Proszę o sprawqdzenie loga-zawieszanie komputera

[sroka20]

Witam
Nod wykrył mi jakiegoś wirusa i od tamtej pory komputer nieużywany przez parę min zwyczajnie zamula(wszystkie okienka strasznie wolno się odpalają oraz często się zawiesza.Wyskakuje okienko z krytycznym stanem pamięci wirtualnej.Skanowałem róznymi programami i nic.Podaje logi.

Kod: Zaznacz wszystko

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:41:52, on 2008-12-23
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\aaaa\Pulpit\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://D:\ofice\Office10\EXCEL.EXE/3000
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

--
End of file - 2239 bytes


Kod: Zaznacz wszystko

ComboFix 08-12-18.03 - aaaa 2008-12-22 20:35:36.6 - [color=red][b]FAT32[/b][/color]x86
Uruchomiony z: c:\documents and settings\aaaa\Pulpit\ComboFix.exe
* Resident AV is active

.

(((((((((((((((((((((((((   Pliki utworzone od 2008-11-22 do 2008-12-22  )))))))))))))))))))))))))))))))
.

2008-12-22 18:21 . 2008-12-22 18:21   <DIR>   d--------   c:\program files\Odkurzacz
2008-12-22 17:40 . 2008-12-22 17:40   <DIR>   d--------   c:\program files\RegCleaner
2008-12-22 17:03 . 2008-12-22 17:04   <DIR>   d--h-----   c:\windows\system32\GroupPolicy
2008-12-22 16:21 . 2008-12-22 16:21   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\TEMP
2008-12-21 16:41 . 2008-11-06 02:03   <DIR>   d--------   C:\SDFix
2008-12-17 15:52 . 2004-08-03 23:08   31,616   --a------   c:\windows\system32\drivers\usbccgp.sys
2008-12-17 15:52 . 2004-08-03 23:08   31,616   --a------   c:\windows\system32\dllcache\usbccgp.sys
2008-12-17 15:52 . 2004-08-04 00:44   21,504   --a------   c:\windows\system32\hidserv.dll
2008-12-17 15:52 . 2004-08-04 00:44   21,504   --a------   c:\windows\system32\dllcache\hidserv.dll
2008-12-17 15:52 . 2004-08-04 00:38   14,848   --a------   c:\windows\system32\drivers\kbdhid.sys
2008-12-17 15:52 . 2004-08-04 00:38   14,848   --a------   c:\windows\system32\dllcache\kbdhid.sys
2008-12-17 15:52 . 2001-08-17 22:02   9,600   --a------   c:\windows\system32\drivers\hidusb.sys
2008-12-17 15:52 . 2001-08-17 22:02   9,600   --a------   c:\windows\system32\dllcache\hidusb.sys
2008-12-17 11:41 . 2008-12-17 11:41   <DIR>   d--------   c:\documents and settings\aaaa\Dane aplikacji\skypePM
2008-12-17 11:41 . 2008-12-17 11:41   <DIR>   d--------   c:\documents and settings\aaaa\Dane aplikacji\Skype
2008-12-17 11:41 . 2008-12-17 11:41   56   --ah-----   c:\windows\system32\ezsidmv.dat
2008-12-17 11:40 . 2008-12-17 11:40   <DIR>   d--------   c:\program files\Skype
2008-12-17 11:40 . 2008-12-17 11:40   <DIR>   d--------   c:\program files\Common Files\Skype
2008-12-17 11:40 . 2008-12-17 11:40   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\Skype
2008-12-17 10:11 . 2008-12-17 10:11   4   --a------   c:\windows\system32\proc1262767916.bin
2008-12-16 15:31 . 2008-12-16 15:31   <DIR>   d--------   c:\program files\IrfanView
2008-12-15 11:07 . 2008-12-15 11:07   <DIR>   d--------   c:\program files\Common Files\Adobe
2008-12-15 11:05 . 2008-12-15 11:05   <DIR>   d--------   c:\windows\Cache
2008-12-15 09:20 . 2008-12-15 09:20   427   --a------   c:\windows\ODBC.INI
2008-12-15 09:18 . 2008-12-15 09:18   <DIR>   d--------   c:\windows\ShellNew
2008-12-10 10:29 . 2008-12-10 10:29   <DIR>   d--------   c:\documents and settings\aaaa\Dane aplikacji\Media Player Classic
2008-12-09 14:04 . 2008-12-09 14:04   <DIR>   d--------   c:\documents and settings\aaaa\Dane aplikacji\Ashampoo
2008-12-09 14:03 . 2008-12-09 14:03   <DIR>   d--------   c:\program files\Ashampoo
2008-12-09 14:03 . 2008-12-09 14:03   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\ashampoo
2008-12-07 12:08 . 2008-12-07 12:08   <DIR>   d--------   c:\program files\Real Alternative
2008-12-07 12:08 . 2003-03-19 04:14   499,712   --a------   c:\windows\system32\msvcp71.dll
2008-12-07 12:08 . 2004-01-11 23:00   348,160   --a------   c:\windows\system32\msvcr71.dll
2008-12-07 03:02 . 2008-08-14 14:46   2,181,632   ---------   c:\windows\system32\dllcache\ntoskrnl.exe
2008-12-07 03:02 . 2008-08-14 14:46   2,137,600   ---------   c:\windows\system32\dllcache\ntkrnlmp.exe
2008-12-07 03:02 . 2008-08-14 14:46   2,059,008   ---------   c:\windows\system32\dllcache\ntkrnlpa.exe
2008-12-07 03:02 . 2008-08-14 14:46   2,017,280   ---------   c:\windows\system32\dllcache\ntkrpamp.exe
2008-12-07 03:02 . 2008-06-14 19:01   273,024   ---------   c:\windows\system32\drivers\bthport.sys
2008-12-07 03:02 . 2008-06-14 19:01   273,024   ---------   c:\windows\system32\dllcache\bthport.sys
2008-12-07 03:00 . 2008-12-07 03:00   <DIR>   d--h-----   c:\windows\$hf_mig$
2008-12-07 03:00 . 2005-02-25 04:36   22,752   --a------   c:\windows\system32\spupdsvc.exe
2008-12-07 00:34 . 2008-12-07 00:34   <DIR>   d--------   c:\windows\system32\CatRoot_bak
2008-12-07 00:33 . 2008-10-24 12:10   453,632   ---------   c:\windows\system32\dllcache\mrxsmb.sys
2008-12-06 23:19 . 2008-12-06 23:19   <DIR>   d--------   c:\program files\NAPI-PROJEKT
2008-12-06 16:01 . 2008-12-06 16:01   <DIR>   d--------   c:\documents and settings\aaaa\Dane aplikacji\BitTorrent
2008-12-06 16:00 . 2008-12-06 16:00   <DIR>   d--------   c:\program files\DNA
2008-12-06 16:00 . 2008-12-06 16:00   <DIR>   d--------   c:\program files\BitTorrent
2008-12-06 16:00 . 2008-12-06 16:00   <DIR>   d--------   c:\documents and settings\aaaa\Dane aplikacji\DNA
2008-12-06 12:41 . 2008-12-06 12:41   <DIR>   d--------   c:\program files\InstallShield Installation Information
2008-12-06 12:40 . 2008-12-06 12:40   <DIR>   d--------   c:\program files\VIA
2008-12-06 12:40 . 2008-12-06 12:40   <DIR>   d--------   c:\program files\Common Files\InstallShield
2008-12-06 12:40 . 2007-04-11 15:35   331,184   ---------   c:\windows\system32\difxapi.dll
2008-12-05 19:26 . 2008-12-05 19:26   <DIR>   d--------   c:\program files\SubEdit-Player
2008-12-05 19:01 . 2008-12-05 19:01   <DIR>   d--------   c:\documents and settings\aaaa\Dane aplikacji\GanymedeNet
2008-12-05 18:58 . 2008-12-05 18:58   <DIR>   d--------   c:\program files\Ganymede
2008-12-05 18:54 . 2008-12-05 18:55   <DIR>   d--hs----   C:\Recycled
2008-12-05 18:54 . 2008-12-05 18:54   592   --a------   c:\windows\chgkey.vbs

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-12 17:36   3,081,216   ----a-w   c:\windows\system32\dllcache\mshtml.dll
2008-12-05 16:53   ---------   d-----w   c:\program files\ESET
2008-12-05 16:53   ---------   d-----w   c:\documents and settings\All Users\Dane aplikacji\ESET
2008-12-05 16:42   ---------   d-----w   c:\program files\Gadu-Gadu
2008-12-05 16:18   ---------   d-----w   c:\program files\microsoft frontpage
2008-12-05 16:16   ---------   d-----w   c:\program files\Usługi online
2008-11-07 17:32   2,109,440   ----a-w   c:\windows\system32\dllcache\WMVCore.dll
2008-10-24 11:10   453,632   ----a-w   c:\windows\system32\drivers\mrxsmb.sys
2008-10-23 13:01   283,648   ----a-w   c:\windows\system32\gdi32.dll
2008-10-23 13:01   283,648   ----a-w   c:\windows\system32\dllcache\gdi32.dll
2008-10-16 13:13   202,776   ----a-w   c:\windows\system32\wuweb.dll
2008-10-16 13:13   202,776   ----a-w   c:\windows\system32\dllcache\wuweb.dll
2008-10-16 13:13   1,809,944   ----a-w   c:\windows\system32\wuaueng.dll
2008-10-16 13:13   1,809,944   ----a-w   c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 13:12   561,688   ----a-w   c:\windows\system32\wuapi.dll
2008-10-16 13:12   561,688   ----a-w   c:\windows\system32\dllcache\wuapi.dll
2008-10-16 13:12   323,608   ----a-w   c:\windows\system32\wucltui.dll
2008-10-16 13:12   323,608   ----a-w   c:\windows\system32\dllcache\wucltui.dll
2008-10-16 13:09   92,696   ----a-w   c:\windows\system32\dllcache\cdm.dll
2008-10-16 13:09   92,696   ----a-w   c:\windows\system32\cdm.dll
2008-10-16 13:09   51,224   ----a-w   c:\windows\system32\wuauclt.exe
2008-10-16 13:09   51,224   ----a-w   c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 13:09   43,544   ----a-w   c:\windows\system32\wups2.dll
2008-10-16 13:08   34,328   ----a-w   c:\windows\system32\wups.dll
2008-10-16 13:08   34,328   ----a-w   c:\windows\system32\dllcache\wups.dll
2008-10-15 17:00   332,800   ----a-w   c:\windows\system32\dllcache\netapi32.dll
2008-10-15 09:45   18,432   ----a-w   c:\windows\system32\dllcache\iedw.exe
2008-10-03 10:17   247,326   ----a-w   c:\windows\system32\strmdll.dll
2008-10-03 10:17   247,326   ----a-w   c:\windows\system32\dllcache\strmdll.dll
.

(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-11-05 1410304]
"AudioDeck"="c:\program files\VIA\VIAudioi\SBADeck\ADeck.exe" [2007-08-09 528384]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
--a------ 2008-12-16 17:20 342848 c:\program files\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-08-04 00:55 1667584 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-11-18 16:31 21633320 c:\program files\Skype\Phone\Skype.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Gadu-Gadu\\gg.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys [2007-11-05 30728]
R2 ekrn;Eset Service;"c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe" [2007-11-05 455936]
.
.
------- Skan uzupełniający -------
.
uInternet Connection Wizard,ShellNext = iexplore
IE: E&ksport do programu Microsoft Excel - d:\ofice\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\aaaa\Dane aplikacji\Mozilla\Firefox\Profiles\[u]0[/u]vdacs7f.default\
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npganymedenet.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPPOKER.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-22 20:36:30
Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPI

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  AudioDeck = c:\program files\VIA\VIAudioi\SBADeck\ADeck.exe 1????????????????????????????????????????????????

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
Czas ukończenia: 2008-12-22 20:36:58
ComboFix-quarantined-files.txt  2008-12-22 19:36:58
ComboFix4.txt  2008-12-21 18:51:20
ComboFix5.txt  2008-12-22 18:42:10
ComboFix3.txt  2008-12-21 20:31:40
ComboFix2.txt  2008-12-22 13:22:06

Przed: 1,541,931,008 bajtów wolnych
Po: 1,536,065,536 bajtów wolnych

WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect/noguiboot:
multi(0)disk(0)rdisk(0)partition(4)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect/noguiboot:

165   --- E O F ---   2008-12-19 02:00:29


[wojtas]

Otworz notatnik i wklej w nim to:

File::
C:\Recycled
D:\Recycled
E:\Recycled

>>Plik>>Zapisz jako... >>> CFScript
Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe
-->
Ma się rozpocząć usuwanie. (i powstanie log).Daj ten log, który powstanie w trakcie usuwania. Przeskanuj obszar mojego komputera http://www.kaspersky.pl/virusscanner.html (uruchom przez IE) Daj raport z niego na forum.

[sroka20]

Kod: Zaznacz wszystko

ComboFix 08-12-23.01 - aaaa 2008-12-23 18:32:25.7 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Professional  5.1.2600.2.1250.1.1045.18.255.107 [GMT 1:00]
Uruchomiony z: c:\documents and settings\aaaa\Pulpit\ComboFix.exe
Użyto następujących komend :: c:\documents and settings\aaaa\Pulpit\CFScript.txt
* Utworzono nowy punkt przywracania
* Resident AV is active


FILE ::
C:\Recycled
D:\Recycled
E:\Recycled
.

(((((((((((((((((((((((((   Pliki utworzone od 2008-11-23 do 2008-12-23  )))))))))))))))))))))))))))))))
.

2008-12-23 12:39 . 2008-12-23 12:39   <DIR>   d--------   c:\windows\ERUNT
2008-12-23 12:39 . 2008-12-23 12:39   <DIR>   d--------   C:\ERDNT
2008-12-23 12:39 . 2008-12-23 12:39   <DIR>   d--------   C:\!FixIEDef
2008-12-22 22:01 . 2008-12-22 22:01   <DIR>   d--------   c:\program files\Trojan Remover
2008-12-22 21:56 . 2008-12-22 21:56   <DIR>   d--------   c:\documents and settings\aaaa\Dane aplikacji\Simply Super Software
2008-12-22 21:56 . 2006-05-25 14:52   162,304   --a------   c:\windows\system32\ztvunrar36.dll
2008-12-22 21:56 . 2003-02-02 19:06   153,088   --a------   c:\windows\system32\unrar3.dll
2008-12-22 21:56 . 2005-08-26 00:50   77,312   --a------   c:\windows\system32\ztvunace26.dll
2008-12-22 21:56 . 2002-03-06 00:00   75,264   --a------   c:\windows\system32\unacev2.dll
2008-12-22 21:56 . 2006-06-19 12:01   69,632   --a------   c:\windows\system32\ztvcabinet.dll
2008-12-22 21:54 . 2008-12-22 21:54   <DIR>   d--------   c:\program files\weblin
2008-12-22 21:53 . 2008-12-22 21:53   <DIR>   d--------   c:\documents and settings\aaaa\Dane aplikacji\zweitgeist
2008-12-22 18:21 . 2008-12-22 18:21   <DIR>   d--------   c:\program files\Odkurzacz
2008-12-22 17:40 . 2008-12-22 17:40   <DIR>   d--------   c:\program files\RegCleaner
2008-12-22 17:03 . 2008-12-22 17:04   <DIR>   d--h-----   c:\windows\system32\GroupPolicy
2008-12-22 16:21 . 2008-12-22 16:21   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\TEMP
2008-12-17 15:52 . 2004-08-03 23:08   31,616   --a------   c:\windows\system32\drivers\usbccgp.sys
2008-12-17 15:52 . 2004-08-03 23:08   31,616   --a------   c:\windows\system32\dllcache\usbccgp.sys
2008-12-17 15:52 . 2004-08-04 00:44   21,504   --a------   c:\windows\system32\hidserv.dll
2008-12-17 15:52 . 2004-08-04 00:44   21,504   --a------   c:\windows\system32\dllcache\hidserv.dll
2008-12-17 15:52 . 2004-08-04 00:38   14,848   --a------   c:\windows\system32\drivers\kbdhid.sys
2008-12-17 15:52 . 2004-08-04 00:38   14,848   --a------   c:\windows\system32\dllcache\kbdhid.sys
2008-12-17 15:52 . 2001-08-17 22:02   9,600   --a------   c:\windows\system32\drivers\hidusb.sys
2008-12-17 15:52 . 2001-08-17 22:02   9,600   --a------   c:\windows\system32\dllcache\hidusb.sys
2008-12-17 11:41 . 2008-12-17 11:41   <DIR>   d--------   c:\documents and settings\aaaa\Dane aplikacji\skypePM
2008-12-17 11:41 . 2008-12-17 11:41   <DIR>   d--------   c:\documents and settings\aaaa\Dane aplikacji\Skype
2008-12-17 11:41 . 2008-12-17 11:41   56   --ah-----   c:\windows\system32\ezsidmv.dat
2008-12-17 11:40 . 2008-12-17 11:40   <DIR>   d--------   c:\program files\Skype
2008-12-17 11:40 . 2008-12-17 11:40   <DIR>   d--------   c:\program files\Common Files\Skype
2008-12-17 11:40 . 2008-12-17 11:40   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\Skype
2008-12-17 10:11 . 2008-12-17 10:11   4   --a------   c:\windows\system32\proc1262767916.bin
2008-12-16 15:31 . 2008-12-16 15:31   <DIR>   d--------   c:\program files\IrfanView
2008-12-15 11:07 . 2008-12-15 11:07   <DIR>   d--------   c:\program files\Common Files\Adobe
2008-12-15 11:05 . 2008-12-15 11:05   <DIR>   d--------   c:\windows\Cache
2008-12-15 09:20 . 2008-12-15 09:20   427   --a------   c:\windows\ODBC.INI
2008-12-15 09:18 . 2008-12-15 09:18   <DIR>   d--------   c:\windows\ShellNew
2008-12-10 10:29 . 2008-12-10 10:29   <DIR>   d--------   c:\documents and settings\aaaa\Dane aplikacji\Media Player Classic
2008-12-09 14:04 . 2008-12-09 14:04   <DIR>   d--------   c:\documents and settings\aaaa\Dane aplikacji\Ashampoo
2008-12-09 14:03 . 2008-12-09 14:03   <DIR>   d--------   c:\program files\Ashampoo
2008-12-09 14:03 . 2008-12-09 14:03   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\ashampoo
2008-12-07 12:08 . 2008-12-07 12:08   <DIR>   d--------   c:\program files\Real Alternative
2008-12-07 12:08 . 2003-03-19 04:14   499,712   --a------   c:\windows\system32\msvcp71.dll
2008-12-07 12:08 . 2004-01-11 23:00   348,160   --a------   c:\windows\system32\msvcr71.dll
2008-12-07 03:02 . 2008-08-14 14:46   2,181,632   ---------   c:\windows\system32\dllcache\ntoskrnl.exe
2008-12-07 03:02 . 2008-08-14 14:46   2,137,600   ---------   c:\windows\system32\dllcache\ntkrnlmp.exe
2008-12-07 03:02 . 2008-08-14 14:46   2,059,008   ---------   c:\windows\system32\dllcache\ntkrnlpa.exe
2008-12-07 03:02 . 2008-08-14 14:46   2,017,280   ---------   c:\windows\system32\dllcache\ntkrpamp.exe
2008-12-07 03:02 . 2008-06-14 19:01   273,024   ---------   c:\windows\system32\drivers\bthport.sys
2008-12-07 03:02 . 2008-06-14 19:01   273,024   ---------   c:\windows\system32\dllcache\bthport.sys
2008-12-07 03:00 . 2008-12-07 03:00   <DIR>   d--h-----   c:\windows\$hf_mig$
2008-12-07 03:00 . 2005-02-25 04:36   22,752   --a------   c:\windows\system32\spupdsvc.exe
2008-12-07 00:34 . 2008-12-07 00:34   <DIR>   d--------   c:\windows\system32\CatRoot_bak
2008-12-07 00:33 . 2008-10-24 12:10   453,632   ---------   c:\windows\system32\dllcache\mrxsmb.sys
2008-12-06 23:19 . 2008-12-06 23:19   <DIR>   d--------   c:\program files\NAPI-PROJEKT
2008-12-06 16:01 . 2008-12-06 16:01   <DIR>   d--------   c:\documents and settings\aaaa\Dane aplikacji\BitTorrent
2008-12-06 16:00 . 2008-12-06 16:00   <DIR>   d--------   c:\program files\DNA
2008-12-06 16:00 . 2008-12-06 16:00   <DIR>   d--------   c:\program files\BitTorrent
2008-12-06 16:00 . 2008-12-06 16:00   <DIR>   d--------   c:\documents and settings\aaaa\Dane aplikacji\DNA
2008-12-06 12:41 . 2008-12-06 12:41   <DIR>   d--------   c:\program files\InstallShield Installation Information
2008-12-06 12:40 . 2008-12-06 12:40   <DIR>   d--------   c:\program files\VIA
2008-12-06 12:40 . 2008-12-06 12:40   <DIR>   d--------   c:\program files\Common Files\InstallShield
2008-12-06 12:40 . 2007-04-11 15:35   331,184   ---------   c:\windows\system32\difxapi.dll
2008-12-05 19:26 . 2008-12-05 19:26   <DIR>   d--------   c:\program files\SubEdit-Player
2008-12-05 19:01 . 2008-12-05 19:01   <DIR>   d--------   c:\documents and settings\aaaa\Dane aplikacji\GanymedeNet
2008-12-05 18:58 . 2008-12-05 18:58   <DIR>   d--------   c:\program files\Ganymede
2008-12-05 18:54 . 2008-12-05 18:55   <DIR>   d--hs----   C:\Recycled
2008-12-05 18:54 . 2008-12-05 18:54   592   --a------   c:\windows\chgkey.vbs

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-12 17:36   3,081,216   ----a-w   c:\windows\system32\dllcache\mshtml.dll
2008-12-05 16:53   ---------   d-----w   c:\program files\ESET
2008-12-05 16:53   ---------   d-----w   c:\documents and settings\All Users\Dane aplikacji\ESET
2008-12-05 16:42   ---------   d-----w   c:\program files\Gadu-Gadu
2008-12-05 16:18   ---------   d-----w   c:\program files\microsoft frontpage
2008-12-05 16:16   ---------   d-----w   c:\program files\Usługi online
2008-11-07 17:32   2,109,440   ----a-w   c:\windows\system32\dllcache\WMVCore.dll
2008-10-24 11:10   453,632   ----a-w   c:\windows\system32\drivers\mrxsmb.sys
2008-10-23 13:01   283,648   ----a-w   c:\windows\system32\gdi32.dll
2008-10-23 13:01   283,648   ----a-w   c:\windows\system32\dllcache\gdi32.dll
2008-10-16 13:13   202,776   ----a-w   c:\windows\system32\wuweb.dll
2008-10-16 13:13   202,776   ----a-w   c:\windows\system32\dllcache\wuweb.dll
2008-10-16 13:13   1,809,944   ----a-w   c:\windows\system32\wuaueng.dll
2008-10-16 13:13   1,809,944   ----a-w   c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 13:12   561,688   ----a-w   c:\windows\system32\wuapi.dll
2008-10-16 13:12   561,688   ----a-w   c:\windows\system32\dllcache\wuapi.dll
2008-10-16 13:12   323,608   ----a-w   c:\windows\system32\wucltui.dll
2008-10-16 13:12   323,608   ----a-w   c:\windows\system32\dllcache\wucltui.dll
2008-10-16 13:09   92,696   ----a-w   c:\windows\system32\dllcache\cdm.dll
2008-10-16 13:09   92,696   ----a-w   c:\windows\system32\cdm.dll
2008-10-16 13:09   51,224   ----a-w   c:\windows\system32\wuauclt.exe
2008-10-16 13:09   51,224   ----a-w   c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 13:09   43,544   ----a-w   c:\windows\system32\wups2.dll
2008-10-16 13:08   34,328   ----a-w   c:\windows\system32\wups.dll
2008-10-16 13:08   34,328   ----a-w   c:\windows\system32\dllcache\wups.dll
2008-10-15 17:00   332,800   ----a-w   c:\windows\system32\dllcache\netapi32.dll
2008-10-15 09:45   18,432   ----a-w   c:\windows\system32\dllcache\iedw.exe
2008-10-03 10:17   247,326   ----a-w   c:\windows\system32\strmdll.dll
2008-10-03 10:17   247,326   ----a-w   c:\windows\system32\dllcache\strmdll.dll
.

(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-11-05 1410304]
"AudioDeck"="c:\program files\VIA\VIAudioi\SBADeck\ADeck.exe" [2007-08-09 528384]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
--a------ 2008-12-16 17:20 342848 c:\program files\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-11-18 16:31 21633320 c:\program files\Skype\Phone\Skype.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Gadu-Gadu\\gg.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys [2007-11-05 30728]
R2 ekrn;Eset Service;"c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe" [2007-11-05 455936]
.
- - - - USUNIĘTO PUSTE WPISY - - - -

MSConfigStartUp-MSMSGS - c:\program files\Messenger\msmsgs.exe


.
------- Skan uzupełniający -------
.
uInternet Connection Wizard,ShellNext = iexplore
IE: E&ksport do programu Microsoft Excel - d:\ofice\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\aaaa\Dane aplikacji\Mozilla\Firefox\Profiles\[u]0[/u]vdacs7f.default\
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npganymedenet.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPPOKER.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-23 18:33:19
Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPI

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  AudioDeck = c:\program files\VIA\VIAudioi\SBADeck\ADeck.exe 1????????????????????????????????????????????????

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
Czas ukończenia: 2008-12-23 18:33:48
ComboFix-quarantined-files.txt  2008-12-23 17:33:48

Przed: 1 650 515 968 bajtów wolnych
Po: 1,644,118,016 bajtów wolnych

171   --- E O F ---   2008-12-19 02:00:29


po skanowaniu kasperskim czyściutko:)

[wojtas]

Otworz notatnik i wklej w nim to:

Folder::
C:\Recycled
D:\Recycled
E:\Recycled

>>Plik>>Zapisz jako... >>> CFScript
Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe
-->
Ma się rozpocząć usuwanie. (i powstanie log).Daj ten log, który powstanie w trakcie usuwania.

[sroka20]

O to ten log o którym pisałeś:

Kod: Zaznacz wszystko

ComboFix 08-12-23.01 - aaaa 2008-12-24 16:35:39.8 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Professional  5.1.2600.2.1250.1.1045.18.255.136 [GMT 1:00]
Uruchomiony z: c:\documents and settings\aaaa\Pulpit\ComboFix.exe
Użyto następujących komend :: c:\documents and settings\aaaa\Pulpit\CFScript.txt
* Utworzono nowy punkt przywracania
* Resident AV is active

.

(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Recycled
c:\recycled\desktop.ini
c:\recycled\INFO2
D:\Recycled
d:\recycled\desktop.ini
d:\recycled\INFO2
E:\Recycled
e:\recycled\desktop.ini
e:\recycled\INFO2

.
(((((((((((((((((((((((((   Pliki utworzone od 2008-11-24 do 2008-12-24  )))))))))))))))))))))))))))))))
.

2008-12-23 18:39 . 2008-12-23 18:39   <DIR>   d--------   c:\windows\Sun
2008-12-23 18:38 . 2008-12-23 18:37   410,984   --a------   c:\windows\system32\deploytk.dll
2008-12-23 18:38 . 2008-12-23 18:37   73,728   --a------   c:\windows\system32\javacpl.cpl
2008-12-23 18:37 . 2008-12-23 18:37   <DIR>   d--------   c:\program files\Java
2008-12-23 12:39 . 2008-12-23 12:39   <DIR>   d--------   c:\windows\ERUNT
2008-12-23 12:39 . 2008-12-23 12:39   <DIR>   d--------   C:\ERDNT
2008-12-23 12:39 . 2008-12-23 12:39   <DIR>   d--------   C:\!FixIEDef
2008-12-22 22:01 . 2008-12-22 22:01   <DIR>   d--------   c:\program files\Trojan Remover
2008-12-22 21:56 . 2008-12-22 21:56   <DIR>   d--------   c:\documents and settings\aaaa\Dane aplikacji\Simply Super Software
2008-12-22 21:56 . 2006-05-25 14:52   162,304   --a------   c:\windows\system32\ztvunrar36.dll
2008-12-22 21:56 . 2003-02-02 19:06   153,088   --a------   c:\windows\system32\unrar3.dll
2008-12-22 21:56 . 2005-08-26 00:50   77,312   --a------   c:\windows\system32\ztvunace26.dll
2008-12-22 21:56 . 2002-03-06 00:00   75,264   --a------   c:\windows\system32\unacev2.dll
2008-12-22 21:56 . 2006-06-19 12:01   69,632   --a------   c:\windows\system32\ztvcabinet.dll
2008-12-22 21:54 . 2008-12-22 21:54   <DIR>   d--------   c:\program files\weblin
2008-12-22 21:53 . 2008-12-22 21:53   <DIR>   d--------   c:\documents and settings\aaaa\Dane aplikacji\zweitgeist
2008-12-22 18:21 . 2008-12-22 18:21   <DIR>   d--------   c:\program files\Odkurzacz
2008-12-22 17:40 . 2008-12-22 17:40   <DIR>   d--------   c:\program files\RegCleaner
2008-12-22 17:03 . 2008-12-22 17:04   <DIR>   d--h-----   c:\windows\system32\GroupPolicy
2008-12-22 16:21 . 2008-12-22 16:21   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\TEMP
2008-12-17 15:52 . 2004-08-03 23:08   31,616   --a------   c:\windows\system32\drivers\usbccgp.sys
2008-12-17 15:52 . 2004-08-03 23:08   31,616   --a------   c:\windows\system32\dllcache\usbccgp.sys
2008-12-17 15:52 . 2004-08-04 00:44   21,504   --a------   c:\windows\system32\hidserv.dll
2008-12-17 15:52 . 2004-08-04 00:44   21,504   --a------   c:\windows\system32\dllcache\hidserv.dll
2008-12-17 15:52 . 2004-08-04 00:38   14,848   --a------   c:\windows\system32\drivers\kbdhid.sys
2008-12-17 15:52 . 2004-08-04 00:38   14,848   --a------   c:\windows\system32\dllcache\kbdhid.sys
2008-12-17 15:52 . 2001-08-17 22:02   9,600   --a------   c:\windows\system32\drivers\hidusb.sys
2008-12-17 15:52 . 2001-08-17 22:02   9,600   --a------   c:\windows\system32\dllcache\hidusb.sys
2008-12-17 11:41 . 2008-12-17 11:41   <DIR>   d--------   c:\documents and settings\aaaa\Dane aplikacji\skypePM
2008-12-17 11:41 . 2008-12-17 11:41   <DIR>   d--------   c:\documents and settings\aaaa\Dane aplikacji\Skype
2008-12-17 11:41 . 2008-12-17 11:41   56   --ah-----   c:\windows\system32\ezsidmv.dat
2008-12-17 11:40 . 2008-12-17 11:40   <DIR>   d--------   c:\program files\Skype
2008-12-17 11:40 . 2008-12-17 11:40   <DIR>   d--------   c:\program files\Common Files\Skype
2008-12-17 11:40 . 2008-12-17 11:40   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\Skype
2008-12-17 10:11 . 2008-12-17 10:11   4   --a------   c:\windows\system32\proc1262767916.bin
2008-12-16 15:31 . 2008-12-16 15:31   <DIR>   d--------   c:\program files\IrfanView
2008-12-15 11:07 . 2008-12-15 11:07   <DIR>   d--------   c:\program files\Common Files\Adobe
2008-12-15 11:05 . 2008-12-15 11:05   <DIR>   d--------   c:\windows\Cache
2008-12-15 09:20 . 2008-12-15 09:20   427   --a------   c:\windows\ODBC.INI
2008-12-15 09:18 . 2008-12-15 09:18   <DIR>   d--------   c:\windows\ShellNew
2008-12-10 10:29 . 2008-12-10 10:29   <DIR>   d--------   c:\documents and settings\aaaa\Dane aplikacji\Media Player Classic
2008-12-09 14:04 . 2008-12-09 14:04   <DIR>   d--------   c:\documents and settings\aaaa\Dane aplikacji\Ashampoo
2008-12-09 14:03 . 2008-12-09 14:03   <DIR>   d--------   c:\program files\Ashampoo
2008-12-09 14:03 . 2008-12-09 14:03   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\ashampoo
2008-12-07 12:08 . 2008-12-07 12:08   <DIR>   d--------   c:\program files\Real Alternative
2008-12-07 12:08 . 2003-03-19 04:14   499,712   --a------   c:\windows\system32\msvcp71.dll
2008-12-07 12:08 . 2004-01-11 23:00   348,160   --a------   c:\windows\system32\msvcr71.dll
2008-12-07 03:02 . 2008-08-14 14:46   2,181,632   ---------   c:\windows\system32\dllcache\ntoskrnl.exe
2008-12-07 03:02 . 2008-08-14 14:46   2,137,600   ---------   c:\windows\system32\dllcache\ntkrnlmp.exe
2008-12-07 03:02 . 2008-08-14 14:46   2,059,008   ---------   c:\windows\system32\dllcache\ntkrnlpa.exe
2008-12-07 03:02 . 2008-08-14 14:46   2,017,280   ---------   c:\windows\system32\dllcache\ntkrpamp.exe
2008-12-07 03:02 . 2008-06-14 19:01   273,024   ---------   c:\windows\system32\drivers\bthport.sys
2008-12-07 03:02 . 2008-06-14 19:01   273,024   ---------   c:\windows\system32\dllcache\bthport.sys
2008-12-07 03:00 . 2008-12-07 03:00   <DIR>   d--h-----   c:\windows\$hf_mig$
2008-12-07 03:00 . 2005-02-25 04:36   22,752   --a------   c:\windows\system32\spupdsvc.exe
2008-12-07 00:34 . 2008-12-07 00:34   <DIR>   d--------   c:\windows\system32\CatRoot_bak
2008-12-07 00:33 . 2008-10-24 12:10   453,632   ---------   c:\windows\system32\dllcache\mrxsmb.sys
2008-12-06 23:19 . 2008-12-06 23:19   <DIR>   d--------   c:\program files\NAPI-PROJEKT
2008-12-06 16:01 . 2008-12-06 16:01   <DIR>   d--------   c:\documents and settings\aaaa\Dane aplikacji\BitTorrent
2008-12-06 16:00 . 2008-12-06 16:00   <DIR>   d--------   c:\program files\DNA
2008-12-06 16:00 . 2008-12-06 16:00   <DIR>   d--------   c:\program files\BitTorrent
2008-12-06 16:00 . 2008-12-06 16:00   <DIR>   d--------   c:\documents and settings\aaaa\Dane aplikacji\DNA
2008-12-06 12:41 . 2008-12-06 12:41   <DIR>   d--------   c:\program files\InstallShield Installation Information
2008-12-06 12:40 . 2008-12-06 12:40   <DIR>   d--------   c:\program files\VIA
2008-12-06 12:40 . 2008-12-06 12:40   <DIR>   d--------   c:\program files\Common Files\InstallShield
2008-12-06 12:40 . 2007-04-11 15:35   331,184   ---------   c:\windows\system32\difxapi.dll
2008-12-05 19:26 . 2008-12-05 19:26   <DIR>   d--------   c:\program files\SubEdit-Player
2008-12-05 19:01 . 2008-12-05 19:01   <DIR>   d--------   c:\documents and settings\aaaa\Dane aplikacji\GanymedeNet
2008-12-05 18:58 . 2008-12-05 18:58   <DIR>   d--------   c:\program files\Ganymede
2008-12-05 18:54 . 2008-12-05 18:54   592   --a------   c:\windows\chgkey.vbs

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-12 17:36   3,081,216   ----a-w   c:\windows\system32\dllcache\mshtml.dll
2008-12-05 16:53   ---------   d-----w   c:\program files\ESET
2008-12-05 16:53   ---------   d-----w   c:\documents and settings\All Users\Dane aplikacji\ESET
2008-12-05 16:42   ---------   d-----w   c:\program files\Gadu-Gadu
2008-12-05 16:18   ---------   d-----w   c:\program files\microsoft frontpage
2008-12-05 16:16   ---------   d-----w   c:\program files\Usługi online
2008-11-07 17:32   2,109,440   ----a-w   c:\windows\system32\dllcache\WMVCore.dll
2008-10-24 11:10   453,632   ----a-w   c:\windows\system32\drivers\mrxsmb.sys
2008-10-23 13:01   283,648   ----a-w   c:\windows\system32\gdi32.dll
2008-10-23 13:01   283,648   ----a-w   c:\windows\system32\dllcache\gdi32.dll
2008-10-16 13:13   202,776   ----a-w   c:\windows\system32\wuweb.dll
2008-10-16 13:13   202,776   ----a-w   c:\windows\system32\dllcache\wuweb.dll
2008-10-16 13:13   1,809,944   ----a-w   c:\windows\system32\wuaueng.dll
2008-10-16 13:13   1,809,944   ----a-w   c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 13:12   561,688   ----a-w   c:\windows\system32\wuapi.dll
2008-10-16 13:12   561,688   ----a-w   c:\windows\system32\dllcache\wuapi.dll
2008-10-16 13:12   323,608   ----a-w   c:\windows\system32\wucltui.dll
2008-10-16 13:12   323,608   ----a-w   c:\windows\system32\dllcache\wucltui.dll
2008-10-16 13:09   92,696   ----a-w   c:\windows\system32\dllcache\cdm.dll
2008-10-16 13:09   92,696   ----a-w   c:\windows\system32\cdm.dll
2008-10-16 13:09   51,224   ----a-w   c:\windows\system32\wuauclt.exe
2008-10-16 13:09   51,224   ----a-w   c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 13:09   43,544   ----a-w   c:\windows\system32\wups2.dll
2008-10-16 13:08   34,328   ----a-w   c:\windows\system32\wups.dll
2008-10-16 13:08   34,328   ----a-w   c:\windows\system32\dllcache\wups.dll
2008-10-15 17:00   332,800   ----a-w   c:\windows\system32\dllcache\netapi32.dll
2008-10-15 09:45   18,432   ----a-w   c:\windows\system32\dllcache\iedw.exe
2008-10-03 10:17   247,326   ----a-w   c:\windows\system32\strmdll.dll
2008-10-03 10:17   247,326   ----a-w   c:\windows\system32\dllcache\strmdll.dll
.

(((((((((((((((((((((((((((((   snapshot@2008-12-23_18.33.26,76   )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-12-23 17:37:58   144,792   ----a-w   c:\windows\system32\java.exe
+ 2008-12-23 17:37:58   144,792   ----a-w   c:\windows\system32\javaw.exe
+ 2008-12-23 17:37:58   148,888   ----a-w   c:\windows\system32\javaws.exe
+ 2008-12-23 17:38:10   16,384   ----a-w   c:\windows\temp\Perflib_Perfdata_920.dat
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-11-05 1410304]
"AudioDeck"="c:\program files\VIA\VIAudioi\SBADeck\ADeck.exe" [2007-08-09 528384]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-23 136600]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
--a------ 2008-12-16 17:20 342848 c:\program files\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-11-18 16:31 21633320 c:\program files\Skype\Phone\Skype.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Gadu-Gadu\\gg.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys [2007-11-05 30728]
R2 ekrn;Eset Service;"c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe" [2007-11-05 455936]

*Newly Created Service* - CATCHME
*Newly Created Service* - JAVAQUICKSTARTERSERVICE
*Newly Created Service* - WMIAPSRV
.
.
------- Skan uzupełniający -------
.
uInternet Connection Wizard,ShellNext = iexplore
IE: E&ksport do programu Microsoft Excel - d:\ofice\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\aaaa\Dane aplikacji\Mozilla\Firefox\Profiles\[u]0[/u]vdacs7f.default\
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npganymedenet.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPPOKER.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-24 16:36:40
Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPI

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  AudioDeck = c:\program files\VIA\VIAudioi\SBADeck\ADeck.exe 1????????????????????????????????????????????????

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
Czas ukończenia: 2008-12-24 16:37:09
ComboFix-quarantined-files.txt  2008-12-24 15:37:08
ComboFix2.txt  2008-12-23 17:33:50

Przed: 915 619 840 bajtów wolnych
Po: 964,530,176 bajtów wolnych

192   --- E O F ---   2008-12-19 02:00:29


[Okocza]

Wykonaj to co jest podane w tym temacie

1. tym programem przejdź komputer
2. wykonaj optymalizację windowsa
3.sciagnij ATF_Cleaner
zaznacz
Windows Temp
All users Temp
Temporary internet files
Recycle Bin
i wcisnij EMPTY SELECTED
4.Wyłącz przywracanie systemu ( właściwości mój komputer-zakładka przywracanie - wyłącz przywracanie na wszystkich dyskach). Po chwili włącz je powrotem
5. Przeskanuj komputer pod względem Trojanów tym programem
6. Wstaw na forum screen z zakładki uruchamianie (start – uruchom – msconfig – uruchamianie) może uda się cos wyrzucic stamtąd.