drivers\npf.sys [2005-08-02 23:10]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Szymon\Dane aplikacji\Mozilla\Firefox\Profiles\[u]0[/u]xvq8wd4.default\
FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - D:\Program Files\Mozilla Firefox\plugins\npnul32.dll
FF -: plugin - D:\Program Files\Mozilla Firefox\plugins\nppdf32.dll


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-08 11:08:33
Windows 5.1.2600 Dodatek Service Pack. 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-08-08 11:09:33
ComboFix-quarantined-files.txt  2008-08-08 09:09:30
ComboFix2.txt  2008-08-05 09:38:14

Pre-Run: 4,308,291,584 bajtów wolnych
Post-Run: 4,301,889,536 bajtów wolnych

222


Kod: Zaznacz wszystko

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:10, on 2008-08-08
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\System32\nvsvc32.exe
d:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\RUNDLL32.EXE
D:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\WINDOWS\SOUNDMAN.EXE
D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
D:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [VirtualCloneDrive] "D:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avgnt] "D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Nowe Gadu-Gadu] "D:\Program Files\Nowe Gadu-Gadu\gg.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Anno 1503 Zlota Edycja Drivers Auto Removal (pr2ajfae) (pr2ajfae) - Cenega Poland - C:\WINDOWS\system32\pr2ajfae.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - d:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 4465 bytes


podane pliki z katalogu windowsa usunąłem

[Okocza]

Wykonaj to co jest podane w tym temacie

1. Ściągnij OTMoveIt i go włacz i odpal go z opcji CleanUp
2. wykonaj optymalizację windowsa
3.sciagnij ATF_Cleaner
zaznacz
Windows Temp
All users Temp
Temporary internet files
Recycle Bin
i wcisnij EMPTY SELECTED
4.Wyłącz przywracanie systemu ( właściwości mój komputer-zakładka przywracanie - wyłącz przywracanie na wszystkich dyskach). Po chwili włącz je powrotem
5. Przeskanuj komputer pod względem Trojanów tym programem
6. Wstaw na forum screen z zakładki uruchamianie (start – uruchom – msconfig – uruchamianie) może uda się cos wyrzucic stamtąd.

[Corazon]

Wykonałem wszystkie te czynności i mój komputer jakby zyskał drugą młodość;)
Wielkie dzięki