Przepraszam bardzo, że tak długo nie odpowiadałem, ale nie miałem możliwości połączenia z internetem.
Zrobiłem wszystko tak jak napisałeś, oto log:
ComboFix 08-04-20.2 - LeeStone 2008-04-26 15:25:41.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.1226 [GMT 2:00]
Running from: C:\Documents and Settings\LeeStone\Pulpit\ComboFix.exe
Command switches used :: C:\Documents and Settings\LeeStone\Pulpit\CFScript.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED
FILE ::
C:\Program Files\VVSN
.
((((((((((((((((((((((((( Files Created from 2008-03-26 to 2008-04-26 )))))))))))))))))))))))))))))))
.
2008-04-24 22:38 . 2008-04-24 22:41
2008-04-24 21:34 . 2008-04-24 21:34
2008-04-20 22:23 . 2008-04-20 22:23
2008-04-20 22:22 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2008-04-20 22:20 . 2008-04-20 22:20
2008-04-20 21:48 . 2008-04-20 21:48
2008-04-20 18:58 . 2008-04-20 18:58 2,724 --a------ C:\WINDOWS\system32\sdbackup.reg
2008-04-20 18:31 . 2005-06-24 16:24 438,272 -ra------ C:\WINDOWS\system32\vp6vfw.dll
2008-04-20 18:31 . 2004-12-10 09:06 327,680 --a------ C:\WINDOWS\system32\vp6dec.ax
2008-04-20 18:25 . 2008-04-20 18:25
2008-04-20 18:24 . 2008-04-20 18:24
2008-04-20 18:24 . 2008-04-20 18:24
2008-04-20 18:24 . 2008-04-20 18:24 223,128 --a------ C:\WINDOWS\system32\drivers\dtscsi.sys
2008-04-20 18:22 . 2008-04-20 23:04
2008-04-20 18:22 . 2008-04-20 18:22 642,560 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-04-20 18:22 . 2008-04-20 18:22 96,256 --a------ C:\WINDOWS\system32\drivers\sptd2893.sys
2008-04-20 18:22 . 2004-08-03 23:08 26,496 --a–c— C:\WINDOWS\system32\dllcache\usbstor.sys
2008-04-20 18:02 . 2008-04-20 18:02
2008-04-20 18:02 . 2008-04-20 18:02
2008-04-20 18:02 . 2008-04-20 18:02
2008-04-20 18:00 . 2008-04-20 18:00
2008-04-20 17:58 . 2008-04-20 17:58
2008-04-20 17:58 . 2008-04-20 17:58 1,816,779 --a------ C:\WINDOWS\Recorder.reg
2008-04-20 17:58 . 2008-04-20 17:58 2,423 --a------ C:\WINDOWS\NewRecorder.reg
2008-04-20 00:53 . 2008-04-20 00:53
2008-04-20 00:21 . 2008-04-24 22:47 906 --a------ C:\WINDOWS\wbocx.ini
2008-04-20 00:17 . 2008-04-20 00:18
2008-04-20 00:16 . 2008-04-20 00:16
2008-04-20 00:13 . 2003-11-11 12:41 41,984 -ra------ C:\WINDOWS\system32\drivers\fetnd5b.sys
2008-04-20 00:13 . 2003-07-17 10:10 7,040 -ra------ C:\WINDOWS\system32\ntsim.sys
2008-04-20 00:10 . 2003-07-02 04:42 27,904 --a------ C:\WINDOWS\system32\drivers\VIAAGP1.SYS
2008-04-20 00:08 . 2008-04-20 00:08
2008-04-20 00:08 . 1998-10-29 15:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-04-20 00:08 . 2000-03-29 16:17 5,824 --a------ C:\WINDOWS\system32\drivers\ASUSHWIO.SYS
2008-04-20 00:08 . 2008-04-20 00:14 3,066 --a------ C:\WINDOWS\Ascd_tmp.ini
2008-04-20 00:06 . 2008-04-20 00:06
2008-04-20 00:06 . 2008-04-20 00:06
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-20 16:31 --------- d–h--w C:\Program Files\InstallShield Installation Information
2008-04-20 16:31 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-04-19 22:07 --------- d-----w C:\Program Files\ATI Technologies
2008-04-19 18:56 --------- d-----w C:\Documents and Settings\LeeStone\Dane aplikacji\ATI
2008-04-19 18:35 --------- d-----w C:\Program Files\microsoft frontpage
2008-04-19 18:34 --------- d-----w C:\Program Files\Usługi online
2001-11-23 04:08 712,704 ----a-w C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
.
((((((((((((((((((((((((((((( snapshot@2008-04-20_23.02.27,79 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-20 20:48:10 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-04-26 13:20:39 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-04-20 16:03:51 113,376 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
- 2008-04-24 20:54:58 114,176 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2006-03-02 14:00 15360]
“InstantTray”=“C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe” [2004-05-06 15:14 772096]
“IW_Drop_Icon”=“C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe” [2004-07-30 15:10 1123840]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“ATIPTA”=“C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe” [2004-08-25 12:52 339968]
“ATICCC”=“C:\Program Files\ATI Technologies\ATI.ACE\cli.exe” [2004-08-25 14:25 28672]
“RemoteControl”=“C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe” [2003-10-31 19:42 32768]
“Cmaudio”=“cmicnfg.cpl” []
“PinnacleDriverCheck”=“C:\WINDOWS\system32\PSDrvCheck.exe” [2003-11-10 16:06 406016]
“DAEMON Tools”=“C:\Program Files\DAEMON Tools\daemon.exe” [2005-12-10 16:57 133016]
[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2006-03-02 14:00 15360]
“ATICCC”=“C:\Program Files\ATI Technologies\ATI.ACE\cli.exe” [2004-08-25 14:25 28672]
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
ATI CATALYST System Tray.lnk - C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe [2004-08-25 14:25:56 28672]
VIA RAID TOOL.lnk - C:\Program Files\VIA\RAID\raid_tool.exe [2008-04-20 00:18:13 565248]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
“vidc.I420”= vdrcodec.dll
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\system32\sessmgr.exe”=
R0 VOBID;VOBID;C:\WINDOWS\system32\DRIVERS\vobid.sys [2003-08-01 14:47]
R1 vobiw;vobiw;C:\WINDOWS\system32\drivers\vobiw.sys [2004-07-06 17:06]
R3 cdrdrv;Cdrdrv;C:\WINDOWS\system32\Drivers\Cdrdrv.sys [2004-08-03 11:10]
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-26 15:27:18
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
- C:\WINDOWS\system32\Ati2evxx.dll
.
Completion time: 2008-04-26 15:27:54
ComboFix-quarantined-files.txt 2008-04-26 13:27:52
ComboFix2.txt 2008-04-20 21:02:36
Pre-Run: 101,882,028,032 bajtów wolnych
Post-Run: 101,968,760,832 bajtów wolnych
116
Dziękuje za pomoc i czekam na odpowiedź:)