Zawieszanie komputera

**Posty:** 101 · przez **M@+** 05 Sty 2009, 18:54

Witam, dzisiaj załapalem jakies swinstwo poprzez przeglądarke, obawiam się, o keyloggery, spyware... ogolnie komputer mi chodzi bardzo wolno, otwiera mi się duzo stron samoczynnnie, i procesy restartują kompa
Hijackthis :

Kod: Zaznacz wszystko: Logfile of HijackThis v1.99.1 Scan saved at 16:42, on 2009-01-05 Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\nvraidservice.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Gadu-Gadu\gg.exe C:\WINDOWS\SYSTEM32\CTXFISPI.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\system32\wbem\unsecapp.exe C:\Program Files\Creative\ShareDLL\CADI\NotiMan.exe C:\WINDOWS\System32\svchost.exe C:\Documents and Settings\Radek\Pulpit\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://wp.pl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll" O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" O4 - HKLM\..\Run: [RCSystem] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [prunnet] "C:\WINDOWS\system32\prunnet.exe" O4 - HKLM\..\Run: [bcd29303] rundll32.exe "C:\WINDOWS\system32\cxqbwqcy.dll",b O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount O4 - HKCU\..\Run: [prunnet] "C:\WINDOWS\system32\prunnet.exe" O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O15 - Trusted Zone: *.antimalwareguard.com O15 - Trusted Zone: *.antimalwareguard.com (HKLM) O15 - Trusted Zone: *.gomyhit.com (HKLM) O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.eu/Register/Branding/olr3313/OCX/v1018/flashax.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

ComboFix:

Kod: Zaznacz wszystko: ComboFix 09-01-05.01 - Radek 2009-01-05 16:45:46.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1250.1.1045.18.2046.1683 [GMT 0:00] Uruchomiony z: c:\documents and settings\Radek\Pulpit\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Menu Start\Programy\Rapid Antivirus c:\documents and settings\All Users\Menu Start\Programy\Rapid Antivirus\Purchase License.lnk c:\documents and settings\All Users\Menu Start\Programy\Rapid Antivirus\Start Rapid Antivirus.lnk c:\documents and settings\All Users\Menu Start\Programy\Rapid Antivirus\Support Page.lnk c:\documents and settings\All Users\Menu Start\Programy\Rapid Antivirus\Uninstall.lnk c:\program files\myglobalsearch c:\program files\Rapid Antivirus c:\program files\Rapid Antivirus\Buy.url c:\program files\Rapid Antivirus\Help.url c:\program files\Rapid Antivirus\HowToBuy.txt c:\program files\Rapid Antivirus\ID.dat c:\program files\Rapid Antivirus\License.txt c:\program files\Rapid Antivirus\Rapid Antivirus.exe c:\program files\Rapid Antivirus\Uninstall.exe c:\windows\system32\config\systemprofile\Pulpit\Rapid Antivirus.lnk c:\windows\system32\cuydhqhs.dll c:\windows\system32\cxqbwqcy.dll c:\windows\system32\drivers\seneka.sys c:\windows\system32\drivers\senekagtftocnj.sys c:\windows\system32\khfcbbxW.dll c:\windows\system32\msiconf.exe c:\windows\system32\prunnet.exe c:\windows\system32\qfkmrr.dll c:\windows\system32\seneka.dat c:\windows\system32\senekadf.dat c:\windows\system32\senekahqumrbhs.dll c:\windows\system32\senekalog.dat c:\windows\system32\senekaqtymtnks.dll c:\windows\system32\ulklrmpa.dll c:\windows\system32\urqNDuUM.dll c:\windows\system32\Wxbbcfhk.ini c:\windows\system32\Wxbbcfhk.ini2 c:\windows\system32\ycqwbqxc.ini . ((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_SENEKA ((((((((((((((((((((((((( Pliki utworzone od 2008-12-05 do 2009-01-05 ))))))))))))))))))))))))))))))) . 2009-01-05 16:35 . 2009-01-05 16:35 <DIR> d-------- c:\windows\system32\config\systemprofile\Dane aplikacji\s_4610_fHx8fHx8fDEyNDM3ODA3NzR8_ 2009-01-05 16:35 . 2009-01-05 16:35 <DIR> d-------- c:\windows\system32\config\systemprofile\Dane aplikacji\Rapid Antivirus 2009-01-05 16:09 . 2009-01-05 16:09 72,192 --a------ c:\windows\system32\hgGxXnLE.dll 2009-01-04 06:57 . 2009-01-04 06:57 199 --a------ C:\DARE.INI 2009-01-04 06:53 . 2009-01-04 06:53 <DIR> d-------- c:\documents and settings\Radek\Dane aplikacji\InstallShield 2009-01-04 06:53 . 2009-01-04 06:53 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Ubisoft 2009-01-04 06:53 . 2009-01-04 06:53 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\InstallShield 2009-01-04 06:45 . 2009-01-04 07:20 <DIR> d-------- c:\program files\Ubisoft 2009-01-04 05:04 . 2009-01-04 05:04 <DIR> d-------- c:\program files\RTL Playtainment 2009-01-02 04:52 . 2009-01-02 04:52 <DIR> d-------- c:\program files\Red Kawa 2009-01-02 04:52 . 2009-01-02 04:52 <DIR> d-------- c:\program files\AviSynth 2.5 2009-01-02 04:52 . 2009-01-02 04:52 <DIR> d-------- C:\OpenCandy 2009-01-01 08:24 . 2008-11-21 21:47 120,056 --------- c:\windows\system32\pxcpyi64.exe 2009-01-01 08:24 . 2008-11-21 21:47 118,520 --------- c:\windows\system32\pxinsi64.exe 2009-01-01 08:14 . 2009-01-02 04:53 <DIR> d-------- c:\documents and settings\Radek\Dane aplikacji\DivX 2009-01-01 08:12 . 2009-01-01 08:24 <DIR> d-------- c:\program files\DivX 2008-12-30 22:35 . 2008-12-30 22:35 <DIR> d-------- c:\windows\system32\FlashAX 2008-12-30 22:35 . 2008-12-30 22:35 <DIR> d-------- C:\MicroGaming 2008-12-30 22:35 . 2008-12-30 22:35 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Microgaming 2008-12-30 22:35 . 2008-12-30 22:35 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\MGS 2008-12-30 04:53 . 2008-12-30 05:03 <DIR> d-------- c:\program files\NBA 2K9 2008-12-29 21:19 . 2008-12-29 21:19 <DIR> d-------- c:\documents and settings\Radek\Dane aplikacji\Betraiser 2008-12-29 21:16 . 2008-12-29 21:16 <DIR> d-------- C:\Programs 2008-12-27 06:28 . 2008-12-27 06:28 <DIR> d-------- c:\documents and settings\Radek\Dane aplikacji\2K Sports 2008-12-22 16:25 . 2006-06-29 13:07 14,048 --------- c:\windows\system32\spmsg2.dll 2008-12-10 05:27 . 2008-12-10 05:27 <DIR> d-------- c:\program files\SubEdit-Player 2008-12-09 12:11 . 2008-12-09 12:11 <DIR> d-------- c:\program files\Sports Interactive 2008-12-07 07:09 . 2008-12-22 16:25 <DIR> d-------- c:\windows\system32\XPSViewer 2008-12-07 07:09 . 2008-12-07 07:09 <DIR> d-------- c:\program files\Reference Assemblies 2008-12-07 07:09 . 2008-12-07 07:09 <DIR> d-------- c:\program files\MSBuild 2008-12-07 07:09 . 2008-12-07 07:09 <DIR> d-------- C:\981d39ce98888f311f 2008-12-07 07:09 . 2008-07-06 12:06 1,676,288 --------- c:\windows\system32\xpssvcs.dll 2008-12-07 07:09 . 2008-07-06 12:06 1,676,288 -----c--- c:\windows\system32\dllcache\xpssvcs.dll 2008-12-07 07:09 . 2008-07-06 10:50 597,504 -----c--- c:\windows\system32\dllcache\printfilterpipelinesvc.exe 2008-12-07 07:09 . 2008-07-06 12:06 575,488 --------- c:\windows\system32\xpsshhdr.dll 2008-12-07 07:09 . 2008-07-06 12:06 575,488 -----c--- c:\windows\system32\dllcache\xpsshhdr.dll 2008-12-07 07:09 . 2008-07-06 12:06 117,760 --------- c:\windows\system32\prntvpt.dll 2008-12-07 07:09 . 2008-07-06 12:06 89,088 -----c--- c:\windows\system32\dllcache\filterpipelineprintproc.dll 2008-12-07 07:08 . 2008-12-08 08:47 <DIR> d-------- c:\windows\SxsCaPendDel 2008-12-07 07:06 . 2008-12-07 07:08 <DIR> d-------- C:\f0fef91efd2b89fc2d 2008-12-06 04:25 . 2009-01-05 16:48 64,988 --a------ c:\windows\system32\DVCState-{00000002-00000000-00000009-00001102-00000005-00231102}.rfx 2008-12-06 04:25 . 2009-01-05 16:48 54,672 --a------ c:\windows\system32\BMXStateBkp-{00000002-00000000-00000009-00001102-00000005-00231102}.rfx 2008-12-06 04:25 . 2009-01-05 16:48 54,672 --a------ c:\windows\system32\BMXState-{00000002-00000000-00000009-00001102-00000005-00231102}.rfx 2008-12-06 04:25 . 2009-01-05 16:48 1,080 --a------ c:\windows\system32\settingsbkup.sfm 2008-12-06 04:25 . 2009-01-05 16:48 1,080 --a------ c:\windows\system32\settings.sfm 2008-12-06 04:24 . 2000-05-11 01:00 90,112 --------- c:\windows\Updreg.EXE 2008-12-06 04:23 . 2005-02-07 09:45 3,128 -ra------ c:\windows\system32\XFi.bmp 2008-12-06 04:23 . 2005-02-07 09:45 766 -ra------ c:\windows\system32\SBXFi.ico 2008-12-06 04:21 . 2005-08-07 21:42 68,135 -ra------ c:\windows\system32\instwdm.ini 2008-12-06 04:21 . 2005-08-07 22:10 10,240 --a------ c:\windows\CTDCRES.DLL 2008-12-06 04:21 . 2005-08-07 21:42 191 -ra------ c:\windows\system32\ctzapxx.ini 2008-12-06 04:19 . 2000-12-13 10:21 7,572,224 --------- c:\windows\system32\CT8MGM.SF2 2008-12-06 04:19 . 2000-12-05 01:11 4,174,814 --------- c:\windows\system32\CT4MGM.SF2 2008-12-06 04:19 . 1999-09-22 15:18 2,167,684 --------- c:\windows\system32\CT2MGM.SF2 2008-12-06 04:17 . 2003-11-11 11:08 77,824 --------- c:\windows\system32\ctdvda32.dll 2008-12-06 04:11 . 2008-12-06 04:11 347 --a------ c:\windows\CTWave32.INI 2008-12-06 04:10 . 2008-12-06 04:10 29 --a------ c:\windows\sfbm.INI . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-05 16:49 --------- d-----w c:\program files\Steam 2009-01-05 08:01 --------- d---a-w c:\documents and settings\All Users\Dane aplikacji\Sports Interactive 2009-01-04 07:20 --------- d--h--w c:\program files\InstallShield Installation Information 2009-01-04 06:45 --------- d-----w c:\program files\Common Files\InstallShield 2009-01-04 06:41 --------- d-----w c:\documents and settings\Radek\Dane aplikacji\uTorrent 2009-01-04 04:53 --------- d-----w c:\program files\World of Warcraft 2008-12-23 18:18 --------- d-----w c:\program files\Diablo II 2008-12-16 18:06 143,872 ----a-w c:\windows\system32\drivers\usbport.sys 2008-12-14 20:07 --------- d-----w c:\documents and settings\Radek\Dane aplikacji\HLSW 2008-12-13 18:04 --------- d-----w c:\documents and settings\Radek\Dane aplikacji\teamspeak2 2008-12-09 12:12 --------- d-----w c:\documents and settings\Radek\Dane aplikacji\Sports Interactive 2008-12-06 04:26 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Creative 2008-12-06 04:24 --------- d-----w c:\program files\Creative 2008-12-06 04:13 --------- d-----w c:\program files\Driver Cleaner 2008-12-06 04:11 --------- d-----w c:\documents and settings\Radek\Dane aplikacji\Creative 2008-12-03 08:20 --------- d-----w c:\program files\CM Rev MBI 2008-12-01 04:40 --------- d-----w c:\program files\Combined Community Codec Pack 2008-11-30 19:40 --------- d--h--w c:\program files\Zero G Registry 2008-11-29 23:12 --------- d-----w c:\documents and settings\Radek\Dane aplikacji\Skype 2008-11-29 19:25 --------- d-----w c:\documents and settings\Radek\Dane aplikacji\skypePM 2008-11-22 14:11 55,808 ----a-w c:\windows\devcon.exe 2008-11-21 12:12 --------- d-----w c:\program files\Skype 2008-11-21 12:12 --------- d-----w c:\program files\Common Files\Skype 2008-11-21 12:12 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Skype 2008-11-18 10:46 138,184 ----a-w c:\windows\system32\drivers\PnkBstrK.sys 2008-11-18 10:38 --------- d-----w c:\program files\EA Games 2008-11-14 13:49 --------- d-----w c:\program files\Common Files\Blizzard Entertainment 2008-11-14 06:31 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Downloaded Installations 2008-11-14 06:24 --------- d-----w c:\documents and settings\Radek\Dane aplikacji\Datalayer 2008-11-14 06:22 --------- d-----w c:\documents and settings\Radek\Dane aplikacji\Nokia 2008-11-14 06:19 --------- d-----w c:\program files\DIFX 2008-11-14 06:19 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\PC Suite 2008-11-14 06:18 --------- d-----w c:\documents and settings\Radek\Dane aplikacji\PC Suite 2008-11-14 00:25 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Blizzard 2008-11-13 12:15 2,829 ----a-w c:\windows\DIIUnin.pif 2008-11-13 12:15 106,496 ----a-w c:\windows\DIIUnin.exe 2008-11-12 14:54 6,188,320 ----a-w c:\windows\system32\drivers\nv4_mini.sys 2008-11-11 07:48 --------- d-----w c:\documents and settings\Radek\Dane aplikacji\mIRC 2008-11-11 07:47 --------- d-----w c:\program files\mIRC 2008-11-09 14:01 --------- d-----w c:\program files\Futuremark 2008-11-09 13:42 --------- d-----w c:\program files\Techland 2008-11-09 05:45 --------- d-----w c:\documents and settings\Radek\Dane aplikacji\Disney Interactive Studios 2008-11-08 09:21 22,328 ----a-w c:\documents and settings\Radek\Dane aplikacji\PnkBstrK.sys 2008-11-08 08:33 --------- d-----w c:\program files\Capcom 2008-11-07 08:31 --------- d-----w c:\documents and settings\Radek\Dane aplikacji\Leadertech 2008-11-07 08:26 --------- d-----w c:\program files\EA Sports 2008-11-06 23:47 --------- d-----w c:\documents and settings\Radek\Dane aplikacji\Uniblue 2008-11-06 07:40 --------- d-----w c:\documents and settings\Radek\Dane aplikacji\Capcom 2008-11-06 05:24 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\KONAMI 2008-11-06 05:16 --------- d-----w c:\program files\Alcohol Soft 2008-11-05 07:58 --------- d-----w c:\program files\DAEMON Tools Toolbar 2008-11-05 07:52 --------- d-----w c:\documents and settings\LocalService\Dane aplikacji\Creative 2008-11-05 07:33 --------- d-----w c:\program files\Windows Media Connect 2 2008-11-05 07:26 --------- d-----w c:\program files\KONAMI 2008-11-05 07:17 --------- d-----w c:\program files\AGEIA Technologies 2008-11-05 07:17 --------- d-----w c:\documents and settings\Radek\Dane aplikacji\Orbit 2008-11-05 07:17 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Spybot - Search & Destroy 2008-11-05 01:17 --------- d-----w c:\program files\Spybot - Search & Destroy . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2005-03-31 790528] "Steam"="c:\program files\steam\steam.exe" [2008-10-14 1410296] "AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-08-01 222592] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NVRaidService"="c:\windows\system32\nvraidservice.exe" [2006-09-21 137216] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-11-12 13672448] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-11-12 86016] "AudioDrvEmulator"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 49152] "CTDVDDET"="c:\program files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056] "RCSystem"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 49152] "VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-07-11 122880] "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112] "nwiz"="nwiz.exe" [2008-11-12 c:\windows\system32\nwiz.exe] "CTHelper"="CTHELPER.EXE" [2005-08-07 c:\windows\CTHELPER.EXE] "CTxfiHlp"="CTXFIHLP.EXE" [2005-08-07 c:\windows\system32\CTXFIHLP.EXE] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "SetDefaultMIDI"="MIDIDEF.EXE" [2005-08-07 c:\windows\MIDIDEF.EXE] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=qfkmrr.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.FFDS"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll "VIDC.XFR1"= xfcodec.dll [HKLM\~\startupfolder\C:^Documents and Settings^Radek^Menu Start^Programy^Autostart^Adobe Media Player.lnk] backup=c:\windows\pss\Adobe Media Player.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount] --a------ 2007-08-01 18:17 222592 c:\program files\Alcohol Soft\Alcohol 120\AxCmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare] --a------ 2006-08-01 16:04 3313664 c:\program files\BearShare\BearShare.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] --a------ 2008-08-08 12:11 490952 c:\program files\DAEMON Tools Lite\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --------- 2008-04-14 17:21 1695232 c:\program files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2001-07-09 09:50 155648 c:\windows\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] -ra------ 2008-11-07 14:31 21633320 c:\program files\Skype\Phone\Skype.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] --a------ 2008-08-03 23:02 36352 c:\program files\Winamp\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\KONAMI\\Pro Evolution Soccer 2009\\pes2009.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Steam\\steamapps\\common\\football manager 2009\\fm.exe"= R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [2006-07-05 63352] S3 cmudaxu;C-Media USB Sound Interface;c:\windows\system32\drivers\cmudaxu.sys [2008-10-11 1391296] . Zawartość folderu 'Zaplanowane zadania' 2009-01-05 c:\windows\Tasks\cokwkqyc.job - c:\windows\system32\rundll32.exe [2008-04-14 17:21] . - - - - USUNIĘTO PUSTE WPISY - - - - BHO-{022e0045-11ab-4c57-899e-21b27fa66c14} - c:\windows\system32\qfkmrr.dll BHO-{4126C07A-D57C-40D8-84A8-69D46B2C632D} - c:\windows\system32\khfcbbxW.dll BHO-{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - c:\windows\system32\urqNDuUM.dll WebBrowser-{32099AAC-C132-4136-9E9A-4E364A424E17} - (no file) HKCU-Run-prunnet - c:\windows\system32\prunnet.exe HKLM-Run-prunnet - c:\windows\system32\prunnet.exe HKU-Default-Run-msiexec.exe - msiconf.exe ShellExecuteHooks-{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - c:\windows\system32\urqNDuUM.dll MSConfigStartUp-Uniblue RegistryBooster 2009 - c:\program files\Uniblue\RegistryBooster\RegistryBooster.exe . ------- Skan uzupełniający ------- . uStart Page = hxxp://wp.pl/ Trusted Zone: *.antimalwareguard.com Trusted Zone: *.antimalwareguard.com Trusted Zone: *.gomyhit.com O16 -: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd FF - ProfilePath - c:\documents and settings\Radek\Dane aplikacji\Mozilla\Firefox\Profiles\kxbvfsao.default\ FF - prefs.js: browser.search.selectedEngine - DAEMON Search FF - prefs.js: browser.startup.homepage - wp.pl FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npganymedenet.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-05 16:49:09 Windows 5.1.2600 Dodatek Service Pack 3 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** . ------------------------ Pozostałe uruchomione procesy ------------------------ . c:\windows\system32\nvsvc32.exe c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe c:\windows\system32\wdfmgr.exe c:\windows\system32\CTXFISPI.EXE c:\windows\system32\wbem\unsecapp.exe c:\program files\Creative\ShareDLL\CADI\NotiMan.exe . ************************************************************************** . Czas ukończenia: 2009-01-05 16:50:30 - komputer został uruchomiony ponownie [Radek] ComboFix-quarantined-files.txt 2009-01-05 16:50:27 Przed: 202,345,340,928 bajtów wolnych Po: 202,970,202,112 bajtów wolnych 285 --- E O F --- 2008-12-18 03:00:24

Bardzo byłbym wdzięczny za pomoc.Dziękuje.

**Posty:** 18165 · przez **wojtas** 05 Sty 2009, 19:34

Wykonaj to co jest podane w tym temacie

Zastosuj SDFix . Po pobraniu uruchom go a rozpakuje się do C:\SDFix. Uruchom komputer w trybie awaryjnym (F8 przy stracie systemu). Będąc w awaryjnym uruchom plik RunThis.bat z folderu SDFixa. Zatwierdź czyszczenie przez Y. Poczekaj aż ukończy i komputer zresetuje

Potem wejdz do folderu C:\SDFix wrzuc zawartość pliku Report.txt + log z combofixa oraz daj loga z hijacka