Virus.win32.hidrag.a zainfekowal plik svchost.pomocy!

[snaker6661]

kaspersky online antyvirus wykazal ze wirus Virus.Win32.Hidrag.a zainfekowal mnostwo plikow .exe i plik svchost ktorego nie mozna usunac. prosze bardzo o pomoc bo jest coraz gorzej.

Log z combofixa:

Kod: Zaznacz wszystko

ComboFix 08-09-30.03 - Daniel 2008-10-01 11:15:05.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1250.1.1045.18.1515 [GMT 2:00]
Uruchomiony z: D:\Instalki\ComboFix.exe
* Utworzono nowy punkt przywracania

[color=red][b]UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !![/b][/color]
.

(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\svchost.exe

.
(((((((((((((((((((((((((((((((((((((((   Sterowniki/Usługi   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_POWERMANAGER
-------\Service_PowerManager


(((((((((((((((((((((((((   Pliki utworzone od 2008-09-01 do 2008-10-01  )))))))))))))))))))))))))))))))
.

2008-10-01 01:21 . 2008-10-01 01:21   <DIR>   d--------   C:\WINDOWS\system32\Kaspersky Lab
2008-10-01 01:21 . 2008-10-01 01:21   <DIR>   d--------   C:\WINDOWS\LastGood.Tmp
2008-09-27 12:57 . 2008-10-01 11:10   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab
2008-09-27 12:57 . 2008-10-01 11:16   845,856   --ahs----   C:\WINDOWS\system32\drivers\fidbox.dat
2008-09-27 12:57 . 2008-10-01 11:16   278,560   --ahs----   C:\WINDOWS\system32\drivers\fidbox2.dat
2008-09-27 12:57 . 2008-09-27 13:07   96,976   --a------   C:\WINDOWS\system32\drivers\klin.dat
2008-09-27 12:57 . 2008-09-27 13:07   87,855   --a------   C:\WINDOWS\system32\drivers\klick.dat
2008-09-27 12:57 . 2008-10-01 11:16   9,784   --ahs----   C:\WINDOWS\system32\drivers\fidbox.idx
2008-09-27 12:57 . 2008-10-01 11:16   4,128   --ahs----   C:\WINDOWS\system32\drivers\fidbox2.idx
2008-09-27 12:56 . 2008-09-27 12:56   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files
2008-09-27 12:32 . 2008-09-27 18:42   <DIR>   d--------   C:\Documents and Settings\Daniel\Dane aplikacji\VoipDiscount
2008-09-19 23:31 . 2008-09-19 23:32   796   --a------   C:\WINDOWS\VPlayer.INI
2008-09-19 23:31 . 2008-09-19 23:32   21   --a------   C:\WINDOWS\VplayerINI.vpl
2008-09-19 20:29 . 2008-09-30 11:11   <DIR>   d--------   C:\Program Files\NAPI-PROJEKT
2008-09-19 19:31 . 2008-09-27 13:22   <DIR>   d--------   C:\Program Files\Common Files\BioWare
2008-09-19 18:40 . 2008-09-19 18:40   <DIR>   d--------   C:\Program Files\Opera
2008-09-18 22:32 . 2008-09-18 22:32   <DIR>   d--------   C:\Program Files\Java
2008-09-18 22:32 . 2008-06-10 02:32   73,728   --a------   C:\WINDOWS\system32\javacpl.cpl
2008-09-18 22:31 . 2008-09-18 22:31   <DIR>   d--------   C:\Program Files\Common Files\Java
2008-09-07 21:42 . 2008-09-07 21:42   <DIR>   d--------   C:\Documents and Settings\Daniel\Dane aplikacji\EBookSys
2008-09-06 14:53 . 2008-09-06 14:53   <DIR>   d--------   C:\Documents and Settings\Daniel\Dane aplikacji\Gadu-Gadu

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-30 22:57   1,814,528   ----a-w   C:\WINDOWS\UNNeroVision.exe
2008-09-30 22:57   1,802,240   ----a-w   C:\WINDOWS\UNNMP.exe
2008-09-30 22:54   764,448   ----a-w   C:\WINDOWS\system32\nvcplui.exe
2008-09-29 16:03   ---------   d-----w   C:\Documents and Settings\Daniel\Dane aplikacji\Skype
2008-09-29 15:44   ---------   d-----w   C:\Documents and Settings\Daniel\Dane aplikacji\skypePM
2008-09-19 21:25   107,888   ----a-w   C:\WINDOWS\system32\CmdLineExt.dll
2008-09-19 08:05   ---------   d-----w   C:\Program Files\Skype
2008-08-20 08:41   ---------   d-----w   C:\Documents and Settings\Daniel\Dane aplikacji\Winamp
2008-08-12 20:34   ---------   d-----w   C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help
2008-08-12 20:31   ---------   d-----w   C:\Program Files\Microsoft Works
2008-08-12 09:05   ---------   d-----w   C:\Documents and Settings\Daniel\Dane aplikacji\Azureus
2008-08-11 21:43   ---------   d-----w   C:\Documents and Settings\All Users\Dane aplikacji\Azureus
2008-08-11 14:23   ---------   d-----w   C:\Documents and Settings\Daniel\Dane aplikacji\Ahead
2008-08-11 14:22   ---------   d-----w   C:\Program Files\Ahead
2008-08-11 14:18   ---------   d-----w   C:\Program Files\Common Files\Ahead
2008-08-11 14:18   ---------   d-----w   C:\Documents and Settings\All Users\Dane aplikacji\Ahead
2008-08-10 18:40   ---------   d-----w   C:\Program Files\Lavasoft
2008-08-10 18:40   ---------   d-----w   C:\Program Files\Common Files\Wise Installation Wizard
2008-08-10 18:40   ---------   d-----w   C:\Documents and Settings\All Users\Dane aplikacji\Lavasoft
2008-08-10 16:23   ---------   d-----w   C:\Documents and Settings\Daniel\Dane aplikacji\Locktime
2008-08-10 09:42   ---------   d-----w   C:\Documents and Settings\All Users\Dane aplikacji\Locktime
2008-08-09 17:33   ---------   d-----w   C:\Program Files\Common Files\NSV
2008-08-08 16:10   ---------   d-----w   C:\Program Files\WIDCOMM
2008-07-30 19:59   773,632   ----a-w   C:\WINDOWS\iun6002.exe
2008-07-16 18:51   2,041,363   ----a-w   C:\WINDOWS\system32\x264vfw.dll
2008-07-14 20:25   43,520   ----a-w   C:\WINDOWS\system32\CmdLineExt03.dll
.

(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2008-03-20 2127296]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 1667584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-02-22 13508608]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\Quickset.exe" [2007-07-20 1228800]
"OEM02Mon.exe"="C:\WINDOWS\OEM02Mon.exe" [2007-05-10 36864]
"Apoint"="C:\Program Files\DellTPad\Apoint.exe" [2007-07-02 159744]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"AVP"="D:\Programy\Kaspersky Antivir\avp.exe" [2008-04-25 201992]
"nwiz"="nwiz.exe" [2008-02-22 C:\WINDOWS\system32\nwiz.exe]
"NVHotkey"="nvHotkey.dll" [2008-02-22 C:\WINDOWS\system32\nvhotkey.dll]
"NvMediaCenter"="NvMCTray.dll" [2008-02-22 C:\WINDOWS\system32\nvmctray.dll]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 C:\WINDOWS\system32\bthprops.cpl]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-05-24 622653]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=D:\Programy\KASPER~1\mzvkbd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3fhg"= mp3fhg.acm
"msacm.divxa32"= divxa32.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"VIDC.YV12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"E:\\Gry\\Mass effect\\Binaries\\MassEffect.exe"=
"E:\\Gry\\Mass effect\\MassEffectLauncher.exe"=
"D:\\Programy\\VoipDiscount\\VoipDiscount.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [2008-01-29 32784]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-03-25 24592]
R3 OEM02Afx;Provides a software interface to control audio effects of OEM002 camera.;C:\WINDOWS\system32\Drivers\OEM02Afx.sys [2007-06-08 141376]
R3 OEM02Dev;Creative Camera OEM002 Driver;C:\WINDOWS\system32\DRIVERS\OEM02Dev.sys [2007-05-10 235584]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;C:\WINDOWS\system32\DRIVERS\OEM02Vfx.sys [2007-03-05 7424]
.
.
------- Skan uzupełniający -------
.
R0 -: HKCU-Main,Start Page = about:blank
O8 -: E&ksportuj do programu Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 -: Wyślij do urządzenia &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O17 -: HKLM\CCS\Interface\{ABC6044A-28F1-478C-84EA-675DD34C219B}: NameServer = 194.204.159.1,194.204.152.34
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-01 11:17:27
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\hidfind.exe
C:\Program Files\DellTPad\ApntEx.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\stacsv.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiadap.exe
.
**************************************************************************
.
Czas ukończenia: 2008-10-01 11:18:56 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt  2008-10-01 09:18:52

Przed: 7˙231˙930˙368 bajt˘w wolnych
Po: 7,298,486,272 bajt˘w wolnych

166


Log z HijackThis:

Kod: Zaznacz wszystko

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:56:07, on 2008-10-01
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Dell\QuickSet\Quickset.exe
C:\WINDOWS\OEM02Mon.exe
C:\Program Files\DellTPad\Apoint.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\DellTPad\Apntex.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\STacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
D:\Programy\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - D:\Programy\Kaspersky Antivir\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [UIUCU] C:\DOCUME~1\Daniel\USTAWI~1\Temp\UIUCU.EXE -CLEAN_UP -S
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\Quickset.exe
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\WINDOWS\OEM02Mon.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AVP] "D:\Programy\Kaspersky Antivir\avp.exe"
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Wyślij do urządzenia &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Statystyki ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - D:\Programy\Kaspersky Antivir\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virusscanner/kavwebscan_unicode.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{ABC6044A-28F1-478C-84EA-675DD34C219B}: NameServer = 194.204.159.1,194.204.152.34
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: D:\Programy\KASPER~1\mzvkbd.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - D:\Programy\Kaspersky Antivir\avp.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\STacSV.exe

--
End of file - 6038 bytes


Prosze o pomoc!!!

[djarta]

Log jest prawie czysty. Napisałem "chyba", ponieważ:

-------\Legacy_POWERMANAGER
-------\Service_PowerManager

To jest wirus JEEFO który infekuje wszystkie końcówki *.exe!

Przeskanuj system Dr.WEB CureIt! i Kaspersky Virus Removal Tool. Jeżeli skanery znajdą zainfekowane pliki, to wylecz je lub usuń.


=============================
K.

[snaker6661]

Przeskanowalem programem Kaspersky Virus Removal Tool i wyskoczyl mi tylko ze znalazl dwa zainfekowane pliki:
C:\windows\system32\wextract.exe
C:\windows\system32\dllcache\wextract.exe

przz wirusa Win32.Zlob.zxc. Po czym pomyslenie je usunal ale windows ostrzegl przed utrata niestabilosci spowodowanej utrata waznych plikow. Ponizej raz jeszce zalaczam nowe logi :

Hijackthis

Kod: Zaznacz wszystko

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:03:06, on 2008-10-02
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Dell\QuickSet\Quickset.exe
C:\WINDOWS\OEM02Mon.exe
C:\Program Files\DellTPad\Apoint.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\STacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
D:\Programy\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - D:\Programy\Kaspersky Antivir\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\Quickset.exe
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\WINDOWS\OEM02Mon.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AVP] "D:\Programy\Kaspersky Antivir\avp.exe"
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Wyślij do urządzenia &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Statystyki ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - D:\Programy\Kaspersky Antivir\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virusscanner/kavwebscan_unicode.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{ABC6044A-28F1-478C-84EA-675DD34C219B}: NameServer = 194.204.159.1,194.204.152.34
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: D:\Programy\KASPER~1\mzvkbd.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - D:\Programy\Kaspersky Antivir\avp.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\STacSV.exe

--
End of file - 6205 bytes


Combofix:

Kod: Zaznacz wszystko

ComboFix 08-09-30.03 - Daniel 2008-10-02  2:04:06.2 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1250.1.1045.18.1489 [GMT 2:00]
Uruchomiony z: D:\Instalki\ComboFix.exe

[color=red][b]UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !![/b][/color]
.

(((((((((((((((((((((((((   Pliki utworzone od 2008-09-02 do 2008-10-02  )))))))))))))))))))))))))))))))
.

2008-10-02 00:28 . 2008-10-02 00:28   <DIR>   d--------   C:\WINDOWS\LastGood
2008-10-01 12:53 . 2008-10-01 12:52   176,640   --a------   C:\WINDOWS\Max_delete.exe
2008-10-01 12:47 . 2008-10-01 12:47   <DIR>   d--------   C:\Documents and Settings\Daniel\Dane aplikacji\Lavasoft
2008-10-01 12:45 . 2008-10-01 12:45   <DIR>   d--------   C:\Program Files\Common Files\Lavasoft
2008-10-01 12:45 . 2008-10-01 12:45   <DIR>   d--h-----   C:\Documents and Settings\All Users\Dane aplikacji\{851289A0-9D69-4FBC-A269-207EF2E63B32}
2008-10-01 01:21 . 2008-10-01 01:21   <DIR>   d--------   C:\WINDOWS\system32\Kaspersky Lab
2008-09-27 12:57 . 2008-10-02 00:29   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab
2008-09-27 12:57 . 2008-10-01 18:37   1,437,216   --ahs----   C:\WINDOWS\system32\drivers\fidbox.dat
2008-09-27 12:57 . 2008-10-01 13:29   303,136   --ahs----   C:\WINDOWS\system32\drivers\fidbox2.dat
2008-09-27 12:57 . 2008-09-27 13:07   96,976   --a------   C:\WINDOWS\system32\drivers\klin.dat
2008-09-27 12:57 . 2008-09-27 13:07   87,855   --a------   C:\WINDOWS\system32\drivers\klick.dat
2008-09-27 12:57 . 2008-10-01 18:37   14,404   --ahs----   C:\WINDOWS\system32\drivers\fidbox.idx
2008-09-27 12:57 . 2008-10-01 13:29   4,212   --ahs----   C:\WINDOWS\system32\drivers\fidbox2.idx
2008-09-27 12:56 . 2008-09-27 12:56   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files
2008-09-27 12:32 . 2008-09-27 18:42   <DIR>   d--------   C:\Documents and Settings\Daniel\Dane aplikacji\VoipDiscount
2008-09-19 23:31 . 2008-09-19 23:32   796   --a------   C:\WINDOWS\VPlayer.INI
2008-09-19 23:31 . 2008-09-19 23:32   21   --a------   C:\WINDOWS\VplayerINI.vpl
2008-09-19 20:29 . 2008-09-30 11:11   <DIR>   d--------   C:\Program Files\NAPI-PROJEKT
2008-09-19 19:31 . 2008-09-27 13:22   <DIR>   d--------   C:\Program Files\Common Files\BioWare
2008-09-19 18:40 . 2008-09-19 18:40   <DIR>   d--------   C:\Program Files\Opera
2008-09-18 22:32 . 2008-09-18 22:32   <DIR>   d--------   C:\Program Files\Java
2008-09-18 22:32 . 2008-06-10 02:32   73,728   --a------   C:\WINDOWS\system32\javacpl.cpl
2008-09-18 22:31 . 2008-09-18 22:31   <DIR>   d--------   C:\Program Files\Common Files\Java
2008-09-07 21:42 . 2008-09-07 21:42   <DIR>   d--------   C:\Documents and Settings\Daniel\Dane aplikacji\EBookSys
2008-09-06 14:53 . 2008-09-06 14:53   <DIR>   d--------   C:\Documents and Settings\Daniel\Dane aplikacji\Gadu-Gadu

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-01 22:15   ---------   d-----w   C:\Program Files\DAEMON Tools Toolbar
2008-10-01 11:36   293,376   ----a-w   C:\WINDOWS\system32\WISPTIS.EXE
2008-10-01 11:35   442,368   ----a-w   C:\WINDOWS\system32\nvappbar.exe
2008-10-01 11:35   360,448   ----a-w   C:\WINDOWS\system32\nvuninst.exe
2008-10-01 11:35   360,448   ----a-w   C:\WINDOWS\system32\nvudisp.exe
2008-10-01 11:35   147,456   ----a-w   C:\WINDOWS\system32\nvcolor.exe
2008-10-01 11:35   1,339,392   ----a-w   C:\WINDOWS\system32\nvdspsch.exe
2008-10-01 11:34   425,984   ----a-w   C:\WINDOWS\system32\keystone.exe
2008-10-01 11:32   737,280   ----a-w   C:\WINDOWS\iun6002.exe
2008-10-01 11:32   405,504   ----a-w   C:\WINDOWS\stsystra.exe
2008-10-01 11:06   ---------   d--h--w   C:\Program Files\InstallShield Installation Information
2008-10-01 11:06   ---------   d-----w   C:\Program Files\Common Files\InstallShield
2008-09-30 22:57   1,814,528   ----a-w   C:\WINDOWS\UNNeroVision.exe
2008-09-30 22:57   1,802,240   ----a-w   C:\WINDOWS\UNNMP.exe
2008-09-30 22:54   764,448   ----a-w   C:\WINDOWS\system32\nvcplui.exe
2008-09-29 16:03   ---------   d-----w   C:\Documents and Settings\Daniel\Dane aplikacji\Skype
2008-09-29 15:44   ---------   d-----w   C:\Documents and Settings\Daniel\Dane aplikacji\skypePM
2008-09-19 21:25   107,888   ----a-w   C:\WINDOWS\system32\CmdLineExt.dll
2008-09-19 08:05   ---------   d-----w   C:\Program Files\Skype
2008-08-20 08:41   ---------   d-----w   C:\Documents and Settings\Daniel\Dane aplikacji\Winamp
2008-08-12 20:34   ---------   d-----w   C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help
2008-08-12 20:31   ---------   d-----w   C:\Program Files\Microsoft Works
2008-08-12 09:05   ---------   d-----w   C:\Documents and Settings\Daniel\Dane aplikacji\Azureus
2008-08-11 21:43   ---------   d-----w   C:\Documents and Settings\All Users\Dane aplikacji\Azureus
2008-08-11 14:23   ---------   d-----w   C:\Documents and Settings\Daniel\Dane aplikacji\Ahead
2008-08-11 14:18   ---------   d-----w   C:\Program Files\Common Files\Ahead
2008-08-11 14:18   ---------   d-----w   C:\Documents and Settings\All Users\Dane aplikacji\Ahead
2008-08-10 18:40   ---------   d-----w   C:\Program Files\Lavasoft
2008-08-10 18:40   ---------   d-----w   C:\Program Files\Common Files\Wise Installation Wizard
2008-08-10 18:40   ---------   d-----w   C:\Documents and Settings\All Users\Dane aplikacji\Lavasoft
2008-08-10 16:23   ---------   d-----w   C:\Documents and Settings\Daniel\Dane aplikacji\Locktime
2008-08-10 09:42   ---------   d-----w   C:\Documents and Settings\All Users\Dane aplikacji\Locktime
2008-08-09 17:33   ---------   d-----w   C:\Program Files\Common Files\NSV
2008-08-08 16:10   ---------   d-----w   C:\Program Files\WIDCOMM
2008-07-16 18:51   2,041,363   ----a-w   C:\WINDOWS\system32\x264vfw.dll
2008-07-14 20:25   43,520   ----a-w   C:\WINDOWS\system32\CmdLineExt03.dll
.

(((((((((((((((((((((((((((((   snapshot@2008-10-01_11.18.20.71   )))))))))))))))))))))))))))))))))))))))))
.
- 2005-05-04 12:45:28   249,056   -c----w   C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe
+ 2008-10-01 11:31:13   212,704   -c--a-w   C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe
- 2004-03-17 12:36:50   200,704   -c----w   C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
+ 2008-10-01 11:31:17   164,352   -c--a-w   C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
- 2006-10-08 19:51:14   257,840   -c----w   C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe
+ 2008-10-01 11:31:22   221,488   -c--a-w   C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe
+ 2008-07-08 12:54:02   148,496   ----a-w   C:\WINDOWS\LastGood\system32\DRIVERS\80401660.sys
- 2004-08-03 22:44:22   140,288   ----a-w   C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$BACKUP$\System\logagent.exe
+ 2008-10-01 11:32:21   103,936   ----a-w   C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$BACKUP$\System\logagent.exe
- 2007-07-02 11:29:00   196,096   -c--a-w   C:\WINDOWS\system32\DRVSTORE\apfiltr_CA2C03911ED53E3962ED95FC8F4E700516728A03\Apoint.exe
+ 2008-10-01 11:34:10   159,744   -c--a-w   C:\WINDOWS\system32\DRVSTORE\apfiltr_CA2C03911ED53E3962ED95FC8F4E700516728A03\Apoint.exe
- 2007-06-24 16:59:00   253,440   -c--a-w   C:\WINDOWS\system32\DRVSTORE\apfiltr_CA2C03911ED53E3962ED95FC8F4E700516728A03\Uninstap.exe
+ 2008-10-01 11:34:19   217,088   -c--a-w   C:\WINDOWS\system32\DRVSTORE\apfiltr_CA2C03911ED53E3962ED95FC8F4E700516728A03\Uninstap.exe
- 2008-06-09 23:21:04   171,520   ----a-w   C:\WINDOWS\system32\javaw.exe
+ 2008-10-01 11:34:39   135,168   ----a-w   C:\WINDOWS\system32\javaw.exe
- 2008-06-10 00:32:34   175,616   ----a-w   C:\WINDOWS\system32\javaws.exe
+ 2008-10-01 11:34:46   139,264   ----a-w   C:\WINDOWS\system32\javaws.exe
- 2008-03-25 03:21:20   254,848   ----a-w   C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2008-10-01 11:35:03   218,496   ----a-w   C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
- 2008-09-30 23:23:10   41,170   ----a-w   C:\WINDOWS\system32\perfc009.dat
+ 2008-10-01 11:00:16   41,170   ----a-w   C:\WINDOWS\system32\perfc009.dat
- 2008-09-30 23:23:10   51,166   ----a-w   C:\WINDOWS\system32\perfc015.dat
+ 2008-10-01 11:00:16   51,166   ----a-w   C:\WINDOWS\system32\perfc015.dat
- 2008-09-30 23:23:10   314,842   ----a-w   C:\WINDOWS\system32\perfh009.dat
+ 2008-10-01 11:00:16   314,842   ----a-w   C:\WINDOWS\system32\perfh009.dat
- 2008-09-30 23:23:10   359,416   ----a-w   C:\WINDOWS\system32\perfh015.dat
+ 2008-10-01 11:00:16   359,416   ----a-w   C:\WINDOWS\system32\perfh015.dat
+ 2008-10-01 11:09:15   16,384   ----atw   C:\WINDOWS\temp\Perflib_Perfdata_72c.dat
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2008-03-20 2127296]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 1667584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-02-22 13508608]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\Quickset.exe" [2007-07-20 1228800]
"OEM02Mon.exe"="C:\WINDOWS\OEM02Mon.exe" [2007-05-10 36864]
"Apoint"="C:\Program Files\DellTPad\Apoint.exe" [2007-07-02 159744]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"AVP"="D:\Programy\Kaspersky Antivir\avp.exe" [2008-04-25 201992]
"nwiz"="nwiz.exe" [2008-02-22 C:\WINDOWS\system32\nwiz.exe]
"NVHotkey"="nvHotkey.dll" [2008-02-22 C:\WINDOWS\system32\nvhotkey.dll]
"NvMediaCenter"="NvMCTray.dll" [2008-02-22 C:\WINDOWS\system32\nvmctray.dll]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 C:\WINDOWS\system32\bthprops.cpl]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-05-24 622653]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=D:\Programy\KASPER~1\mzvkbd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3fhg"= mp3fhg.acm
"msacm.divxa32"= divxa32.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"VIDC.YV12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"E:\\Gry\\Mass effect\\Binaries\\MassEffect.exe"=
"E:\\Gry\\Mass effect\\MassEffectLauncher.exe"=
"D:\\Programy\\VoipDiscount\\VoipDiscount.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [2008-01-29 32784]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-03-25 24592]
R3 OEM02Afx;Provides a software interface to control audio effects of OEM002 camera.;C:\WINDOWS\system32\Drivers\OEM02Afx.sys [2007-06-08 141376]
R3 OEM02Dev;Creative Camera OEM002 Driver;C:\WINDOWS\system32\DRIVERS\OEM02Dev.sys [2007-05-10 235584]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;C:\WINDOWS\system32\DRIVERS\OEM02Vfx.sys [2007-03-05 7424]

*Newly Created Service* - IS-RQ5SBDRV
.
.
------- Skan uzupełniający -------
.
R0 -: HKCU-Main,Start Page = about:blank
O8 -: E&ksportuj do programu Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 -: Wyślij do urządzenia &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O17 -: HKLM\CCS\Interface\{ABC6044A-28F1-478C-84EA-675DD34C219B}: NameServer = 194.204.159.1,194.204.152.34
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-02 02:05:15
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
Czas ukończenia: 2008-10-02  2:05:53
ComboFix-quarantined-files.txt  2008-10-02 00:05:50

Przed: 8˙853˙655˙552 bajt˘w wolnych
Po: 8,845,819,904 bajt˘w wolnych

184


Prosze o dalsza pomoc!!!

[wojtas]

Wykonaj to co jest podane w tym temacie

Zastosuj SDFix . Po pobraniu uruchom go a rozpakuje się do C:\SDFix. Uruchom komputer w trybie awaryjnym (F8 przy stracie systemu). Będąc w awaryjnym uruchom plik RunThis.bat z folderu SDFixa. Zatwierdź czyszczenie przez Y. Poczekaj aż ukończy i komputer zresetuje

Potem wejdz do folderu C:\SDFix wrzuc zawartość pliku Report.txt + log z combofixa oraz daj loga z hijacka

[snaker6661]

Wykonalem wszytsko jak doradziles. zalaczam raporty nizej:
raport z SDFix:

Kod: Zaznacz wszystko

[b]SDFix: Version 1.230 [/b]
Run by Administrator on 2008-10-03 at 23:28

Microsoft Windows XP [Wersja 5.1.2600]
Running From: C:\SDFix

[b]Checking Services [/b]:


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


[b]Checking Files [/b]:

No Trojan Files Found






Removing Temp Files

[b]ADS Check [/b]:



                                 [b]Final Check [/b]:

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-03 23:30:31
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e4ce24b3e]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:f0,26,98,09,e1,88,c0,2e,c0,46,24,dc,76,ed,01,79,94,5b,6c,6b,6b,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001e4ce24b3e]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:f0,26,98,09,e1,88,c0,2e,c0,46,24,dc,76,ed,01,79,94,5b,6c,6b,6b,..

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


[b]Remaining Services [/b]:




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"E:\\Gry\\Mass effect\\Binaries\\MassEffect.exe"="E:\\Gry\\Mass effect\\Binaries\\MassEffect.exe:*:Enabled:Mass Effect Game"
"E:\\Gry\\Mass effect\\MassEffectLauncher.exe"="E:\\Gry\\Mass effect\\MassEffectLauncher.exe:*:Enabled:Mass Effect Launcher"
"D:\\Programy\\VoipDiscount\\VoipDiscount.exe"="D:\\Programy\\VoipDiscount\\VoipDiscount.exe:*:Enabled:VoipDiscount"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[b]Remaining Files [/b]:



[b]Files with Hidden Attributes [/b]:


[b]Finished![/b]



Log z combofix:

Kod: Zaznacz wszystko

ComboFix 08-09-30.03 - Daniel 2008-10-03 23:15:04.4 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1250.1.1045.18.1583 [GMT 2:00]
Uruchomiony z: D:\Instalki\ComboFix.exe
Użyto następujących komend :: D:\Instalki\CFScript.txt
* Utworzono nowy punkt przywracania

[color=red][b]UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !![/b][/color]
.

(((((((((((((((((((((((((   Pliki utworzone od 2008-09-03 do 2008-10-03  )))))))))))))))))))))))))))))))
.

2008-10-03 12:30 . 2008-10-03 12:30   135   --a------   C:\WINDOWS\wcx_ftp.ini
2008-10-03 12:25 . 2008-10-03 13:01   2,295   --a------   C:\WINDOWS\wincmd.ini
2008-10-03 12:25 . 2008-07-29 07:04   545   --a------   C:\WINDOWS\UC.PIF
2008-10-03 12:25 . 2008-07-29 07:04   545   --a------   C:\WINDOWS\RAR.PIF
2008-10-03 12:25 . 2008-07-29 07:04   545   --a------   C:\WINDOWS\PKZIP.PIF
2008-10-03 12:25 . 2008-07-29 07:04   545   --a------   C:\WINDOWS\PKUNZIP.PIF
2008-10-03 12:25 . 2008-07-29 07:04   545   --a------   C:\WINDOWS\NOCLOSE.PIF
2008-10-03 12:25 . 2008-07-29 07:04   545   --a------   C:\WINDOWS\LHA.PIF
2008-10-03 12:25 . 2008-07-29 07:04   545   --a------   C:\WINDOWS\ARJ.PIF
2008-10-02 12:09 . 2008-10-02 12:09   <DIR>   d--------   C:\Documents and Settings\Administrator
2008-10-02 12:03 . 2008-10-02 12:03   <DIR>   d--------   C:\SOPHTEMP
2008-10-01 12:53 . 2008-10-01 12:52   176,640   --a------   C:\WINDOWS\Max_delete.exe
2008-10-01 12:47 . 2008-10-01 12:47   <DIR>   d--------   C:\Documents and Settings\Daniel\Dane aplikacji\Lavasoft
2008-10-01 01:21 . 2008-10-01 01:21   <DIR>   d--------   C:\WINDOWS\system32\Kaspersky Lab
2008-09-27 12:57 . 2008-10-03 21:45   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab
2008-09-27 12:57 . 2008-10-03 13:55   1,437,216   --ahs----   C:\WINDOWS\system32\drivers\fidbox.dat
2008-09-27 12:57 . 2008-10-03 23:14   311,328   --ahs----   C:\WINDOWS\system32\drivers\fidbox2.dat
2008-09-27 12:57 . 2008-09-27 13:07   96,976   --a------   C:\WINDOWS\system32\drivers\klin.dat
2008-09-27 12:57 . 2008-09-27 13:07   87,855   --a------   C:\WINDOWS\system32\drivers\klick.dat
2008-09-27 12:57 . 2008-10-03 13:55   14,404   --ahs----   C:\WINDOWS\system32\drivers\fidbox.idx
2008-09-27 12:57 . 2008-10-03 23:14   4,240   --ahs----   C:\WINDOWS\system32\drivers\fidbox2.idx
2008-09-27 12:56 . 2008-09-27 12:56   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files
2008-09-27 12:32 . 2008-09-27 18:42   <DIR>   d--------   C:\Documents and Settings\Daniel\Dane aplikacji\VoipDiscount
2008-09-19 23:31 . 2008-09-19 23:32   796   --a------   C:\WINDOWS\VPlayer.INI
2008-09-19 23:31 . 2008-09-19 23:32   21   --a------   C:\WINDOWS\VplayerINI.vpl
2008-09-19 20:29 . 2008-09-30 11:11   <DIR>   d--------   C:\Program Files\NAPI-PROJEKT
2008-09-19 19:31 . 2008-09-27 13:22   <DIR>   d--------   C:\Program Files\Common Files\BioWare
2008-09-19 18:40 . 2008-09-19 18:40   <DIR>   d--------   C:\Program Files\Opera
2008-09-18 22:32 . 2008-09-18 22:32   <DIR>   d--------   C:\Program Files\Java
2008-09-18 22:32 . 2008-06-10 02:32   73,728   --a------   C:\WINDOWS\system32\javacpl.cpl
2008-09-18 22:31 . 2008-09-18 22:31   <DIR>   d--------   C:\Program Files\Common Files\Java
2008-09-07 21:42 . 2008-09-07 21:42   <DIR>   d--------   C:\Documents and Settings\Daniel\Dane aplikacji\EBookSys
2008-09-06 14:53 . 2008-09-06 14:53   <DIR>   d--------   C:\Documents and Settings\Daniel\Dane aplikacji\Gadu-Gadu

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-03 08:58   ---------   d-----w   C:\Documents and Settings\Daniel\Dane aplikacji\Skype
2008-10-03 08:57   ---------   d-----w   C:\Documents and Settings\Daniel\Dane aplikacji\skypePM
2008-10-01 22:15   ---------   d-----w   C:\Program Files\DAEMON Tools Toolbar
2008-10-01 11:36   293,376   ----a-w   C:\WINDOWS\system32\WISPTIS.EXE
2008-10-01 11:35   442,368   ----a-w   C:\WINDOWS\system32\nvappbar.exe
2008-10-01 11:35   360,448   ----a-w   C:\WINDOWS\system32\nvuninst.exe
2008-10-01 11:35   360,448   ----a-w   C:\WINDOWS\system32\nvudisp.exe
2008-10-01 11:35   147,456   ----a-w   C:\WINDOWS\system32\nvcolor.exe
2008-10-01 11:35   1,339,392   ----a-w   C:\WINDOWS\system32\nvdspsch.exe
2008-10-01 11:34   425,984   ----a-w   C:\WINDOWS\system32\keystone.exe
2008-10-01 11:32   737,280   ----a-w   C:\WINDOWS\iun6002.exe
2008-10-01 11:32   405,504   ----a-w   C:\WINDOWS\stsystra.exe
2008-10-01 11:06   ---------   d--h--w   C:\Program Files\InstallShield Installation Information
2008-10-01 11:06   ---------   d-----w   C:\Program Files\Common Files\InstallShield
2008-09-30 22:57   1,814,528   ----a-w   C:\WINDOWS\UNNeroVision.exe
2008-09-30 22:57   1,802,240   ----a-w   C:\WINDOWS\UNNMP.exe
2008-09-30 22:54   764,448   ----a-w   C:\WINDOWS\system32\nvcplui.exe
2008-09-19 21:25   107,888   ----a-w   C:\WINDOWS\system32\CmdLineExt.dll
2008-09-19 08:05   ---------   d-----w   C:\Program Files\Skype
2008-08-20 08:41   ---------   d-----w   C:\Documents and Settings\Daniel\Dane aplikacji\Winamp
2008-08-12 20:34   ---------   d-----w   C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help
2008-08-12 20:31   ---------   d-----w   C:\Program Files\Microsoft Works
2008-08-12 09:05   ---------   d-----w   C:\Documents and Settings\Daniel\Dane aplikacji\Azureus
2008-08-11 21:43   ---------   d-----w   C:\Documents and Settings\All Users\Dane aplikacji\Azureus
2008-08-11 14:23   ---------   d-----w   C:\Documents and Settings\Daniel\Dane aplikacji\Ahead
2008-08-11 14:18   ---------   d-----w   C:\Program Files\Common Files\Ahead
2008-08-11 14:18   ---------   d-----w   C:\Documents and Settings\All Users\Dane aplikacji\Ahead
2008-08-10 18:40   ---------   d-----w   C:\Program Files\Lavasoft
2008-08-10 18:40   ---------   d-----w   C:\Program Files\Common Files\Wise Installation Wizard
2008-08-10 18:40   ---------   d-----w   C:\Documents and Settings\All Users\Dane aplikacji\Lavasoft
2008-08-10 16:23   ---------   d-----w   C:\Documents and Settings\Daniel\Dane aplikacji\Locktime
2008-08-10 09:42   ---------   d-----w   C:\Documents and Settings\All Users\Dane aplikacji\Locktime
2008-08-09 17:33   ---------   d-----w   C:\Program Files\Common Files\NSV
2008-08-08 16:10   ---------   d-----w   C:\Program Files\WIDCOMM
2008-07-16 18:51   2,041,363   ----a-w   C:\WINDOWS\system32\x264vfw.dll
2008-07-14 20:25   43,520   ----a-w   C:\WINDOWS\system32\CmdLineExt03.dll
.

((((((((((((((((((((((((((((((((((((((((((((   Look   )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\Documents and Settings\All Users\Dane aplikacji\{851289A0-9D69-4FBC-A269-207EF2E63B32} ----

         C:\Documents and Settings\All Users\Dane aplikacji\{851289A0-9D69-4FBC-A269-207EF2E63B32}\


(((((((((((((((((((((((((((((   snapshot@2008-10-01_11.18.20.71   )))))))))))))))))))))))))))))))))))))))))
.
- 2005-05-04 12:45:28   249,056   -c----w   C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe
+ 2008-10-01 11:31:13   212,704   -c--a-w   C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe
- 2004-03-17 12:36:50   200,704   -c----w   C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
+ 2008-10-01 11:31:17   164,352   -c--a-w   C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
- 2006-10-08 19:51:14   257,840   -c----w   C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe
+ 2008-10-01 11:31:22   221,488   -c--a-w   C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe
- 2004-08-03 22:44:22   140,288   ----a-w   C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$BACKUP$\System\logagent.exe
+ 2008-10-01 11:32:21   103,936   ----a-w   C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$BACKUP$\System\logagent.exe
- 2007-07-02 11:29:00   196,096   -c--a-w   C:\WINDOWS\system32\DRVSTORE\apfiltr_CA2C03911ED53E3962ED95FC8F4E700516728A03\Apoint.exe
+ 2008-10-01 11:34:10   159,744   -c--a-w   C:\WINDOWS\system32\DRVSTORE\apfiltr_CA2C03911ED53E3962ED95FC8F4E700516728A03\Apoint.exe
- 2007-06-24 16:59:00   253,440   -c--a-w   C:\WINDOWS\system32\DRVSTORE\apfiltr_CA2C03911ED53E3962ED95FC8F4E700516728A03\Uninstap.exe
+ 2008-10-01 11:34:19   217,088   -c--a-w   C:\WINDOWS\system32\DRVSTORE\apfiltr_CA2C03911ED53E3962ED95FC8F4E700516728A03\Uninstap.exe
- 2008-06-09 23:21:04   171,520   ----a-w   C:\WINDOWS\system32\javaw.exe
+ 2008-10-01 11:34:39   135,168   ----a-w   C:\WINDOWS\system32\javaw.exe
- 2008-06-10 00:32:34   175,616   ----a-w   C:\WINDOWS\system32\javaws.exe
+ 2008-10-01 11:34:46   139,264   ----a-w   C:\WINDOWS\system32\javaws.exe
- 2008-03-25 03:21:20   254,848   ----a-w   C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2008-10-01 11:35:03   218,496   ----a-w   C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
- 2008-09-30 23:23:10   41,170   ----a-w   C:\WINDOWS\system32\perfc009.dat
+ 2008-10-03 19:49:35   41,170   ----a-w   C:\WINDOWS\system32\perfc009.dat
- 2008-09-30 23:23:10   51,166   ----a-w   C:\WINDOWS\system32\perfc015.dat
+ 2008-10-03 19:49:35   51,166   ----a-w   C:\WINDOWS\system32\perfc015.dat
- 2008-09-30 23:23:10   314,842   ----a-w   C:\WINDOWS\system32\perfh009.dat
+ 2008-10-03 19:49:35   314,842   ----a-w   C:\WINDOWS\system32\perfh009.dat
- 2008-09-30 23:23:10   359,416   ----a-w   C:\WINDOWS\system32\perfh015.dat
+ 2008-10-03 19:49:35   359,416   ----a-w   C:\WINDOWS\system32\perfh015.dat
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 1667584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-02-22 13508608]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\Quickset.exe" [2007-07-20 1228800]
"OEM02Mon.exe"="C:\WINDOWS\OEM02Mon.exe" [2007-05-10 36864]
"Apoint"="C:\Program Files\DellTPad\Apoint.exe" [2007-07-02 159744]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"AVP"="D:\Programy\Kaspersky Antivir\avp.exe" [2008-04-25 201992]
"nwiz"="nwiz.exe" [2008-02-22 C:\WINDOWS\system32\nwiz.exe]
"NVHotkey"="nvHotkey.dll" [2008-02-22 C:\WINDOWS\system32\nvhotkey.dll]
"NvMediaCenter"="NvMCTray.dll" [2008-02-22 C:\WINDOWS\system32\nvmctray.dll]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 C:\WINDOWS\system32\bthprops.cpl]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-05-24 622653]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=D:\Programy\KASPER~1\mzvkbd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3fhg"= mp3fhg.acm
"msacm.divxa32"= divxa32.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"VIDC.YV12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"E:\\Gry\\Mass effect\\Binaries\\MassEffect.exe"=
"E:\\Gry\\Mass effect\\MassEffectLauncher.exe"=
"D:\\Programy\\VoipDiscount\\VoipDiscount.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [2008-01-29 32784]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-03-25 24592]
R3 OEM02Afx;Provides a software interface to control audio effects of OEM002 camera.;C:\WINDOWS\system32\Drivers\OEM02Afx.sys [2007-06-08 141376]
R3 OEM02Dev;Creative Camera OEM002 Driver;C:\WINDOWS\system32\DRIVERS\OEM02Dev.sys [2007-05-10 235584]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;C:\WINDOWS\system32\DRIVERS\OEM02Vfx.sys [2007-03-05 7424]
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-03 23:16:19
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
Czas ukończenia: 2008-10-03 23:16:52
ComboFix-quarantined-files.txt  2008-10-03 21:16:50
ComboFix2.txt  2008-10-02 00:05:54

Przed: 8˙897˙462˙272 bajt˘w wolnych
Po: 8,892,792,832 bajt˘w wolnych

187


Log z HijackThis:

Kod: Zaznacz wszystko

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:33:17, on 2008-10-03
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\STacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Dell\QuickSet\Quickset.exe
C:\WINDOWS\OEM02Mon.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\WINDOWS\System32\svchost.exe
D:\Programy\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - D:\Programy\Kaspersky Antivir\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\Quickset.exe
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\WINDOWS\OEM02Mon.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AVP] "D:\Programy\Kaspersky Antivir\avp.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Wyślij do urządzenia &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Statystyki ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - D:\Programy\Kaspersky Antivir\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virusscanner/kavwebscan_unicode.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{ABC6044A-28F1-478C-84EA-675DD34C219B}: NameServer = 194.204.159.1,194.204.152.34
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: D:\Programy\KASPER~1\mzvkbd.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - D:\Programy\Kaspersky Antivir\avp.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\STacSV.exe

--
End of file - 6211 bytes


Co dalej? jak to wyglada?Z gory wielkie dzieki za pomoc!!!

[djarta]

SDFix - czysto.

ComboFix - czysto.

HijackThis - czysto.

Przeskanuj kompa tym programem: KVRT


=================================
K.

[snaker6661]

Witam!
Przeskanowalem ale program nic nie wykryl. dziekuje za pomoc i dobre rady!!! Zamykam temat