Problem z keyloggerem

[wormss39]

Mam problem z keyloggerem. Niestety z rozpędu go uruchomiłem a teraz nie wiem jak wywalić. Od tego czasu zdążyło mi zniknąć konto steam. Nie wiem jak go usunąć. Formatować mi się nie chcę. 2 tygodnie temu formatowałem ;p.
Podaję logi. Combofix:

Kod: Zaznacz wszystko

ComboFix 08-11-18.A2 - Szymek 2008-11-19 23:42:35.1 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1250.1.1045.18.2033 [GMT 1:00]
Uruchomiony z: c:\users\Szymek\Desktop\ComboFix.exe
* Utworzono nowy punkt przywracania
* Resident AV is active

.
/wow section - STAGE 1
Odmowa dostępu.


((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Szymek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lsass.exe

.
((((((((((((((((((((((((( Pliki utworzone od 2008-10-19 do 2008-11-19 )))))))))))))))))))))))))))))))
.

2008-11-19 23:34 . 2008-11-19 23:34 <DIR> d-------- c:\program files\Trend Micro
2008-11-19 22:59 . 2008-08-25 11:36 81,288 --a------ c:\windows\System32\drivers\iksyssec.sys
2008-11-19 22:59 . 2008-08-25 11:36 66,952 --a------ c:\windows\System32\drivers\iksysflt.sys
2008-11-19 22:59 . 2008-08-25 11:36 40,840 --a------ c:\windows\System32\drivers\ikfilesec.sys
2008-11-19 22:59 . 2008-06-02 15:19 29,576 --a------ c:\windows\System32\drivers\kcom.sys
2008-11-19 22:58 . 2008-11-19 22:58 <DIR> d-------- c:\users\Szymek\AppData\Roaming\PC Tools
2008-11-19 22:58 . 2008-11-19 23:46 <DIR> d-------- c:\program files\Spyware Doctor
2008-11-19 22:22 . 2008-11-19 22:22 <DIR> d-------- c:\program files\Moodysoft
2008-11-19 21:37 . 2008-11-19 21:37 <DIR> d-------- c:\users\Szymek\AppData\Roaming\CyberLink
2008-11-18 18:05 . 2008-10-16 22:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll
2008-11-18 18:05 . 2008-10-16 21:56 1,524,736 --a------ c:\windows\System32\wucltux.dll
2008-11-18 18:05 . 2008-10-16 22:12 561,688 --a------ c:\windows\System32\wuapi.dll
2008-11-18 18:05 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll
2008-11-18 18:05 . 2008-10-16 21:55 83,456 --a------ c:\windows\System32\wudriver.dll
2008-11-18 18:05 . 2008-10-16 22:09 51,224 --a------ c:\windows\System32\wuauclt.exe
2008-11-18 18:05 . 2008-10-16 22:09 43,544 --a------ c:\windows\System32\wups2.dll
2008-11-18 18:05 . 2008-10-16 22:08 34,328 --a------ c:\windows\System32\wups.dll
2008-11-18 18:05 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe
2008-11-16 10:11 . 2008-04-17 02:36 171,136 -rahs---- C:\grldr
2008-11-16 10:10 . 2008-11-16 10:10 <DIR> d----c--- c:\windows\System32\DRVSTORE
2008-11-16 10:10 . 2008-11-16 10:10 240,128 --a------ c:\windows\System32\drivers\royal.sys
2008-11-16 10:09 . 2008-11-16 10:09 <DIR> d-------- C:\crack
2008-11-14 16:00 . 2008-11-14 16:00 <DIR> d-------- c:\windows\System32\PlayLinc
2008-11-14 16:00 . 2008-11-14 16:00 <DIR> d-------- c:\program files\PlayLinc
2008-11-13 13:29 . 2008-09-05 06:14 1,191,936 --a------ c:\windows\System32\msxml3.dll
2008-11-13 13:29 . 2008-08-27 02:05 212,480 --a------ c:\windows\System32\drivers\mrxsmb10.sys
2008-11-13 13:28 . 2008-09-10 04:40 1,334,272 --a------ c:\windows\System32\msxml6.dll
2008-11-11 20:10 . 2008-11-11 22:09 139,264 --a------ c:\windows\War3Unin.exe
2008-11-11 20:10 . 2008-11-11 23:29 67,261 --a------ c:\windows\War3Unin.dat
2008-11-11 20:10 . 2008-11-11 22:09 2,829 --a------ c:\windows\War3Unin.pif
2008-11-10 16:30 . 2008-11-15 12:05 <DIR> d-------- c:\program files\Common Files\Steam
2008-11-10 16:25 . 2008-11-14 14:46 266 --a------ c:\windows\game.ini
2008-11-10 14:50 . 2008-11-10 14:50 <DIR> d-------- c:\users\Szymek\AppData\Roaming\teamspeak2
2008-11-10 14:50 . 2008-11-10 14:50 <DIR> d-------- c:\program files\Teamspeak2_RC2
2008-11-10 14:50 . 2008-11-10 14:50 34,064 --a------ c:\windows\System32\lhacm.acm
2008-11-09 17:55 . 2008-11-09 17:55 278,984 --a------ c:\windows\System32\drivers\atksgt.sys
2008-11-09 17:55 . 2008-11-09 17:55 25,416 --a------ c:\windows\System32\drivers\lirsgt.sys
2008-11-08 13:53 . 2008-11-08 13:53 0 --a------ c:\windows\System32\l
2008-11-07 17:55 . 2008-11-07 17:55 107,888 --a------ c:\windows\System32\CmdLineExt.dll
2008-11-07 15:21 . 2008-11-07 21:46 <DIR> d-------- C:\My Recordings
2008-11-07 15:20 . 2008-11-07 15:20 <DIR> d-------- c:\program files\FREE Hi-Q Recorder
2008-11-07 15:20 . 2004-08-10 05:00 1,355,776 --a------ c:\windows\System32\msvbvm50.dll
2008-11-07 15:20 . 2002-01-05 09:37 344,064 --a------ c:\windows\System32\msvcr70.dll
2008-11-06 13:22 . 2008-11-06 13:22 <DIR> d-------- c:\users\All Users\Media Center Programs
2008-11-06 13:22 . 2008-11-06 13:22 <DIR> d-------- c:\programdata\Media Center Programs
2008-11-05 17:57 . 2008-11-05 17:57 <DIR> d-------- c:\program files\YDP
2008-11-05 17:57 . 2008-11-05 17:57 <DIR> d-------- c:\program files\Common Files\YDP
2008-11-05 17:56 . 1998-10-07 12:54 327,168 --a------ c:\windows\IsUn0415.exe
2008-11-04 18:08 . 2008-11-04 18:09 <DIR> d-------- c:\program files\SubEdit-Player
2008-11-02 20:21 . 2008-11-02 20:21 <DIR> d-------- C:\NVIDIA
2008-11-02 18:55 . 2008-11-02 18:55 <DIR> d-------- c:\windows\Sun
2008-11-02 11:12 . 2008-11-02 11:12 <DIR> d-------- c:\program files\NeoSmart Technologies
2008-11-01 17:47 . 2008-11-01 17:47 <DIR> d-------- c:\windows\System32\xlive
2008-11-01 17:18 . 2008-11-01 17:18 <DIR> d--hs---- c:\windows\ftpcache
2008-11-01 14:17 . 2008-11-01 14:17 <DIR> d-------- c:\program files\AVIcodec
2008-10-31 13:30 . 2008-10-31 13:30 682,280 --a------ c:\windows\System32\pbsvc.exe
2008-10-31 13:30 . 2008-11-16 11:49 202,320 --a------ c:\windows\System32\PnkBstrB.exe
2008-10-31 13:30 . 2008-11-16 11:49 138,408 --a------ c:\windows\System32\drivers\PnkBstrK.sys
2008-10-31 13:30 . 2008-11-10 18:37 66,872 --a------ c:\windows\System32\PnkBstrA.exe
2008-10-31 13:30 . 2008-11-10 16:26 22,328 --a------ c:\users\Szymek\AppData\Roaming\PnkBstrK.sys
2008-10-30 02:24 . 2008-10-30 02:24 42,320 --a------ c:\windows\System32\xfcodec.dll
2008-10-29 21:19 . 2008-10-29 21:19 <DIR> d-------- c:\program files\FDRLab
2008-10-29 20:46 . 2008-10-29 20:46 <DIR> d-------- c:\windows\System32\jd
2008-10-29 19:44 . 2008-10-29 19:44 268 --ah----- C:\sqmdata19.sqm
2008-10-29 19:44 . 2008-10-29 19:44 244 --ah----- C:\sqmnoopt19.sqm
2008-10-29 18:42 . 2008-10-29 18:42 268 --ah----- C:\sqmdata18.sqm
2008-10-29 18:42 . 2008-10-29 18:42 244 --ah----- C:\sqmnoopt18.sqm
2008-10-29 13:24 . 2008-08-12 04:39 443,392 --a------ c:\windows\System32\win32spl.dll
2008-10-29 13:24 . 2008-09-18 05:56 147,456 --a------ c:\windows\System32\Faultrep.dll
2008-10-29 13:24 . 2008-09-18 05:56 125,952 --a------ c:\windows\System32\wersvc.dll
2008-10-29 00:08 . 2008-10-29 00:08 268 --ah----- C:\sqmdata17.sqm
2008-10-29 00:08 . 2008-10-29 00:08 244 --ah----- C:\sqmnoopt17.sqm
2008-10-28 20:33 . 2008-10-28 20:33 268 --ah----- C:\sqmdata16.sqm
2008-10-28 20:33 . 2008-10-28 20:33 244 --ah----- C:\sqmnoopt16.sqm
2008-10-28 15:00 . 2008-10-28 15:00 268 --ah----- C:\sqmdata15.sqm
2008-10-28 15:00 . 2008-10-28 15:00 244 --ah----- C:\sqmnoopt15.sqm
2008-10-27 23:10 . 2008-10-27 23:10 268 --ah----- C:\sqmdata14.sqm
2008-10-27 23:10 . 2008-10-27 23:10 244 --ah----- C:\sqmnoopt14.sqm
2008-10-27 21:26 . 2008-10-27 21:26 <DIR> d-------- c:\program files\Sony Ericsson
2008-10-27 21:26 . 2005-06-13 10:05 96,224 --a------ c:\windows\System32\drivers\w800mdm.sys
2008-10-27 21:26 . 2005-06-13 10:06 87,792 --a------ c:\windows\System32\drivers\w800mgmt.sys
2008-10-27 21:26 . 2005-06-13 10:08 85,664 --a------ c:\windows\System32\drivers\w800obex.sys
2008-10-27 21:26 . 2005-06-13 10:05 9,264 --a------ c:\windows\System32\drivers\w800mdfl.sys
2008-10-27 21:26 . 2005-06-13 10:08 6,144 --a------ c:\windows\System32\drivers\w800cmnt.sys
2008-10-27 21:26 . 2005-06-13 10:08 6,144 --a------ c:\windows\System32\drivers\w800cm.sys
2008-10-27 15:53 . 2008-10-27 15:53 <DIR> dr-h----- c:\users\Szymek\AppData\Roaming\SecuROM
2008-10-27 14:25 . 2008-10-27 14:25 <DIR> d-------- c:\windows\95FC26FB19FD4A96BBB1B1062E8648F5.TMP
2008-10-26 23:14 . 2008-10-26 23:14 268 --ah----- C:\sqmdata13.sqm
2008-10-26 23:14 . 2008-10-26 23:14 244 --ah----- C:\sqmnoopt13.sqm
2008-10-26 16:29 . 2008-10-26 16:29 268 --ah----- C:\sqmdata12.sqm
2008-10-26 16:29 . 2008-10-26 16:29 244 --ah----- C:\sqmnoopt12.sqm
2008-10-26 16:02 . 2008-08-17 11:33 678,408 --a------ c:\windows\System32\gpprefcl.dll
2008-10-26 15:15 . 2008-10-26 15:15 <DIR> d-------- c:\program files\hp deskjet 3820 series
2008-10-26 15:15 . 2008-06-26 02:45 12,240,896 --a------ c:\windows\System32\NlsLexicons0007.dll
2008-10-26 15:15 . 2008-06-26 02:45 2,644,480 --a------ c:\windows\System32\NlsLexicons0009.dll
2008-10-26 15:15 . 2008-06-26 04:29 801,280 --a------ c:\windows\System32\NaturalLanguage6.dll
2008-10-26 15:15 . 2002-03-28 10:20 147,512 --a------ c:\windows\System32\hpzlnt05.dll
2008-10-26 15:15 . 2008-10-26 15:15 922 --a------ c:\windows\hpinfo.lnk
2008-10-26 15:14 . 2008-10-26 15:14 <DIR> d-------- c:\program files\Hewlett-Packard
2008-10-26 15:09 . 2008-08-05 10:49 428,544 --a------ c:\windows\System32\EncDec.dll
2008-10-26 15:09 . 2008-08-05 10:49 293,376 --a------ c:\windows\System32\psisdecd.dll
2008-10-26 15:09 . 2008-08-05 10:48 217,088 --a------ c:\windows\System32\psisrndr.ax
2008-10-26 15:09 . 2008-08-05 10:48 177,664 --a------ c:\windows\System32\mpg2splt.ax
2008-10-26 15:09 . 2008-08-05 10:48 80,896 --a------ c:\windows\System32\MSNP.ax
2008-10-26 15:09 . 2008-04-23 05:41 57,856 --a------ c:\windows\System32\MSDvbNP.ax
2008-10-26 13:21 . 2008-10-26 13:21 <DIR> d-------- c:\users\Szymek\AppData\Roaming\Disney Interactive Studios
2008-10-26 08:58 . 2006-10-26 19:56 32,592 --a------ c:\windows\System32\msonpmon.dll
2008-10-26 08:57 . 2008-10-26 08:57 <DIR> d-------- c:\program files\Microsoft Works
2008-10-26 08:56 . 2008-10-26 08:56 <DIR> d-------- c:\program files\Microsoft.NET
2008-10-26 08:55 . 2008-10-26 08:55 <DIR> d-------- c:\program files\Microsoft Visual Studio 8
2008-10-26 08:54 . 2008-11-14 03:02 <DIR> d-------- c:\users\All Users\Microsoft Help
2008-10-26 08:54 . 2008-11-14 03:02 <DIR> d-------- c:\programdata\Microsoft Help
2008-10-26 08:53 . 2008-10-26 08:53 <DIR> dr-h----- C:\MSOCache
2008-10-26 08:46 . 2008-10-26 08:46 <DIR> d-------- c:\program files\MSXML 4.0
2008-10-25 23:26 . 2008-10-25 23:26 268 --ah----- C:\sqmdata11.sqm
2008-10-25 23:26 . 2008-10-25 23:26 244 --ah----- C:\sqmnoopt11.sqm
2008-10-25 14:00 . 2008-10-25 14:17 <DIR> d-------- c:\users\Szymek\AppData\Roaming\Nero
2008-10-25 14:00 . 2008-10-25 14:00 <DIR> d-------- c:\users\All Users\LightScribe
2008-10-25 14:00 . 2008-10-25 14:00 <DIR> d-------- c:\programdata\LightScribe
2008-10-25 13:18 . 2008-10-25 13:18 4,767 --a------ c:\windows\Irremote.ini
2008-10-25 12:39 . 2008-10-25 13:15 <DIR> d-------- c:\program files\Nero
2008-10-25 12:37 . 2008-10-25 12:59 <DIR> d-------- c:\users\All Users\Nero
2008-10-25 12:37 . 2008-10-25 12:59 <DIR> d-------- c:\programdata\Nero
2008-10-25 12:36 . 2008-10-25 13:42 <DIR> d-------- c:\program files\Common Files\Nero
2008-10-25 12:32 . 2008-10-25 12:32 <DIR> d-------- c:\program files\Common Files\LightScribe

.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-26 07:57 --------- d-----w c:\program files\MSBuild
2008-10-24 17:52 --------- d-----w c:\program files\Windows Mail
2008-10-24 15:47 174 --sha-w c:\program files\desktop.ini
2008-10-24 15:40 --------- d-----w c:\program files\Windows Sidebar
2008-10-24 15:40 --------- d-----w c:\program files\Windows Photo Gallery
2008-10-24 15:40 --------- d-----w c:\program files\Windows Journal
2008-10-24 15:40 --------- d-----w c:\program files\Windows Defender
2008-10-24 15:40 --------- d-----w c:\program files\Windows Collaboration
2008-10-24 15:40 --------- d-----w c:\program files\Windows Calendar
2008-10-24 15:28 82,432 ----a-w c:\windows\System32\axaltocm.dll
2008-10-24 15:28 101,888 ----a-w c:\windows\System32\ifxcardm.dll
2008-10-24 14:09 --------- d-sh--w c:\programdata\Ulubione
2008-10-24 14:09 --------- d-sh--w c:\programdata\Szablony
2008-10-24 14:09 --------- d-sh--w c:\programdata\Pulpit
2008-10-24 14:09 --------- d-sh--w c:\programdata\Menu Start
2008-10-24 14:09 --------- d-sh--w c:\programdata\Dokumenty
2008-10-24 14:09 --------- d-sh--w c:\programdata\Dane aplikacji
2008-10-22 15:55 453,152 ----a-w c:\windows\System32\NVUNINST.EXE
2008-10-13 08:56 70,936 ----a-w c:\windows\System32\PhysXLoader.dll
2008-10-07 12:33 704,512 ----a-w c:\windows\System32\nvsvsr.dll
2008-10-07 12:33 203,296 ----a-w c:\windows\System32\nvvsvc.exe
2008-10-07 12:33 122,880 ----a-w c:\windows\System32\nvcodhins.dll
2008-10-07 12:33 122,880 ----a-w c:\windows\System32\nvcodh.dll
2008-10-07 12:33 122,880 ----a-w c:\windows\System32\nvcod134.dll
2008-10-07 12:33 1,486,848 ----a-w c:\windows\System32\nvcuda.dll
2008-10-07 12:33 1,269,760 ----a-w c:\windows\System32\nvsvs.dll
2008-09-30 15:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll
2007-02-10 21:02 14,720 ----a-w c:\windows\inf\xbcd.sys
.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-18 1233920]
"Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2008-10-24 2127296]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-04-03 165784]
"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 136136]
"Steam"="f:\steam\steam.exe" [2008-11-10 1410296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Dimondback"="c:\program files\Razer\Diamondback\razerhid.exe" [2007-02-14 147456]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2008-02-20 1443072]
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 57344]
"!AVG Anti-Spyware"="c:\program files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 6731312]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-03-28 188416]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-12-11 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-11 8530464]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-11 81920]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2008-08-25 1168264]
"CTHelper"="CTHELPER.EXE" [2007-02-12 c:\windows\System32\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [2007-02-12 c:\windows\System32\CTXFIHLP.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DevconDefaultDB"="c:\windows\system32\READREG" [X]

c:\users\Szymek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Xfire.lnk - c:\program files\Xfire\xfire.exe [2008-10-30 3104080]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Aktywacja Testera.lnk - c:\program files\YDP\YdpDict\Watch.exe [2008-11-05 354816]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm
"VIDC.FFDS"= c:\program files\K-Lite Codec Pack\ffdshow\ffdshow.ax
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= DivXa32.acm
"VIDC.HFYU"= huffyuv.dll
"VIDC.XFR1"= xfcodec.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{27C338E1-AC8E-4B07-BC39-CAA063D59BC1}c:\\program files\\xfire\\xfire.exe"= UDP:c:\program files\xfire\xfire.exe:Xfire
"UDP Query User{DF3C8828-50C2-4ED1-AAB2-95220818DF05}c:\\program files\\xfire\\xfire.exe"= TCP:c:\program files\xfire\xfire.exe:Xfire
"TCP Query User{51DA64F7-9ED6-4838-8AFA-79A11E59FC88}c:\\program files\\java\\jre6\\launch4j-tmp\\jdownloader.exe"= UDP:c:\program files\java\jre6\launch4j-tmp\jdownloader.exe:Java(TM) Platform SE binary
"UDP Query User{A341842E-3ABB-46E0-84A2-20D19B80ADFC}c:\\program files\\java\\jre6\\launch4j-tmp\\jdownloader.exe"= TCP:c:\program files\java\jre6\launch4j-tmp\jdownloader.exe:Java(TM) Platform SE binary
"{03506EE8-5A03-4CAB-9406-B8985DBE4B40}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{00B7B9CC-B4A4-4AC2-920B-36E04B04D9D2}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{A7A9B748-9889-46EF-9AD9-7EFF7F6F5054}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{99B3BFE7-38E5-422B-9370-3D6777B699AA}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{DEE79650-D353-461E-B1A4-C84D4255CC5F}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{F9046387-8016-4BA9-9C38-848C895E9B58}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{775F22AD-4EDC-4CAC-A58B-C76DF4FD4468}"= UDP:f:\gry\Sacred 2 - Fallen Angel\system\s2gs.exe:Sacred 2 Game Server
"{B75EE1BD-D736-417B-A643-57483652761A}"= TCP:f:\gry\Sacred 2 - Fallen Angel\system\s2gs.exe:Sacred 2 Game Server
"{0F35D29A-AC62-42BA-9252-354274F4876E}"= UDP:f:\gry\Sacred 2 - Fallen Angel\system\sacred2.exe:Sacred 2
"{EE0AB635-FA7C-47E0-A5F1-6713F9147884}"= TCP:f:\gry\Sacred 2 - Fallen Angel\system\sacred2.exe:Sacred 2
"{A88B9694-C0FC-4F5A-81F1-6C8655679B05}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{6481CB9F-EE73-480A-A4FA-0D6BCC24FE01}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{51D1CB9C-01B2-4EAD-95FD-F57F7942E3DB}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{487DEC19-2976-4D90-A359-1BC19E06CB0F}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{B7634A79-E86C-47CC-9C96-71B2BEBAEF27}"= UDP:f:\gry\PES 2009\pes2009.exe:Pro Evolution Soccer 2009
"{E56CEE60-DDC4-47B4-85CB-D6A607EF2C16}"= TCP:f:\gry\PES 2009\pes2009.exe:Pro Evolution Soccer 2009
"{2F078635-A175-4975-9361-7CE6E0A175E9}"= UDP:f:\gry\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{C306CB61-3DC8-40D8-B123-35AC97EB4133}"= TCP:f:\gry\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0;c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2008-09-24 935208]
R3 Razerlow;Razerlow USB Filter Driver;c:\windows\system32\Drivers\Razerlow.sys [2008-10-24 13225]
S0 OemBiosDevice;Royalty OEM BIOS Extension;c:\windows\system32\drivers\royal.sys [2008-11-16 240128]
S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe /s c:\windows\nod32fixtemdono.reg [2006-11-02 9216]
S3 hamachi_oem;PlayLinc Adapter;c:\windows\system32\DRIVERS\gan_adapter.sys [2006-08-28 10664]
S3 Steam Client Service;Steam Client Service;c:\program files\Common Files\Steam\SteamService.exe /RunAsService [2008-11-10 104944]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4355b60b-a1e5-11dd-9def-001a4d6703d9}]
\shell\AutoRun\command - J:\autorun.exe

*Newly Created Service* - PROCEXP90

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
%SystemRoot%\system32\soundschemes.exe /AddRegistration
.
Zawartość folderu 'Zaplanowane zadania'

2008-11-19 c:\windows\Tasks\User_Feed_Synchronization-{E1E32A82-8B11-4F57-9A24-E6B09385FB7F}.job
- c:\windows\system32\msfeedssync.exe [2008-01-18 22:33]
.
.
------- Skan uzupełniający -------
.
FireFox -: Profile - c:\users\Szymek\AppData\Roaming\Mozilla\Firefox\Profiles\mb1erx3w.default\
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npjp2.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npdeploytk.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-19 23:47:24
Windows 6.0.6001 Service Pack 1 NTFS

detected NTDLL code modification:
ZwClose

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTHelper = CTHELPER.EXE?
CTxfiHlp = CTXFIHLP.EXE?

skanowanie ukrytych plików ...


c:\users\Szymek\AppData\Local\Temp\etilqs_zIUHnvMlYN6jz0fMzC5A 4100 bytes

skanowanie pomyślnie ukończone
ukryte pliki: 1

**************************************************************************
.
Czas ukończenia: 2008-11-19 23:49:17
ComboFix-quarantined-files.txt 2008-11-19 22:49:13

Przed: 5 586 653 184 bajtów wolnych
Po: 6,142,996,480 bajtów wolnych

288 --- E O F --- 2008-11-14 02:03:02

Hijackthis:

Kod: Zaznacz wszystko

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:38:54, on 2008-11-20
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Razer\Diamondback\razerhid.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Windows\System32\CTHELPER.EXE
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\DAEMON Tools\daemon.exe
F:\Steam\Steam.exe
C:\Program Files\YDP\YdpDict\Watch.exe
C:\Program Files\Xfire\xfire.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Razer\Diamondback\razertra.exe
C:\Program Files\Razer\Diamondback\razerofa.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Dimondback] C:\Program Files\Razer\Diamondback\razerhid.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\Windows\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [Steam] "f:\steam\steam.exe" -silent
O4 - HKUS\S-1-5-18\..\Run: [DevconDefaultDB] C:\Windows\system32\READREG /SILENT /FAIL=1 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DevconDefaultDB] C:\Windows\system32\READREG /SILENT /FAIL=1 (User 'Default user')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: Aktywacja Testera.lnk = C:\Program Files\YDP\YdpDict\Watch.exe
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 6216 bytes

[wojtas]

Wykonaj to co jest podane w tym temacie

Zastosuj SDFix . Po pobraniu uruchom go a rozpakuje się do C:\SDFix. Uruchom komputer w trybie awaryjnym (F8 przy stracie systemu). Będąc w awaryjnym uruchom plik RunThis.bat z folderu SDFixa. Zatwierdź czyszczenie przez Y. Poczekaj aż ukończy i komputer zresetuje

Potem wejdz do folderu C:\SDFix wrzuc zawartość pliku Report.txt + log z combofixa oraz daj loga z hijacka

[wormss39]

Ten SDFix w trybie awaryjnym się nie odpala. Pojawia się na chwilę wiersz polecania cały niebieski i się zamyka.

[Okocza]

wormss39, w takim razie spróbuj go odpalić w zwykłym, potem dajesz znów loga z Combofixa i SDFIxa

[wormss39]

W zwykłym chodzi, ale pokazuje, żebym go uruchomił w awaryjnym...

[wojtas]

C:\grldr
c:\windows\System32\l
c:\windows\System32\jd

znasz te foldery ? jesli nie to skasuj

przeskanuj kompa tym:

http://www.programosy.pl/program,dr-web-cureit.html
oraz Przeskanuj obszar mojego komputera http://www.kaspersky.pl/virusscanner.html (uruchom przez IE) Daj raport z niego na forum.

i tym:

FixIEDef.

daj wszyskie raporty ze skanów..