Nie wyświetla mi ukrytych plików i folderów...

[david-p]

Kod: Zaznacz wszystko

ComboFix 08-12-15.05 - Komputer 2008-12-16 17:37:41.2 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1250.1.1045.18.2047.1579 [GMT 1:00]
Uruchomiony z: e:\z internetu programy\ComboFix.exe
.

(((((((((((((((((((((((((   Pliki utworzone od 2008-11-16 do 2008-12-16  )))))))))))))))))))))))))))))))
.

2008-12-16 17:13 . 2008-12-16 17:15   <DIR>   d--------   C:\Downloads
2008-12-16 16:52 . 2008-12-16 17:12   <DIR>   d--------   C:\totalcmd
2008-12-16 16:52 . 2008-12-16 16:57   730   --a------   c:\windows\wincmd.ini
2008-12-16 16:52 . 2008-08-08 07:04   545   --a------   c:\windows\UC.PIF
2008-12-16 16:52 . 2008-08-08 07:04   545   --a------   c:\windows\RAR.PIF
2008-12-16 16:52 . 2008-08-08 07:04   545   --a------   c:\windows\PKZIP.PIF
2008-12-16 16:52 . 2008-08-08 07:04   545   --a------   c:\windows\PKUNZIP.PIF
2008-12-16 16:52 . 2008-08-08 07:04   545   --a------   c:\windows\NOCLOSE.PIF
2008-12-16 16:52 . 2008-08-08 07:04   545   --a------   c:\windows\LHA.PIF
2008-12-16 16:52 . 2008-08-08 07:04   545   --a------   c:\windows\ARJ.PIF
2008-12-16 16:41 . 2008-12-16 16:41   85,504   -r-hs----   c:\windows\system32\vbsdfe1.dll
2008-12-16 15:38 . 2008-12-16 15:38   <DIR>   d--------   c:\documents and settings\Komputer\Dane aplikacji\Ventrilo
2008-12-16 15:36 . 2008-12-16 15:36   <DIR>   d--------   c:\program files\Ventrilo
2008-12-16 15:36 . 2008-12-16 15:36   <DIR>   d--------   c:\program files\Common Files\Wise Installation Wizard
2008-12-16 14:45 . 2008-12-16 14:45   <DIR>   d--------   c:\program files\Alwil Software
2008-12-16 14:45 . 2003-03-18 21:20   1,060,864   --a------   c:\windows\system32\MFC71.dll
2008-12-16 14:44 . 2004-08-03 23:08   26,496   --a--c---   c:\windows\system32\dllcache\usbstor.sys
2008-12-16 14:41 . 2008-12-16 14:41   <DIR>   d--------   c:\program files\ABBYY FineReader 5.0 Sprint
2008-12-16 14:38 . 2008-12-16 14:38   100   --a------   c:\windows\lexstat.ini
2008-12-16 14:37 . 2008-12-16 14:39   <DIR>   d--------   c:\program files\Lexmark 2200 Series
2008-12-16 14:37 . 2008-12-16 14:37   <DIR>   d--------   c:\documents and settings\Komputer\WINDOWS
2008-12-16 14:36 . 2008-12-16 14:36   <DIR>   d--h-----   c:\windows\msdownld.tmp
2008-12-16 14:35 . 2008-12-16 14:36   <DIR>   d--------   c:\windows\system32\pl-pl
2008-12-16 14:30 . 2008-10-16 21:33   6,066,176   -----c---   c:\windows\system32\dllcache\ieframe.dll
2008-12-16 14:30 . 2007-04-17 10:32   2,455,488   -----c---   c:\windows\system32\dllcache\ieapfltr.dat
2008-12-16 14:30 . 2007-03-08 06:11   1,036,288   -----c---   c:\windows\system32\dllcache\ieframe.dll.mui
2008-12-16 14:30 . 2008-10-16 21:33   459,264   -----c---   c:\windows\system32\dllcache\msfeeds.dll
2008-12-16 14:30 . 2008-10-16 21:33   383,488   -----c---   c:\windows\system32\dllcache\ieapfltr.dll
2008-12-16 14:30 . 2008-10-16 21:33   267,776   -----c---   c:\windows\system32\dllcache\iertutil.dll
2008-12-16 14:30 . 2008-10-16 21:33   63,488   -----c---   c:\windows\system32\dllcache\icardie.dll
2008-12-16 14:30 . 2008-10-16 21:33   52,224   -----c---   c:\windows\system32\dllcache\msfeedsbs.dll
2008-12-16 14:30 . 2008-10-16 14:11   13,824   -----c---   c:\windows\system32\dllcache\ieudinit.exe
2008-12-16 14:28 . 2008-12-16 14:28   <DIR>   d--------   c:\program files\Windows Media Connect 2
2008-12-16 14:27 . 2008-12-16 14:27   <DIR>   d--------   c:\windows\system32\LogFiles
2008-12-16 14:27 . 2008-12-16 14:27   <DIR>   d--------   c:\windows\system32\drivers\UMDF
2008-12-16 14:27 . 2006-09-25 17:58   23,856   --a------   c:\windows\system32\spupdsvc.exe
2008-12-16 14:21 . 2008-12-16 14:21   <DIR>   d--------   c:\program files\WinLock
2008-12-16 14:18 . 2008-12-16 14:20   <DIR>   d--------   c:\program files\Winamp
2008-12-16 14:18 . 2008-12-16 14:19   <DIR>   d--------   c:\documents and settings\Komputer\Dane aplikacji\Winamp
2008-12-16 14:17 . 2008-12-16 17:38   <DIR>   d--------   c:\documents and settings\Komputer\Dane aplikacji\Skype
2008-12-16 14:13 . 2008-12-16 14:13   <DIR>   d--------   c:\program files\Skype
2008-12-16 14:07 . 2008-12-16 14:07   <DIR>   d--------   c:\program files\K-Lite Codec Pack
2008-12-16 14:07 . 2008-09-16 01:14   3,596,288   --a------   c:\windows\system32\qt-dx331.dll

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-16 16:32   ---------   d-----w   c:\program files\FlashGet
2008-12-16 16:22   85,504   --sh--r   c:\windows\system32\vbsdfe0.dll
2008-12-16 15:41   113,878   --sh--r   c:\windows\system32\vamsoft.exe
2008-12-16 12:41   ---------   d-----w   c:\documents and settings\Komputer\Dane aplikacji\Gadu-Gadu
2008-12-16 12:40   ---------   d-----w   c:\program files\Gadu-Gadu
2008-12-16 12:39   ---------   d-----w   c:\program files\A4Tech
2008-12-16 12:33   ---------   d-----w   c:\program files\Microsoft.NET
2008-12-16 12:30   ---------   d-----w   c:\program files\Common Files\Adobe
2008-12-16 12:29   ---------   d--h--w   c:\program files\InstallShield Installation Information
2008-12-16 12:29   ---------   d-----w   c:\program files\CyberLink
2008-12-16 12:29   ---------   d-----w   c:\documents and settings\All Users\Dane aplikacji\CyberLink
2008-12-16 12:28   ---------   d-----w   c:\program files\Common Files\InstallShield
2008-12-16 12:26   ---------   d-----w   c:\program files\NeroInstall.bak
2008-12-16 12:26   ---------   d-----w   c:\documents and settings\Komputer\Dane aplikacji\Nero
2008-12-16 12:25   ---------   d-----w   c:\program files\Nero
2008-12-16 12:25   ---------   d-----w   c:\program files\Common Files\Nero
2008-12-16 12:25   ---------   d-----w   c:\documents and settings\All Users\Dane aplikacji\Nero
2008-12-16 12:11   ---------   d-----w   c:\documents and settings\All Users\Dane aplikacji\Creative
2008-12-16 12:09   ---------   d-----w   c:\program files\Creative
2008-12-16 12:02   ---------   d-----w   c:\program files\SAGEM
2008-12-16 12:02   ---------   d-----w   c:\documents and settings\Komputer\Dane aplikacji\InstallShield
2008-12-16 11:23   ---------   d-----w   c:\program files\microsoft frontpage
2008-12-16 11:22   ---------   d-----w   c:\program files\Usługi online
2008-10-16 20:33   826,368   ----a-w   c:\windows\system32\wininet.dll
2008-10-16 13:13   202,776   ----a-w   c:\windows\system32\wuweb.dll
2008-10-16 13:13   1,809,944   ----a-w   c:\windows\system32\wuaueng.dll
2008-10-16 13:12   561,688   ----a-w   c:\windows\system32\wuapi.dll
2008-10-16 13:12   323,608   ----a-w   c:\windows\system32\wucltui.dll
2008-10-16 13:09   92,696   ----a-w   c:\windows\system32\cdm.dll
2008-10-16 13:09   51,224   ----a-w   c:\windows\system32\wuauclt.exe
2008-10-16 13:09   43,544   ----a-w   c:\windows\system32\wups2.dll
2008-10-16 13:08   34,328   ----a-w   c:\windows\system32\wups.dll
2008-10-02 09:07   453,152   ----a-w   c:\windows\system32\NVUNINST.EXE
2008-09-16 00:12   81,920   ----a-w   c:\windows\system32\dpl100.dll
2008-09-16 00:11   683,520   ----a-w   c:\windows\system32\divx.dll
.

(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2006-03-02 15360]
"vamsoft"="c:\windows\system32\vamsoft.exe" [2008-12-16 113878]
"CreativeTaskScheduler"="c:\program files\Creative\Shared Files\CTSched.exe" [2006-11-17 53341]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]
"Google Update"="c:\documents and settings\Komputer\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe" [2008-12-16 133104]
"Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2008-03-20 2127296]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2006-11-24 20058152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 57344]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-02-28 570664]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768]
"WheelMouse"="c:\program files\A4Tech\Mouse\Amoumain.exe" [2006-02-17 163840]
"Flashget"="c:\program files\FlashGet\FlashGet.exe" [2007-09-25 2007088]
"0wl"="c:\program files\WinLock\winlock.exe" [2006-03-30 1747968]
"Lexmark 2200 Series"="c:\program files\Lexmark 2200 Series\lxbvbmgr.exe" [2004-02-13 57344]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"nwiz"="nwiz.exe" [2008-10-07 c:\windows\system32\nwiz.exe]
"P17Helper"="P17.dll" [2005-05-03 c:\windows\system32\P17.dll]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-03-02 15360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\FlashGet\\flashget.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-12-16 111184]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-12-16 20560]
R3 MouseCap;MouseCapture Driver;c:\windows\system32\Drivers\MouseCap.sys [2005-08-08 6640]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\F:\NTGLM7X.sys []
.
Zawartość folderu 'Zaplanowane zadania'

2008-12-16 c:\windows\Tasks\GoogleUpdateTaskUser.job
- c:\documents and settings\Komputer\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2008-12-16 13:31]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.google.pl/
mStart Page = hxxp://www.idg.pl
IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm
IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Komputer\Dane aplikacji\Mozilla\Firefox\Profiles\ur1txij1.default\
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-16 17:38:26
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
Czas ukończenia: 2008-12-16 17:38:50
ComboFix-quarantined-files.txt  2008-12-16 16:38:45

Przed: 11,223,896,064 bajtów wolnych
Po: 11,222,491,136 bajtów wolnych

161


Chodzi o to że po zaznaczeniu w opcjach folderów POKAŻ UKRYTE PLIKI I FOLDERY wchodze tam gdzie sa i dalej i ch nie ma a gdy wracam do opcji jest z powrotem zaznaczona opcja NIE POKAZUJ UKRYTYCH......Co mam zrobić?

Dodano Dzisiaj, 18:06:
W razie szybszych odpowiedzi prosze pisac na numer GG 9064700

[wojtas]

Otworz notatnik i wklej w nim to:

File::
c:\windows\system32\vbsdfe1.dll
c:\windows\system32\vbsdfe0.dll
C:\windows\system32\vamsoft.exe

>>Plik>>Zapisz jako... >>> CFScript
Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe
-->
Ma się rozpocząć usuwanie. (i powstanie log).Daj ten log, który powstanie w trakcie usuwania.

[david-p]

Kod: Zaznacz wszystko

ComboFix 08-12-15.05 - Komputer 2008-12-16 18:40:10.3 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1250.1.1045.18.2047.1522 [GMT 1:00]
Uruchomiony z: e:\z internetu programy\ComboFix.exe
Użyto następujących komend :: c:\documents and settings\Komputer\Pulpit\CFScript.txt
* Utworzono nowy punkt przywracania

FILE ::
c:\windows\system32\vamsoft.exe
c:\windows\system32\vbsdfe0.dll
c:\windows\system32\vbsdfe1.dll
.

(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\vamsoft.exe
c:\windows\system32\vbsdfe0.dll
c:\windows\system32\vbsdfe1.dll

.
(((((((((((((((((((((((((   Pliki utworzone od 2008-11-16 do 2008-12-16  )))))))))))))))))))))))))))))))
.

2008-12-16 18:04 . 2008-12-16 18:04   <DIR>   d--------   c:\windows\LastGood
2008-12-16 17:13 . 2008-12-16 17:15   <DIR>   d--------   C:\Downloads
2008-12-16 16:52 . 2008-12-16 17:12   <DIR>   d--------   C:\totalcmd
2008-12-16 16:52 . 2008-12-16 16:57   730   --a------   c:\windows\wincmd.ini
2008-12-16 16:52 . 2008-08-08 07:04   545   --a------   c:\windows\UC.PIF
2008-12-16 16:52 . 2008-08-08 07:04   545   --a------   c:\windows\RAR.PIF
2008-12-16 16:52 . 2008-08-08 07:04   545   --a------   c:\windows\PKZIP.PIF
2008-12-16 16:52 . 2008-08-08 07:04   545   --a------   c:\windows\PKUNZIP.PIF
2008-12-16 16:52 . 2008-08-08 07:04   545   --a------   c:\windows\NOCLOSE.PIF
2008-12-16 16:52 . 2008-08-08 07:04   545   --a------   c:\windows\LHA.PIF
2008-12-16 16:52 . 2008-08-08 07:04   545   --a------   c:\windows\ARJ.PIF
2008-12-16 15:38 . 2008-12-16 15:38   <DIR>   d--------   c:\documents and settings\Komputer\Dane aplikacji\Ventrilo
2008-12-16 15:36 . 2008-12-16 15:36   <DIR>   d--------   c:\program files\Ventrilo
2008-12-16 15:36 . 2008-12-16 15:36   <DIR>   d--------   c:\program files\Common Files\Wise Installation Wizard
2008-12-16 14:45 . 2008-12-16 14:45   <DIR>   d--------   c:\program files\Alwil Software
2008-12-16 14:45 . 2003-03-18 21:20   1,060,864   --a------   c:\windows\system32\MFC71.dll
2008-12-16 14:44 . 2004-08-03 23:08   26,496   --a--c---   c:\windows\system32\dllcache\usbstor.sys
2008-12-16 14:41 . 2008-12-16 14:41   <DIR>   d--------   c:\program files\ABBYY FineReader 5.0 Sprint
2008-12-16 14:38 . 2008-12-16 14:38   100   --a------   c:\windows\lexstat.ini
2008-12-16 14:37 . 2008-12-16 14:39   <DIR>   d--------   c:\program files\Lexmark 2200 Series
2008-12-16 14:37 . 2008-12-16 14:37   <DIR>   d--------   c:\documents and settings\Komputer\WINDOWS
2008-12-16 14:36 . 2008-12-16 14:36   <DIR>   d--h-----   c:\windows\msdownld.tmp
2008-12-16 14:35 . 2008-12-16 14:36   <DIR>   d--------   c:\windows\system32\pl-pl
2008-12-16 14:30 . 2008-10-16 21:33   6,066,176   -----c---   c:\windows\system32\dllcache\ieframe.dll
2008-12-16 14:30 . 2007-04-17 10:32   2,455,488   -----c---   c:\windows\system32\dllcache\ieapfltr.dat
2008-12-16 14:30 . 2007-03-08 06:11   1,036,288   -----c---   c:\windows\system32\dllcache\ieframe.dll.mui
2008-12-16 14:30 . 2008-10-16 21:33   459,264   -----c---   c:\windows\system32\dllcache\msfeeds.dll
2008-12-16 14:30 . 2008-10-16 21:33   383,488   -----c---   c:\windows\system32\dllcache\ieapfltr.dll
2008-12-16 14:30 . 2008-10-16 21:33   267,776   -----c---   c:\windows\system32\dllcache\iertutil.dll
2008-12-16 14:30 . 2008-10-16 21:33   63,488   -----c---   c:\windows\system32\dllcache\icardie.dll
2008-12-16 14:30 . 2008-10-16 21:33   52,224   -----c---   c:\windows\system32\dllcache\msfeedsbs.dll
2008-12-16 14:30 . 2008-10-16 14:11   13,824   -----c---   c:\windows\system32\dllcache\ieudinit.exe
2008-12-16 14:28 . 2008-12-16 14:28   <DIR>   d--------   c:\program files\Windows Media Connect 2
2008-12-16 14:27 . 2008-12-16 14:27   <DIR>   d--------   c:\windows\system32\LogFiles
2008-12-16 14:27 . 2008-12-16 14:27   <DIR>   d--------   c:\windows\system32\drivers\UMDF
2008-12-16 14:27 . 2006-09-25 17:58   23,856   --a------   c:\windows\system32\spupdsvc.exe
2008-12-16 14:21 . 2008-12-16 14:21   <DIR>   d--------   c:\program files\WinLock
2008-12-16 14:18 . 2008-12-16 14:20   <DIR>   d--------   c:\program files\Winamp
2008-12-16 14:18 . 2008-12-16 14:19   <DIR>   d--------   c:\documents and settings\Komputer\Dane aplikacji\Winamp
2008-12-16 14:17 . 2008-12-16 18:35   <DIR>   d--------   c:\documents and settings\Komputer\Dane aplikacji\Skype
2008-12-16 14:13 . 2008-12-16 14:13   <DIR>   d--------   c:\program files\Skype
2008-12-16 14:07 . 2008-12-16 14:07   <DIR>   d--------   c:\program files\K-Lite Codec Pack
2008-12-16 14:07 . 2008-09-16 01:14   3,596,288   --a------   c:\windows\system32\qt-dx331.dll

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-16 17:32   ---------   d-----w   c:\program files\FlashGet
2008-12-16 12:41   ---------   d-----w   c:\documents and settings\Komputer\Dane aplikacji\Gadu-Gadu
2008-12-16 12:40   ---------   d-----w   c:\program files\Gadu-Gadu
2008-12-16 12:39   ---------   d-----w   c:\program files\A4Tech
2008-12-16 12:33   ---------   d-----w   c:\program files\Microsoft.NET
2008-12-16 12:30   ---------   d-----w   c:\program files\Common Files\Adobe
2008-12-16 12:29   ---------   d--h--w   c:\program files\InstallShield Installation Information
2008-12-16 12:29   ---------   d-----w   c:\program files\CyberLink
2008-12-16 12:29   ---------   d-----w   c:\documents and settings\All Users\Dane aplikacji\CyberLink
2008-12-16 12:28   ---------   d-----w   c:\program files\Common Files\InstallShield
2008-12-16 12:26   ---------   d-----w   c:\program files\NeroInstall.bak
2008-12-16 12:26   ---------   d-----w   c:\documents and settings\Komputer\Dane aplikacji\Nero
2008-12-16 12:25   ---------   d-----w   c:\program files\Nero
2008-12-16 12:25   ---------   d-----w   c:\program files\Common Files\Nero
2008-12-16 12:25   ---------   d-----w   c:\documents and settings\All Users\Dane aplikacji\Nero
2008-12-16 12:11   ---------   d-----w   c:\documents and settings\All Users\Dane aplikacji\Creative
2008-12-16 12:09   ---------   d-----w   c:\program files\Creative
2008-12-16 12:02   ---------   d-----w   c:\program files\SAGEM
2008-12-16 12:02   ---------   d-----w   c:\documents and settings\Komputer\Dane aplikacji\InstallShield
2008-12-16 11:23   ---------   d-----w   c:\program files\microsoft frontpage
2008-12-16 11:22   ---------   d-----w   c:\program files\Usługi online
2008-10-16 20:33   826,368   ----a-w   c:\windows\system32\wininet.dll
2008-10-16 13:13   202,776   ----a-w   c:\windows\system32\wuweb.dll
2008-10-16 13:13   1,809,944   ----a-w   c:\windows\system32\wuaueng.dll
2008-10-16 13:12   561,688   ----a-w   c:\windows\system32\wuapi.dll
2008-10-16 13:12   323,608   ----a-w   c:\windows\system32\wucltui.dll
2008-10-16 13:09   92,696   ----a-w   c:\windows\system32\cdm.dll
2008-10-16 13:09   51,224   ----a-w   c:\windows\system32\wuauclt.exe
2008-10-16 13:09   43,544   ----a-w   c:\windows\system32\wups2.dll
2008-10-16 13:08   34,328   ----a-w   c:\windows\system32\wups.dll
2008-10-02 09:07   453,152   ----a-w   c:\windows\system32\NVUNINST.EXE
2008-09-16 00:12   81,920   ----a-w   c:\windows\system32\dpl100.dll
2008-09-16 00:11   683,520   ----a-w   c:\windows\system32\divx.dll
.

(((((((((((((((((((((((((((((   snapshot@2008-12-16_17.38.33.21   )))))))))))))))))))))))))))))))))))))))))
.
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2006-03-02 15360]
"CreativeTaskScheduler"="c:\program files\Creative\Shared Files\CTSched.exe" [2006-11-17 53341]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]
"Google Update"="c:\documents and settings\Komputer\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe" [2008-12-16 133104]
"Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2008-03-20 2127296]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2006-11-24 20058152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 57344]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-02-28 570664]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768]
"WheelMouse"="c:\program files\A4Tech\Mouse\Amoumain.exe" [2006-02-17 163840]
"Flashget"="c:\program files\FlashGet\FlashGet.exe" [2007-09-25 2007088]
"0wl"="c:\program files\WinLock\winlock.exe" [2006-03-30 1747968]
"Lexmark 2200 Series"="c:\program files\Lexmark 2200 Series\lxbvbmgr.exe" [2004-02-13 57344]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"nwiz"="nwiz.exe" [2008-10-07 c:\windows\system32\nwiz.exe]
"P17Helper"="P17.dll" [2005-05-03 c:\windows\system32\P17.dll]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-03-02 15360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\FlashGet\\flashget.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-12-16 111184]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-12-16 20560]
R3 MouseCap;MouseCapture Driver;c:\windows\system32\Drivers\MouseCap.sys [2005-08-08 6640]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\F:\NTGLM7X.sys []

*Newly Created Service* - CATCHME
.
Zawartość folderu 'Zaplanowane zadania'

2008-12-16 c:\windows\Tasks\GoogleUpdateTaskUser.job
- c:\documents and settings\Komputer\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2008-12-16 13:31]
.
- - - - USUNIĘTO PUSTE WPISY - - - -

HKCU-Run-vamsoft - c:\windows\system32\vamsoft.exe


.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.google.pl/
mStart Page = hxxp://www.idg.pl
IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm
IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Komputer\Dane aplikacji\Mozilla\Firefox\Profiles\ur1txij1.default\
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-16 18:40:51
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
Czas ukończenia: 2008-12-16 18:41:14
ComboFix-quarantined-files.txt  2008-12-16 17:41:11
ComboFix2.txt  2008-12-16 16:38:51

Przed: 11 020 161 024 bajtów wolnych
Po: 11,018,010,624 bajtów wolnych

177   --- E O F ---   2008-12-16 17:05:00


Dodano Dzisiaj, 19:07:
I co dalej prosze o odpowiedź.....

Dodano Dzisiaj, 20:14:
dzięki jesteś wielki

[malysmok18]

Mam podobny problem. Tylko że po działaniu combofixa wszystko jakby wróciło do normy. Jednak następnego dnia problem powrócił.

Eset nod32 informuje mnie o virusie:
Threat found

Alert
Object:
C:\System Volume Information\_restore{3B967E4A-13F1'4061...\A0000056.dll

Threat:
a variant of Win32/Pacex.Gen wirus

Comment:
Event occurred on a file modified by the application:
C:\WINDOws\System32\svchost.exe

Mój log z combo:

ComboFix 08-12-18.01 - Jerzy 2008-12-20 7:24:41.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1250.1.1045.18.2047.1465 [GMT 1:00]
Uruchomiony z: c:\documents and settings\Jerzy\Pulpit\ComboFix.exe
* Resident AV is active

.

((((((((((((((((((((((((( Pliki utworzone od 2008-11-20 do 2008-12-20 )))))))))))))))))))))))))))))))
.

2008-12-19 23:02 . 2008-12-20 07:29 85,504 -r-hs---- c:\windows\system32\vbsdfe0.dll
2008-12-19 11:51 . 2008-12-19 11:51 116,502 -r-hs---- c:\windows\system32\vamsoft.exe
2008-12-17 15:19 . 2008-12-17 15:19 6,568 --a------ C:\TMPGeri Halliwell - Mi Chico Latino.tiger
2008-12-17 15:13 . 2008-12-20 00:09 700 --a------ C:\TMPGeri Halliwell - Mi Chico Latino.dat.bak
2008-12-17 15:13 . 2008-12-20 02:17 700 --a------ C:\TMPGeri Halliwell - Mi Chico Latino.dat
2008-12-17 00:33 . 2008-12-17 00:34 <DIR> d-------- c:\program files\Boilsoft Video Joiner
2008-12-16 20:13 . 2008-12-16 20:13 <DIR> d-------- c:\program files\Xilisoft
2008-12-16 01:06 . 2008-12-16 01:06 <DIR> d-------- c:\documents and settings\Jerzy\Bluetooth Software
2008-12-16 01:01 . 2008-12-16 01:01 <DIR> d-------- c:\program files\WIDCOMM
2008-12-16 00:22 . 2008-12-16 00:22 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Bluetooth
2008-12-16 00:19 . 2008-04-14 19:21 91,648 --a------ c:\windows\system32\drivers\kswdmcap.ax
2008-12-16 00:19 . 2008-04-14 19:21 61,952 --a------ c:\windows\system32\drivers\kstvtune.ax
2008-12-16 00:19 . 2008-04-14 19:20 54,784 --a------ c:\windows\system32\drivers\vfwwdm32.dll
2008-12-16 00:19 . 2008-04-14 19:21 43,008 --a------ c:\windows\system32\drivers\ksxbar.ax
2008-12-16 00:19 . 2008-04-14 19:21 28,672 --a------ c:\windows\system32\drivers\vidcap.ax
2008-12-16 00:18 . 2008-12-16 00:18 <DIR> d-------- c:\program files\IVT Corporation
2008-12-15 20:31 . 2008-12-15 20:33 <DIR> d-------- c:\documents and settings\Jerzy\Dane aplikacji\Nokia Multimedia Player
2008-12-15 18:12 . 2008-12-15 18:12 <DIR> d-------- c:\program files\Lonely Cat Games
2008-12-14 17:50 . 2008-12-14 17:50 <DIR> d-------- c:\documents and settings\Jerzy\Dane aplikacji\Leadertech
2008-12-14 17:41 . 2008-12-14 17:41 107,888 --a------ c:\windows\system32\CmdLineExt.dll
2008-12-14 02:35 . 2008-12-14 14:54 <DIR> d-------- c:\documents and settings\Jerzy\Dane aplikacji\NSeries
2008-12-14 02:12 . 2008-12-14 02:12 <DIR> d-------- c:\program files\Common Files\Nokia
2008-12-14 02:12 . 2008-12-14 02:12 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Nokia
2008-12-14 02:04 . 2008-12-14 02:26 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\PC Suite
2008-12-14 02:03 . 2008-12-14 02:03 <DIR> d-------- c:\documents and settings\Jerzy\Dane aplikacji\PC Suite
2008-12-14 02:03 . 2008-12-14 02:12 <DIR> d-------- c:\documents and settings\Jerzy\Dane aplikacji\Nokia
2008-12-14 01:59 . 2008-12-14 01:59 <DIR> d-------- c:\program files\Common Files\PCSuite
2008-12-14 01:58 . 2008-12-14 02:12 <DIR> d-------- c:\program files\Nokia
2008-12-14 01:58 . 2007-02-22 10:15 137,216 --a------ c:\windows\system32\drivers\nmwcd.sys
2008-12-14 01:58 . 2007-02-22 10:15 65,536 --a------ c:\windows\system32\nmwcdcocls.dll
2008-12-14 01:58 . 2007-02-22 10:15 12,288 --a------ c:\windows\system32\drivers\nmwcdcm.sys
2008-12-14 01:58 . 2007-02-22 10:15 12,288 --a------ c:\windows\system32\drivers\nmwcdcj.sys
2008-12-14 01:58 . 2007-02-22 10:15 8,320 --a------ c:\windows\system32\drivers\nmwcdc.sys
2008-12-14 00:21 . 2008-12-14 00:21 <DIR> d-------- c:\program files\CDisplay
2008-12-07 11:40 . 2008-12-07 11:40 <DIR> d-------- c:\program files\Common Files\EZB Systems
2008-12-04 00:47 . 2008-12-04 00:47 <DIR> d-------- c:\documents and settings\Jerzy\Dane aplikacji\dp3d
2008-12-02 15:38 . 2008-12-02 15:38 <DIR> d-------- c:\documents and settings\Jerzy\Dane aplikacji\StarMaker
2008-12-02 11:48 . 2008-12-02 15:37 <DIR> d-------- c:\program files\ipla
2008-12-02 11:48 . 2008-12-02 15:31 <DIR> d-------- c:\documents and settings\Jerzy\Dane aplikacji\ipla
2008-12-02 11:48 . 2008-12-02 11:48 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\ipla
2008-12-02 11:47 . 2008-12-02 11:47 1,700,352 --a------ c:\windows\system32\gdiplus.dll
2008-11-28 14:52 . 2008-11-28 14:52 <DIR> d-------- c:\program files\Twin Shock GamePad
2008-11-27 03:22 . 2008-11-27 03:22 <DIR> d-------- c:\program files\JLC's Software
2008-11-27 03:22 . 2008-11-27 03:22 <DIR> d-------- c:\documents and settings\Jerzy\Dane aplikacji\JLC's Software
2008-11-26 23:22 . 2008-11-26 23:22 <DIR> d-------- c:\program files\Ager Web Edytor
2008-11-26 23:22 . 2008-11-27 01:45 <DIR> d-------- c:\documents and settings\Jerzy\Dane aplikacji\AgerWebEdytor
2008-11-26 22:04 . 2008-11-26 22:04 <DIR> d-------- c:\program files\iTunes
2008-11-26 22:04 . 2008-11-26 22:04 <DIR> d-------- c:\program files\iPod
2008-11-26 22:04 . 2008-11-26 22:04 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-26 22:02 . 2008-11-26 22:02 <DIR> d-------- c:\program files\QuickTime
2008-11-26 09:54 . 2008-11-10 05:43 410,984 --a------ c:\windows\system32\deploytk.dll
2008-11-21 13:38 . 2008-11-21 13:38 <DIR> d-------- c:\program files\i-Covers
2008-11-21 13:38 . 2004-03-09 01:00 124,688 --a------ c:\windows\system32\mswinsck.ocx
2008-11-21 13:38 . 2000-10-02 01:00 119,568 --a------ c:\windows\system32\vb6fr.dll
2008-11-21 13:38 . 1998-07-13 01:00 15,872 --a------ c:\windows\system32\winskfr.dll

.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-20 01:19 --------- d-----w c:\program files\English Translator 3
2008-12-19 18:24 --------- d-----w c:\documents and settings\Jerzy\Dane aplikacji\Vista Start Menu
2008-12-17 23:31 --------- d---a-w c:\documents and settings\All Users\Dane aplikacji\TEMP
2008-12-17 21:56 --------- d-----w c:\documents and settings\Jerzy\Dane aplikacji\AVI ReComp
2008-12-17 10:36 --------- d-----w c:\program files\SpeedFan
2008-12-11 17:42 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Microsoft Help
2008-12-11 08:48 --------- d-----w c:\program files\Java
2008-12-08 18:02 6,144 --sha-w c:\program files\Common Files\Thumbs.db
2008-12-07 10:40 --------- d-----w c:\program files\UltraISO
2008-12-06 15:18 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-06 15:18 --------- d-----w c:\program files\Multimedia Card Reader
2008-12-04 00:05 --------- d-----w c:\program files\YouTube Downloader
2008-12-04 00:05 --------- d-----w c:\program files\NAPI-PROJEKT
2008-12-04 00:05 --------- d-----w c:\program files\Midnight Club 2
2008-12-04 00:05 --------- d-----w c:\program files\GameSpy Arcade
2008-12-04 00:05 --------- d-----w c:\program files\ePSXe InPCP
2008-11-27 23:30 3,532 ----a-w C:\drmHeader.bin
2008-11-27 09:17 --------- d-----w c:\program files\Nowe Gadu-Gadu
2008-11-26 21:04 --------- d-----w c:\program files\Common Files\Apple
2008-11-23 13:01 --------- d-----w c:\program files\FXhome VisionLab Studio
2008-11-19 08:20 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\nView_Profiles
2008-11-13 08:33 --------- d-----w c:\program files\Symantec
2008-11-12 21:49 --------- d-----w c:\documents and settings\LocalService\Dane aplikacji\Acronis
2008-11-12 21:44 441,760 ----a-w c:\windows\system32\drivers\timntr.sys
2008-11-12 21:44 44,384 ----a-w c:\windows\system32\drivers\tifsfilt.sys
2008-11-12 21:44 129,248 ----a-w c:\windows\system32\drivers\snapman.sys
2008-11-12 21:44 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Acronis
2008-11-12 21:43 368,480 ----a-w c:\windows\system32\drivers\tdrpman.sys
2008-11-12 21:43 --------- d-----w c:\program files\Common Files\Acronis
2008-11-12 21:42 --------- d-----w c:\program files\Acronis
2008-11-11 17:42 --------- d-----w c:\program files\CloneDVD
2008-11-10 13:00 --------- d-----w c:\program files\Reference Assemblies
2008-11-10 13:00 --------- d-----w c:\program files\MSBuild
2008-11-09 15:50 --------- d-----w c:\documents and settings\Jerzy\Dane aplikacji\Samsung
2008-11-09 15:47 5,632 ----a-w c:\windows\system32\drivers\StarOpen.sys
2008-11-09 15:31 --------- d-----w c:\program files\Samsung
2008-11-08 16:39 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\TrackMania
2008-11-08 12:36 --------- d-----w c:\documents and settings\Jerzy\Dane aplikacji\Thinstall
2008-11-05 00:02 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Trymedia
2008-11-03 09:05 --------- d-----w c:\program files\Gadu-Gadu
2008-11-02 12:55 --------- d-----w c:\program files\ALLPlayer
2008-11-01 08:11 --------- d-----w c:\program files\Opera
2008-11-01 00:01 --------- d-----w c:\program files\MoorHunt
2008-10-30 09:05 737,280 ----a-w c:\windows\iun6002.exe
2008-10-28 21:01 --------- d-----w c:\program files\EA Games
2008-10-28 20:27 --------- d-----w c:\program files\Ea Sports
2008-10-28 20:12 96,256 ----a-w c:\windows\system32\drivers\sptddrv1.sys
2008-10-28 20:08 972,336 ----a-w c:\windows\UNNeroVision.exe
2008-10-28 19:46 7,168 --sha-w c:\program files\Thumbs.db
2008-10-28 09:50 --------- d-----w c:\program files\SystemRequirementsLab
2008-10-28 08:58 --------- d-----w c:\program files\Aspell
2008-10-27 12:33 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\NVIDIA
2008-10-27 09:47 12,288 ----a-w c:\windows\impborl.dll
2008-10-26 15:20 39,488 ----a-w c:\windows\system32\drivers\Pcouffin.sys
2008-10-26 13:03 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_xusb21_01005.Wdf
2008-10-25 16:53 --------- d-----w c:\program files\Xvid
2008-10-25 16:53 --------- d-----w c:\program files\Windows Media Connect 2
2008-10-25 16:53 --------- d-----w c:\program files\Ulead Systems
2008-10-25 16:53 --------- d-----w c:\program files\Reshade
2008-10-25 16:53 --------- d-----w c:\program files\Real Alternative
2008-10-25 16:53 --------- d-----w c:\program files\DivX
2008-10-25 08:23 --------- d-----w c:\program files\PC Connectivity Solution
2008-10-25 08:23 --------- d-----w c:\program files\DIFX
2008-10-25 08:14 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-10-25 08:14 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-22 16:59 --------- d-----w c:\program files\Gabest
2008-10-22 16:59 --------- d-----w c:\program files\AviSynth 2.5
2008-10-22 16:59 --------- d-----w c:\program files\AVI ReComp
2008-10-22 08:58 --------- d-----w c:\program files\Common Files\Adobe
2008-10-20 20:42 --------- d-----w c:\program files\High-Logic
2008-10-20 16:23 --------- d-----w c:\program files\ChomikBox
2008-10-11 16:01 20,976,776 ----a-w c:\program files\FLV PlayerRCSetup.exe
.

((((((((((((((((((((((((((((( snapshot@2008-12-19_23.17.34.17 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-12-20 06:29:18 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_8b0.dat
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 25088]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-08-03 202024]
"VistaStartMenu"="c:\program files\Vista Start Menu\VistaStartMenu.exe" [2007-08-29 1646080]
"vamsoft"="c:\windows\system32\vamsoft.exe" [2008-12-19 116502]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"WinFast Schedule"="c:\program files\WinFast\WFTVFM\WFWIZ.exe" [2006-08-12 348160]
"iKeyWorks"="c:\progra~1\A4Tech\Keyboard\Ikeymain.exe" [2006-09-07 65536]
"WheelMouse"="c:\program files\A4Tech\Mouse\Amoumain.exe" [2006-09-07 200704]
"Hidder"="c:\progra~1\GDATAS~1\SEKRET~1\Hidder.exe" [2002-06-03 565248]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 1443072]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"RTHDCPL"="RTHDCPL.EXE" [2008-10-28 c:\windows\RTHDCPL.exe]
"nwiz"="nwiz.exe" [2008-10-07 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 25088]

c:\documents and settings\Jerzy\Menu Start\Programy\Autostart\
Rejestracja FIFA 09.lnk - d:\gry zainstalowane\Fifa 09\Support\EAregister.exe [2008-08-13 4369408]

c:\documents and settings\All Users\Menu Start\Programy\Autostart\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
BTTray.lnk - c:\program files\WIDCOMM\Oprogramowanie interfejsu Bluetooth\BTTray.exe [2006-05-12 581693]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-05-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= c:\progra~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"msacm.MPEGacm"= c:\progra~1\COMMON~1\ULEADS~1\MPEG\MPEGacm.acm
"msacm.ulmp3acm"= c:\progra~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Nowe Gadu-Gadu\\gg.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Midnight Club 2\\mc2.exe"=
"c:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"c:\\Program Files\\MoorHunt\\MoorHunt.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=

R0 AFPAnsi;G-DATA UkrywaczAnsi;c:\windows\system32\Drivers\AFPAnsi.sys [2008-10-10 31776]
R1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys [2007-12-21 33800]
R2 ekrn;Eset Service;"c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe" [2007-12-21 468224]
R2 SBKUPNT;SBKUPNT;\??\c:\windows\system32\Drivers\SBKUPNT.SYS [2008-11-12 14976]
R3 WFIOCTL;WFIOCTL;\??\c:\program files\WinFast\WFTVFM\WFIOCTL.SYS [2008-10-10 9446]
S3 kvpndev;Kerio VPN adapter;c:\windows\system32\DRIVERS\kvpndrv.sys [2008-06-24 65024]
S3 kwflower;Kerio WinRoute Firewall Driver - Lower Layer;c:\windows\system32\DRIVERS\kwflower.sys []
.
Zawartość folderu 'Zaplanowane zadania'

2008-12-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.yahoo.com
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Settings,ProxyOverride = *.local
IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Wyślij do interfejsu &Bluetooth - c:\program files\WIDCOMM\Oprogramowanie interfejsu Bluetooth\btsendto_ie_ctx.htm
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-20 07:29:14
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

- - - - - - - > 'winlogon.exe'(1240)
c:\windows\system32\sfc_os.dll
c:\windows\system32\COMRes.dll
c:\windows\system32\cscui.dll

- - - - - - - > 'lsass.exe'(1296)
c:\windows\system32\relog_ap.dll
c:\windows\system32\scecli.dll
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\IVT Corporation\BlueSoleil\BTNtService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\WIDCOMM\Oprogramowanie interfejsu Bluetooth\bin\btwdins.exe
c:\program files\Common Files\InterVideo\DeviceService\DevSvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\rundll32.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
c:\program files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\searchindexer.exe
c:\progra~1\WIDCOMM\OPROGR~1\BTSTAC~1.EXE
c:\program files\Common Files\Nero\Lib\NMIndexingService.exe
c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
c:\windows\system32\searchprotocolhost.exe
c:\windows\system32\searchfilterhost.exe
.
**************************************************************************
.
Czas ukończenia: 2008-12-20 7:34:49 - komputer został uruchomiony ponownie [Jerzy]
ComboFix-quarantined-files.txt 2008-12-20 06:34:45
ComboFix2.txt 2008-12-19 22:18:10

Przed: 5,760,950,272 bajtów wolnych
Po: 5,773,320,192 bajtów wolnych

265 --- E O F --- 2008-12-19 09:06:28

[Okocza]

malysmok18, założ swój temat, opisz problem, umieść log z hijack this i combofix w tagi 'code'