log z combofix prosze o szybka pomoc

[bili1610]

ComboFix 08-04-29.5 - Komputer 2008-04-30 19:02:21.5 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.1524 [GMT 2:00]
Running from: C:\Documents and Settings\Komputer\Moje dokumenty\Programy\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-03-28 to 2008-04-30 )))))))))))))))))))))))))))))))
.

2008-04-30 18:59 . 2008-04-30 18:59 <DIR> d-------- C:\Program Files\IEAntiVirus
2008-04-30 17:47 . 2008-04-30 18:42 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Lavasoft
2008-04-30 16:40 . 2008-04-30 16:40 221,184 --a------ C:\WINDOWS\unonasad.dll
2008-04-29 20:40 . 2008-04-29 20:43 <DIR> d-------- C:\Documents and Settings\Komputer\Dane aplikacji\Hamachi
2008-04-29 20:40 . 2008-04-29 20:40 25,280 --a------ C:\WINDOWS\system32\drivers\hamachi.sys
2008-04-28 23:08 . 2004-08-04 12:12 142,848 --a------ C:\WINDOWS\gamedelete.exe
2008-04-28 21:04 . 2008-04-28 21:04 0 --a------ C:\WINDOWS\nsreg.dat
2008-04-27 20:36 . 2008-04-28 10:08 <DIR> d-------- C:\Program Files\uTorrent
2008-04-25 20:48 . 2008-03-05 15:56 3,786,760 --a------ C:\WINDOWS\system32\D3DX9_37.dll
2008-04-25 20:48 . 2008-03-05 15:56 1,420,824 --a------ C:\WINDOWS\system32\D3DCompiler_37.dll
2008-04-25 20:48 . 2008-03-05 16:03 479,752 --a------ C:\WINDOWS\system32\XAudio2_0.dll
2008-04-25 20:48 . 2008-02-05 23:07 462,864 --a------ C:\WINDOWS\system32\d3dx10_37.dll
2008-04-25 20:48 . 2008-03-05 16:03 238,088 --a------ C:\WINDOWS\system32\xactengine3_0.dll
2008-04-25 20:48 . 2008-03-05 16:00 25,608 --a------ C:\WINDOWS\system32\X3DAudio1_3.dll
2008-04-21 23:47 . 2008-04-21 23:47 <DIR> d-------- C:\Documents and Settings\Komputer\Dane aplikacji\Activision
2008-04-21 23:44 . 2008-04-21 23:44 307 --a------ C:\WINDOWS\game.ini
2008-04-18 22:25 . 2008-04-18 22:25 278,728 --a------ C:\WINDOWS\system32\drivers\atksgt.sys
2008-04-18 22:25 . 2008-04-18 22:25 25,416 --a------ C:\WINDOWS\system32\drivers\lirsgt.sys
2008-04-18 22:24 . 2008-04-18 22:26 <DIR> d-------- C:\Program Files\RTL Biathlon 2008
2008-04-17 08:15 . 2008-04-17 08:15 <DIR> d-------- C:\Program Files\MegauploadToolbar
2008-04-17 08:15 . 2008-04-18 13:34 <DIR> d-------- C:\Documents and Settings\Komputer\Dane aplikacji\MegauploadToolbar
2008-04-08 14:52 . 2008-04-08 14:52 <DIR> d-------- C:\Program Files\NAPI-PROJEKT
2008-04-06 20:16 . 2008-04-06 20:16 <DIR> d-------- C:\Rozliczenie Roczne 2007
2008-04-05 14:00 . 2008-04-20 18:59 <DIR> d-------- C:\Documents and Settings\Komputer\Dane aplikacji\ZoomBrowser EX
2008-04-05 13:59 . 2008-04-05 13:59 <DIR> d-------- C:\Documents and Settings\Komputer\Dane aplikacji\CANON INC
2008-04-05 13:59 . 2008-04-20 18:59 <DIR> d-------- C:\Documents and Settings\Komputer\Dane aplikacji\CameraWindowDC
2008-04-05 13:58 . 2004-08-04 00:44 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-04-05 13:58 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-04-05 13:58 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-04-05 13:58 . 2001-10-26 17:29 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2008-04-05 13:45 . 2008-04-05 13:49 <DIR> d-------- C:\Program Files\Canon
2008-04-05 13:45 . 2008-04-05 13:45 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\ZoomBrowser
2008-04-05 13:41 . 2008-04-05 13:41 <DIR> d-------- C:\Program Files\Common Files\Canon
2008-04-04 16:45 . 2008-04-04 16:45 3,064 --a------ C:\WINDOWS\jqmw_w32.ini
2008-04-04 16:45 . 2008-04-04 16:45 1,431 --a------ C:\WINDOWS\chmtz48.ini
2008-04-04 14:06 . 2007-12-04 02:08 118,520 --------- C:\WINDOWS\system32\pxinsi64.exe
2008-04-04 14:06 . 2007-12-04 02:08 118,056 --------- C:\WINDOWS\system32\pxcpyi64.exe
2008-04-04 13:34 . 2008-04-04 13:38 <DIR> d-------- C:\Documents and Settings\Komputer\Dane aplikacji\Ashampoo Photo Commander 4
2008-04-04 13:33 . 2008-04-04 13:33 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\ashampoo
2008-04-03 09:37 . 2008-04-03 09:37 415,104 --a------ C:\WINDOWS\system32\pr2aq6eb.exe
2008-04-03 09:36 . 2008-04-03 09:36 69,248 --a------ C:\WINDOWS\system32\drivers\pe3aq6eb.sys
2008-04-03 09:35 . 2008-04-03 09:35 68,744 --a------ C:\WINDOWS\system32\drivers\ps7aq6eb.sys
2008-03-30 20:32 . 2008-03-30 20:32 <DIR> d-------- C:\Command
2008-03-28 18:18 . 2008-03-28 21:07 67 --a------ C:\WINDOWS\IDMan.INI
2008-03-28 18:17 . 2008-04-16 15:17 <DIR> d-------- C:\Documents and Settings\Komputer\Dane aplikacji\DMCache
2008-03-23 14:31 . 2008-03-23 15:37 <DIR> d-------- C:\Program Files\F1 Challenge 2007
2008-03-22 14:05 . 2008-03-22 14:05 <DIR> d-------- C:\Program Files\free-downloads.net
2008-03-22 14:05 . 2008-03-22 14:05 <DIR> d-------- C:\Program Files\Conduit
2008-03-22 12:57 . 2008-04-21 23:39 <DIR> d-------- C:\Program Files\Activision
2008-03-22 12:54 . 2008-04-30 18:50 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2008-03-19 21:19 . 2008-03-19 21:19 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-03-19 15:55 . 2008-03-25 09:18 <DIR> d-------- C:\Documents and Settings\Komputer\Dane aplikacji\skypePM
2008-03-19 15:55 . 2008-03-19 15:55 32 --a------ C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat
2008-03-19 15:53 . 2008-03-19 15:53 <DIR> d-------- C:\Program Files\Skype
2008-03-19 15:53 . 2008-03-19 15:53 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-03-19 15:53 . 2008-03-25 09:21 <DIR> d-------- C:\Documents and Settings\Komputer\Dane aplikacji\Skype
2008-03-19 15:53 . 2008-03-19 15:53 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Skype
2008-03-18 21:50 . 2008-03-18 21:50 <DIR> d-------- C:\Program Files\Aspyr Media, Inc
2008-03-17 22:43 . 2008-03-17 22:43 <DIR> d-------- C:\Documents and Settings\Komputer\Dane aplikacji\DAEMON Tools
2008-03-17 22:43 . 2008-03-17 22:43 716,272 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-03-17 21:06 . 2008-03-17 21:06 <DIR> d-------- C:\Program Files\Rockstar Games
2008-03-17 19:12 . 2008-03-17 19:12 <DIR> d-------- C:\Program Files\Robster Productions
2008-03-16 20:26 . 2005-04-08 20:44 45,056 --a------ C:\WINDOWS\system32\hpzll3xu.dll
2008-03-16 20:25 . 2008-03-16 20:25 <DIR> d-------- C:\Documents and Settings\Komputer\Dane aplikacji\Image Zone Express
2008-03-16 17:53 . 2008-03-16 17:53 <DIR> d-------- C:\WINDOWS\speech
2008-03-16 17:53 . 2008-03-16 17:53 <DIR> d-------- C:\Program Files\ivo
2008-03-16 17:33 . 2008-03-16 17:33 <DIR> d-------- C:\Documents and Settings\Komputer\Dane aplikacji\LektoraData
2008-03-16 16:39 . 2008-03-16 16:39 <DIR> d-------- C:\Program Files\Combined Community Codec Pack
2008-03-16 16:26 . 2008-03-16 16:26 <DIR> d-------- C:\Program Files\MarBit
2008-03-16 01:43 . 2008-03-16 01:43 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-03-14 18:55 . 2008-03-14 18:55 <DIR> d-------- C:\Program Files\THQ
2008-03-14 18:08 . 2008-03-14 18:08 <DIR> d-------- C:\Program Files\Common Files\HP
2008-03-14 18:07 . 2008-03-14 18:07 <DIR> d-------- C:\Program Files\Hewlett-Packard
2008-03-14 18:06 . 2008-03-14 18:06 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\HP
2008-03-14 18:01 . 2008-03-14 18:08 <DIR> d-------- C:\Program Files\HP
2008-03-14 18:01 . 2008-03-16 20:24 <DIR> d-------- C:\Documents and Settings\Komputer\Dane aplikacji\HP
2008-03-14 18:01 . 2008-03-16 20:27 79,632 --a------ C:\WINDOWS\hpfins05.dat
2008-03-14 18:01 . 2005-05-24 03:19 1,395 --------- C:\WINDOWS\hpfmdl05.dat
2008-03-14 17:53 . 2007-07-30 20:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-03-14 17:53 . 2007-07-30 20:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-03-14 17:53 . 2007-07-30 20:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-03-13 23:34 . 2008-03-13 23:34 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\LightScribe
2008-03-13 20:46 . 2008-04-12 15:32 <DIR> d-------- C:\Program Files\Valve
2008-03-13 14:02 . 2008-03-13 14:02 <DIR> d--h----- C:\Program Files\Zero G Registry
2008-03-13 14:02 . 2008-03-13 14:02 <DIR> d--h----- C:\Documents and Settings\Komputer\InstallAnywhere
2008-03-13 14:02 . 2008-03-13 14:02 <DIR> d-------- C:\Documents and Settings\Komputer\Dane aplikacji\Sports Interactive
2008-03-13 12:42 . 2008-04-12 12:51 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-03-13 11:33 . 2008-04-26 13:34 <DIR> d-------- C:\Program Files\Techland
2008-03-12 22:48 . 2008-04-30 17:09 <DIR> d-------- C:\Documents and Settings\Komputer\Dane aplikacji\uTorrent
2008-03-12 21:13 . 2008-03-17 12:08 <DIR> d-------- C:\Program Files\BearShare Applications
2008-03-12 21:13 . 2007-11-22 17:00 483,328 --a------ C:\WINDOWS\system32\actskn45.ocx
2008-03-12 20:37 . 2008-03-12 20:37 <DIR> d-------- C:\Documents and Settings\Komputer\.jpi_cache
2008-03-12 20:37 . 2008-03-12 20:37 <DIR> d-------- C:\Documents and Settings\Komputer\.java
2008-03-12 20:27 . 2008-03-12 20:27 <DIR> d-------- C:\Program Files\Winamp Remote
2008-03-12 20:27 . 2008-03-12 20:27 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\OrbNetworks
2008-03-12 20:25 . 2008-03-12 20:28 <DIR> d-------- C:\Program Files\Winamp
2008-03-12 20:25 . 2008-03-12 20:25 <DIR> d-------- C:\Program Files\Microsoft Works
2008-03-12 20:25 . 2008-03-12 20:29 <DIR> d-------- C:\Documents and Settings\Komputer\Dane aplikacji\Winamp
2008-03-12 20:23 . 2008-03-12 20:23 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-03-12 20:23 . 2008-04-09 22:52 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help
2008-03-12 20:22 . 2008-03-12 20:22 <DIR> dr-h----- C:\MSOCache
2008-03-12 20:11 . 2008-03-12 20:11 <DIR> d-------- C:\Documents and Settings\Komputer\Dane aplikacji\Gadu-Gadu
2008-03-12 20:09 . 2008-03-12 20:09 <DIR> d-------- C:\Program Files\Gadu-Gadu
2008-03-12 20:09 . 2008-04-15 20:12 <DIR> d-------- C:\Documents and Settings\Komputer\Gadu-Gadu
2008-03-12 20:05 . 2008-03-12 20:05 <DIR> d-------- C:\Program Files\Alwil Software
2008-03-12 19:51 . 2004-08-23 14:50 32,768 --a------ C:\WINDOWS\system32\WooDial2000.dll
2008-03-12 19:50 . 2008-03-12 19:50 <DIR> d-------- C:\Program Files\SAGEM
2008-03-12 19:49 . 2008-03-12 19:49 <DIR> d-------- C:\WINDOWS\system32\AlertModule
2008-03-12 19:49 . 2008-03-12 19:49 <DIR> d-------- C:\Program Files\Java
2008-03-12 19:49 . 2003-08-04 14:22 94,208 --a------ C:\WINDOWS\system32\W32n50.dll
2008-03-12 19:49 . 2002-11-01 21:15 45,175 --------- C:\WINDOWS\system32\plugincpl140_03.cpl
2008-03-12 19:49 . 2002-11-01 21:15 41,068 --------- C:\WINDOWS\system32\ActPanel.dll
2008-03-12 19:49 . 2004-08-23 14:49 40,960 --a------ C:\WINDOWS\system32\FTRTSVC.exe
2008-03-12 19:49 . 2005-10-06 15:55 36,864 --a------ C:\WINDOWS\system32\IfHelper.dll
2008-03-12 19:49 . 2003-08-04 14:22 16,128 --------- C:\WINDOWS\system32\PCANDIS5.SYS
2008-03-12 19:48 . 2008-04-30 19:01 <DIR> d-------- C:\Program Files\neostrada tp
2008-03-12 19:46 . 2008-03-12 19:46 <DIR> d--hs---- C:\WINDOWS\ftpcache
2008-03-12 19:35 . 2004-08-04 00:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-03-12 19:35 . 2004-08-04 00:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-03-12 17:02 . 2004-08-04 00:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-03-11 17:30 . 2008-03-11 17:30 <DIR> dr-h----- C:\Documents and Settings\Komputer\Dane aplikacji\SecuROM
2008-03-11 17:30 . 2008-03-11 17:30 108,144 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-03-11 16:35 . 2008-03-11 16:35 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-03-11 16:33 . 2008-03-11 16:33 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-03-11 16:28 . 2008-03-11 16:28 <DIR> d-------- C:\Program Files\Windows Media Connect 2

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-21 21:44 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-22 10:56 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-16 14:52 --------- d-----w C:\Documents and Settings\Komputer\Dane aplikacji\Ahead
2008-03-12 17:50 33 ----a-w C:\WINDOWS\system32\drivers\adidsl.cfg
2008-03-11 13:52 --------- d-----w C:\Program Files\Common Files\LightScribe
2008-03-11 13:52 --------- d-----w C:\Program Files\Common Files\Ahead
2008-03-11 13:52 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Ahead
2008-03-11 13:48 --------- d-----w C:\Program Files\Nero
2008-03-11 13:48 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Nero
2008-03-11 13:18 --------- d-----w C:\Program Files\VDOTool
2008-03-11 13:15 --------- d-----w C:\Documents and Settings\Komputer\Dane aplikacji\InstallShield
2008-03-11 13:09 --------- d-----w C:\Program Files\Intel Desktop Board
2008-03-11 13:06 --------- d-----w C:\Program Files\IDT
2008-03-11 12:44 --------- d-----w C:\Program Files\Intel
2008-03-11 12:39 --------- d-----w C:\Program Files\microsoft frontpage
2008-03-11 12:38 --------- d-----w C:\Program Files\Usługi online
2008-03-01 13:02 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:38 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-13 09:45 146,944 ----a-w C:\WINDOWS\system32\staco.dll
.

((((((((((((((((((((((((((((( snapshot@2008-04-30_18.06.44,03 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-30 15:19:29 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-30 16:19:35 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-30 16:19:39 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_560.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]
C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{96488BA0-1A53-4583-8AC8-DB77560E8876}]
2008-04-30 16:40 221184 --a------ C:\WINDOWS\unonasad.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}]
2008-02-14 15:54 1555480 --a------ C:\Program Files\free-downloads.net\tbfree.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ECDEE021-0D17-467F-A1FF-C7A115230949}"= "C:\Program Files\free-downloads.net\tbfree.dll" [2008-02-14 15:54 1555480]

[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{ECDEE021-0D17-467F-A1FF-C7A115230949}"= C:\Program Files\free-downloads.net\tbfree.dll [2008-02-14 15:54 1555480]

[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 11:21 153136]
"LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-07-18 18:55 451872]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44 15360]
"Orb"="C:\Program Files\Winamp Remote\bin\OrbTray.exe" [2008-01-07 22:02 495616]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-02-14 01:09 486856]
"antispy"="C:\Program Files\IEAntiVirus\ieav.exe" [2008-04-29 09:25 1677312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="C:\Program Files\IDT\WDM\sttray.exe" [2007-12-14 13:26 413696]
"Gainward"="C:\Program Files\VDOTool\TBPanel.exe" [2007-11-27 15:36 2169368]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]
"nwiz"="nwiz.exe" [2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 16:57 153136]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"WOOWATCH"="C:\PROGRA~1\NEOSTR~1\Watch.exe" [2004-08-23 14:49 20480]
"WOOTASKBARICON"="C:\PROGRA~1\NEOSTR~1\GestMaj.exe" [2004-10-14 16:55 32768]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 19:37 79224]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-01-16 00:54 37376]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 00:12 49152]

C:\Documents and Settings\Komputer\Menu Start\Programy\Autostart\
Tworzenie wycink˘w ekranu i uruchamianie programu OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 21:24:54 98632]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-12 00:23:26 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Gadu-Gadu\\gg.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe"=
"C:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe"=
"D:\\Program Files\\BearShare\\BearShare.exe"=
"C:\\Program Files\\Valve\\hl.exe"=
"C:\\Program Files\\Aspyr Media, Inc\\THAW\\Game\\THAW.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Documents and Settings\\Komputer\\Moje dokumenty\\Bartek\\NTSD_beta1.9\\NTSD beta1.9.exe"=
"C:\\Program Files\\Valve\\hlds.exe"=

R0 pe3aq6eb;FIM Speedway GP3 Environment Driver (pe3aq6eb);C:\WINDOWS\system32\drivers\pe3aq6eb.sys [2008-04-03 09:36]
R0 ps7aq6eb;FIM Speedway GP3 Synchronization Driver (ps7aq6eb);C:\WINDOWS\system32\drivers\ps7aq6eb.sys [2008-04-03 09:35]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
S2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);C:\WINDOWS\system32\Drivers\e4ldr.sys [2006-09-15 12:07]
S2 pr2aq6eb;FIM Speedway GP3 Drivers Auto Removal (pr2aq6eb);C:\WINDOWS\system32\pr2aq6eb.exe svc []
S3 e4usbaw;USB ADSL2 WAN Adapter;C:\WINDOWS\system32\DRIVERS\e4usbaw.sys [2006-09-19 12:03]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8fffcb30-f7fa-11dc-9545-4d6564696130}]
\Shell\AutoRun\command - G:\Setup\rsrc\autorun.exe
\Shell\dinstall\command - G:\Directx\dxsetup.exe

*Newly Created Service* - SP_RSSRV

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-30 19:02:54
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\FileObjInfo]
"ImagePath"="\??\C:\Documents and Settings\All Users\Dane aplikacji\Spyware Terminator\FileObjInfo.sys"
.
Completion time: 2008-04-30 19:03:20
ComboFix-quarantined-files.txt 2008-04-30 17:03:14
ComboFix2.txt 2008-04-30 16:29:55
ComboFix3.txt 2008-04-30 16:27:14
ComboFix4.txt 2008-04-30 16:07:08

Pre-Run: 46,565,359,616 bajtów wolnych
Post-Run: 46,565,834,752 bajtów wolnych

259 --- E O F --- 2008-04-30 09:07:11

[huber2t]

Pobierz ComboFix, ale nie uruchamiaj
Wklej do notatnika:

Kod: Zaznacz wszystko

File::
C:\WINDOWS\unonasad.dll


Plik zapisz jako CFScript.txt (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe)
Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe tak jak tu

Powinno się rozpocząć usuwanie i powstanie log, daj ten log na forum.



otwórz notatnik i wklej

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{96488BA0-1A53-4583-8AC8-DB77560E8876}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2]

Z menu Notatnika Plik Zapisz jako Zmień rozszerzenie z .txt na wszystkie pliki zapisz pod nazwą Fix.reg

Uruchom ten plik, uruchom ponownie komputer

[bili1610]

DZIEKUJE BARDZO, ZYCIE MI URATOWALES

[huber2t]

Przeskanuj komputer tym (uruchom przez IE) http://www.kaspersky.pl/virusscanner.html Daj raport z niego na forum