Wirus, haxdoor

[Pyrdekk]

Witam!

W nawiązaniu do tego : blue-screen-win32k-sys-wirus-haxdoor-vp793052.html

Posiadam dokładnie takie same objawy, pobawiłem sie haxfix`em, usunąłem wszystkie sterowniki. Niby teraz BS nie wystakuje, jednak został jeszcze jeden problem. Monitor migocze na czarno, oraz pojawia się śnieżenie. W tym czasie komputer staje sie zamulony, czesto zawiesza się. Daje logi


Combofix

Kod: Zaznacz wszystko

ComboFix 09-01-07.01 - START 2009-01-07 19:49:45.2 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.3.1250.1.1045.18.2047.1538 [GMT 1:00]
Uruchomiony z: c:\documents and settings\START\Pulpit\ComboFix.exe
.

(((((((((((((((((((((((((   Pliki utworzone od 2008-12-07 do 2009-01-07  )))))))))))))))))))))))))))))))
.

2009-01-07 19:11 . 2008-11-12 13:45   453,152   --a------   c:\windows\system32\NVUNINST.EXE
2009-01-07 19:11 . 2008-11-12 14:54   453,152   --a------   c:\windows\system32\nvudisp.exe
2009-01-07 19:11 . 2009-01-07 19:53   203,188   --a------   c:\windows\system32\nvapps.xml
2009-01-07 19:11 . 2008-11-12 14:54   18,537   --a------   c:\windows\system32\nvdisp.nvu
2009-01-07 18:52 . 2009-01-07 18:52   664   --a------   c:\windows\system32\d3d9caps.dat
2009-01-07 18:52 . 2009-01-07 18:52   552   --a------   c:\windows\system32\d3d8caps.dat
2009-01-07 18:50 . 2009-01-07 18:50   <DIR>   d--------   c:\program files\Attansic
2009-01-07 18:50 . 2006-10-31 04:10   35,840   -ra------   c:\windows\system32\drivers\atl01_xp.sys
2009-01-07 18:32 . 2009-01-07 18:44   <DIR>   d--------   C:\HaxFix
2009-01-07 18:32 . 2009-01-07 18:27   488,510   --a------   C:\HaxFix.exe
2009-01-07 18:31 . 2009-01-07 19:51   <DIR>   d--h-----   c:\documents and settings\Administrator\Ustawienia lokalne
2009-01-07 18:31 . 2008-07-14 11:06   <DIR>   d--------   c:\documents and settings\Administrator\Ulubione
2009-01-07 18:31 . 2008-07-14 09:21   <DIR>   d--h-----   c:\documents and settings\Administrator\Szablony
2009-01-07 18:31 . 2009-01-07 18:32   <DIR>   d--------   c:\documents and settings\Administrator\Pulpit
2009-01-07 18:31 . 2008-07-14 11:06   <DIR>   d--------   c:\documents and settings\Administrator\Moje dokumenty
2009-01-07 18:31 . 2008-07-14 11:06   <DIR>   dr-------   c:\documents and settings\Administrator\Menu Start
2009-01-07 18:31 . 2008-07-14 11:06   <DIR>   dr-h-----   c:\documents and settings\Administrator\Dane aplikacji
2009-01-07 18:31 . 2009-01-07 18:31   <DIR>   d--------   c:\documents and settings\Administrator
2009-01-07 15:53 . 2009-01-07 15:53   <DIR>   d--------   c:\program files\Seagate
2008-12-22 11:40 . 2009-01-07 19:53   <DIR>   d--------   c:\program files\cFosSpeed
2008-12-22 11:40 . 2008-07-18 15:23   732,888   -ra------   c:\windows\system32\drivers\cfosspeed.sys
2008-12-22 11:40 . 2008-07-18 15:23   290,008   --a------   c:\windows\system32\cfosspeed.dll
2008-12-19 21:16 . 2008-12-19 21:16   410,984   --a------   c:\windows\system32\deploytk.dll

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-07 18:53   ---------   d-----w   c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab
2009-01-07 18:52   647,200   --sha-w   c:\windows\system32\drivers\fidbox2.dat
2009-01-07 18:52   5,388   --sha-w   c:\windows\system32\drivers\fidbox2.idx
2009-01-07 18:52   34,284   --sha-w   c:\windows\system32\drivers\fidbox.idx
2009-01-07 18:52   3,981,856   --sha-w   c:\windows\system32\drivers\fidbox.dat
2009-01-07 18:30   ---------   d-----w   c:\documents and settings\START\Dane aplikacji\foobar2000
2009-01-07 18:12   ---------   d-----w   c:\program files\Common Files\Wise Installation Wizard
2009-01-07 18:12   ---------   d-----w   c:\program files\AGEIA Technologies
2009-01-07 17:50   ---------   d--h--w   c:\program files\InstallShield Installation Information
2009-01-07 17:46   ---------   d-----w   c:\program files\epson
2009-01-05 21:35   ---------   d-----w   c:\documents and settings\START\Dane aplikacji\mIRC
2009-01-05 21:30   ---------   d-----w   c:\documents and settings\START\Dane aplikacji\HLSW
2009-01-05 18:29   196,608   ----a-w   c:\windows\system32\drivers\nStandard.bin
2009-01-05 15:39   ---------   d-----w   c:\documents and settings\START\Dane aplikacji\GanymedeNet
2008-12-26 11:36   ---------   d-s---w   c:\program files\HLSW
2008-12-19 20:16   ---------   d-----w   c:\program files\Java
2008-12-19 16:54   ---------   d-----w   c:\program files\Ganymede
2008-12-07 16:32   ---------   d-----w   c:\documents and settings\START\Dane aplikacji\Free Download Manager
2008-12-06 20:24   ---------   d-----w   c:\documents and settings\START\Dane aplikacji\teamspeak2
2008-11-23 18:51   ---------   d-----w   c:\program files\Trend Micro
2008-11-20 19:58   ---------   d-----w   c:\program files\Auslogics
2008-11-20 19:58   ---------   d-----w   c:\documents and settings\START\Dane aplikacji\Auslogics
2008-11-15 15:24   ---------   d-----w   c:\program files\Samsung
2008-11-12 13:54   6,188,320   ----a-w   c:\windows\system32\drivers\nv4_mini.sys
2008-08-26 18:49   32,768   --sha-w   c:\windows\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\MSHist012008082620080827\index.dat
.

(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"EPSON Stylus DX8400 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE" [2007-04-12 182272]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]
"Gadu-Gadu"="e:\gadu-gadu\gg.exe" [2008-03-20 2127296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"JMB36X Configure"="c:\windows\system32\JMRaidSetup.exe" [2006-10-30 1953792]
"JMB36X IDE Setup"="c:\windows\JM\JMInsIDE.exe" [2006-10-30 36864]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-19 136600]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2008-07-29 206088]
"cFosSpeed"="c:\program files\cFosSpeed\cFosSpeed.exe" [2008-07-18 867544]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-11-12 13672448]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-11-12 86016]
"nwiz"="nwiz.exe" [2008-11-12 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 21:16 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GamerOSD]
--a------ 2007-02-14 08:42 380928 c:\program files\ASUS\GamerOSD\GamerOSD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
--a------ 2007-06-25 07:47 1057064 c:\program files\Nero\Nero 7\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X Configure]
-r------- 2006-10-30 13:44 1953792 c:\windows\system32\JMRaidSetup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X IDE Setup]
-r------- 2006-10-30 13:44 36864 c:\windows\JM\JMInsIDE.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
--a------ 2007-08-23 16:36 455968 c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]
--a------ 2007-06-25 07:47 1629480 c:\program files\Nero\Nero 7\InCD\NBHGui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\Steam\\SteamApps\\kapipl\\counter-strike\\hl.exe"=
"c:\\Program Files\\HLSW\\hlsw.exe"=
"d:\\Program Files\\Steam\\SteamApps\\common\\trackmania nations forever\\TmForever.exe"=
"d:\\Program Files\\Steam\\SteamApps\\teddy11\\counter-strike source\\hl2.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\START\\Pulpit\\azereus.exe"=
"d:\\Program Files\\Steam\\steam.exe"=
"e:\\mIRC\\mirc.exe"=
"e:\\Gadu-Gadu\\gg.exe"=

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 32784]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [2009-01-07 35840]
R3 Video3D;ASUS Video3D Service;c:\windows\system32\drivers\Video3D32.sys [2008-07-14 10752]
S3 PortTalk;PortTalk;c:\windows\system32\drivers\PortTalk.sys [2008-10-17 3567]

--- Other Services/Drivers In Memory ---

*Deregistered* - InCDrec

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4662446a-542a-11dd-bd8e-001a92daf906}]
\Shell\AutoRun\command - f:\bin\Assetup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.wp.pl/
IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Pobierz plik wideo we Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Pobierz stronę WWW w Free Download Manager - file://c:\program files\Free Download Manager\dlpage.htm
IE: Pobierz w Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: Pobierz wszystkie pliki w Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Pobierz zaznaczone w Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
FF - ProfilePath - c:\documents and settings\START\Dane aplikacji\Mozilla\Firefox\Profiles\s9gu95zh.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.onet.pl/
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npganymedenet.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-07 19:53:42
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1417001333-790525478-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{3E0F023F-F866-F456-66E5-2A7562A971B6}*NULL*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\windows\system32\rundll32.exe
c:\windows\ATKKBService.exe
c:\program files\cFosSpeed\spd.exe
c:\program files\Nero\Nero 7\InCD\InCDsrv.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Czas ukończenia: 2009-01-07 19:55:19 - komputer został uruchomiony ponownie [START]
ComboFix-quarantined-files.txt  2009-01-07 18:55:08

Przed: 36,375,224,320 bajtów wolnych
Po: 36,299,788,288 bajtów wolnych

174   --- E O F ---   2008-12-18 09:42:06


Hijack

Kod: Zaznacz wszystko

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:58:59, on 2009-01-07
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Program Files\cFosSpeed\cFosSpeed.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
E:\Gadu-Gadu\gg.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Program Files\cFosSpeed\spd.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKLM\..\Run: [cFosSpeed] C:\Program Files\cFosSpeed\cFosSpeed.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus DX8400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE /FU "C:\WINDOWS\TEMP\E_SC7.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Gadu-Gadu] "E:\Gadu-Gadu\gg.exe" /tray
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Pobierz plik wideo we Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Pobierz stronę WWW w Free Download Manager - file://C:\Program Files\Free Download Manager\dlpage.htm
O8 - Extra context menu item: Pobierz w Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Pobierz wszystkie pliki w Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Pobierz zaznaczone w Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O9 - Extra button: Statystyki ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: cFosSpeed System Service (cFosSpeedS) - cFos Software GmbH - C:\Program Files\cFosSpeed\spd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 7246 bytes


oraz log z haxfix`a

Kod: Zaznacz wszystko

HAXFIX logfile - by Marckie

version 5.052
2009-01-07  18:44:23,10

--- Auto Haxdoorfix ---


Haxdoorfix Part 1

no infections found


Haxdoorfix Part 2

searching for notifykeys
no notifykeys found

searching for services
no services found

searching for safeboot services
no safeboot services found


--- Goldun- and SpyBankerfix ---


searching for other goldun- spybanker- and haxdoorfiles:
no other Haxdoor or Goldun files found

checking iexplore.exe
iexplore.exe is not infected

searching for SSODLkeys
no SSODLkeys found

searching for browser helper objects
no known browser helper objects found

searching for appinit files

checking for Active Setup Installed Components
no known Active Setup Installed Components found

searching for notifykeys
no notify keys found

searching for services
no services found


Finished


Proszę o pomoc

[Okocza]

Wykonaj to co jest podane w tym temacie

1. tym programem przejdź komputer)
2. wykonaj optymalizację windowsa
3.sciagnij ATF_Cleaner
zaznacz
Windows Temp
All users Temp
Temporary internet files
Recycle Bin
i wcisnij EMPTY SELECTED
4.Wyłącz przywracanie systemu ( właściwości mój komputer-zakładka przywracanie - wyłącz przywracanie na wszystkich dyskach). Po chwili włącz je powrotem
5. Przeskanuj komputer pod względem Trojanów tym programem
6. Wstaw na forum screen z zakładki uruchamianie (start – uruchom – msconfig – uruchamianie) może uda się cos wyrzucic stamtąd.

[Pyrdekk]

Zrobiłem to wszystko. Log z fix`a

Kod: Zaznacz wszystko

********************************************************************************
*                                                                              *
*                                 FixIEDef Log                                 *
*                              Version 1.7.20.7238                             *
*                                                                              *
********************************************************************************

Created at 20:57:16 on Wednesday, January 07, 2009

Time Zone            :

Logged On User       : START

Operating System     : Microsoft Windows XP Home Edition Dodatek Service Pack 3
OS Version           : 5.1.2600
System Langauge      : Polish
Keyboard Layout      : Polish
Processor            : X86 Intel(R) Core(TM)2 CPU          6420  @ 2.13GHz

System Drive         : C:\
Windows Directory    : C:\WINDOWS
System Directory     : C:\WINDOWS\system32

System Drive Type    : Fixed
System Drive Status  : READY
System Drive Label   :
System Drive Size    : 50 GB
System Drive Free    : 36.94 GB

Total Physical Memory: 2047 MB
Free Physical Memory : 1533 MB
Total Page File      : 2047 MB
Free Page File       : 3604 MB
Total Virtual Memory : 2048 MB
Free Virtual Memory  : 1960 MB

Boot State           : Normal boot

--------------------------------------------------------------------------------

!!! userinit.exe is Clean !!!

--------------------------------------------------------------------------------

!!! Files that have been deleted !!!


--------------------------------------------------------------------------------

!!! Directories that have been removed !!!

No malicious directories to be removed

--------------------------------------------------------------------------------

!!! Registry entries that have been removed !!!

No malicious Registry entries found

================================================================================

All Done :)

ShadowPuterDude

Safe Surfing!!!

Reszta co jest na dole, jest powyłączana.

[wojtas]

Przeskanuj obszar mojego komputera http://www.kaspersky.pl/virusscanner.html (uruchom przez IE) Daj raport z niego na forum

[Pyrdekk]

Mam Kasperskiego 2009, więc nim przeprowadziłem skan. Oto efekt

[wojtas]

nic nie widac...