mam nadzieje ze ktos pomoze , aha jesli to nie jakis wirus , moze ktos wie co moglo sie popsuc dzieki z gory ComboFix 10-02-10.01 - abram 2010-02-10 21:48:05.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1250.48.1045.18.2046.1599 [GMT 1:00]
Uruchomiony z: c:\documents and settings\abram\Pulpit\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\abram\Cookies\[email protected][1].txt
c:\windows\system32\dlg.dlltemp
c:\windows\system32\RCX15.tmp
c:\windows\system32\RCX16.tmp
c:\windows\system32\RCX1A.tmp
c:\windows\system32\RCX1B.tmp
c:\windows\system32\RCX1C.tmp
c:\windows\system32\RCX1D.tmp
c:\windows\system32\RCXB2.tmp
.
((((((((((((((((((((((((( Pliki utworzone od 2010-01-10 do 2010-02-10 )))))))))))))))))))))))))))))))
.
2010-02-10 20:10 . 2010-02-10 20:10 -------- d-----w- c:\program files\Trend Micro
2010-01-21 22:13 . 2010-01-21 22:13 -------- d-----w- C:\Temp
2010-01-21 22:11 . 2010-01-21 22:11 -------- d-----w- c:\program files\QuickTime
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-10 20:30 . 2009-05-21 16:23 -------- d-----w- c:\documents and settings\abram\Dane aplikacji\DNA
2010-02-10 20:06 . 2009-05-21 16:23 -------- d-----w- c:\program files\DNA
2010-02-07 21:03 . 2008-12-18 18:32 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-07 21:03 . 2009-08-01 14:12 -------- d-----w- c:\documents and settings\abram\Dane aplikacji\My Games
2010-02-07 07:47 . 2009-12-02 15:23 79488 ----a-w- c:\documents and settings\abram\Dane aplikacji\Sun\Java\jre1.6.0_17\gtapi.dll
2010-01-08 21:15 . 2009-12-27 15:24 -------- d-----w- c:\documents and settings\abram\Dane aplikacji\BearShareTb
2010-01-08 06:26 . 2008-12-18 18:48 13496 ----a-w- c:\documents and settings\abram\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
2009-12-27 15:24 . 2009-12-27 15:24 -------- d-----w- c:\program files\BearShareTb
2009-12-15 20:37 . 2009-12-15 20:37 -------- d-----w- c:\documents and settings\abram\Dane aplikacji\Gadu-Gadu 10
2009-12-13 20:40 . 2009-12-13 19:44 -------- d-----w- c:\program files\PulsPlayer
2009-12-02 17:52 . 2009-12-02 17:52 37376 ----a-w- c:\documents and settings\abram\Dane aplikacji\Gadu-Gadu 10\_userdata\ggbho.2.dll
2009-12-02 17:52 . 2009-12-02 17:52 11776 ----a-w- c:\documents and settings\abram\Dane aplikacji\Gadu-Gadu 10\_userdata\npgg.2.dll
2009-11-24 23:54 . 2009-12-16 15:40 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:51 . 2009-12-16 15:41 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-24 23:50 . 2009-12-16 15:41 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-11-24 23:50 . 2009-12-16 15:41 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-11-24 23:50 . 2009-12-16 15:41 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-11-24 23:49 . 2009-12-16 15:41 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2009-12-16 15:41 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2009-12-16 15:41 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-24 23:47 . 2009-12-16 15:41 97480 ----a-w- c:\windows\system32\AvastSS.scr
2004-03-11 12:27 . 2008-12-19 10:41 40960 ----a-w- c:\program files\Uninstall_CDS.exe
.
------- Sigcheck -------
[-] 2007-10-15 . 0FB6743E937C7BB248B2530A5A77ABC6 . 360576 . . [5.1.2600.2892] . . c:\windows\system32\drivers\tcpip.sys
[-] 2007-10-17 . 64AF31FD88F01255BD841AA9B2DD030F . 104448 . . [5.4.3790.2180] . . c:\windows\system32\wuauclt.exe
[-] 2007-07-13 . A29DE506E89C131C0AACC86047CB1373 . 3856896 . . [7.00.6000.20591] . . c:\windows\system32\mshtml.dll
[-] 2007-10-18 . 6C264E21D3BD7082B43FC016D760C1D1 . 2145280 . . [5.1.2600.3093] . . c:\windows\system32\ntoskrnl.exe
[-] 2007-07-10 . CE594E18FE0D0AF804F1F3694921CE62 . 642560 . . [5.1.2600.3099] . . c:\windows\system32\user32.dll
[-] 2007-07-13 . CE7193C5F7C01B19768E066087C1C919 . 814592 . . [7.00.6000.20583] . . c:\windows\system32\wininet.dll
[-] 2007-10-17 . 16DF8A100E8966E48BA00C86F6C89972 . 974848 . . [6.00.2900.2649] . . c:\windows\explorer.exe
[-] 2007-10-09 . 89878732D5EB0C845AD2356081142F2A . 1548288 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0974BA1E-64EC-11DE-B2A5-E43756D89593}]
2009-08-10 14:06 91576 ----a-w- c:\program files\BearShareTb\BearShareDx.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-09-29 15:24 325000 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-29 325000]
"{0974BA1E-64EC-11DE-B2A5-E43756D89593}"= "c:\program files\BearShareTb\BearShareDx.dll" [2009-08-10 91576]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CLASSES_ROOT\clsid\{0974ba1e-64ec-11de-b2a5-e43756d89593}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-29 325000]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-10 216520]
"ALLUpdate"="d:\program files\ALLPlayer\ALLUpdate.exe" [2008-11-24 869888]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-11-13 323392]
"Gadu-Gadu"="d:\program files\Gadu-Gadu\gg.exe" [2008-03-20 2127296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"RemoteControl"="c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2003-12-08 32768]
"InCD"="c:\program files\Ahead\InCD\InCD.exe" [2004-09-07 1400944]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-03 13672448]
"nwiz"="nwiz.exe" [2008-12-03 1630208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-03 86016]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"nltide_3"="advpack.dll" [2007-10-09 124928]
c:\documents and settings\All Users\Menu Start\Programy\Autostart\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableStatusMessages"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyPictures"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyPictures"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"=
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-12-16 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-12-16 20560]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2008-12-22 717296]
S2 dlgx1;dlgx1;c:\windows\system32\dlg.exe [2009-09-11 223744]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 XDva310;XDva310;\??\c:\windows\system32\XDva310.sys --> c:\windows\system32\XDva310.sys [?]
S3 XDva315;XDva315;\??\c:\windows\system32\XDva315.sys --> c:\windows\system32\XDva315.sys [?]
S3 XDva317;XDva317;\??\c:\windows\system32\XDva317.sys --> c:\windows\system32\XDva317.sys [?]
S3 XDva321;XDva321;\??\c:\windows\system32\XDva321.sys --> c:\windows\system32\XDva321.sys [?]
S3 XDva323;XDva323;\??\c:\windows\system32\XDva323.sys --> c:\windows\system32\XDva323.sys [?]
S3 XDva326;XDva326;\??\c:\windows\system32\XDva326.sys --> c:\windows\system32\XDva326.sys [?]
S3 XDva327;XDva327;\??\c:\windows\system32\XDva327.sys --> c:\windows\system32\XDva327.sys [?]
.
Zawartość folderu 'Zaplanowane zadania'
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://search.bearshare.com/
LSP: %SYSTEMROOT%\system32\nvappfilter.dll
TCP: {E3F69883-0F67-4B36-9C2E-846F8959779D} = 194.204.152.34,194.204.159.1
FF - ProfilePath - c:\documents and settings\abram\Dane aplikacji\Mozilla\Firefox\Profiles\j5ihn65o.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://search.bearshare.com/
FF - prefs.js: keyword.URL - hxxp://search.bearshare.com/webResults.html?src=ffb&q=
FF - plugin: c:\documents and settings\abram\Dane aplikacji\Gadu-Gadu 10\_userdata\npgg.2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
.
- - - - USUNIĘTO PUSTE WPISY - - - -
BHO-{74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - d:\program files\BearShare\BearShareIEHelper.dll
HKCU-Run-ares - c:\program files\Ares\Ares.exe
HKLM-Run-WinampAgent - d:\program files\Winamp\winampa.exe
AddRemove-Audacity_is1 - c:\program files\Audacity\unins000.exe
AddRemove-Final Fantasy VII - d:\program files\Final Fantasy VII\Uninst.isu
AddRemove-Football Manager 2009 - d:\giery\Uninstall_Football Manager 2009\Uninstall Football Manager 2009.exe
AddRemove-Tibia_is1 - d:\program files\Tibia\unins000.exe
**************************************************************************
skanowanie ukrytych procesów ...
skanowanie ukrytych wpisów autostartu ...
skanowanie ukrytych plików ...
skanowanie pomyślnie ukończone
ukryte pliki:
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
- - - - - - - > 'winlogon.exe'(936)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\cscui.dll
- - - - - - - > 'lsass.exe'(992)
c:\windows\system32\nvappfilter.dll
.
Czas ukończenia: 2010-02-10 21:50:46
ComboFix-quarantined-files.txt 2010-02-10 20:50
Przed: 16 508 612 608 bajtów wolnych
Po: 17 847 808 000 bajtów wolnych
WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
Current=3 Default=3 Failed=2 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 64557C9973A5E20483CB6E80EA3A416B
zapisz jako 
_autorun\AUTORUN.EXE