Combofix za każdym razem coś usuwa...

[kajtekjr]

Witam! Mam taki problem.. Co odpalę Combofixa to za każdym razem coś usuwa... Z jednej strony to dobrze, a z drugiej jest bardzo niepokojące..
I teraz chciałbym wiedzieć czy coś siedzi głębiej... ?

Kod: Zaznacz wszystko

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:22:02, on 2009-02-10
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\AhnRpta.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Razer\DeathAdder\razerhid.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\DAEMON Tools Pro\DTProAgent.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Razer\DeathAdder\razertra.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Razer\DeathAdder\razerofa.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Admin\Pulpit\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [DeathAdder] C:\Program Files\Razer\DeathAdder\razerhid.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [cdoosoft] C:\WINDOWS\system32\olhrwef.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Utwórz Ulubione dla urządzenia przenośnego... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 5734 bytes


Kod: Zaznacz wszystko

ComboFix 09-02-06.02 - Admin 2009-02-10 14:14:55.9 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1250.1.1045.18.2047.1605 [GMT 1:00]
Uruchomiony z: c:\documents and settings\Admin\Pulpit\ComboFix.exe

UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!
.

(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\nmdfgds0.dll
c:\windows\system32\olhrwef.exe

.
(((((((((((((((((((((((((   Pliki utworzone od 2009-01-10 do 2009-02-10  )))))))))))))))))))))))))))))))
.

2009-02-10 07:33 . 2009-02-10 07:33   109,006   -r-hs----   C:\2aaxaiy.exe
2009-02-06 16:42 . 2008-04-14 00:26   30,592   --a------   c:\windows\system32\drivers\rndismpx.sys
2009-02-06 16:42 . 2008-04-14 00:26   30,592   --a--c---   c:\windows\system32\dllcache\rndismpx.sys
2009-02-06 16:42 . 2008-04-14 00:26   12,800   --a------   c:\windows\system32\drivers\usb8023x.sys
2009-02-06 16:42 . 2008-04-14 00:26   12,800   --a--c---   c:\windows\system32\dllcache\usb8023x.sys
2009-02-05 20:05 . 2009-02-05 20:05   <DIR>   d--------   c:\documents and settings\Admin\Dane aplikacji\gtk-2.0
2009-02-05 20:04 . 2009-02-05 20:04   <DIR>   d--------   c:\documents and settings\Admin\Dane aplikacji\Inkscape
2009-02-03 19:28 . 2009-02-03 19:28   <DIR>   d--------   c:\windows\Logs
2009-02-03 17:27 . 2009-02-03 17:27   <DIR>   d--------   C:\OpenSSL
2009-02-03 17:27 . 2009-02-03 17:27   155,648   --a------   c:\windows\system32\libssl32.dll
2009-02-03 14:58 . 2009-02-06 18:39   162,816   --a------   c:\windows\system32\fmod.dll
2009-02-02 22:39 . 2009-02-02 22:39   <DIR>   d--------   C:\games
2009-01-31 16:35 . 2009-02-01 20:55   109,930   -r-hs----   C:\a2h2.com
2009-01-31 09:52 . 2008-04-14 21:51   70,144   --a------   c:\windows\AhnRpta.exe
2009-01-30 15:33 . 2009-01-30 15:33   <DIR>   d--------   c:\program files\directx
2009-01-28 17:20 . 2009-01-28 17:20   <DIR>   d--------   c:\program files\7-Zip
2009-01-25 15:19 . 2009-01-27 16:04   <DIR>   d--------   c:\documents and settings\Admin\Dane aplikacji\skypePM
2009-01-25 15:19 . 2009-01-25 15:19   56   --ah-----   c:\windows\system32\ezsidmv.dat
2009-01-25 15:18 . 2009-01-30 07:10   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\Skype
2009-01-25 14:11 . 2009-01-25 14:11   <DIR>   d--------   c:\windows\SxsCaPendDel
2009-01-25 00:28 . 2009-01-25 00:28   <DIR>   d--------   c:\program files\MDM
2009-01-24 08:39 . 2009-01-24 08:42   <DIR>   d--------   c:\program files\YouTube Video Downloader
2009-01-23 15:50 . 2009-02-06 16:26   <DIR>   d--------   c:\documents and settings\Admin\Dane aplikacji\uTorrent
2009-01-23 12:53 . 2009-01-23 12:53   <DIR>   d--------   c:\documents and settings\Admin\Dane aplikacji\CyberLink
2009-01-22 23:12 . 2009-01-22 23:12   <DIR>   d--------   c:\program files\ParaGraph
2009-01-22 21:49 . 2009-01-22 21:49   <DIR>   d--------   c:\program files\Common Files\Real
2009-01-22 17:50 . 2009-01-22 17:50   <DIR>   d--------   c:\documents and settings\Admin\Dane aplikacji\Nero
2009-01-22 13:23 . 2009-01-22 13:23   <DIR>   d--------   c:\program files\Lonely Cat Games
2009-01-20 19:25 . 2009-01-20 19:25   <DIR>   d--------   c:\program files\Ares
2009-01-19 20:47 . 2009-01-19 20:47   <DIR>   d--------   c:\program files\Teamspeak2_RC2
2009-01-19 20:47 . 2009-01-19 20:47   <DIR>   d--------   c:\documents and settings\Admin\Dane aplikacji\teamspeak2
2009-01-19 20:47 . 2009-01-19 20:47   34,064   --a------   c:\windows\system32\lhacm.acm
2009-01-18 21:26 . 2009-01-18 21:26   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\KONAMI
2009-01-18 16:45 . 2009-01-18 16:45   <DIR>   d--------   c:\documents and settings\Admin\Dane aplikacji\DAEMON Tools Pro
2009-01-18 16:44 . 2009-01-18 16:44   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\DAEMON Tools Pro
2009-01-18 16:34 . 2009-01-18 16:34   <DIR>   d--------   c:\windows\ERUNT
2009-01-18 13:47 . 2009-01-18 13:47   <DIR>   d--------   c:\documents and settings\Admin\Dane aplikacji\BESTplayer
2009-01-18 13:39 . 2009-01-18 13:39   <DIR>   d--------   c:\documents and settings\Admin\Dane aplikacji\Media Player Classic
2009-01-18 13:39 . 2009-02-09 16:04   49   --a------   c:\windows\NeroDigital.ini
2009-01-18 11:08 . 2009-01-18 11:08   <DIR>   d--------   c:\program files\Trymedia
2009-01-18 11:08 . 2009-01-18 11:08   <DIR>   d--------   c:\program files\PopCap Games
2009-01-18 11:08 . 2009-02-10 01:05   10   --a------   c:\windows\popcinfo.dat
2009-01-18 11:02 . 2009-01-18 11:02   <DIR>   d--------   c:\windows\Sun
2009-01-18 10:42 . 2009-01-18 10:42   <DIR>   d--------   c:\program files\WapSter
2009-01-18 10:42 . 2009-01-18 10:42   <DIR>   d--------   c:\documents and settings\Admin\WapSter
2009-01-18 10:42 . 2008-04-14 00:15   26,368   --a--c---   c:\windows\system32\dllcache\usbstor.sys
2009-01-18 02:31 . 2009-01-28 21:29   <DIR>   d--------   c:\program files\Microsoft ActiveSync

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-10 13:11   ---------   d-----w   c:\program files\Mozilla Thunderbird
2009-01-30 14:34   ---------   d--h--w   c:\program files\InstallShield Installation Information
2009-01-30 14:09   ---------   d-----w   c:\program files\Opera
2009-01-27 19:56   ---------   d-----w   c:\program files\Gadu-Gadu
2009-01-25 13:11   ---------   d-----w   c:\program files\Common Files\Adobe
2009-01-20 16:13   ---------   d-----w   c:\documents and settings\Admin\Dane aplikacji\Winamp
2009-01-18 15:45   ---------   d-----w   c:\program files\DAEMON Tools Pro
2009-01-18 00:54   685,816   ----a-w   c:\windows\system32\drivers\sptd.sys
2009-01-18 00:49   ---------   d-----w   c:\program files\Common Files\Adobe Systems Shared
2009-01-18 00:49   ---------   d-----w   c:\documents and settings\All Users\Dane aplikacji\Adobe Systems
2009-01-18 00:46   ---------   d-----w   c:\program files\CyberLink
2009-01-18 00:46   ---------   d-----w   c:\documents and settings\All Users\Dane aplikacji\CyberLink
2009-01-18 00:45   ---------   d-----w   c:\program files\Common Files\InstallShield
2009-01-18 00:43   ---------   d-----w   c:\program files\Common Files\Nero
2009-01-18 00:34   ---------   d-----w   c:\program files\Nero
2009-01-18 00:34   ---------   d-----w   c:\documents and settings\All Users\Dane aplikacji\Nero
2009-01-18 00:29   ---------   d-----w   c:\program files\Malicious Software Removal Tool
2009-01-18 00:28   ---------   d-----w   c:\program files\PowerMenu
2009-01-18 00:28   ---------   d-----w   c:\program files\Java
2009-01-18 00:28   ---------   d-----w   c:\program files\Common Files\Java
2009-01-18 00:27   ---------   d-----w   c:\program files\HighMAT CD Writing Wizard
2009-01-18 00:24   ---------   d-----w   c:\program files\AutoPatcher
2009-01-18 00:21   ---------   d-----w   c:\program files\UltraISO
2009-01-18 00:21   ---------   d-----w   c:\program files\Common Files\EZB Systems
2009-01-18 00:18   361,344   ----a-w   c:\windows\system32\drivers\tcpip.sys
2009-01-18 00:18   ---------   d-----w   c:\program files\xp-AntiSpy
2009-01-18 00:17   ---------   d-----w   c:\program files\Winamp
2009-01-18 00:16   ---------   d-----w   c:\program files\HyperSnap 6
2009-01-18 00:15   47,360   ----a-w   c:\windows\system32\drivers\pcouffin.sys
2009-01-18 00:15   47,360   ----a-w   c:\documents and settings\Admin\Dane aplikacji\pcouffin.sys
2009-01-18 00:15   ---------   d-----w   c:\program files\vso
2009-01-18 00:15   ---------   d-----w   c:\documents and settings\Admin\Dane aplikacji\Vso
2009-01-18 00:14   ---------   d-----w   c:\program files\Real Alternative
2009-01-18 00:14   ---------   d-----w   c:\program files\Media Player Classic
2009-01-18 00:14   ---------   d-----w   c:\program files\K-Lite Codec Pack
2009-01-18 00:13   ---------   d-----w   c:\program files\The Bat!
2009-01-18 00:12   ---------   d-----w   c:\documents and settings\Admin\Dane aplikacji\Thunderbird
2009-01-18 00:12   ---------   d-----w   c:\documents and settings\Admin\Dane aplikacji\Gadu-Gadu
2009-01-18 00:02   ---------   d-----w   c:\program files\Razer
2009-01-18 00:02   ---------   d-----w   c:\program files\DIFX
2009-01-18 00:02   ---------   d-----w   c:\documents and settings\Admin\Dane aplikacji\InstallShield
2009-01-17 23:57   ---------   d-----w   c:\program files\Hewlett-Packard
2009-01-17 23:54   82,380   ----a-w   c:\windows\system32\drivers\AFS2K.SYS
2009-01-17 23:54   ---------   d-----w   c:\documents and settings\Admin\Dane aplikacji\Folder przesyłania Share-to-Web
2009-01-17 23:53   ---------   d-----w   c:\program files\Common Files\Hewlett-Packard
2009-01-17 23:49   ---------   d-----w   c:\program files\Creative
2009-01-17 23:45   ---------   d-----w   c:\documents and settings\All Users\Dane aplikacji\nView_Profiles
2009-01-17 23:33   ---------   d-----w   c:\program files\Intel
2009-01-17 23:26   ---------   d-----w   c:\program files\microsoft frontpage
2009-01-17 23:25   ---------   d-----w   c:\program files\Usługi online
.

------- Sigcheck -------

2009-01-18 01:18  361344  b0870dc4ae8a0a40c45ec66bcde3e523   c:\windows\system32\dllcache\tcpip.sys
2009-01-18 01:18  361344  b0870dc4ae8a0a40c45ec66bcde3e523   c:\windows\system32\drivers\tcpip.sys
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-08-03 202024]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000]
"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 136136]
"cdoosoft"="c:\windows\system32\olhrwef.exe" [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-11-19 1970176]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-29 8466432]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-29 81920]
"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2002-12-17 49152]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb08.exe" [2003-03-11 172032]
"DeviceDiscovery"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2002-12-02 40960]
"DeathAdder"="c:\program files\Razer\DeathAdder\razerhid.exe" [2008-09-05 159744]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_02\bin\jusched.exe" [2007-06-14 132760]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"nwiz"="nwiz.exe" [2007-06-29 c:\windows\system32\nwiz.exe]
"P17Helper"="P17.dll" [2005-05-03 c:\windows\system32\P17.dll]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Admin\Menu Start\Programy\Autostart\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

c:\documents and settings\All Users\Menu Start\Programy\Autostart\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{BB4C402F-882A-4526-8C08-51278EA437C1}"= "c:\windows\system32\afmain0.dll" [2008-04-14 78848]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"d:\\Tlen.pl\\tlen.exe"=
"c:\\Program Files\\WapSter\\WapSter AQQ\\AQQ.exe"=
"c:\\Program Files\\PopCap Games\\Zuma Deluxe\\Zuma.exe"=
"d:\\KONAMI\\Pro Evolution Soccer 2009\\pes2009.exe"=
"d:\\Steam\\steamapps\\kristian658\\counter-strike\\hl.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"d:\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Gadu-Gadu\\gg.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys [2009-01-18 22784]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?]
.
.
------- Skan uzupełniający -------
.
IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\wd4w6ln0.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.pl/
FF - plugin: c:\program files\Opera\program\plugins\nppl3260.dll
FF - plugin: c:\program files\Opera\program\plugins\nprpjplug.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-10 14:16:33
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

skanowanie ukrytych procesów ... 

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ... 

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\windows\AhnRpta.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\wscntfy.exe
c:\program files\Razer\DeathAdder\razertra.exe
c:\progra~1\MICROS~3\rapimgr.exe
c:\program files\Common Files\Nero\Lib\NMIndexingService.exe
c:\program files\Razer\DeathAdder\razerofa.exe
c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
.
**************************************************************************
.
Czas ukończenia: 2009-02-10 14:17:33 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt  2009-02-10 13:17:31
ComboFix2.txt  2009-02-09 16:00:15
ComboFix3.txt  2009-02-09 11:03:04
ComboFix4.txt  2009-02-09 10:55:17
ComboFix5.txt  2009-02-10 13:14:30

Przed: 22 769 012 736 bajtów wolnych
Po: 22,759,497,728 bajtów wolnych

216


[Okocza]

wklej w notatnik:

Kod: Zaznacz wszystko

File::
C:\2aaxaiy.exe
C:\a2h2.com
c:\windows\AhnRpta.exe
c:\windows\system32\afmain0.dll

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cdoosoft"=-
[-hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

zapisz jako CFScript.txt i przeciągnij na combofix.exe i daj log który się wygeneruje

[kajtekjr]

Wszystko zrobione wg. instrukcji....

Kod: Zaznacz wszystko

ComboFix 09-02-08.02 - Admin 2009-02-10 14:43:48.10 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1250.1.1045.18.2047.1619 [GMT 1:00]
Uruchomiony z: c:\documents and settings\Admin\Pulpit\ComboFix.exe
Użyto następujących komend :: c:\documents and settings\Admin\Pulpit\CFScript.txt
* Utworzono nowy punkt przywracania

UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!

FILE ::
C:\2aaxaiy.exe
C:\a2h2.com
c:\windows\AhnRpta.exe
c:\windows\system32\afmain0.dll
.

(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\2aaxaiy.exe
C:\a2h2.com
c:\windows\AhnRpta.exe
c:\windows\system32\afmain0.dll

.
(((((((((((((((((((((((((   Pliki utworzone od 2009-01-10 do 2009-02-10  )))))))))))))))))))))))))))))))
.

2009-02-06 16:42 . 2008-04-14 00:26   30,592   --a------   c:\windows\system32\drivers\rndismpx.sys
2009-02-06 16:42 . 2008-04-14 00:26   30,592   --a--c---   c:\windows\system32\dllcache\rndismpx.sys
2009-02-06 16:42 . 2008-04-14 00:26   12,800   --a------   c:\windows\system32\drivers\usb8023x.sys
2009-02-06 16:42 . 2008-04-14 00:26   12,800   --a--c---   c:\windows\system32\dllcache\usb8023x.sys
2009-02-05 20:05 . 2009-02-05 20:05   <DIR>   d--------   c:\documents and settings\Admin\Dane aplikacji\gtk-2.0
2009-02-05 20:04 . 2009-02-05 20:04   <DIR>   d--------   c:\documents and settings\Admin\Dane aplikacji\Inkscape
2009-02-03 19:28 . 2009-02-03 19:28   <DIR>   d--------   c:\windows\Logs
2009-02-03 17:27 . 2009-02-03 17:27   <DIR>   d--------   C:\OpenSSL
2009-02-03 17:27 . 2009-02-03 17:27   155,648   --a------   c:\windows\system32\libssl32.dll
2009-02-03 14:58 . 2009-02-06 18:39   162,816   --a------   c:\windows\system32\fmod.dll
2009-02-02 22:39 . 2009-02-02 22:39   <DIR>   d--------   C:\games
2009-01-30 15:33 . 2009-01-30 15:33   <DIR>   d--------   c:\program files\directx
2009-01-28 17:20 . 2009-01-28 17:20   <DIR>   d--------   c:\program files\7-Zip
2009-01-25 15:19 . 2009-01-27 16:04   <DIR>   d--------   c:\documents and settings\Admin\Dane aplikacji\skypePM
2009-01-25 15:19 . 2009-01-25 15:19   56   --ah-----   c:\windows\system32\ezsidmv.dat
2009-01-25 15:18 . 2009-01-30 07:10   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\Skype
2009-01-25 14:11 . 2009-01-25 14:11   <DIR>   d--------   c:\windows\SxsCaPendDel
2009-01-25 00:28 . 2009-01-25 00:28   <DIR>   d--------   c:\program files\MDM
2009-01-24 08:39 . 2009-01-24 08:42   <DIR>   d--------   c:\program files\YouTube Video Downloader
2009-01-23 15:50 . 2009-02-06 16:26   <DIR>   d--------   c:\documents and settings\Admin\Dane aplikacji\uTorrent
2009-01-23 12:53 . 2009-01-23 12:53   <DIR>   d--------   c:\documents and settings\Admin\Dane aplikacji\CyberLink
2009-01-22 23:12 . 2009-01-22 23:12   <DIR>   d--------   c:\program files\ParaGraph
2009-01-22 21:49 . 2009-01-22 21:49   <DIR>   d--------   c:\program files\Common Files\Real
2009-01-22 17:50 . 2009-01-22 17:50   <DIR>   d--------   c:\documents and settings\Admin\Dane aplikacji\Nero
2009-01-22 13:23 . 2009-01-22 13:23   <DIR>   d--------   c:\program files\Lonely Cat Games
2009-01-20 19:25 . 2009-01-20 19:25   <DIR>   d--------   c:\program files\Ares
2009-01-19 20:47 . 2009-01-19 20:47   <DIR>   d--------   c:\program files\Teamspeak2_RC2
2009-01-19 20:47 . 2009-01-19 20:47   <DIR>   d--------   c:\documents and settings\Admin\Dane aplikacji\teamspeak2
2009-01-19 20:47 . 2009-01-19 20:47   34,064   --a------   c:\windows\system32\lhacm.acm
2009-01-18 21:26 . 2009-01-18 21:26   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\KONAMI
2009-01-18 16:45 . 2009-01-18 16:45   <DIR>   d--------   c:\documents and settings\Admin\Dane aplikacji\DAEMON Tools Pro
2009-01-18 16:44 . 2009-01-18 16:44   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\DAEMON Tools Pro
2009-01-18 16:34 . 2009-01-18 16:34   <DIR>   d--------   c:\windows\ERUNT
2009-01-18 13:47 . 2009-01-18 13:47   <DIR>   d--------   c:\documents and settings\Admin\Dane aplikacji\BESTplayer
2009-01-18 13:39 . 2009-01-18 13:39   <DIR>   d--------   c:\documents and settings\Admin\Dane aplikacji\Media Player Classic
2009-01-18 13:39 . 2009-02-09 16:04   49   --a------   c:\windows\NeroDigital.ini
2009-01-18 11:08 . 2009-01-18 11:08   <DIR>   d--------   c:\program files\Trymedia
2009-01-18 11:08 . 2009-01-18 11:08   <DIR>   d--------   c:\program files\PopCap Games
2009-01-18 11:08 . 2009-02-10 01:05   10   --a------   c:\windows\popcinfo.dat
2009-01-18 11:02 . 2009-01-18 11:02   <DIR>   d--------   c:\windows\Sun
2009-01-18 10:42 . 2009-01-18 10:42   <DIR>   d--------   c:\program files\WapSter
2009-01-18 10:42 . 2009-01-18 10:42   <DIR>   d--------   c:\documents and settings\Admin\WapSter
2009-01-18 10:42 . 2008-04-14 00:15   26,368   --a--c---   c:\windows\system32\dllcache\usbstor.sys
2009-01-18 02:31 . 2009-01-28 21:29   <DIR>   d--------   c:\program files\Microsoft ActiveSync

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-10 13:11   ---------   d-----w   c:\program files\Mozilla Thunderbird
2009-01-30 14:34   ---------   d--h--w   c:\program files\InstallShield Installation Information
2009-01-30 14:09   ---------   d-----w   c:\program files\Opera
2009-01-27 19:56   ---------   d-----w   c:\program files\Gadu-Gadu
2009-01-25 13:11   ---------   d-----w   c:\program files\Common Files\Adobe
2009-01-20 16:13   ---------   d-----w   c:\documents and settings\Admin\Dane aplikacji\Winamp
2009-01-18 15:45   ---------   d-----w   c:\program files\DAEMON Tools Pro
2009-01-18 00:54   685,816   ----a-w   c:\windows\system32\drivers\sptd.sys
2009-01-18 00:49   ---------   d-----w   c:\program files\Common Files\Adobe Systems Shared
2009-01-18 00:49   ---------   d-----w   c:\documents and settings\All Users\Dane aplikacji\Adobe Systems
2009-01-18 00:46   ---------   d-----w   c:\program files\CyberLink
2009-01-18 00:46   ---------   d-----w   c:\documents and settings\All Users\Dane aplikacji\CyberLink
2009-01-18 00:45   ---------   d-----w   c:\program files\Common Files\InstallShield
2009-01-18 00:43   ---------   d-----w   c:\program files\Common Files\Nero
2009-01-18 00:34   ---------   d-----w   c:\program files\Nero
2009-01-18 00:34   ---------   d-----w   c:\documents and settings\All Users\Dane aplikacji\Nero
2009-01-18 00:29   ---------   d-----w   c:\program files\Malicious Software Removal Tool
2009-01-18 00:28   ---------   d-----w   c:\program files\PowerMenu
2009-01-18 00:28   ---------   d-----w   c:\program files\Java
2009-01-18 00:28   ---------   d-----w   c:\program files\Common Files\Java
2009-01-18 00:27   ---------   d-----w   c:\program files\HighMAT CD Writing Wizard
2009-01-18 00:24   ---------   d-----w   c:\program files\AutoPatcher
2009-01-18 00:21   ---------   d-----w   c:\program files\UltraISO
2009-01-18 00:21   ---------   d-----w   c:\program files\Common Files\EZB Systems
2009-01-18 00:18   361,344   ----a-w   c:\windows\system32\drivers\tcpip.sys
2009-01-18 00:18   ---------   d-----w   c:\program files\xp-AntiSpy
2009-01-18 00:17   ---------   d-----w   c:\program files\Winamp
2009-01-18 00:16   ---------   d-----w   c:\program files\HyperSnap 6
2009-01-18 00:15   47,360   ----a-w   c:\windows\system32\drivers\pcouffin.sys
2009-01-18 00:15   47,360   ----a-w   c:\documents and settings\Admin\Dane aplikacji\pcouffin.sys
2009-01-18 00:15   ---------   d-----w   c:\program files\vso
2009-01-18 00:15   ---------   d-----w   c:\documents and settings\Admin\Dane aplikacji\Vso
2009-01-18 00:14   ---------   d-----w   c:\program files\Real Alternative
2009-01-18 00:14   ---------   d-----w   c:\program files\Media Player Classic
2009-01-18 00:14   ---------   d-----w   c:\program files\K-Lite Codec Pack
2009-01-18 00:13   ---------   d-----w   c:\program files\The Bat!
2009-01-18 00:12   ---------   d-----w   c:\documents and settings\Admin\Dane aplikacji\Thunderbird
2009-01-18 00:12   ---------   d-----w   c:\documents and settings\Admin\Dane aplikacji\Gadu-Gadu
2009-01-18 00:02   ---------   d-----w   c:\program files\Razer
2009-01-18 00:02   ---------   d-----w   c:\program files\DIFX
2009-01-18 00:02   ---------   d-----w   c:\documents and settings\Admin\Dane aplikacji\InstallShield
2009-01-17 23:57   ---------   d-----w   c:\program files\Hewlett-Packard
2009-01-17 23:54   82,380   ----a-w   c:\windows\system32\drivers\AFS2K.SYS
2009-01-17 23:54   ---------   d-----w   c:\documents and settings\Admin\Dane aplikacji\Folder przesyłania Share-to-Web
2009-01-17 23:53   ---------   d-----w   c:\program files\Common Files\Hewlett-Packard
2009-01-17 23:49   ---------   d-----w   c:\program files\Creative
2009-01-17 23:45   ---------   d-----w   c:\documents and settings\All Users\Dane aplikacji\nView_Profiles
2009-01-17 23:33   ---------   d-----w   c:\program files\Intel
2009-01-17 23:26   ---------   d-----w   c:\program files\microsoft frontpage
2009-01-17 23:25   ---------   d-----w   c:\program files\Usługi online
.

------- Sigcheck -------

2009-01-18 01:18  361344  b0870dc4ae8a0a40c45ec66bcde3e523   c:\windows\system32\dllcache\tcpip.sys
2009-01-18 01:18  361344  b0870dc4ae8a0a40c45ec66bcde3e523   c:\windows\system32\drivers\tcpip.sys
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-08-03 202024]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000]
"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 136136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-11-19 1970176]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-29 8466432]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-29 81920]
"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2002-12-17 49152]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb08.exe" [2003-03-11 172032]
"DeviceDiscovery"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2002-12-02 40960]
"DeathAdder"="c:\program files\Razer\DeathAdder\razerhid.exe" [2008-09-05 159744]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_02\bin\jusched.exe" [2007-06-14 132760]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"nwiz"="nwiz.exe" [2007-06-29 c:\windows\system32\nwiz.exe]
"P17Helper"="P17.dll" [2005-05-03 c:\windows\system32\P17.dll]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Admin\Menu Start\Programy\Autostart\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

c:\documents and settings\All Users\Menu Start\Programy\Autostart\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"d:\\Tlen.pl\\tlen.exe"=
"c:\\Program Files\\WapSter\\WapSter AQQ\\AQQ.exe"=
"c:\\Program Files\\PopCap Games\\Zuma Deluxe\\Zuma.exe"=
"d:\\KONAMI\\Pro Evolution Soccer 2009\\pes2009.exe"=
"d:\\Steam\\steamapps\\kristian658\\counter-strike\\hl.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"d:\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Gadu-Gadu\\gg.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys [2009-01-18 22784]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?]
.
.
------- Skan uzupełniający -------
.
IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\wd4w6ln0.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.pl/
FF - plugin: c:\program files\Opera\program\plugins\nppl3260.dll
FF - plugin: c:\program files\Opera\program\plugins\nprpjplug.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-10 14:45:17
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

skanowanie ukrytych procesów ... 

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ... 

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\progra~1\MICROS~3\rapimgr.exe
c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
c:\program files\Common Files\Nero\Lib\NMIndexingService.exe
c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
c:\program files\Razer\DeathAdder\razertra.exe
c:\program files\Razer\DeathAdder\razerofa.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Czas ukończenia: 2009-02-10 14:46:16 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt  2009-02-10 13:46:13
ComboFix2.txt  2009-02-10 13:17:34
ComboFix3.txt  2009-02-09 16:00:15
ComboFix4.txt  2009-02-09 11:03:04
ComboFix5.txt  2009-02-10 13:43:28

Przed: 22 753 624 064 bajtów wolnych
Po: 22,741,151,744 bajtów wolnych

218


[Okocza]

Wykonaj to co jest podane w tym temacie

1. tym programem przejdź komputer)
2. wykonaj optymalizację windowsa
3.sciagnij ATF_Cleaner
zaznacz
Windows Temp
All users Temp
Temporary internet files
Recycle Bin
i wcisnij EMPTY SELECTED
4.Wyłącz przywracanie systemu ( właściwości mój komputer-zakładka przywracanie - wyłącz przywracanie na wszystkich dyskach). Po chwili włącz je powrotem
5. Przeskanuj komputer pod względem Trojanów tym programem
6. Wstaw na forum screen z zakładki uruchamianie (start – uruchom – msconfig – uruchamianie) może uda się cos wyrzucic stamtąd.

[kajtekjr]

Log z tego FixIEDef

Kod: Zaznacz wszystko

********************************************************************************
*                                                                              *
*                                 FixIEDef Log                                 *
*                              Version 1.7.22.7389                             *
*                                                                              *
********************************************************************************

Created at 14:59:42 on Tuesday, February 10, 2009

Time Zone            :

Logged On User       : Admin

Operating System     : Microsoft Windows XP Professional Dodatek Service Pack 3
OS Architecture      : X86
System Langauge      : Polish
Keyboard Layout      : Polish
Processor            : X64 Procesor Intel Pentium III Xeon

System Drive         : C:\
Windows Directory    : C:\WINDOWS
System Directory     : C:\WINDOWS\system32

System Drive Type    : Fixed
System Drive Status  : READY
System Drive Label   :
System Drive Size    : 30.72 GB
System Drive Free    : 23.28 GB

Total Physical Memory: 2047 MB
Free Physical Memory : 1626 MB
Total Page File      : 2047 MB
Free Page File       : 3692 MB
Total Virtual Memory : 2048 MB
Free Virtual Memory  : 1969 MB

Boot State           : Normal boot

--------------------------------------------------------------------------------

!!! userinit.exe is Clean !!!

--------------------------------------------------------------------------------

!!! Files that have been deleted !!!

No malicious files found

--------------------------------------------------------------------------------

!!! Directories that have been removed !!!

No malicious directories to be removed

--------------------------------------------------------------------------------

!!! Registry entries that have been removed !!!

No malicious Registry entries found

================================================================================

All Done :)

ShadowPuterDude

Safe Surfing!!!

I reszta zrobiona, oprócz optymalizacji bo ona zbędna komp chodzi wystarczająco szybko..

[Okocza]

kajtekjr, jest

Autor postu otrzymał pochwałę