Brak dźwięku i inne // logi z hjt i cf

[Scooby_DooM]

Witam, problem dotyczy dźwięku (konkretnie jego braku), skórki z windy xp (której też brakuje)

Miałem wcześniej podobny problem, okazało się że to wina jakiegoś syfu, który zmienił nazwę pliku systemowego "svchost.exe" na "svchost.exf"

po zmianie nazwy na powrót problem znikał, lecz dzisiaj (gdy zainstalowałem innego antyvira - kaspersky) wywałiło mi svchost.exe z dysku. I nie pomogło przesłanie pliku od kolegi, dźwięku itd. wciąż nie ma, do tego cały czas, przy starcie systemu wykrywa mi jakiegoś syfa (wciąż tego samego)

załączam logi

HJT:

Kod: Zaznacz wszystko

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:37:37, on 2008-09-03
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe
C:\WINDOWS\system32\UAService7.exe
D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: SafeIE Utility - {B5D4581D-ED6A-4905-A267-25BAF7BE79C1} - C:\WINDOWS\system32\safeie.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKUS\S-1-5-21-1060284298-1202660629-1343024091-1003\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Ściągnij wszystko za pomocą WellGeta - C:\Program Files\WellGet\nxall.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Pobierz z &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
O8 - Extra context menu item: Ściągnij za pomocą &WellGeta - C:\Program Files\WellGet\nxcatch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Statystyki ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: WellGet - {35980F6E-A258-4E50-953D-813BB8556899} - C:\Program Files\WellGet\WellGet.exe
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{24B26F0F-04CD-4383-BFD4-FFBFDC547389}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{7175B2CC-103A-488D-B998-2043388AA1CF}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{C8F90782-A6EB-45BC-9C46-BC933C46B0D7}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\..\{24B26F0F-04CD-4383-BFD4-FFBFDC547389}: NameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{24B26F0F-04CD-4383-BFD4-FFBFDC547389}: NameServer = 192.168.1.1
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: InstallShield Licensing Service - Macrovision                                                     - C:\Program Files\Common Files\InstallShield Shared\Service\InstallShield Licensing Service.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe

--
End of file - 5659 bytes


ComboFix

Kod: Zaznacz wszystko

ComboFix 08-09-01.03 - LoL 2008-09-02 23:52:25.4 - NTFSx86
Running from: D:\ComboFix.exe

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

(((((((((((((((((((((((((   Files Created from 2008-08-02 to 2008-09-02  )))))))))))))))))))))))))))))))
.

2008-09-02 22:46 . 2008-09-02 22:46   14,336   --a------   C:\WINDOWS\system32\svchost.exe
2008-09-02 21:39 . 2008-09-02 21:56   96,976   --a------   C:\WINDOWS\system32\drivers\klin.dat
2008-09-02 21:39 . 2008-09-02 21:56   87,855   --a------   C:\WINDOWS\system32\drivers\klick.dat
2008-09-02 21:38 . 2008-09-02 21:38   <DIR>   d----c---   C:\Program Files\Kaspersky Lab
2008-09-02 21:38 . 2008-09-02 23:45   <DIR>   d----c---   C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab
2008-09-02 21:38 . 2008-09-02 23:58   1,383,456   --ahs----   C:\WINDOWS\system32\drivers\fidbox.dat
2008-09-02 21:38 . 2008-09-02 23:58   303,136   --ahs----   C:\WINDOWS\system32\drivers\fidbox2.dat
2008-09-02 21:38 . 2008-09-02 23:58   12,936   --ahs----   C:\WINDOWS\system32\drivers\fidbox.idx
2008-09-02 21:38 . 2008-09-02 23:58   3,164   --ahs----   C:\WINDOWS\system32\drivers\fidbox2.idx
2008-09-02 21:35 . 2008-09-02 21:35   <DIR>   d----c---   C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files
2008-08-30 23:08 . 2008-09-02 17:33   <DIR>   d----c---   C:\Documents and Settings\All Users\Dane aplikacji\TrackMania
2008-08-29 13:39 . 2003-03-18 21:20   1,060,864   --a------   C:\WINDOWS\system32\mfc71.dll
2008-08-29 13:38 . 2004-01-12 00:00   348,160   --a------   C:\WINDOWS\system32\msvcr71.dll
2008-08-29 01:21 . 2003-03-18 21:14   499,712   --a--c---   C:\WINDOWS\system32\MSVCP71.dll
2008-08-25 22:41 . 2008-08-25 22:41   <DIR>   d----c---   C:\Documents and Settings\All Users\Dane aplikacji\nView_Profiles
2008-08-24 14:38 . 2008-08-24 14:39   <DIR>   d----c---   C:\Program Files\Winamp
2008-08-24 14:38 . 2008-08-24 14:38   <DIR>   d----c---   C:\Program Files\K-Lite Codec Pack
2008-08-24 14:37 . 2008-08-24 14:37   <DIR>   d----c---   C:\Program Files\Gadu-Gadu
2008-08-22 16:21 . 2008-08-22 16:21   <DIR>   d----c---   C:\Documents and Settings\LoL\Dane aplikacji\Nokia
2008-08-22 15:09 . 2008-07-30 21:09   38   --a--c---   C:\WINDOWS\avisplitter.ini
2008-08-21 20:19 . 2008-08-21 20:19   0   --ah-----   C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-08-21 20:19 . 2008-08-21 20:19   0   --ah-----   C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-08-21 20:09 . 2008-08-21 20:09   <DIR>   d----c---   C:\Program Files\Common Files\PCSuite
2008-08-21 20:09 . 2008-08-21 20:09   <DIR>   d----c---   C:\Program Files\Common Files\Nokia
2008-08-21 20:06 . 2007-09-17 15:53   21,632   --a------   C:\WINDOWS\system32\drivers\pccsmcfd.sys
2008-08-21 20:05 . 2008-08-21 20:05   <DIR>   d----c---   C:\Program Files\PC Connectivity Solution
2008-08-21 20:04 . 2008-05-07 07:38   8,064   --a------   C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys
2008-08-21 20:04 . 2008-06-06 09:24   8,064   --a------   C:\WINDOWS\system32\drivers\usbser_lowerflt.sys
2008-08-21 20:03 . 2008-05-07 07:39   1,419,232   --a------   C:\WINDOWS\system32\wdfcoinstaller01005.dll
2008-08-21 20:03 . 2008-05-07 07:38   659,968   --a------   C:\WINDOWS\system32\nmwcdcocls.dll
2008-08-21 20:03 . 2008-05-07 07:38   20,864   --a------   C:\WINDOWS\system32\drivers\ccdcmbo.sys
2008-08-21 20:03 . 2008-05-07 07:38   17,536   --a------   C:\WINDOWS\system32\drivers\ccdcmb.sys
2008-08-19 22:34 . 2008-08-19 22:34   <DIR>   d----c---   C:\Documents and Settings\LoL\Dane aplikacji\Soldat
2008-08-19 22:05 . 2008-08-19 22:05   <DIR>   d----c---   C:\Documents and Settings\LoL\Phone Browser
2008-08-19 18:30 . 2008-08-19 18:30   <DIR>   d----c---   C:\Documents and Settings\LoL\Dane aplikacji\PC Suite
2008-08-19 17:10 . 2008-08-19 17:10   <DIR>   d----c---   C:\Documents and Settings\Noczu\Phone Browser
2008-08-19 17:08 . 2008-08-23 00:55   <DIR>   d----c---   C:\Documents and Settings\Noczu\Dane aplikacji\Nokia
2008-08-19 17:08 . 2008-08-19 17:08   <DIR>   d----c---   C:\Documents and Settings\All Users\Dane aplikacji\PC Suite
2008-08-19 17:06 . 2008-08-21 20:19   <DIR>   d----c---   C:\Documents and Settings\Noczu\Dane aplikacji\PC Suite
2008-08-19 17:05 . 2008-08-21 20:10   <DIR>   d----c---   C:\WINDOWS\system32\DRVSTORE
2008-08-19 17:05 . 2008-08-21 20:08   <DIR>   d----c---   C:\Program Files\Nokia
2008-08-19 17:05 . 2008-05-07 07:38   90,624   --a------   C:\WINDOWS\system32\nmwcdcls.dll
2008-08-19 17:04 . 2008-08-21 20:10   <DIR>   d----c---   C:\Documents and Settings\All Users\Dane aplikacji\Installations
2008-08-19 02:09 . 2008-08-19 02:09   2   --a--c---   C:\WINDOWS\msoffice.ini
2008-08-19 01:50 . 2008-08-20 11:25   <DIR>   d----c---   C:\Program Files\Common Files\BinarySense
2008-08-12 00:00 . 2008-07-04 08:34   860,160   --a------   C:\WINDOWS\system32\lameACM.acm
2008-08-12 00:00 . 2008-01-10 14:15   755,027   --a------   C:\WINDOWS\system32\xvidcore.dll
2008-08-12 00:00 . 2004-01-25 18:18   217,088   --a------   C:\WINDOWS\system32\yv12vfw.dll
2008-08-12 00:00 . 2007-09-04 18:56   164,352   --a------   C:\WINDOWS\system32\unrar.dll
2008-08-12 00:00 . 2008-01-10 14:16   159,839   --a------   C:\WINDOWS\system32\xvidvfw.dll
2008-08-12 00:00 . 2007-09-21 02:52   118,784   --a------   C:\WINDOWS\system32\ac3acm.acm
2008-08-12 00:00 . 2007-10-03 17:03   414   --a------   C:\WINDOWS\system32\lame_acm.xml
2008-08-11 23:59 . 2008-07-23 18:50   3,596,288   --a------   C:\WINDOWS\system32\qt-dx331.dll
2008-08-11 23:59 . 2008-07-25 10:34   683,520   --a------   C:\WINDOWS\system32\divx.dll
2008-08-11 23:59 . 2008-07-25 10:34   81,920   --a------   C:\WINDOWS\system32\dpl100.dll
2008-08-11 23:59 . 2008-06-12 20:36   7,680   --a------   C:\WINDOWS\system32\ff_vfw.dll
2008-08-11 23:59 . 2007-07-10 18:10   547   --a------   C:\WINDOWS\system32\ff_vfw.dll.manifest
2008-08-11 23:53 . 2008-08-11 23:53   <DIR>   d----c---   C:\Documents and Settings\LoL\Dane aplikacji\Media Player Classic
2008-08-10 16:43 . 2008-09-02 23:56   <DIR>   d--h-c---   C:\Documents and Settings\Administrator.GONTARZ\Ustawienia lokalne
2008-08-10 16:43 . 2006-08-23 23:49   <DIR>   d----c---   C:\Documents and Settings\Administrator.GONTARZ\Ulubione
2008-08-10 16:43 . 2006-08-23 20:58   <DIR>   d--h-c---   C:\Documents and Settings\Administrator.GONTARZ\Szablony
2008-08-10 16:43 . 2006-08-23 23:49   <DIR>   d----c---   C:\Documents and Settings\Administrator.GONTARZ\Pulpit
2008-08-10 16:43 . 2006-08-23 23:49   <DIR>   d----c---   C:\Documents and Settings\Administrator.GONTARZ\Moje dokumenty
2008-08-10 16:43 . 2006-08-23 23:49   <DIR>   dr---c---   C:\Documents and Settings\Administrator.GONTARZ\Menu Start
2008-08-10 16:43 . 2008-08-10 16:56   <DIR>   dr-h-c---   C:\Documents and Settings\Administrator.GONTARZ\Dane aplikacji
2008-08-10 16:43 . 2008-08-10 21:31   <DIR>   d----c---   C:\Documents and Settings\Administrator.GONTARZ
2008-08-10 16:07 . 2008-08-10 17:01   92   --a--c---   C:\WINDOWS\CMISETUP.INI
2008-08-08 20:22 . 2002-07-16 21:47   36,924   --a--c---   C:\WINDOWS\cmijack.dat
2008-08-08 20:22 . 2002-07-16 20:33   20,333   -----c---   C:\WINDOWS\cmaudio.ini
2008-08-08 20:22 . 2002-07-16 20:33   20,333   --a--c---   C:\WINDOWS\cmaudio.dat
2008-08-08 20:14 . 2001-10-22 17:24   1,216,512   -ra--c---   C:\WINDOWS\SET2B7.tmp
2008-08-08 20:13 . 2001-10-22 17:24   1,216,512   -ra--c---   C:\WINDOWS\SET2A7.tmp
2008-08-08 20:08 . 2008-08-08 20:08   <DIR>   d----c---   C:\Program Files\directx
2008-08-08 19:57 . 2001-10-22 17:24   1,216,512   -ra--c---   C:\WINDOWS\SET287.tmp
2008-08-08 19:56 . 2008-08-08 20:22   <DIR>   d----c---   C:\Program Files\C-Media
2008-08-08 19:56 . 2002-07-12 16:33   1,581,056   --a--c---   C:\WINDOWS\SET316.tmp
2008-08-08 19:56 . 2002-07-12 16:33   1,581,056   --a--c---   C:\WINDOWS\SET304.tmp
2008-08-08 19:56 . 2002-07-12 16:33   1,581,056   --a--c---   C:\WINDOWS\SET14.tmp
2008-08-08 19:56 . 2002-07-12 16:33   1,581,056   --a--c---   C:\WINDOWS\SET13.tmp
2008-08-08 19:56 . 2001-10-22 18:24   1,216,512   --a--c---   C:\WINDOWS\SET6C.tmp
2008-08-08 19:56 . 2001-12-07 15:24   1,216,512   -ra--c---   C:\WINDOWS\Mixer.dat
2008-08-08 19:56 . 2001-12-07 20:32   184,320   -ra--c---   C:\WINDOWS\W2KSetup.exe
2008-08-08 19:56 . 2008-08-10 17:01   26   --a--c---   C:\WINDOWS\CMCDPLAY.INI
2008-08-07 14:39 . 2008-08-07 14:41   120   --a--c---   C:\WINDOWS\CMMIXER.INI
2008-08-04 13:54 . 2008-08-04 13:54   <DIR>   d----c---   C:\Program Files\Trend Micro
2008-08-03 18:01 . 2008-08-03 18:01   <DIR>   d--h-----   C:\WINDOWS\system32\GroupPolicy

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-02 17:12   ---------   dc-h--w   C:\Program Files\InstallShield Installation Information
2008-08-31 14:52   ---------   dc----w   C:\Documents and Settings\LoL\Dane aplikacji\Hamachi
2008-08-30 01:09   ---------   dc----w   C:\Documents and Settings\Noczu\Dane aplikacji\uTorrent
2008-08-29 02:25   ---------   dc----w   C:\Documents and Settings\LoL\Dane aplikacji\uTorrent
2008-08-25 21:03   ---------   dc--a-w   C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2008-08-24 12:40   ---------   dc----w   C:\Program Files\JetAudio
2008-08-24 11:55   ---------   dc----w   C:\Program Files\Common Files\Ahead
2008-08-21 18:38   ---------   dc----w   C:\Program Files\WellGet
2008-08-21 18:38   ---------   dc----w   C:\Program Files\Real Alternative
2008-08-05 07:46   ---------   dc----w   C:\Documents and Settings\Noczu\Dane aplikacji\Hamachi
2008-07-13 11:16   ---------   dc----w   C:\Program Files\MeowMultiSound100
2008-07-13 09:16   ---------   dc----w   C:\Documents and Settings\Noczu\Dane aplikacji\DivX
2008-07-12 22:40   56   -c----r   C:\RAYMAN.BAT
2008-07-10 00:45   ---------   dc----w   C:\Program Files\Common Files\INCA Shared
2008-07-07 23:32   ---------   dc----w   C:\Program Files\Viewpoint
2008-07-07 23:32   ---------   dc----w   C:\Documents and Settings\All Users\Dane aplikacji\Viewpoint
2008-07-04 21:07   ---------   dc----w   C:\Program Files\uTorrent
2008-07-04 20:04   ---------   dc----w   C:\Program Files\Opera
2008-07-03 18:40   ---------   dc----w   C:\Documents and Settings\Noczu\Dane aplikacji\PC-Cleaner
2008-07-03 18:37   ---------   dc----w   C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy
2008-04-28 09:53   32   -c--a-w   C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat
2006-11-24 17:15   888   -c--a-w   C:\Documents and Settings\LoL\chroma2.dat
2001-11-23 10:08   712,704   ----a-w   C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
.

------- Sigcheck -------

2008-09-02 22:46  14336  8607d35d92528e2df386f19a960d23ce   C:\WINDOWS\system32\svchost.exe

2005-03-02 20:21  578560  6a93565be9b8422eb7538c66ac732d76   C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
2004-08-04 00:44  578560  0c81764f50f32d376e6e4b9e9f4b01a0   C:\WINDOWS\$NtUninstallKB890859$\user32.dll
2005-03-02 20:18  578560  b7eeb1a1af740306049241ddf61f21ff   C:\WINDOWS\system32\user32.dll
2005-03-02 20:18  578560  b7eeb1a1af740306049241ddf61f21ff   C:\WINDOWS\system32\dllcache\user32.dll

2004-08-04 00:44  82944  ab82237486b727dd7dab36a76f38a3a2   C:\WINDOWS\system32\ws2_32.dll
2004-08-04 00:44  82944  ab82237486b727dd7dab36a76f38a3a2   C:\WINDOWS\system32\dllcache\ws2_32.dll

2006-06-23 13:27  667136  9df7509e4ca980a1c68cf737febb6017   C:\WINDOWS\$hf_mig$\KB918899\SP2QFE\wininet.dll
2004-08-04 00:44  658944  d37dafb534ac8343d59a1b501abe852c   C:\WINDOWS\$NtUninstallKB918899$\wininet.dll
2006-06-23 13:16  661504  f8c7c74790d5910e63b9ebde0da66728   C:\WINDOWS\system32\wininet.dll
2006-06-23 13:16  695808  d386812eb59c85396554ac9e11031969   C:\WINDOWS\system32\dllcache\wininet.dll

2006-04-20 14:18  360576  b2220c618b42a2212a59d91ebd6fc4b4   C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2004-08-03 23:14  359040  9f4b36614a0fc234525ba224957de55c   C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
2006-04-20 13:51  359808  1dbf125862891817f374f407626967f4   C:\WINDOWS\system32\dllcache\tcpip.sys
2006-04-20 13:51  359808  45265cbad25c6254afafc7bdd88bdb4b   C:\WINDOWS\system32\drivers\tcpip.sys

2004-08-04 00:44  504832  0344407089b08548d4feba62bb0f32d0   C:\WINDOWS\system32\winlogon.exe
2004-08-04 00:44  504832  0344407089b08548d4feba62bb0f32d0   C:\WINDOWS\system32\dllcache\winlogon.exe

2004-08-03 23:14  182912  558635d3af1c7546d26067d5d9b6959e   C:\WINDOWS\system32\dllcache\ndis.sys
2004-08-03 23:14  182912  558635d3af1c7546d26067d5d9b6959e   C:\WINDOWS\system32\drivers\ndis.sys

2004-08-03 23:00  29056  4448006b6bc60e6c027932cfc38d6855   C:\WINDOWS\system32\dllcache\ip6fw.sys
2004-08-03 23:00  29056  4448006b6bc60e6c027932cfc38d6855   C:\WINDOWS\system32\drivers\ip6fw.sys

2005-03-02 20:14  2058240  35d11fdc381536ab95e3005489131f44   C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
2004-08-04 00:54  2058112  44d1bc1b05e0c7c82e81687b79c653c7   C:\WINDOWS\$NtUninstallKB890859$\ntkrnlpa.exe
2005-03-02 20:08  2058112  0f6990820c6ce0a7a911fae5937ef1f6   C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
2005-03-02 20:08  2058112  0f6990820c6ce0a7a911fae5937ef1f6   C:\WINDOWS\system32\ntkrnlpa.exe

2005-03-02 20:14  2180864  dba3e4215279c8012b37d2135b531258   C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
2004-08-04 00:39  2182272  dcf53422b7edded3b7431fbae4a7ee3f   C:\WINDOWS\$NtUninstallKB890859$\ntoskrnl.exe
2005-03-02 20:09  2180608  3f3612846d67352468d2286fc23fb0c2   C:\WINDOWS\system32\ntoskrnl.exe

2004-08-04 00:44  1033728  379098a96e6c165b659de7e4328010ea   C:\WINDOWS\explorer.exe
2004-08-04 00:44  975872  196c130d31317fe53de984220b5e13b9   C:\WINDOWS\system32\dllcache\explorer.exe

2004-08-04 00:44  108544  3da8d964d2cc12ef8e8c342471a37917   C:\WINDOWS\system32\services.exe
2004-08-04 00:44  108544  3da8d964d2cc12ef8e8c342471a37917   C:\WINDOWS\system32\dllcache\services.exe

2004-08-04 00:44  13312  f485fefc8cc4fd29243d800be5d275d1   C:\WINDOWS\system32\lsass.exe
2004-08-04 00:44  13312  f485fefc8cc4fd29243d800be5d275d1   C:\WINDOWS\system32\dllcache\lsass.exe

2004-08-04 00:44  15360  cbfa30492d70ce3938d8a7783d0c0436   C:\WINDOWS\system32\ctfmon.exe
2004-08-04 00:44  15360  cbfa30492d70ce3938d8a7783d0c0436   C:\WINDOWS\system32\dllcache\ctfmon.exe

2005-06-11 02:17  57856  ad3d9d191aea7b5445fe1d82ffbb4788   C:\WINDOWS\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
2004-08-04 00:44  57856  bebe8a85954ff460374fd5a0cd21e19b   C:\WINDOWS\$NtUninstallKB896423$\spoolsv.exe
2005-06-11 01:53  57856  da81ec57acd4cdc3d4c51cf3d409af9f   C:\WINDOWS\system32\spoolsv.exe
2005-06-11 01:53  57856  da81ec57acd4cdc3d4c51cf3d409af9f   C:\WINDOWS\system32\dllcache\spoolsv.exe

2004-08-04 00:44  25088  bd768099b4c44aa631728cb74eb54396   C:\WINDOWS\system32\userinit.exe
2004-08-04 00:44  25088  bd768099b4c44aa631728cb74eb54396   C:\WINDOWS\system32\dllcache\userinit.exe
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2006-02-17 2396160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-06-01 7618560]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-12-10 133016]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2008-04-25 201992]
"nwiz"="nwiz.exe" [2006-06-01 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="NvMCTray.dll" [2006-06-01 C:\WINDOWS\system32\nvmctray.dll]
"C-Media Mixer"="Mixer.exe" [2001-10-22 C:\WINDOWS\mixer.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll

[HKLM\~\startupfolder\C:^Documents and Settings^LoL^Menu Start^Programy^Autostart^HDDlife.lnk]
path=C:\Documents and Settings\LoL\Menu Start\Programy\Autostart\HDDlife.lnk
backup=C:\WINDOWS\pss\HDDlife.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

S0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [2008-01-29 18:29]
S3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-03-25 20:07]


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
ProgView

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{82665a6a-d88e-11d7-85e8-00e04c009fb0}]
\Shell\AutoRun\command - G:\autorun.exe
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.aol.com
O8 -: &Ściągnij wszystko za pomocą WellGeta - C:\Program Files\WellGet\nxall.htm
O8 -: E&ksport do programu Microsoft Excel - D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 -: Pobierz z &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
O8 -: Ściągnij za pomocą &WellGeta - C:\Program Files\WellGet\nxcatch.htm
O9 -: {35980F6E-A258-4E50-953D-813BB8556899} - C:\Program Files\WellGet\WellGet.exe
O9 -: {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O17 -: HKLM\CCS\Interface\{24B26F0F-04CD-4383-BFD4-FFBFDC547389}: NameServer = 192.168.1.1
O17 -: HKLM\CCS\Interface\{7175B2CC-103A-488D-B998-2043388AA1CF}: NameServer = 208.67.220.220,208.67.222.222
O17 -: HKLM\CCS\Interface\{C8F90782-A6EB-45BC-9C46-BC933C46B0D7}: NameServer = 208.67.220.220,208.67.222.222
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-03 00:01:54
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2008-09-03  0:10:18 - machine was rebooted
ComboFix-quarantined-files.txt  2008-09-02 22:09:42
ComboFix2.txt  2008-09-02 19:34:00

Pre-Run: 680,366,080 bajtów wolnych
Post-Run: 635,322,368 bajt˘w wolnych

238


Będę bardzo wdzięczny za wszelką pomoc
Pozdrawiam

[djarta]

Wklej do Notatnika:

Kod: Zaznacz wszystko

File::
C:\WINDOWS\SET2B7.tmp
C:\WINDOWS\SET2A7.tmp
C:\WINDOWS\SET287.tmp
C:\WINDOWS\SET316.tmp
C:\WINDOWS\SET304.tmp
C:\WINDOWS\SET14.tmp
C:\WINDOWS\SET13.tmp
C:\WINDOWS\SET6C.tmp


>>Plik>>Zapisz jako... >>> CFScript
Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe
-->
Ma się rozpocząć usuwanie. (i powstanie log).Daj ten log, który powstanie w trakcie usuwania.
Jeśli pójdzie dobrze, to: Po restarcie usuń ręcznie folder C:\Qoobox.

Potem:

Pobierz program SDFix

* Dwuklik na SDFix.exe następnie program wypakuje się na dysk systemowy (standardowo C:\SDFix)
* Zrestartuj komputer i wejdź do trybu awaryjnego (klawisz F8 przed bootem Windowsa)
* Wejdź do folderu z SDFix kliknij dwa razy na plik RunThis.bat
* Wciśnij Y nastąpi proces usuwania.
* Kiedy usuwanie się ukończy wciśnij dowolny klawisz (Any Key). Nastąpi restart komputera.
* Po restarcie SDFix uruchomi się ponownie, żeby dokończyć proces usuwania kiedy pojawi się w oknie programu Finished, wciśnij dowolny klawisz do zakończenia scryptu i załadowania ikon na pulpicie.
* Pokaż Report.txt znajdujący się w folderze SDFix.


======================
K.

[Scooby_DooM]

ok, przeciąganie co prawda nie działa, ale dałem na pliku CFScript otwórz za pomocą i znalazłem ComboFix

LOG:

Kod: Zaznacz wszystko

ComboFix 08-09-01.05 - LoL 2008-09-03 13:44:18.5 - NTFSx86
Running from: D:\ComboFix.exe
Command switches used :: D:\CFScript.txt

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\SET13.tmp
C:\WINDOWS\SET14.tmp
C:\WINDOWS\SET287.tmp
C:\WINDOWS\SET2A7.tmp
C:\WINDOWS\SET2B7.tmp
C:\WINDOWS\SET304.tmp
C:\WINDOWS\SET316.tmp
C:\WINDOWS\SET6C.tmp

.
(((((((((((((((((((((((((   Files Created from 2008-08-03 to 2008-09-03  )))))))))))))))))))))))))))))))
.

2008-09-03 01:43 . 2008-09-03 01:43   0   --a------   C:\WINDOWS\system32\Nowy Dokument tekstowy.bat
2008-09-02 22:46 . 2008-09-03 01:37   14,336   --a------   C:\WINDOWS\system32\svchost.exe
2008-09-02 22:46 . 2008-09-02 22:46   14,336   --a------   C:\WINDOWS\system32\ksvchost.exe
2008-09-02 21:39 . 2008-09-02 21:56   96,976   --a------   C:\WINDOWS\system32\drivers\klin.dat
2008-09-02 21:39 . 2008-09-02 21:56   87,855   --a------   C:\WINDOWS\system32\drivers\klick.dat
2008-09-02 21:38 . 2008-09-02 21:38   <DIR>   d----c---   C:\Program Files\Kaspersky Lab
2008-09-02 21:38 . 2008-09-03 11:54   <DIR>   d----c---   C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab
2008-09-02 21:38 . 2008-09-03 02:26   1,383,456   --ahs----   C:\WINDOWS\system32\drivers\fidbox.dat
2008-09-02 21:38 . 2008-09-03 11:42   311,328   --ahs----   C:\WINDOWS\system32\drivers\fidbox2.dat
2008-09-02 21:38 . 2008-09-03 02:26   12,936   --ahs----   C:\WINDOWS\system32\drivers\fidbox.idx
2008-09-02 21:38 . 2008-09-03 11:42   3,192   --ahs----   C:\WINDOWS\system32\drivers\fidbox2.idx
2008-09-02 21:35 . 2008-09-02 21:35   <DIR>   d----c---   C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files
2008-08-30 23:08 . 2008-09-02 17:33   <DIR>   d----c---   C:\Documents and Settings\All Users\Dane aplikacji\TrackMania
2008-08-29 13:39 . 2003-03-18 21:20   1,060,864   --a------   C:\WINDOWS\system32\mfc71.dll
2008-08-29 13:38 . 2004-01-12 00:00   348,160   --a------   C:\WINDOWS\system32\msvcr71.dll
2008-08-29 01:21 . 2003-03-18 21:14   499,712   --a--c---   C:\WINDOWS\system32\MSVCP71.dll
2008-08-25 22:41 . 2008-08-25 22:41   <DIR>   d----c---   C:\Documents and Settings\All Users\Dane aplikacji\nView_Profiles
2008-08-24 14:38 . 2008-08-24 14:39   <DIR>   d----c---   C:\Program Files\Winamp
2008-08-24 14:38 . 2008-08-24 14:38   <DIR>   d----c---   C:\Program Files\K-Lite Codec Pack
2008-08-24 14:37 . 2008-08-24 14:37   <DIR>   d----c---   C:\Program Files\Gadu-Gadu
2008-08-22 16:21 . 2008-08-22 16:21   <DIR>   d----c---   C:\Documents and Settings\LoL\Dane aplikacji\Nokia
2008-08-22 15:09 . 2008-07-30 21:09   38   --a--c---   C:\WINDOWS\avisplitter.ini
2008-08-21 20:19 . 2008-08-21 20:19   0   --ah-----   C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-08-21 20:19 . 2008-08-21 20:19   0   --ah-----   C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-08-21 20:09 . 2008-08-21 20:09   <DIR>   d----c---   C:\Program Files\Common Files\PCSuite
2008-08-21 20:09 . 2008-08-21 20:09   <DIR>   d----c---   C:\Program Files\Common Files\Nokia
2008-08-21 20:06 . 2007-09-17 15:53   21,632   --a------   C:\WINDOWS\system32\drivers\pccsmcfd.sys
2008-08-21 20:05 . 2008-08-21 20:05   <DIR>   d----c---   C:\Program Files\PC Connectivity Solution
2008-08-21 20:04 . 2008-05-07 07:38   8,064   --a------   C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys
2008-08-21 20:04 . 2008-06-06 09:24   8,064   --a------   C:\WINDOWS\system32\drivers\usbser_lowerflt.sys
2008-08-21 20:03 . 2008-05-07 07:39   1,419,232   --a------   C:\WINDOWS\system32\wdfcoinstaller01005.dll
2008-08-21 20:03 . 2008-05-07 07:38   659,968   --a------   C:\WINDOWS\system32\nmwcdcocls.dll
2008-08-21 20:03 . 2008-05-07 07:38   20,864   --a------   C:\WINDOWS\system32\drivers\ccdcmbo.sys
2008-08-21 20:03 . 2008-05-07 07:38   17,536   --a------   C:\WINDOWS\system32\drivers\ccdcmb.sys
2008-08-19 22:34 . 2008-08-19 22:34   <DIR>   d----c---   C:\Documents and Settings\LoL\Dane aplikacji\Soldat
2008-08-19 22:05 . 2008-08-19 22:05   <DIR>   d----c---   C:\Documents and Settings\LoL\Phone Browser
2008-08-19 18:30 . 2008-08-19 18:30   <DIR>   d----c---   C:\Documents and Settings\LoL\Dane aplikacji\PC Suite
2008-08-19 17:10 . 2008-08-19 17:10   <DIR>   d----c---   C:\Documents and Settings\Noczu\Phone Browser
2008-08-19 17:08 . 2008-08-23 00:55   <DIR>   d----c---   C:\Documents and Settings\Noczu\Dane aplikacji\Nokia
2008-08-19 17:08 . 2008-08-19 17:08   <DIR>   d----c---   C:\Documents and Settings\All Users\Dane aplikacji\PC Suite
2008-08-19 17:06 . 2008-08-21 20:19   <DIR>   d----c---   C:\Documents and Settings\Noczu\Dane aplikacji\PC Suite
2008-08-19 17:05 . 2008-08-21 20:10   <DIR>   d----c---   C:\WINDOWS\system32\DRVSTORE
2008-08-19 17:05 . 2008-08-21 20:08   <DIR>   d----c---   C:\Program Files\Nokia
2008-08-19 17:05 . 2008-05-07 07:38   90,624   --a------   C:\WINDOWS\system32\nmwcdcls.dll
2008-08-19 17:04 . 2008-08-21 20:10   <DIR>   d----c---   C:\Documents and Settings\All Users\Dane aplikacji\Installations
2008-08-19 02:09 . 2008-08-19 02:09   2   --a--c---   C:\WINDOWS\msoffice.ini
2008-08-19 01:50 . 2008-08-20 11:25   <DIR>   d----c---   C:\Program Files\Common Files\BinarySense
2008-08-12 00:00 . 2008-07-04 08:34   860,160   --a------   C:\WINDOWS\system32\lameACM.acm
2008-08-12 00:00 . 2008-01-10 14:15   755,027   --a------   C:\WINDOWS\system32\xvidcore.dll
2008-08-12 00:00 . 2004-01-25 18:18   217,088   --a------   C:\WINDOWS\system32\yv12vfw.dll
2008-08-12 00:00 . 2007-09-04 18:56   164,352   --a------   C:\WINDOWS\system32\unrar.dll
2008-08-12 00:00 . 2008-01-10 14:16   159,839   --a------   C:\WINDOWS\system32\xvidvfw.dll
2008-08-12 00:00 . 2007-09-21 02:52   118,784   --a------   C:\WINDOWS\system32\ac3acm.acm
2008-08-12 00:00 . 2007-10-03 17:03   414   --a------   C:\WINDOWS\system32\lame_acm.xml
2008-08-11 23:59 . 2008-07-23 18:50   3,596,288   --a------   C:\WINDOWS\system32\qt-dx331.dll
2008-08-11 23:59 . 2008-07-25 10:34   683,520   --a------   C:\WINDOWS\system32\divx.dll
2008-08-11 23:59 . 2008-07-25 10:34   81,920   --a------   C:\WINDOWS\system32\dpl100.dll
2008-08-11 23:59 . 2008-06-12 20:36   7,680   --a------   C:\WINDOWS\system32\ff_vfw.dll
2008-08-11 23:59 . 2007-07-10 18:10   547   --a------   C:\WINDOWS\system32\ff_vfw.dll.manifest
2008-08-11 23:53 . 2008-08-11 23:53   <DIR>   d----c---   C:\Documents and Settings\LoL\Dane aplikacji\Media Player Classic
2008-08-10 16:43 . 2008-09-03 13:48   <DIR>   d--h-c---   C:\Documents and Settings\Administrator.GONTARZ\Ustawienia lokalne
2008-08-10 16:43 . 2006-08-23 23:49   <DIR>   d----c---   C:\Documents and Settings\Administrator.GONTARZ\Ulubione
2008-08-10 16:43 . 2006-08-23 20:58   <DIR>   d--h-c---   C:\Documents and Settings\Administrator.GONTARZ\Szablony
2008-08-10 16:43 . 2006-08-23 23:49   <DIR>   d----c---   C:\Documents and Settings\Administrator.GONTARZ\Pulpit
2008-08-10 16:43 . 2006-08-23 23:49   <DIR>   d----c---   C:\Documents and Settings\Administrator.GONTARZ\Moje dokumenty
2008-08-10 16:43 . 2006-08-23 23:49   <DIR>   dr---c---   C:\Documents and Settings\Administrator.GONTARZ\Menu Start
2008-08-10 16:43 . 2008-08-10 16:56   <DIR>   dr-h-c---   C:\Documents and Settings\Administrator.GONTARZ\Dane aplikacji
2008-08-10 16:43 . 2008-08-10 21:31   <DIR>   d----c---   C:\Documents and Settings\Administrator.GONTARZ
2008-08-10 16:07 . 2008-08-10 17:01   92   --a--c---   C:\WINDOWS\CMISETUP.INI
2008-08-08 20:22 . 2002-07-16 21:47   36,924   --a--c---   C:\WINDOWS\cmijack.dat
2008-08-08 20:22 . 2002-07-16 20:33   20,333   -----c---   C:\WINDOWS\cmaudio.ini
2008-08-08 20:22 . 2002-07-16 20:33   20,333   --a--c---   C:\WINDOWS\cmaudio.dat
2008-08-08 20:08 . 2008-08-08 20:08   <DIR>   d----c---   C:\Program Files\directx
2008-08-08 19:56 . 2008-08-08 20:22   <DIR>   d----c---   C:\Program Files\C-Media
2008-08-08 19:56 . 2001-12-07 15:24   1,216,512   -ra--c---   C:\WINDOWS\Mixer.dat
2008-08-08 19:56 . 2001-12-07 20:32   184,320   -ra--c---   C:\WINDOWS\W2KSetup.exe
2008-08-08 19:56 . 2008-08-10 17:01   26   --a--c---   C:\WINDOWS\CMCDPLAY.INI
2008-08-07 14:39 . 2008-08-07 14:41   120   --a--c---   C:\WINDOWS\CMMIXER.INI
2008-08-04 13:54 . 2008-08-04 13:54   <DIR>   d----c---   C:\Program Files\Trend Micro
2008-08-03 18:01 . 2008-08-03 18:01   <DIR>   d--h-----   C:\WINDOWS\system32\GroupPolicy

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-03 11:44   ---------   dc----w   C:\Documents and Settings\LoL\Dane aplikacji\uTorrent
2008-09-02 17:12   ---------   dc-h--w   C:\Program Files\InstallShield Installation Information
2008-08-31 14:52   ---------   dc----w   C:\Documents and Settings\LoL\Dane aplikacji\Hamachi
2008-08-30 01:09   ---------   dc----w   C:\Documents and Settings\Noczu\Dane aplikacji\uTorrent
2008-08-25 21:03   ---------   dc--a-w   C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2008-08-24 12:40   ---------   dc----w   C:\Program Files\JetAudio
2008-08-24 11:55   ---------   dc----w   C:\Program Files\Common Files\Ahead
2008-08-21 18:38   ---------   dc----w   C:\Program Files\WellGet
2008-08-21 18:38   ---------   dc----w   C:\Program Files\Real Alternative
2008-08-05 07:46   ---------   dc----w   C:\Documents and Settings\Noczu\Dane aplikacji\Hamachi
2008-07-13 11:16   ---------   dc----w   C:\Program Files\MeowMultiSound100
2008-07-13 09:16   ---------   dc----w   C:\Documents and Settings\Noczu\Dane aplikacji\DivX
2008-07-12 22:40   56   -c----r   C:\RAYMAN.BAT
2008-07-10 00:45   ---------   dc----w   C:\Program Files\Common Files\INCA Shared
2008-07-07 23:32   ---------   dc----w   C:\Program Files\Viewpoint
2008-07-07 23:32   ---------   dc----w   C:\Documents and Settings\All Users\Dane aplikacji\Viewpoint
2008-07-04 21:07   ---------   dc----w   C:\Program Files\uTorrent
2008-07-04 20:04   ---------   dc----w   C:\Program Files\Opera
2008-07-03 18:40   ---------   dc----w   C:\Documents and Settings\Noczu\Dane aplikacji\PC-Cleaner
2008-07-03 18:37   ---------   dc----w   C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy
2008-04-28 09:53   32   -c--a-w   C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat
2006-11-24 17:15   888   -c--a-w   C:\Documents and Settings\LoL\chroma2.dat
2001-11-23 10:08   712,704   ----a-w   C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
.

------- Sigcheck -------

2008-09-03 01:37  14336  2979b03d5382a602623c0535b16ab9c0   C:\WINDOWS\system32\svchost.exe

2005-03-02 20:21  578560  6a93565be9b8422eb7538c66ac732d76   C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
2004-08-04 00:44  578560  0c81764f50f32d376e6e4b9e9f4b01a0   C:\WINDOWS\$NtUninstallKB890859$\user32.dll
2005-03-02 20:18  578560  b7eeb1a1af740306049241ddf61f21ff   C:\WINDOWS\system32\user32.dll
2005-03-02 20:18  578560  b7eeb1a1af740306049241ddf61f21ff   C:\WINDOWS\system32\dllcache\user32.dll

2004-08-04 00:44  82944  ab82237486b727dd7dab36a76f38a3a2   C:\WINDOWS\system32\ws2_32.dll
2004-08-04 00:44  82944  ab82237486b727dd7dab36a76f38a3a2   C:\WINDOWS\system32\dllcache\ws2_32.dll

2006-06-23 13:27  667136  9df7509e4ca980a1c68cf737febb6017   C:\WINDOWS\$hf_mig$\KB918899\SP2QFE\wininet.dll
2004-08-04 00:44  658944  d37dafb534ac8343d59a1b501abe852c   C:\WINDOWS\$NtUninstallKB918899$\wininet.dll
2006-06-23 13:16  661504  f8c7c74790d5910e63b9ebde0da66728   C:\WINDOWS\system32\wininet.dll
2006-06-23 13:16  695808  d386812eb59c85396554ac9e11031969   C:\WINDOWS\system32\dllcache\wininet.dll

2006-04-20 14:18  360576  b2220c618b42a2212a59d91ebd6fc4b4   C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2004-08-03 23:14  359040  9f4b36614a0fc234525ba224957de55c   C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
2006-04-20 13:51  359808  1dbf125862891817f374f407626967f4   C:\WINDOWS\system32\dllcache\tcpip.sys
2006-04-20 13:51  359808  45265cbad25c6254afafc7bdd88bdb4b   C:\WINDOWS\system32\drivers\tcpip.sys

2004-08-04 00:44  504832  0344407089b08548d4feba62bb0f32d0   C:\WINDOWS\system32\winlogon.exe
2004-08-04 00:44  504832  0344407089b08548d4feba62bb0f32d0   C:\WINDOWS\system32\dllcache\winlogon.exe

2004-08-03 23:14  182912  558635d3af1c7546d26067d5d9b6959e   C:\WINDOWS\system32\dllcache\ndis.sys
2004-08-03 23:14  182912  558635d3af1c7546d26067d5d9b6959e   C:\WINDOWS\system32\drivers\ndis.sys

2004-08-03 23:00  29056  4448006b6bc60e6c027932cfc38d6855   C:\WINDOWS\system32\dllcache\ip6fw.sys
2004-08-03 23:00  29056  4448006b6bc60e6c027932cfc38d6855   C:\WINDOWS\system32\drivers\ip6fw.sys

2005-03-02 20:14  2058240  35d11fdc381536ab95e3005489131f44   C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
2004-08-04 00:54  2058112  44d1bc1b05e0c7c82e81687b79c653c7   C:\WINDOWS\$NtUninstallKB890859$\ntkrnlpa.exe
2005-03-02 20:08  2058112  0f6990820c6ce0a7a911fae5937ef1f6   C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
2005-03-02 20:08  2058112  0f6990820c6ce0a7a911fae5937ef1f6   C:\WINDOWS\system32\ntkrnlpa.exe

2005-03-02 20:14  2180864  dba3e4215279c8012b37d2135b531258   C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
2004-08-04 00:39  2182272  dcf53422b7edded3b7431fbae4a7ee3f   C:\WINDOWS\$NtUninstallKB890859$\ntoskrnl.exe
2005-03-02 20:09  2180608  3f3612846d67352468d2286fc23fb0c2   C:\WINDOWS\system32\ntoskrnl.exe

2004-08-04 00:44  1033728  379098a96e6c165b659de7e4328010ea   C:\WINDOWS\explorer.exe
2004-08-04 00:44  975872  196c130d31317fe53de984220b5e13b9   C:\WINDOWS\system32\dllcache\explorer.exe

2004-08-04 00:44  108544  3da8d964d2cc12ef8e8c342471a37917   C:\WINDOWS\system32\services.exe
2004-08-04 00:44  108544  3da8d964d2cc12ef8e8c342471a37917   C:\WINDOWS\system32\dllcache\services.exe

2004-08-04 00:44  13312  f485fefc8cc4fd29243d800be5d275d1   C:\WINDOWS\system32\lsass.exe
2004-08-04 00:44  13312  f485fefc8cc4fd29243d800be5d275d1   C:\WINDOWS\system32\dllcache\lsass.exe

2004-08-04 00:44  15360  cbfa30492d70ce3938d8a7783d0c0436   C:\WINDOWS\system32\ctfmon.exe
2004-08-04 00:44  15360  cbfa30492d70ce3938d8a7783d0c0436   C:\WINDOWS\system32\dllcache\ctfmon.exe

2005-06-11 02:17  57856  ad3d9d191aea7b5445fe1d82ffbb4788   C:\WINDOWS\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
2004-08-04 00:44  57856  bebe8a85954ff460374fd5a0cd21e19b   C:\WINDOWS\$NtUninstallKB896423$\spoolsv.exe
2005-06-11 01:53  57856  da81ec57acd4cdc3d4c51cf3d409af9f   C:\WINDOWS\system32\spoolsv.exe
2005-06-11 01:53  57856  da81ec57acd4cdc3d4c51cf3d409af9f   C:\WINDOWS\system32\dllcache\spoolsv.exe

2004-08-04 00:44  25088  bd768099b4c44aa631728cb74eb54396   C:\WINDOWS\system32\userinit.exe
2004-08-04 00:44  25088  bd768099b4c44aa631728cb74eb54396   C:\WINDOWS\system32\dllcache\userinit.exe
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2006-02-17 2396160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-06-01 7618560]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-12-10 133016]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2008-04-25 201992]
"nwiz"="nwiz.exe" [2006-06-01 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="NvMCTray.dll" [2006-06-01 C:\WINDOWS\system32\nvmctray.dll]
"C-Media Mixer"="Mixer.exe" [2001-10-22 C:\WINDOWS\mixer.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll

[HKLM\~\startupfolder\C:^Documents and Settings^LoL^Menu Start^Programy^Autostart^HDDlife.lnk]
path=C:\Documents and Settings\LoL\Menu Start\Programy\Autostart\HDDlife.lnk
backup=C:\WINDOWS\pss\HDDlife.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

S0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [2008-01-29 18:29]
S3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-03-25 20:07]


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
ProgView

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{82665a6a-d88e-11d7-85e8-00e04c009fb0}]
\Shell\AutoRun\command - G:\autorun.exe

*Newly Created Service* - CATCHME
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-03 13:48:31
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-09-03 13:52:42
ComboFix-quarantined-files.txt  2008-09-03 11:52:25
ComboFix2.txt  2008-09-02 22:10:20
ComboFix3.txt  2008-09-02 19:34:00

Pre-Run: 599,699,456 bajtów wolnych
Post-Run: 580,775,936 bajtów wolnych

223


LOG z SDFix:

Kod: Zaznacz wszystko

[b]SDFix: Version 1.221 [/b]
Run by LoL on 2008-09-03 at 14:16

Microsoft Windows XP [Wersja 5.1.2600]
Running From: C:\SDFix

[b]Checking Services [/b]:


Restoring Default Security Values
Restoring Default Hosts File
Restoring Missing SharedAccess Service

Rebooting


[b]Checking Files [/b]:

Trojan Files Found:

C:\Documents and Settings\LoL\Pulpit\svchost.exe  - Deleted




Removing Temp Files

[b]ADS Check [/b]:



                                 [b]Final Check [/b]:

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-03 14:24:43
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:d12863f3
"s2"=dword:290e4d6f
"h0"=dword:00000002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000001
"ujdew"=hex:81,b8,ac,6e,cc,be,a6,9c,c7,48,50,67,5b,88,f8,43,0b,97,04,3b,5a,..
"p0"="C:\Program Files\Alcohol Soft\Alcohol 52\"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:72,df,26,09,88,7e,64,9f,2a,ea,e5,d1,2f,ef,9e,a2,59,77,b8,3d,23,..
"p0"="C:\Program Files\DAEMON Tools\"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,a6,92,a0,bd,ff,95,22,00,02,85,36,37,36,ef,ce,ba,48,..
"khjeh"=hex:9a,10,1c,89,d5,26,68,d8,13,bf,c4,84,3a,64,df,fe,f7,e7,2c,6f,ea,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:33,60,64,29,a7,31,05,f2,d0,cf,46,21,ab,69,19,73,db,19,20,fd,98,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:3f,91,f7,e7,ec,58,d9,6d,39,ef,a2,35,8e,17,35,e0,c5,d3,d1,db,63,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000001
"ujdew"=hex:81,b8,ac,6e,cc,be,a6,9c,c7,48,50,67,5b,88,f8,43,0b,97,04,3b,5a,..
"p0"="C:\Program Files\Alcohol Soft\Alcohol 52\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:72,df,26,09,88,7e,64,9f,2a,ea,e5,d1,2f,ef,9e,a2,59,77,b8,3d,23,..
"p0"="C:\Program Files\DAEMON Tools\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,a6,92,a0,bd,ff,95,22,00,02,85,36,37,36,ef,ce,ba,48,..
"khjeh"=hex:9a,10,1c,89,d5,26,68,d8,13,bf,c4,84,3a,64,df,fe,f7,e7,2c,6f,ea,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:33,60,64,29,a7,31,05,f2,d0,cf,46,21,ab,69,19,73,db,19,20,fd,98,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:3f,91,f7,e7,ec,58,d9,6d,39,ef,a2,35,8e,17,35,e0,c5,d3,d1,db,63,..

scanning hidden registry entries ...

[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Twain]
"y\1r?ó?d?B\1o? ?d?o?m?y?[\1l?n?e?"="z:\$IMPORT$DS$ROOT$\{6BDD1FC6-810F-11D0-BEC7-08002BE2092F}\0002"

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


[b]Remaining Services [/b]:




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[b]Remaining Files [/b]:


File Backups: - C:\SDFix\backups\backups.zip

[b]Files with Hidden Attributes [/b]:

Wed  8 Nov 2006         4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"

[b]Finished![/b]



[djarta]

Wg mnie - czysto.


Wykonaj to co jest podane w tym temacie (jeśli wykonałeś/łaś to wcześniej to nie rób tego).

Usuń ręcznie folder C:\Qoobox,

Usuń instalkę ComboFix z dysku.

Wykonaj optymalizację autostartu

Przeczyść komputer ATF-Cleaner

Wyłącz i włącz przywracanie systemu na wszystkich dyskach.Instrukcja

Przeskanuj obszar mojego komputera http://www.kaspersky.pl/virusscanner.html (uruchom przez IE) Daj raport z niego na forum.

i tym:

FixIEDef.





===========================
K.

[Scooby_DooM]

przywracanie systemu - > wywala błąd

kaspersky -> nic się nie dzieje kiedy klikam, ale jest napisane: "oferuje taki sam współczynnik wykrywalności jak standardowy antywirus firmy Kaspersky Lab." którym przeskanowałem komp (nic nie wykrył)

fixIEDef: błąd:

[djarta]

Scan tym ----> Dr.WEB CureIt!


=====================
K.

[Scooby_DooM]

czysto

[djarta]

W takim razie powinno być Ok!


===================
K.

Autor postu otrzymał pochwałę

[Scooby_DooM]

No właśnie nie jest. dodatkowo: nie działa kopiuj/wklej, drag&drop, nagrywanie płyt, nie widzi połączeń sieciowych (choć internet jest)
oraz karty dźwiękowej (w menedżerze urządzeń jest, ale w opcjach audio: nie znaleziono żadnego sprzętu) Może te symptomy coś komuś powiedzą?

Nawet nie mogę sobie nagrać kopii zapasowej systemu windows (bo płytkę gdzieś zgubiłem i musiałem ściągnąć),
a tak już formata bym zrobił


Edit:
Hmm, problemem, który zabił windę okazał się być svchost.exe (zła wersja, bo zgrana od kumpla, reinstalka windowsa pomogła)
Dzięki za pomoc, anyway