Zainfekowany komputer

[songoo]

Objawy:
-instalki programów oraz same programy niedają sie uruchomić
-wyskakujace okna takie jak : zamykanie eksploratora windows, błąd explorera.exe
-minimalizowanie się gier i samoistne odświezanie
-po zamknieciu systemy komputer włańcza sie ponownie i trzeba wyłączyć go na guziku
- explorer.exe -błąd aplikacji - instrukcja spod "0x004366be" odwołuje sie do pamieci pod adresem "0x00000000". Pamięć nie może być "written".

Jakiś czas temu zrobiłem formata co pomogło tylko na chwile. Nastepnie przeskanowałem komputer Kaspersky virus removal tool który znalazł dużo wirusów na wszystkich dyskach ale po jakimś czasie wszystko wruciło do stanu poczatkowego i znowu mam ten sam program. Inne antywirusy niczego niewykrywają.ponizej zamieszczam logi

Kod: Zaznacz wszystko

ComboFix 08-08-16.01 - 123 2008-08-17 16:10:30.1 - NTFSx86 MINIMAL
Microsoft Windows XP Professional  5.1.2600.2.1250.1.1045.18.1812 [GMT 2:00]
Running from: E:\combofix\ComboFix.exe

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\123\Dane aplikacji\Microsoft\SystemCertificates\My
C:\Documents and Settings\NetworkService\Dane aplikacji\Microsoft\SystemCertificates\My

.
(((((((((((((((((((((((((   Files Created from 2008-07-17 to 2008-08-17  )))))))))))))))))))))))))))))))
.

2008-08-08 10:12 . 2008-08-08 10:13   <DIR>   d--------   C:\Program Files\Common Files\Adobe
2008-08-08 10:11 . 2008-08-08 10:11   <DIR>   d--------   C:\WINDOWS\Cache
2008-08-07 16:49 . 2008-08-07 16:49   33,280   --a------   C:\WINDOWS\system32\winjks32.dll
2008-08-06 12:26 . 2008-08-06 12:26   <DIR>   d--------   C:\Program Files\Alcohol Soft
2008-08-06 12:26 . 2003-12-21 17:24   140,800   --a------   C:\WINDOWS\system32\drivers\xmasbus.sys
2008-08-06 12:26 . 2003-12-20 20:03   5,504   --a------   C:\WINDOWS\system32\drivers\xmasscsi.sys
2008-08-06 12:15 . 2008-08-06 12:15   <DIR>   d--------   C:\Program Files\Emurayden PSX Emulator v2.2
2008-08-05 19:51 . 2008-08-05 19:51   <DIR>   d--------   C:\Program Files\Common Files\Ahead
2008-08-05 19:51 . 2008-08-05 19:51   <DIR>   d--------   C:\Program Files\Ahead
2008-08-05 19:51 . 2004-07-26 17:16   1,568,768   ---------   C:\WINDOWS\system32\ImagX7.dll
2008-08-05 19:51 . 2004-07-26 17:16   476,320   ---------   C:\WINDOWS\system32\ImagXpr7.dll
2008-08-05 19:51 . 2004-07-26 17:16   471,040   ---------   C:\WINDOWS\system32\ImagXRA7.dll
2008-08-05 19:51 . 2004-07-26 17:16   262,144   ---------   C:\WINDOWS\system32\ImagXR7.dll
2008-08-05 19:51 . 2001-07-09 11:50   155,648   --a------   C:\WINDOWS\system32\NeroCheck.exe
2008-08-05 19:51 . 2004-03-02 17:37   125,184   ---------   C:\WINDOWS\system32\drivers\imagesrv.sys
2008-08-05 19:51 . 2000-06-26 11:45   106,496   --a------   C:\WINDOWS\system32\TwnLib20.dll
2008-08-05 19:51 . 2004-03-02 17:37   5,504   ---------   C:\WINDOWS\system32\drivers\imagedrv.sys
2008-08-05 19:16 . 2008-08-17 15:33   <DIR>   d--------   C:\Program Files\FlashGet
2008-08-05 18:59 . 2008-08-05 18:59   <DIR>   d--------   C:\Program Files\WinISO
2008-08-05 18:54 . 2005-03-03 20:32   86,094   --a------   C:\WINDOWS\system32\ImageDrive.cpl
2008-08-04 15:38 . 2008-08-04 15:38   0   --a------   C:\WINDOWS\Route.INI
2008-08-01 14:30 . 2004-08-03 23:08   26,496   --a--c---   C:\WINDOWS\system32\dllcache\usbstor.sys
2008-07-31 22:46 . 2008-07-31 22:46   <DIR>   d--------   C:\Program Files\MSXML 4.0
2008-07-27 19:25 . 2008-07-27 19:25   262   --a------   C:\WINDOWS\game.ini
2008-07-27 14:37 . 2008-07-27 14:37   1,890   --ahs----   C:\WINDOWS\system32\KGyGaAvL.sys
2008-07-27 14:37 . 2008-07-27 14:37   56   -r-hs----   C:\WINDOWS\system32\6760B98C7A.sys
2008-07-27 14:36 . 2008-07-27 14:37   <DIR>   d--------   C:\Program Files\DivX
2008-07-27 14:28 . 2004-08-04 00:44   221,184   --a------   C:\WINDOWS\system32\wmpns.dll
2008-07-26 15:29 . 2008-03-05 11:41   148,496   --a------   C:\WINDOWS\system32\drivers\79931186.sys
2008-07-26 15:22 . 2008-07-26 15:22   <DIR>   d--------   C:\Documents and Settings\123\DoctorWeb
2008-07-26 12:31 . 2008-07-26 12:31   <DIR>   d--------   C:\WINDOWS\Sun
2008-07-26 12:31 . 2008-07-26 15:04   <DIR>   d--------   C:\Program Files\Google
2008-07-26 12:30 . 2008-07-26 12:30   <DIR>   d--------   C:\Program Files\Java
2008-07-26 12:30 . 2008-02-22 02:33   69,632   --a------   C:\WINDOWS\system32\javacpl.cpl
2008-07-26 12:28 . 2008-07-26 12:28   <DIR>   d--------   C:\Program Files\Common Files\Java
2008-07-26 12:19 . 2001-08-17 21:28   794,654   --a--c---   C:\WINDOWS\system32\dllcache\usr1801.sys
2008-07-26 12:18 . 2001-10-26 17:28   495,616   --a--c---   C:\WINDOWS\system32\dllcache\sblfx.dll
2008-07-26 12:17 . 2001-10-26 17:01   899,530   --a--c---   C:\WINDOWS\system32\dllcache\r2mdkxga.sys
2008-07-26 12:16 . 2004-08-04 00:38   2,058,112   --a--c---   C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-07-26 12:15 . 2001-08-17 21:28   802,683   --a--c---   C:\WINDOWS\system32\dllcache\ltsm.sys
2008-07-26 12:14 . 2004-08-03 22:41   1,041,536   --a--c---   C:\WINDOWS\system32\dllcache\hsfdpsp2.sys
2008-07-26 12:13 . 2001-10-26 17:29   1,733,120   --a--c---   C:\WINDOWS\system32\dllcache\g400d.dll
2008-07-26 12:12 . 2001-10-26 16:57   980,034   --a--c---   C:\WINDOWS\system32\dllcache\cicap.sys
2008-07-26 12:11 . 2001-08-17 21:28   871,388   --a--c---   C:\WINDOWS\system32\dllcache\bcmdm.sys
2008-07-26 12:10 . 2004-08-04 00:43   1,888,992   --a--c---   C:\WINDOWS\system32\dllcache\ati3duag.dll
2008-07-26 12:09 . 2004-08-04 00:39   2,182,272   --a--c---   C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-07-26 12:09 . 2001-10-26 17:29   66,048   --a--c---   C:\WINDOWS\system32\dllcache\s3legacy.dll
2008-07-26 10:56 . 2008-07-26 10:56   107,888   --a------   C:\WINDOWS\system32\CmdLineExt.dll
2008-07-25 21:11 . 2008-07-25 21:11   <DIR>   d--------   C:\Program Files\Lavasoft
2008-07-25 21:11 . 2008-07-25 21:12   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\Lavasoft
2008-07-25 21:10 . 2008-07-25 21:10   <DIR>   d--------   C:\Program Files\Common Files\Wise Installation Wizard
2008-07-25 20:48 . 2008-07-25 20:48   <DIR>   d--hs----   C:\WINDOWS\ftpcache
2008-07-25 20:46 . 2008-07-26 18:14   <DIR>   d--------   C:\Program Files\DAEMON Tools Toolbar
2008-07-25 20:43 . 2008-07-25 20:43   <DIR>   d--------   C:\Documents and Settings\123\Dane aplikacji\DAEMON Tools
2008-07-25 20:43 . 2008-07-25 20:43   717,296   --a------   C:\WINDOWS\system32\drivers\sptd.sys
2008-07-25 20:36 . 2008-07-27 15:05   <DIR>   d--------   C:\Program Files\SubEdit-Player
2008-07-25 20:26 . 2008-07-25 20:26   <DIR>   d--h-----   C:\WINDOWS\PIF
2008-07-25 20:13 . 2008-08-17 12:42   <DIR>   d--------   C:\Program Files\DC++
2008-07-25 14:32 . 2008-07-25 14:38   <DIR>   d--------   C:\WINDOWS\system32\embedded
2008-07-25 13:59 . 2008-07-25 13:59   <DIR>   d---s----   C:\Documents and Settings\123\UserData
2008-07-25 13:56 . 2008-08-12 16:31   <DIR>   d--------   C:\Documents and Settings\123\Dane aplikacji\skypePM
2008-07-25 13:56 . 2008-07-25 13:56   56   --ah-----   C:\WINDOWS\system32\ezsidmv.dat
2008-07-25 13:34 . 2008-08-12 16:32   <DIR>   d--------   C:\Documents and Settings\123\Dane aplikacji\Skype
2008-07-25 13:33 . 2008-07-25 13:33   <DIR>   d--------   C:\Program Files\Skype
2008-07-25 13:33 . 2008-07-25 13:33   <DIR>   d--------   C:\Program Files\Common Files\Skype
2008-07-25 13:33 . 2008-07-25 13:33   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\Skype
2008-07-25 11:39 . 2008-08-17 16:13   58,081,312   --ahs----   C:\WINDOWS\system32\drivers\fidbox.dat
2008-07-25 11:39 . 2008-08-17 16:07   683,228   --ahs----   C:\WINDOWS\system32\drivers\fidbox.idx
2008-07-25 11:39 . 2008-03-05 11:41   148,496   --a------   C:\WINDOWS\system32\drivers\74631289.sys
2008-07-25 11:37 . 2008-07-25 11:47   250   --a------   C:\WINDOWS\gmer.ini
2008-07-25 11:18 . 2008-07-25 11:18   <DIR>   d--------   C:\Documents and Settings\123\Dane aplikacji\Gadu-Gadu
2008-07-25 11:01 . 2008-07-26 18:07   <DIR>   d--------   C:\Program Files\Gadu-Gadu
2008-07-25 11:01 . 2008-07-25 17:41   <DIR>   d--------   C:\Documents and Settings\123\Gadu-Gadu
2008-07-24 22:33 . 2008-06-14 20:01   273,024   ---------   C:\WINDOWS\system32\drivers\bthport.sys
2008-07-24 22:33 . 2008-06-14 20:01   273,024   --a--c---   C:\WINDOWS\system32\dllcache\bthport.sys
2008-07-24 22:30 . 2008-08-17 11:41   <DIR>   d--h-----   C:\WINDOWS\$hf_mig$
2008-07-24 22:30 . 2005-02-25 05:36   22,752   --a------   C:\WINDOWS\system32\spupdsvc.exe
2008-07-24 22:26 . 2008-07-24 22:26   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\InstallShield
2008-07-24 22:24 . 2008-07-24 22:24   <DIR>   d--------   C:\WINDOWS\nview
2008-07-24 22:24 . 2007-05-11 00:03   356,352   --a------   C:\WINDOWS\system32\nvudisp.exe
2008-07-24 22:24 . 2007-05-11 00:03   115,999   --a------   C:\WINDOWS\system32\nvapps.xml
2008-07-24 22:24 . 2007-05-11 00:03   17,431   --a------   C:\WINDOWS\system32\nvdisp.nvu
2008-07-24 22:23 . 2007-05-10 18:39   356,352   --a------   C:\WINDOWS\system32\NVUNINST.EXE
2008-07-24 22:19 . 2008-07-24 22:19   <DIR>   d----c---   C:\WINDOWS\system32\DRVSTORE
2008-07-24 22:19 . 2008-07-26 15:36   <DIR>   d--------   C:\Program Files\ASRock WiFi-802.11g
2008-07-24 22:19 . 2008-07-24 22:19   <DIR>   d--------   C:\Program Files\AMD
2008-07-24 22:19 . 2007-10-31 04:31   176,128   ---------   C:\WINDOWS\system32\drivers\RTL8187.SYS
2008-07-24 22:19 . 2006-07-01 23:32   43,520   --a------   C:\WINDOWS\system32\drivers\AmdK8.sys
2008-07-24 22:19 . 2008-07-24 22:19   21,035   --a------   C:\WINDOWS\system32\drivers\AegisP.sys
2008-07-24 22:19 . 2006-06-23 10:35   13,532   --a------   C:\WINDOWS\system32\drivers\SjyPkt.sys
2008-07-24 22:18 . 2008-07-24 22:18   <DIR>   d--------   C:\Program Files\C-Media 6501 Sound
2008-07-24 22:17 . 2008-07-24 22:17   <DIR>   d--------   C:\WINDOWS\RaidTool
2008-07-24 22:17 . 2008-07-25 20:48   <DIR>   d--------   C:\Program Files\Common Files\InstallShield
2008-07-24 22:17 . 2007-05-25 06:13   1,957,888   -r-------   C:\WINDOWS\system32\xRaidSetup.exe
2008-07-24 22:17 . 2007-05-21 04:42   143,360   -r-------   C:\WINDOWS\system32\xRaidAPI.dll
2008-07-24 22:17 . 2007-07-29 04:51   48,896   -ra------   C:\WINDOWS\system32\drivers\jraid.sys
2008-07-24 22:16 . 2008-07-24 22:16   <DIR>   d--------   C:\WINDOWS\OPTIONS
2008-07-24 22:16 . 2008-07-24 22:16   <DIR>   d--------   C:\Program Files\Realtek
2008-07-24 22:16 . 2008-07-27 19:25   <DIR>   d--h-----   C:\Program Files\InstallShield Installation Information
2008-07-24 22:16 . 2008-07-24 22:16   <DIR>   d--------   C:\Documents and Settings\123\Dane aplikacji\InstallShield
2008-07-24 22:16 . 2007-08-07 11:40   98,944   -ra------   C:\WINDOWS\system32\drivers\Rtenicxp.sys
2008-07-24 22:14 . 2008-07-24 22:14   <DIR>   d--------   C:\Program Files\Alwil Software
2008-07-24 22:11 . 2006-10-11 05:33   10,288   --a------   C:\WINDOWS\system32\drivers\ASUSHWIO.SYS
2008-07-24 22:11 . 2008-07-24 22:11   5,855   --a------   C:\WINDOWS\Ascd_tmp.ini
2008-07-24 22:07 . 2008-07-24 23:49   <DIR>   d--h-----   C:\Documents and Settings\123\Ustawienia lokalne
2008-07-24 22:07 . 2008-08-17 15:39   <DIR>   dr-------   C:\Documents and Settings\123\Ulubione
2008-07-24 22:07 . 2008-07-24 21:57   <DIR>   d--h-----   C:\Documents and Settings\123\Szablony
2008-07-24 22:07 . 2008-08-16 23:12   <DIR>   d--------   C:\Documents and Settings\123\Pulpit
2008-07-24 22:07 . 2008-08-10 19:38   <DIR>   dr-------   C:\Documents and Settings\123\Moje dokumenty
2008-07-24 22:07 . 2008-07-25 14:31   <DIR>   dr-------   C:\Documents and Settings\123\Menu Start
2008-07-24 22:07 . 2008-07-26 12:31   <DIR>   dr-h-----   C:\Documents and Settings\123\Dane aplikacji
2008-07-24 22:07 . 2008-07-26 15:22   <DIR>   d--------   C:\Documents and Settings\123
2008-07-24 22:05 . 2008-07-24 22:05   <DIR>   d---s----   C:\WINDOWS\system32\Microsoft
2008-07-24 22:05 . 2008-07-24 22:05   <DIR>   d--h-----   C:\Documents and Settings\NetworkService\Ustawienia lokalne
2008-07-24 22:05 . 2008-07-24 22:05   <DIR>   d--------   C:\Documents and Settings\NetworkService\Dane aplikacji
2008-07-24 22:05 . 2008-07-24 22:05   <DIR>   d--hs----   C:\Documents and Settings\NetworkService
2008-07-24 22:05 . 2008-07-24 22:05   <DIR>   d--h-----   C:\Documents and Settings\LocalService\Ustawienia lokalne
2008-07-24 22:05 . 2008-07-24 22:05   <DIR>   d--------   C:\Documents and Settings\LocalService\Dane aplikacji
2008-07-24 22:05 . 2008-07-24 22:05   <DIR>   d--hs----   C:\Documents and Settings\LocalService
2008-07-24 22:05 . 2008-07-24 22:05   8,192   --a------   C:\WINDOWS\REGLOCS.OLD
2008-07-24 22:04 . 2008-07-24 23:49   <DIR>   dr-h-----   C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne
2008-07-24 22:04 . 2008-07-24 23:49   <DIR>   d--------   C:\WINDOWS\system32\config\systemprofile\Ulubione
2008-07-24 22:04 . 2008-07-24 21:57   <DIR>   d--h-----   C:\WINDOWS\system32\config\systemprofile\Szablony
2008-07-24 22:04 . 2008-07-24 23:49   <DIR>   d--------   C:\WINDOWS\system32\config\systemprofile\Pulpit
2008-07-24 22:04 . 2008-07-24 23:49   <DIR>   d--------   C:\WINDOWS\system32\config\systemprofile\Moje dokumenty

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-25 18:58   163,644   ----a-w   C:\WINDOWS\system32\drivers\secdrv.sys
2008-07-24 20:00   ---------   d-----w   C:\Program Files\Usługi online
2008-07-07 20:33   253,952   ----a-w   C:\WINDOWS\system32\es.dll
2008-06-24 16:24   74,240   ----a-w   C:\WINDOWS\system32\mscms.dll
2008-06-23 15:41   662,016   ----a-w   C:\WINDOWS\system32\wininet.dll
2008-06-20 17:42   246,784   ----a-w   C:\WINDOWS\system32\mswsock.dll
2008-06-20 10:45   360,320   ----a-w   C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44   138,368   ----a-w   C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52   225,920   ----a-w   C:\WINDOWS\system32\drivers\tcpip6.sys
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-07-26 12:31 171448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 16:38 78008]
"JMB36X IDE Setup"="C:\WINDOWS\RaidTool\xInsIDE.exe" [2007-03-20 08:36 36864]
"36X Raid Configurer"="C:\WINDOWS\system32\xRaidSetup.exe" [2007-05-25 06:13 1957888]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-05-11 00:03 8429568]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-05-11 00:03 81920]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 10:30 81920]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"nwiz"="nwiz.exe" [2007-05-11 00:03 1626112 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:44 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winjks32]
2008-08-07 16:49 33280 C:\WINDOWS\system32\winjks32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages   REG_MULTI_SZ      msv1_0 nwprovau

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\DC++\\DCPlusPlus.exe"=
"E:\\PRO 08\\PES2008.exe"=
"E:\\PES2008.exe"=
"C:\\Program Files\\FlashGet\\flashget.exe"=
"C:\\WINDOWS\\system32\\winver.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 xmasbus;xmasbus;C:\WINDOWS\system32\DRIVERS\xmasbus.sys [2003-12-21 17:24]
R0 xmasscsi;xmasscsi;C:\WINDOWS\system32\Drivers\xmasscsi.sys [2003-12-20 20:03]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 16:35]
R1 is-2DF08drv;is-2DF08drv;C:\WINDOWS\system32\drivers\74631289.sys [2008-03-05 11:41]
R1 is-9VD7Gdrv;is-9VD7Gdrv;C:\WINDOWS\system32\drivers\79931186.sys [2008-03-05 11:41]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 16:37]
R3 c65013264;C-Media CM6501 Like Sound UDAX Interface;C:\WINDOWS\system32\drivers\c6501.sys [2007-07-10 03:42]
S2 is-2DF08;is-2DF08;C:\Documents and Settings\All Users\Pulpit\Kaspersky Lab Tool\is-2DF08\is-2DF08.exe []
S2 is-9VD7G;is-9VD7G;C:\Documents and Settings\All Users\Pulpit\Kaspersky Lab Tool\is-9VD7G\is-9VD7G.exe []
S3 axvbusx;axvbusx;C:\WINDOWS\system32\DRIVERS\axvbusx.sys [2002-12-27 20:14]
S3 axvscsi;axvscsi;C:\WINDOWS\system32\DRIVERS\axvscsi.sys [2002-12-27 20:14]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-ISUSPM Startup - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
HKLM-Run-is-2DF08 - C:\Documents and Settings\All Users\Pulpit\Kaspersky Lab Tool\is-2DF08\is-2DF08.exe
HKLM-Run-is-9VD7G - C:\Documents and Settings\All Users\Pulpit\Kaspersky Lab Tool\is-9VD7G\is-9VD7G.exe
HKLM-Run-C6501Sound - c6501.cpl
HKLM-Run-Emurayden PSX Emulator - (no file)


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.onet.pl/
R0 -: HKCU-Main,Search Page = hxxp://www.google.com
R0 -: HKCU-Main,Search Bar = hxxp://www.google.com/ie
R0 -: HKLM-Main,Default_Search_URL = hxxp://www.google.com/ie
R0 -: HKCU-Search,SearchAssistant = hxxp://www.google.com/ie
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
R0 -: HKLM-Search,SearchAssistant = hxxp://www.google.com/ie
O8 -: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 -: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-17 16:13:42
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\winjks32.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2008-08-17 16:16:16 - machine was rebooted [123]
ComboFix-quarantined-files.txt  2008-08-17 14:15:22

Pre-Run: 4,227,686,400 bajtów wolnych
Post-Run: 4,995,682,304 bajt˘w wolnych

245   --- E O F ---   2008-08-17 09:41:42
[code][/code]

Kod: Zaznacz wszystko

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:22:27, on 2008-08-17
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\winver.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=19588
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: is-2DF08 - Unknown owner - C:\Documents and Settings\All Users\Pulpit\Kaspersky Lab Tool\is-2DF08\is-2DF08.exe (file missing)
O23 - Service: is-9VD7G - Unknown owner - C:\Documents and Settings\All Users\Pulpit\Kaspersky Lab Tool\is-9VD7G\is-9VD7G.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 6163 bytes

[gloni]

Wykonaj to co jest podane w tym temacie

Zastosuj SDFix . Po pobraniu uruchom go a rozpakuje się do C:\SDFix. Uruchom komputer w trybie awaryjnym (F8 przy stracie systemu). Będąc w awaryjnym uruchom plik RunThis.bat z folderu SDFixa. Zatwierdź czyszczenie przez Y. Poczekaj aż ukończy i komputer zresetuje

Potem wejdz do folderu C:\SDFix wrzuc zawartość pliku Report.txt

i ten program http://download.grisoft.cz/softw/70free/setup/avgas-setup-7.5.1.43-3339.exe .

[songoo]

Kod: Zaznacz wszystko

[b]SDFix: Version 1.216 [/b]
Run by 123 on 2008-08-17 at 20:34

Microsoft Windows XP [Wersja 5.1.2600]
Running From: C:\SDFix

[b]Checking Services [/b]:


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


[b]Checking Files [/b]:

Trojan Files Found:

C:\Documents and Settings\123\Dane aplikacji\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.redtube.com\settings.sol - Deleted



Folder C:\Documents and Settings\123\Dane aplikacji\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.redtube.com - Removed


Removing Temp Files

[b]ADS Check [/b]:



                                 [b]Final Check [/b]:

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-17 20:37:34
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:fa,7b,72,aa,59,ea,b5,d5,93,07,a6,9a,2d,68,73,ce,d9,a3,c7,86,ff,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,d0,0c,bb,cb,00,b6,83,87,00,1a,25,33,84,0e,fd,13,06,..
"khjeh"=hex:74,03,f8,24,23,ac,3c,07,3a,69,6e,f9,fc,78,88,b1,05,f0,24,9f,64,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:ad,8c,69,a4,8f,a4,4c,a2,6d,45,d6,e3,26,02,8b,72,db,02,09,60,2a,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:fa,7b,72,aa,59,ea,b5,d5,93,07,a6,9a,2d,68,73,ce,d9,a3,c7,86,ff,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,d0,0c,bb,cb,00,b6,83,87,00,1a,25,33,84,0e,fd,13,06,..
"khjeh"=hex:74,03,f8,24,23,ac,3c,07,3a,69,6e,f9,fc,78,88,b1,05,f0,24,9f,64,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:ad,8c,69,a4,8f,a4,4c,a2,6d,45,d6,e3,26,02,8b,72,db,02,09,60,2a,..

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


[b]Remaining Services [/b]:




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\DC++\\DCPlusPlus.exe"="C:\\Program Files\\DC++\\DCPlusPlus.exe:*:Enabled:DC++"
"E:\\PRO 08\\PES2008.exe"="E:\\PRO 08\\PES2008.exe:*:Enabled:Pro Evolution Soccer 2008"
"E:\\PES2008.exe"="E:\\PES2008.exe:*:Enabled:Pro Evolution Soccer 2008"
"C:\\Program Files\\FlashGet\\flashget.exe"="C:\\Program Files\\FlashGet\\flashget.exe:*:Enabled:Flashget"
"C:\\WINDOWS\\system32\\winver.exe"="C:\\WINDOWS\\system32\\winver.exe:*:Enabled:winver"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[b]Remaining Files [/b]:


File Backups: - C:\SDFix\backups\backups.zip

[b]Files with Hidden Attributes [/b]:

Sun 27 Jul 2008            56 ..SHR --- "C:\WINDOWS\system32\6760B98C7A.sys"
Sun 27 Jul 2008         1,890 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
Fri 25 Jul 2008             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\3dbc83ff5f16e1a91f17471a2831f4be\BIT2.tmp"
Fri 25 Jul 2008             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\8a7603e7cf792509c9ebbd8c74c82553\BIT3.tmp"

[b]Finished![/b]

[wojtas]

Otworz notatnik i wklej w nim to:

File::
C:\WINDOWS\system32\winjks32.dll

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winjks32]

>>Plik>>Zapisz jako... >>> CFScript
Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe
-->
Ma się rozpocząć usuwanie. (i powstanie log).Daj ten log, który powstanie w trakcie usuwania.

[songoo]

Nie jestem pewny czy cos sie tam usuwało ale powstał taki log

Kod: Zaznacz wszystko

ComboFix 08-08-16.01 - 123 2008-08-17 21:25:52.2 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1250.1.1045.18.1575 [GMT 2:00]
Running from: E:\combofix\ComboFix.exe
Command switches used :: E:\combofix\CFScript.txt
* Created a new restore point

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]

FILE ::
C:\WINDOWS\system32\winjks32.dll
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\123\Dane aplikacji\Microsoft\SystemCertificates\My

.
(((((((((((((((((((((((((   Files Created from 2008-07-17 to 2008-08-17  )))))))))))))))))))))))))))))))
.

2008-08-17 20:43 . 2008-08-17 20:43   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\Grisoft
2008-08-17 20:43 . 2008-08-17 20:43   <DIR>   d--------   C:\Documents and Settings\123\Dane aplikacji\Grisoft
2008-08-17 20:43 . 2007-05-30 14:10   10,872   --a------   C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-08-17 20:33 . 2008-08-17 20:33   <DIR>   d--------   C:\WINDOWS\ERUNT
2008-08-17 20:29 . 2008-08-17 20:38   <DIR>   d--------   C:\SDFix
2008-08-17 16:21 . 2008-08-17 16:21   <DIR>   d--------   C:\Program Files\Trend Micro
2008-08-08 10:12 . 2008-08-08 10:13   <DIR>   d--------   C:\Program Files\Common Files\Adobe
2008-08-08 10:11 . 2008-08-08 10:11   <DIR>   d--------   C:\WINDOWS\Cache
2008-08-06 12:26 . 2008-08-06 12:26   <DIR>   d--------   C:\Program Files\Alcohol Soft
2008-08-06 12:26 . 2003-12-21 17:24   140,800   --a------   C:\WINDOWS\system32\drivers\xmasbus.sys
2008-08-06 12:26 . 2003-12-20 20:03   5,504   --a------   C:\WINDOWS\system32\drivers\xmasscsi.sys
2008-08-06 12:15 . 2008-08-06 12:15   <DIR>   d--------   C:\Program Files\Emurayden PSX Emulator v2.2
2008-08-05 19:51 . 2008-08-05 19:51   <DIR>   d--------   C:\Program Files\Common Files\Ahead
2008-08-05 19:51 . 2008-08-05 19:51   <DIR>   d--------   C:\Program Files\Ahead
2008-08-05 19:51 . 2004-07-26 17:16   1,568,768   ---------   C:\WINDOWS\system32\ImagX7.dll
2008-08-05 19:51 . 2004-07-26 17:16   476,320   ---------   C:\WINDOWS\system32\ImagXpr7.dll
2008-08-05 19:51 . 2004-07-26 17:16   471,040   ---------   C:\WINDOWS\system32\ImagXRA7.dll
2008-08-05 19:51 . 2004-07-26 17:16   262,144   ---------   C:\WINDOWS\system32\ImagXR7.dll
2008-08-05 19:51 . 2001-07-09 11:50   155,648   --a------   C:\WINDOWS\system32\NeroCheck.exe
2008-08-05 19:51 . 2004-03-02 17:37   125,184   ---------   C:\WINDOWS\system32\drivers\imagesrv.sys
2008-08-05 19:51 . 2000-06-26 11:45   106,496   --a------   C:\WINDOWS\system32\TwnLib20.dll
2008-08-05 19:51 . 2004-03-02 17:37   5,504   ---------   C:\WINDOWS\system32\drivers\imagedrv.sys
2008-08-05 19:16 . 2008-08-17 15:33   <DIR>   d--------   C:\Program Files\FlashGet
2008-08-05 18:59 . 2008-08-05 18:59   <DIR>   d--------   C:\Program Files\WinISO
2008-08-05 18:54 . 2005-03-03 20:32   86,094   --a------   C:\WINDOWS\system32\ImageDrive.cpl
2008-08-04 15:38 . 2008-08-04 15:38   0   --a------   C:\WINDOWS\Route.INI
2008-08-01 14:30 . 2004-08-03 23:08   26,496   --a--c---   C:\WINDOWS\system32\dllcache\usbstor.sys
2008-07-31 22:46 . 2008-07-31 22:46   <DIR>   d--------   C:\Program Files\MSXML 4.0
2008-07-27 19:25 . 2008-07-27 19:25   262   --a------   C:\WINDOWS\game.ini
2008-07-27 14:37 . 2008-07-27 14:37   1,890   --ahs----   C:\WINDOWS\system32\KGyGaAvL.sys
2008-07-27 14:37 . 2008-07-27 14:37   56   -r-hs----   C:\WINDOWS\system32\6760B98C7A.sys
2008-07-27 14:36 . 2008-07-27 14:37   <DIR>   d--------   C:\Program Files\DivX
2008-07-27 14:28 . 2004-08-04 00:44   221,184   --a------   C:\WINDOWS\system32\wmpns.dll
2008-07-26 15:29 . 2008-03-05 11:41   148,496   --a------   C:\WINDOWS\system32\drivers\79931186.sys
2008-07-26 15:22 . 2008-07-26 15:22   <DIR>   d--------   C:\Documents and Settings\123\DoctorWeb
2008-07-26 12:31 . 2008-07-26 12:31   <DIR>   d--------   C:\WINDOWS\Sun
2008-07-26 12:31 . 2008-07-26 15:04   <DIR>   d--------   C:\Program Files\Google
2008-07-26 12:30 . 2008-07-26 12:30   <DIR>   d--------   C:\Program Files\Java
2008-07-26 12:30 . 2008-02-22 02:33   69,632   --a------   C:\WINDOWS\system32\javacpl.cpl
2008-07-26 12:28 . 2008-07-26 12:28   <DIR>   d--------   C:\Program Files\Common Files\Java
2008-07-26 12:19 . 2001-08-17 21:28   794,654   --a--c---   C:\WINDOWS\system32\dllcache\usr1801.sys
2008-07-26 12:18 . 2001-10-26 17:28   495,616   --a--c---   C:\WINDOWS\system32\dllcache\sblfx.dll
2008-07-26 12:17 . 2001-10-26 17:01   899,530   --a--c---   C:\WINDOWS\system32\dllcache\r2mdkxga.sys
2008-07-26 12:16 . 2004-08-04 00:38   2,058,112   --a--c---   C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-07-26 12:15 . 2001-08-17 21:28   802,683   --a--c---   C:\WINDOWS\system32\dllcache\ltsm.sys
2008-07-26 12:14 . 2004-08-03 22:41   1,041,536   --a--c---   C:\WINDOWS\system32\dllcache\hsfdpsp2.sys
2008-07-26 12:13 . 2001-10-26 17:29   1,733,120   --a--c---   C:\WINDOWS\system32\dllcache\g400d.dll
2008-07-26 12:12 . 2001-10-26 16:57   980,034   --a--c---   C:\WINDOWS\system32\dllcache\cicap.sys
2008-07-26 12:11 . 2001-08-17 21:28   871,388   --a--c---   C:\WINDOWS\system32\dllcache\bcmdm.sys
2008-07-26 12:10 . 2004-08-04 00:43   1,888,992   --a--c---   C:\WINDOWS\system32\dllcache\ati3duag.dll
2008-07-26 12:09 . 2004-08-04 00:39   2,182,272   --a--c---   C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-07-26 12:09 . 2001-10-26 17:29   66,048   --a--c---   C:\WINDOWS\system32\dllcache\s3legacy.dll
2008-07-26 10:56 . 2008-07-26 10:56   107,888   --a------   C:\WINDOWS\system32\CmdLineExt.dll
2008-07-25 21:11 . 2008-07-25 21:11   <DIR>   d--------   C:\Program Files\Lavasoft
2008-07-25 21:11 . 2008-07-25 21:12   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\Lavasoft
2008-07-25 21:10 . 2008-07-25 21:10   <DIR>   d--------   C:\Program Files\Common Files\Wise Installation Wizard
2008-07-25 20:48 . 2008-07-25 20:48   <DIR>   d--hs----   C:\WINDOWS\ftpcache
2008-07-25 20:46 . 2008-07-26 18:14   <DIR>   d--------   C:\Program Files\DAEMON Tools Toolbar
2008-07-25 20:43 . 2008-07-25 20:43   <DIR>   d--------   C:\Documents and Settings\123\Dane aplikacji\DAEMON Tools
2008-07-25 20:43 . 2008-07-25 20:43   717,296   --a------   C:\WINDOWS\system32\drivers\sptd.sys
2008-07-25 20:36 . 2008-07-27 15:05   <DIR>   d--------   C:\Program Files\SubEdit-Player
2008-07-25 20:26 . 2008-07-25 20:26   <DIR>   d--h-----   C:\WINDOWS\PIF
2008-07-25 20:13 . 2008-08-17 18:25   <DIR>   d--------   C:\Program Files\DC++
2008-07-25 14:32 . 2008-07-25 14:38   <DIR>   d--------   C:\WINDOWS\system32\embedded
2008-07-25 13:59 . 2008-07-25 13:59   <DIR>   d---s----   C:\Documents and Settings\123\UserData
2008-07-25 13:56 . 2008-08-12 16:31   <DIR>   d--------   C:\Documents and Settings\123\Dane aplikacji\skypePM
2008-07-25 13:56 . 2008-07-25 13:56   56   --ah-----   C:\WINDOWS\system32\ezsidmv.dat
2008-07-25 13:34 . 2008-08-12 16:32   <DIR>   d--------   C:\Documents and Settings\123\Dane aplikacji\Skype
2008-07-25 13:33 . 2008-07-25 13:33   <DIR>   d--------   C:\Program Files\Skype
2008-07-25 13:33 . 2008-07-25 13:33   <DIR>   d--------   C:\Program Files\Common Files\Skype
2008-07-25 13:33 . 2008-07-25 13:33   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\Skype
2008-07-25 11:39 . 2008-08-17 21:28   61,335,584   --ahs----   C:\WINDOWS\system32\drivers\fidbox.dat
2008-07-25 11:39 . 2008-08-17 21:28   690,428   --ahs----   C:\WINDOWS\system32\drivers\fidbox.idx
2008-07-25 11:39 . 2008-03-05 11:41   148,496   --a------   C:\WINDOWS\system32\drivers\74631289.sys
2008-07-25 11:37 . 2008-07-25 11:47   250   --a------   C:\WINDOWS\gmer.ini
2008-07-25 11:18 . 2008-07-25 11:18   <DIR>   d--------   C:\Documents and Settings\123\Dane aplikacji\Gadu-Gadu
2008-07-25 11:01 . 2008-07-26 18:07   <DIR>   d--------   C:\Program Files\Gadu-Gadu
2008-07-25 11:01 . 2008-07-25 17:41   <DIR>   d--------   C:\Documents and Settings\123\Gadu-Gadu
2008-07-24 22:33 . 2008-06-14 20:01   273,024   ---------   C:\WINDOWS\system32\drivers\bthport.sys
2008-07-24 22:33 . 2008-06-14 20:01   273,024   --a--c---   C:\WINDOWS\system32\dllcache\bthport.sys
2008-07-24 22:30 . 2008-08-17 11:41   <DIR>   d--h-----   C:\WINDOWS\$hf_mig$
2008-07-24 22:30 . 2005-02-25 05:36   22,752   --a------   C:\WINDOWS\system32\spupdsvc.exe
2008-07-24 22:26 . 2008-07-24 22:26   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\InstallShield
2008-07-24 22:24 . 2008-07-24 22:24   <DIR>   d--------   C:\WINDOWS\nview
2008-07-24 22:24 . 2007-05-11 00:03   356,352   --a------   C:\WINDOWS\system32\nvudisp.exe
2008-07-24 22:24 . 2007-05-11 00:03   115,999   --a------   C:\WINDOWS\system32\nvapps.xml
2008-07-24 22:24 . 2007-05-11 00:03   17,431   --a------   C:\WINDOWS\system32\nvdisp.nvu
2008-07-24 22:23 . 2007-05-10 18:39   356,352   --a------   C:\WINDOWS\system32\NVUNINST.EXE
2008-07-24 22:19 . 2008-07-24 22:19   <DIR>   d----c---   C:\WINDOWS\system32\DRVSTORE
2008-07-24 22:19 . 2008-07-26 15:36   <DIR>   d--------   C:\Program Files\ASRock WiFi-802.11g
2008-07-24 22:19 . 2008-07-24 22:19   <DIR>   d--------   C:\Program Files\AMD
2008-07-24 22:19 . 2007-10-31 04:31   176,128   ---------   C:\WINDOWS\system32\drivers\RTL8187.SYS
2008-07-24 22:19 . 2006-07-01 23:32   43,520   --a------   C:\WINDOWS\system32\drivers\AmdK8.sys
2008-07-24 22:19 . 2008-07-24 22:19   21,035   --a------   C:\WINDOWS\system32\drivers\AegisP.sys
2008-07-24 22:19 . 2006-06-23 10:35   13,532   --a------   C:\WINDOWS\system32\drivers\SjyPkt.sys
2008-07-24 22:18 . 2008-07-24 22:18   <DIR>   d--------   C:\Program Files\C-Media 6501 Sound
2008-07-24 22:17 . 2008-07-24 22:17   <DIR>   d--------   C:\WINDOWS\RaidTool
2008-07-24 22:17 . 2008-07-25 20:48   <DIR>   d--------   C:\Program Files\Common Files\InstallShield
2008-07-24 22:17 . 2007-05-25 06:13   1,957,888   -r-------   C:\WINDOWS\system32\xRaidSetup.exe
2008-07-24 22:17 . 2007-05-21 04:42   143,360   -r-------   C:\WINDOWS\system32\xRaidAPI.dll
2008-07-24 22:17 . 2007-07-29 04:51   48,896   -ra------   C:\WINDOWS\system32\drivers\jraid.sys
2008-07-24 22:16 . 2008-07-24 22:16   <DIR>   d--------   C:\WINDOWS\OPTIONS
2008-07-24 22:16 . 2008-07-24 22:16   <DIR>   d--------   C:\Program Files\Realtek
2008-07-24 22:16 . 2008-07-27 19:25   <DIR>   d--h-----   C:\Program Files\InstallShield Installation Information
2008-07-24 22:16 . 2008-07-24 22:16   <DIR>   d--------   C:\Documents and Settings\123\Dane aplikacji\InstallShield
2008-07-24 22:16 . 2007-08-07 11:40   98,944   -ra------   C:\WINDOWS\system32\drivers\Rtenicxp.sys
2008-07-24 22:14 . 2008-07-24 22:14   <DIR>   d--------   C:\Program Files\Alwil Software
2008-07-24 22:11 . 2006-10-11 05:33   10,288   --a------   C:\WINDOWS\system32\drivers\ASUSHWIO.SYS
2008-07-24 22:11 . 2008-07-24 22:11   5,855   --a------   C:\WINDOWS\Ascd_tmp.ini
2008-07-24 22:07 . 2008-07-24 23:49   <DIR>   d--h-----   C:\Documents and Settings\123\Ustawienia lokalne
2008-07-24 22:07 . 2008-08-17 15:39   <DIR>   dr-------   C:\Documents and Settings\123\Ulubione
2008-07-24 22:07 . 2008-07-24 21:57   <DIR>   d--h-----   C:\Documents and Settings\123\Szablony
2008-07-24 22:07 . 2008-08-17 21:25   <DIR>   d--------   C:\Documents and Settings\123\Pulpit
2008-07-24 22:07 . 2008-08-10 19:38   <DIR>   dr-------   C:\Documents and Settings\123\Moje dokumenty
2008-07-24 22:07 . 2008-07-25 14:31   <DIR>   dr-------   C:\Documents and Settings\123\Menu Start
2008-07-24 22:07 . 2008-08-17 20:43   <DIR>   dr-h-----   C:\Documents and Settings\123\Dane aplikacji
2008-07-24 22:07 . 2008-07-26 15:22   <DIR>   d--------   C:\Documents and Settings\123
2008-07-24 22:05 . 2008-07-24 22:05   <DIR>   d---s----   C:\WINDOWS\system32\Microsoft
2008-07-24 22:05 . 2008-08-17 21:27   <DIR>   d--h-----   C:\Documents and Settings\NetworkService\Ustawienia lokalne
2008-07-24 22:05 . 2008-07-24 22:05   <DIR>   d--------   C:\Documents and Settings\NetworkService\Dane aplikacji
2008-07-24 22:05 . 2008-08-17 16:16   <DIR>   d--hs----   C:\Documents and Settings\NetworkService
2008-07-24 22:05 . 2008-07-24 22:05   <DIR>   d--h-----   C:\Documents and Settings\LocalService\Ustawienia lokalne
2008-07-24 22:05 . 2008-07-24 22:05   <DIR>   d--------   C:\Documents and Settings\LocalService\Dane aplikacji
2008-07-24 22:05 . 2008-07-24 22:05   <DIR>   d--hs----   C:\Documents and Settings\LocalService
2008-07-24 22:05 . 2008-07-24 22:05   8,192   --a------   C:\WINDOWS\REGLOCS.OLD

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-25 18:58   163,644   ----a-w   C:\WINDOWS\system32\drivers\secdrv.sys
2008-07-24 20:00   ---------   d-----w   C:\Program Files\Usługi online
2008-07-07 20:33   253,952   ----a-w   C:\WINDOWS\system32\es.dll
2008-06-24 16:24   74,240   ----a-w   C:\WINDOWS\system32\mscms.dll
2008-06-23 15:41   662,016   ----a-w   C:\WINDOWS\system32\wininet.dll
2008-06-20 17:42   246,784   ----a-w   C:\WINDOWS\system32\mswsock.dll
2008-06-20 10:45   360,320   ----a-w   C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44   138,368   ----a-w   C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52   225,920   ----a-w   C:\WINDOWS\system32\drivers\tcpip6.sys
.

(((((((((((((((((((((((((((((   snapshot@2008-08-17_16.15.04.50   )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-08-07 14:27:04   163,328   ----a-w   C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2008-08-17 18:33:31   3,104,768   ----a-w   C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000001\NTUSER.DAT
+ 2008-08-17 18:33:31   245,760   ----a-w   C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000002\UsrClass.dat
+ 2008-08-07 14:27:04   163,328   ----a-w   C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-08-17 18:33:26   3,104,768   ----a-w   C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000001\NTUSER.DAT
+ 2008-08-17 18:33:26   245,760   ----a-w   C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000002\UsrClass.dat
+ 2008-08-17 19:29:15   16,384   ----atw   C:\WINDOWS\temp\Perflib_Perfdata_55c.dat
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-07-26 12:31 171448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="C:\WINDOWS\RaidTool\xInsIDE.exe" [2007-03-20 08:36 36864]
"36X Raid Configurer"="C:\WINDOWS\system32\xRaidSetup.exe" [2007-05-25 06:13 1957888]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-05-11 00:03 8429568]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-05-11 00:03 81920]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 10:30 81920]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]
"nwiz"="nwiz.exe" [2007-05-11 00:03 1626112 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:44 15360]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages   REG_MULTI_SZ      msv1_0 nwprovau

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\DC++\\DCPlusPlus.exe"=
"E:\\PRO 08\\PES2008.exe"=
"E:\\PES2008.exe"=
"C:\\Program Files\\FlashGet\\flashget.exe"=
"C:\\WINDOWS\\system32\\winver.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 xmasbus;xmasbus;C:\WINDOWS\system32\DRIVERS\xmasbus.sys [2003-12-21 17:24]
R0 xmasscsi;xmasscsi;C:\WINDOWS\system32\Drivers\xmasscsi.sys [2003-12-20 20:03]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 16:35]
R1 is-2DF08drv;is-2DF08drv;C:\WINDOWS\system32\drivers\74631289.sys [2008-03-05 11:41]
R1 is-9VD7Gdrv;is-9VD7Gdrv;C:\WINDOWS\system32\drivers\79931186.sys [2008-03-05 11:41]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 16:37]
R3 c65013264;C-Media CM6501 Like Sound UDAX Interface;C:\WINDOWS\system32\drivers\c6501.sys [2007-07-10 03:42]
S2 is-2DF08;is-2DF08;C:\Documents and Settings\All Users\Pulpit\Kaspersky Lab Tool\is-2DF08\is-2DF08.exe []
S2 is-9VD7G;is-9VD7G;C:\Documents and Settings\All Users\Pulpit\Kaspersky Lab Tool\is-9VD7G\is-9VD7G.exe []
S3 axvbusx;axvbusx;C:\WINDOWS\system32\DRIVERS\axvbusx.sys [2002-12-27 20:14]
S3 axvscsi;axvscsi;C:\WINDOWS\system32\DRIVERS\axvscsi.sys [2002-12-27 20:14]

*Newly Created Service* - AVGASCLN
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-17 21:29:31
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
.
**************************************************************************
.
Completion time: 2008-08-17 21:31:48 - machine was rebooted
ComboFix-quarantined-files.txt  2008-08-17 19:31:43
ComboFix2.txt  2008-08-17 14:16:17

Pre-Run: 4,859,248,640 bajtów wolnych
Post-Run: 4,887,990,272 bajt˘w wolnych

235   --- E O F ---   2008-08-17 09:41:42

[wojtas]

Czysto, wykonaj:

1. Ściągnij OTMoveIt i go włacz i odpal go z opcji CleanUp
2. wykonaj optymalizację windowsa
3.sciagnij ATF_Cleaner
zaznacz
Windows Temp
All users Temp
Temporary internet files
Recycle Bin
i wcisnij EMPTY SELECTED
4.Wyłącz przywracanie systemu ( właściwości mój komputer-zakładka przywracanie - wyłącz przywracanie na wszystkich dyskach). Po chwili włącz je powrotem

[songoo]

Pozostał jeszcze problem z wyskakującym okienkiem : "Zapobieganie wykonywaniu danych. Aby pomóc w ochronie tego komputera, system windows zamknoł ten program. Nazwa: Eksplorator windows". Po zaknieciu tego okienka wyskakuje błąd : "wystapił błąd z aplikacją explorer.exe i zostanie ona zamknięta"

[wojtas]

zastosuj:

http://support.microsoft.com/kb/875351/pl