Wolny internet bardzo / log

[cnx1234]

Otoz mam problem najbardziej z netem mam 512 radiowke czy tam sieciowke. Najczesciej w poludnie wogle nie moge grac przez gry sieciowe ani na necie siedziec .Jak sciagalkem tera hijackits i combofix to max transfer 10 a najmiejszy prawie ciagle 1,2,3KB/s. Reinstalke mialem niedawno windowsa z pol miesiaca temu, bo wczesniej byli administratorzy i ze komp jest zafirusowany itp a jak zainstalowali cos tam to juz ok bylo przez 2 dni bylo dobrze i pozniej dalej to samo czyli wolny net

Oto logi :

Hijackthis

Kod: Zaznacz wszystko

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:58:28, on 2009-01-07
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\gamaa adjuster\GammaAdjuster.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\RALINK\Common\RaUI.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Opera\Opera.exe
C:\WINDOWS\system32\ssstars.scr
C:\WINDOWS\system32\ssstars.scr
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Softonic English Toolbar - {930f1200-f5f1-4870-bac6-e233ec8e7023} - C:\Program Files\Softonic_English\tbSoft.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Softonic English Toolbar - {930f1200-f5f1-4870-bac6-e233ec8e7023} - C:\Program Files\Softonic_English\tbSoft.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Softonic English Toolbar - {930f1200-f5f1-4870-bac6-e233ec8e7023} - C:\Program Files\Softonic_English\tbSoft.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [GammaAdjuster] C:\gamaa adjuster\GammaAdjuster.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [ALLUpdate] "C:\Program Files\ALLPlayer\ALLUpdate.exe" "sleep"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 4376 bytes

Combofix

Kod: Zaznacz wszystko

ComboFix 09-01-07.01 - N 2009-01-07 19:21:42.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1250.1.1045.18.511.256 [GMT 1:00]
Uruchomiony z: c:\instalki\ComboFix.exe
* Utworzono nowy punkt przywracania
* Resident AV is active

.

(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\acfedcbad_z.dll

.
(((((((((((((((((((((((((   Pliki utworzone od 2008-12-07 do 2009-01-07  )))))))))))))))))))))))))))))))
.

2009-01-07 18:58 . 2009-01-07 18:58   <DIR>   d--------   c:\program files\Trend Micro
2009-01-01 12:32 . 2004-08-03 23:08   26,496   --a--c---   c:\windows\system32\dllcache\usbstor.sys
2009-01-01 00:19 . 2009-01-07 16:07   <DIR>   d--------   c:\program files\Metin2_PL
2008-12-31 13:59 . 2008-12-31 13:59   169   --a------   c:\windows\RtlRack.ini
2008-12-31 13:51 . 2008-12-31 13:51   <DIR>   d--------   c:\windows\system32\Lang
2008-12-31 13:50 . 2007-11-14 15:18   553   --a------   c:\windows\USetup.iss
2008-12-31 13:49 . 2008-12-31 13:49   <DIR>   d--------   c:\program files\Realtek
2008-12-29 14:02 . 2008-12-29 14:02   301,568   --a------   c:\windows\system32\l3codecp.acm
2008-12-29 14:01 . 2008-12-29 14:01   921,600   --a------   c:\windows\system32\vorbisenc.dll
2008-12-29 14:01 . 2008-12-29 14:01   892,928   --a------   c:\windows\system32\iconv.dll
2008-12-29 14:01 . 2008-12-29 14:01   675,840   --a------   c:\windows\system32\ac3filter.ax
2008-12-29 14:01 . 2008-12-29 14:01   237,568   --a------   c:\windows\system32\OggDS.dll
2008-12-29 14:01 . 2008-12-29 14:01   118,784   --a------   c:\windows\system32\ac3acm.acm
2008-12-29 14:00 . 2008-12-29 14:00   1,415,680   --a------   c:\windows\system32\WMV9VCM.dll
2008-12-29 14:00 . 2008-12-29 14:00   795,648   --a------   c:\windows\system32\xvidcore.dll
2008-12-29 14:00 . 2008-12-29 14:00   245,760   --a------   c:\windows\system32\mplvpx.dll
2008-12-29 14:00 . 2008-12-29 14:00   188,416   --a------   c:\windows\system32\vorbis.dll
2008-12-29 14:00 . 2008-12-29 14:00   106,496   --a------   c:\windows\system32\lmpgspl.ax
2008-12-29 14:00 . 2008-12-29 14:00   94,208   --a------   c:\windows\system32\lmpgvd.ax
2008-12-29 14:00 . 2008-12-29 14:00   86,528   --a------   c:\windows\system32\DVDVideo.ax
2008-12-29 14:00 . 2008-12-29 14:00   77,824   --a------   c:\windows\system32\xvid.ax
2008-12-29 14:00 . 2008-12-29 14:00   45,056   --a------   c:\windows\system32\ogg.dll
2008-12-29 14:00 . 2008-12-29 14:00   9,216   --a------   c:\windows\system32\cpuinf32.dll
2008-12-29 13:59 . 2008-12-29 13:59   130,048   --a------   c:\windows\system32\xvidvfw.dll
2008-12-29 13:55 . 2008-12-29 13:55   <DIR>   d--------   c:\program files\NAPI-PROJEKT
2008-12-29 13:55 . 2008-12-31 21:04   <DIR>   d--------   c:\program files\ALLPlayer
2008-12-28 19:25 . 2008-12-28 19:25   <DIR>   d--------   c:\documents and settings\Nikola\Dane aplikacji\Gadu-Gadu
2008-12-28 16:43 . 2008-12-28 16:46   <DIR>   d--------   c:\program files\Valve
2008-12-27 17:02 . 2008-12-27 17:35   <DIR>   d--------   c:\documents and settings\Nikola\Dane aplikacji\Winamp
2008-12-27 14:14 . 2008-12-27 14:14   <DIR>   d--------   C:\symulator xp
2008-12-26 18:58 . 2008-12-26 18:58   <DIR>   d--------   c:\documents and settings\N\Dane aplikacji\DAEMON Tools Pro
2008-12-26 18:58 . 2008-12-26 18:58   <DIR>   d--------   c:\documents and settings\N\Dane aplikacji\DAEMON Tools
2008-12-26 18:57 . 2008-12-26 18:57   <DIR>   d--------   c:\program files\DAEMON Tools Toolbar
2008-12-26 18:57 . 2008-12-26 18:57   <DIR>   d--------   c:\program files\DAEMON Tools Lite
2008-12-26 18:57 . 2008-12-26 18:57   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\DAEMON Tools Lite
2008-12-26 18:46 . 2008-12-26 18:46   <DIR>   d--------   c:\documents and settings\N\Dane aplikacji\DAEMON Tools Lite
2008-12-26 18:46 . 2008-12-26 18:47   717,296   --a------   c:\windows\system32\drivers\sptd.sys
2008-12-26 18:35 . 2008-12-26 18:35   <DIR>   d--------   c:\program files\Common Files\Blizzard Entertainment
2008-12-26 10:50 . 2008-12-26 10:52   <DIR>   d--------   c:\documents and settings\N\Dane aplikacji\vlc
2008-12-26 10:49 . 2008-12-26 10:49   <DIR>   d--------   c:\program files\Softonic_English
2008-12-26 10:49 . 2008-12-26 10:49   <DIR>   d--------   c:\program files\Conduit
2008-12-26 10:47 . 2008-12-26 10:47   <DIR>   d--------   c:\program files\VideoLAN
2008-12-26 10:36 . 2008-12-30 20:44   <DIR>   d--------   C:\Filmy
2008-12-25 22:06 . 2008-12-25 22:06   23   --a------   c:\windows\system32\dfeaffdc9_z.ocx
2008-12-25 22:05 . 2008-12-25 22:06   <DIR>   d--------   c:\program files\jv16 PowerTools 2008
2008-12-25 21:38 . 2008-12-25 21:39   <DIR>   d--------   c:\program files\CyPet
2008-12-24 10:35 . 2008-12-24 10:36   <DIR>   d--------   c:\documents and settings\Nikola\Gadu-Gadu
2008-12-21 19:25 . 2008-12-21 19:25   <DIR>   d--------   c:\windows\Sun
2008-12-20 19:06 . 2008-12-20 19:07   <DIR>   d--------   c:\program files\Ares
2008-12-20 17:58 . 2008-12-20 17:58   <DIR>   d--------   c:\documents and settings\Nikola\Dane aplikacji\ESET
2008-12-20 17:57 . 2009-01-07 19:23   <DIR>   d--h-----   c:\documents and settings\Nikola\Ustawienia lokalne
2008-12-20 17:57 . 2008-12-20 17:58   <DIR>   dr-------   c:\documents and settings\Nikola\Ulubione
2008-12-20 17:57 . 2008-12-17 17:39   <DIR>   d--h-----   c:\documents and settings\Nikola\Szablony
2008-12-20 17:57 . 2009-01-06 17:37   <DIR>   d--------   c:\documents and settings\Nikola\Pulpit
2008-12-20 17:57 . 2009-01-06 17:36   <DIR>   dr-------   c:\documents and settings\Nikola\Moje dokumenty
2008-12-20 17:57 . 2008-12-17 18:32   <DIR>   dr-------   c:\documents and settings\Nikola\Menu Start
2008-12-20 17:57 . 2008-12-28 19:25   <DIR>   dr-h-----   c:\documents and settings\Nikola\Dane aplikacji
2008-12-20 17:57 . 2008-12-24 10:35   <DIR>   d--------   c:\documents and settings\Nikola
2008-12-19 19:14 . 2008-12-19 19:14   <DIR>   d--------   c:\program files\Empire Interactive
2008-12-19 19:13 . 2008-12-19 19:13   <DIR>   d--------   c:\documents and settings\N\Dane aplikacji\InstallShield
2008-12-18 07:50 . 2008-12-18 07:50   <DIR>   d--------   c:\program files\PowerQuest
2008-12-17 21:10 . 2008-12-17 21:10   <DIR>   d--------   c:\documents and settings\cnx\Pulpit
2008-12-17 21:10 . 2008-12-17 21:10   <DIR>   d--------   c:\documents and settings\cnx
2008-12-17 21:05 . 2008-08-14 14:46   2,181,632   -----c---   c:\windows\system32\dllcache\ntoskrnl.exe
2008-12-17 21:05 . 2008-08-14 14:46   2,137,600   -----c---   c:\windows\system32\dllcache\ntkrnlmp.exe
2008-12-17 21:05 . 2008-08-14 14:46   2,059,008   -----c---   c:\windows\system32\dllcache\ntkrnlpa.exe
2008-12-17 21:05 . 2008-08-14 14:46   2,017,280   -----c---   c:\windows\system32\dllcache\ntkrpamp.exe
2008-12-17 21:03 . 2008-06-14 19:01   273,024   ---------   c:\windows\system32\drivers\bthport.sys
2008-12-17 21:03 . 2008-06-14 19:01   273,024   -----c---   c:\windows\system32\dllcache\bthport.sys
2008-12-17 20:42 . 2008-12-17 20:42   <DIR>   d--------   c:\program files\Java
2008-12-17 20:42 . 2008-12-17 20:42   410,984   --a------   c:\windows\system32\deploytk.dll
2008-12-17 20:42 . 2008-12-17 20:42   73,728   --a------   c:\windows\system32\javacpl.cpl
2008-12-17 20:12 . 2008-10-24 12:10   453,632   -----c---   c:\windows\system32\dllcache\mrxsmb.sys
2008-12-17 20:00 . 2009-01-05 16:47   <DIR>   d--------   C:\Muza Stara i Nowa
2008-12-17 19:53 . 2009-01-03 21:11   <DIR>   d--------   C:\gamaa adjuster
2008-12-17 19:51 . 2009-01-01 12:39   <DIR>   d--h-----   c:\windows\$hf_mig$
2008-12-17 19:51 . 2005-02-25 04:36   22,752   --a------   c:\windows\system32\spupdsvc.exe
2008-12-17 19:44 . 2009-01-07 18:56   <DIR>   d--------   C:\Instalki
2008-12-17 19:43 . 2008-12-17 20:21   <DIR>   d--------   C:\SokkerViever
2008-12-17 19:37 . 2008-12-17 20:14   <DIR>   d--------   c:\program files\Opera
2008-12-17 19:36 . 2008-12-17 19:37   <DIR>   d--------   c:\program files\Winamp
2008-12-17 19:36 . 2008-12-17 20:20   <DIR>   d--------   c:\documents and settings\N\Dane aplikacji\Winamp
2008-12-17 19:34 . 2008-12-17 19:34   <DIR>   d--------   c:\documents and settings\N\Dane aplikacji\Gadu-Gadu
2008-12-17 19:33 . 2008-12-17 19:33   <DIR>   d--------   c:\program files\MarBit
2008-12-17 19:33 . 2009-01-03 20:45   <DIR>   d--------   c:\program files\Gadu-Gadu
2008-12-17 19:33 . 2008-12-18 13:46   <DIR>   d--------   c:\documents and settings\N\Gadu-Gadu
2008-12-17 19:32 . 2008-12-17 19:40   1,201   --a------   c:\windows\unins000.dat
2008-12-17 19:29 . 2008-12-17 19:29   <DIR>   d----c---   c:\windows\system32\DRVSTORE
2008-12-17 19:29 . 2008-12-17 19:29   21,275   --a------   c:\windows\system32\drivers\AegisP.sys
2008-12-17 19:28 . 2008-12-17 19:28   <DIR>   d--------   c:\program files\RALINK
2008-12-17 19:28 . 2006-05-04 19:02   380,928   --a------   c:\windows\system32\drivers\rt61.sys
2008-12-17 19:28 . 2005-12-15 10:38   315,392   --a------   c:\windows\system32\AegisI5.exe
2008-12-17 19:28 . 2006-05-15 16:25   295,028   --a------   c:\windows\system32\Install6x.dll
2008-12-17 19:28 . 2006-04-06 13:15   8,192   --a------   c:\windows\system32\drivers\RT2661.bin
2008-12-17 19:28 . 2006-04-06 13:15   8,192   --a------   c:\windows\system32\drivers\RT2561s.bin
2008-12-17 19:28 . 2006-04-06 13:15   8,192   --a------   c:\windows\system32\drivers\RT2561.bin
2008-12-17 19:28 . 2006-03-10 15:33   78   --a------   c:\windows\filespec6x
2008-12-17 19:26 . 2008-12-17 19:26   <DIR>   d--------   c:\documents and settings\N\Dane aplikacji\ESET
2008-12-17 19:25 . 2008-12-17 19:25   <DIR>   d--------   c:\program files\ESET
2008-12-17 19:25 . 2008-12-17 19:25   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\ESET
2008-12-17 19:22 . 2008-12-17 19:22   <DIR>   d--------   c:\program files\Realtek Sound Manager
2008-12-17 19:22 . 2008-12-31 13:49   <DIR>   d--h-----   c:\program files\InstallShield Installation Information
2008-12-17 19:22 . 2008-12-17 19:22   <DIR>   d--------   c:\program files\AvRack
2008-12-17 19:22 . 2002-11-21 08:07   765,952   --a------   c:\windows\system\crlds3d.dll
2008-12-17 19:22 . 2003-10-09 11:52   475,788   --a------   c:\windows\system32\drivers\ALCXWDM.SYS
2008-12-17 19:22 . 2003-10-04 05:25   391,552   --a------   c:\windows\system32\drivers\ALCXSENS.SYS
2008-12-17 19:22 . 2005-09-21 10:25   299,008   --a------   c:\windows\system32\ALSndMgr.cpl
2008-12-17 19:22 . 2003-09-02 06:54   208,896   ---------   c:\windows\alcupd.exe
2008-12-17 19:22 . 2002-02-05 06:54   141,016   --a------   c:\windows\system32\ALSNDMGR.WAV
2008-12-17 19:22 . 2003-07-17 08:09   139,264   ---------   c:\windows\alcrmv.exe
2008-12-17 19:22 . 2006-07-21 16:14   86,016   --a------   c:\windows\SoundMan.exe
2008-12-17 19:22 . 2003-08-19 12:36   65,536   --a--c---   c:\windows\system32\dllcache\a3d.dll
2008-12-17 19:22 . 2003-08-19 12:36   65,536   --a------   c:\windows\system32\Audio3D.dll
2008-12-17 19:22 . 2003-08-19 12:36   65,536   --a------   c:\windows\system32\a3d.dll
2008-12-17 19:22 . 2001-07-05 17:19   164   ---------   c:\windows\avrack.ini

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-31 12:49   315,392   ----a-w   c:\windows\HideWin.exe
2008-12-18 06:50   ---------   d-----w   c:\program files\Common Files\InstallShield
2008-12-17 17:06   ---------   d-----w   c:\documents and settings\All Users\Dane aplikacji\nView_Profiles
2008-12-17 16:44   ---------   d-----w   c:\program files\microsoft frontpage
2008-12-17 16:42   ---------   d-----w   c:\program files\Usługi online
2008-10-23 13:01   283,648   ----a-w   c:\windows\system32\gdi32.dll
2008-10-16 13:13   202,776   ----a-w   c:\windows\system32\wuweb.dll
2008-10-16 13:13   1,809,944   ----a-w   c:\windows\system32\wuaueng.dll
2008-10-16 13:12   561,688   ----a-w   c:\windows\system32\wuapi.dll
2008-10-16 13:12   323,608   ----a-w   c:\windows\system32\wucltui.dll
2008-10-16 13:09   92,696   ----a-w   c:\windows\system32\cdm.dll
2008-10-16 13:09   51,224   ----a-w   c:\windows\system32\wuauclt.exe
2008-10-16 13:09   43,544   ----a-w   c:\windows\system32\wups2.dll
2008-10-16 13:08   34,328   ----a-w   c:\windows\system32\wups.dll
2008-10-16 10:39   662,016   ----a-w   c:\windows\system32\wininet.dll
.

(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{930f1200-f5f1-4870-bac6-e233ec8e7023}"= "c:\program files\Softonic_English\tbSoft.dll" [2008-09-15 1784856]

[HKEY_CLASSES_ROOT\clsid\{930f1200-f5f1-4870-bac6-e233ec8e7023}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{930f1200-f5f1-4870-bac6-e233ec8e7023}]
2008-09-15 06:47   1784856   --a------   c:\program files\Softonic_English\tbSoft.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{930f1200-f5f1-4870-bac6-e233ec8e7023}"= "c:\program files\Softonic_English\tbSoft.dll" [2008-09-15 1784856]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{930F1200-F5F1-4870-BAC6-E233EC8E7023}"= "c:\program files\Softonic_English\tbSoft.dll" [2008-09-15 1784856]

[HKEY_CLASSES_ROOT\clsid\{930f1200-f5f1-4870-bac6-e233ec8e7023}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-10 216520]
"Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2007-07-09 2119104]
"ares"="c:\program files\Ares\Ares.exe" [2008-12-17 887808]
"ALLUpdate"="c:\program files\ALLPlayer\ALLUpdate.exe" [2008-11-24 869888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2004-05-14 81920]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2007-12-21 1443072]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2007-10-10 36352]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-17 136600]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-05-14 3784704]
"GammaAdjuster"="c:\gamaa adjuster\GammaAdjuster.exe" [2003-02-21 191488]
"SoundMan"="SOUNDMAN.EXE" [2006-07-21 c:\windows\SoundMan.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

c:\documents and settings\All Users\Menu Start\Programy\Autostart\
Ralink Wireless Utility.lnk - c:\program files\RALINK\Common\RaUI.exe [2008-12-17 614400]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
--a------ 2008-12-17 03:08 887808 c:\program files\Ares\Ares.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu]
--a------ 2007-07-09 08:39 2119104 c:\program files\Gadu-Gadu\gg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
-ra------ 2004-05-14 06:41 3784704 c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
-ra------ 2004-05-14 06:41 831488 c:\windows\system32\nwiz.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

R4 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2007-12-21 468224]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{840798c2-cc60-11dd-801a-806d6172696f}]
\Shell\AutoRun\command - d:\autorun\AUTORUN.EXE
.
.
------- Skan uzupełniający -------
.
uStart Page = about:blank
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-07 19:23:22
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
Czas ukończenia: 2009-01-07 19:24:11
ComboFix-quarantined-files.txt  2009-01-07 18:24:06

Przed: 109 009 051 648 bajtów wolnych
Po: 109,731,893,248 bajtów wolnych

WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

222   --- E O F ---   2009-01-01 11:39:53

[wojtas]

Wykonaj to co jest podane w tym temacie

Zastosuj SDFix . Po pobraniu uruchom go a rozpakuje się do C:\SDFix. Uruchom komputer w trybie awaryjnym (F8 przy stracie systemu). Będąc w awaryjnym uruchom plik RunThis.bat z folderu SDFixa. Zatwierdź czyszczenie przez Y. Poczekaj aż ukończy i komputer zresetuje

Potem wejdz do folderu C:\SDFix wrzuc zawartość pliku Report.txt + log z combofixa oraz daj loga z hijacka

[cnx1234]

Combofix

Kod: Zaznacz wszystko

ComboFix 09-01-07.01 - N 2009-01-08 16:03:50.2 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1250.1.1045.18.511.272 [GMT 1:00]
Uruchomiony z: c:\instalki\ComboFix.exe
* Resident AV is active

.

(((((((((((((((((((((((((   Pliki utworzone od 2008-12-08 do 2009-01-08  )))))))))))))))))))))))))))))))
.

2009-01-08 15:35 . 2009-01-08 15:35   <DIR>   d--------   c:\windows\ERUNT
2009-01-08 15:29 . 2009-01-08 15:41   <DIR>   d--------   C:\SDFix
2009-01-07 18:58 . 2009-01-07 18:58   <DIR>   d--------   c:\program files\Trend Micro
2009-01-01 12:32 . 2004-08-03 23:08   26,496   --a--c---   c:\windows\system32\dllcache\usbstor.sys
2009-01-01 00:19 . 2009-01-07 19:46   <DIR>   d--------   c:\program files\Metin2_PL
2008-12-31 13:59 . 2008-12-31 13:59   169   --a------   c:\windows\RtlRack.ini
2008-12-31 13:51 . 2008-12-31 13:51   <DIR>   d--------   c:\windows\system32\Lang
2008-12-31 13:50 . 2007-11-14 15:18   553   --a------   c:\windows\USetup.iss
2008-12-31 13:49 . 2008-12-31 13:49   <DIR>   d--------   c:\program files\Realtek
2008-12-29 14:02 . 2008-12-29 14:02   301,568   --a------   c:\windows\system32\l3codecp.acm
2008-12-29 14:01 . 2008-12-29 14:01   921,600   --a------   c:\windows\system32\vorbisenc.dll
2008-12-29 14:01 . 2008-12-29 14:01   892,928   --a------   c:\windows\system32\iconv.dll
2008-12-29 14:01 . 2008-12-29 14:01   675,840   --a------   c:\windows\system32\ac3filter.ax
2008-12-29 14:01 . 2008-12-29 14:01   237,568   --a------   c:\windows\system32\OggDS.dll
2008-12-29 14:01 . 2008-12-29 14:01   118,784   --a------   c:\windows\system32\ac3acm.acm
2008-12-29 14:00 . 2008-12-29 14:00   1,415,680   --a------   c:\windows\system32\WMV9VCM.dll
2008-12-29 14:00 . 2008-12-29 14:00   795,648   --a------   c:\windows\system32\xvidcore.dll
2008-12-29 14:00 . 2008-12-29 14:00   245,760   --a------   c:\windows\system32\mplvpx.dll
2008-12-29 14:00 . 2008-12-29 14:00   188,416   --a------   c:\windows\system32\vorbis.dll
2008-12-29 14:00 . 2008-12-29 14:00   106,496   --a------   c:\windows\system32\lmpgspl.ax
2008-12-29 14:00 . 2008-12-29 14:00   94,208   --a------   c:\windows\system32\lmpgvd.ax
2008-12-29 14:00 . 2008-12-29 14:00   86,528   --a------   c:\windows\system32\DVDVideo.ax
2008-12-29 14:00 . 2008-12-29 14:00   77,824   --a------   c:\windows\system32\xvid.ax
2008-12-29 14:00 . 2008-12-29 14:00   45,056   --a------   c:\windows\system32\ogg.dll
2008-12-29 14:00 . 2008-12-29 14:00   9,216   --a------   c:\windows\system32\cpuinf32.dll
2008-12-29 13:59 . 2008-12-29 13:59   130,048   --a------   c:\windows\system32\xvidvfw.dll
2008-12-29 13:55 . 2008-12-29 13:55   <DIR>   d--------   c:\program files\NAPI-PROJEKT
2008-12-29 13:55 . 2008-12-31 21:04   <DIR>   d--------   c:\program files\ALLPlayer
2008-12-28 19:25 . 2008-12-28 19:25   <DIR>   d--------   c:\documents and settings\Nikola\Dane aplikacji\Gadu-Gadu
2008-12-28 16:43 . 2008-12-28 16:46   <DIR>   d--------   c:\program files\Valve
2008-12-27 17:02 . 2008-12-27 17:35   <DIR>   d--------   c:\documents and settings\Nikola\Dane aplikacji\Winamp
2008-12-27 14:14 . 2008-12-27 14:14   <DIR>   d--------   C:\symulator xp
2008-12-26 18:58 . 2008-12-26 18:58   <DIR>   d--------   c:\documents and settings\N\Dane aplikacji\DAEMON Tools Pro
2008-12-26 18:58 . 2008-12-26 18:58   <DIR>   d--------   c:\documents and settings\N\Dane aplikacji\DAEMON Tools
2008-12-26 18:57 . 2008-12-26 18:57   <DIR>   d--------   c:\program files\DAEMON Tools Toolbar
2008-12-26 18:57 . 2008-12-26 18:57   <DIR>   d--------   c:\program files\DAEMON Tools Lite
2008-12-26 18:57 . 2008-12-26 18:57   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\DAEMON Tools Lite
2008-12-26 18:46 . 2008-12-26 18:46   <DIR>   d--------   c:\documents and settings\N\Dane aplikacji\DAEMON Tools Lite
2008-12-26 18:46 . 2008-12-26 18:47   717,296   --a------   c:\windows\system32\drivers\sptd.sys
2008-12-26 18:35 . 2008-12-26 18:35   <DIR>   d--------   c:\program files\Common Files\Blizzard Entertainment
2008-12-26 10:50 . 2008-12-26 10:52   <DIR>   d--------   c:\documents and settings\N\Dane aplikacji\vlc
2008-12-26 10:49 . 2008-12-26 10:49   <DIR>   d--------   c:\program files\Softonic_English
2008-12-26 10:49 . 2008-12-26 10:49   <DIR>   d--------   c:\program files\Conduit
2008-12-26 10:47 . 2008-12-26 10:47   <DIR>   d--------   c:\program files\VideoLAN
2008-12-26 10:36 . 2008-12-30 20:44   <DIR>   d--------   C:\Filmy
2008-12-25 22:06 . 2008-12-25 22:06   23   --a------   c:\windows\system32\dfeaffdc9_z.ocx
2008-12-25 22:05 . 2008-12-25 22:06   <DIR>   d--------   c:\program files\jv16 PowerTools 2008
2008-12-25 21:38 . 2008-12-25 21:39   <DIR>   d--------   c:\program files\CyPet
2008-12-24 10:35 . 2008-12-24 10:36   <DIR>   d--------   c:\documents and settings\Nikola\Gadu-Gadu
2008-12-21 19:25 . 2008-12-21 19:25   <DIR>   d--------   c:\windows\Sun
2008-12-20 19:06 . 2008-12-20 19:07   <DIR>   d--------   c:\program files\Ares
2008-12-20 17:58 . 2008-12-20 17:58   <DIR>   d--------   c:\documents and settings\Nikola\Dane aplikacji\ESET
2008-12-20 17:57 . 2009-01-08 16:05   <DIR>   d--h-----   c:\documents and settings\Nikola\Ustawienia lokalne
2008-12-20 17:57 . 2008-12-20 17:58   <DIR>   dr-------   c:\documents and settings\Nikola\Ulubione
2008-12-20 17:57 . 2008-12-17 17:39   <DIR>   d--h-----   c:\documents and settings\Nikola\Szablony
2008-12-20 17:57 . 2009-01-06 17:37   <DIR>   d--------   c:\documents and settings\Nikola\Pulpit
2008-12-20 17:57 . 2009-01-06 17:36   <DIR>   dr-------   c:\documents and settings\Nikola\Moje dokumenty
2008-12-20 17:57 . 2008-12-17 18:32   <DIR>   dr-------   c:\documents and settings\Nikola\Menu Start
2008-12-20 17:57 . 2008-12-28 19:25   <DIR>   dr-h-----   c:\documents and settings\Nikola\Dane aplikacji
2008-12-20 17:57 . 2008-12-24 10:35   <DIR>   d--------   c:\documents and settings\Nikola
2008-12-19 19:14 . 2008-12-19 19:14   <DIR>   d--------   c:\program files\Empire Interactive
2008-12-19 19:13 . 2008-12-19 19:13   <DIR>   d--------   c:\documents and settings\N\Dane aplikacji\InstallShield
2008-12-18 07:50 . 2008-12-18 07:50   <DIR>   d--------   c:\program files\PowerQuest
2008-12-17 21:10 . 2008-12-17 21:10   <DIR>   d--------   c:\documents and settings\cnx\Pulpit
2008-12-17 21:10 . 2008-12-17 21:10   <DIR>   d--------   c:\documents and settings\cnx
2008-12-17 21:05 . 2008-08-14 14:46   2,181,632   -----c---   c:\windows\system32\dllcache\ntoskrnl.exe
2008-12-17 21:05 . 2008-08-14 14:46   2,137,600   -----c---   c:\windows\system32\dllcache\ntkrnlmp.exe
2008-12-17 21:05 . 2008-08-14 14:46   2,059,008   -----c---   c:\windows\system32\dllcache\ntkrnlpa.exe
2008-12-17 21:05 . 2008-08-14 14:46   2,017,280   -----c---   c:\windows\system32\dllcache\ntkrpamp.exe
2008-12-17 21:03 . 2008-06-14 19:01   273,024   ---------   c:\windows\system32\drivers\bthport.sys
2008-12-17 21:03 . 2008-06-14 19:01   273,024   -----c---   c:\windows\system32\dllcache\bthport.sys
2008-12-17 20:42 . 2008-12-17 20:42   <DIR>   d--------   c:\program files\Java
2008-12-17 20:42 . 2008-12-17 20:42   410,984   --a------   c:\windows\system32\deploytk.dll
2008-12-17 20:42 . 2008-12-17 20:42   73,728   --a------   c:\windows\system32\javacpl.cpl
2008-12-17 20:12 . 2008-10-24 12:10   453,632   -----c---   c:\windows\system32\dllcache\mrxsmb.sys
2008-12-17 20:00 . 2009-01-05 16:47   <DIR>   d--------   C:\Muza Stara i Nowa
2008-12-17 19:53 . 2009-01-03 21:11   <DIR>   d--------   C:\gamaa adjuster
2008-12-17 19:51 . 2009-01-01 12:39   <DIR>   d--h-----   c:\windows\$hf_mig$
2008-12-17 19:51 . 2005-02-25 04:36   22,752   --a------   c:\windows\system32\spupdsvc.exe
2008-12-17 19:44 . 2009-01-08 15:53   <DIR>   d--------   C:\Instalki
2008-12-17 19:43 . 2008-12-17 20:21   <DIR>   d--------   C:\SokkerViever
2008-12-17 19:37 . 2008-12-17 20:14   <DIR>   d--------   c:\program files\Opera
2008-12-17 19:36 . 2008-12-17 19:37   <DIR>   d--------   c:\program files\Winamp
2008-12-17 19:36 . 2008-12-17 20:20   <DIR>   d--------   c:\documents and settings\N\Dane aplikacji\Winamp
2008-12-17 19:34 . 2008-12-17 19:34   <DIR>   d--------   c:\documents and settings\N\Dane aplikacji\Gadu-Gadu
2008-12-17 19:33 . 2008-12-17 19:33   <DIR>   d--------   c:\program files\MarBit
2008-12-17 19:33 . 2009-01-03 20:45   <DIR>   d--------   c:\program files\Gadu-Gadu
2008-12-17 19:33 . 2008-12-18 13:46   <DIR>   d--------   c:\documents and settings\N\Gadu-Gadu
2008-12-17 19:32 . 2008-12-17 19:40   1,201   --a------   c:\windows\unins000.dat
2008-12-17 19:29 . 2008-12-17 19:29   <DIR>   d----c---   c:\windows\system32\DRVSTORE
2008-12-17 19:29 . 2008-12-17 19:29   21,275   --a------   c:\windows\system32\drivers\AegisP.sys
2008-12-17 19:28 . 2008-12-17 19:28   <DIR>   d--------   c:\program files\RALINK
2008-12-17 19:28 . 2006-05-04 19:02   380,928   --a------   c:\windows\system32\drivers\rt61.sys
2008-12-17 19:28 . 2005-12-15 10:38   315,392   --a------   c:\windows\system32\AegisI5.exe
2008-12-17 19:28 . 2006-05-15 16:25   295,028   --a------   c:\windows\system32\Install6x.dll
2008-12-17 19:28 . 2006-04-06 13:15   8,192   --a------   c:\windows\system32\drivers\RT2661.bin
2008-12-17 19:28 . 2006-04-06 13:15   8,192   --a------   c:\windows\system32\drivers\RT2561s.bin
2008-12-17 19:28 . 2006-04-06 13:15   8,192   --a------   c:\windows\system32\drivers\RT2561.bin
2008-12-17 19:28 . 2006-03-10 15:33   78   --a------   c:\windows\filespec6x
2008-12-17 19:26 . 2008-12-17 19:26   <DIR>   d--------   c:\documents and settings\N\Dane aplikacji\ESET
2008-12-17 19:25 . 2008-12-17 19:25   <DIR>   d--------   c:\program files\ESET
2008-12-17 19:25 . 2008-12-17 19:25   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\ESET
2008-12-17 19:22 . 2008-12-17 19:22   <DIR>   d--------   c:\program files\Realtek Sound Manager
2008-12-17 19:22 . 2008-12-31 13:49   <DIR>   d--h-----   c:\program files\InstallShield Installation Information
2008-12-17 19:22 . 2008-12-17 19:22   <DIR>   d--------   c:\program files\AvRack
2008-12-17 19:22 . 2002-11-21 08:07   765,952   --a------   c:\windows\system\crlds3d.dll
2008-12-17 19:22 . 2003-10-09 11:52   475,788   --a------   c:\windows\system32\drivers\ALCXWDM.SYS
2008-12-17 19:22 . 2003-10-04 05:25   391,552   --a------   c:\windows\system32\drivers\ALCXSENS.SYS
2008-12-17 19:22 . 2005-09-21 10:25   299,008   --a------   c:\windows\system32\ALSndMgr.cpl
2008-12-17 19:22 . 2003-09-02 06:54   208,896   ---------   c:\windows\alcupd.exe
2008-12-17 19:22 . 2002-02-05 06:54   141,016   --a------   c:\windows\system32\ALSNDMGR.WAV
2008-12-17 19:22 . 2003-07-17 08:09   139,264   ---------   c:\windows\alcrmv.exe
2008-12-17 19:22 . 2006-07-21 16:14   86,016   --a------   c:\windows\SoundMan.exe
2008-12-17 19:22 . 2003-08-19 12:36   65,536   --a--c---   c:\windows\system32\dllcache\a3d.dll
2008-12-17 19:22 . 2003-08-19 12:36   65,536   --a------   c:\windows\system32\Audio3D.dll
2008-12-17 19:22 . 2003-08-19 12:36   65,536   --a------   c:\windows\system32\a3d.dll
2008-12-17 19:22 . 2001-07-05 17:19   164   ---------   c:\windows\avrack.ini

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-31 12:49   315,392   ----a-w   c:\windows\HideWin.exe
2008-12-18 06:50   ---------   d-----w   c:\program files\Common Files\InstallShield
2008-12-17 17:06   ---------   d-----w   c:\documents and settings\All Users\Dane aplikacji\nView_Profiles
2008-12-17 16:44   ---------   d-----w   c:\program files\microsoft frontpage
2008-12-17 16:42   ---------   d-----w   c:\program files\Usługi online
2008-10-23 13:01   283,648   ----a-w   c:\windows\system32\gdi32.dll
2008-10-16 13:13   202,776   ----a-w   c:\windows\system32\wuweb.dll
2008-10-16 13:13   1,809,944   ----a-w   c:\windows\system32\wuaueng.dll
2008-10-16 13:12   561,688   ----a-w   c:\windows\system32\wuapi.dll
2008-10-16 13:12   323,608   ----a-w   c:\windows\system32\wucltui.dll
2008-10-16 13:09   92,696   ----a-w   c:\windows\system32\cdm.dll
2008-10-16 13:09   51,224   ----a-w   c:\windows\system32\wuauclt.exe
2008-10-16 13:09   43,544   ----a-w   c:\windows\system32\wups2.dll
2008-10-16 13:08   34,328   ----a-w   c:\windows\system32\wups.dll
2008-10-16 10:39   662,016   ----a-w   c:\windows\system32\wininet.dll
.

(((((((((((((((((((((((((((((   snapshot@2009-01-07_19.23.32,01   )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-08-07 14:27:04   163,328   ----a-w   c:\windows\ERUNT\SDFIX\ERDNT.EXE
+ 2009-01-08 14:35:31   2,723,840   ----a-w   c:\windows\ERUNT\SDFIX\Users\[u]0[/u]0000001\NTUSER.DAT
+ 2009-01-08 14:35:31   167,936   ----a-w   c:\windows\ERUNT\SDFIX\Users\[u]0[/u]0000002\UsrClass.dat
+ 2008-08-07 14:27:04   163,328   ----a-w   c:\windows\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2009-01-08 14:35:31   2,723,840   ----a-w   c:\windows\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000001\NTUSER.DAT
+ 2009-01-08 14:35:31   167,936   ----a-w   c:\windows\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000002\UsrClass.dat
+ 2009-01-08 14:55:29   16,384   ----atw   c:\windows\Temp\Perflib_Perfdata_730.dat
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{930f1200-f5f1-4870-bac6-e233ec8e7023}"= "c:\program files\Softonic_English\tbSoft.dll" [2008-09-15 1784856]

[HKEY_CLASSES_ROOT\clsid\{930f1200-f5f1-4870-bac6-e233ec8e7023}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{930f1200-f5f1-4870-bac6-e233ec8e7023}]
2008-09-15 06:47   1784856   --a------   c:\program files\Softonic_English\tbSoft.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{930f1200-f5f1-4870-bac6-e233ec8e7023}"= "c:\program files\Softonic_English\tbSoft.dll" [2008-09-15 1784856]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{930F1200-F5F1-4870-BAC6-E233EC8E7023}"= "c:\program files\Softonic_English\tbSoft.dll" [2008-09-15 1784856]

[HKEY_CLASSES_ROOT\clsid\{930f1200-f5f1-4870-bac6-e233ec8e7023}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-10 216520]
"ALLUpdate"="c:\program files\ALLPlayer\ALLUpdate.exe" [2008-11-24 869888]
"Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2007-07-09 2119104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2004-05-14 81920]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2007-12-21 1443072]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2007-10-10 36352]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-17 136600]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-05-14 3784704]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

c:\documents and settings\All Users\Menu Start\Programy\Autostart\
Ralink Wireless Utility.lnk - c:\program files\RALINK\Common\RaUI.exe [2008-12-17 614400]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
--a------ 2008-12-17 03:08 887808 c:\program files\Ares\Ares.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu]
--a------ 2007-07-09 08:39 2119104 c:\program files\Gadu-Gadu\gg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GammaAdjuster]
--a------ 2003-02-21 11:46 191488 c:\gamaa adjuster\GammaAdjuster.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
-ra------ 2004-05-14 06:41 831488 c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2006-07-21 16:14 86016 c:\windows\SoundMan.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

R4 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2007-12-21 468224]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{840798c2-cc60-11dd-801a-806d6172696f}]
\Shell\AutoRun\command - d:\autorun\AUTORUN.EXE
.
.
------- Skan uzupełniający -------
.
uStart Page = about:blank
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-08 16:05:15
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
Czas ukończenia: 2009-01-08 16:06:03
ComboFix-quarantined-files.txt  2009-01-08 15:05:59
ComboFix2.txt  2009-01-07 18:24:12

Przed: 109 707 235 328 bajtów wolnych
Po: 109,699,751,936 bajtów wolnych

222   --- E O F ---   2009-01-01 11:39:53

Hijackthis

Kod: Zaznacz wszystko

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:07:09, on 2009-01-08
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Opera\opera.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Softonic English Toolbar - {930f1200-f5f1-4870-bac6-e233ec8e7023} - C:\Program Files\Softonic_English\tbSoft.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Softonic English Toolbar - {930f1200-f5f1-4870-bac6-e233ec8e7023} - C:\Program Files\Softonic_English\tbSoft.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Softonic English Toolbar - {930f1200-f5f1-4870-bac6-e233ec8e7023} - C:\Program Files\Softonic_English\tbSoft.dll
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ALLUpdate] "C:\Program Files\ALLPlayer\ALLUpdate.exe" "sleep"
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 3987 bytes

Sdfix

Kod: Zaznacz wszystko

[b]SDFix: Version 1.240 [/b]
Run by N on 2009-01-08 at 15:36

Microsoft Windows XP [Wersja 5.1.2600]
Running From: C:\SDFix

[b]Checking Services [/b]:


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


[b]Checking Files [/b]:

No Trojan Files Found






Removing Temp Files

[b]ADS Check [/b]:



                                 [b]Final Check [/b]:

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-08 15:40:32
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:e2,4d,a5,af,41,fa,f4,af,05,15,b8,3c,e0,16,99,8b,93,57,11,e4,cd,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,0d,b8,d2,e2,2a,9a,4c,f6,1d,51,76,60,db,98,10,81,73,..
"khjeh"=hex:4c,2a,31,31,d7,6a,b9,50,b1,01,25,6f,62,10,e1,80,4d,41,91,70,0e,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:8d,a6,53,50,67,4b,2e,63,d8,08,d5,e9,98,be,11,5b,6f,15,04,17,cc,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:e2,4d,a5,af,41,fa,f4,af,05,15,b8,3c,e0,16,99,8b,93,57,11,e4,cd,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,0d,b8,d2,e2,2a,9a,4c,f6,1d,51,76,60,db,98,10,81,73,..
"khjeh"=hex:4c,2a,31,31,d7,6a,b9,50,b1,01,25,6f,62,10,e1,80,4d,41,91,70,0e,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:8d,a6,53,50,67,4b,2e,63,d8,08,d5,e9,98,be,11,5b,6f,15,04,17,cc,..

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


[b]Remaining Services [/b]:




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[b]Remaining Files [/b]:



[b]Files with Hidden Attributes [/b]:


[b]Finished![/b]


[wojtas]

1. Ściągnij OTMoveIt i go włacz i odpal go z opcji CleanUp oraz skasuj folder C:\Qoobox
2. wykonaj optymalizację windowsa
3.sciagnij ATF_Cleaner
zaznacz
Windows Temp
All users Temp
Temporary internet files
Recycle Bin
i wcisnij EMPTY SELECTED
4.Wyłącz przywracanie systemu ( właściwości mój komputer-zakładka przywracanie - wyłącz przywracanie na wszystkich dyskach). Po chwili włącz je powrotem
5.Przeskanuj obszar mojego komputera http://www.kaspersky.pl/virusscanner.html (uruchom przez IE) Daj raport z niego na forum.

i tym:

FixIEDef.