Prosze o sprawdzenie loga

Spybot S&D wykrywa Zlobdownloader.sg i co zrobić z nircmd.exe,co to jest?Z góry dziękuje.

HJT

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:35:25, on 2008-04-12
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\programy\nero 8\Nero\Nero8\Nero BackItUp\NBService.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\IoctlSvc.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\RTHDCPL.EXE
D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\programy\cursor powre pack\CursorXP.exe
C:\programy\zegarynka\Zegarynka.exe
C:\programy\brio pack\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\programy\ObjectDock\ObjectDock\ObjectDock.exe
C:\programy\brio pack\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
D:\WINDOWS\explorer.exe
C:\programy\clock\Atomic Alarm Clock\Atomic Alarm Clock\AtomicAlarmClock.exe
C:\programy\hijack\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\programy\spybot\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AVP] "D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKCU\..\Run: [CursorXP] C:\programy\cursor powre pack\CursorXP.exe
O4 - HKCU\..\Run: [Zegarynka] C:\programy\zegarynka\Zegarynka.exe
O4 - HKCU\..\Run: [RocketDock] "C:\programy\brio pack\Vista Inspirat 2\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [SkinClock] C:\programy\clock\Atomic Alarm Clock\Atomic Alarm Clock\AtomicAlarmClock.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\programy\brio pack\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\programy\ObjectDock\ObjectDock\ObjectDock.exe
O4 - Startup: UberIcon.lnk = C:\programy\brio pack\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O8 - Extra context menu item: Dodaj do blokowanych banerów - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Statystyki dla ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\programy\spybot\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\programy\spybot\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 4212869562
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 4233101984
O17 - HKLM\System\CCS\Services\Tcpip\..\{2A699583-41CB-4060-B44F-7DFD69BDF7F0}: NameServer = 213.241.79.37 83.238.255.76
O20 - AppInit_DLLs: wbsys.dll,D:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\programy\nero 8\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - D:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - D:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 5744 bytes

COMBOFIX

ComboFix 07-07-30.2 - "van Helsing" 2008-04-12 17:28:38.1 [GMT 2:00] - NTFS
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.Prawda
* Created a new restore point

((((((((((((((((((((((((( Files Created from 2008-03-12 to 2008-04-12 )))))))))))))))))))))))))))))))

2008-04-12 17:28 51,200 --a------ D:\WINDOWS\nircmd.exe
2008-04-09 05:01 49,152 -ra------ D:\WINDOWS\VMSnap3.EXE
2008-04-09 05:01 49,152 -ra------ D:\WINDOWS\Domino.EXE
2008-04-09 05:01 176,128 -ra------ D:\WINDOWS\amcap.exe
2008-04-09 05:01 102,400 -ra------ D:\WINDOWS\VM303Cap.exe
2008-04-09 05:00 81,920 -ra------ D:\WINDOWS\system32\VM303STI.dll
2008-04-09 05:00 392,058 -ra------ D:\WINDOWS\system32\drivers\usbVM303.sys
2008-04-09 04:54 36,864 --a------ D:\WINDOWS\system32\KRCapture.dll
2008-04-09 04:54 32,768 --a------ D:\WINDOWS\system32\KRProcess.dll
2008-04-09 04:54 32,768 --a------ D:\WINDOWS\system32\KRDetector.dll
2008-04-08 22:38 91,700 --a------ D:\WINDOWS\system32\drivers\klin.dat
2008-04-08 22:38 85,860 --a------ D:\WINDOWS\system32\drivers\klick.dat
2008-04-08 22:37 5,361,696 --ahs---- D:\WINDOWS\system32\drivers\fidbox.dat
2008-04-08 22:37 107,808 --ahs---- D:\WINDOWS\system32\drivers\fidbox2.dat
2008-04-08 22:37 <DIR> d-------- D:\Program Files\Kaspersky Lab
2008-04-08 18:17 <DIR> d-------- D:\DOCUME~1\VANHEL~1\DANEAP~1\ESET
2008-04-08 17:58 <DIR> d-------- D:\DOCUME~1\VANHEL~1\DANEAP~1\Symantec
2008-04-08 17:56 <DIR> d-------- D:\Program Files\Symantec
2008-04-08 17:56 <DIR> d-------- D:\DOCUME~1\ALLUSE~1\DANEAP~1\Symantec
2008-04-08 17:55 <DIR> d-------- D:\Program Files\Common Files\Symantec Shared
2008-04-08 17:54 73,216 --a------ D:\WINDOWS\ST6UNST.EXE
2008-04-08 17:54 249,856 --------- D:\WINDOWS\Setup1.exe
2008-04-07 08:58 <DIR> d-------- D:\Program Files\ScanSoft
2008-04-06 21:20 <DIR> d-------- D:\Program Files\USDownloader
2008-04-06 11:56 413,696 --a------ D:\WINDOWS\system32\wrap_oal.dll
2008-04-06 11:56 110,592 --a------ D:\WINDOWS\system32\OpenAL32.dll
2008-04-06 11:56 <DIR> d-------- D:\Program Files\OpenAL
2008-04-06 11:51 <DIR> d-------- D:\DOCUME~1\ALLUSE~1\DANEAP~1\Powerboat GT
2008-04-05 13:02 <DIR> d-------- D:\DOCUME~1\VANHEL~1\DANEAP~1\Disney Interactive Studios
2008-04-05 05:55 5,504 --a------ D:\WINDOWS\system32\drivers\MSTEE.sys
2008-04-05 05:55 15,360 --a------ D:\WINDOWS\system32\drivers\StreamIP.sys
2008-04-05 05:55 11,136 --a------ D:\WINDOWS\system32\drivers\SLIP.sys
2008-04-05 05:55 10,880 --a------ D:\WINDOWS\system32\drivers\NdisIP.sys
2008-04-05 05:54 85,376 --a------ D:\WINDOWS\system32\drivers\NABTSFEC.sys
2008-04-05 05:54 19,328 --a------ D:\WINDOWS\system32\drivers\WSTCODEC.SYS
2008-04-05 05:54 17,024 --a------ D:\WINDOWS\system32\drivers\CCDECODE.sys
2008-04-05 05:53 54,784 --a------ D:\WINDOWS\system32\vfwwdm32.dll
2008-04-05 05:45 428,160 -ra------ D:\WINDOWS\system32\drivers\vmfilter303.sys
2008-04-05 05:45 40,960 -ra------ D:\WINDOWS\system32\setupfilter.exe
2008-04-05 05:44 <DIR> d-------- D:\WINDOWS\EffectResources
2008-04-03 18:05 71,832 --a------ D:\WINDOWS\system32\drivers\e4ldrx64.sys
2008-04-03 18:05 69,656 --a------ D:\WINDOWS\system32\drivers\e4ldr.sys
2008-04-03 18:05 58,264 --a------ D:\WINDOWS\system32\drivers\adildrx64.sys
2008-04-03 18:05 56,088 --a------ D:\WINDOWS\system32\drivers\adildr.sys
2008-04-03 18:05 46,892 --a------ D:\WINDOWS\system32\ADADIX16.DLL
2008-04-03 18:05 4,981 --a------ D:\WINDOWS\system32\ADADIX2K.DLL
2008-04-03 18:05 316,416 --a------ D:\WINDOWS\system32\unaddrv.x64.exe
2008-04-03 18:05 253,008 --a------ D:\WINDOWS\adirasx64.exe
2008-04-03 18:05 24,576 --a------ D:\WINDOWS\enddisk32.exe
2008-04-03 18:05 22,395 --a------ D:\WINDOWS\system32\drivers\fpga.bin
2008-04-03 18:05 212,992 --a------ D:\WINDOWS\system32\unaddrv.exe
2008-04-03 18:05 200,704 --a------ D:\WINDOWS\system32\coclassfast.dll
2008-04-03 18:05 194,128 --a------ D:\WINDOWS\adiras.exe
2008-04-03 18:05 176,128 --a------ D:\WINDOWS\autoclk.exe
2008-04-03 18:05 169,496 --a------ D:\WINDOWS\system32\drivers\adiusbawx64.sys
2008-04-03 18:05 155,648 --a------ D:\WINDOWS\system32\adadix32.dll
2008-04-03 18:05 152,308 --a------ D:\WINDOWS\system32\drivers\L1E4I2.BIN
2008-04-03 18:05 152,306 --a------ D:\WINDOWS\system32\drivers\L1E4I1.BIN
2008-04-03 18:05 152,306 --a------ D:\WINDOWS\system32\drivers\L1E4I0.BIN
2008-04-03 18:05 152,146 --a------ D:\WINDOWS\system32\drivers\L1E4P2.BIN
2008-04-03 18:05 152,145 --a------ D:\WINDOWS\system32\drivers\L1E4P1.BIN
2008-04-03 18:05 152,145 --a------ D:\WINDOWS\system32\drivers\L1E4P0.BIN
2008-04-03 18:05 152,126 --a------ D:\WINDOWS\system32\drivers\L1E9P2.BIN
2008-04-03 18:05 152,126 --a------ D:\WINDOWS\system32\drivers\L1E9P1.BIN
2008-04-03 18:05 152,126 --a------ D:\WINDOWS\system32\drivers\L1E9P0.BIN
2008-04-03 18:05 152,126 --a------ D:\WINDOWS\system32\drivers\L1E9I2.BIN
2008-04-03 18:05 152,126 --a------ D:\WINDOWS\system32\drivers\L1E9I1.BIN
2008-04-03 18:05 152,126 --a------ D:\WINDOWS\system32\drivers\L1E9I0.BIN
2008-04-03 18:05 152,036 --a------ D:\WINDOWS\system32\drivers\L1E4D2.BIN
2008-04-03 18:05 152,034 --a------ D:\WINDOWS\system32\drivers\L1E4D1.BIN
2008-04-03 18:05 152,034 --a------ D:\WINDOWS\system32\drivers\L1E4D0.BIN
2008-04-03 18:05 146,968 --a------ D:\WINDOWS\system32\drivers\e4usbawx64.sys
2008-04-03 18:05 127,456 --a------ D:\WINDOWS\system32\IPDETECT.EXE
2008-04-03 18:05 118,552 --a------ D:\WINDOWS\system32\drivers\adiusbaw.sys
2008-04-03 18:05 104,344 --a------ D:\WINDOWS\system32\drivers\e4usbaw.sys
2008-04-03 18:05 <DIR> d-------- D:\Program Files\SAGEM
2008-04-03 18:05 <DIR> d-------- D:\DOCUME~1\VANHEL~1\DANEAP~1\InstallShield
2008-04-02 09:47 <DIR> d-------- D:\Program Files\AutoConnect
2008-04-02 09:17 32,000 --a------ D:\WINDOWS\system32\drivers\stppp.sys
2008-04-02 09:17 30,464 --a------ D:\WINDOWS\system32\drivers\st330.sys
2008-04-02 09:17 16,128 --a------ D:\WINDOWS\system32\drivers\lpwdm.sys
2008-04-02 09:17 12,672 --a------ D:\WINDOWS\system32\drivers\stbus.sys
2008-03-16 19:40 <DIR> d-------- D:\Program Files\NeroInstall.bak
2008-03-16 19:36 <DIR> d-------- D:\Program Files\Common Files\Nero
2008-03-13 05:26 <DIR> d-------- D:\WINDOWS\Cache

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2008-04-12 17:20 --------- d-------- D:\Program Files\Mozilla Firefox 3 Beta 2
2008-04-12 17:08 81248 --ahs---- D:\WINDOWS\system32\drivers\fidbox.idx
2008-04-12 17:08 15116 --ahs---- D:\WINDOWS\system32\drivers\fidbox2.idx
2008-04-08 22:52 --------- d--h----- D:\Program Files\InstallShield Installation Information
2008-04-05 05:44 --------- d-------- D:\Program Files\Common Files\InstallShield
2008-04-03 18:06 33 --a------ D:\WINDOWS\system32\drivers\adidsl.cfg
2008-03-30 12:28 88946 --a------ D:\WINDOWS\system32\perfc015.dat
2008-03-30 12:28 500482 --a------ D:\WINDOWS\system32\perfh015.dat
2008-03-28 17:02 --------- d-------- D:\DOCUME~1\VANHEL~1\DANEAP~1\winamp
2008-03-20 10:09 1845504 --a------ D:\WINDOWS\system32\win32k.sys
2008-03-05 17:03 479752 --a------ D:\WINDOWS\system32\XAudio2_0.dll
2008-03-05 17:03 238088 --a------ D:\WINDOWS\system32\xactengine3_0.dll
2008-03-05 17:00 25608 --a------ D:\WINDOWS\system32\X3DAudio1_3.dll
2008-03-05 16:56 3786760 --a------ D:\WINDOWS\system32\D3DX9_37.dll
2008-03-05 16:56 1420824 --a------ D:\WINDOWS\system32\D3DCompiler_37.dll
2008-03-04 14:32 --------- d-------- D:\Program Files\Realtek
2008-03-01 19:02 --------- d-------- D:\DOCUME~1\VANHEL~1\DANEAP~1\Media Player Classic
2008-02-28 18:38 972072 --a------ D:\WINDOWS\UNNeroMediaHome.exe
2008-02-28 10:31 --------- d-------- D:\Program Files\AviSynth 2.5
2008-02-26 23:41 78083 --a------ D:\WINDOWS\BricoPackUninst.cmd
2008-02-26 23:41 3407 --a------ D:\WINDOWS\BricoPackFoldersDelete.cmd
2008-02-26 23:29 --------- d-------- D:\Program Files\Movie Maker
2008-02-26 22:29 2560 --a------ D:\WINDOWS\_MSRSTRT.EXE
2008-02-26 21:38 211 --ah----- D:\WINDOWS\winshell.dat
2008-02-26 17:14 972072 --a------ D:\WINDOWS\UNRecode.exe
2008-02-20 08:51 282624 --a------ D:\WINDOWS\system32\gdi32.dll
2008-02-20 07:38 45568 --a------ D:\WINDOWS\system32\dnsrslvr.dll
2008-02-18 21:18 3451 --a------ D:\WINDOWS\unins000.dat
2008-02-18 21:13 691545 --a------ D:\WINDOWS\unins000.exe
2008-02-18 17:21 132904 --a------ D:\WINDOWS\system32\drivers\imagesrv.sys
2008-02-18 17:21 11304 --a------ D:\WINDOWS\system32\drivers\imagedrv.sys
2008-02-18 17:04 95600 --a------ D:\WINDOWS\system32\NeroCo.dll
2008-02-17 15:28 306432 --a------ D:\WINDOWS\system32\TuneUpDefragService.exe
2008-02-17 15:28 --------- d-------- D:\DOCUME~1\VANHEL~1\DANEAP~1\TuneUp Software
2008-02-17 15:27 --------- d-------- D:\Program Files\Common Files\Wise Installation Wizard
2008-02-17 14:06 --------- d-------- D:\DOCUME~1\VANHEL~1\DANEAP~1\GlobalSCAPE
2008-02-14 18:04 4676096 --a------ D:\WINDOWS\system32\drivers\RtkHDAud.sys
2008-02-13 15:31 16857600 --a------ D:\WINDOWS\RTHDCPL.exe
2008-02-08 18:37 219664 --a------ D:\WINDOWS\system32\klogon.dll
2008-02-06 00:07 462864 --a------ D:\WINDOWS\system32\d3dx10_37.dll
2008-01-30 10:30 4212 ---h----- D:\WINDOWS\system32\zllictbl.dat
2006-05-03 09:06:54 163,328 --sh--r D:\WINDOWS\system32\flvDX.dll
2007-02-21 10:47:16 31,232 --sh--r D:\WINDOWS\system32\msfDX.dll

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-02-13 15:31 D:\WINDOWS\RTHDCPL.exe]
"AVP"="D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2008-02-08 18:36]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CursorXP"="C:\programy\cursor powre pack\CursorXP.exe" [2005-01-19 17:34]
"Zegarynka"="C:\programy\zegarynka\Zegarynka.exe" [2005-02-25 23:02]
"RocketDock"="C:\programy\brio pack\Vista Inspirat 2\RocketDock\RocketDock.exe" [2007-03-19 00:05]
"SkinClock"="C:\programy\clock\Atomic Alarm Clock\Atomic Alarm Clock\AtomicAlarmClock.exe" [2007-08-13 12:25]

D:\Documents and Settings\van Helsing\Menu Start\Programy\Autostart\
RocketDock.lnk - C:\programy\brio pack\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-19 00:05:02]
Stardock ObjectDock.lnk - C:\programy\ObjectDock\ObjectDock\ObjectDock.exe [2007-12-04 16:05:25]
UberIcon.lnk - C:\programy\brio pack\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-05-21 09:43:08]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
C:\programy\windowblinds\WindowBlinds\wbsrv.dll 2008-02-26 23:50 229376 C:\programy\windowblinds\WindowBlinds\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=wbsys.dll,D:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Menu Start^Programy^Autostart^DSLMON.lnk]
backup=D:\WINDOWS\pss\DSLMON.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^van Helsing^Menu Start^Programy^Autostart^AntiCrash.lnk]
backup=D:\WINDOWS\pss\AntiCrash.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^van Helsing^Menu Start^Programy^Autostart^TransBar.lnk]
backup=D:\WINDOWS\pss\TransBar.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^van Helsing^Menu Start^Programy^Autostart^Y'z Shadow.lnk]
backup=D:\WINDOWS\pss\Y'z Shadow.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
"C:\programy\nero 8\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
D:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Registry Accelerator]
"C:\programy\naprawa rejestru\Professional Registry Doctor\rc.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkinClock]
C:\programy\clock\Atomic Alarm Clock\Atomic Alarm Clock\AtomicAlarmClock.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XPRepairPro2007]
C:\programy\XP Repair Pro 2007\XPRepairPro.exe /r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"aawservice"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"Domino"=D:\WINDOWS\Domino.EXE
"VMSnap3"=D:\WINDOWS\VMSnap3.EXE

R0 viamraid;viamraid;D:\WINDOWS\system32\DRIVERS\viamraid.sys
R0 videX32;videX32;D:\WINDOWS\system32\DRIVERS\videX32.sys
R1 AmdPPM;Sterownik procesora AMD HwPState;D:\WINDOWS\system32\DRIVERS\AmdPPM.sys
R2 atksgt;atksgt;D:\WINDOWS\system32\DRIVERS\atksgt.sys
R2 EIO;EIO;\??\D:\WINDOWS\system32\drivers\EIO.sys
R2 lirsgt;lirsgt;D:\WINDOWS\system32\DRIVERS\lirsgt.sys
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3;C:\programy\nero 8\Nero\Nero8\Nero BackItUp\NBService.exe
R2 UxTuneUp;TuneUp Theme Extension;D:\WINDOWS\System32\svchost.exe -k netsvcs
R3 e4usbaw;USB ADSL2 WAN Adapter;D:\WINDOWS\system32\DRIVERS\e4usbaw.sys
R3 klim5;Kaspersky Anti-Virus NDIS Filter;D:\WINDOWS\system32\DRIVERS\klim5.sys
R3 vmfilter303;vmfilter303;D:\WINDOWS\system32\drivers\vmfilter303.sys
R3 ZSMC303;X-calibur USB PC Camera (Vimicro301 Neptune);D:\WINDOWS\system32\Drivers\usbVM303.sys
S1 AmdK8;Sterownik procesora AMD;D:\WINDOWS\system32\DRIVERS\AmdK8.sys
S2 E4LOADER;General Purpose USB Driver (e4ldr.sys);D:\WINDOWS\system32\Drivers\e4ldr.sys
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0;D:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
S3 idsvc;Windows CardSpace;"D:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe"
S3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver;D:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
S3 ST330;ST330;D:\WINDOWS\system32\drivers\st330.sys
S3 STBUS;STBUS;D:\WINDOWS\system32\drivers\stbus.sys
S3 stppp;Speedtouch PPP Adapter Adapter;D:\WINDOWS\system32\DRIVERS\stppp.sys
S3 SymIM;Symantec Network Security Intermediate Filter Service;D:\WINDOWS\system32\DRIVERS\SymIM.sys
S3 SymIMMP;SymIMMP;D:\WINDOWS\system32\DRIVERS\SymIM.sys
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;D:\WINDOWS\System32\TuneUpDefragService.exe
S3 USB_RNDIS;Arris Remote NDIS Network Device Driver;D:\WINDOWS\system32\DRIVERS\usb8023.sys
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service;"D:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe"

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

Contents of the 'Scheduled Tasks' folder
2008-04-12 15:09:18 D:\WINDOWS\Tasks\GlaryInitialize.job - C:\programy\glary utilites\Glary Utilities\initialize.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-12 17:31:18
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\A\1\5\1c]
"Order"=hex:08,00,00,00,02,00,00,00,b8,01,00,00,01,00,00,00,04,00,00,00,8c,..

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2008-04-12 17:33:17

--- E O F ---

Dołączenie: 21 Mar 2008, 10:07

Wyłącz przywracanie systemu na wszystkich dyskach.http://support.microsoft.com/kb/310405/pl

Fix w hijackthis:

O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O17 - HKLM\System\CCS\Services\Tcpip\..\{2A699583-41CB-4060-B44F-7DFD69BDF7F0}: NameServer = 213.241.79.37 83.238.255.76

Pobierz ComboFix, ale nie uruchamiaj
Wklej do notatnika:

Kod:: File:: D:\WINDOWS\nircmd.exe D:\WINDOWS\VMSnap3.EXE D:\WINDOWS\Domino.EXE D:\WINDOWS\VM303Cap.exe D:\WINDOWS\system32\vfwwdm32.dll

Plik

zapisz jako

CFScript.txt (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe)
Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe tak jak tu

Powinno się rozpocząć usuwanie i powstanie log, daj ten log na forum.
Jeśli wszystko pójdzie dobrze, to po restarcie usuń ręcznie folder C: \Qoobox

Daj log z Hijackthis

Wszystko zrobiłem w/g wskazówek,mam pytanie czy możliwe jest przejście wirusów z jednego systemu na drugi,gdyż mam też viste zainstalowaną.

Oto log HJT po restarcie:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:17:19, on 2008-04-12
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\programy\nero 8\Nero\Nero8\Nero BackItUp\NBService.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\IoctlSvc.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\RTHDCPL.EXE
D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\programy\cursor powre pack\CursorXP.exe
C:\programy\zegarynka\Zegarynka.exe
C:\programy\brio pack\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\programy\clock\Atomic Alarm Clock\Atomic Alarm Clock\AtomicAlarmClock.exe
C:\programy\ObjectDock\ObjectDock\ObjectDock.exe
C:\programy\brio pack\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
D:\WINDOWS\system32\wuauclt.exe
C:\programy\hijack\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\programy\spybot\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AVP] "D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [CursorXP] C:\programy\cursor powre pack\CursorXP.exe
O4 - HKCU\..\Run: [Zegarynka] C:\programy\zegarynka\Zegarynka.exe
O4 - HKCU\..\Run: [RocketDock] "C:\programy\brio pack\Vista Inspirat 2\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [SkinClock] C:\programy\clock\Atomic Alarm Clock\Atomic Alarm Clock\AtomicAlarmClock.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\programy\brio pack\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\programy\ObjectDock\ObjectDock\ObjectDock.exe
O4 - Startup: UberIcon.lnk = C:\programy\brio pack\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O8 - Extra context menu item: Dodaj do blokowanych banerów - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Statystyki dla ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\programy\spybot\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\programy\spybot\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 4212869562
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 4233101984
O20 - AppInit_DLLs: wbsys.dll,D:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\programy\nero 8\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - D:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - D:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 5663 bytes

Z COMBOFIX powstały dwa logi

1:

Kod:: 2004-08-04 00:44 54784 --a------ D:\Qoobox\Quarantine\D\WINDOWS\system32\vfwwdm32.dll.vir 2005-04-30 12:46 102400 --a------ D:\Qoobox\Quarantine\D\WINDOWS\VM303Cap.exe.vir 2006-06-28 11:54 49152 --a------ D:\Qoobox\Quarantine\D\WINDOWS\Domino.EXE.vir 2006-08-30 04:58 49152 --a------ D:\Qoobox\Quarantine\D\WINDOWS\VMSnap3.EXE.vir 2007-06-17 00:11 51200 --a------ D:\Qoobox\Quarantine\D\WINDOWS\nircmd.exe.vir Zmienna PATH folderu Numer seryjny woluminu: 90F5-D3F2 D:\QOOBOX \---Quarantine +---D | \---WINDOWS | | Domino.EXE.vir | | nircmd.exe.vir | | VM303Cap.exe.vir | | VMSnap3.EXE.vir | | | \---system32 | vfwwdm32.dll.vir | \---Registry_backups

2:

ComboFix 07-07-30.2 - "van Helsing" 2008-04-12 19:06:59.2 [GMT 2:00] - NTFS
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.Prawda
Command switches used :: C:\programy\hijack\CFScript.txt
* Created a new restore point

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

D:\WINDOWS\Domino.EXE
D:\WINDOWS\nircmd.exe
D:\WINDOWS\system32\vfwwdm32.dll
D:\WINDOWS\VM303Cap.exe
D:\WINDOWS\VMSnap3.EXE

((((((((((((((((((((((((( Files Created from 2008-03-12 to 2008-04-12 )))))))))))))))))))))))))))))))

2008-04-09 05:01 176,128 -ra------ D:\WINDOWS\amcap.exe
2008-04-09 05:00 81,920 -ra------ D:\WINDOWS\system32\VM303STI.dll
2008-04-09 05:00 392,058 -ra------ D:\WINDOWS\system32\drivers\usbVM303.sys
2008-04-09 04:54 36,864 --a------ D:\WINDOWS\system32\KRCapture.dll
2008-04-09 04:54 32,768 --a------ D:\WINDOWS\system32\KRProcess.dll
2008-04-09 04:54 32,768 --a------ D:\WINDOWS\system32\KRDetector.dll
2008-04-08 22:38 91,700 --a------ D:\WINDOWS\system32\drivers\klin.dat
2008-04-08 22:38 85,860 --a------ D:\WINDOWS\system32\drivers\klick.dat
2008-04-08 22:37 5,492,512 --ahs---- D:\WINDOWS\system32\drivers\fidbox.dat
2008-04-08 22:37 112,928 --ahs---- D:\WINDOWS\system32\drivers\fidbox2.dat
2008-04-08 22:37 <DIR> d-------- D:\Program Files\Kaspersky Lab
2008-04-08 18:17 <DIR> d-------- D:\DOCUME~1\VANHEL~1\DANEAP~1\ESET
2008-04-08 17:58 <DIR> d-------- D:\DOCUME~1\VANHEL~1\DANEAP~1\Symantec
2008-04-08 17:56 <DIR> d-------- D:\Program Files\Symantec
2008-04-08 17:56 <DIR> d-------- D:\DOCUME~1\ALLUSE~1\DANEAP~1\Symantec
2008-04-08 17:55 <DIR> d-------- D:\Program Files\Common Files\Symantec Shared
2008-04-08 17:54 73,216 --a------ D:\WINDOWS\ST6UNST.EXE
2008-04-08 17:54 249,856 --------- D:\WINDOWS\Setup1.exe
2008-04-07 08:58 <DIR> d-------- D:\Program Files\ScanSoft
2008-04-06 21:20 <DIR> d-------- D:\Program Files\USDownloader
2008-04-06 11:56 413,696 --a------ D:\WINDOWS\system32\wrap_oal.dll
2008-04-06 11:56 110,592 --a------ D:\WINDOWS\system32\OpenAL32.dll
2008-04-06 11:56 <DIR> d-------- D:\Program Files\OpenAL
2008-04-06 11:51 <DIR> d-------- D:\DOCUME~1\ALLUSE~1\DANEAP~1\Powerboat GT
2008-04-05 13:02 <DIR> d-------- D:\DOCUME~1\VANHEL~1\DANEAP~1\Disney Interactive Studios
2008-04-05 05:55 5,504 --a------ D:\WINDOWS\system32\drivers\MSTEE.sys
2008-04-05 05:55 15,360 --a------ D:\WINDOWS\system32\drivers\StreamIP.sys
2008-04-05 05:55 11,136 --a------ D:\WINDOWS\system32\drivers\SLIP.sys
2008-04-05 05:55 10,880 --a------ D:\WINDOWS\system32\drivers\NdisIP.sys
2008-04-05 05:54 85,376 --a------ D:\WINDOWS\system32\drivers\NABTSFEC.sys
2008-04-05 05:54 19,328 --a------ D:\WINDOWS\system32\drivers\WSTCODEC.SYS
2008-04-05 05:54 17,024 --a------ D:\WINDOWS\system32\drivers\CCDECODE.sys
2008-04-05 05:53 54,784 --a------ D:\WINDOWS\system32\vfwwdm32.dll
2008-04-05 05:45 428,160 -ra------ D:\WINDOWS\system32\drivers\vmfilter303.sys
2008-04-05 05:45 40,960 -ra------ D:\WINDOWS\system32\setupfilter.exe
2008-04-05 05:44 <DIR> d-------- D:\WINDOWS\EffectResources
2008-04-03 18:05 71,832 --a------ D:\WINDOWS\system32\drivers\e4ldrx64.sys
2008-04-03 18:05 69,656 --a------ D:\WINDOWS\system32\drivers\e4ldr.sys
2008-04-03 18:05 58,264 --a------ D:\WINDOWS\system32\drivers\adildrx64.sys
2008-04-03 18:05 56,088 --a------ D:\WINDOWS\system32\drivers\adildr.sys
2008-04-03 18:05 46,892 --a------ D:\WINDOWS\system32\ADADIX16.DLL
2008-04-03 18:05 4,981 --a------ D:\WINDOWS\system32\ADADIX2K.DLL
2008-04-03 18:05 316,416 --a------ D:\WINDOWS\system32\unaddrv.x64.exe
2008-04-03 18:05 253,008 --a------ D:\WINDOWS\adirasx64.exe
2008-04-03 18:05 24,576 --a------ D:\WINDOWS\enddisk32.exe
2008-04-03 18:05 22,395 --a------ D:\WINDOWS\system32\drivers\fpga.bin
2008-04-03 18:05 212,992 --a------ D:\WINDOWS\system32\unaddrv.exe
2008-04-03 18:05 200,704 --a------ D:\WINDOWS\system32\coclassfast.dll
2008-04-03 18:05 194,128 --a------ D:\WINDOWS\adiras.exe
2008-04-03 18:05 176,128 --a------ D:\WINDOWS\autoclk.exe
2008-04-03 18:05 169,496 --a------ D:\WINDOWS\system32\drivers\adiusbawx64.sys
2008-04-03 18:05 155,648 --a------ D:\WINDOWS\system32\adadix32.dll
2008-04-03 18:05 152,308 --a------ D:\WINDOWS\system32\drivers\L1E4I2.BIN
2008-04-03 18:05 152,306 --a------ D:\WINDOWS\system32\drivers\L1E4I1.BIN
2008-04-03 18:05 152,306 --a------ D:\WINDOWS\system32\drivers\L1E4I0.BIN
2008-04-03 18:05 152,146 --a------ D:\WINDOWS\system32\drivers\L1E4P2.BIN
2008-04-03 18:05 152,145 --a------ D:\WINDOWS\system32\drivers\L1E4P1.BIN
2008-04-03 18:05 152,145 --a------ D:\WINDOWS\system32\drivers\L1E4P0.BIN
2008-04-03 18:05 152,126 --a------ D:\WINDOWS\system32\drivers\L1E9P2.BIN
2008-04-03 18:05 152,126 --a------ D:\WINDOWS\system32\drivers\L1E9P1.BIN
2008-04-03 18:05 152,126 --a------ D:\WINDOWS\system32\drivers\L1E9P0.BIN
2008-04-03 18:05 152,126 --a------ D:\WINDOWS\system32\drivers\L1E9I2.BIN
2008-04-03 18:05 152,126 --a------ D:\WINDOWS\system32\drivers\L1E9I1.BIN
2008-04-03 18:05 152,126 --a------ D:\WINDOWS\system32\drivers\L1E9I0.BIN
2008-04-03 18:05 152,036 --a------ D:\WINDOWS\system32\drivers\L1E4D2.BIN
2008-04-03 18:05 152,034 --a------ D:\WINDOWS\system32\drivers\L1E4D1.BIN
2008-04-03 18:05 152,034 --a------ D:\WINDOWS\system32\drivers\L1E4D0.BIN
2008-04-03 18:05 146,968 --a------ D:\WINDOWS\system32\drivers\e4usbawx64.sys
2008-04-03 18:05 127,456 --a------ D:\WINDOWS\system32\IPDETECT.EXE
2008-04-03 18:05 118,552 --a------ D:\WINDOWS\system32\drivers\adiusbaw.sys
2008-04-03 18:05 104,344 --a------ D:\WINDOWS\system32\drivers\e4usbaw.sys
2008-04-03 18:05 <DIR> d-------- D:\Program Files\SAGEM
2008-04-03 18:05 <DIR> d-------- D:\DOCUME~1\VANHEL~1\DANEAP~1\InstallShield
2008-04-02 09:47 <DIR> d-------- D:\Program Files\AutoConnect
2008-04-02 09:17 32,000 --a------ D:\WINDOWS\system32\drivers\stppp.sys
2008-04-02 09:17 30,464 --a------ D:\WINDOWS\system32\drivers\st330.sys
2008-04-02 09:17 16,128 --a------ D:\WINDOWS\system32\drivers\lpwdm.sys
2008-04-02 09:17 12,672 --a------ D:\WINDOWS\system32\drivers\stbus.sys
2008-03-16 19:40 <DIR> d-------- D:\Program Files\NeroInstall.bak
2008-03-16 19:36 <DIR> d-------- D:\Program Files\Common Files\Nero
2008-03-13 05:26 <DIR> d-------- D:\WINDOWS\Cache

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2008-04-12 19:01 --------- d-------- D:\Program Files\Mozilla Firefox 3 Beta 2
2008-04-12 18:10 84140 --ahs---- D:\WINDOWS\system32\drivers\fidbox.idx
2008-04-12 18:10 15524 --ahs---- D:\WINDOWS\system32\drivers\fidbox2.idx
2008-04-08 22:52 --------- d--h----- D:\Program Files\InstallShield Installation Information
2008-04-05 05:44 --------- d-------- D:\Program Files\Common Files\InstallShield
2008-04-03 18:06 33 --a------ D:\WINDOWS\system32\drivers\adidsl.cfg
2008-03-30 12:28 88946 --a------ D:\WINDOWS\system32\perfc015.dat
2008-03-30 12:28 500482 --a------ D:\WINDOWS\system32\perfh015.dat
2008-03-28 17:02 --------- d-------- D:\DOCUME~1\VANHEL~1\DANEAP~1\winamp
2008-03-20 10:09 1845504 --a------ D:\WINDOWS\system32\win32k.sys
2008-03-05 17:03 479752 --a------ D:\WINDOWS\system32\XAudio2_0.dll
2008-03-05 17:03 238088 --a------ D:\WINDOWS\system32\xactengine3_0.dll
2008-03-05 17:00 25608 --a------ D:\WINDOWS\system32\X3DAudio1_3.dll
2008-03-05 16:56 3786760 --a------ D:\WINDOWS\system32\D3DX9_37.dll
2008-03-05 16:56 1420824 --a------ D:\WINDOWS\system32\D3DCompiler_37.dll
2008-03-04 14:32 --------- d-------- D:\Program Files\Realtek
2008-03-01 19:02 --------- d-------- D:\DOCUME~1\VANHEL~1\DANEAP~1\Media Player Classic
2008-02-28 18:38 972072 --a------ D:\WINDOWS\UNNeroMediaHome.exe
2008-02-28 10:31 --------- d-------- D:\Program Files\AviSynth 2.5
2008-02-26 23:41 78083 --a------ D:\WINDOWS\BricoPackUninst.cmd
2008-02-26 23:41 3407 --a------ D:\WINDOWS\BricoPackFoldersDelete.cmd
2008-02-26 23:29 --------- d-------- D:\Program Files\Movie Maker
2008-02-26 22:29 2560 --a------ D:\WINDOWS\_MSRSTRT.EXE
2008-02-26 21:38 211 --ah----- D:\WINDOWS\winshell.dat
2008-02-26 17:14 972072 --a------ D:\WINDOWS\UNRecode.exe
2008-02-20 08:51 282624 --a------ D:\WINDOWS\system32\gdi32.dll
2008-02-20 07:38 45568 --a------ D:\WINDOWS\system32\dnsrslvr.dll
2008-02-18 21:18 3451 --a------ D:\WINDOWS\unins000.dat
2008-02-18 21:13 691545 --a------ D:\WINDOWS\unins000.exe
2008-02-18 17:21 132904 --a------ D:\WINDOWS\system32\drivers\imagesrv.sys
2008-02-18 17:21 11304 --a------ D:\WINDOWS\system32\drivers\imagedrv.sys
2008-02-18 17:04 95600 --a------ D:\WINDOWS\system32\NeroCo.dll
2008-02-17 15:28 306432 --a------ D:\WINDOWS\system32\TuneUpDefragService.exe
2008-02-17 15:28 --------- d-------- D:\DOCUME~1\VANHEL~1\DANEAP~1\TuneUp Software
2008-02-17 15:27 --------- d-------- D:\Program Files\Common Files\Wise Installation Wizard
2008-02-17 14:06 --------- d-------- D:\DOCUME~1\VANHEL~1\DANEAP~1\GlobalSCAPE
2008-02-14 18:04 4676096 --a------ D:\WINDOWS\system32\drivers\RtkHDAud.sys
2008-02-13 15:31 16857600 --a------ D:\WINDOWS\RTHDCPL.exe
2008-02-08 18:37 219664 --a------ D:\WINDOWS\system32\klogon.dll
2008-02-06 00:07 462864 --a------ D:\WINDOWS\system32\d3dx10_37.dll
2008-01-30 10:30 4212 ---h----- D:\WINDOWS\system32\zllictbl.dat
2006-05-03 09:06:54 163,328 --sh--r D:\WINDOWS\system32\flvDX.dll
2007-02-21 10:47:16 31,232 --sh--r D:\WINDOWS\system32\msfDX.dll

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-02-13 15:31 D:\WINDOWS\RTHDCPL.exe]
"AVP"="D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2008-02-08 18:36]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CursorXP"="C:\programy\cursor powre pack\CursorXP.exe" [2005-01-19 17:34]
"Zegarynka"="C:\programy\zegarynka\Zegarynka.exe" [2005-02-25 23:02]
"RocketDock"="C:\programy\brio pack\Vista Inspirat 2\RocketDock\RocketDock.exe" [2007-03-19 00:05]
"SkinClock"="C:\programy\clock\Atomic Alarm Clock\Atomic Alarm Clock\AtomicAlarmClock.exe" [2007-08-13 12:25]

D:\Documents and Settings\van Helsing\Menu Start\Programy\Autostart\
RocketDock.lnk - C:\programy\brio pack\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-19 00:05:02]
Stardock ObjectDock.lnk - C:\programy\ObjectDock\ObjectDock\ObjectDock.exe [2007-12-04 16:05:25]
UberIcon.lnk - C:\programy\brio pack\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-05-21 09:43:08]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
C:\programy\windowblinds\WindowBlinds\wbsrv.dll 2008-02-26 23:50 229376 C:\programy\windowblinds\WindowBlinds\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=wbsys.dll,D:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Menu Start^Programy^Autostart^DSLMON.lnk]
backup=D:\WINDOWS\pss\DSLMON.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^van Helsing^Menu Start^Programy^Autostart^AntiCrash.lnk]
backup=D:\WINDOWS\pss\AntiCrash.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^van Helsing^Menu Start^Programy^Autostart^TransBar.lnk]
backup=D:\WINDOWS\pss\TransBar.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^van Helsing^Menu Start^Programy^Autostart^Y'z Shadow.lnk]
backup=D:\WINDOWS\pss\Y'z Shadow.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
"C:\programy\nero 8\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
D:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Registry Accelerator]
"C:\programy\naprawa rejestru\Professional Registry Doctor\rc.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkinClock]
C:\programy\clock\Atomic Alarm Clock\Atomic Alarm Clock\AtomicAlarmClock.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XPRepairPro2007]
C:\programy\XP Repair Pro 2007\XPRepairPro.exe /r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"aawservice"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"Domino"=D:\WINDOWS\Domino.EXE
"VMSnap3"=D:\WINDOWS\VMSnap3.EXE

R0 viamraid;viamraid;D:\WINDOWS\system32\DRIVERS\viamraid.sys
R0 videX32;videX32;D:\WINDOWS\system32\DRIVERS\videX32.sys
R1 AmdPPM;Sterownik procesora AMD HwPState;D:\WINDOWS\system32\DRIVERS\AmdPPM.sys
R2 atksgt;atksgt;D:\WINDOWS\system32\DRIVERS\atksgt.sys
R2 EIO;EIO;\??\D:\WINDOWS\system32\drivers\EIO.sys
R2 lirsgt;lirsgt;D:\WINDOWS\system32\DRIVERS\lirsgt.sys
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3;C:\programy\nero 8\Nero\Nero8\Nero BackItUp\NBService.exe
R2 UxTuneUp;TuneUp Theme Extension;D:\WINDOWS\System32\svchost.exe -k netsvcs
R3 e4usbaw;USB ADSL2 WAN Adapter;D:\WINDOWS\system32\DRIVERS\e4usbaw.sys
R3 klim5;Kaspersky Anti-Virus NDIS Filter;D:\WINDOWS\system32\DRIVERS\klim5.sys
R3 vmfilter303;vmfilter303;D:\WINDOWS\system32\drivers\vmfilter303.sys
R3 ZSMC303;X-calibur USB PC Camera (Vimicro301 Neptune);D:\WINDOWS\system32\Drivers\usbVM303.sys
S1 AmdK8;Sterownik procesora AMD;D:\WINDOWS\system32\DRIVERS\AmdK8.sys
S2 E4LOADER;General Purpose USB Driver (e4ldr.sys);D:\WINDOWS\system32\Drivers\e4ldr.sys
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0;D:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
S3 idsvc;Windows CardSpace;"D:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe"
S3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver;D:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
S3 ST330;ST330;D:\WINDOWS\system32\drivers\st330.sys
S3 STBUS;STBUS;D:\WINDOWS\system32\drivers\stbus.sys
S3 stppp;Speedtouch PPP Adapter Adapter;D:\WINDOWS\system32\DRIVERS\stppp.sys
S3 SymIM;Symantec Network Security Intermediate Filter Service;D:\WINDOWS\system32\DRIVERS\SymIM.sys
S3 SymIMMP;SymIMMP;D:\WINDOWS\system32\DRIVERS\SymIM.sys
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;D:\WINDOWS\System32\TuneUpDefragService.exe
S3 USB_RNDIS;Arris Remote NDIS Network Device Driver;D:\WINDOWS\system32\DRIVERS\usb8023.sys
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service;"D:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe"

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

Contents of the 'Scheduled Tasks' folder
2008-04-12 16:13:38 D:\WINDOWS\Tasks\GlaryInitialize.job - C:\programy\glary utilites\Glary Utilities\initialize.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-12 19:09:53
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\A\1\5\1c]
"Order"=hex:08,00,00,00,02,00,00,00,b8,01,00,00,01,00,00,00,04,00,00,00,8c,..

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2008-04-12 19:11:59
D:\ComboFix-quarantined-files.txt ... 2008-04-12 19:11

--- E O F ---

Dołączenie: 21 Mar 2008, 10:07

Log jest czysty

Usuń ręcznie folder C: \Qoobox
usuń instalkę Combofix z dysku.

Tak jest mozliwe

Daj logi z Hijackthis z drugiego systemu

Na wszelki wypadek daje log HJT z visty tylko,bo COMBOFIX nie chodzi

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:30:38, on 2008-04-12
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\vmsnap3.exe
C:\Windows\Domino.exe
D:\programy\zegarynka\Zegarynka.exe
C:\Program Files (x86)\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
D:\programy\hijack\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.www.daemon-search.com/default
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\programy\VISTAP~1\spybot\SPYBOT~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [adiras] C:\Windows\adirasx64.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Zegarynka] D:\programy\zegarynka\Zegarynka.exe
O8 - Extra context menu item: Dodaj do blokowanych banerów - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Statystyki dla ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\programy\VISTAP~1\spybot\SPYBOT~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\programy\VISTAP~1\spybot\SPYBOT~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{5A84FE6A-9088-4F13-9973-644EC82A3088}: NameServer = 213.241.79.37 83.238.255.76
O20 - AppInit_DLLs: C:\PROGRA~2\KASPER~1\KASPER~1.0\r3hook.dll,C:\PROGRA~2\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\SysWOW64\IoctlSvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - D:\programy\VISTA PROGRAMS\spybot\Spybot - Search & Destroy\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - Unknown owner - C:\Windows\System32\TuneUpDefragService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 6256 bytes

Dołączenie: 21 Mar 2008, 10:07

fix w hijackthis

O17 - HKLM\System\CCS\Services\Tcpip\..\{5A84FE6A-9088-4F13-9973-644EC82A3088}: NameServer = 213.241.79.37 83.238.255.76

Nie można tego zfixowac,przy następnym skanie znowu jest.Co z tym zrobić?

Dołączenie: 21 Mar 2008, 10:07

To są DNS internetu i raczej są podstawione, mozesz je zostawić ale przydałby się log z combofix ale szkoda ze to vista

Możesz je zostawic

Czy juz wszystko jest dobrze czy są jeszcze problemy

Dziękuje bardzo.Teraz wszystko jest dobrze.Dowidzenia;)

Jednak mam problem,otóż jak zaczynam wypakowywać archiwa winRARem to z dysku lokalnego ubywa wolnego miejsca oz prawie do zera co prawda po pewnym czasie wszystko wraca do normy,ale to bardzo denerwująca sprawa i są duże obciążenia procesora w tym czasie,czy da się coś z tym zrobić?

Dołączenie: 21 Mar 2008, 10:07

Zrób logi z Silent Runners

Właśnie w tym momencie to się dzieje.
LOG:
"Silent Runners.vbs", revision R50, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"CursorXP" = "C:\programy\cursor powre pack\CursorXP.exe" [" "]
"Zegarynka" = "C:\programy\zegarynka\Zegarynka.exe" ["Marcin Dutkiewicz"]
"RocketDock" = ""C:\programy\brio pack\Vista Inspirat 2\RocketDock\RocketDock.exe"" [null data]
"SkinClock" = "C:\programy\clock\Atomic Alarm Clock\Atomic Alarm Clock\AtomicAlarmClock.exe" [null data]

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"RTHDCPL" = "RTHDCPL.EXE" ["Realtek Semiconductor Corp."]
"AVP" = ""D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"" ["Kaspersky Lab"]
"NvCplDaemon" = "RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)

{HKLM...CLSID} = "Spybot-S&D IE Protection"
\InProcServer32\(Default) = "C:\programy\spybot\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)

{HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll" ["Sun Microsystems, Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"

{HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "D:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{EFA24E62-B078-11d0-89E4-00C04FC9E26E}" = "History Band"

{HKLM...CLSID} = "History Band"
\InProcServer32\(Default) = "D:\WINDOWS\system32\shdocvw.dll" [MS]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"

{HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\programy\winrar\rarext.dll" [null data]
"{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler"

{HKLM...CLSID} = "NeroDigitalIconHandler Class"
\InProcServer32\(Default) = "D:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll" ["Nero AG"]
"{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler"

{HKLM...CLSID} = "NeroDigitalPropSheetHandler Class"
\InProcServer32\(Default) = "D:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll" ["Nero AG"]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"

{HKLM...CLSID} = "DesktopContext Class"
\InProcServer32\(Default) = "D:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"

{HKLM...CLSID} = "NVIDIA CPL Extension"
\InProcServer32\(Default) = "D:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"

{HKLM...CLSID} = "Desktop Explorer"
\InProcServer32\(Default) = "D:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"

{HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "D:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"

{HKLM...CLSID} = "nView Desktop Context Menu"
\InProcServer32\(Default) = "D:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{72923739-5A47-40A3-9895-25AF0DFBB9E4}" = "Glary Utilities Context Menu Shell Extension"

{HKLM...CLSID} = "Glary Utilities Context Menu Shell Extension"
\InProcServer32\(Default) = "C:\programy\GLARYU~1\GLARYU~1\CONTEX~1.DLL" ["GlarySoft.com"]
"{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}" = "TuneUp Shredder Shell Extension"

{HKLM...CLSID} = "TuneUp Shredder Shell Extension"
\InProcServer32\(Default) = "C:\programy\tuneup utilles\SDShelEx-win32.dll" ["TuneUp Software GmbH"]
"{44440D00-FF19-4AFC-B765-9A0970567D97}" = "TuneUp Theme Extension"

{HKLM...CLSID} = "TuneUp Theme Extension"
\InProcServer32\(Default) = "D:\WINDOWS\System32\uxtuneup.dll" ["TuneUp Software GmbH"]
"{ABC70703-32AF-11d4-90C4-D483A70F4825}" = "CMenuExtender"

{HKLM...CLSID} = "CMenuExtender"
\InProcServer32\(Default) = "C:\programy\brio pack\Vista Inspirat 2\iColorFolder\CMExt.dll" ["Revenger inc."]
"{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2}" = "NeroCoverEd Live Icons"

{HKLM...CLSID} = "NeroCoverEdLiveIcons Class"
\InProcServer32\(Default) = "C:\programy\nero 8\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll" ["Nero AG"]
"{85E0B171-04FA-11D1-B7DA-00A0C90348D6}" = "Statystyki dla ochrony WWW"

{HKLM...CLSID} = "Statystyki dla ochrony WWW"
\InProcServer32\(Default) = "D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll" ["Kaspersky Lab"]

HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
"WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

{HKLM...CLSID} = "WPDShServiceObj Class"
\InProcServer32\(Default) = "D:\WINDOWS\system32\WPDShServiceObj.dll" [MS]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\
<<!>> "AppInit_DLLs" = "wbsys.dll,D:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll" [file not found]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<<!>> klogon\DLLName = "D:\WINDOWS\system32\klogon.dll" ["Kaspersky Lab"]
<<!>> WBSrv\DLLName = "C:\programy\windowblinds\WindowBlinds\wbsrv.dll" ["Stardock Corporation"]

HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler"

{HKLM...CLSID} = "NeroDigitalColumnHandler Class"
\InProcServer32\(Default) = "D:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll" ["Nero AG"]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
Cover Designer\(Default) = "{73FCA462-9BD5-4065-A73F-A8E5F6904EF7}"

{HKLM...CLSID} = "NeroCoverEdContextMenu Class"
\InProcServer32\(Default) = "C:\programy\nero 8\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll" ["Nero AG"]
Glary Utilities\(Default) = "{72923739-5A47-40A3-9895-25AF0DFBB9E4}"

{HKLM...CLSID} = "Glary Utilities Context Menu Shell Extension"
\InProcServer32\(Default) = "C:\programy\GLARYU~1\GLARYU~1\CONTEX~1.DLL" ["GlarySoft.com"]
Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"

{HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ShellEx.dll" ["Kaspersky Lab"]
TuneUp Shredder Shell Extension\(Default) = "{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}"

{HKLM...CLSID} = "TuneUp Shredder Shell Extension"
\InProcServer32\(Default) = "C:\programy\tuneup utilles\SDShelEx-win32.dll" ["TuneUp Software GmbH"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

{HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\programy\winrar\rarext.dll" [null data]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
CMenuExtender\(Default) = "{ABC70703-32AF-11d4-90C4-D483A70F4825}"

{HKLM...CLSID} = "CMenuExtender"
\InProcServer32\(Default) = "C:\programy\brio pack\Vista Inspirat 2\iColorFolder\CMExt.dll" ["Revenger inc."]
TuneUp Shredder Shell Extension\(Default) = "{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}"

{HKLM...CLSID} = "TuneUp Shredder Shell Extension"
\InProcServer32\(Default) = "C:\programy\tuneup utilles\SDShelEx-win32.dll" ["TuneUp Software GmbH"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

{HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\programy\winrar\rarext.dll" [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
Glary Utilities\(Default) = "{72923739-5A47-40A3-9895-25AF0DFBB9E4}"

{HKLM...CLSID} = "Glary Utilities Context Menu Shell Extension"
\InProcServer32\(Default) = "C:\programy\GLARYU~1\GLARYU~1\CONTEX~1.DLL" ["GlarySoft.com"]
Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"

{HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ShellEx.dll" ["Kaspersky Lab"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

{HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\programy\winrar\rarext.dll" [null data]

Group Policies {policy setting}:
--------------------------------

Note: detected settings may not have any effect.

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Devices: Allow undock without having to log on}

Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "D:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "D:\Documents and Settings\van Helsing\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"

Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "D:\WINDOWS\system32\Euphoria.scr" [null data]

Startup items in "van Helsing" & "All Users" startup folders:
-------------------------------------------------------------

D:\Documents and Settings\van Helsing\Menu Start\Programy\Autostart
"RocketDock"

shortcut to: "C:\programy\brio pack\Vista Inspirat 2\RocketDock\RocketDock.exe" [null data]
"Stardock ObjectDock"

shortcut to: "C:\programy\ObjectDock\ObjectDock\ObjectDock.exe" ["Stardock"]
"UberIcon"

shortcut to: "C:\programy\brio pack\Vista Inspirat 2\UberIcon\UberIcon Manager.exe" [null data]

Enabled Scheduled Tasks:
------------------------

"GlaryInitialize"

launches: "C:\programy\glary utilites\Glary Utilities\initialize.exe" ["GlarySoft.com"]

Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 19
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05

Toolbars, Explorer Bars, Extensions:
------------------------------------

Explorer Bars

HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\

HKLM\Software\Classes\CLSID\{85E0B171-04FA-11D1-B7DA-00A0C90348D6}\(Default) = "Statystyki dla ochrony WWW"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll" ["Kaspersky Lab"]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}"

{HKCU...CLSID} = "Java Plug-in 1.6.0_05"
\InProcServer32\(Default) = "D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll" ["Sun Microsystems, Inc."]

{HKLM...CLSID} = "Java Plug-in 1.6.0_05"
\InProcServer32\(Default) = "D:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll" ["Sun Microsystems, Inc."]

{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}\
"ButtonText" = "Statystyki dla ochrony WWW"

{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}\
"MenuText" = "Spybot - Search & Destroy Configuration"
"CLSIDExtension" = "{53707962-6F74-2D53-2644-206D7942484F}"

{HKLM...CLSID} = "Spybot-S&D IE Protection"
\InProcServer32\(Default) = "C:\programy\spybot\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]

{E2E2DD38-D088-4134-82B7-F2BA38496583}\
"MenuText" = "@xpsp3res.dll,-20001"
"Exec" = "%windir%\Network Diagnostic\xpnetdiag.exe" [MS]

Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Kaspersky Internet Security 7.0, AVP, ""D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" -r" ["Kaspersky Lab"]
Nero BackItUp Scheduler 3, Nero BackItUp Scheduler 3, "C:\programy\nero 8\Nero\Nero8\Nero BackItUp\NBService.exe" ["Nero AG"]
NVIDIA Display Driver Service, NVSvc, "D:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]
PLFlash DeviceIoControl Service, PLFlash DeviceIoControl Service, "D:\WINDOWS\system32\IoctlSvc.exe" ["Prolific Technology Inc."]
TuneUp Theme Extension, UxTuneUp, "D:\WINDOWS\System32\svchost.exe -k netsvcs" {"D:\WINDOWS\System32\uxtuneup.dll" ["TuneUp Software GmbH"]}

----------
<<!>>: Suspicious data at a malware launch point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer "No" at the
first message box and "Yes" at the second message box.
---------- (total run time: 72 seconds, including 7 seconds for message boxes)

Dołączenie: 21 Mar 2008, 10:07

Jak na moje oko komputer czysty

przeskanuj komputer tym http://www.kaspersky.pl/virusscanner.html

Za moment przeskanuje tylko dam log po tym całym dziwnym procesie.Ten log jest dokładny.
"Silent Runners.vbs", revision R50, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"CursorXP" = "C:\programy\cursor powre pack\CursorXP.exe" [" "]
"Zegarynka" = "C:\programy\zegarynka\Zegarynka.exe" ["Marcin Dutkiewicz"]
"RocketDock" = ""C:\programy\brio pack\Vista Inspirat 2\RocketDock\RocketDock.exe"" [null data]
"SkinClock" = "C:\programy\clock\Atomic Alarm Clock\Atomic Alarm Clock\AtomicAlarmClock.exe" [null data]

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"RTHDCPL" = "RTHDCPL.EXE" ["Realtek Semiconductor Corp."]
"AVP" = ""D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"" ["Kaspersky Lab"]
"NvCplDaemon" = "RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)