[wirus]

Witam!

To mój pierwszy post i ogólnie temat więc jeżeli napisze coś nie tak to prosze mnie poprawić.

Więc tak.Chciałem ściągnąć sobie program "Fraps".Na "zewnątrz" ten plik wyglądał jak normalna instalka Frapsa ale to był wirus i od tego momentu za każdym razem jak wchodze w jakiś folder to wyświetla mi się komunikat:

Attention,(user)!
Some dangerous viruses detected in your system.Microsoft Windows XP files corrupted.
This may lead to the destruction of important files in C:\WINDOWS.Download protection software now!

Click OK to download the antispyware.(Recommendet)

I są dwie możliwości TKA lub NIE jak dam tak to coś sie chyba instaluje a jak nie to otwiera mi się łącze:
http://sc.videofreeforonline.com/id/4912933/4/1/

Czytałem na różnym forum o tym ale żeby coś z tego wyszło trzeba dać loga czy jakoś tak więc daje tu poniżej loga z ComboFix i mam nadzieje że ktoś mi w tym pomoże


ComboFix 08-11-23.02 - lelle94 2008-11-24 19:22:32.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1250.1.1045.18.103 [GMT 1:00]
Uruchomiony z: c:\documents and settings\lelle94\Pulpit\ComboFix.exe
* Utworzono nowy punkt przywracania
.

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\lelle94\Ulubione\Cheap Pharmacy Online.url
c:\documents and settings\lelle94\Ulubione\Search Online.url
c:\documents and settings\lelle94\Ulubione\SMS TRAP.url
c:\documents and settings\lelle94\Ulubione\VIP Casino.url
c:\windows\IE4 Error Log.txt
c:\windows\k.txt
c:\windows\system32\c.ico
c:\windows\system32\l_except.nls
c:\windows\system32\m.ico
c:\windows\system32\p.ico
c:\windows\system32\s.ico

.
((((((((((((((((((((((((( Pliki utworzone od 2008-10-24 do 2008-11-24 )))))))))))))))))))))))))))))))
.

2008-11-24 17:58 . 2008-11-24 17:58 <DIR> d-------- c:\program files\Fraps
2008-11-24 17:50 . 2008-11-24 17:50 34,494 --a------ c:\windows\system32\m2.ico
2008-11-24 17:49 . 2008-11-24 17:49 98,304 --a------ c:\windows\system32\dazsax.dll
2008-11-23 01:10 . 2008-11-23 01:10 <DIR> d-------- c:\program files\Sony Ericsson
2008-11-22 23:46 . 2008-11-22 23:47 <DIR> d-------- c:\program files\SopCast
2008-11-22 12:06 . 2008-11-09 13:02 <DIR> d--h----- c:\documents and settings\tata\Ustawienia lokalne
2008-11-22 12:06 . 2008-11-09 13:02 <DIR> d-------- c:\documents and settings\tata\Ulubione
2008-11-22 12:06 . 2008-11-09 12:09 <DIR> d--h----- c:\documents and settings\tata\Szablony
2008-11-22 12:06 . 2008-11-09 13:02 <DIR> d-------- c:\documents and settings\tata\Pulpit
2008-11-22 12:06 . 2008-11-09 13:02 <DIR> d-------- c:\documents and settings\tata\Moje dokumenty
2008-11-22 12:06 . 2008-11-09 13:02 <DIR> dr------- c:\documents and settings\tata\Menu Start
2008-11-22 12:06 . 2008-11-09 13:02 <DIR> dr-h----- c:\documents and settings\tata\Dane aplikacji
2008-11-22 12:06 . 2008-11-22 12:06 <DIR> d-------- c:\documents and settings\tata
2008-11-21 22:11 . 2008-11-21 22:11 <DIR> d-------- c:\documents and settings\lelle94\Dane aplikacji\Apple Computer
2008-11-21 20:13 . 2008-04-13 19:45 26,368 --a--c--- c:\windows\system32\dllcache\usbstor.sys
2008-11-19 21:12 . 2008-11-19 21:12 <DIR> d-------- c:\program files\Common Files\Apple
2008-11-19 21:11 . 2008-11-19 21:12 <DIR> d-------- c:\program files\QuickTime
2008-11-19 21:11 . 2008-11-19 21:11 <DIR> d-------- c:\program files\Apple Software Update
2008-11-19 21:11 . 2008-11-19 21:11 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Apple Computer
2008-11-19 21:11 . 2008-11-19 21:11 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Apple
2008-11-18 21:35 . 2001-03-06 17:05 4,358,144 -ra------ c:\windows\uncsetup.exe
2008-11-18 21:35 . 2008-11-18 21:35 53,248 --a------ c:\windows\system32\unrar.dll
2008-11-18 13:34 . 2008-11-18 13:35 <DIR> d-------- c:\program files\Zajaczek 4.1
2008-11-17 22:45 . 2008-11-17 22:45 <DIR> d-------- c:\program files\Binboy
2008-11-17 21:26 . 2008-11-17 21:26 <DIR> d-------- c:\program files\NOS
2008-11-17 21:26 . 2008-11-17 21:26 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\NOS
2008-11-17 19:39 . 2008-11-17 19:39 <DIR> d-------- c:\windows\system32\Adobe
2008-11-17 17:17 . 2008-11-24 18:12 <DIR> d-------- c:\documents and settings\lelle94\Dane aplikacji\BitTorrent
2008-11-17 09:05 . 2008-11-17 09:05 <DIR> d-------- c:\windows\system32\Lang
2008-11-17 09:05 . 2008-11-17 09:05 940,794 --a------ c:\windows\system32\LoopyMusic.wav
2008-11-17 09:05 . 2008-11-17 09:05 146,650 --a------ c:\windows\system32\BuzzingBee.wav
2008-11-17 00:14 . 2007-12-26 17:30 1,970,176 --a------ c:\windows\system32\d3dx9.dll
2008-11-17 00:14 . 2007-12-26 17:30 679,936 --a------ c:\windows\system32\D3DX81ab.dll
2008-11-17 00:13 . 2008-11-17 00:13 <DIR> d-------- c:\program files\BitTorrent
2008-11-16 20:44 . 2008-11-16 20:52 <DIR> d--h----- c:\windows\$hf_mig$
2008-11-16 16:15 . 2008-11-16 16:15 30 --a------ c:\windows\TextSpy.ini
2008-11-16 10:17 . 2008-11-24 19:23 <DIR> d--h----- c:\documents and settings\mama\Ustawienia lokalne
2008-11-16 10:17 . 2008-11-16 10:17 <DIR> dr------- c:\documents and settings\mama\Ulubione
2008-11-16 10:17 . 2008-11-09 12:09 <DIR> d--h----- c:\documents and settings\mama\Szablony
2008-11-16 10:17 . 2008-11-09 13:02 <DIR> d-------- c:\documents and settings\mama\Pulpit
2008-11-16 10:17 . 2008-11-16 10:17 <DIR> dr------- c:\documents and settings\mama\Moje dokumenty
2008-11-16 10:17 . 2008-11-09 13:02 <DIR> dr------- c:\documents and settings\mama\Menu Start
2008-11-16 10:17 . 2008-11-16 10:17 <DIR> dr-h----- c:\documents and settings\mama\Dane aplikacji
2008-11-16 10:17 . 2008-11-16 10:17 <DIR> d-------- c:\documents and settings\mama
2008-11-13 21:15 . 2008-11-23 21:06 69 --a------ c:\windows\NeroDigital.ini
2008-11-13 20:23 . 2008-11-13 20:23 <DIR> d-------- c:\documents and settings\lelle94\Dane aplikacji\StarMaker
2008-11-13 18:19 . 2008-11-14 17:29 <DIR> d-------- c:\windows\ServicePackFiles
2008-11-13 18:17 . 2008-05-03 05:46 219,156 --a------ c:\windows\system32\nvdspcsy.chm
2008-11-13 18:15 . 2008-11-13 18:16 <DIR> d-------- C:\NVIDIA
2008-11-12 20:39 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-12 20:37 . 2008-09-04 18:17 1,106,944 --a--c--- c:\windows\system32\dllcache\msxml3.dll
2008-11-11 21:39 . 2008-11-11 21:39 4,096 --a------ c:\windows\d3dx.dat
2008-11-11 21:30 . 2008-11-11 21:30 <DIR> d-------- c:\documents and settings\lelle94\Dane aplikacji\AdobeUM
2008-11-11 21:08 . 2008-11-11 21:08 <DIR> d-------- c:\program files\Free Offers from Freeze.com
2008-11-11 20:44 . 2004-07-26 17:16 1,568,768 --------- c:\windows\system32\ImagX7.dll
2008-11-11 20:44 . 2004-07-26 17:16 476,320 --------- c:\windows\system32\ImagXpr7.dll
2008-11-11 20:44 . 2004-07-26 17:16 471,040 --------- c:\windows\system32\ImagXRA7.dll
2008-11-11 20:44 . 2004-07-26 17:16 262,144 --------- c:\windows\system32\ImagXR7.dll
2008-11-11 20:44 . 2001-07-09 11:50 155,648 --a------ c:\windows\system32\NeroCheck.exe
2008-11-11 20:44 . 2000-06-26 11:45 106,496 --a------ c:\windows\system32\TwnLib20.dll
2008-11-11 20:43 . 2008-11-11 20:43 <DIR> d-------- c:\program files\Common Files\Ahead
2008-11-11 20:43 . 2008-11-11 20:44 <DIR> d-------- c:\program files\Ahead
2008-11-11 20:42 . 1998-06-24 00:00 115,016 --------- c:\windows\system32\MSINET.OCX
2008-11-11 20:42 . 1998-07-22 00:00 102,912 --------- c:\windows\system32\Vb6stkit.dll
2008-11-11 20:42 . 1998-07-22 00:00 102,160 --------- c:\windows\system32\VB6KO.DLL
2008-11-11 20:42 . 2008-11-11 20:47 0 --a------ c:\windows\lgfwup.ini
2008-11-11 19:17 . 2008-11-24 17:59 <DIR> d-a------ c:\documents and settings\All Users\Dane aplikacji\TEMP
2008-11-11 16:12 . 2008-11-11 16:12 <DIR> d-------- c:\program files\Common Files\DirectX
2008-11-11 14:53 . 2008-11-11 14:53 135,168 --a------ c:\windows\system32\UAService7.exe
2008-11-11 14:09 . 2008-11-16 23:18 <DIR> d-------- c:\program files\Common Files\Adobe
2008-11-11 14:07 . 2008-11-11 21:28 <DIR> d-------- c:\windows\Cache
2008-11-11 14:04 . 2001-05-11 13:18 420,240 --a------ c:\windows\system32\mpg4c32.dll
2008-11-11 14:04 . 2001-05-16 17:54 309,616 --a------ c:\windows\system32\wmv8dmod.dll
2008-11-11 14:04 . 2001-03-26 04:41 245,760 --a------ c:\windows\system32\mp4sds32.ax
2008-11-11 13:36 . 1998-10-07 13:54 327,168 --a------ c:\windows\IsUn0415.exe
2008-11-11 13:28 . 2008-11-11 13:28 <DIR> d-------- c:\documents and settings\lelle94\Dane aplikacji\InstallShield
2008-11-11 12:11 . 1998-05-07 10:57 143,872 --a------ c:\windows\system32\iacenc.dll
2008-11-11 11:45 . 2005-09-09 09:47 2,359,350 --a------ c:\windows\fifa04_1.BMP
2008-11-11 11:45 . 2002-09-22 12:51 104,448 --a------ c:\windows\setwall.exe
2008-11-10 22:59 . 2002-11-02 09:53 57,344 --a------ c:\windows\system32\WNASPINT.DLL
2008-11-10 19:20 . 2008-11-10 19:20 <DIR> d--hs---- c:\windows\ftpcache
2008-11-10 19:16 . 2008-11-10 19:16 <DIR> d-------- c:\program files\Alcohol Soft
2008-11-10 19:16 . 2004-04-30 09:37 160,640 --a------ c:\windows\system32\drivers\a347bus.sys
2008-11-10 19:16 . 2004-04-30 09:33 5,248 --a------ c:\windows\system32\drivers\a347scsi.sys
2008-11-10 10:34 . 2008-11-20 16:52 664 --a------ c:\windows\system32\d3d9caps.dat
2008-11-10 10:12 . 2008-11-10 10:12 <DIR> d-------- c:\program files\Creative
2008-11-10 10:12 . 1998-10-29 16:45 306,688 --a------ c:\windows\IsUninst.exe
2008-11-10 10:12 . 2002-06-06 14:38 139,264 --a------ c:\windows\system32\eax.dll
2008-11-10 09:37 . 2002-10-22 16:51 319,488 -ra------ c:\windows\system32\MafiaSetup.exe
2008-11-09 21:42 . 2008-11-09 21:42 <DIR> dr-h----- c:\documents and settings\lelle94\Dane aplikacji\SecuROM
2008-11-09 21:42 . 2008-11-09 21:42 107,888 --a------ c:\windows\system32\CmdLineExt.dll
2008-11-09 21:23 . 2008-11-09 21:23 <DIR> d-------- c:\program files\EA SPORTS
2008-11-09 21:06 . 2002-12-12 00:14 46,592 --a------ c:\windows\system32\dxdllreg.exe
2008-11-09 17:26 . 2008-11-09 17:26 <DIR> d-------- c:\windows\nvidia icons
2008-11-09 17:26 . 2008-11-24 19:27 181,912 --a------ c:\windows\system32\nvapps.xml
2008-11-09 17:25 . 2008-11-13 18:31 <DIR> d-------- c:\windows\nview
2008-11-09 17:25 . 2008-11-09 17:25 <DIR> d-------- c:\windows\NVIDIA
2008-11-09 17:25 . 2008-04-30 17:27 442,368 --a------ c:\windows\system32\NVUNINST.EXE
2008-11-09 17:25 . 2008-05-03 05:46 442,368 --a------ c:\windows\system32\nvudisp.exe
2008-11-09 17:25 . 2008-05-03 05:46 18,070 --a------ c:\windows\system32\nvdisp.nvu
2008-11-09 17:08 . 2008-11-14 17:29 <DIR> d-------- c:\windows\system32\pl
2008-11-09 17:08 . 2008-11-14 17:29 <DIR> d-------- c:\windows\system32\bits
2008-11-09 17:08 . 2008-11-14 17:29 <DIR> d-------- c:\windows\l2schemas
2008-11-09 16:59 . 2008-04-13 19:53 264,832 --a------ c:\windows\system32\drivers\http.sys
2008-11-09 16:59 . 2008-04-13 19:36 79,232 --a------ c:\windows\system32\drivers\sdbus.sys
2008-11-09 16:59 . 2008-04-13 19:36 46,464 --a------ c:\windows\system32\drivers\gagp30kx.sys
2008-11-09 16:59 . 2008-04-14 16:58 41,856 --a------ c:\windows\system32\drivers\amdk7.sys
2008-11-09 16:59 . 2008-04-14 17:16 40,448 --a------ c:\windows\system32\drivers\intelppm.sys
2008-11-09 16:59 . 2008-04-13 19:53 36,608 --a------ c:\windows\system32\drivers\ip6fw.sys
2008-11-09 16:59 . 2008-04-13 19:45 30,208 --a------ c:\windows\system32\drivers\usbehci.sys
2008-11-09 16:59 . 2008-04-13 19:36 15,488 --a------ c:\windows\system32\drivers\mssmbios.sys
2008-11-09 16:59 . 2008-04-13 19:56 12,288 --a------ c:\windows\system32\drivers\tunmp.sys
2008-11-09 16:59 . 2008-04-13 19:40 11,904 --a------ c:\windows\system32\drivers\sffdisk.sys
2008-11-09 16:59 . 2008-04-13 19:40 11,008 --a------ c:\windows\system32\drivers\sffp_sd.sys
2008-11-09 16:58 . 2008-04-14 18:20 409,088 --a------ c:\windows\system32\qmgr.dll
2008-11-09 16:58 . 2008-06-14 18:36 273,024 --------- c:\windows\system32\drivers\bthport.sys
2008-11-09 16:58 . 2008-04-13 19:32 129,792 --a------ c:\windows\system32\drivers\fltmgr.sys
2008-11-09 16:14 . 2008-11-09 16:25 <DIR> d-------- c:\program files\Paint.NET
2008-11-09 16:08 . 2008-11-09 16:10 <DIR> d-------- c:\windows\system32\XPSViewer
2008-11-09 16:08 . 2008-11-09 16:08 <DIR> d-------- c:\program files\Reference Assemblies
2008-11-09 16:08 . 2008-11-09 16:08 <DIR> d-------- c:\program files\MSBuild
2008-11-09 16:07 . 2006-06-29 13:07 14,048 --------- c:\windows\system32\spmsg2.dll
2008-11-09 16:04 . 2008-11-09 16:04 <DIR> d-------- c:\program files\MSXML 6.0
2008-11-09 15:28 . 2008-04-14 18:20 69,120 --------- c:\windows\system32\wlanapi.dll
2008-11-09 15:28 . 2008-04-14 18:20 53,248 --------- c:\windows\system32\tsgqec.dll

.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-24 18:27 --------- d-----w c:\program files\DNA
2008-11-24 18:27 --------- d-----w c:\documents and settings\lelle94\Dane aplikacji\DNA
2008-11-24 17:15 --------- d-----w c:\program files\Avast 4.8 Home Edition
2008-11-21 18:16 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-21 18:08 --------- d-----w c:\program files\Common Files\InstallShield
2008-11-13 19:23 --------- d-----w c:\program files\Ipla
2008-11-09 11:45 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Microsoft Help
2008-11-09 11:44 --------- d-----w c:\program files\Microsoft Works
2008-11-09 11:37 --------- d-----w c:\program files\Realtek AC97
2008-11-09 11:35 --------- d-----w c:\documents and settings\lelle94\Dane aplikacji\ipla
2008-11-09 11:35 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\ipla
2008-11-09 11:13 --------- d-----w c:\program files\microsoft frontpage
2008-11-09 11:11 --------- d-----w c:\program files\Usługi online
2008-11-09 10:48 98,304 ----a-w c:\windows\system32\rtm.dll
2008-11-09 10:47 99,840 ----a-w c:\windows\pchealth\helpctr\binaries\HelpHost.exe
2008-11-09 10:46 67,584 ----a-w c:\windows\system32\acctres.dll
2008-11-09 10:46 26,112 ----a-w c:\windows\system32\aaaamon.dll
2008-11-09 10:46 131,584 ----a-w c:\windows\system32\acledit.dll
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-02 23:46 81,920 ----a-w c:\windows\system32\frapsvid.dll
2008-09-15 15:27 1,846,656 ----a-w c:\windows\system32\win32k.sys
2008-09-10 01:15 1,307,648 ----a-w c:\windows\system32\msxml6.dll
2008-09-04 17:17 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-08-26 08:27 826,368 ----a-w c:\windows\system32\wininet.dll
.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0848225A-8181-42FC-8C68-F0A543B12967}]
2008-11-24 17:49 98304 --a------ c:\windows\system32\dazsax.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-11-12 342336]
"IPLA!"="c:\program files\Ipla\ipla.exe" [2008-10-17 2515192]
"ares"="c:\program files\Ares\Ares.exe" [2008-08-21 888832]
"Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2008-03-20 2127296]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-12-01 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-11-09 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-11-09 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-11-09 455168]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13529088]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-03 86016]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"SoundMan"="SOUNDMAN.EXE" [2006-11-17 c:\windows\soundman.exe]
"nwiz"="nwiz.exe" [2008-05-03 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.iv31"= c:\windows\system32\ir32_32.dll
"vidc.iv32"= c:\windows\system32\ir32_32.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Gadu-Gadu\\gg.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=

R0 pe3ajfae;Anno 1503 Zlota Edycja Environment Driver (pe3ajfae);c:\windows\system32\drivers\pe3ajfae.sys [2007-02-13 65432]
R0 ps6ajfae;Anno 1503 Zlota Edycja Synchronization Driver (ps6ajfae);c:\windows\system32\drivers\ps6ajfae.sys [2007-02-13 52128]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-11-09 110160]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-11-09 20560]
S2 pr2ajfae;Anno 1503 Zlota Edycja Drivers Auto Removal (pr2ajfae);c:\windows\system32\pr2ajfae.exe svc []
S3 getPlus® Helper;getPlus® Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2008-11-17 33752]
.
Zawartość folderu 'Zaplanowane zadania'

2008-11-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2008-11-23 c:\windows\Tasks\Defragmentacja.job
- c:\windows\system32\dfrg.msc [2008-11-09 11:47]
.
- - - - USUNIĘTO PUSTE WPISY - - - -

HKCU-Run-Komunikator - c:\program files\Tlen\tlen.exe


.
------- Skan uzupełniający -------
.
FireFox -: Profile - c:\documents and settings\lelle94\Dane aplikacji\Mozilla\Firefox\Profiles\v4znrber.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.pl/
FF -: plugin - c:\documents and settings\lelle94\Dane aplikacji\Mozilla\Firefox\Profiles\v4znrber.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}\plugins\np_gp.dll
FF -: plugin - c:\program files\Adobe\Acrobat 6.0 CE\Reader\browser\nppdf32.dll
FF -: plugin - c:\program files\DNA\plugins\npbtdna.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\np_gp.dll
FF -: plugin - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-24 19:26:36
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

- - - - - - - > 'winlogon.exe'(572)
c:\windows\system32\WgaLogon.dll
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\program files\Avast 4.8 Home Edition\aswUpdSv.exe
c:\program files\Avast 4.8 Home Edition\ashServ.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\UAService7.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Avast 4.8 Home Edition\ashMaiSv.exe
c:\program files\Avast 4.8 Home Edition\ashWebSv.exe
c:\windows\system32\rundll32.exe
.
**************************************************************************
.
Czas ukończenia: 2008-11-24 19:29:01 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt 2008-11-24 18:28:57

Przed: 9 733 935 104 bajtów wolnych
Po: 9,662,754,816 bajtów wolnych

WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

286 --- E O F --- 2008-11-16 19:52:52

Wklej do Notatnika:

File::
c:\windows\system32\m2.ico
c:\windows\system32\dazsax.dll

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0848225A-8181-42FC-8C68-F0A543B12967}]

>>Plik>>Zapisz jako... >>> CFScript
Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe
-->

Ma się rozpocząć usuwanie. (i powstanie log).
Daj ten log, który powstanie w trakcie usuwania.
Po najbliższym restarcie usuń ręcznie folder C:\Qoobox.

ordynat

To jest ten log:



ComboFix 08-11-23.02 - lelle94 2008-11-24 21:10:00.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1250.1.1045.18.96 [GMT 1:00]
Uruchomiony z: c:\documents and settings\lelle94\Pulpit\ComboFix.exe
Użyto następujących komend :: c:\documents and settings\lelle94\Pulpit\CFScript.txt
* Utworzono nowy punkt przywracania

FILE ::
c:\windows\system32\dazsax.dll
c:\windows\system32\m2.ico
.

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\k.txt
c:\windows\system32\dazsax.dll
c:\windows\system32\m2.ico

.
((((((((((((((((((((((((( Pliki utworzone od 2008-10-24 do 2008-11-24 )))))))))))))))))))))))))))))))
.

2008-11-24 17:58 . 2008-11-24 17:58 <DIR> d-------- c:\program files\Fraps
2008-11-23 01:10 . 2008-11-23 01:10 <DIR> d-------- c:\program files\Sony Ericsson
2008-11-22 23:46 . 2008-11-22 23:47 <DIR> d-------- c:\program files\SopCast
2008-11-22 12:06 . 2008-11-09 13:02 <DIR> d--h----- c:\documents and settings\tata\Ustawienia lokalne
2008-11-22 12:06 . 2008-11-09 13:02 <DIR> d-------- c:\documents and settings\tata\Ulubione
2008-11-22 12:06 . 2008-11-09 12:09 <DIR> d--h----- c:\documents and settings\tata\Szablony
2008-11-22 12:06 . 2008-11-09 13:02 <DIR> d-------- c:\documents and settings\tata\Pulpit
2008-11-22 12:06 . 2008-11-09 13:02 <DIR> d-------- c:\documents and settings\tata\Moje dokumenty
2008-11-22 12:06 . 2008-11-09 13:02 <DIR> dr------- c:\documents and settings\tata\Menu Start
2008-11-22 12:06 . 2008-11-09 13:02 <DIR> dr-h----- c:\documents and settings\tata\Dane aplikacji
2008-11-22 12:06 . 2008-11-22 12:06 <DIR> d-------- c:\documents and settings\tata
2008-11-21 22:11 . 2008-11-21 22:11 <DIR> d-------- c:\documents and settings\lelle94\Dane aplikacji\Apple Computer
2008-11-21 20:13 . 2008-04-13 19:45 26,368 --a--c--- c:\windows\system32\dllcache\usbstor.sys
2008-11-19 21:12 . 2008-11-19 21:12 <DIR> d-------- c:\program files\Common Files\Apple
2008-11-19 21:11 . 2008-11-19 21:12 <DIR> d-------- c:\program files\QuickTime
2008-11-19 21:11 . 2008-11-19 21:11 <DIR> d-------- c:\program files\Apple Software Update
2008-11-19 21:11 . 2008-11-19 21:11 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Apple Computer
2008-11-19 21:11 . 2008-11-19 21:11 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Apple
2008-11-18 21:35 . 2001-03-06 17:05 4,358,144 -ra------ c:\windows\uncsetup.exe
2008-11-18 21:35 . 2008-11-18 21:35 53,248 --a------ c:\windows\system32\unrar.dll
2008-11-18 13:34 . 2008-11-18 13:35 <DIR> d-------- c:\program files\Zajaczek 4.1
2008-11-17 22:45 . 2008-11-17 22:45 <DIR> d-------- c:\program files\Binboy
2008-11-17 21:26 . 2008-11-17 21:26 <DIR> d-------- c:\program files\NOS
2008-11-17 21:26 . 2008-11-17 21:26 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\NOS
2008-11-17 19:39 . 2008-11-17 19:39 <DIR> d-------- c:\windows\system32\Adobe
2008-11-17 17:17 . 2008-11-24 18:12 <DIR> d-------- c:\documents and settings\lelle94\Dane aplikacji\BitTorrent
2008-11-17 09:05 . 2008-11-17 09:05 <DIR> d-------- c:\windows\system32\Lang
2008-11-17 09:05 . 2008-11-17 09:05 940,794 --a------ c:\windows\system32\LoopyMusic.wav
2008-11-17 09:05 . 2008-11-17 09:05 146,650 --a------ c:\windows\system32\BuzzingBee.wav
2008-11-17 00:14 . 2007-12-26 17:30 1,970,176 --a------ c:\windows\system32\d3dx9.dll
2008-11-17 00:14 . 2007-12-26 17:30 679,936 --a------ c:\windows\system32\D3DX81ab.dll
2008-11-17 00:13 . 2008-11-17 00:13 <DIR> d-------- c:\program files\BitTorrent
2008-11-16 20:44 . 2008-11-16 20:52 <DIR> d--h----- c:\windows\$hf_mig$
2008-11-16 16:15 . 2008-11-16 16:15 30 --a------ c:\windows\TextSpy.ini
2008-11-16 10:17 . 2008-11-24 21:11 <DIR> d--h----- c:\documents and settings\mama\Ustawienia lokalne
2008-11-16 10:17 . 2008-11-16 10:17 <DIR> dr------- c:\documents and settings\mama\Ulubione
2008-11-16 10:17 . 2008-11-09 12:09 <DIR> d--h----- c:\documents and settings\mama\Szablony
2008-11-16 10:17 . 2008-11-09 13:02 <DIR> d-------- c:\documents and settings\mama\Pulpit
2008-11-16 10:17 . 2008-11-16 10:17 <DIR> dr------- c:\documents and settings\mama\Moje dokumenty
2008-11-16 10:17 . 2008-11-09 13:02 <DIR> dr------- c:\documents and settings\mama\Menu Start
2008-11-16 10:17 . 2008-11-16 10:17 <DIR> dr-h----- c:\documents and settings\mama\Dane aplikacji
2008-11-16 10:17 . 2008-11-16 10:17 <DIR> d-------- c:\documents and settings\mama
2008-11-13 21:15 . 2008-11-23 21:06 69 --a------ c:\windows\NeroDigital.ini
2008-11-13 20:23 . 2008-11-13 20:23 <DIR> d-------- c:\documents and settings\lelle94\Dane aplikacji\StarMaker
2008-11-13 18:19 . 2008-11-14 17:29 <DIR> d-------- c:\windows\ServicePackFiles
2008-11-13 18:17 . 2008-05-03 05:46 219,156 --a------ c:\windows\system32\nvdspcsy.chm
2008-11-13 18:15 . 2008-11-13 18:16 <DIR> d-------- C:\NVIDIA
2008-11-12 20:39 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-12 20:37 . 2008-09-04 18:17 1,106,944 --a--c--- c:\windows\system32\dllcache\msxml3.dll
2008-11-11 21:39 . 2008-11-11 21:39 4,096 --a------ c:\windows\d3dx.dat
2008-11-11 21:30 . 2008-11-11 21:30 <DIR> d-------- c:\documents and settings\lelle94\Dane aplikacji\AdobeUM
2008-11-11 21:08 . 2008-11-11 21:08 <DIR> d-------- c:\program files\Free Offers from Freeze.com
2008-11-11 20:44 . 2004-07-26 17:16 1,568,768 --------- c:\windows\system32\ImagX7.dll
2008-11-11 20:44 . 2004-07-26 17:16 476,320 --------- c:\windows\system32\ImagXpr7.dll
2008-11-11 20:44 . 2004-07-26 17:16 471,040 --------- c:\windows\system32\ImagXRA7.dll
2008-11-11 20:44 . 2004-07-26 17:16 262,144 --------- c:\windows\system32\ImagXR7.dll
2008-11-11 20:44 . 2001-07-09 11:50 155,648 --a------ c:\windows\system32\NeroCheck.exe
2008-11-11 20:44 . 2000-06-26 11:45 106,496 --a------ c:\windows\system32\TwnLib20.dll
2008-11-11 20:43 . 2008-11-11 20:43 <DIR> d-------- c:\program files\Common Files\Ahead
2008-11-11 20:43 . 2008-11-11 20:44 <DIR> d-------- c:\program files\Ahead
2008-11-11 20:42 . 1998-06-24 00:00 115,016 --------- c:\windows\system32\MSINET.OCX
2008-11-11 20:42 . 1998-07-22 00:00 102,912 --------- c:\windows\system32\Vb6stkit.dll
2008-11-11 20:42 . 1998-07-22 00:00 102,160 --------- c:\windows\system32\VB6KO.DLL
2008-11-11 20:42 . 2008-11-11 20:47 0 --a------ c:\windows\lgfwup.ini
2008-11-11 19:17 . 2008-11-24 17:59 <DIR> d-a------ c:\documents and settings\All Users\Dane aplikacji\TEMP
2008-11-11 16:12 . 2008-11-11 16:12 <DIR> d-------- c:\program files\Common Files\DirectX
2008-11-11 14:53 . 2008-11-11 14:53 135,168 --a------ c:\windows\system32\UAService7.exe
2008-11-11 14:09 . 2008-11-16 23:18 <DIR> d-------- c:\program files\Common Files\Adobe
2008-11-11 14:07 . 2008-11-11 21:28 <DIR> d-------- c:\windows\Cache
2008-11-11 14:04 . 2001-05-11 13:18 420,240 --a------ c:\windows\system32\mpg4c32.dll
2008-11-11 14:04 . 2001-05-16 17:54 309,616 --a------ c:\windows\system32\wmv8dmod.dll
2008-11-11 14:04 . 2001-03-26 04:41 245,760 --a------ c:\windows\system32\mp4sds32.ax
2008-11-11 13:36 . 1998-10-07 13:54 327,168 --a------ c:\windows\IsUn0415.exe
2008-11-11 13:28 . 2008-11-11 13:28 <DIR> d-------- c:\documents and settings\lelle94\Dane aplikacji\InstallShield
2008-11-11 12:11 . 1998-05-07 10:57 143,872 --a------ c:\windows\system32\iacenc.dll
2008-11-11 11:45 . 2005-09-09 09:47 2,359,350 --a------ c:\windows\fifa04_1.BMP
2008-11-11 11:45 . 2002-09-22 12:51 104,448 --a------ c:\windows\setwall.exe
2008-11-10 22:59 . 2002-11-02 09:53 57,344 --a------ c:\windows\system32\WNASPINT.DLL
2008-11-10 19:20 . 2008-11-10 19:20 <DIR> d--hs---- c:\windows\ftpcache
2008-11-10 19:16 . 2008-11-10 19:16 <DIR> d-------- c:\program files\Alcohol Soft
2008-11-10 19:16 . 2004-04-30 09:37 160,640 --a------ c:\windows\system32\drivers\a347bus.sys
2008-11-10 19:16 . 2004-04-30 09:33 5,248 --a------ c:\windows\system32\drivers\a347scsi.sys
2008-11-10 10:34 . 2008-11-20 16:52 664 --a------ c:\windows\system32\d3d9caps.dat
2008-11-10 10:12 . 2008-11-10 10:12 <DIR> d-------- c:\program files\Creative
2008-11-10 10:12 . 1998-10-29 16:45 306,688 --a------ c:\windows\IsUninst.exe
2008-11-10 10:12 . 2002-06-06 14:38 139,264 --a------ c:\windows\system32\eax.dll
2008-11-10 09:37 . 2002-10-22 16:51 319,488 -ra------ c:\windows\system32\MafiaSetup.exe
2008-11-09 21:42 . 2008-11-09 21:42 <DIR> dr-h----- c:\documents and settings\lelle94\Dane aplikacji\SecuROM
2008-11-09 21:42 . 2008-11-09 21:42 107,888 --a------ c:\windows\system32\CmdLineExt.dll
2008-11-09 21:23 . 2008-11-09 21:23 <DIR> d-------- c:\program files\EA SPORTS
2008-11-09 21:06 . 2002-12-12 00:14 46,592 --a------ c:\windows\system32\dxdllreg.exe
2008-11-09 17:26 . 2008-11-09 17:26 <DIR> d-------- c:\windows\nvidia icons
2008-11-09 17:26 . 2008-11-24 19:27 181,912 --a------ c:\windows\system32\nvapps.xml
2008-11-09 17:25 . 2008-11-13 18:31 <DIR> d-------- c:\windows\nview
2008-11-09 17:25 . 2008-11-09 17:25 <DIR> d-------- c:\windows\NVIDIA
2008-11-09 17:25 . 2008-04-30 17:27 442,368 --a------ c:\windows\system32\NVUNINST.EXE
2008-11-09 17:25 . 2008-05-03 05:46 442,368 --a------ c:\windows\system32\nvudisp.exe
2008-11-09 17:25 . 2008-05-03 05:46 18,070 --a------ c:\windows\system32\nvdisp.nvu
2008-11-09 17:08 . 2008-11-14 17:29 <DIR> d-------- c:\windows\system32\pl
2008-11-09 17:08 . 2008-11-14 17:29 <DIR> d-------- c:\windows\system32\bits
2008-11-09 17:08 . 2008-11-14 17:29 <DIR> d-------- c:\windows\l2schemas
2008-11-09 16:59 . 2008-04-13 19:53 264,832 --a------ c:\windows\system32\drivers\http.sys
2008-11-09 16:59 . 2008-04-13 19:36 79,232 --a------ c:\windows\system32\drivers\sdbus.sys
2008-11-09 16:59 . 2008-04-13 19:36 46,464 --a------ c:\windows\system32\drivers\gagp30kx.sys
2008-11-09 16:59 . 2008-04-14 16:58 41,856 --a------ c:\windows\system32\drivers\amdk7.sys
2008-11-09 16:59 . 2008-04-14 17:16 40,448 --a------ c:\windows\system32\drivers\intelppm.sys
2008-11-09 16:59 . 2008-04-13 19:53 36,608 --a------ c:\windows\system32\drivers\ip6fw.sys
2008-11-09 16:59 . 2008-04-13 19:45 30,208 --a------ c:\windows\system32\drivers\usbehci.sys
2008-11-09 16:59 . 2008-04-13 19:36 15,488 --a------ c:\windows\system32\drivers\mssmbios.sys
2008-11-09 16:59 . 2008-04-13 19:56 12,288 --a------ c:\windows\system32\drivers\tunmp.sys
2008-11-09 16:59 . 2008-04-13 19:40 11,904 --a------ c:\windows\system32\drivers\sffdisk.sys
2008-11-09 16:59 . 2008-04-13 19:40 11,008 --a------ c:\windows\system32\drivers\sffp_sd.sys
2008-11-09 16:58 . 2008-04-14 18:20 409,088 --a------ c:\windows\system32\qmgr.dll
2008-11-09 16:58 . 2008-06-14 18:36 273,024 --------- c:\windows\system32\drivers\bthport.sys
2008-11-09 16:58 . 2008-04-13 19:32 129,792 --a------ c:\windows\system32\drivers\fltmgr.sys
2008-11-09 16:14 . 2008-11-09 16:25 <DIR> d-------- c:\program files\Paint.NET
2008-11-09 16:08 . 2008-11-09 16:10 <DIR> d-------- c:\windows\system32\XPSViewer
2008-11-09 16:08 . 2008-11-09 16:08 <DIR> d-------- c:\program files\Reference Assemblies
2008-11-09 16:08 . 2008-11-09 16:08 <DIR> d-------- c:\program files\MSBuild
2008-11-09 16:07 . 2006-06-29 13:07 14,048 --------- c:\windows\system32\spmsg2.dll
2008-11-09 16:04 . 2008-11-09 16:04 <DIR> d-------- c:\program files\MSXML 6.0
2008-11-09 15:28 . 2008-04-14 18:20 69,120 --------- c:\windows\system32\wlanapi.dll
2008-11-09 15:28 . 2008-04-14 18:20 53,248 --------- c:\windows\system32\tsgqec.dll
2008-11-09 15:28 . 2008-04-14 18:20 50,688 --------- c:\windows\system32\tspkg.dll
2008-11-09 15:28 . 2008-04-14 18:21 28,672 --------- c:\windows\system32\verclsid.exe

.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-24 20:07 --------- d-----w c:\documents and settings\lelle94\Dane aplikacji\DNA
2008-11-24 18:27 --------- d-----w c:\program files\DNA
2008-11-24 18:27 --------- d-----w c:\program files\Avast 4.8 Home Edition
2008-11-21 18:16 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-21 18:08 --------- d-----w c:\program files\Common Files\InstallShield
2008-11-13 19:23 --------- d-----w c:\program files\Ipla
2008-11-09 11:45 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Microsoft Help
2008-11-09 11:44 --------- d-----w c:\program files\Microsoft Works
2008-11-09 11:37 --------- d-----w c:\program files\Realtek AC97
2008-11-09 11:35 --------- d-----w c:\documents and settings\lelle94\Dane aplikacji\ipla
2008-11-09 11:35 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\ipla
2008-11-09 11:13 --------- d-----w c:\program files\microsoft frontpage
2008-11-09 11:11 --------- d-----w c:\program files\Usługi online
2008-11-09 10:48 98,304 ----a-w c:\windows\system32\rtm.dll
2008-11-09 10:47 99,840 ----a-w c:\windows\pchealth\helpctr\binaries\HelpHost.exe
2008-11-09 10:46 67,584 ----a-w c:\windows\system32\acctres.dll
2008-11-09 10:46 26,112 ----a-w c:\windows\system32\aaaamon.dll
2008-11-09 10:46 131,584 ----a-w c:\windows\system32\acledit.dll
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-02 23:46 81,920 ----a-w c:\windows\system32\frapsvid.dll
2008-09-15 15:27 1,846,656 ----a-w c:\windows\system32\win32k.sys
2008-09-10 01:15 1,307,648 ----a-w c:\windows\system32\msxml6.dll
2008-09-04 17:17 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-08-26 08:27 826,368 ----a-w c:\windows\system32\wininet.dll
.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-11-12 342336]
"IPLA!"="c:\program files\Ipla\ipla.exe" [2008-10-17 2515192]
"ares"="c:\program files\Ares\Ares.exe" [2008-08-21 888832]
"Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2008-03-20 2127296]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-12-01 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-11-09 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-11-09 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-11-09 455168]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13529088]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-03 86016]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"SoundMan"="SOUNDMAN.EXE" [2006-11-17 c:\windows\soundman.exe]
"nwiz"="nwiz.exe" [2008-05-03 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.iv31"= c:\windows\system32\ir32_32.dll
"vidc.iv32"= c:\windows\system32\ir32_32.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Gadu-Gadu\\gg.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=

R0 pe3ajfae;Anno 1503 Zlota Edycja Environment Driver (pe3ajfae);c:\windows\system32\drivers\pe3ajfae.sys [2007-02-13 65432]
R0 ps6ajfae;Anno 1503 Zlota Edycja Synchronization Driver (ps6ajfae);c:\windows\system32\drivers\ps6ajfae.sys [2007-02-13 52128]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-11-09 110160]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-11-09 20560]
S2 pr2ajfae;Anno 1503 Zlota Edycja Drivers Auto Removal (pr2ajfae);c:\windows\system32\pr2ajfae.exe svc []
S3 getPlus® Helper;getPlus® Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2008-11-17 33752]
.
Zawartość folderu 'Zaplanowane zadania'

2008-11-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2008-11-23 c:\windows\Tasks\Defragmentacja.job
- c:\windows\system32\dfrg.msc [2008-11-09 11:47]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-24 21:11:36
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

- - - - - - - > 'winlogon.exe'(572)
c:\windows\system32\WgaLogon.dll
.
Czas ukończenia: 2008-11-24 21:12:26
ComboFix-quarantined-files.txt 2008-11-24 20:12:11
ComboFix2.txt 2008-11-24 18:29:03

Przed: 9 647 951 872 bajtów wolnych
Po: 9,636,478,976 bajtów wolnych

248 --- E O F --- 2008-11-16 19:52:52

Uważam, że ten log jest już czysty.

ordynat

To ok dzięki za pomoc