Komputer strasznie sie muli, wszystko chodzi b.wolno

**Posty:** 4 · przez **kriss-20** 27 Sty 2009, 00:04

Kod: Zaznacz wszystko: [code]w grach sa straszne lagi, każdy program uruchamia sie znacznie dłużej niż normalnie. komp ogólnie uruchamia sie jakies 2 min.!! po formacie jest jakies 3 tygodnie. nie znam sie za bardzo na tym wszystkim wiec pomózcie!! ComboFix 09-01-21.04 - Administrator 2009-01-26 22:14:55.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1250.1.1045.18.510.310 [GMT 1:00] Uruchomiony z: c:\documents and settings\Administrator\Pulpit\ComboFix.exe AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated) * Utworzono nowy punkt przywracania . ((((((((((((((((((((((((( Pliki utworzone od 2008-12-26 do 2009-01-26 ))))))))))))))))))))))))))))))) . 2009-01-26 16:54 . 2009-01-26 16:56 <DIR> d-------- c:\documents and settings\Administrator\Dane aplikacji\GanymedeNet 2009-01-26 16:52 . 2009-01-26 16:53 <DIR> d-------- c:\program files\Ganymede 2009-01-26 15:57 . 2009-01-26 15:57 <DIR> d-------- c:\windows\Sun 2009-01-25 12:37 . 2009-01-25 12:37 <DIR> d-------- C:\SOPHTEMP 2009-01-24 22:25 . 2009-01-24 22:25 96,976 --a------ c:\windows\system32\drivers\klin.dat 2009-01-24 22:25 . 2009-01-24 22:25 87,855 --a------ c:\windows\system32\drivers\klick.dat 2009-01-24 22:24 . 2009-01-26 22:18 2,100,256 --ahs---- c:\windows\system32\drivers\fidbox.dat 2009-01-24 22:24 . 2009-01-26 22:18 253,984 --ahs---- c:\windows\system32\drivers\fidbox2.dat 2009-01-24 22:24 . 2009-01-26 22:18 19,584 --ahs---- c:\windows\system32\drivers\fidbox.idx 2009-01-24 22:24 . 2009-01-26 22:18 2,996 --ahs---- c:\windows\system32\drivers\fidbox2.idx 2009-01-24 21:58 . 2009-01-24 21:58 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Apple Computer 2009-01-24 21:57 . 2009-01-24 21:57 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Apple 2009-01-24 21:55 . 2009-01-24 21:55 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\BVRP Software 2009-01-24 20:56 . 2009-01-24 20:56 <DIR> d-------- c:\documents and settings\Administrator\DoctorWeb 2009-01-24 15:19 . 2009-01-24 15:19 <DIR> d-------- c:\documents and settings\Administrator\Dane aplikacji\Apple Computer 2009-01-24 15:12 . 2009-01-24 21:50 <DIR> d-------- c:\program files\QuickTime 2009-01-24 15:12 . 2009-01-24 21:59 <DIR> d-------- c:\program files\Bonjour 2009-01-24 15:11 . 2009-01-24 21:50 <DIR> d-------- c:\program files\Apple Software Update 2009-01-24 15:10 . 2009-01-24 15:10 <DIR> d-------- c:\program files\Common Files\Apple 2009-01-24 13:07 . 2009-01-24 21:51 <DIR> d-------- c:\program files\Avanquest update 2009-01-24 13:06 . 2007-04-03 13:57 108,680 --a------ c:\windows\system32\drivers\s116mdm.sys 2009-01-24 13:06 . 2007-04-03 13:57 100,488 --a------ c:\windows\system32\drivers\s116mgmt.sys 2009-01-24 13:06 . 2007-04-03 13:57 99,080 --a------ c:\windows\system32\drivers\s116unic.sys 2009-01-24 13:06 . 2007-04-03 13:57 98,696 --a------ c:\windows\system32\drivers\s116obex.sys 2009-01-24 13:06 . 2007-04-03 13:57 83,336 --a------ c:\windows\system32\drivers\s116bus.sys 2009-01-24 13:06 . 2007-04-03 13:57 23,176 --a------ c:\windows\system32\drivers\s116nd5.sys 2009-01-24 13:06 . 2007-04-03 13:57 15,112 --a------ c:\windows\system32\drivers\s116mdfl.sys 2009-01-24 13:06 . 2007-04-03 13:57 12,424 --a------ c:\windows\system32\drivers\s116whnt.sys 2009-01-24 13:06 . 2007-04-03 13:57 12,424 --a------ c:\windows\system32\drivers\s116wh.sys 2009-01-24 13:06 . 2007-04-03 13:57 12,424 --a------ c:\windows\system32\drivers\s116cmnt.sys 2009-01-24 13:06 . 2007-04-03 13:57 12,424 --a------ c:\windows\system32\drivers\s116cm.sys 2009-01-24 13:06 . 2007-04-03 13:57 11,016 --a------ c:\windows\system32\drivers\s116cr.sys 2009-01-24 13:05 . 2009-01-24 13:05 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Sony Ericsson 2009-01-24 13:00 . 2009-01-24 13:00 <DIR> d-------- c:\documents and settings\Administrator\Dane aplikacji\InstallShield 2009-01-24 12:44 . 2009-01-24 12:45 <DIR> d-------- c:\documents and settings\Administrator\Dane aplikacji\Teleca 2009-01-24 12:41 . 2009-01-24 13:05 <DIR> d-------- c:\program files\Common Files\Teleca Shared 2009-01-24 12:38 . 2009-01-24 12:39 54,156 --ah----- c:\windows\QTFont.qfn 2009-01-24 12:38 . 2009-01-24 12:39 1,409 --a------ c:\windows\QTFont.for 2009-01-24 12:35 . 2009-01-24 12:42 <DIR> d-------- c:\program files\SendFile 2009-01-24 12:35 . 2009-01-24 12:35 249,856 --------- c:\windows\Setup1.exe 2009-01-24 12:35 . 2009-01-24 12:35 73,216 --a------ c:\windows\ST6UNST.EXE 2009-01-24 12:27 . 2009-01-24 13:05 <DIR> d-------- c:\program files\Sony Ericsson 2009-01-24 12:19 . 2009-01-24 12:27 <DIR> d-------- c:\program files\Send File 2009-01-24 12:01 . 2008-04-14 00:15 32,128 --a------ c:\windows\system32\drivers\usbccgp.sys 2009-01-24 12:01 . 2008-04-14 00:15 32,128 --a--c--- c:\windows\system32\dllcache\usbccgp.sys 2009-01-24 11:58 . 2006-04-28 16:24 18,704 -ra------ c:\windows\system32\drivers\se27nd5.sys 2009-01-23 16:56 . 2009-01-23 16:56 <DIR> d-------- c:\program files\NAPI-PROJEKT 2009-01-13 20:01 . 2009-01-13 20:01 410,984 --a------ c:\windows\system32\deploytk.dll 2009-01-11 15:31 . 2009-01-24 15:11 <DIR> d----c--- c:\windows\system32\DRVSTORE 2009-01-11 15:28 . 2009-01-11 15:29 <DIR> d-------- c:\windows\Downloaded Installations 2009-01-11 15:23 . 2006-04-28 16:24 90,800 -ra------ c:\windows\system32\drivers\se27unic.sys 2009-01-11 15:23 . 2006-04-28 16:23 4,128 -ra------ c:\windows\system32\drivers\se27cr.sys 2009-01-11 15:20 . 2006-04-28 16:26 88,688 -ra------ c:\windows\system32\drivers\SE27mgmt.sys 2009-01-11 15:19 . 2006-04-28 16:27 86,560 -ra------ c:\windows\system32\drivers\SE27obex.sys 2009-01-11 15:17 . 2006-04-28 16:25 97,184 -ra------ c:\windows\system32\drivers\SE27mdm.sys 2009-01-11 15:17 . 2006-04-28 16:25 9,360 -ra------ c:\windows\system32\drivers\SE27mdfl.sys 2009-01-11 15:17 . 2006-04-28 16:27 6,240 -ra------ c:\windows\system32\drivers\SE27cmnt.sys 2009-01-11 15:17 . 2006-04-28 16:27 6,240 -ra------ c:\windows\system32\drivers\SE27cm.sys 2009-01-11 15:15 . 2006-04-28 16:24 61,600 -ra------ c:\windows\system32\drivers\SE27bus.sys 2009-01-11 15:15 . 2006-04-28 16:24 5,872 -ra------ c:\windows\system32\drivers\SE27whnt.sys 2009-01-11 15:15 . 2006-04-28 16:24 5,872 -ra------ c:\windows\system32\drivers\se27wh.sys 2009-01-11 11:46 . 2009-01-11 11:46 <DIR> d-------- c:\program files\CDex_151 2009-01-11 11:45 . 2009-01-11 11:46 <DIR> d-------- c:\program files\CDex_150 2009-01-10 20:05 . 2009-01-10 20:05 <DIR> d-------- c:\program files\Audacity 2009-01-10 00:30 . 2009-01-10 10:57 <DIR> d-------- c:\windows\SxsCaPendDel 2009-01-08 22:48 . 2008-04-14 21:51 221,184 --a------ c:\windows\system32\wmpns.dll 2009-01-08 22:47 . 2008-06-14 18:36 273,024 --------- c:\windows\system32\drivers\bthport.sys 2009-01-08 22:47 . 2008-06-14 18:36 273,024 -----c--- c:\windows\system32\dllcache\bthport.sys 2009-01-08 22:42 . 2009-01-08 22:42 <DIR> d-------- c:\documents and settings\Administrator\Dane aplikacji\DivX 2009-01-08 22:35 . 2009-01-26 22:21 <DIR> d-------- c:\program files\Steam 2009-01-08 22:33 . 2009-01-08 22:33 <DIR> d-------- c:\documents and settings\Administrator\Dane aplikacji\DAEMON Tools Pro 2009-01-08 22:33 . 2009-01-08 22:33 <DIR> d-------- c:\documents and settings\Administrator\Dane aplikacji\DAEMON Tools 2009-01-08 22:33 . 2008-08-14 14:26 2,190,464 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe 2009-01-08 22:33 . 2008-08-14 14:26 2,146,816 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe 2009-01-08 22:33 . 2008-08-14 14:26 2,067,328 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe 2009-01-08 22:33 . 2008-08-14 14:26 2,025,472 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe 2009-01-08 22:32 . 2009-01-10 00:10 <DIR> d-------- c:\program files\DAEMON Tools Toolbar 2009-01-08 22:32 . 2009-01-10 10:57 <DIR> d-------- c:\program files\DAEMON Tools Lite 2009-01-08 22:32 . 2009-01-08 22:32 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\DAEMON Tools Lite 2009-01-08 22:28 . 2009-01-08 22:34 <DIR> d-------- c:\documents and settings\Administrator\Dane aplikacji\DAEMON Tools Lite 2009-01-08 22:28 . 2009-01-08 22:28 717,296 --a------ c:\windows\system32\drivers\sptd.sys 2009-01-08 22:28 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys 2009-01-08 22:21 . 2005-06-28 10:21 22,752 --a------ c:\windows\system32\spupdsvc.exe 2009-01-08 11:56 . 2009-01-08 11:56 <DIR> d-------- c:\program files\Ares 2009-01-08 11:37 . 2009-01-08 11:37 <DIR> d-------- c:\documents and settings\Administrator\Dane aplikacji\Gadu-Gadu 2009-01-08 11:29 . 2004-08-23 13:50 32,768 --a------ c:\windows\system32\WooDial2000.dll 2009-01-08 11:28 . 2009-01-08 11:28 <DIR> d-------- c:\program files\SAGEM 2009-01-08 11:27 . 2009-01-08 11:27 <DIR> d-------- c:\windows\system32\AlertModule 2009-01-08 11:27 . 2003-08-04 13:22 94,208 --a------ c:\windows\system32\W32n50.dll 2009-01-08 11:27 . 2004-08-23 13:49 40,960 --a------ c:\windows\system32\FTRTSVC.exe 2009-01-08 11:27 . 2005-10-06 14:55 36,864 --a------ c:\windows\system32\IfHelper.dll 2009-01-08 11:27 . 2003-08-04 13:22 16,128 --------- c:\windows\system32\PCANDIS5.SYS 2009-01-08 11:26 . 2009-01-26 22:21 <DIR> d-------- c:\program files\neostrada tp 2009-01-08 11:25 . 2009-01-08 11:25 <DIR> d--hs---- c:\windows\ftpcache 2009-01-07 15:09 . 2009-01-24 17:25 116 --a------ c:\windows\NeroDigital.ini 2009-01-07 15:07 . 2009-01-07 15:07 <DIR> d-------- c:\program files\CyberLink 2009-01-07 15:07 . 2009-01-07 15:07 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\CyberLink 2009-01-07 15:06 . 2004-05-02 09:47 23,040 -ra------ c:\windows\system32\drivers\GVCplDrv.sys 2009-01-07 15:02 . 2009-01-13 20:01 73,728 --a------ c:\windows\system32\javacpl.cpl 2009-01-07 15:01 . 2009-01-13 20:01 <DIR> d-------- c:\program files\Java 2009-01-07 15:01 . 2009-01-07 15:01 <DIR> d-------- c:\program files\Common Files\Java . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-26 21:21 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab 2009-01-24 21:24 --------- d-----w c:\program files\Kaspersky Lab 2009-01-24 21:21 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files 2009-01-24 12:07 --------- d--h--w c:\program files\InstallShield Installation Information 2009-01-09 23:30 --------- d-----w c:\program files\Common Files\Adobe 2009-01-08 10:28 33 ----a-w c:\windows\system32\drivers\adidsl.cfg 2009-01-07 14:06 --------- d-----w c:\program files\Common Files\InstallShield 2009-01-07 13:56 --------- d-----w c:\program files\Gadu-Gadu 2009-01-07 13:54 --------- d-----w c:\program files\IrfanView 2009-01-07 13:51 --------- d-----w c:\program files\Winamp 2009-01-07 13:51 --------- d-----w c:\documents and settings\Administrator\Dane aplikacji\Winamp 2009-01-07 13:50 --------- d-----w c:\program files\Xvid 2009-01-07 13:50 --------- d-----w c:\program files\SubEdit-Player 2009-01-07 13:50 --------- d-----w c:\program files\DivX 2009-01-07 13:47 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Microsoft Help 2009-01-07 13:46 --------- d-----w c:\program files\MSBuild 2009-01-07 13:46 --------- d-----w c:\program files\Microsoft Works 2009-01-07 13:30 --------- d-----w c:\program files\Common Files\Ahead 2009-01-07 13:29 --------- d-----w c:\program files\Ahead 2009-01-07 13:03 --------- d-----w c:\program files\VIA 2009-01-07 12:48 --------- d-----w c:\program files\microsoft frontpage 2009-01-07 12:47 --------- d-----w c:\program files\Usługi online 2009-01-07 12:44 --------- d-----w c:\program files\Windows Media Connect 2 2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys 2008-11-11 19:00 218,376 ----a-w c:\windows\system32\klogon.dll 2008-10-28 22:36 823,296 ----a-w c:\windows\system32\divx_xx0c.dll 2008-10-28 22:36 823,296 ----a-w c:\windows\system32\divx_xx07.dll 2008-10-28 22:35 815,104 ----a-w c:\windows\system32\divx_xx0a.dll 2008-10-28 22:35 802,816 ----a-w c:\windows\system32\divx_xx11.dll 2008-10-28 22:35 684,032 ----a-w c:\windows\system32\DivX.dll . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "Steam"="c:\program files\steam\steam.exe" [2009-01-08 1410296] "ares"="c:\program files\Ares\Ares.exe" [2009-01-03 893952] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-11 7630848] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-11 86016] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-13 136600] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768] "WOOWATCH"="c:\progra~1\NEOSTR~1\Watch.exe" [2004-08-23 20480] "WOOTASKBARICON"="c:\progra~1\NEOSTR~1\GestMaj.exe" [2004-10-14 32768] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696] "AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2008-11-11 206088] "nwiz"="nwiz.exe" [2006-08-11 c:\windows\system32\nwiz.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_2"="shell32" [X] [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Ares\\Ares.exe"= "c:\\Program Files\\Gadu-Gadu\\gg.exe"= "c:\\Program Files\\Steam\\steamapps\\gizmokm\\counter-strike\\hl.exe"= R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 32784] R3 e4usbaw;USB ADSL2 WAN Adapter;c:\windows\system32\drivers\e4usbaw.sys [2009-01-08 116992] R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-04-30 24592] S3 SetupNTGLM7X;SetupNTGLM7X;\??\f:\ntglm7x.sys --> f:\NTGLM7X.sys [?] S4 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);c:\windows\system32\drivers\e4ldr.sys [2009-01-08 64000] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5bdd1475-dcbf-11dd-80eb-001617b32b01}] \Shell\Auto\command - Start.exe \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe . Zawartość folderu 'Zaplanowane zadania' 2009-01-24 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34] . - - - - USUNIĘTO PUSTE WPISY - - - - HKLM-Run-WinampAgent - c:\program files\Winamp\winampa.exe HKLM-Run-BVRPLiveUpdate - c:\program files\Avanquest update\Engine\Setup.exe . ------- Skan uzupełniający ------- . uStart Page = hxxp://www.neostrada.pl IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: { - c:\program files\Messenger\msmsgs.exe TCP: {C1718FF5-7305-4E2A-BD0C-47B3576BD136} = 194.204.159.1 217.98.63.164 FF - ProfilePath - c:\documents and settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\94iwonbv.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.pl/ FF - component: c:\program files\DAEMON Tools Toolbar\FirefoxDTT\components\DTToolbarFF.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npganymedenet.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-26 22:22:27 Windows 5.1.2600 Dodatek Service Pack 3 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** . ------------------------ Pozostałe uruchomione procesy ------------------------ . c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\windows\system32\FTRTSVC.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\nvsvc32.exe c:\windows\system32\wbem\wmiapsrv.exe c:\windows\system32\rundll32.exe c:\progra~1\NEOSTR~1\TaskBarIcon.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Czas ukończenia: 2009-01-26 22:24:18 - komputer został uruchomiony ponownie ComboFix-quarantined-files.txt 2009-01-26 21:24:15 Przed: 41˙975˙054˙336 bajt˘w wolnych Po: 42,020,409,344 bajt˘w wolnych WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect 246 --- E O F --- 2009-01-18 11:02:41[code][/code][code][code][/code][/code][/code]

**Posty:** 8001 · przez **Okocza** 27 Sty 2009, 00:47

Wykonaj to co jest podane w tym temacie

Zastosuj SDFix . Po pobraniu uruchom go a rozpakuje się do C:\SDFix. Uruchom komputer w trybie awaryjnym (F8 przy stracie systemu). Będąc w awaryjnym uruchom plik RunThis.bat z folderu SDFixa. Zatwierdź czyszczenie przez Y. Poczekaj aż ukończy i komputer zresetuje

Potem wejdz do folderu C:\SDFix wrzuc zawartość pliku Report.txt + log z combofixa oraz daj loga z hijacka

**Posty:** 4 · przez **kriss-20** 27 Sty 2009, 16:08

Kod: Zaznacz wszystko: [code]ComboFix 09-01-21.04 - Administrator 2009-01-27 14:58:31.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1250.1.1045.18.510.293 [GMT 1:00] Uruchomiony z: c:\documents and settings\Administrator\Pulpit\ComboFix.exe AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated) . ((((((((((((((((((((((((( Pliki utworzone od 2008-12-27 do 2009-01-27 ))))))))))))))))))))))))))))))) . 2009-01-26 23:56 . 2009-01-26 23:57 <DIR> d-------- c:\windows\ERUNT 2009-01-26 23:51 . 2009-01-27 14:54 <DIR> d-------- C:\SDFix 2009-01-26 16:54 . 2009-01-26 16:56 <DIR> d-------- c:\documents and settings\Administrator\Dane aplikacji\GanymedeNet 2009-01-26 16:52 . 2009-01-26 16:53 <DIR> d-------- c:\program files\Ganymede 2009-01-26 15:57 . 2009-01-26 15:57 <DIR> d-------- c:\windows\Sun 2009-01-25 12:37 . 2009-01-25 12:37 <DIR> d-------- C:\SOPHTEMP 2009-01-24 22:25 . 2009-01-24 22:25 96,976 --a------ c:\windows\system32\drivers\klin.dat 2009-01-24 22:25 . 2009-01-24 22:25 87,855 --a------ c:\windows\system32\drivers\klick.dat 2009-01-24 22:24 . 2009-01-27 14:40 2,100,256 --ahs---- c:\windows\system32\drivers\fidbox.dat 2009-01-24 22:24 . 2009-01-27 14:40 253,984 --ahs---- c:\windows\system32\drivers\fidbox2.dat 2009-01-24 22:24 . 2009-01-27 14:40 19,584 --ahs---- c:\windows\system32\drivers\fidbox.idx 2009-01-24 22:24 . 2009-01-27 14:40 2,996 --ahs---- c:\windows\system32\drivers\fidbox2.idx 2009-01-24 21:58 . 2009-01-24 21:58 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Apple Computer 2009-01-24 21:57 . 2009-01-24 21:57 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Apple 2009-01-24 21:55 . 2009-01-24 21:55 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\BVRP Software 2009-01-24 20:56 . 2009-01-24 20:56 <DIR> d-------- c:\documents and settings\Administrator\DoctorWeb 2009-01-24 15:19 . 2009-01-24 15:19 <DIR> d-------- c:\documents and settings\Administrator\Dane aplikacji\Apple Computer 2009-01-24 15:12 . 2009-01-24 21:50 <DIR> d-------- c:\program files\QuickTime 2009-01-24 15:12 . 2009-01-24 21:59 <DIR> d-------- c:\program files\Bonjour 2009-01-24 15:11 . 2009-01-24 21:50 <DIR> d-------- c:\program files\Apple Software Update 2009-01-24 15:10 . 2009-01-24 15:10 <DIR> d-------- c:\program files\Common Files\Apple 2009-01-24 13:07 . 2009-01-24 21:51 <DIR> d-------- c:\program files\Avanquest update 2009-01-24 13:06 . 2007-04-03 13:57 108,680 --a------ c:\windows\system32\drivers\s116mdm.sys 2009-01-24 13:06 . 2007-04-03 13:57 100,488 --a------ c:\windows\system32\drivers\s116mgmt.sys 2009-01-24 13:06 . 2007-04-03 13:57 99,080 --a------ c:\windows\system32\drivers\s116unic.sys 2009-01-24 13:06 . 2007-04-03 13:57 98,696 --a------ c:\windows\system32\drivers\s116obex.sys 2009-01-24 13:06 . 2007-04-03 13:57 83,336 --a------ c:\windows\system32\drivers\s116bus.sys 2009-01-24 13:06 . 2007-04-03 13:57 23,176 --a------ c:\windows\system32\drivers\s116nd5.sys 2009-01-24 13:06 . 2007-04-03 13:57 15,112 --a------ c:\windows\system32\drivers\s116mdfl.sys 2009-01-24 13:06 . 2007-04-03 13:57 12,424 --a------ c:\windows\system32\drivers\s116whnt.sys 2009-01-24 13:06 . 2007-04-03 13:57 12,424 --a------ c:\windows\system32\drivers\s116wh.sys 2009-01-24 13:06 . 2007-04-03 13:57 12,424 --a------ c:\windows\system32\drivers\s116cmnt.sys 2009-01-24 13:06 . 2007-04-03 13:57 12,424 --a------ c:\windows\system32\drivers\s116cm.sys 2009-01-24 13:06 . 2007-04-03 13:57 11,016 --a------ c:\windows\system32\drivers\s116cr.sys 2009-01-24 13:05 . 2009-01-24 13:05 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Sony Ericsson 2009-01-24 13:00 . 2009-01-24 13:00 <DIR> d-------- c:\documents and settings\Administrator\Dane aplikacji\InstallShield 2009-01-24 12:44 . 2009-01-24 12:45 <DIR> d-------- c:\documents and settings\Administrator\Dane aplikacji\Teleca 2009-01-24 12:41 . 2009-01-24 13:05 <DIR> d-------- c:\program files\Common Files\Teleca Shared 2009-01-24 12:38 . 2009-01-24 12:39 54,156 --ah----- c:\windows\QTFont.qfn 2009-01-24 12:38 . 2009-01-24 12:39 1,409 --a------ c:\windows\QTFont.for 2009-01-24 12:35 . 2009-01-24 12:42 <DIR> d-------- c:\program files\SendFile 2009-01-24 12:35 . 2009-01-24 12:35 249,856 --------- c:\windows\Setup1.exe 2009-01-24 12:35 . 2009-01-24 12:35 73,216 --a------ c:\windows\ST6UNST.EXE 2009-01-24 12:27 . 2009-01-24 13:05 <DIR> d-------- c:\program files\Sony Ericsson 2009-01-24 12:19 . 2009-01-24 12:27 <DIR> d-------- c:\program files\Send File 2009-01-24 12:01 . 2008-04-14 00:15 32,128 --a------ c:\windows\system32\drivers\usbccgp.sys 2009-01-24 12:01 . 2008-04-14 00:15 32,128 --a--c--- c:\windows\system32\dllcache\usbccgp.sys 2009-01-24 11:58 . 2006-04-28 16:24 18,704 -ra------ c:\windows\system32\drivers\se27nd5.sys 2009-01-23 16:56 . 2009-01-23 16:56 <DIR> d-------- c:\program files\NAPI-PROJEKT 2009-01-13 20:01 . 2009-01-13 20:01 410,984 --a------ c:\windows\system32\deploytk.dll 2009-01-11 15:31 . 2009-01-24 15:11 <DIR> d----c--- c:\windows\system32\DRVSTORE 2009-01-11 15:28 . 2009-01-11 15:29 <DIR> d-------- c:\windows\Downloaded Installations 2009-01-11 15:23 . 2006-04-28 16:24 90,800 -ra------ c:\windows\system32\drivers\se27unic.sys 2009-01-11 15:23 . 2006-04-28 16:23 4,128 -ra------ c:\windows\system32\drivers\se27cr.sys 2009-01-11 15:20 . 2006-04-28 16:26 88,688 -ra------ c:\windows\system32\drivers\SE27mgmt.sys 2009-01-11 15:19 . 2006-04-28 16:27 86,560 -ra------ c:\windows\system32\drivers\SE27obex.sys 2009-01-11 15:17 . 2006-04-28 16:25 97,184 -ra------ c:\windows\system32\drivers\SE27mdm.sys 2009-01-11 15:17 . 2006-04-28 16:25 9,360 -ra------ c:\windows\system32\drivers\SE27mdfl.sys 2009-01-11 15:17 . 2006-04-28 16:27 6,240 -ra------ c:\windows\system32\drivers\SE27cmnt.sys 2009-01-11 15:17 . 2006-04-28 16:27 6,240 -ra------ c:\windows\system32\drivers\SE27cm.sys 2009-01-11 15:15 . 2006-04-28 16:24 61,600 -ra------ c:\windows\system32\drivers\SE27bus.sys 2009-01-11 15:15 . 2006-04-28 16:24 5,872 -ra------ c:\windows\system32\drivers\SE27whnt.sys 2009-01-11 15:15 . 2006-04-28 16:24 5,872 -ra------ c:\windows\system32\drivers\se27wh.sys 2009-01-11 11:46 . 2009-01-11 11:46 <DIR> d-------- c:\program files\CDex_151 2009-01-11 11:45 . 2009-01-11 11:46 <DIR> d-------- c:\program files\CDex_150 2009-01-10 20:05 . 2009-01-10 20:05 <DIR> d-------- c:\program files\Audacity 2009-01-10 00:30 . 2009-01-10 10:57 <DIR> d-------- c:\windows\SxsCaPendDel 2009-01-08 22:48 . 2008-04-14 21:51 221,184 --a------ c:\windows\system32\wmpns.dll 2009-01-08 22:47 . 2008-06-14 18:36 273,024 --------- c:\windows\system32\drivers\bthport.sys 2009-01-08 22:47 . 2008-06-14 18:36 273,024 -----c--- c:\windows\system32\dllcache\bthport.sys 2009-01-08 22:42 . 2009-01-08 22:42 <DIR> d-------- c:\documents and settings\Administrator\Dane aplikacji\DivX 2009-01-08 22:35 . 2009-01-27 14:56 <DIR> d-------- c:\program files\Steam 2009-01-08 22:33 . 2009-01-08 22:33 <DIR> d-------- c:\documents and settings\Administrator\Dane aplikacji\DAEMON Tools Pro 2009-01-08 22:33 . 2009-01-08 22:33 <DIR> d-------- c:\documents and settings\Administrator\Dane aplikacji\DAEMON Tools 2009-01-08 22:33 . 2008-08-14 14:26 2,190,464 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe 2009-01-08 22:33 . 2008-08-14 14:26 2,146,816 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe 2009-01-08 22:33 . 2008-08-14 14:26 2,067,328 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe 2009-01-08 22:33 . 2008-08-14 14:26 2,025,472 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe 2009-01-08 22:32 . 2009-01-10 00:10 <DIR> d-------- c:\program files\DAEMON Tools Toolbar 2009-01-08 22:32 . 2009-01-10 10:57 <DIR> d-------- c:\program files\DAEMON Tools Lite 2009-01-08 22:32 . 2009-01-08 22:32 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\DAEMON Tools Lite 2009-01-08 22:28 . 2009-01-08 22:34 <DIR> d-------- c:\documents and settings\Administrator\Dane aplikacji\DAEMON Tools Lite 2009-01-08 22:28 . 2009-01-08 22:28 717,296 --a------ c:\windows\system32\drivers\sptd.sys 2009-01-08 22:28 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys 2009-01-08 22:21 . 2005-06-28 10:21 22,752 --a------ c:\windows\system32\spupdsvc.exe 2009-01-08 11:56 . 2009-01-08 11:56 <DIR> d-------- c:\program files\Ares 2009-01-08 11:37 . 2009-01-08 11:37 <DIR> d-------- c:\documents and settings\Administrator\Dane aplikacji\Gadu-Gadu 2009-01-08 11:29 . 2004-08-23 13:50 32,768 --a------ c:\windows\system32\WooDial2000.dll 2009-01-08 11:28 . 2009-01-08 11:28 <DIR> d-------- c:\program files\SAGEM 2009-01-08 11:27 . 2009-01-08 11:27 <DIR> d-------- c:\windows\system32\AlertModule 2009-01-08 11:27 . 2003-08-04 13:22 94,208 --a------ c:\windows\system32\W32n50.dll 2009-01-08 11:27 . 2004-08-23 13:49 40,960 --a------ c:\windows\system32\FTRTSVC.exe 2009-01-08 11:27 . 2005-10-06 14:55 36,864 --a------ c:\windows\system32\IfHelper.dll 2009-01-08 11:27 . 2003-08-04 13:22 16,128 --------- c:\windows\system32\PCANDIS5.SYS 2009-01-08 11:26 . 2009-01-27 14:55 <DIR> d-------- c:\program files\neostrada tp 2009-01-08 11:25 . 2009-01-08 11:25 <DIR> d--hs---- c:\windows\ftpcache 2009-01-07 15:09 . 2009-01-24 17:25 116 --a------ c:\windows\NeroDigital.ini 2009-01-07 15:07 . 2009-01-07 15:07 <DIR> d-------- c:\program files\CyberLink 2009-01-07 15:07 . 2009-01-07 15:07 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\CyberLink 2009-01-07 15:06 . 2004-05-02 09:47 23,040 -ra------ c:\windows\system32\drivers\GVCplDrv.sys 2009-01-07 15:02 . 2009-01-13 20:01 73,728 --a------ c:\windows\system32\javacpl.cpl 2009-01-07 15:01 . 2009-01-13 20:01 <DIR> d-------- c:\program files\Java 2009-01-07 15:01 . 2009-01-07 15:01 <DIR> d-------- c:\program files\Common Files\Java . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-27 13:55 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab 2009-01-24 21:24 --------- d-----w c:\program files\Kaspersky Lab 2009-01-24 21:21 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files 2009-01-24 12:07 --------- d--h--w c:\program files\InstallShield Installation Information 2009-01-09 23:30 --------- d-----w c:\program files\Common Files\Adobe 2009-01-08 10:28 33 ----a-w c:\windows\system32\drivers\adidsl.cfg 2009-01-07 14:06 --------- d-----w c:\program files\Common Files\InstallShield 2009-01-07 13:56 --------- d-----w c:\program files\Gadu-Gadu 2009-01-07 13:54 --------- d-----w c:\program files\IrfanView 2009-01-07 13:51 --------- d-----w c:\program files\Winamp 2009-01-07 13:51 --------- d-----w c:\documents and settings\Administrator\Dane aplikacji\Winamp 2009-01-07 13:50 --------- d-----w c:\program files\Xvid 2009-01-07 13:50 --------- d-----w c:\program files\SubEdit-Player 2009-01-07 13:50 --------- d-----w c:\program files\DivX 2009-01-07 13:47 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Microsoft Help 2009-01-07 13:46 --------- d-----w c:\program files\MSBuild 2009-01-07 13:46 --------- d-----w c:\program files\Microsoft Works 2009-01-07 13:30 --------- d-----w c:\program files\Common Files\Ahead 2009-01-07 13:29 --------- d-----w c:\program files\Ahead 2009-01-07 13:03 --------- d-----w c:\program files\VIA 2009-01-07 12:48 --------- d-----w c:\program files\microsoft frontpage 2009-01-07 12:47 --------- d-----w c:\program files\Usługi online 2009-01-07 12:44 --------- d-----w c:\program files\Windows Media Connect 2 2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys 2008-11-11 19:00 218,376 ----a-w c:\windows\system32\klogon.dll 2008-10-28 22:36 823,296 ----a-w c:\windows\system32\divx_xx0c.dll 2008-10-28 22:36 823,296 ----a-w c:\windows\system32\divx_xx07.dll 2008-10-28 22:35 815,104 ----a-w c:\windows\system32\divx_xx0a.dll 2008-10-28 22:35 802,816 ----a-w c:\windows\system32\divx_xx11.dll 2008-10-28 22:35 684,032 ----a-w c:\windows\system32\DivX.dll . ((((((((((((((((((((((((((((( snapshot@2009-01-26_22.23.31.37 ))))))))))))))))))))))))))))))))))))))))) . + 2008-08-07 14:27:04 163,328 ----a-w c:\windows\ERUNT\SDFIX\ERDNT.EXE + 2009-01-27 13:43:15 3,170,304 ----a-w c:\windows\ERUNT\SDFIX\Users\[u]0[/u]0000001\NTUSER.DAT + 2009-01-27 13:43:16 167,936 ----a-w c:\windows\ERUNT\SDFIX\Users\[u]0[/u]0000002\UsrClass.dat + 2008-08-07 14:27:04 163,328 ----a-w c:\windows\ERUNT\SDFIX_First_Run\ERDNT.EXE + 2009-01-26 22:57:08 3,166,208 ----a-w c:\windows\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000001\NTUSER.DAT + 2009-01-26 22:57:08 167,936 ----a-w c:\windows\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000002\UsrClass.dat + 2009-01-27 13:50:10 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_668.dat . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "Steam"="c:\program files\steam\steam.exe" [2009-01-08 1410296] "ares"="c:\program files\Ares\Ares.exe" [2009-01-03 893952] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-11 7630848] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-11 86016] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-13 136600] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768] "WOOWATCH"="c:\progra~1\NEOSTR~1\Watch.exe" [2004-08-23 20480] "WOOTASKBARICON"="c:\progra~1\NEOSTR~1\GestMaj.exe" [2004-10-14 32768] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696] "AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2008-11-11 206088] "nwiz"="nwiz.exe" [2006-08-11 c:\windows\system32\nwiz.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_2"="shell32" [X] [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Ares\\Ares.exe"= "c:\\Program Files\\Gadu-Gadu\\gg.exe"= "c:\\Program Files\\Steam\\steamapps\\gizmokm\\counter-strike\\hl.exe"= R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 32784] R3 e4usbaw;USB ADSL2 WAN Adapter;c:\windows\system32\drivers\e4usbaw.sys [2009-01-08 116992] R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-04-30 24592] S3 SetupNTGLM7X;SetupNTGLM7X;\??\f:\ntglm7x.sys --> f:\NTGLM7X.sys [?] S4 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);c:\windows\system32\drivers\e4ldr.sys [2009-01-08 64000] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5bdd1475-dcbf-11dd-80eb-001617b32b01}] \Shell\Auto\command - Start.exe \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe . Zawartość folderu 'Zaplanowane zadania' 2009-01-24 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34] . . ------- Skan uzupełniający ------- . uStart Page = hxxp://www.neostrada.pl IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: { - c:\program files\Messenger\msmsgs.exe FF - ProfilePath - c:\documents and settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\94iwonbv.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.pl/ FF - component: c:\program files\DAEMON Tools Toolbar\FirefoxDTT\components\DTToolbarFF.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npganymedenet.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-27 15:00:24 Windows 5.1.2600 Dodatek Service Pack 3 NTFS skanowanie ukrytych procesów ... c:\windows\explorer.exe [2492] 0x822D3DA0 skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** . Czas ukończenia: 2009-01-27 15:02:03 ComboFix-quarantined-files.txt 2009-01-27 14:02:01 ComboFix2.txt 2009-01-26 21:24:19 Przed: 41 968 791 552 bajtów wolnych Po: 41,958,944,768 bajtów wolnych 234 --- E O F --- 2009-01-18 11:02:41 [/code] Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:57:16, on 2009-01-27 Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0013) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\System32\FTRTSVC.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\PROGRA~1\NEOSTR~1\TaskBarIcon.exe C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\Administrator\Pulpit\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\GestMaj.exe TaskBarIcon.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user') O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Statystyki ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 6247 bytes [b]SDFix: Version 1.240 [/b] Run by Administrator on 2009-01-27 at 14:45 Microsoft Windows XP [Wersja 5.1.2600] Running From: C:\SDFix [b]Checking Services [/b]: Restoring Default Security Values Restoring Default Hosts File Rebooting [b]Checking Files [/b]: No Trojan Files Found Removing Temp Files [b]ADS Check [/b]: [b]Final Check [/b]: catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-27 14:52:22 Windows 5.1.2600 Dodatek Service Pack 3 NTFS scanning hidden processes ... scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg] "s1"=dword:2df9c43f "s2"=dword:110480d0 "h0"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "h0"=dword:00000000 "khjeh"=hex:bf,62,51,62,51,ed,bf,0d,6d,09,4e,1b,ed,fd,9f,ed,41,f6,b6,82,b0,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "h0"=dword:00000000 "khjeh"=hex:bf,62,51,62,51,ed,bf,0d,6d,09,4e,1b,ed,fd,9f,ed,41,f6,b6,82,b0,.. scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 [b]Remaining Services [/b]: Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook" "C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove" "C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote" "C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour" "C:\\Program Files\\Ares\\Ares.exe"="C:\\Program Files\\Ares\\Ares.exe:*:Enabled:Ares p2p for windows" "C:\\Program Files\\Gadu-Gadu\\gg.exe"="C:\\Program Files\\Gadu-Gadu\\gg.exe:*:Enabled:Gadu-Gadu - program g˘wny" "C:\\Program Files\\Steam\\steamapps\\gizmokm\\counter-strike\\hl.exe"="C:\\Program Files\\Steam\\steamapps\\gizmokm\\counter-strike\\hl.exe:*:Enabled:Half-Life Launcher" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" [b]Remaining Files [/b]: [b]Files with Hidden Attributes [/b]: [b]Finished![/b]

**Posty:** 8001 · przez **Okocza** 27 Sty 2009, 16:19

kriss-20, a gdzie log z SDFixa?

**Posty:** 4 · przez **kriss-20** 27 Sty 2009, 17:54

na samym końcu!! chyba

Dodano Dzisiaj, 16:58:
wczoraj nawet w CS-a nie mogłem pograc bo lagi takie ze nie szło trafic!!:(

**Posty:** 8001 · przez **Okocza** 27 Sty 2009, 18:08

kriss-20, powstawiaj oddzielnie te logi bo nie idzie ich sprawdzić.

**Posty:** 4 · przez **kriss-20** 27 Sty 2009, 18:10

Kod: Zaznacz wszystko: ComboFix 09-01-21.04 - Administrator 2009-01-27 14:58:31.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1250.1.1045.18.510.293 [GMT 1:00] Uruchomiony z: c:\documents and settings\Administrator\Pulpit\ComboFix.exe AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated) . ((((((((((((((((((((((((( Pliki utworzone od 2008-12-27 do 2009-01-27 ))))))))))))))))))))))))))))))) . 2009-01-26 23:56 . 2009-01-26 23:57 <DIR> d-------- c:\windows\ERUNT 2009-01-26 23:51 . 2009-01-27 14:54 <DIR> d-------- C:\SDFix 2009-01-26 16:54 . 2009-01-26 16:56 <DIR> d-------- c:\documents and settings\Administrator\Dane aplikacji\GanymedeNet 2009-01-26 16:52 . 2009-01-26 16:53 <DIR> d-------- c:\program files\Ganymede 2009-01-26 15:57 . 2009-01-26 15:57 <DIR> d-------- c:\windows\Sun 2009-01-25 12:37 . 2009-01-25 12:37 <DIR> d-------- C:\SOPHTEMP 2009-01-24 22:25 . 2009-01-24 22:25 96,976 --a------ c:\windows\system32\drivers\klin.dat 2009-01-24 22:25 . 2009-01-24 22:25 87,855 --a------ c:\windows\system32\drivers\klick.dat 2009-01-24 22:24 . 2009-01-27 14:40 2,100,256 --ahs---- c:\windows\system32\drivers\fidbox.dat 2009-01-24 22:24 . 2009-01-27 14:40 253,984 --ahs---- c:\windows\system32\drivers\fidbox2.dat 2009-01-24 22:24 . 2009-01-27 14:40 19,584 --ahs---- c:\windows\system32\drivers\fidbox.idx 2009-01-24 22:24 . 2009-01-27 14:40 2,996 --ahs---- c:\windows\system32\drivers\fidbox2.idx 2009-01-24 21:58 . 2009-01-24 21:58 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Apple Computer 2009-01-24 21:57 . 2009-01-24 21:57 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Apple 2009-01-24 21:55 . 2009-01-24 21:55 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\BVRP Software 2009-01-24 20:56 . 2009-01-24 20:56 <DIR> d-------- c:\documents and settings\Administrator\DoctorWeb 2009-01-24 15:19 . 2009-01-24 15:19 <DIR> d-------- c:\documents and settings\Administrator\Dane aplikacji\Apple Computer 2009-01-24 15:12 . 2009-01-24 21:50 <DIR> d-------- c:\program files\QuickTime 2009-01-24 15:12 . 2009-01-24 21:59 <DIR> d-------- c:\program files\Bonjour 2009-01-24 15:11 . 2009-01-24 21:50 <DIR> d-------- c:\program files\Apple Software Update 2009-01-24 15:10 . 2009-01-24 15:10 <DIR> d-------- c:\program files\Common Files\Apple 2009-01-24 13:07 . 2009-01-24 21:51 <DIR> d-------- c:\program files\Avanquest update 2009-01-24 13:06 . 2007-04-03 13:57 108,680 --a------ c:\windows\system32\drivers\s116mdm.sys 2009-01-24 13:06 . 2007-04-03 13:57 100,488 --a------ c:\windows\system32\drivers\s116mgmt.sys 2009-01-24 13:06 . 2007-04-03 13:57 99,080 --a------ c:\windows\system32\drivers\s116unic.sys 2009-01-24 13:06 . 2007-04-03 13:57 98,696 --a------ c:\windows\system32\drivers\s116obex.sys 2009-01-24 13:06 . 2007-04-03 13:57 83,336 --a------ c:\windows\system32\drivers\s116bus.sys 2009-01-24 13:06 . 2007-04-03 13:57 23,176 --a------ c:\windows\system32\drivers\s116nd5.sys 2009-01-24 13:06 . 2007-04-03 13:57 15,112 --a------ c:\windows\system32\drivers\s116mdfl.sys 2009-01-24 13:06 . 2007-04-03 13:57 12,424 --a------ c:\windows\system32\drivers\s116whnt.sys 2009-01-24 13:06 . 2007-04-03 13:57 12,424 --a------ c:\windows\system32\drivers\s116wh.sys 2009-01-24 13:06 . 2007-04-03 13:57 12,424 --a------ c:\windows\system32\drivers\s116cmnt.sys 2009-01-24 13:06 . 2007-04-03 13:57 12,424 --a------ c:\windows\system32\drivers\s116cm.sys 2009-01-24 13:06 . 2007-04-03 13:57 11,016 --a------ c:\windows\system32\drivers\s116cr.sys 2009-01-24 13:05 . 2009-01-24 13:05 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Sony Ericsson 2009-01-24 13:00 . 2009-01-24 13:00 <DIR> d-------- c:\documents and settings\Administrator\Dane aplikacji\InstallShield 2009-01-24 12:44 . 2009-01-24 12:45 <DIR> d-------- c:\documents and settings\Administrator\Dane aplikacji\Teleca 2009-01-24 12:41 . 2009-01-24 13:05 <DIR> d-------- c:\program files\Common Files\Teleca Shared 2009-01-24 12:38 . 2009-01-24 12:39 54,156 --ah----- c:\windows\QTFont.qfn 2009-01-24 12:38 . 2009-01-24 12:39 1,409 --a------ c:\windows\QTFont.for 2009-01-24 12:35 . 2009-01-24 12:42 <DIR> d-------- c:\program files\SendFile 2009-01-24 12:35 . 2009-01-24 12:35 249,856 --------- c:\windows\Setup1.exe 2009-01-24 12:35 . 2009-01-24 12:35 73,216 --a------ c:\windows\ST6UNST.EXE 2009-01-24 12:27 . 2009-01-24 13:05 <DIR> d-------- c:\program files\Sony Ericsson 2009-01-24 12:19 . 2009-01-24 12:27 <DIR> d-------- c:\program files\Send File 2009-01-24 12:01 . 2008-04-14 00:15 32,128 --a------ c:\windows\system32\drivers\usbccgp.sys 2009-01-24 12:01 . 2008-04-14 00:15 32,128 --a--c--- c:\windows\system32\dllcache\usbccgp.sys 2009-01-24 11:58 . 2006-04-28 16:24 18,704 -ra------ c:\windows\system32\drivers\se27nd5.sys 2009-01-23 16:56 . 2009-01-23 16:56 <DIR> d-------- c:\program files\NAPI-PROJEKT 2009-01-13 20:01 . 2009-01-13 20:01 410,984 --a------ c:\windows\system32\deploytk.dll 2009-01-11 15:31 . 2009-01-24 15:11 <DIR> d----c--- c:\windows\system32\DRVSTORE 2009-01-11 15:28 . 2009-01-11 15:29 <DIR> d-------- c:\windows\Downloaded Installations 2009-01-11 15:23 . 2006-04-28 16:24 90,800 -ra------ c:\windows\system32\drivers\se27unic.sys 2009-01-11 15:23 . 2006-04-28 16:23 4,128 -ra------ c:\windows\system32\drivers\se27cr.sys 2009-01-11 15:20 . 2006-04-28 16:26 88,688 -ra------ c:\windows\system32\drivers\SE27mgmt.sys 2009-01-11 15:19 . 2006-04-28 16:27 86,560 -ra------ c:\windows\system32\drivers\SE27obex.sys 2009-01-11 15:17 . 2006-04-28 16:25 97,184 -ra------ c:\windows\system32\drivers\SE27mdm.sys 2009-01-11 15:17 . 2006-04-28 16:25 9,360 -ra------ c:\windows\system32\drivers\SE27mdfl.sys 2009-01-11 15:17 . 2006-04-28 16:27 6,240 -ra------ c:\windows\system32\drivers\SE27cmnt.sys 2009-01-11 15:17 . 2006-04-28 16:27 6,240 -ra------ c:\windows\system32\drivers\SE27cm.sys 2009-01-11 15:15 . 2006-04-28 16:24 61,600 -ra------ c:\windows\system32\drivers\SE27bus.sys 2009-01-11 15:15 . 2006-04-28 16:24 5,872 -ra------ c:\windows\system32\drivers\SE27whnt.sys 2009-01-11 15:15 . 2006-04-28 16:24 5,872 -ra------ c:\windows\system32\drivers\se27wh.sys 2009-01-11 11:46 . 2009-01-11 11:46 <DIR> d-------- c:\program files\CDex_151 2009-01-11 11:45 . 2009-01-11 11:46 <DIR> d-------- c:\program files\CDex_150 2009-01-10 20:05 . 2009-01-10 20:05 <DIR> d-------- c:\program files\Audacity 2009-01-10 00:30 . 2009-01-10 10:57 <DIR> d-------- c:\windows\SxsCaPendDel 2009-01-08 22:48 . 2008-04-14 21:51 221,184 --a------ c:\windows\system32\wmpns.dll 2009-01-08 22:47 . 2008-06-14 18:36 273,024 --------- c:\windows\system32\drivers\bthport.sys 2009-01-08 22:47 . 2008-06-14 18:36 273,024 -----c--- c:\windows\system32\dllcache\bthport.sys 2009-01-08 22:42 . 2009-01-08 22:42 <DIR> d-------- c:\documents and settings\Administrator\Dane aplikacji\DivX 2009-01-08 22:35 . 2009-01-27 14:56 <DIR> d-------- c:\program files\Steam 2009-01-08 22:33 . 2009-01-08 22:33 <DIR> d-------- c:\documents and settings\Administrator\Dane aplikacji\DAEMON Tools Pro 2009-01-08 22:33 . 2009-01-08 22:33 <DIR> d-------- c:\documents and settings\Administrator\Dane aplikacji\DAEMON Tools 2009-01-08 22:33 . 2008-08-14 14:26 2,190,464 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe 2009-01-08 22:33 . 2008-08-14 14:26 2,146,816 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe 2009-01-08 22:33 . 2008-08-14 14:26 2,067,328 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe 2009-01-08 22:33 . 2008-08-14 14:26 2,025,472 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe 2009-01-08 22:32 . 2009-01-10 00:10 <DIR> d-------- c:\program files\DAEMON Tools Toolbar 2009-01-08 22:32 . 2009-01-10 10:57 <DIR> d-------- c:\program files\DAEMON Tools Lite 2009-01-08 22:32 . 2009-01-08 22:32 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\DAEMON Tools Lite 2009-01-08 22:28 . 2009-01-08 22:34 <DIR> d-------- c:\documents and settings\Administrator\Dane aplikacji\DAEMON Tools Lite 2009-01-08 22:28 . 2009-01-08 22:28 717,296 --a------ c:\windows\system32\drivers\sptd.sys 2009-01-08 22:28 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys 2009-01-08 22:21 . 2005-06-28 10:21 22,752 --a------ c:\windows\system32\spupdsvc.exe 2009-01-08 11:56 . 2009-01-08 11:56 <DIR> d-------- c:\program files\Ares 2009-01-08 11:37 . 2009-01-08 11:37 <DIR> d-------- c:\documents and settings\Administrator\Dane aplikacji\Gadu-Gadu 2009-01-08 11:29 . 2004-08-23 13:50 32,768 --a------ c:\windows\system32\WooDial2000.dll 2009-01-08 11:28 . 2009-01-08 11:28 <DIR> d-------- c:\program files\SAGEM 2009-01-08 11:27 . 2009-01-08 11:27 <DIR> d-------- c:\windows\system32\AlertModule 2009-01-08 11:27 . 2003-08-04 13:22 94,208 --a------ c:\windows\system32\W32n50.dll 2009-01-08 11:27 . 2004-08-23 13:49 40,960 --a------ c:\windows\system32\FTRTSVC.exe 2009-01-08 11:27 . 2005-10-06 14:55 36,864 --a------ c:\windows\system32\IfHelper.dll 2009-01-08 11:27 . 2003-08-04 13:22 16,128 --------- c:\windows\system32\PCANDIS5.SYS 2009-01-08 11:26 . 2009-01-27 14:55 <DIR> d-------- c:\program files\neostrada tp 2009-01-08 11:25 . 2009-01-08 11:25 <DIR> d--hs---- c:\windows\ftpcache 2009-01-07 15:09 . 2009-01-24 17:25 116 --a------ c:\windows\NeroDigital.ini 2009-01-07 15:07 . 2009-01-07 15:07 <DIR> d-------- c:\program files\CyberLink 2009-01-07 15:07 . 2009-01-07 15:07 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\CyberLink 2009-01-07 15:06 . 2004-05-02 09:47 23,040 -ra------ c:\windows\system32\drivers\GVCplDrv.sys 2009-01-07 15:02 . 2009-01-13 20:01 73,728 --a------ c:\windows\system32\javacpl.cpl 2009-01-07 15:01 . 2009-01-13 20:01 <DIR> d-------- c:\program files\Java 2009-01-07 15:01 . 2009-01-07 15:01 <DIR> d-------- c:\program files\Common Files\Java . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-27 13:55 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab 2009-01-24 21:24 --------- d-----w c:\program files\Kaspersky Lab 2009-01-24 21:21 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files 2009-01-24 12:07 --------- d--h--w c:\program files\InstallShield Installation Information 2009-01-09 23:30 --------- d-----w c:\program files\Common Files\Adobe 2009-01-08 10:28 33 ----a-w c:\windows\system32\drivers\adidsl.cfg 2009-01-07 14:06 --------- d-----w c:\program files\Common Files\InstallShield 2009-01-07 13:56 --------- d-----w c:\program files\Gadu-Gadu 2009-01-07 13:54 --------- d-----w c:\program files\IrfanView 2009-01-07 13:51 --------- d-----w c:\program files\Winamp 2009-01-07 13:51 --------- d-----w c:\documents and settings\Administrator\Dane aplikacji\Winamp 2009-01-07 13:50 --------- d-----w c:\program files\Xvid 2009-01-07 13:50 --------- d-----w c:\program files\SubEdit-Player 2009-01-07 13:50 --------- d-----w c:\program files\DivX 2009-01-07 13:47 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Microsoft Help 2009-01-07 13:46 --------- d-----w c:\program files\MSBuild 2009-01-07 13:46 --------- d-----w c:\program files\Microsoft Works 2009-01-07 13:30 --------- d-----w c:\program files\Common Files\Ahead 2009-01-07 13:29 --------- d-----w c:\program files\Ahead 2009-01-07 13:03 --------- d-----w c:\program files\VIA 2009-01-07 12:48 --------- d-----w c:\program files\microsoft frontpage 2009-01-07 12:47 --------- d-----w c:\program files\Usługi online 2009-01-07 12:44 --------- d-----w c:\program files\Windows Media Connect 2 2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys 2008-11-11 19:00 218,376 ----a-w c:\windows\system32\klogon.dll 2008-10-28 22:36 823,296 ----a-w c:\windows\system32\divx_xx0c.dll 2008-10-28 22:36 823,296 ----a-w c:\windows\system32\divx_xx07.dll 2008-10-28 22:35 815,104 ----a-w c:\windows\system32\divx_xx0a.dll 2008-10-28 22:35 802,816 ----a-w c:\windows\system32\divx_xx11.dll 2008-10-28 22:35 684,032 ----a-w c:\windows\system32\DivX.dll . ((((((((((((((((((((((((((((( snapshot@2009-01-26_22.23.31.37 ))))))))))))))))))))))))))))))))))))))))) . + 2008-08-07 14:27:04 163,328 ----a-w c:\windows\ERUNT\SDFIX\ERDNT.EXE + 2009-01-27 13:43:15 3,170,304 ----a-w c:\windows\ERUNT\SDFIX\Users\[u]0[/u]0000001\NTUSER.DAT + 2009-01-27 13:43:16 167,936 ----a-w c:\windows\ERUNT\SDFIX\Users\[u]0[/u]0000002\UsrClass.dat + 2008-08-07 14:27:04 163,328 ----a-w c:\windows\ERUNT\SDFIX_First_Run\ERDNT.EXE + 2009-01-26 22:57:08 3,166,208 ----a-w c:\windows\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000001\NTUSER.DAT + 2009-01-26 22:57:08 167,936 ----a-w c:\windows\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000002\UsrClass.dat + 2009-01-27 13:50:10 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_668.dat . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "Steam"="c:\program files\steam\steam.exe" [2009-01-08 1410296] "ares"="c:\program files\Ares\Ares.exe" [2009-01-03 893952] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-11 7630848] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-11 86016] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-13 136600] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768] "WOOWATCH"="c:\progra~1\NEOSTR~1\Watch.exe" [2004-08-23 20480] "WOOTASKBARICON"="c:\progra~1\NEOSTR~1\GestMaj.exe" [2004-10-14 32768] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696] "AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2008-11-11 206088] "nwiz"="nwiz.exe" [2006-08-11 c:\windows\system32\nwiz.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_2"="shell32" [X] [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Ares\\Ares.exe"= "c:\\Program Files\\Gadu-Gadu\\gg.exe"= "c:\\Program Files\\Steam\\steamapps\\gizmokm\\counter-strike\\hl.exe"= R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 32784] R3 e4usbaw;USB ADSL2 WAN Adapter;c:\windows\system32\drivers\e4usbaw.sys [2009-01-08 116992] R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-04-30 24592] S3 SetupNTGLM7X;SetupNTGLM7X;\??\f:\ntglm7x.sys --> f:\NTGLM7X.sys [?] S4 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);c:\windows\system32\drivers\e4ldr.sys [2009-01-08 64000] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5bdd1475-dcbf-11dd-80eb-001617b32b01}] \Shell\Auto\command - Start.exe \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe . Zawartość folderu 'Zaplanowane zadania' 2009-01-24 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34] . . ------- Skan uzupełniający ------- . uStart Page = hxxp://www.neostrada.pl IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: { - c:\program files\Messenger\msmsgs.exe FF - ProfilePath - c:\documents and settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\94iwonbv.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.pl/ FF - component: c:\program files\DAEMON Tools Toolbar\FirefoxDTT\components\DTToolbarFF.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npganymedenet.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-27 15:00:24 Windows 5.1.2600 Dodatek Service Pack 3 NTFS skanowanie ukrytych procesów ... c:\windows\explorer.exe [2492] 0x822D3DA0 skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** . Czas ukończenia: 2009-01-27 15:02:03 ComboFix-quarantined-files.txt 2009-01-27 14:02:01 ComboFix2.txt 2009-01-26 21:24:19 Przed: 41 968 791 552 bajtów wolnych Po: 41,958,944,768 bajtów wolnych 234 --- E O F --- 2009-01-18 11:02:41

Dodano Dzisiaj, 17:11:

Kod: Zaznacz wszystko: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:57:16, on 2009-01-27 Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0013) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\System32\FTRTSVC.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\PROGRA~1\NEOSTR~1\TaskBarIcon.exe C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\Administrator\Pulpit\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\GestMaj.exe TaskBarIcon.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user') O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Statystyki ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 6247 bytes

Dodano Dzisiaj, 17:12:

Kod: Zaznacz wszystko: [b]SDFix: Version 1.240 [/b] Run by Administrator on 2009-01-27 at 14:45 Microsoft Windows XP [Wersja 5.1.2600] Running From: C:\SDFix [b]Checking Services [/b]: Restoring Default Security Values Restoring Default Hosts File Rebooting [b]Checking Files [/b]: No Trojan Files Found Removing Temp Files [b]ADS Check [/b]: [b]Final Check [/b]: catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-27 14:52:22 Windows 5.1.2600 Dodatek Service Pack 3 NTFS scanning hidden processes ... scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg] "s1"=dword:2df9c43f "s2"=dword:110480d0 "h0"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "h0"=dword:00000000 "khjeh"=hex:bf,62,51,62,51,ed,bf,0d,6d,09,4e,1b,ed,fd,9f,ed,41,f6,b6,82,b0,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "h0"=dword:00000000 "khjeh"=hex:bf,62,51,62,51,ed,bf,0d,6d,09,4e,1b,ed,fd,9f,ed,41,f6,b6,82,b0,.. scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 [b]Remaining Services [/b]: Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook" "C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove" "C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote" "C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour" "C:\\Program Files\\Ares\\Ares.exe"="C:\\Program Files\\Ares\\Ares.exe:*:Enabled:Ares p2p for windows" "C:\\Program Files\\Gadu-Gadu\\gg.exe"="C:\\Program Files\\Gadu-Gadu\\gg.exe:*:Enabled:Gadu-Gadu - program g˘wny" "C:\\Program Files\\Steam\\steamapps\\gizmokm\\counter-strike\\hl.exe"="C:\\Program Files\\Steam\\steamapps\\gizmokm\\counter-strike\\hl.exe:*:Enabled:Half-Life Launcher" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" [b]Remaining Files [/b]: [b]Files with Hidden Attributes [/b]: [b]Finished![/b]

**Posty:** 8001 · przez **Okocza** 27 Sty 2009, 19:01

wklej w notatnik

Kod: Zaznacz wszystko: Windows Registry Editor Version 5.00 [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5bdd1475-dcbf-11dd-80eb-001617b32b01}]

w notatniku u góry>>>plik zapisz jako>>>Zmien rozszerzenie z TXT na Wszystkie pliki *.* >>> Zapisz pod nazwą FIX.REG

Klikasz dwa razy na powstały plik fix i dodajesz go do rejestru....

Wykonaj to co jest podane w tym temacie

1. tym programem przejdź komputer)
2. wykonaj optymalizację windowsa
3.sciagnij ATF_Cleaner
zaznacz
Windows Temp
All users Temp
Temporary internet files
Recycle Bin
i wcisnij EMPTY SELECTED
4.Wyłącz przywracanie systemu ( właściwości mój komputer-zakładka przywracanie - wyłącz przywracanie na wszystkich dyskach). Po chwili włącz je powrotem
5. Przeskanuj komputer pod względem Trojanów tym programem
6. Wstaw na forum screen z zakładki uruchamianie (start – uruchom – msconfig – uruchamianie) może uda się cos wyrzucic stamtąd.