Brak możliwości wyświetlenia ukrytych folderów

**Posty:** 8079 · przez **kajtekjr** 18 Sty 2009, 03:28

Witam! Zainstalowałem sobie Windows XP i mam dwa małe problemy...

1. Nie mogę wyświetlić ukrytych folderów.. :1:

..Niby zaznaczam wyświetl ukryte, klikam zastosuj, ale foldery nadal ukryte.. :1:

..Gdy wejdę ponownie w Opcje folderów, to mimo tego wcześniejszego zaakceptowania pokazywania ukrytych folderów nadal zaznaczona jest opcja ze system ma je ukrywać.. :1:

..Jak to naprawić... ?

2. W moim komputerze gdy kliknę na dysk C:\ to otwiera się w nowym oknie :1:

..Nigdy tak nie było..

..Chciałbym aby C:\ jak i D:\ otwierały się w tym samym oknie co Mój komputer... Jak tego dokonać.. ?

Pozdrawiam i z góry dziękuje

**Posty:** 3874 · przez **Wojtasgls** 18 Sty 2009, 11:40

2. Otworz Moj komputer zakladka narzedzia opcje folderow i masz odrazu na srodku przegladanie folderow zaznacz aby sie w tym samym oknie otwieralo.

**Posty:** 18165 · przez **wojtas** 18 Sty 2009, 12:31

wirusy...

Wykonaj to co jest podane w tym temacie

Zastosuj SDFix . Po pobraniu uruchom go a rozpakuje się do C:\SDFix. Uruchom komputer w trybie awaryjnym (F8 przy stracie systemu). Będąc w awaryjnym uruchom plik RunThis.bat z folderu SDFixa. Zatwierdź czyszczenie przez Y. Poczekaj aż ukończy i komputer zresetuje

Potem wejdz do folderu C:\SDFix wrzuc zawartość pliku Report.txt + log z combofixa oraz daj loga z hijacka

**Posty:** 8079 · przez **kajtekjr** 18 Sty 2009, 17:44

Wojtasgls napisał(a):2. Otworz Moj komputer zakladka narzedzia opcje folderow i masz odrazu na srodku przegladanie folderow zaznacz aby sie w tym samym oknie otwieralo.

To nic nie dało..

wojtas, wszystko wykonanie

Logi poniżej..

Combo:

Kod: Zaznacz wszystko: ComboFix 09-01-17.04 - Admin 2009-01-18 16:40:28.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.2047.1678 [GMT 1:00] Uruchomiony z: c:\documents and settings\Admin\Pulpit\ComboFix.exe * Utworzono nowy punkt przywracania UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !! . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\autorun.inf c:\documents and settings\Admin\Dane aplikacji\inst.exe C:\j60osk9.cmd D:\Autorun.inf D:\j60osk9.cmd . ((((((((((((((((((((((((( Pliki utworzone od 2008-12-18 do 2009-01-18 ))))))))))))))))))))))))))))))) . 2009-01-18 16:34 . 2009-01-18 16:34 <DIR> d-------- c:\windows\ERUNT 2009-01-18 16:32 . 2009-01-18 16:38 <DIR> d-------- C:\SDFix 2009-01-18 13:47 . 2009-01-18 13:47 <DIR> d-------- c:\documents and settings\Admin\Dane aplikacji\BESTplayer 2009-01-18 13:39 . 2009-01-18 13:39 <DIR> d-------- c:\documents and settings\Admin\Dane aplikacji\Media Player Classic 2009-01-18 13:39 . 2009-01-18 13:40 49 --a------ c:\windows\NeroDigital.ini 2009-01-18 11:08 . 2009-01-18 11:08 <DIR> d-------- c:\program files\Trymedia 2009-01-18 11:08 . 2009-01-18 11:08 <DIR> d-------- c:\program files\PopCap Games 2009-01-18 11:08 . 2009-01-18 12:59 10 --a------ c:\windows\popcinfo.dat 2009-01-18 11:02 . 2009-01-18 11:02 <DIR> d-------- c:\windows\Sun 2009-01-18 10:42 . 2009-01-18 10:42 <DIR> d-------- c:\program files\WapSter 2009-01-18 10:42 . 2009-01-18 10:42 <DIR> d-------- c:\documents and settings\Admin\WapSter 2009-01-18 10:42 . 2008-04-14 00:15 26,368 --a--c--- c:\windows\system32\dllcache\usbstor.sys 2009-01-18 02:31 . 2009-01-18 02:35 <DIR> d-------- c:\program files\Microsoft ActiveSync 2009-01-18 02:07 . 2009-01-18 02:07 95,744 -r-hs---- c:\windows\system32\nmdfgds1.dll 2009-01-18 02:07 . 2008-04-14 21:51 70,144 --a------ c:\windows\AhnRpta.exe . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-18 15:38 95,744 --sh--r c:\windows\system32\nmdfgds0.dll 2009-01-18 15:02 --------- d-----w c:\program files\Mozilla Thunderbird 2009-01-18 01:07 110,834 --sh--r c:\windows\system32\olhrwef.exe 2009-01-18 00:56 --------- d-----w c:\program files\DAEMON Tools Pro 2009-01-18 00:54 685,816 ----a-w c:\windows\system32\drivers\sptd.sys 2009-01-18 00:50 --------- d-----w c:\program files\Common Files\Adobe 2009-01-18 00:49 --------- d-----w c:\program files\Common Files\Adobe Systems Shared 2009-01-18 00:49 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Adobe Systems 2009-01-18 00:46 --------- d--h--w c:\program files\InstallShield Installation Information 2009-01-18 00:46 --------- d-----w c:\program files\CyberLink 2009-01-18 00:46 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\CyberLink 2009-01-18 00:45 --------- d-----w c:\program files\Common Files\InstallShield 2009-01-18 00:43 --------- d-----w c:\program files\Common Files\Nero 2009-01-18 00:34 --------- d-----w c:\program files\Nero 2009-01-18 00:34 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Nero 2009-01-18 00:29 --------- d-----w c:\program files\Malicious Software Removal Tool 2009-01-18 00:28 --------- d-----w c:\program files\PowerMenu 2009-01-18 00:28 --------- d-----w c:\program files\Java 2009-01-18 00:28 --------- d-----w c:\program files\Common Files\Java 2009-01-18 00:27 --------- d-----w c:\program files\HighMAT CD Writing Wizard 2009-01-18 00:24 --------- d-----w c:\program files\AutoPatcher 2009-01-18 00:21 --------- d-----w c:\program files\UltraISO 2009-01-18 00:21 --------- d-----w c:\program files\Common Files\EZB Systems 2009-01-18 00:18 361,344 ----a-w c:\windows\system32\drivers\tcpip.sys 2009-01-18 00:18 --------- d-----w c:\program files\xp-AntiSpy 2009-01-18 00:17 --------- d-----w c:\program files\Winamp 2009-01-18 00:17 --------- d-----w c:\documents and settings\Admin\Dane aplikacji\Winamp 2009-01-18 00:16 --------- d-----w c:\program files\HyperSnap 6 2009-01-18 00:15 47,360 ----a-w c:\windows\system32\drivers\pcouffin.sys 2009-01-18 00:15 47,360 ----a-w c:\documents and settings\Admin\Dane aplikacji\pcouffin.sys 2009-01-18 00:15 --------- d-----w c:\program files\vso 2009-01-18 00:15 --------- d-----w c:\documents and settings\Admin\Dane aplikacji\Vso 2009-01-18 00:14 --------- d-----w c:\program files\Real Alternative 2009-01-18 00:14 --------- d-----w c:\program files\Media Player Classic 2009-01-18 00:14 --------- d-----w c:\program files\K-Lite Codec Pack 2009-01-18 00:13 --------- d-----w c:\program files\The Bat! 2009-01-18 00:13 --------- d-----w c:\program files\Opera 2009-01-18 00:12 --------- d-----w c:\documents and settings\Admin\Dane aplikacji\Thunderbird 2009-01-18 00:12 --------- d-----w c:\documents and settings\Admin\Dane aplikacji\Gadu-Gadu 2009-01-18 00:11 --------- d-----w c:\program files\Gadu-Gadu 2009-01-18 00:02 --------- d-----w c:\program files\Razer 2009-01-18 00:02 --------- d-----w c:\program files\DIFX 2009-01-18 00:02 --------- d-----w c:\documents and settings\Admin\Dane aplikacji\InstallShield 2009-01-17 23:57 --------- d-----w c:\program files\Hewlett-Packard 2009-01-17 23:54 82,380 ----a-w c:\windows\system32\drivers\AFS2K.SYS 2009-01-17 23:54 --------- d-----w c:\documents and settings\Admin\Dane aplikacji\Folder przesyłania Share-to-Web 2009-01-17 23:53 --------- d-----w c:\program files\Common Files\Hewlett-Packard 2009-01-17 23:49 --------- d-----w c:\program files\Creative 2009-01-17 23:48 409,600 ----a-w c:\windows\system32\wrap_oal.dll 2009-01-17 23:48 114,688 ----a-w c:\windows\system32\OpenAL32.dll 2009-01-17 23:45 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\nView_Profiles 2009-01-17 23:33 --------- d-----w c:\program files\Intel 2009-01-17 23:26 --------- d-----w c:\program files\microsoft frontpage 2009-01-17 23:25 --------- d-----w c:\program files\Usługi online 2008-12-02 09:13 453,152 ----a-w c:\windows\system32\NVUNINST.EXE . ------- Sigcheck ------- 2009-01-18 01:18 361344 b0870dc4ae8a0a40c45ec66bcde3e523 c:\windows\system32\dllcache\tcpip.sys 2009-01-18 01:18 361344 b0870dc4ae8a0a40c45ec66bcde3e523 c:\windows\system32\drivers\tcpip.sys . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "cdoosoft"="c:\windows\system32\olhrwef.exe" [2009-01-18 110834] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-08-03 202024] "H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864] "36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-11-19 1970176] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-29 8466432] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-29 81920] "Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632] "HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2002-12-17 49152] "HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb08.exe" [2003-03-11 172032] "DeviceDiscovery"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2002-12-02 40960] "DeathAdder"="c:\program files\Razer\DeathAdder\razerhid.exe" [2008-09-05 159744] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_02\bin\jusched.exe" [2007-06-14 132760] "NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768] "nwiz"="nwiz.exe" [2007-06-29 c:\windows\system32\nwiz.exe] "P17Helper"="P17.dll" [2005-05-03 c:\windows\system32\P17.dll] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\Admin\Menu Start\Programy\Autostart\ Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664] c:\documents and settings\All Users\Menu Start\Programy\Autostart\ Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{BB4C402F-882A-4526-8C08-51278EA437C1}"= "c:\windows\system32\afmain0.dll" [2008-04-14 78848] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "d:\\Tlen.pl\\tlen.exe"= "c:\\Program Files\\WapSter\\WapSter AQQ\\AQQ.exe"= "c:\\Program Files\\PopCap Games\\Zuma Deluxe\\Zuma.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service R3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys [2009-01-18 22784] S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C] \Shell\AutoRun\command - C:\j60osk9.cmd \Shell\open\Command - C:\j60osk9.cmd [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D] \Shell\AutoRun\command - D:\j60osk9.cmd \Shell\open\Command - D:\j60osk9.cmd [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7e1aa367-e4f3-11dd-bcb1-806d6172696f}] \Shell\AutoRun\command - E:\setup.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ee1233f0-e4ff-11dd-9197-002185124066}] \Shell\AutoRun\command - G:\m9ma.exe \Shell\explore\Command - G:\m9ma.exe \Shell\open\Command - G:\m9ma.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ee123402-e4ff-11dd-9197-002185124066}] \Shell\AutoRun\command - G:\j60osk9.cmd \Shell\open\Command - G:\j60osk9.cmd . . ------- Skan uzupełniający ------- . IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\wd4w6ln0.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.pl/ FF - plugin: c:\program files\Opera\program\plugins\nppl3260.dll FF - plugin: c:\program files\Opera\program\plugins\nprpjplug.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-18 16:41:01 Windows 5.1.2600 Dodatek Service Pack 3 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** . Czas ukończenia: 2009-01-18 16:41:33 ComboFix-quarantined-files.txt 2009-01-18 15:41:32 Przed: 24 478 121 984 bajtów wolnych Po: 24,474,886,144 bajtów wolnych 181

SDFix:

Kod: Zaznacz wszystko: [b]SDFix: Version 1.240 [/b] Run by Admin on 2009-01-18 at 16:35 Microsoft Windows XP [Wersja 5.1.2600] Running From: C:\SDFix [b]Checking Services [/b]: Restoring Default Security Values Restoring Default Hosts File Rebooting [b]Checking Files [/b]: Trojan Files Found: C:\autorun.inf - Deleted Removing Temp Files [b]ADS Check [/b]: [b]Final Check [/b]: catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-18 16:37:53 Windows 5.1.2600 Dodatek Service Pack 3 NTFS scanning hidden processes ... scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg] "s1"=dword:2df9c43f "s2"=dword:110480d0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC] "p0"="C:\Program Files\DAEMON Tools Pro\" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC] "p0"="C:\Program Files\DAEMON Tools Pro\" scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 [b]Remaining Services [/b]: Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager" "C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager" "C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application" "D:\\Tlen.pl\\tlen.exe"="D:\\Tlen.pl\\tlen.exe:*:Enabled:Komunikator Tlen.pl" "C:\\Program Files\\WapSter\\WapSter AQQ\\AQQ.exe"="C:\\Program Files\\WapSter\\WapSter AQQ\\AQQ.exe:*:Enabled:AQQ" "C:\\Program Files\\PopCap Games\\Zuma Deluxe\\Zuma.exe"="C:\\Program Files\\PopCap Games\\Zuma Deluxe\\Zuma.exe:*:Enabled:Zuma" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager" "C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager" "C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application" [b]Remaining Files [/b]: File Backups: - C:\SDFix\backups\backups.zip [b]Files with Hidden Attributes [/b]: Sun 18 Jan 2009 95,744 ..SHR --- "C:\WINDOWS\system32\nmdfgds0.dll" Sun 18 Jan 2009 95,744 ..SHR --- "C:\WINDOWS\system32\nmdfgds1.dll" Sun 18 Jan 2009 110,834 ..SHR --- "C:\WINDOWS\system32\olhrwef.exe" [b]Finished![/b]

HJ:

Kod: Zaznacz wszystko: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:43:37, on 2009-01-18 Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\AhnRpta.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\Razer\DeathAdder\razerhid.exe C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe C:\Program Files\Microsoft ActiveSync\Wcescomm.exe C:\Program Files\Razer\DeathAdder\razertra.exe C:\Program Files\Razer\DeathAdder\razerofa.exe C:\PROGRA~1\MICROS~3\rapimgr.exe C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\explorer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Admin\Pulpit\HiJackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe O4 - HKLM\..\Run: [DeathAdder] C:\Program Files\Razer\DeathAdder\razerhid.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [cdoosoft] C:\WINDOWS\system32\olhrwef.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra 'Tools' menuitem: Utwórz Ulubione dla urządzenia przenośnego... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\Admin\USTAWI~1\Temp\hpdj.exe (file missing) O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 5606 bytes

**Posty:** 18165 · przez **wojtas** 18 Sty 2009, 21:01

Wylecz pendriva lub kartę pamięci
Perlovga Removal Tool
Flash Disinfector
lub format

skasuj;

O4 - HKCU\..\Run: [cdoosoft] C:\WINDOWS\system32\olhrwef.exe
O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\Admin\USTAWI~1\Temp\hpdj.exe (file missing)

Otworz notatnik i wklej w nim to:

File::
c:\windows\system32\nmdfgds1.dll
c:\windows\AhnRpta.exe
c:\windows\system32\nmdfgds0.dll
c:\windows\system32\olhrwef.exe

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ee1233f0-e4ff-11dd-9197-002185124066}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ee123402-e4ff-11dd-9197-002185124066}]

>>Plik>>Zapisz jako... >>> CFScript
Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe
-->

Ma się rozpocząć usuwanie. (i powstanie log).Daj ten log, który powstanie w trakcie usuwania.

**Posty:** 1 · przez **adam9620** 26 Sty 2009, 00:12

Witam,
Mam ten sam problem. Niestety wirusy zostały usunięte razem z plikami systemowymi. Żeby wejść na dyski trzeba korzystać z "eksploruj" itd. Chciałem zastosować powyższe instrukcje, lecz jest inny problem. SDfix wymaga trybu awaryjnego, a ten niestety się nie ładuje... Chwile po wybraniu trybu awaryjnego, komputer się restartuje... Macie jakieś rady dla kolejnego desperata?

**Posty:** 3874 · przez **Wojtasgls** 26 Sty 2009, 01:38

daj logi z HJ i Combofixa na poczatek

**Posty:** 8079 · przez **kajtekjr** 31 Sty 2009, 10:55

Kod: Zaznacz wszystko: ComboFix 09-01-21.04 - Admin 2009-01-31 9:51:18.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1250.1.1045.18.2047.1612 [GMT 1:00] Uruchomiony z: c:\documents and settings\Admin\Pulpit\ComboFix.exe Użyto następujących komend :: c:\documents and settings\Admin\Pulpit\CFScript.txt * Utworzono nowy punkt przywracania UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !! . - TRYB ZREDUKOWANEJ FUNKCJONALNOŚCI - FILE :: c:\windows\AhnRpta.exe c:\windows\system32\nmdfgds0.dll c:\windows\system32\nmdfgds1.dll c:\windows\system32\olhrwef.exe . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\AhnRpta.exe c:\windows\system32\nmdfgds0.dll c:\windows\system32\nmdfgds1.dll c:\windows\system32\olhrwef.exe . ((((((((((((((((((((((((( Pliki utworzone od 2008-12-28 do 2009-01-31 ))))))))))))))))))))))))))))))) . 2009-01-30 15:33 . 2009-01-30 15:33 <DIR> d-------- c:\program files\directx 2009-01-28 17:20 . 2009-01-28 17:20 <DIR> d-------- c:\program files\7-Zip 2009-01-28 14:38 . 2009-01-28 14:38 <DIR> d---s---- c:\documents and settings\Admin\UserData 2009-01-27 20:58 . 2009-01-27 20:58 <DIR> d-------- c:\documents and settings\Admin\Dane aplikacji\EurekaLog 2009-01-26 21:02 . 2009-01-26 21:02 108,512 -r-hs---- C:\uvsqfgwd.cmd 2009-01-25 15:19 . 2009-01-27 16:04 <DIR> d-------- c:\documents and settings\Admin\Dane aplikacji\skypePM 2009-01-25 15:19 . 2009-01-25 15:19 56 --ah----- c:\windows\system32\ezsidmv.dat 2009-01-25 15:18 . 2009-01-30 07:10 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Skype 2009-01-25 14:11 . 2009-01-25 14:11 <DIR> d-------- c:\windows\SxsCaPendDel 2009-01-25 00:28 . 2009-01-25 00:28 <DIR> d-------- c:\program files\MDM 2009-01-24 08:39 . 2009-01-24 08:42 <DIR> d-------- c:\program files\YouTube Video Downloader 2009-01-23 15:50 . 2009-01-29 19:48 <DIR> d-------- c:\documents and settings\Admin\Dane aplikacji\uTorrent 2009-01-23 12:53 . 2009-01-23 12:53 <DIR> d-------- c:\documents and settings\Admin\Dane aplikacji\CyberLink 2009-01-22 23:12 . 2009-01-22 23:12 <DIR> d-------- c:\program files\ParaGraph 2009-01-22 21:49 . 2009-01-22 21:49 <DIR> d-------- c:\program files\Common Files\Real 2009-01-22 19:13 . 2009-01-22 19:13 95,744 -r-hs---- c:\windows\system32\nmdfgds3.dll 2009-01-22 19:12 . 2009-01-22 19:12 95,744 --------- c:\windows\system32\nmdfgds2.dll 2009-01-22 17:50 . 2009-01-22 17:50 <DIR> d-------- c:\documents and settings\Admin\Dane aplikacji\Nero 2009-01-22 13:23 . 2009-01-22 13:23 <DIR> d-------- c:\program files\Lonely Cat Games 2009-01-21 17:49 . 2009-01-22 19:13 107,882 -r-hs---- C:\w98.com 2009-01-20 19:25 . 2009-01-20 19:25 <DIR> d-------- c:\program files\Ares 2009-01-20 07:26 . 2009-01-20 07:26 107,561 -r-hs---- C:\gy.exe 2009-01-19 20:47 . 2009-01-19 20:47 <DIR> d-------- c:\program files\Teamspeak2_RC2 2009-01-19 20:47 . 2009-01-19 20:47 <DIR> d-------- c:\documents and settings\Admin\Dane aplikacji\teamspeak2 2009-01-19 20:47 . 2009-01-19 20:47 34,064 --a------ c:\windows\system32\lhacm.acm 2009-01-19 13:53 . 2009-01-19 13:52 106,526 -r-hs---- C:\gfqgq.cmd 2009-01-18 21:26 . 2009-01-18 21:26 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\KONAMI 2009-01-18 19:34 . 2009-01-19 06:35 108,753 -r-hs---- C:\j60osk9.cmd 2009-01-18 16:45 . 2009-01-18 16:45 <DIR> d-------- c:\documents and settings\Admin\Dane aplikacji\DAEMON Tools Pro 2009-01-18 16:44 . 2009-01-18 16:44 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\DAEMON Tools Pro 2009-01-18 16:34 . 2009-01-18 16:34 <DIR> d-------- c:\windows\ERUNT 2009-01-18 13:47 . 2009-01-18 13:47 <DIR> d-------- c:\documents and settings\Admin\Dane aplikacji\BESTplayer 2009-01-18 13:39 . 2009-01-18 13:39 <DIR> d-------- c:\documents and settings\Admin\Dane aplikacji\Media Player Classic 2009-01-18 13:39 . 2009-01-24 16:06 49 --a------ c:\windows\NeroDigital.ini 2009-01-18 11:08 . 2009-01-18 11:08 <DIR> d-------- c:\program files\Trymedia 2009-01-18 11:08 . 2009-01-18 11:08 <DIR> d-------- c:\program files\PopCap Games 2009-01-18 11:08 . 2009-01-30 19:22 10 --a------ c:\windows\popcinfo.dat 2009-01-18 11:02 . 2009-01-18 11:02 <DIR> d-------- c:\windows\Sun 2009-01-18 10:42 . 2009-01-18 10:42 <DIR> d-------- c:\program files\WapSter 2009-01-18 10:42 . 2009-01-18 10:42 <DIR> d-------- c:\documents and settings\Admin\WapSter 2009-01-18 10:42 . 2008-04-14 00:15 26,368 --a--c--- c:\windows\system32\dllcache\usbstor.sys 2009-01-18 02:31 . 2009-01-28 21:29 <DIR> d-------- c:\program files\Microsoft ActiveSync . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-31 08:43 --------- d-----w c:\program files\Mozilla Thunderbird 2009-01-30 14:34 --------- d--h--w c:\program files\InstallShield Installation Information 2009-01-30 14:09 --------- d-----w c:\program files\Opera 2009-01-27 19:56 --------- d-----w c:\program files\Gadu-Gadu 2009-01-25 13:11 --------- d-----w c:\program files\Common Files\Adobe 2009-01-20 16:13 --------- d-----w c:\documents and settings\Admin\Dane aplikacji\Winamp 2009-01-18 15:45 --------- d-----w c:\program files\DAEMON Tools Pro 2009-01-18 00:54 685,816 ----a-w c:\windows\system32\drivers\sptd.sys 2009-01-18 00:49 --------- d-----w c:\program files\Common Files\Adobe Systems Shared 2009-01-18 00:49 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Adobe Systems 2009-01-18 00:46 --------- d-----w c:\program files\CyberLink 2009-01-18 00:46 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\CyberLink 2009-01-18 00:45 --------- d-----w c:\program files\Common Files\InstallShield 2009-01-18 00:43 --------- d-----w c:\program files\Common Files\Nero 2009-01-18 00:34 --------- d-----w c:\program files\Nero 2009-01-18 00:34 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Nero 2009-01-18 00:29 --------- d-----w c:\program files\Malicious Software Removal Tool 2009-01-18 00:28 --------- d-----w c:\program files\PowerMenu 2009-01-18 00:28 --------- d-----w c:\program files\Java 2009-01-18 00:28 --------- d-----w c:\program files\Common Files\Java 2009-01-18 00:27 --------- d-----w c:\program files\HighMAT CD Writing Wizard 2009-01-18 00:24 --------- d-----w c:\program files\AutoPatcher 2009-01-18 00:21 --------- d-----w c:\program files\UltraISO 2009-01-18 00:21 --------- d-----w c:\program files\Common Files\EZB Systems 2009-01-18 00:18 361,344 ----a-w c:\windows\system32\drivers\tcpip.sys 2009-01-18 00:18 --------- d-----w c:\program files\xp-AntiSpy 2009-01-18 00:17 --------- d-----w c:\program files\Winamp 2009-01-18 00:16 --------- d-----w c:\program files\HyperSnap 6 2009-01-18 00:15 47,360 ----a-w c:\windows\system32\drivers\pcouffin.sys 2009-01-18 00:15 47,360 ----a-w c:\documents and settings\Admin\Dane aplikacji\pcouffin.sys 2009-01-18 00:15 --------- d-----w c:\program files\vso 2009-01-18 00:15 --------- d-----w c:\documents and settings\Admin\Dane aplikacji\Vso 2009-01-18 00:14 --------- d-----w c:\program files\Real Alternative 2009-01-18 00:14 --------- d-----w c:\program files\Media Player Classic 2009-01-18 00:14 --------- d-----w c:\program files\K-Lite Codec Pack 2009-01-18 00:13 --------- d-----w c:\program files\The Bat! 2009-01-18 00:12 --------- d-----w c:\documents and settings\Admin\Dane aplikacji\Thunderbird 2009-01-18 00:12 --------- d-----w c:\documents and settings\Admin\Dane aplikacji\Gadu-Gadu 2009-01-18 00:02 --------- d-----w c:\program files\Razer 2009-01-18 00:02 --------- d-----w c:\program files\DIFX 2009-01-18 00:02 --------- d-----w c:\documents and settings\Admin\Dane aplikacji\InstallShield 2009-01-17 23:57 --------- d-----w c:\program files\Hewlett-Packard 2009-01-17 23:54 82,380 ----a-w c:\windows\system32\drivers\AFS2K.SYS 2009-01-17 23:54 --------- d-----w c:\documents and settings\Admin\Dane aplikacji\Folder przesyłania Share-to-Web 2009-01-17 23:53 --------- d-----w c:\program files\Common Files\Hewlett-Packard 2009-01-17 23:49 --------- d-----w c:\program files\Creative 2009-01-17 23:48 409,600 ----a-w c:\windows\system32\wrap_oal.dll 2009-01-17 23:48 114,688 ----a-w c:\windows\system32\OpenAL32.dll 2009-01-17 23:45 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\nView_Profiles 2009-01-17 23:33 --------- d-----w c:\program files\Intel 2009-01-17 23:26 --------- d-----w c:\program files\microsoft frontpage 2009-01-17 23:25 --------- d-----w c:\program files\Usługi online 2008-12-02 09:13 453,152 ----a-w c:\windows\system32\NVUNINST.EXE 2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll 2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll 2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll 2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll 2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll 2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe 2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll 2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll . ------- Sigcheck ------- 2009-01-18 01:18 361344 b0870dc4ae8a0a40c45ec66bcde3e523 c:\windows\system32\dllcache\tcpip.sys 2009-01-18 01:18 361344 b0870dc4ae8a0a40c45ec66bcde3e523 c:\windows\system32\drivers\tcpip.sys . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-08-03 202024] "H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000] "DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 136136] "ares"="c:\program files\Ares\Ares.exe" [2008-12-13 882176] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864] "36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-11-19 1970176] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-29 8466432] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-29 81920] "Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632] "HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2002-12-17 49152] "HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb08.exe" [2003-03-11 172032] "DeviceDiscovery"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2002-12-02 40960] "DeathAdder"="c:\program files\Razer\DeathAdder\razerhid.exe" [2008-09-05 159744] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_02\bin\jusched.exe" [2007-06-14 132760] "NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "nwiz"="nwiz.exe" [2007-06-29 c:\windows\system32\nwiz.exe] "P17Helper"="P17.dll" [2005-05-03 c:\windows\system32\P17.dll] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\Admin\Menu Start\Programy\Autostart\ Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664] c:\documents and settings\All Users\Menu Start\Programy\Autostart\ Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{BB4C402F-882A-4526-8C08-51278EA437C1}"= "c:\windows\system32\afmain1.dll" [2008-04-14 78848] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "d:\\Tlen.pl\\tlen.exe"= "c:\\Program Files\\WapSter\\WapSter AQQ\\AQQ.exe"= "c:\\Program Files\\PopCap Games\\Zuma Deluxe\\Zuma.exe"= "d:\\KONAMI\\Pro Evolution Soccer 2009\\pes2009.exe"= "d:\\Steam\\steamapps\\kristian658\\counter-strike\\hl.exe"= "c:\\Program Files\\Ares\\Ares.exe"= "d:\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Gadu-Gadu\\gg.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service R3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys [2009-01-18 22784] S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7e1aa367-e4f3-11dd-bcb1-806d6172696f}] \Shell\AutoRun\command - E:\setup.exe . . ------- Skan uzupełniający ------- . IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\wd4w6ln0.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.pl/ FF - plugin: c:\program files\Opera\program\plugins\nppl3260.dll FF - plugin: c:\program files\Opera\program\plugins\nprpjplug.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-31 09:51:23 Windows 5.1.2600 Dodatek Service Pack 3 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** . Czas ukończenia: 2009-01-31 9:51:58 ComboFix-quarantined-files.txt 2009-01-31 08:51:57 ComboFix2.txt 2009-01-30 20:31:43 Przed: 23 753 416 704 bajtów wolnych Po: 23,742,304,256 bajtów wolnych 215

Kod: Zaznacz wszystko: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 09:54:00, on 2009-01-31 Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\Razer\DeathAdder\razerhid.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe C:\Program Files\Microsoft ActiveSync\Wcescomm.exe C:\Program Files\DAEMON Tools Pro\DTProAgent.exe C:\PROGRA~1\MICROS~3\rapimgr.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe C:\Program Files\Razer\DeathAdder\razertra.exe C:\Program Files\Razer\DeathAdder\razerofa.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\explorer.exe C:\WINDOWS\AhnRpta.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Admin\Pulpit\HiJackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe O4 - HKLM\..\Run: [DeathAdder] C:\Program Files\Razer\DeathAdder\razerhid.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra 'Tools' menuitem: Utwórz Ulubione dla urządzenia przenośnego... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 5684 bytes

Logi o które prosiłeś - sorrki że tak długo ale nic czasu w tygodniu nie mam

**Posty:** 18165 · przez **wojtas** 03 Lut 2009, 20:54

Otworz notatnik i wklej w nim to:

File::
C:\uvsqfgwd.cmd
C:\gy.exe
C:\w98.com
C:\gfqgq.cmd
C:\j60osk9.cmd
d:\uvsqfgwd.cmd
d:\gy.exe
d:\w98.com
d:\gfqgq.cmd
d:\j60osk9.cmd
c:\windows\system32\nmdfgds3.dll
c:\windows\system32\nmdfgds2.dll

>>Plik>>Zapisz jako... >>> CFScript
Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe
-->

Ma się rozpocząć usuwanie. (i powstanie log).Daj ten log, który powstanie w trakcie usuwania.

**Posty:** 230 · przez **matikk** 03 Lut 2009, 23:38

miałem to samo, combofix wszystko naprawi

wszystkim kolegą to robiłem bo mieli identyko problem w przeciągu kilku dni

**Posty:** 8079 · przez **kajtekjr** 07 Lut 2009, 14:16

Wykonałem wszystko co wcześniej pisałeś..

A oto log:

Kod: Zaznacz wszystko: ComboFix 09-02-06.02 - Admin 2009-02-07 13:11:35.4 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1250.1.1045.18.2047.1551 [GMT 1:00] Uruchomiony z: c:\documents and settings\Admin\Pulpit\ComboFix.exe Użyto następujących komend :: c:\documents and settings\Admin\Pulpit\CFScript.txt * Utworzono nowy punkt przywracania UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !! FILE :: C:\gfqgq.cmd C:\gy.exe C:\j60osk9.cmd C:\uvsqfgwd.cmd C:\w98.com c:\windows\system32\nmdfgds2.dll c:\windows\system32\nmdfgds3.dll d:\gfqgq.cmd d:\gy.exe d:\j60osk9.cmd d:\uvsqfgwd.cmd d:\w98.com . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Admin\Dane aplikacji\EurekaLog C:\gfqgq.cmd C:\gy.exe C:\j60osk9.cmd C:\m0vnonh.bat C:\pook.com C:\uvsqfgwd.cmd C:\w98.com c:\windows\system32\nmdfgds0.dll c:\windows\system32\nmdfgds1.dll c:\windows\system32\nmdfgds2.dll c:\windows\system32\nmdfgds3.dll c:\windows\system32\olhrwef.exe d:\gfqgq.cmd d:\gy.exe d:\j60osk9.cmd D:\m0vnonh.bat D:\pook.com d:\uvsqfgwd.cmd d:\w98.com . ((((((((((((((((((((((((( Pliki utworzone od 2009-01-07 do 2009-02-07 ))))))))))))))))))))))))))))))) . 2009-02-06 16:42 . 2008-04-14 00:26 30,592 --a------ c:\windows\system32\drivers\rndismpx.sys 2009-02-06 16:42 . 2008-04-14 00:26 30,592 --a--c--- c:\windows\system32\dllcache\rndismpx.sys 2009-02-06 16:42 . 2008-04-14 00:26 12,800 --a------ c:\windows\system32\drivers\usb8023x.sys 2009-02-06 16:42 . 2008-04-14 00:26 12,800 --a--c--- c:\windows\system32\dllcache\usb8023x.sys 2009-02-05 20:05 . 2009-02-05 20:05 <DIR> d-------- c:\documents and settings\Admin\Dane aplikacji\gtk-2.0 2009-02-05 20:04 . 2009-02-05 20:04 <DIR> d-------- c:\documents and settings\Admin\Dane aplikacji\Inkscape 2009-02-03 19:28 . 2009-02-03 19:28 <DIR> d-------- c:\windows\Logs 2009-02-03 17:27 . 2009-02-03 17:27 <DIR> d-------- C:\OpenSSL 2009-02-03 17:27 . 2009-02-03 17:27 155,648 --a------ c:\windows\system32\libssl32.dll 2009-02-03 14:58 . 2009-02-06 18:39 162,816 --a------ c:\windows\system32\fmod.dll 2009-02-02 22:39 . 2009-02-02 22:39 <DIR> d-------- C:\games 2009-02-02 20:24 . 2009-02-02 20:24 <DIR> d---s---- c:\documents and settings\Admin\UserData 2009-02-01 00:01 . 2009-02-01 00:01 <DIR> d-------- C:\a 2009-01-31 16:35 . 2009-02-01 20:55 109,930 -r-hs---- C:\a2h2.com 2009-01-31 09:52 . 2008-04-14 21:51 70,144 --a------ c:\windows\AhnRpta.exe 2009-01-30 15:33 . 2009-01-30 15:33 <DIR> d-------- c:\program files\directx 2009-01-28 17:20 . 2009-01-28 17:20 <DIR> d-------- c:\program files\7-Zip 2009-01-25 15:19 . 2009-01-27 16:04 <DIR> d-------- c:\documents and settings\Admin\Dane aplikacji\skypePM 2009-01-25 15:19 . 2009-01-25 15:19 56 --ah----- c:\windows\system32\ezsidmv.dat 2009-01-25 15:18 . 2009-01-30 07:10 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Skype 2009-01-25 14:11 . 2009-01-25 14:11 <DIR> d-------- c:\windows\SxsCaPendDel 2009-01-25 00:28 . 2009-01-25 00:28 <DIR> d-------- c:\program files\MDM 2009-01-24 08:39 . 2009-01-24 08:42 <DIR> d-------- c:\program files\YouTube Video Downloader 2009-01-23 15:50 . 2009-02-06 16:26 <DIR> d-------- c:\documents and settings\Admin\Dane aplikacji\uTorrent 2009-01-23 12:53 . 2009-01-23 12:53 <DIR> d-------- c:\documents and settings\Admin\Dane aplikacji\CyberLink 2009-01-22 23:12 . 2009-01-22 23:12 <DIR> d-------- c:\program files\ParaGraph 2009-01-22 21:49 . 2009-01-22 21:49 <DIR> d-------- c:\program files\Common Files\Real 2009-01-22 17:50 . 2009-01-22 17:50 <DIR> d-------- c:\documents and settings\Admin\Dane aplikacji\Nero 2009-01-22 13:23 . 2009-01-22 13:23 <DIR> d-------- c:\program files\Lonely Cat Games 2009-01-20 19:25 . 2009-01-20 19:25 <DIR> d-------- c:\program files\Ares 2009-01-19 20:47 . 2009-01-19 20:47 <DIR> d-------- c:\program files\Teamspeak2_RC2 2009-01-19 20:47 . 2009-01-19 20:47 <DIR> d-------- c:\documents and settings\Admin\Dane aplikacji\teamspeak2 2009-01-19 20:47 . 2009-01-19 20:47 34,064 --a------ c:\windows\system32\lhacm.acm 2009-01-18 21:26 . 2009-01-18 21:26 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\KONAMI 2009-01-18 16:45 . 2009-01-18 16:45 <DIR> d-------- c:\documents and settings\Admin\Dane aplikacji\DAEMON Tools Pro 2009-01-18 16:44 . 2009-01-18 16:44 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\DAEMON Tools Pro 2009-01-18 16:34 . 2009-01-18 16:34 <DIR> d-------- c:\windows\ERUNT 2009-01-18 13:47 . 2009-01-18 13:47 <DIR> d-------- c:\documents and settings\Admin\Dane aplikacji\BESTplayer 2009-01-18 13:39 . 2009-01-18 13:39 <DIR> d-------- c:\documents and settings\Admin\Dane aplikacji\Media Player Classic 2009-01-18 13:39 . 2009-01-24 16:06 49 --a------ c:\windows\NeroDigital.ini 2009-01-18 11:08 . 2009-01-18 11:08 <DIR> d-------- c:\program files\Trymedia 2009-01-18 11:08 . 2009-01-18 11:08 <DIR> d-------- c:\program files\PopCap Games 2009-01-18 11:08 . 2009-01-30 19:22 10 --a------ c:\windows\popcinfo.dat 2009-01-18 11:02 . 2009-01-18 11:02 <DIR> d-------- c:\windows\Sun 2009-01-18 10:42 . 2009-01-18 10:42 <DIR> d-------- c:\program files\WapSter 2009-01-18 10:42 . 2009-01-18 10:42 <DIR> d-------- c:\documents and settings\Admin\WapSter 2009-01-18 10:42 . 2008-04-14 00:15 26,368 --a--c--- c:\windows\system32\dllcache\usbstor.sys 2009-01-18 02:31 . 2009-01-28 21:29 <DIR> d-------- c:\program files\Microsoft ActiveSync . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-07 12:09 --------- d-----w c:\program files\Mozilla Thunderbird 2009-01-30 14:34 --------- d--h--w c:\program files\InstallShield Installation Information 2009-01-30 14:09 --------- d-----w c:\program files\Opera 2009-01-27 19:56 --------- d-----w c:\program files\Gadu-Gadu 2009-01-25 13:11 --------- d-----w c:\program files\Common Files\Adobe 2009-01-20 16:13 --------- d-----w c:\documents and settings\Admin\Dane aplikacji\Winamp 2009-01-18 15:45 --------- d-----w c:\program files\DAEMON Tools Pro 2009-01-18 00:54 685,816 ----a-w c:\windows\system32\drivers\sptd.sys 2009-01-18 00:49 --------- d-----w c:\program files\Common Files\Adobe Systems Shared 2009-01-18 00:49 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Adobe Systems 2009-01-18 00:46 --------- d-----w c:\program files\CyberLink 2009-01-18 00:46 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\CyberLink 2009-01-18 00:45 --------- d-----w c:\program files\Common Files\InstallShield 2009-01-18 00:43 --------- d-----w c:\program files\Common Files\Nero 2009-01-18 00:34 --------- d-----w c:\program files\Nero 2009-01-18 00:34 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Nero 2009-01-18 00:29 --------- d-----w c:\program files\Malicious Software Removal Tool 2009-01-18 00:28 --------- d-----w c:\program files\PowerMenu 2009-01-18 00:28 --------- d-----w c:\program files\Java 2009-01-18 00:28 --------- d-----w c:\program files\Common Files\Java 2009-01-18 00:27 --------- d-----w c:\program files\HighMAT CD Writing Wizard 2009-01-18 00:24 --------- d-----w c:\program files\AutoPatcher 2009-01-18 00:21 --------- d-----w c:\program files\UltraISO 2009-01-18 00:21 --------- d-----w c:\program files\Common Files\EZB Systems 2009-01-18 00:18 361,344 ----a-w c:\windows\system32\drivers\tcpip.sys 2009-01-18 00:18 --------- d-----w c:\program files\xp-AntiSpy 2009-01-18 00:17 --------- d-----w c:\program files\Winamp 2009-01-18 00:16 --------- d-----w c:\program files\HyperSnap 6 2009-01-18 00:15 47,360 ----a-w c:\windows\system32\drivers\pcouffin.sys 2009-01-18 00:15 47,360 ----a-w c:\documents and settings\Admin\Dane aplikacji\pcouffin.sys 2009-01-18 00:15 --------- d-----w c:\program files\vso 2009-01-18 00:15 --------- d-----w c:\documents and settings\Admin\Dane aplikacji\Vso 2009-01-18 00:14 --------- d-----w c:\program files\Real Alternative 2009-01-18 00:14 --------- d-----w c:\program files\Media Player Classic 2009-01-18 00:14 --------- d-----w c:\program files\K-Lite Codec Pack 2009-01-18 00:13 --------- d-----w c:\program files\The Bat! 2009-01-18 00:12 --------- d-----w c:\documents and settings\Admin\Dane aplikacji\Thunderbird 2009-01-18 00:12 --------- d-----w c:\documents and settings\Admin\Dane aplikacji\Gadu-Gadu 2009-01-18 00:02 --------- d-----w c:\program files\Razer 2009-01-18 00:02 --------- d-----w c:\program files\DIFX 2009-01-18 00:02 --------- d-----w c:\documents and settings\Admin\Dane aplikacji\InstallShield 2009-01-17 23:57 --------- d-----w c:\program files\Hewlett-Packard 2009-01-17 23:54 82,380 ----a-w c:\windows\system32\drivers\AFS2K.SYS 2009-01-17 23:54 --------- d-----w c:\documents and settings\Admin\Dane aplikacji\Folder przesyłania Share-to-Web 2009-01-17 23:53 --------- d-----w c:\program files\Common Files\Hewlett-Packard 2009-01-17 23:49 --------- d-----w c:\program files\Creative 2009-01-17 23:45 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\nView_Profiles 2009-01-17 23:33 --------- d-----w c:\program files\Intel 2009-01-17 23:26 --------- d-----w c:\program files\microsoft frontpage 2009-01-17 23:25 --------- d-----w c:\program files\Usługi online . ------- Sigcheck ------- 2009-01-18 01:18 361344 b0870dc4ae8a0a40c45ec66bcde3e523 c:\windows\system32\dllcache\tcpip.sys 2009-01-18 01:18 361344 b0870dc4ae8a0a40c45ec66bcde3e523 c:\windows\system32\drivers\tcpip.sys . ((((((((((((((((((((((((((((( snapshot@2009-01-30_21.31.22,04 ))))))))))))))))))))))))))))))))))))))))) . + 2009-02-06 16:07:25 53,248 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll + 2009-02-06 16:07:25 12,800 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll + 2009-02-06 16:07:25 473,600 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll + 2009-02-06 16:07:23 2,676,224 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll + 2009-02-06 16:07:23 2,846,720 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll + 2009-02-06 16:07:24 563,712 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll + 2009-02-06 16:07:24 567,296 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll + 2009-02-06 16:07:24 576,000 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll + 2009-02-06 16:07:24 577,024 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll + 2009-02-06 16:07:24 577,536 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll + 2009-02-06 16:07:24 577,536 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll + 2009-02-06 16:07:25 578,560 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll + 2009-02-06 16:07:25 578,560 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll + 2009-02-06 16:07:25 145,920 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll + 2009-02-06 16:07:26 159,232 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll + 2009-02-06 16:07:26 364,544 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll + 2009-02-06 16:07:26 178,176 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll + 2009-02-06 16:07:25 223,232 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll + 2005-03-18 15:23:10 53,248 ----a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.AudioVideoPlayback.dll + 2005-03-18 15:23:10 12,800 ----a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Diagnostics.dll + 2005-03-18 15:23:14 473,600 ----a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Direct3D.dll + 2004-09-29 11:38:58 2,676,224 ----a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Direct3DX.dll + 2005-03-18 15:23:10 145,920 ----a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectDraw.dll + 2005-03-18 15:23:10 159,232 ----a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectInput.dll + 2005-03-18 15:23:14 364,544 ----a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectPlay.dll + 2005-03-18 15:23:12 178,176 ----a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectSound.dll + 2005-03-18 15:23:14 223,232 ----a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.dll + 2004-12-01 14:53:06 2,846,720 ----a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2903.0\Microsoft.DirectX.Direct3DX.dll + 2005-02-05 18:32:54 563,712 ----a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2904.0\Microsoft.DirectX.Direct3DX.dll + 2005-03-18 16:23:14 567,296 ----a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2905.0\Microsoft.DirectX.Direct3DX.dll + 2005-05-26 14:15:56 576,000 ----a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2906.0\Microsoft.DirectX.Direct3DX.dll + 2005-07-22 16:21:34 577,024 ----a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2907.0\Microsoft.DirectX.Direct3DX.dll + 2005-09-28 13:11:52 577,536 ----a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2908.0\Microsoft.DirectX.Direct3DX.dll + 2005-12-05 16:20:50 577,536 ----a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2909.0\Microsoft.DirectX.Direct3DX.dll + 2006-02-03 06:40:48 578,560 ----a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2910.0\Microsoft.DirectX.Direct3DX.dll + 2006-03-31 10:27:50 578,560 ----a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2911.0\Microsoft.DirectX.Direct3DX.dll + 2007-03-12 15:42:30 1,123,696 ----a-w c:\windows\system32\D3DCompiler_33.dll + 2007-05-16 15:45:16 1,124,720 ----a-w c:\windows\system32\D3DCompiler_34.dll + 2007-07-19 17:14:42 1,358,192 ----a-w c:\windows\system32\D3DCompiler_35.dll + 2007-10-12 14:14:00 1,374,232 ----a-w c:\windows\system32\D3DCompiler_36.dll + 2008-03-05 14:56:58 1,420,824 ----a-w c:\windows\system32\D3DCompiler_37.dll + 2008-05-30 13:11:46 1,491,992 ----a-w c:\windows\system32\D3DCompiler_38.dll + 2008-07-10 10:00:58 1,493,528 ----a-w c:\windows\system32\D3DCompiler_39.dll + 2008-10-10 03:52:38 2,036,576 ----a-w c:\windows\system32\D3DCompiler_40.dll + 2007-03-15 15:57:58 443,752 ----a-w c:\windows\system32\d3dx10_33.dll + 2007-05-16 15:45:16 443,752 ----a-w c:\windows\system32\d3dx10_34.dll + 2007-07-19 17:14:42 444,776 ----a-w c:\windows\system32\d3dx10_35.dll + 2007-10-02 08:56:34 444,776 ----a-w c:\windows\system32\d3dx10_36.dll + 2008-02-05 22:07:36 462,864 ----a-w c:\windows\system32\d3dx10_37.dll + 2008-05-30 13:11:46 467,984 ----a-w c:\windows\system32\d3dx10_38.dll + 2008-07-10 10:01:00 467,984 ----a-w c:\windows\system32\d3dx10_39.dll + 2008-10-10 03:52:38 452,440 ----a-w c:\windows\system32\d3dx10_40.dll + 2005-02-05 18:45:26 2,222,800 ----a-w c:\windows\system32\d3dx9_24.dll + 2005-03-18 16:19:58 2,337,488 ----a-w c:\windows\system32\d3dx9_25.dll + 2005-05-26 14:34:52 2,297,552 ----a-w c:\windows\system32\d3dx9_26.dll + 2005-07-22 18:59:04 2,319,568 ----a-w c:\windows\system32\d3dx9_27.dll + 2006-02-03 07:43:16 2,332,368 ----a-w c:\windows\system32\d3dx9_29.dll + 2006-09-28 15:05:20 2,414,360 ----a-w c:\windows\system32\d3dx9_31.dll + 2006-11-29 12:06:18 3,426,072 ----a-w c:\windows\system32\d3dx9_32.dll + 2007-03-12 15:42:30 3,495,784 ----a-w c:\windows\system32\d3dx9_33.dll + 2007-05-16 15:45:16 3,497,832 ----a-w c:\windows\system32\d3dx9_34.dll + 2007-07-19 17:14:42 3,727,720 ----a-w c:\windows\system32\d3dx9_35.dll + 2007-10-12 14:14:00 3,734,536 ----a-w c:\windows\system32\d3dx9_36.dll + 2008-03-05 14:56:58 3,786,760 ----a-w c:\windows\system32\D3DX9_37.dll + 2008-05-30 13:11:46 3,850,760 ----a-w c:\windows\system32\D3DX9_38.dll + 2008-07-10 10:00:58 3,851,784 ----a-w c:\windows\system32\D3DX9_39.dll + 2008-10-10 03:52:38 4,379,984 ----a-w c:\windows\system32\D3DX9_40.dll + 2005-02-05 18:45:26 2,222,800 ----a-w c:\windows\system32\DirectX\DXB.tmp\d3dx9_24.dll + 2008-10-27 08:48:38 80,896 ----a-w c:\windows\system32\DirectX\DXB.tmp\dxdllreg.exe + 2008-10-27 08:48:34 173,568 ----a-w c:\windows\system32\DirectX\DXB.tmp\dxupdate.dll + 2004-03-18 17:40:24 667,648 ----a-w c:\windows\system32\libeay32.dll - 2009-01-18 00:29:11 62,422 ----a-w c:\windows\system32\perfc009.dat + 2009-02-06 15:44:01 62,422 ----a-w c:\windows\system32\perfc009.dat - 2009-01-18 00:29:11 79,606 ----a-w c:\windows\system32\perfc015.dat + 2009-02-06 15:44:01 79,606 ----a-w c:\windows\system32\perfc015.dat - 2009-01-18 00:29:11 400,760 ----a-w c:\windows\system32\perfh009.dat + 2009-02-06 15:44:01 400,760 ----a-w c:\windows\system32\perfh009.dat - 2009-01-18 00:29:11 457,574 ----a-w c:\windows\system32\perfh015.dat + 2009-02-06 15:44:01 457,574 ----a-w c:\windows\system32\perfh015.dat + 2004-03-18 17:40:32 155,648 ----a-w c:\windows\system32\ssleay32.dll + 2006-02-03 07:41:26 14,032 ----a-w c:\windows\system32\x3daudio1_0.dll + 2007-03-05 11:42:18 15,128 ----a-w c:\windows\system32\x3daudio1_1.dll + 2007-10-22 02:37:16 17,928 ----a-w c:\windows\system32\X3DAudio1_2.dll + 2008-03-05 15:00:06 25,608 ----a-w c:\windows\system32\X3DAudio1_3.dll + 2008-05-30 13:17:00 25,608 ----a-w c:\windows\system32\X3DAudio1_4.dll + 2008-10-27 09:04:16 23,376 ----a-w c:\windows\system32\X3DAudio1_5.dll + 2006-02-03 07:42:06 230,096 ----a-w c:\windows\system32\xactengine2_0.dll + 2006-03-31 11:39:48 229,584 ----a-w c:\windows\system32\xactengine2_1.dll + 2007-10-22 02:39:54 267,272 ----a-w c:\windows\system32\xactengine2_10.dll + 2006-05-31 06:24:16 230,168 ----a-w c:\windows\system32\xactengine2_2.dll + 2006-07-28 08:30:32 236,824 ----a-w c:\windows\system32\xactengine2_3.dll + 2006-09-28 15:05:56 237,848 ----a-w c:\windows\system32\xactengine2_4.dll + 2006-12-08 11:02:00 251,672 ----a-w c:\windows\system32\xactengine2_5.dll + 2007-01-24 14:27:30 255,848 ----a-w c:\windows\system32\xactengine2_6.dll + 2007-04-04 17:55:00 261,480 ----a-w c:\windows\system32\xactengine2_7.dll + 2007-06-20 19:46:04 266,088 ----a-w c:\windows\system32\xactengine2_8.dll + 2007-07-19 23:57:12 267,112 ----a-w c:\windows\system32\xactengine2_9.dll + 2008-03-05 15:03:20 238,088 ----a-w c:\windows\system32\xactengine3_0.dll + 2008-05-30 13:18:52 238,088 ----a-w c:\windows\system32\xactengine3_1.dll + 2008-07-30 05:20:54 238,088 ----a-w c:\windows\system32\xactengine3_2.dll + 2008-10-27 09:04:16 235,856 ----a-w c:\windows\system32\xactengine3_3.dll + 2008-05-30 13:17:30 65,032 ----a-w c:\windows\system32\XAPOFX1_0.dll + 2008-07-30 05:20:56 68,616 ----a-w c:\windows\system32\XAPOFX1_1.dll + 2008-10-27 09:04:14 70,992 ----a-w c:\windows\system32\XAPOFX1_2.dll + 2008-03-05 15:03:54 479,752 ----a-w c:\windows\system32\XAudio2_0.dll + 2008-05-30 13:19:18 507,400 ----a-w c:\windows\system32\XAudio2_1.dll + 2008-07-30 05:20:56 509,448 ----a-w c:\windows\system32\XAudio2_2.dll + 2008-10-27 09:04:18 514,384 ----a-w c:\windows\system32\XAudio2_3.dll + 2006-03-31 11:39:24 62,672 ----a-w c:\windows\system32\xinput1_1.dll + 2006-07-28 08:30:14 62,744 ----a-w c:\windows\system32\xinput1_2.dll + 2007-04-04 17:53:42 81,768 ----a-w c:\windows\system32\xinput1_3.dll + 2005-12-05 17:07:30 61,136 ----a-w c:\windows\system32\xinput9_1_0.dll . -- Migawka wyzerowana -- . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-08-03 202024] "H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000] "DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 136136] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864] "36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-11-19 1970176] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-29 8466432] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-29 81920] "Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632] "HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2002-12-17 49152] "HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb08.exe" [2003-03-11 172032] "DeviceDiscovery"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2002-12-02 40960] "DeathAdder"="c:\program files\Razer\DeathAdder\razerhid.exe" [2008-09-05 159744] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_02\bin\jusched.exe" [2007-06-14 132760] "NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "nwiz"="nwiz.exe" [2007-06-29 c:\windows\system32\nwiz.exe] "P17Helper"="P17.dll" [2005-05-03 c:\windows\system32\P17.dll] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\Admin\Menu Start\Programy\Autostart\ Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664] c:\documents and settings\All Users\Menu Start\Programy\Autostart\ Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{BB4C402F-882A-4526-8C08-51278EA437C1}"= "c:\windows\system32\afmain0.dll" [2008-04-14 78848] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "d:\\Tlen.pl\\tlen.exe"= "c:\\Program Files\\WapSter\\WapSter AQQ\\AQQ.exe"= "c:\\Program Files\\PopCap Games\\Zuma Deluxe\\Zuma.exe"= "d:\\KONAMI\\Pro Evolution Soccer 2009\\pes2009.exe"= "d:\\Steam\\steamapps\\kristian658\\counter-strike\\hl.exe"= "c:\\Program Files\\Ares\\Ares.exe"= "d:\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Gadu-Gadu\\gg.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service R3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys [2009-01-18 22784] S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ee123402-e4ff-11dd-9197-002185124066}] \Shell\AutoRun\command - H:\m0vnonh.bat \Shell\open\Command - H:\m0vnonh.bat . - - - - USUNIĘTO PUSTE WPISY - - - - HKCU-Run-cdoosoft - c:\windows\system32\olhrwef.exe . ------- Skan uzupełniający ------- . IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\wd4w6ln0.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.pl/ FF - plugin: c:\program files\Opera\program\plugins\nppl3260.dll FF - plugin: c:\program files\Opera\program\plugins\nprpjplug.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-02-07 13:13:44 Windows 5.1.2600 Dodatek Service Pack 3 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** . ------------------------ Pozostałe uruchomione procesy ------------------------ . c:\windows\AhnRpta.exe c:\windows\system32\nvsvc32.exe c:\windows\system32\wdfmgr.exe c:\windows\system32\wscntfy.exe c:\windows\system32\rundll32.exe c:\windows\system32\rundll32.exe c:\program files\Common Files\Nero\Lib\NMIndexingService.exe c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe c:\progra~1\MICROS~3\rapimgr.exe c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe c:\program files\Razer\DeathAdder\razertra.exe c:\program files\Razer\DeathAdder\razerofa.exe . ************************************************************************** . Czas ukończenia: 2009-02-07 13:14:44 - komputer został uruchomiony ponownie ComboFix-quarantined-files.txt 2009-02-07 12:14:42 ComboFix2.txt 2009-01-31 08:51:59 ComboFix3.txt 2009-01-30 20:31:43 Przed: 22 827 855 872 bajtów wolnych Po: 22,830,428,160 bajtów wolnych 369