prosze o sprawdzenie loga

[milka15]

Mam zainstalowany antywirus arcavir i on mi znajduje trojana w SDFix i nie potrafi go usunąć. SDFix już odinstalowałam ale to nic nie daje. Zamieszczam loga z Combofix. Prosze o pomoc.

Kod: Zaznacz wszystko

ComboFix 08-02.03.1 - Kapciuszek 2008-02-03 19:23:14.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.1.1250.1.1045.18.65 [GMT 1:00]
Running from: C:\Documents and Settings\Kapciuszek\Pulpit\ComboFix.exe
* Created a new restore point

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\myglobalsearch
C:\Program Files\myglobalsearch\bar\1.bin\M9FFXTBR.JAR
C:\Program Files\myglobalsearch\bar\1.bin\M9FFXTBR.MANIFEST
C:\Program Files\myglobalsearch\bar\1.bin\M9NTSTBR.JAR
C:\Program Files\myglobalsearch\bar\1.bin\M9NTSTBR.MANIFEST
C:\Program Files\myglobalsearch\bar\1.bin\M9PLUGIN.DLL
C:\Program Files\myglobalsearch\bar\1.bin\MGSBAR.DLL
C:\Program Files\myglobalsearch\bar\1.bin\NPMYGLSH.DLL
C:\Program Files\myglobalsearch\bar\Cache\[u]0[/u]035CC08
C:\Program Files\myglobalsearch\bar\Cache\[u]0[/u]035E434
C:\Program Files\myglobalsearch\bar\Cache\[u]0[/u]035E935.bin
C:\Program Files\myglobalsearch\bar\Cache\[u]0[/u]035EEC3.bin
C:\Program Files\myglobalsearch\bar\Cache\[u]0[/u]035F124.bin
C:\Program Files\myglobalsearch\bar\Cache\files.ini
C:\Program Files\myglobalsearch\bar\History\search
C:\Program Files\myglobalsearch\bar\Settings\prevcfg.htm

.
(((((((((((((((((((((((((   Files Created from 2008-01-03 to 2008-02-03  )))))))))))))))))))))))))))))))
.

2008-01-27 14:11 . 2008-01-27 14:11   <DIR>   d--------   C:\Documents and Settings\Kapciuszek\Dane aplikacji\Media Player Classic
2008-01-27 14:03 . 2007-07-25 14:24   1,559,040   --a------   C:\WINDOWS\system32\xvidcore.dll
2008-01-27 14:03 . 2006-09-24 16:11   389,120   --a------   C:\WINDOWS\system32\lameACM.acm
2008-01-27 14:03 . 2007-03-10 12:51   282,624   --a------   C:\WINDOWS\system32\xvidvfw.dll
2008-01-27 14:03 . 2004-01-25 17:18   217,088   --a------   C:\WINDOWS\system32\yv12vfw.dll
2008-01-27 14:03 . 2007-12-24 13:49   7,680   --a------   C:\WINDOWS\system32\ff_vfw.dll
2008-01-27 14:03 . 2007-07-10 17:10   547   --a------   C:\WINDOWS\system32\ff_vfw.dll.manifest
2008-01-27 14:03 . 2007-10-03 16:03   414   --a------   C:\WINDOWS\system32\lame_acm.xml
2008-01-27 14:02 . 2008-01-27 14:02   <DIR>   d--------   C:\Program Files\Media Player Classic
2008-01-27 13:32 . 2007-09-04 17:56   164,352   --a------   C:\WINDOWS\system32\unrar.dll
2008-01-21 20:16 . 2008-01-21 20:17   <DIR>   d--------   C:\Program Files\MegauploadToolbar
2008-01-21 20:16 . 2008-02-03 01:11   <DIR>   d--------   C:\Documents and Settings\Kapciuszek\Dane aplikacji\MegauploadToolbar
2008-01-21 20:04 . 2008-01-21 20:04   <DIR>   d--------   C:\Program Files\Common Files\Invictus
2008-01-21 19:22 . 2008-01-21 19:22   <DIR>   d--------   C:\Documents and Settings\Kapciuszek\Dane aplikacji\AdobeUM
2008-01-21 19:17 . 2008-01-21 19:17   <DIR>   d--------   C:\Program Files\Common Files\Adobe
2008-01-21 19:14 . 2008-01-21 19:14   <DIR>   d--------   C:\Documents and Settings\Kapciuszek\Dane aplikacji\Gadu-Gadu
2008-01-21 19:06 . 2008-01-21 19:07   <DIR>   d--------   C:\Program Files\Google
2008-01-20 20:41 . 2008-01-26 18:10   1,632   --a------   C:\WINDOWS\system32\d3d8caps.dat
2008-01-20 20:24 . 2008-02-03 17:16   1,744   --a------   C:\WINDOWS\system32\d3d9caps.dat
2008-01-20 20:20 . 2002-12-12 00:14   1,294,336   --a------   C:\WINDOWS\system32\dsound3d.dll
2008-01-20 14:33 . 2008-01-23 21:47   <DIR>   d--------   C:\Documents and Settings\Kapciuszek\Gadu-Gadu
2008-01-20 01:55 . 2008-01-21 22:13   <DIR>   d--------   C:\Documents and Settings\Kapciuszek\.jpi_cache
2008-01-20 01:55 . 2008-01-20 01:55   <DIR>   d--------   C:\Documents and Settings\Kapciuszek\.java
2008-01-19 01:19 . 2008-01-19 01:19   63   --a------   C:\WINDOWS\av.bat
2008-01-19 01:06 . 2008-01-19 01:06   <DIR>   d--h-----   C:\WINDOWS\system32\GroupPolicy
2008-01-18 23:59 . 2001-10-26 17:29   70,144   --a------   C:\WINDOWS\system32\usbui.dll
2008-01-18 23:58 . 2008-01-18 23:58   <DIR>   dr-h-----   C:\Documents and Settings\Default User\Ustawienia lokalne
2008-01-18 23:58 . 2008-01-18 23:58   <DIR>   d--------   C:\Documents and Settings\Default User\Ulubione
2008-01-18 23:58 . 2008-01-19 00:05   <DIR>   d--h-----   C:\Documents and Settings\Default User\Szablony
2008-01-18 23:58 . 2008-01-18 23:58   <DIR>   d--------   C:\Documents and Settings\Default User\Pulpit
2008-01-18 23:58 . 2008-01-18 23:58   <DIR>   d--------   C:\Documents and Settings\Default User\Moje dokumenty
2008-01-18 23:58 . 2008-01-18 23:58   <DIR>   dr-------   C:\Documents and Settings\Default User\Menu Start
2008-01-18 23:58 . 2008-01-18 23:58   <DIR>   dr-h-----   C:\Documents and Settings\Default User\Dane aplikacji
2008-01-18 23:58 . 2008-01-18 23:58   <DIR>   d--------   C:\Documents and Settings\All Users\Ulubione
2008-01-18 23:58 . 2008-01-18 23:58   <DIR>   d--h-----   C:\Documents and Settings\All Users\Szablony
2008-01-18 23:58 . 2008-01-25 22:17   <DIR>   d--------   C:\Documents and Settings\All Users\Pulpit
2008-01-18 23:58 . 2008-01-19 00:28   <DIR>   dr-------   C:\Documents and Settings\All Users\Menu Start
2008-01-18 23:58 . 2008-01-19 00:06   <DIR>   dr-------   C:\Documents and Settings\All Users\Dokumenty
2008-01-18 23:58 . 2008-01-27 14:02   <DIR>   dr-h-----   C:\Documents and Settings\All Users\Dane aplikacji

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-03 17:58   ---------   d-----w   C:\Program Files\neostrada tp
2008-01-20 19:36   ---------   d-----w   C:\Documents and Settings\Kapciuszek\Dane aplikacji\Winamp
2008-01-18 23:40   ---------   d-----w   C:\Program Files\ZTE ZXDSL 852
2008-01-18 23:39   ---------   d--h--w   C:\Program Files\InstallShield Installation Information
2008-01-18 23:39   ---------   d-----w   C:\Program Files\Java
2008-01-18 23:28   ---------   d-----w   C:\Program Files\Microsoft.NET
2008-01-18 23:28   ---------   d-----w   C:\Program Files\Microsoft Works
2008-01-18 23:17   ---------   d-----w   C:\Program Files\Common Files\InstallShield
2008-01-18 23:17   ---------   d-----w   C:\Program Files\AvRack
2008-01-18 23:09   ---------   d-----w   C:\Program Files\microsoft frontpage
2008-01-18 23:08   558,142   ----a-w   C:\WINDOWS\java\Packages\OCQS2WPR.ZIP
2008-01-18 23:08   155,995   ----a-w   C:\WINDOWS\java\Packages\6YXBFZNL.ZIP
2008-01-18 23:07   ---------   d-----w   C:\Program Files\Usługi online
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2002-09-28 23:00 13312]
"Gadu-Gadu"="D:\Program Files\Gadu-Gadu\gg.exe" [2007-11-14 11:54 2131392]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-01-21 19:07 171448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2003-08-15 08:34 57344 C:\WINDOWS\SOUNDMAN.EXE]
"WinampAgent"="D:\Winamp\winampa.exe" [2007-12-20 16:16 37376]
"AdslTaskBar"="stmctrl.dll" [2006-06-02 12:01 151552 C:\WINDOWS\system32\stmctrl.dll]
"WOOWATCH"="C:\PROGRA~1\NEOSTR~1\Watch.exe" [2004-08-23 13:49 20480]
"WOOTASKBARICON"="C:\PROGRA~1\NEOSTR~1\GestMaj.exe" [2004-10-14 15:55 32768]
"ABmenu"="D:\ArcaVir\Bin\ABmenu.exe" [2008-01-19 01:21 199168]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2002-09-28 23:00 13312]

R1 ABTDI;ABTDI;D:\ArcaVir\Bin\ABTDI.sys [2008-01-19 01:18]
R2 ArcaMonSvc;ArcaVir Monitor;D:\ArcaVir\Bin\avmonsv.exe [2008-01-19 01:21]
R3 arcaen;ArcaMon Kernel Engine;D:\ArcaVir\Bin\arcaen.sys [2008-01-19 01:18]
R3 arcaev;ArcaMon Kernel Events;D:\ArcaVir\Bin\arcaev.sys [2008-01-19 01:18]
R3 arcafd;ArcaMon Kernel Filter Driver;D:\ArcaVir\Bin\arcafd.sys [2008-01-19 01:18]
R3 ArcaScan;ArcaScan;D:\ArcaVir\Bin\arcascan.exe [2008-01-19 01:18]
R3 Stmatm;ATM/ADSL miniport;C:\WINDOWS\System32\DRIVERS\stmatm.sys [2003-08-12 15:51]
R3 TaurusUsb;ADSL Modem USB Service;C:\WINDOWS\System32\DRIVERS\torususb.sys [2006-05-25 16:28]
S3 arcaserv;arcaserv;D:\ArcaVir\bin\arcaserv.exe [2008-01-19 01:18]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-03 19:26:49
Windows 5.1.2600 Dodatek Service Pack. 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-03 19:28:14
ComboFix-quarantined-files.txt  2008-02-03 18:27:53


[wojtas]

czysto pewnie to blad antywirusa