Trojan w Temporary Internet Files - ciągle się odnawia

[protective]

Witam,

Pojawił mi sie trojan w Temporary Internet Files, który po każdym usunięciu i ponownym włączeniu komputera odnwia się. Przy okazji powstaje za każdym razem plik is155383.exe na C:\Windows, który również jest wykrywany przez Avast jao wirus i zachowuje się tak jak wyżej wspomniany trojan, czyli odnawia się po każdym włączeniu kompa.

Ściągnełam ComboFix i wygenerował mi się taki log:

ComboFix 08-06-11.7 - Sandi 2008-06-13 20:00:59.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.682 [GMT 2:00]
Running from: C:\Documents and Settings\Sandi\Pulpit\pobieranie\ComboFix.exe
* Created a new restore point

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Sandi\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\WINDOWS\system32\drivers\svchost.exe
C:\WINDOWS\system32\found.exe.exe
C:\WINDOWS\system32\svcp.csv
C:\WINDOWS\system32\winsub.xml
C:\WINDOWS\system32\wscmp.dll

.
((((((((((((((((((((((((( Files Created from 2008-05-13 to 2008-06-13 )))))))))))))))))))))))))))))))
.

2008-06-13 13:04 . 2008-06-13 13:10 <DIR> d-------- C:\FlexLM
2008-06-13 12:53 . 2008-06-13 12:53 <DIR> d-------- C:\Documents and Settings\Sandi\WINDOWS
2008-06-13 12:51 . 2008-06-13 12:53 <DIR> d-------- C:\Program Files\Common Files\Alias Shared
2008-06-12 23:05 . 2004-08-04 00:44 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-06-10 14:57 . 2008-06-10 14:57 <DIR> d---s---- C:\Documents and Settings\Sandi\UserData
2008-06-10 14:45 . 2008-06-10 14:50 <DIR> d-------- C:\Documents and Settings\Sandi\Dane aplikacji\Arcsoft
2008-06-10 14:44 . 2008-06-12 20:55 <DIR> d-------- C:\Documents and Settings\Sandi\Dane aplikacji\Canon
2008-06-10 14:44 . 2008-06-10 14:47 25,713 --a------ C:\WINDOWS\CSTBox.INI
2008-06-10 14:44 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-06-10 14:44 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-06-10 14:31 . 2008-06-10 14:31 <DIR> d-------- C:\Program Files\Canon
2008-06-10 14:31 . 2008-06-10 14:31 <DIR> d-------- C:\Documents and Settings\Sandi\Dane aplikacji\ScanSoft
2008-06-10 14:31 . 2008-06-10 14:31 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\SSScanWizard
2008-06-10 14:31 . 2008-06-10 14:31 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\SSScanAppDataDir
2008-06-10 14:31 . 2008-06-10 14:31 525 --a------ C:\WINDOWS\MAXLINK.INI
2008-06-10 14:30 . 2008-06-10 14:30 <DIR> d-------- C:\Program Files\ScanSoft
2008-06-10 14:30 . 2008-06-10 14:31 <DIR> d-------- C:\Program Files\Common Files\ScanSoft Shared
2008-06-10 14:29 . 2008-06-10 14:29 <DIR> d-------- C:\Program Files\ArcSoft
2008-06-10 14:29 . 1995-07-31 13:44 212,480 --a------ C:\WINDOWS\system32\PCDLIB32.DLL
2008-06-10 14:29 . 1999-05-26 09:46 212,480 --a------ C:\WINDOWS\pcdlib32.dll
2008-06-10 14:29 . 1996-07-01 00:00 77,312 --a------ C:\WINDOWS\system32\TWAIN_32.DLL
2008-06-10 14:28 . 2008-06-10 14:28 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-06-10 14:28 . 2008-06-10 14:28 <DIR> d-------- C:\WINDOWS\Profiles
2008-06-10 14:28 . 2008-06-10 14:28 <DIR> d-------- C:\Documents and Settings\Sandi\Dane aplikacji\InterTrust
2008-06-10 14:28 . 1998-10-29 15:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-06-10 14:27 . 2008-06-10 14:27 <DIR> d--h----- C:\CanoScan
2008-06-10 14:27 . 2002-11-20 15:15 729,088 --a------ C:\WINDOWS\system32\CNQA1209.DLL
2008-06-10 14:27 . 2002-11-20 13:42 507,904 --a------ C:\WINDOWS\system32\CNQL1209.DLL
2008-06-10 14:27 . 2001-07-20 15:25 393,225 --a------ C:\WINDOWS\system32\CNQ1209F.PLG
2008-06-10 14:27 . 2001-08-31 19:02 393,225 --a------ C:\WINDOWS\system32\CNQ1209B.PLG
2008-06-10 14:27 . 2001-09-26 13:20 393,225 --a------ C:\WINDOWS\system32\CNQ12091.PLG
2008-06-10 14:27 . 2002-05-24 03:04 389,180 --a------ C:\WINDOWS\system32\UCS32P.DLL
2008-06-10 14:27 . 2002-11-15 10:15 40,960 --a------ C:\WINDOWS\system32\CNQU83.DLL
2008-06-08 15:41 . 2008-06-08 15:41 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-06-08 15:41 . 2008-06-08 15:41 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Adobe Systems
2008-06-08 15:40 . 2008-06-08 15:45 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-06-08 13:53 . 2008-06-08 13:53 <DIR> d-------- C:\Documents and Settings\Sandi\Dane aplikacji\Corel
2008-06-08 13:49 . 2008-06-12 19:14 <DIR> d-------- C:\Program Files\MagicISO
2008-06-08 12:34 . 2008-06-08 12:34 <DIR> d-------- C:\Documents and Settings\LocalService\Dane aplikacji\WTablet
2008-06-07 19:12 . 2008-06-07 19:12 <DIR> d-------- C:\Program Files\Corel
2008-06-07 19:03 . 2008-06-07 19:03 <DIR> d-------- C:\WINDOWS\system32\WTablet
2008-06-07 19:03 . 2008-06-07 19:03 <DIR> d-------- C:\Program Files\Tablet
2008-06-07 19:03 . 2008-06-13 19:56 <DIR> d-------- C:\Documents and Settings\Sandi\Dane aplikacji\WTablet
2008-06-07 19:03 . 2006-12-05 22:28 3,307,056 --------- C:\WINDOWS\system32\WacomTablet.cpl
2008-06-07 19:03 . 2006-11-10 20:18 1,726,244 --------- C:\WINDOWS\system32\WacomTablet.znc
2008-06-07 19:03 . 2006-12-05 22:38 1,013,296 --------- C:\WINDOWS\system32\Tablet.exe
2008-06-07 19:03 . 2006-12-05 22:17 140,848 --------- C:\WINDOWS\system32\Wintab32.dll
2008-06-07 19:03 . 2006-11-15 21:55 6,272 --a------ C:\WINDOWS\system32\drivers\wacomvhid.sys
2008-06-07 19:03 . 2006-02-14 23:18 5,632 --a------ C:\WINDOWS\system32\drivers\wacommousefilter.sys
2008-06-07 18:15 . 2008-06-13 19:12 33,032 --a------ C:\WINDOWS\fastsmell.config
2008-06-07 18:09 . 2008-06-07 18:09 <DIR> d-------- C:\Program Files\Autodesk
2008-06-01 16:30 . 2008-06-01 16:30 <DIR> d--h----- C:\Documents and Settings\All Users\Dane aplikacji\CanonBJ
2008-06-01 16:30 . 2005-11-20 21:00 158,720 --a------ C:\WINDOWS\system32\CNMLM7S.DLL
2008-06-01 16:30 . 2005-10-05 09:26 98,304 --a------ C:\WINDOWS\system32\CNMCP7S.exe
2008-05-27 21:12 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-05-27 21:12 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-05-21 18:54 . 2008-05-21 18:54 <DIR> d-------- C:\WINDOWS\Sun
2008-05-21 18:54 . 2008-06-12 10:09 <DIR> d-------- C:\WINDOWS\.jagex_cache_32
2008-05-21 18:48 . 2008-05-26 20:54 <DIR> d-------- C:\Program Files\Google
2008-05-21 18:48 . 2007-05-02 04:01 49,265 --a------ C:\WINDOWS\system32\jpicpl32.cpl
2008-05-21 18:47 . 2008-05-21 18:48 <DIR> d-------- C:\Program Files\Java
2008-05-21 18:45 . 2008-05-21 18:45 <DIR> d-------- C:\Program Files\Common Files\Java
2008-05-20 22:00 . 2001-08-17 23:59 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-13 10:53 6,656 ----a-w C:\WINDOWS\system32\haspvdd.dll
2008-06-13 10:53 47,616 ----a-w C:\WINDOWS\system32\drivers\Haspnt.sys
2008-06-12 13:41 --------- d-----w C:\Program Files\Common Files\LightScribe
2008-06-10 12:31 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-20 19:06 --------- d-----w C:\Program Files\Common Files\Ahead
2008-05-20 19:05 --------- d-----w C:\Documents and Settings\Sandi\Dane aplikacji\Ahead
2008-05-20 19:03 --------- d-----w C:\Program Files\Nero
2008-05-20 19:03 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Nero
2008-05-20 19:02 --------- d-----w C:\Program Files\ATI Technologies
2008-05-20 18:57 --------- d-----w C:\Program Files\CyberLink
2008-05-20 18:52 --------- d-----w C:\Program Files\xp-AntiSpy
2008-05-20 18:41 --------- d-----w C:\Program Files\Alwil Software
2008-05-20 18:39 --------- d-----w C:\Program Files\D-Link
2008-05-20 18:39 --------- d-----w C:\Program Files\ANI
2008-05-20 18:38 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-05-20 18:18 --------- d-----w C:\Program Files\Realtek Sound Manager
2008-05-20 18:18 --------- d-----w C:\Program Files\Realtek AC97
2008-05-20 18:18 --------- d-----w C:\Program Files\AvRack
2008-05-20 18:15 --------- d-----w C:\Program Files\Intel
2008-05-20 18:08 --------- d-----w C:\Program Files\microsoft frontpage
2008-05-20 18:07 --------- d-----w C:\Program Files\Usługi online
2008-03-29 05:19 9,801,728 ----a-w C:\WINDOWS\system32\atioglx2.dll
2008-03-29 04:40 167,936 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2008-03-29 04:05 372,736 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2008-03-29 04:04 299,008 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2008-03-29 03:56 172,032 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2008-03-29 03:56 126,976 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2008-03-29 03:55 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2008-03-29 03:55 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2008-03-29 03:55 126,976 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2008-03-29 03:54 536,576 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2008-03-29 03:52 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2008-03-29 03:43 3,176,480 ----a-w C:\WINDOWS\system32\ati3duag.dll
2008-03-29 03:39 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2008-03-29 03:36 1,765,120 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2008-03-29 03:24 46,080 ----a-w C:\WINDOWS\system32\amdpcom32.dll
2008-03-29 03:23 5,439,488 ----a-w C:\WINDOWS\system32\atioglxx.dll
2008-03-29 03:21 393,216 ----a-w C:\WINDOWS\system32\atikvmag.dll
2008-03-29 03:19 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2008-03-29 03:12 520,192 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2008-03-28 19:05 593,920 ------w C:\WINDOWS\system32\ati2sgag.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 18:05 143360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-08 17:47 68856]
"fastsmell"="C:\WINDOWS\fastsmell.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2006-08-03 05:12 577536 C:\WINDOWS\soundman.exe]
"D-Link AirPlus G"="C:\Program Files\D-Link\AirPlus G\AirGCFG.exe" [2005-03-18 04:34 1228800]
"ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2004-12-16 17:49 49152]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 01:19 79224]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 15:10 56928]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 22:55 54832]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_12\bin\jusched.exe" [2007-05-02 04:15 75520]
"Omnipage"="C:\Program Files\ScanSoft\OmniPageSE\opware32.exe" [2002-06-03 11:38 49152]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:44 15360]

C:\Documents and Settings\Sandi\Menu Start\Programy\Autostart\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"SENTINEL"= snti386.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);C:\WINDOWS\system32\DRIVERS\A3AB.sys [2005-03-22 19:17]
R3 wacommousefilter;Wacom Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys [2006-02-14 23:18]
R3 wacomvhid;Wacom Virtual Hid Driver;C:\WINDOWS\system32\DRIVERS\wacomvhid.sys [2006-11-15 21:55]

*Newly Created Service* - CATCHME

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{18B0E5C2-99CB-11CF-AYX5-00401C648513}]
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\iuhi64.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-13 20:02:06
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-13 20:02:39
ComboFix-quarantined-files.txt 2008-06-13 18:02:36

Pre-Run: 33,925,140,480 bajtów wolnych
Post-Run: 33,971,351,552 bajtów wolnych

177




Proszę o pomoc.

[pp3088]

Wklej do notatnika:

Kod: Zaznacz wszystko

File::
C:\WINDOWS\fastsmell.exe

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{18B0E5C2-99CB-11CF-AYX5-00401C648513}]


Plik zapisz jako CFScript.txt (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe)
Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe tak jak tu

Rozpocznie się usuwanie i powstanie log, daj ten log na forum.

[protective]

ComboFix 08-06-11.7 - Sandi 2008-06-13 22:32:25.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.631 [GMT 2:00]
Running from: C:\Documents and Settings\Sandi\Pulpit\pobieranie\ComboFix.exe
Command switches used :: C:\Documents and Settings\Sandi\Pulpit\pobieranie\CFScript.txt.txt
* Created a new restore point

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]

FILE ::
C:\WINDOWS\fastsmell.exe
.

((((((((((((((((((((((((( Files Created from 2008-05-13 to 2008-06-13 )))))))))))))))))))))))))))))))
.

2008-06-13 13:04 . 2008-06-13 13:10 <DIR> d-------- C:\FlexLM
2008-06-13 12:53 . 2008-06-13 12:53 <DIR> d-------- C:\Documents and Settings\Sandi\WINDOWS
2008-06-13 12:51 . 2008-06-13 12:53 <DIR> d-------- C:\Program Files\Common Files\Alias Shared
2008-06-12 23:05 . 2004-08-04 00:44 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-06-10 14:57 . 2008-06-10 14:57 <DIR> d---s---- C:\Documents and Settings\Sandi\UserData
2008-06-10 14:45 . 2008-06-10 14:50 <DIR> d-------- C:\Documents and Settings\Sandi\Dane aplikacji\Arcsoft
2008-06-10 14:44 . 2008-06-12 20:55 <DIR> d-------- C:\Documents and Settings\Sandi\Dane aplikacji\Canon
2008-06-10 14:44 . 2008-06-10 14:47 25,713 --a------ C:\WINDOWS\CSTBox.INI
2008-06-10 14:44 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-06-10 14:44 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-06-10 14:31 . 2008-06-10 14:31 <DIR> d-------- C:\Program Files\Canon
2008-06-10 14:31 . 2008-06-10 14:31 <DIR> d-------- C:\Documents and Settings\Sandi\Dane aplikacji\ScanSoft
2008-06-10 14:31 . 2008-06-10 14:31 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\SSScanWizard
2008-06-10 14:31 . 2008-06-10 14:31 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\SSScanAppDataDir
2008-06-10 14:31 . 2008-06-10 14:31 525 --a------ C:\WINDOWS\MAXLINK.INI
2008-06-10 14:30 . 2008-06-10 14:30 <DIR> d-------- C:\Program Files\ScanSoft
2008-06-10 14:30 . 2008-06-10 14:31 <DIR> d-------- C:\Program Files\Common Files\ScanSoft Shared
2008-06-10 14:29 . 2008-06-10 14:29 <DIR> d-------- C:\Program Files\ArcSoft
2008-06-10 14:29 . 1995-07-31 13:44 212,480 --a------ C:\WINDOWS\system32\PCDLIB32.DLL
2008-06-10 14:29 . 1999-05-26 09:46 212,480 --a------ C:\WINDOWS\pcdlib32.dll
2008-06-10 14:29 . 1996-07-01 00:00 77,312 --a------ C:\WINDOWS\system32\TWAIN_32.DLL
2008-06-10 14:28 . 2008-06-10 14:28 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-06-10 14:28 . 2008-06-10 14:28 <DIR> d-------- C:\WINDOWS\Profiles
2008-06-10 14:28 . 2008-06-10 14:28 <DIR> d-------- C:\Documents and Settings\Sandi\Dane aplikacji\InterTrust
2008-06-10 14:28 . 1998-10-29 15:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-06-10 14:27 . 2008-06-10 14:27 <DIR> d--h----- C:\CanoScan
2008-06-10 14:27 . 2002-11-20 15:15 729,088 --a------ C:\WINDOWS\system32\CNQA1209.DLL
2008-06-10 14:27 . 2002-11-20 13:42 507,904 --a------ C:\WINDOWS\system32\CNQL1209.DLL
2008-06-10 14:27 . 2001-07-20 15:25 393,225 --a------ C:\WINDOWS\system32\CNQ1209F.PLG
2008-06-10 14:27 . 2001-08-31 19:02 393,225 --a------ C:\WINDOWS\system32\CNQ1209B.PLG
2008-06-10 14:27 . 2001-09-26 13:20 393,225 --a------ C:\WINDOWS\system32\CNQ12091.PLG
2008-06-10 14:27 . 2002-05-24 03:04 389,180 --a------ C:\WINDOWS\system32\UCS32P.DLL
2008-06-10 14:27 . 2002-11-15 10:15 40,960 --a------ C:\WINDOWS\system32\CNQU83.DLL
2008-06-08 15:41 . 2008-06-08 15:41 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-06-08 15:41 . 2008-06-08 15:41 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Adobe Systems
2008-06-08 15:40 . 2008-06-08 15:45 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-06-08 13:53 . 2008-06-08 13:53 <DIR> d-------- C:\Documents and Settings\Sandi\Dane aplikacji\Corel
2008-06-08 13:49 . 2008-06-12 19:14 <DIR> d-------- C:\Program Files\MagicISO
2008-06-08 12:34 . 2008-06-08 12:34 <DIR> d-------- C:\Documents and Settings\LocalService\Dane aplikacji\WTablet
2008-06-07 19:12 . 2008-06-07 19:12 <DIR> d-------- C:\Program Files\Corel
2008-06-07 19:03 . 2008-06-07 19:03 <DIR> d-------- C:\WINDOWS\system32\WTablet
2008-06-07 19:03 . 2008-06-07 19:03 <DIR> d-------- C:\Program Files\Tablet
2008-06-07 19:03 . 2008-06-13 19:56 <DIR> d-------- C:\Documents and Settings\Sandi\Dane aplikacji\WTablet
2008-06-07 19:03 . 2006-12-05 22:28 3,307,056 --------- C:\WINDOWS\system32\WacomTablet.cpl
2008-06-07 19:03 . 2006-11-10 20:18 1,726,244 --------- C:\WINDOWS\system32\WacomTablet.znc
2008-06-07 19:03 . 2006-12-05 22:38 1,013,296 --------- C:\WINDOWS\system32\Tablet.exe
2008-06-07 19:03 . 2006-12-05 22:17 140,848 --------- C:\WINDOWS\system32\Wintab32.dll
2008-06-07 19:03 . 2006-11-15 21:55 6,272 --a------ C:\WINDOWS\system32\drivers\wacomvhid.sys
2008-06-07 19:03 . 2006-02-14 23:18 5,632 --a------ C:\WINDOWS\system32\drivers\wacommousefilter.sys
2008-06-07 18:15 . 2008-06-13 19:12 33,032 --a------ C:\WINDOWS\fastsmell.config
2008-06-07 18:09 . 2008-06-07 18:09 <DIR> d-------- C:\Program Files\Autodesk
2008-06-01 16:30 . 2008-06-01 16:30 <DIR> d--h----- C:\Documents and Settings\All Users\Dane aplikacji\CanonBJ
2008-06-01 16:30 . 2005-11-20 21:00 158,720 --a------ C:\WINDOWS\system32\CNMLM7S.DLL
2008-06-01 16:30 . 2005-10-05 09:26 98,304 --a------ C:\WINDOWS\system32\CNMCP7S.exe
2008-05-27 21:12 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-05-27 21:12 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-05-21 18:54 . 2008-05-21 18:54 <DIR> d-------- C:\WINDOWS\Sun
2008-05-21 18:54 . 2008-06-12 10:09 <DIR> d-------- C:\WINDOWS\.jagex_cache_32
2008-05-21 18:48 . 2008-05-26 20:54 <DIR> d-------- C:\Program Files\Google
2008-05-21 18:48 . 2007-05-02 04:01 49,265 --a------ C:\WINDOWS\system32\jpicpl32.cpl
2008-05-21 18:47 . 2008-05-21 18:48 <DIR> d-------- C:\Program Files\Java
2008-05-21 18:45 . 2008-05-21 18:45 <DIR> d-------- C:\Program Files\Common Files\Java
2008-05-20 22:00 . 2001-08-17 23:59 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-13 10:53 6,656 ----a-w C:\WINDOWS\system32\haspvdd.dll
2008-06-13 10:53 47,616 ----a-w C:\WINDOWS\system32\drivers\Haspnt.sys
2008-06-12 13:41 --------- d-----w C:\Program Files\Common Files\LightScribe
2008-06-10 12:31 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-20 19:06 --------- d-----w C:\Program Files\Common Files\Ahead
2008-05-20 19:05 --------- d-----w C:\Documents and Settings\Sandi\Dane aplikacji\Ahead
2008-05-20 19:03 --------- d-----w C:\Program Files\Nero
2008-05-20 19:03 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Nero
2008-05-20 19:02 --------- d-----w C:\Program Files\ATI Technologies
2008-05-20 18:57 --------- d-----w C:\Program Files\CyberLink
2008-05-20 18:52 --------- d-----w C:\Program Files\xp-AntiSpy
2008-05-20 18:41 --------- d-----w C:\Program Files\Alwil Software
2008-05-20 18:39 --------- d-----w C:\Program Files\D-Link
2008-05-20 18:39 --------- d-----w C:\Program Files\ANI
2008-05-20 18:38 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-05-20 18:18 --------- d-----w C:\Program Files\Realtek Sound Manager
2008-05-20 18:18 --------- d-----w C:\Program Files\Realtek AC97
2008-05-20 18:18 --------- d-----w C:\Program Files\AvRack
2008-05-20 18:15 --------- d-----w C:\Program Files\Intel
2008-05-20 18:08 --------- d-----w C:\Program Files\microsoft frontpage
2008-05-20 18:07 --------- d-----w C:\Program Files\Usługi online
2008-03-29 05:19 9,801,728 ----a-w C:\WINDOWS\system32\atioglx2.dll
2008-03-29 04:40 167,936 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2008-03-29 04:05 372,736 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2008-03-29 04:04 299,008 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2008-03-29 03:56 172,032 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2008-03-29 03:56 126,976 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2008-03-29 03:55 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2008-03-29 03:55 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2008-03-29 03:55 126,976 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2008-03-29 03:54 536,576 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2008-03-29 03:52 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2008-03-29 03:43 3,176,480 ----a-w C:\WINDOWS\system32\ati3duag.dll
2008-03-29 03:39 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2008-03-29 03:36 1,765,120 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2008-03-29 03:24 46,080 ----a-w C:\WINDOWS\system32\amdpcom32.dll
2008-03-29 03:23 5,439,488 ----a-w C:\WINDOWS\system32\atioglxx.dll
2008-03-29 03:21 393,216 ----a-w C:\WINDOWS\system32\atikvmag.dll
2008-03-29 03:19 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2008-03-29 03:12 520,192 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2008-03-28 19:05 593,920 ------w C:\WINDOWS\system32\ati2sgag.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 18:05 143360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-08 17:47 68856]
"fastsmell"="C:\WINDOWS\fastsmell.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2006-08-03 05:12 577536 C:\WINDOWS\soundman.exe]
"D-Link AirPlus G"="C:\Program Files\D-Link\AirPlus G\AirGCFG.exe" [2005-03-18 04:34 1228800]
"ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2004-12-16 17:49 49152]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 01:19 79224]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 15:10 56928]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 22:55 54832]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_12\bin\jusched.exe" [2007-05-02 04:15 75520]
"Omnipage"="C:\Program Files\ScanSoft\OmniPageSE\opware32.exe" [2002-06-03 11:38 49152]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:44 15360]

C:\Documents and Settings\Sandi\Menu Start\Programy\Autostart\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"SENTINEL"= snti386.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R3 wacommousefilter;Wacom Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys [2006-02-14 23:18]
R3 wacomvhid;Wacom Virtual Hid Driver;C:\WINDOWS\system32\DRIVERS\wacomvhid.sys [2006-11-15 21:55]
S3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);C:\WINDOWS\system32\DRIVERS\A3AB.sys [2005-03-22 19:17]

*Newly Created Service* - CATCHME
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-13 22:33:28
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-13 22:34:04
ComboFix-quarantined-files.txt 2008-06-13 20:34:01
ComboFix2.txt 2008-06-13 18:02:39

Pre-Run: 33,965,719,552 bajtów wolnych
Post-Run: 33,959,919,616 bajtów wolnych

170

[huber2t]

Panie moderatorze zapomniałeś o jednym


Pobierz ComboFix, ale nie uruchamiaj
Wklej do notatnika:

Kod: Zaznacz wszystko

File::
C:\WINDOWS\fastsmell.config
C:\WINDOWS\fastsmell.exe
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\iuhi64.exe

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"fastsmell"=-


Plik zapisz jako CFScript.txt (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe)
Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe tak jak tu

Rozpocznie się usuwanie i powstanie log, daj ten log na forum.

[protective]

hubert2t

chyba juz troche za pozno na to zebym nie uruchamiala ComboFix jak widzisz..

[huber2t]

Dlaczego?

[protective]

No bo juz wkleilam log'a wiec musialam uruchomic ComboFix. W kazdym badz razie wirus sie juz nie odnawia. Wielkie dzieki moderatorowi!

[protective]

Czy ten drugi log jest juz w porzadku? Z gory dziekuje za pomoc

[Arexe]

zrob tamto co napisalem i powinno byc dobrze = podaj nowe logi i sie je sprawdzi ale powinno byc OK

[protective]

To ostatni log z kompa. Prosze o sprawdzenie czy z nim wszystko ok. Z gory dziekuje.


ComboFix 08-06-11.7 - Sandi 2008-06-15 19:12:19.3 - NTFSx86
Running from: C:\Documents and Settings\Sandi\Pulpit\pobieranie\ComboFix.exe

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

((((((((((((((((((((((((( Files Created from 2008-05-15 to 2008-06-15 )))))))))))))))))))))))))))))))
.

2008-06-13 13:04 . 2008-06-13 13:10 <DIR> d-------- C:\FlexLM
2008-06-13 12:53 . 2008-06-13 12:53 <DIR> d-------- C:\Documents and Settings\Sandi\WINDOWS
2008-06-13 12:51 . 2008-06-13 12:53 <DIR> d-------- C:\Program Files\Common Files\Alias Shared
2008-06-12 23:05 . 2004-08-04 00:44 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-06-10 14:57 . 2008-06-10 14:57 <DIR> d---s---- C:\Documents and Settings\Sandi\UserData
2008-06-10 14:45 . 2008-06-10 14:50 <DIR> d-------- C:\Documents and Settings\Sandi\Dane aplikacji\Arcsoft
2008-06-10 14:44 . 2008-06-15 14:55 <DIR> d-------- C:\Documents and Settings\Sandi\Dane aplikacji\Canon
2008-06-10 14:44 . 2008-06-10 14:47 25,713 --a------ C:\WINDOWS\CSTBox.INI
2008-06-10 14:44 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-06-10 14:44 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-06-10 14:31 . 2008-06-10 14:31 <DIR> d-------- C:\Program Files\Canon
2008-06-10 14:31 . 2008-06-10 14:31 <DIR> d-------- C:\Documents and Settings\Sandi\Dane aplikacji\ScanSoft
2008-06-10 14:31 . 2008-06-10 14:31 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\SSScanWizard
2008-06-10 14:31 . 2008-06-10 14:31 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\SSScanAppDataDir
2008-06-10 14:31 . 2008-06-10 14:31 525 --a------ C:\WINDOWS\MAXLINK.INI
2008-06-10 14:30 . 2008-06-10 14:30 <DIR> d-------- C:\Program Files\ScanSoft
2008-06-10 14:30 . 2008-06-10 14:31 <DIR> d-------- C:\Program Files\Common Files\ScanSoft Shared
2008-06-10 14:29 . 2008-06-10 14:29 <DIR> d-------- C:\Program Files\ArcSoft
2008-06-10 14:29 . 1995-07-31 13:44 212,480 --a------ C:\WINDOWS\system32\PCDLIB32.DLL
2008-06-10 14:29 . 1999-05-26 09:46 212,480 --a------ C:\WINDOWS\pcdlib32.dll
2008-06-10 14:29 . 1996-07-01 00:00 77,312 --a------ C:\WINDOWS\system32\TWAIN_32.DLL
2008-06-10 14:28 . 2008-06-10 14:28 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-06-10 14:28 . 2008-06-10 14:28 <DIR> d-------- C:\WINDOWS\Profiles
2008-06-10 14:28 . 2008-06-10 14:28 <DIR> d-------- C:\Documents and Settings\Sandi\Dane aplikacji\InterTrust
2008-06-10 14:28 . 1998-10-29 15:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-06-10 14:27 . 2008-06-10 14:27 <DIR> d--h----- C:\CanoScan
2008-06-10 14:27 . 2002-11-20 15:15 729,088 --a------ C:\WINDOWS\system32\CNQA1209.DLL
2008-06-10 14:27 . 2002-11-20 13:42 507,904 --a------ C:\WINDOWS\system32\CNQL1209.DLL
2008-06-10 14:27 . 2001-07-20 15:25 393,225 --a------ C:\WINDOWS\system32\CNQ1209F.PLG
2008-06-10 14:27 . 2001-08-31 19:02 393,225 --a------ C:\WINDOWS\system32\CNQ1209B.PLG
2008-06-10 14:27 . 2001-09-26 13:20 393,225 --a------ C:\WINDOWS\system32\CNQ12091.PLG
2008-06-10 14:27 . 2002-05-24 03:04 389,180 --a------ C:\WINDOWS\system32\UCS32P.DLL
2008-06-10 14:27 . 2002-11-15 10:15 40,960 --a------ C:\WINDOWS\system32\CNQU83.DLL
2008-06-08 15:41 . 2008-06-08 15:41 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-06-08 15:41 . 2008-06-08 15:41 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Adobe Systems
2008-06-08 15:40 . 2008-06-08 15:45 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-06-08 13:53 . 2008-06-08 13:53 <DIR> d-------- C:\Documents and Settings\Sandi\Dane aplikacji\Corel
2008-06-08 13:49 . 2008-06-12 19:14 <DIR> d-------- C:\Program Files\MagicISO
2008-06-08 12:34 . 2008-06-08 12:34 <DIR> d-------- C:\Documents and Settings\LocalService\Dane aplikacji\WTablet
2008-06-07 19:12 . 2008-06-07 19:12 <DIR> d-------- C:\Program Files\Corel
2008-06-07 19:03 . 2008-06-07 19:03 <DIR> d-------- C:\WINDOWS\system32\WTablet
2008-06-07 19:03 . 2008-06-07 19:03 <DIR> d-------- C:\Program Files\Tablet
2008-06-07 19:03 . 2008-06-15 14:35 <DIR> d-------- C:\Documents and Settings\Sandi\Dane aplikacji\WTablet
2008-06-07 19:03 . 2006-12-05 22:28 3,307,056 --------- C:\WINDOWS\system32\WacomTablet.cpl
2008-06-07 19:03 . 2006-11-10 20:18 1,726,244 --------- C:\WINDOWS\system32\WacomTablet.znc
2008-06-07 19:03 . 2006-12-05 22:38 1,013,296 --------- C:\WINDOWS\system32\Tablet.exe
2008-06-07 19:03 . 2006-12-05 22:17 140,848 --------- C:\WINDOWS\system32\Wintab32.dll
2008-06-07 19:03 . 2006-11-15 21:55 6,272 --a------ C:\WINDOWS\system32\drivers\wacomvhid.sys
2008-06-07 19:03 . 2006-02-14 23:18 5,632 --a------ C:\WINDOWS\system32\drivers\wacommousefilter.sys
2008-06-07 18:15 . 2008-06-13 19:12 33,032 --a------ C:\WINDOWS\fastsmell.config
2008-06-07 18:09 . 2008-06-07 18:09 <DIR> d-------- C:\Program Files\Autodesk
2008-06-01 16:30 . 2008-06-01 16:30 <DIR> d--h----- C:\Documents and Settings\All Users\Dane aplikacji\CanonBJ
2008-06-01 16:30 . 2005-11-20 21:00 158,720 --a------ C:\WINDOWS\system32\CNMLM7S.DLL
2008-06-01 16:30 . 2005-10-05 09:26 98,304 --a------ C:\WINDOWS\system32\CNMCP7S.exe
2008-05-27 21:12 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-05-27 21:12 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-05-21 18:54 . 2008-05-21 18:54 <DIR> d-------- C:\WINDOWS\Sun
2008-05-21 18:54 . 2008-06-12 10:09 <DIR> d-------- C:\WINDOWS\.jagex_cache_32
2008-05-21 18:48 . 2008-05-26 20:54 <DIR> d-------- C:\Program Files\Google
2008-05-21 18:48 . 2007-05-02 04:01 49,265 --a------ C:\WINDOWS\system32\jpicpl32.cpl
2008-05-21 18:47 . 2008-05-21 18:48 <DIR> d-------- C:\Program Files\Java
2008-05-21 18:45 . 2008-05-21 18:45 <DIR> d-------- C:\Program Files\Common Files\Java
2008-05-20 22:00 . 2001-08-17 23:59 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-13 10:53 6,656 ----a-w C:\WINDOWS\system32\haspvdd.dll
2008-06-13 10:53 47,616 ----a-w C:\WINDOWS\system32\drivers\Haspnt.sys
2008-06-12 13:41 --------- d-----w C:\Program Files\Common Files\LightScribe
2008-06-10 12:31 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-20 19:06 --------- d-----w C:\Program Files\Common Files\Ahead
2008-05-20 19:05 --------- d-----w C:\Documents and Settings\Sandi\Dane aplikacji\Ahead
2008-05-20 19:03 --------- d-----w C:\Program Files\Nero
2008-05-20 19:03 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Nero
2008-05-20 19:02 --------- d-----w C:\Program Files\ATI Technologies
2008-05-20 18:57 --------- d-----w C:\Program Files\CyberLink
2008-05-20 18:52 --------- d-----w C:\Program Files\xp-AntiSpy
2008-05-20 18:41 --------- d-----w C:\Program Files\Alwil Software
2008-05-20 18:39 --------- d-----w C:\Program Files\D-Link
2008-05-20 18:39 --------- d-----w C:\Program Files\ANI
2008-05-20 18:38 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-05-20 18:18 --------- d-----w C:\Program Files\Realtek Sound Manager
2008-05-20 18:18 --------- d-----w C:\Program Files\Realtek AC97
2008-05-20 18:18 --------- d-----w C:\Program Files\AvRack
2008-05-20 18:15 --------- d-----w C:\Program Files\Intel
2008-05-20 18:08 --------- d-----w C:\Program Files\microsoft frontpage
2008-05-20 18:07 --------- d-----w C:\Program Files\Usługi online
2008-03-29 05:19 9,801,728 ----a-w C:\WINDOWS\system32\atioglx2.dll
2008-03-29 04:40 167,936 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2008-03-29 04:05 372,736 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2008-03-29 04:04 299,008 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2008-03-29 03:56 172,032 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2008-03-29 03:56 126,976 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2008-03-29 03:55 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2008-03-29 03:55 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2008-03-29 03:55 126,976 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2008-03-29 03:54 536,576 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2008-03-29 03:52 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2008-03-29 03:43 3,176,480 ----a-w C:\WINDOWS\system32\ati3duag.dll
2008-03-29 03:39 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2008-03-29 03:36 1,765,120 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2008-03-29 03:24 46,080 ----a-w C:\WINDOWS\system32\amdpcom32.dll
2008-03-29 03:23 5,439,488 ----a-w C:\WINDOWS\system32\atioglxx.dll
2008-03-29 03:21 393,216 ----a-w C:\WINDOWS\system32\atikvmag.dll
2008-03-29 03:19 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2008-03-29 03:12 520,192 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2008-03-28 19:05 593,920 ------w C:\WINDOWS\system32\ati2sgag.exe
.

((((((((((((((((((((((((((((( snapshot@2008-06-13_20.02.30,46 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-13 17:56:04 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-15 12:34:53 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-05-20 19:15:09 39,992 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-06-14 08:59:44 39,992 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-05-20 19:15:09 49,492 ----a-w C:\WINDOWS\system32\perfc015.dat
+ 2008-06-14 08:59:44 49,492 ----a-w C:\WINDOWS\system32\perfc015.dat
- 2008-05-20 19:15:09 311,604 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-06-14 08:59:44 311,604 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2008-05-20 19:15:09 355,486 ----a-w C:\WINDOWS\system32\perfh015.dat
+ 2008-06-14 08:59:44 355,486 ----a-w C:\WINDOWS\system32\perfh015.dat
+ 2008-06-15 12:35:01 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_5c4.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 18:05 143360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-08 17:47 68856]
"fastsmell"="C:\WINDOWS\fastsmell.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2006-08-03 05:12 577536 C:\WINDOWS\soundman.exe]
"D-Link AirPlus G"="C:\Program Files\D-Link\AirPlus G\AirGCFG.exe" [2005-03-18 04:34 1228800]
"ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2004-12-16 17:49 49152]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 01:19 79224]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 15:10 56928]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 22:55 54832]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_12\bin\jusched.exe" [2007-05-02 04:15 75520]
"Omnipage"="C:\Program Files\ScanSoft\OmniPageSE\opware32.exe" [2002-06-03 11:38 49152]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:44 15360]

C:\Documents and Settings\Sandi\Menu Start\Programy\Autostart\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"SENTINEL"= snti386.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Autodesk\\Maya8.5\\bin\\maya.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);C:\WINDOWS\system32\DRIVERS\A3AB.sys [2005-03-22 19:17]
R3 wacommousefilter;Wacom Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys [2006-02-14 23:18]
R3 wacomvhid;Wacom Virtual Hid Driver;C:\WINDOWS\system32\DRIVERS\wacomvhid.sys [2006-11-15 21:55]

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-15 19:13:31
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-15 19:14:12
ComboFix-quarantined-files.txt 2008-06-15 17:14:09
ComboFix2.txt 2008-06-13 20:34:05
ComboFix3.txt 2008-06-13 18:02:39

Pre-Run: 33,737,568,256 bajtów wolnych
Post-Run: 33,953,189,888 bajtów wolnych

180

[Arexe]

nadal został ten fastsmell.exe więc spróbuj to zrobic w Trybie Awaryjnym (Klikaj F8 Podczas ladowania sie systemu i z listy wybierz Tryb Awaryjny)

Wklej do notatnika:

Kod: Zaznacz wszystko

File::
C:\WINDOWS\fastsmell.config
C:\WINDOWS\fastsmell.exe


Plik zapisz jako CFScript.txt (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe)
Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe tak jak tu

Rozpocznie się usuwanie i powstanie log, daj ten log na forum

[protective]

Kolejny log

ComboFix 08-06-11.7 - Sandi 2008-06-15 20:52:09.4 - NTFSx86
Running from: C:\Documents and Settings\Sandi\Pulpit\pobieranie\ComboFix.exe

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

((((((((((((((((((((((((( Files Created from 2008-05-15 to 2008-06-15 )))))))))))))))))))))))))))))))
.

2008-06-13 13:04 . 2008-06-13 13:10 <DIR> d-------- C:\FlexLM
2008-06-13 12:53 . 2008-06-13 12:53 <DIR> d-------- C:\Documents and Settings\Sandi\WINDOWS
2008-06-13 12:51 . 2008-06-13 12:53 <DIR> d-------- C:\Program Files\Common Files\Alias Shared
2008-06-12 23:05 . 2004-08-04 00:44 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-06-10 14:57 . 2008-06-10 14:57 <DIR> d---s---- C:\Documents and Settings\Sandi\UserData
2008-06-10 14:45 . 2008-06-10 14:50 <DIR> d-------- C:\Documents and Settings\Sandi\Dane aplikacji\Arcsoft
2008-06-10 14:44 . 2008-06-15 14:55 <DIR> d-------- C:\Documents and Settings\Sandi\Dane aplikacji\Canon
2008-06-10 14:44 . 2008-06-10 14:47 25,713 --a------ C:\WINDOWS\CSTBox.INI
2008-06-10 14:44 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-06-10 14:44 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-06-10 14:31 . 2008-06-10 14:31 <DIR> d-------- C:\Program Files\Canon
2008-06-10 14:31 . 2008-06-10 14:31 <DIR> d-------- C:\Documents and Settings\Sandi\Dane aplikacji\ScanSoft
2008-06-10 14:31 . 2008-06-10 14:31 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\SSScanWizard
2008-06-10 14:31 . 2008-06-10 14:31 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\SSScanAppDataDir
2008-06-10 14:31 . 2008-06-10 14:31 525 --a------ C:\WINDOWS\MAXLINK.INI
2008-06-10 14:30 . 2008-06-10 14:30 <DIR> d-------- C:\Program Files\ScanSoft
2008-06-10 14:30 . 2008-06-10 14:31 <DIR> d-------- C:\Program Files\Common Files\ScanSoft Shared
2008-06-10 14:29 . 2008-06-10 14:29 <DIR> d-------- C:\Program Files\ArcSoft
2008-06-10 14:29 . 1995-07-31 13:44 212,480 --a------ C:\WINDOWS\system32\PCDLIB32.DLL
2008-06-10 14:29 . 1999-05-26 09:46 212,480 --a------ C:\WINDOWS\pcdlib32.dll
2008-06-10 14:29 . 1996-07-01 00:00 77,312 --a------ C:\WINDOWS\system32\TWAIN_32.DLL
2008-06-10 14:28 . 2008-06-10 14:28 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-06-10 14:28 . 2008-06-10 14:28 <DIR> d-------- C:\WINDOWS\Profiles
2008-06-10 14:28 . 2008-06-10 14:28 <DIR> d-------- C:\Documents and Settings\Sandi\Dane aplikacji\InterTrust
2008-06-10 14:28 . 1998-10-29 15:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-06-10 14:27 . 2008-06-10 14:27 <DIR> d--h----- C:\CanoScan
2008-06-10 14:27 . 2002-11-20 15:15 729,088 --a------ C:\WINDOWS\system32\CNQA1209.DLL
2008-06-10 14:27 . 2002-11-20 13:42 507,904 --a------ C:\WINDOWS\system32\CNQL1209.DLL
2008-06-10 14:27 . 2001-07-20 15:25 393,225 --a------ C:\WINDOWS\system32\CNQ1209F.PLG
2008-06-10 14:27 . 2001-08-31 19:02 393,225 --a------ C:\WINDOWS\system32\CNQ1209B.PLG
2008-06-10 14:27 . 2001-09-26 13:20 393,225 --a------ C:\WINDOWS\system32\CNQ12091.PLG
2008-06-10 14:27 . 2002-05-24 03:04 389,180 --a------ C:\WINDOWS\system32\UCS32P.DLL
2008-06-10 14:27 . 2002-11-15 10:15 40,960 --a------ C:\WINDOWS\system32\CNQU83.DLL
2008-06-08 15:41 . 2008-06-08 15:41 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-06-08 15:41 . 2008-06-08 15:41 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Adobe Systems
2008-06-08 15:40 . 2008-06-08 15:45 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-06-08 13:53 . 2008-06-08 13:53 <DIR> d-------- C:\Documents and Settings\Sandi\Dane aplikacji\Corel
2008-06-08 13:49 . 2008-06-12 19:14 <DIR> d-------- C:\Program Files\MagicISO
2008-06-08 12:34 . 2008-06-08 12:34 <DIR> d-------- C:\Documents and Settings\LocalService\Dane aplikacji\WTablet
2008-06-07 19:12 . 2008-06-07 19:12 <DIR> d-------- C:\Program Files\Corel
2008-06-07 19:03 . 2008-06-07 19:03 <DIR> d-------- C:\WINDOWS\system32\WTablet
2008-06-07 19:03 . 2008-06-07 19:03 <DIR> d-------- C:\Program Files\Tablet
2008-06-07 19:03 . 2008-06-15 20:51 <DIR> d-------- C:\Documents and Settings\Sandi\Dane aplikacji\WTablet
2008-06-07 19:03 . 2006-12-05 22:28 3,307,056 --------- C:\WINDOWS\system32\WacomTablet.cpl
2008-06-07 19:03 . 2006-11-10 20:18 1,726,244 --------- C:\WINDOWS\system32\WacomTablet.znc
2008-06-07 19:03 . 2006-12-05 22:38 1,013,296 --------- C:\WINDOWS\system32\Tablet.exe
2008-06-07 19:03 . 2006-12-05 22:17 140,848 --------- C:\WINDOWS\system32\Wintab32.dll
2008-06-07 19:03 . 2006-11-15 21:55 6,272 --a------ C:\WINDOWS\system32\drivers\wacomvhid.sys
2008-06-07 19:03 . 2006-02-14 23:18 5,632 --a------ C:\WINDOWS\system32\drivers\wacommousefilter.sys
2008-06-07 18:09 . 2008-06-07 18:09 <DIR> d-------- C:\Program Files\Autodesk
2008-06-01 16:30 . 2008-06-01 16:30 <DIR> d--h----- C:\Documents and Settings\All Users\Dane aplikacji\CanonBJ
2008-06-01 16:30 . 2005-11-20 21:00 158,720 --a------ C:\WINDOWS\system32\CNMLM7S.DLL
2008-06-01 16:30 . 2005-10-05 09:26 98,304 --a------ C:\WINDOWS\system32\CNMCP7S.exe
2008-05-27 21:12 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-05-27 21:12 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-05-21 18:54 . 2008-05-21 18:54 <DIR> d-------- C:\WINDOWS\Sun
2008-05-21 18:54 . 2008-06-12 10:09 <DIR> d-------- C:\WINDOWS\.jagex_cache_32
2008-05-21 18:48 . 2008-05-26 20:54 <DIR> d-------- C:\Program Files\Google
2008-05-21 18:48 . 2007-05-02 04:01 49,265 --a------ C:\WINDOWS\system32\jpicpl32.cpl
2008-05-21 18:47 . 2008-05-21 18:48 <DIR> d-------- C:\Program Files\Java
2008-05-21 18:45 . 2008-05-21 18:45 <DIR> d-------- C:\Program Files\Common Files\Java
2008-05-20 22:00 . 2001-08-17 23:59 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-13 10:53 6,656 ----a-w C:\WINDOWS\system32\haspvdd.dll
2008-06-13 10:53 47,616 ----a-w C:\WINDOWS\system32\drivers\Haspnt.sys
2008-06-12 13:41 --------- d-----w C:\Program Files\Common Files\LightScribe
2008-06-10 12:31 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-20 19:06 --------- d-----w C:\Program Files\Common Files\Ahead
2008-05-20 19:05 --------- d-----w C:\Documents and Settings\Sandi\Dane aplikacji\Ahead
2008-05-20 19:03 --------- d-----w C:\Program Files\Nero
2008-05-20 19:03 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Nero
2008-05-20 19:02 --------- d-----w C:\Program Files\ATI Technologies
2008-05-20 18:57 --------- d-----w C:\Program Files\CyberLink
2008-05-20 18:52 --------- d-----w C:\Program Files\xp-AntiSpy
2008-05-20 18:41 --------- d-----w C:\Program Files\Alwil Software
2008-05-20 18:39 --------- d-----w C:\Program Files\D-Link
2008-05-20 18:39 --------- d-----w C:\Program Files\ANI
2008-05-20 18:38 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-05-20 18:18 --------- d-----w C:\Program Files\Realtek Sound Manager
2008-05-20 18:18 --------- d-----w C:\Program Files\Realtek AC97
2008-05-20 18:18 --------- d-----w C:\Program Files\AvRack
2008-05-20 18:15 --------- d-----w C:\Program Files\Intel
2008-05-20 18:08 --------- d-----w C:\Program Files\microsoft frontpage
2008-05-20 18:07 --------- d-----w C:\Program Files\Usługi online
2008-03-29 05:19 9,801,728 ----a-w C:\WINDOWS\system32\atioglx2.dll
2008-03-29 04:40 167,936 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2008-03-29 04:05 372,736 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2008-03-29 04:04 299,008 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2008-03-29 03:56 172,032 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2008-03-29 03:56 126,976 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2008-03-29 03:55 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2008-03-29 03:55 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2008-03-29 03:55 126,976 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2008-03-29 03:54 536,576 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2008-03-29 03:52 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2008-03-29 03:43 3,176,480 ----a-w C:\WINDOWS\system32\ati3duag.dll
2008-03-29 03:39 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2008-03-29 03:36 1,765,120 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2008-03-29 03:24 46,080 ----a-w C:\WINDOWS\system32\amdpcom32.dll
2008-03-29 03:23 5,439,488 ----a-w C:\WINDOWS\system32\atioglxx.dll
2008-03-29 03:21 393,216 ----a-w C:\WINDOWS\system32\atikvmag.dll
2008-03-29 03:19 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2008-03-29 03:12 520,192 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2008-03-28 19:05 593,920 ------w C:\WINDOWS\system32\ati2sgag.exe
.

((((((((((((((((((((((((((((( snapshot@2008-06-13_20.02.30,46 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-13 17:56:04 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-15 18:51:10 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-05-20 19:15:09 39,992 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-06-14 08:59:44 39,992 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-05-20 19:15:09 49,492 ----a-w C:\WINDOWS\system32\perfc015.dat
+ 2008-06-14 08:59:44 49,492 ----a-w C:\WINDOWS\system32\perfc015.dat
- 2008-05-20 19:15:09 311,604 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-06-14 08:59:44 311,604 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2008-05-20 19:15:09 355,486 ----a-w C:\WINDOWS\system32\perfh015.dat
+ 2008-06-14 08:59:44 355,486 ----a-w C:\WINDOWS\system32\perfh015.dat
+ 2008-06-15 18:51:14 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_5f8.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 18:05 143360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-08 17:47 68856]
"fastsmell"="C:\WINDOWS\fastsmell.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2006-08-03 05:12 577536 C:\WINDOWS\soundman.exe]
"D-Link AirPlus G"="C:\Program Files\D-Link\AirPlus G\AirGCFG.exe" [2005-03-18 04:34 1228800]
"ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2004-12-16 17:49 49152]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 01:19 79224]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 15:10 56928]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 22:55 54832]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_12\bin\jusched.exe" [2007-05-02 04:15 75520]
"Omnipage"="C:\Program Files\ScanSoft\OmniPageSE\opware32.exe" [2002-06-03 11:38 49152]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:44 15360]

C:\Documents and Settings\Sandi\Menu Start\Programy\Autostart\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"SENTINEL"= snti386.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Autodesk\\Maya8.5\\bin\\maya.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);C:\WINDOWS\system32\DRIVERS\A3AB.sys [2005-03-22 19:17]
R3 wacommousefilter;Wacom Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys [2006-02-14 23:18]
R3 wacomvhid;Wacom Virtual Hid Driver;C:\WINDOWS\system32\DRIVERS\wacomvhid.sys [2006-11-15 21:55]

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-15 20:53:23
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-15 20:53:59
ComboFix-quarantined-files.txt 2008-06-15 18:53:57
ComboFix2.txt 2008-06-15 18:48:32
ComboFix3.txt 2008-06-15 17:14:12
ComboFix4.txt 2008-06-13 20:34:05
ComboFix5.txt 2008-06-13 18:02:39

Pre-Run: 33,797,038,080 bajtów wolnych
Post-Run: 33,789,771,776 bajtów wolnych

181

[Arexe]

jeszcze raz wTrybie Awaryjnym (Klikaj F8 Podczas ladowania sie systemu i z listy wybierz Tryb Awaryjny) bo dziad nie chce zniknac....

Wklej do notatnika:

Kod: Zaznacz wszystko

File::
C:\WINDOWS\fastsmell.config
C:\WINDOWS\fastsmell.exe
C:\WINDOWS\TEMP\perflib_perfdata_208.dat

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"fastsmell"=-


Plik zapisz jako CFScript.txt (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe)
Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe tak jak tu

Rozpocznie się usuwanie i powstanie log, daj ten log na forum

Zastosuj SDFix . Po pobraniu uruchom go a rozpakuje się do C:\SDFix. Uruchom komputer w trybie awaryjnym (F8 przy stracie systemu). Będąc w awaryjnym uruchom plik RunThis.bat z folderu SDFixa. Zatwierdź czyszczenie przez Y. Poczekaj aż ukończy i komputer zresetuje
Potem wejdz do folderu SDFix wrzuc zawartość pliku Report.txt