Wirusy i niedzialajacy menadzer urzadzen.

**Posty:** 3 · przez **coolkidofdeath** 19 Sie 2009, 10:54

wczoraj kiedy chcialam wejsc w pewna strone wyswietlil mi sie komunikat o 26 trojanach a zaraz po tym sciagnelam jakis program windows protection suite, za ktory jak sie potem okazalo trzeba placic. chyba nie mam zadnego antywirusa, dodam ze chcialam wylaczyc ten WPS ale menadzer zadan rowniez mi nie dziala. Co mam zrobic?

**Posty:** 8001 · przez **Okocza** 19 Sie 2009, 10:55

coolkidofdeath, daj log z combofixa tagi 'code'

**Posty:** 3 · przez **coolkidofdeath** 19 Sie 2009, 10:57

słucham? :O nie zapominaj ze ja jestem ciemna jesli chodzi o komputery.

**Posty:** 8001 · przez **Okocza** 19 Sie 2009, 10:59

http://www.searchengines.pl/index.php?showtopic=86306&st=0&p=395642&#entry395642

stosujesz się do tych zasad, na koniec wklejasz log w tagach code

**Posty:** 3 · przez **coolkidofdeath** 19 Sie 2009, 11:47

Kod: Zaznacz wszystko: ComboFix 09-08-18.01 - AdamNiksa 2009-08-19 11:20.1.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1250.48.1045.18.255.101 [GMT 2:00] Uruchomiony z: c:\documents and settings\AdamNiksa\Pulpit\ComboFix.exe AV: Windows Protection Suite *On-access scanning enabled* (Updated) {9D817A32-7F3B-413A-89F1-114464002670} FW: Windows Protection Suite *enabled* {03A54DEE-4E7E-4F3F-BA34-4EC82D893A33} . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\$recycle.bin\S-1-5-21-2785333214-2973966627-1153503454-1000 c:\documents and settings\AdamNiksa\Dane aplikacji\Microsoft\Internet Explorer\Quick Launch\Windows Protection Suite.lnk c:\documents and settings\AdamNiksa\Menu Start\Programy\Outerinfo c:\documents and settings\AdamNiksa\Menu Start\Programy\Outerinfo\Terms.lnk c:\documents and settings\AdamNiksa\Menu Start\Programy\Outerinfo\Uninstall.lnk c:\documents and settings\AdamNiksa\Menu Start\Programy\Windows Protection Suite.lnk c:\documents and settings\AdamNiksa\Menu Start\Windows Protection Suite.lnk c:\documents and settings\AdamNiksa\Menu Start\WinPC Defender.LNK c:\documents and settings\AdamNiksa\Pulpit\WinPC Defender.LNK c:\documents and settings\All Users.KARINA\Dane aplikacji\cc2d94a c:\documents and settings\All Users.KARINA\Dane aplikacji\cc2d94a\71.mof c:\documents and settings\All Users.KARINA\Dane aplikacji\cc2d94a\BackUp\Ralink Wireless Utility.lnk c:\documents and settings\All Users.KARINA\Dane aplikacji\cc2d94a\WIcc2d.exe c:\documents and settings\All Users.KARINA\Dane aplikacji\cc2d94a\WINPS.ico c:\documents and settings\All Users.KARINA\Dane aplikacji\cc2d94a\WINSPSys\vd952342.bd c:\documents and settings\All Users.KARINA\Dane aplikacji\WINSPSys c:\documents and settings\All Users.KARINA\Dane aplikacji\WINSPSys\winps.cfg c:\program files\Common Files\ecurit~1 c:\program files\Common Files\mbols~1 c:\program files\Common Files\Yazzle1122OinUninstaller.exe c:\program files\inetget2 c:\program files\outerinfo c:\program files\outerinfo\outerinfo.ico c:\program files\outerinfo\Terms.rtf c:\recycler\S-1-5-21-2052111302-884357618-725345543-1004 c:\windows\Installer\146cbfe.msi c:\windows\Installer\146cc04.msi c:\windows\Installer\146cc0a.msi c:\windows\Installer\146cc10.msi c:\windows\Installer\146cc14.msi c:\windows\Installer\14df1.msi c:\windows\Installer\2097bc8.msi c:\windows\Installer\312296.msi c:\windows\Installer\47772d.msi c:\windows\Installer\4d1add.msi c:\windows\Installer\69454c.msi c:\windows\Installer\91f47.msi c:\windows\Installer\b4b4.msi c:\windows\Installer\b5728.msi c:\windows\Installer\be28ed.msi c:\windows\KARINA\dobe~1 c:\windows\KARINA\system32\uacinit.dll c:\windows\KARINA\system32\wintsvtr.exe c:\windows\KARINA\wr.txt Zainfekowana kopia c:\windows\KARINA\system32\mspmsnsv.dll została znaleziona. Problem naprawiono Plik odzyskano z - c:\windows\KARINA\system32\dllcache\MsPMSNSv.dll . ((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_UACd.sys -------\Service_UACd.sys ((((((((((((((((((((((((( Pliki utworzone od 2009-07-19 do 2009-08-19 ))))))))))))))))))))))))))))))) . 2009-07-27 16:35 . 2009-07-27 16:35 -------- d-----w- C:\Załacznik 2009-07-22 20:02 . 2009-07-22 20:02 -------- d-sh--w- c:\documents and settings\AdamNiksa\PrivacIE 2009-07-22 20:00 . 2009-07-22 20:00 -------- d-sh--w- c:\documents and settings\AdamNiksa\IETldCache 2009-07-22 19:57 . 2009-07-22 19:57 -------- d-----w- c:\windows\KARINA\ie8updates 2009-07-22 19:54 . 2009-07-22 19:56 -------- dc-h--w- c:\windows\KARINA\ie8 2009-07-22 19:54 . 2009-07-22 19:56 -------- d-----w- c:\windows\KARINA\system32\pl-PL 2009-07-22 19:50 . 2009-07-01 07:08 101376 -c----w- c:\windows\KARINA\system32\dllcache\iecompat.dll 2009-07-22 19:48 . 2009-04-30 21:17 12800 -c----w- c:\windows\KARINA\system32\dllcache\xpshims.dll 2009-07-22 19:48 . 2009-04-30 21:17 246272 -c----w- c:\windows\KARINA\system32\dllcache\ieproxy.dll 2009-07-22 19:48 . 2009-04-30 21:17 1985024 -c----w- c:\windows\KARINA\system32\dllcache\iertutil.dll 2009-07-22 19:48 . 2009-04-30 21:17 11064832 -c----w- c:\windows\KARINA\system32\dllcache\ieframe.dll . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-08-19 07:12 . 2009-07-12 17:43 -------- d-----w- c:\documents and settings\AdamNiksa\Dane aplikacji\Winamp 2009-08-18 16:09 . 2007-12-11 09:53 -------- d-----w- c:\program files\Windows Live Toolbar 2009-08-18 16:04 . 2006-12-12 21:37 -------- d-----w- c:\program files\Winamp 2009-08-14 16:05 . 2009-03-20 20:03 -------- d-----w- c:\program files\Common Files\Symantec Shared 2009-07-28 15:41 . 2008-02-08 15:32 -------- d-----w- c:\documents and settings\AdamNiksa\Dane aplikacji\GanymedeNet 2009-07-28 14:59 . 2008-03-12 17:46 -------- d-----w- c:\program files\Ganymede 2009-07-20 17:27 . 2009-05-16 15:24 -------- d-----w- c:\program files\ToggleEN 2009-07-19 16:05 . 2009-07-19 16:05 -------- d-----w- c:\documents and settings\All Users.KARINA\Dane aplikacji\Norton 2009-07-19 16:05 . 2009-03-20 20:03 -------- d-----w- c:\program files\Norton Security Scan 2009-07-19 16:04 . 2009-07-19 16:04 -------- d-----w- c:\documents and settings\All Users.KARINA\Dane aplikacji\Symantec 2009-07-19 16:04 . 2009-07-19 16:04 -------- d-----w- c:\program files\NortonInstaller 2009-07-19 16:04 . 2009-07-19 16:04 -------- d-----w- c:\documents and settings\All Users.KARINA\Dane aplikacji\NortonInstaller 2009-07-18 18:53 . 2006-12-15 16:36 -------- d-----w- c:\program files\GameSpy Arcade 2009-07-12 17:49 . 2009-07-12 11:45 683801 ----a-w- c:\documents and settings\All Users.KARINA\Dane aplikacji\Last.fm\Client\UninstWA\unins000.exe 2009-07-12 11:45 . 2009-07-12 11:45 193 ----a-w- c:\documents and settings\All Users.KARINA\Dane aplikacji\Last.fm\Client\uninst2.bat 2009-07-12 11:45 . 2009-07-12 11:45 683801 ----a-w- c:\documents and settings\All Users.KARINA\Dane aplikacji\Last.fm\Client\UninstWMP\unins000.exe 2009-07-12 11:45 . 2009-07-12 11:45 -------- d-----w- c:\documents and settings\All Users.KARINA\Dane aplikacji\Last.fm 2009-07-06 17:47 . 2009-05-23 17:48 -------- d-----w- c:\program files\Free_Lunch_Design 2009-06-24 11:52 . 2009-04-29 12:35 -------- d-----w- c:\documents and settings\AdamNiksa\Dane aplikacji\Skype 2009-06-24 11:42 . 2009-04-22 12:34 -------- d-----w- c:\documents and settings\AdamNiksa\Dane aplikacji\skypePM 2008-01-11 19:45 . 2008-01-11 19:45 3584 -csha-w- c:\program files\Common Files\Thumbs.db 2007-04-10 10:29 . 2007-02-23 15:06 766 -c--a-w- c:\program files\Common Files\sms.ico 2007-04-10 10:29 . 2007-02-23 15:06 70 -c--a-w- c:\program files\Common Files\moje.js . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{ecdee021-0d17-467f-a1ff-c7a115230949}"= "c:\program files\free-downloads.net\tbfree.dll" [2008-02-14 1555480] "{038cb5c7-48ea-4af9-94e0-a1646542e62b}"= "c:\program files\ToggleEN\tbTog0.dll" [2009-07-20 2215960] "{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}"= "c:\program files\Free_Lunch_Design\tbFre0.dll" [2009-07-06 2215960] [HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}] [HKEY_CLASSES_ROOT\clsid\{038cb5c7-48ea-4af9-94e0-a1646542e62b}] [HKEY_CLASSES_ROOT\clsid\{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{038cb5c7-48ea-4af9-94e0-a1646542e62b}] 2009-07-20 17:30 2215960 ----a-w- c:\program files\ToggleEN\tbTog0.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}] 2009-07-06 17:48 2215960 ----a-w- c:\program files\Free_Lunch_Design\tbFre0.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}] 2008-02-14 12:54 1555480 ----a-w- c:\program files\free-downloads.net\tbfree.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{ecdee021-0d17-467f-a1ff-c7a115230949}"= "c:\program files\free-downloads.net\tbfree.dll" [2008-02-14 1555480] "{038cb5c7-48ea-4af9-94e0-a1646542e62b}"= "c:\program files\ToggleEN\tbTog0.dll" [2009-07-20 2215960] "{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}"= "c:\program files\Free_Lunch_Design\tbFre0.dll" [2009-07-06 2215960] [HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}] [HKEY_CLASSES_ROOT\clsid\{038cb5c7-48ea-4af9-94e0-a1646542e62b}] [HKEY_CLASSES_ROOT\clsid\{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{ECDEE021-0D17-467F-A1FF-C7A115230949}"= "c:\program files\free-downloads.net\tbfree.dll" [2008-02-14 1555480] "{038CB5C7-48EA-4AF9-94E0-A1646542E62B}"= "c:\program files\ToggleEN\tbTog0.dll" [2009-07-20 2215960] "{57CC715D-37CA-44E4-9EC2-8C2CBDDB25EC}"= "c:\program files\Free_Lunch_Design\tbFre0.dll" [2009-07-06 2215960] [HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}] [HKEY_CLASSES_ROOT\clsid\{038cb5c7-48ea-4af9-94e0-a1646542e62b}] [HKEY_CLASSES_ROOT\clsid\{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2006-11-14 1849032] "ares"="c:\program files\Ares\Ares.exe" [2007-01-22 985088] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-18 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 339968] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-08 148888] "Adobe Reader Speed Launcher"="d:\reader\Reader_sl.exe" [2008-06-12 34672] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-07-01 37888] "SoundMan"="SOUNDMAN.EXE" - c:\windows\KARINA\SOUNDMAN.EXE [2004-05-14 67072] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\KARINA\system32\CTFMON.EXE" [2004-08-04 15360] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264] c:\documents and settings\All Users.KARINA\Menu Start\Programy\Autostart\ Ralink Wireless Utility.lnk - c:\windows\KARINA\RaUI.exe [2008-2-18 598016] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Ares\\Ares.exe"= "c:\\Program Files\\Gadu-Gadu\\gg.exe"= "d:\\MOHAA.EXE"= "c:\\Program Files\\GameSpy Arcade\\Aphex.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "d:\\SiSoftware Sandra Lite 2007\\sandra.exe"= "d:\\SiSoftware Sandra Lite 2007\\RpcSandraSrv.exe"= "d:\\SiSoftware Sandra Lite 2007\\Win32\\RpcDataSrv.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\WINDOWS\\KARINA\\system32\\dpvsetup.exe"= "c:\\Program Files\\Java\\jre6\\bin\\java.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "8461:TCP"= 8461:TCP:GoD High Port "8462:TCP"= 8462:TCP:GoD Low Port R3 EuMusDesignVirtualAudioCableWdm_s2x;Sound2x Audio Cable (WDM);c:\windows\KARINA\system32\drivers\vacs2xkd.sys [2008-06-21 42880] S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\KARINA\system32\drivers\ASPI32.SYS [2008-06-21 16512] S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2006-12-12 29744] S3 kvpndev;Kerio VPN adapter;c:\windows\KARINA\system32\drivers\kvpndrv.sys [2008-06-24 65024] S3 kwflower;Kerio WinRoute Firewall Driver - Lower Layer;c:\windows\KARINA\system32\DRIVERS\kwflower.sys --> c:\windows\KARINA\system32\DRIVERS\kwflower.sys [?] S3 RT2400;RT2400 Wireless Driver;c:\windows\KARINA\system32\drivers\RT2400.sys [2007-02-03 51712] --- Inne Usługi/Sterowniki w Pamięci --- *NewlyCreated* - TCPIP_PATCHER *Deregistered* - tcpip_patcher [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\KARINA\system32\rundll32.exe" "c:\windows\KARINA\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Zawartość folderu 'Zaplanowane zadania' 2009-07-23 c:\windows\KARINA\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-01-10 13:42] 2009-08-16 c:\windows\KARINA\Tasks\Norton Security Scan for AdamNiksa.job - c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.3.0.44\Nss.exe [2009-07-19 16:05] . - - - - USUNIĘTO PUSTE WPISY - - - - BHO-{6ADFA0BE-672F-39F2-7A77-3CB60C4AF3B9} - (no file) BHO-{94277D1C-E8AB-9009-D8AE-E1ABA90253C3} - (no file) HKCU-Run-sysav - c:\documents and settings\AdamNiksa\Dane aplikacji\pcdefender.exe HKCU-Run-Windows Protection Suite - c:\documents and settings\All Users.KARINA\Dane aplikacji\cc2d94a\WIcc2d.exe . ------- Skan uzupełniający ------- . uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2077543 uInternet Settings,ProxyServer = 152.15.98.227:3128 uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: {{215940F1-E7E0-4801-BEE3-44D045534106} - c:\program files\Common Files\moje.js TCP: {57D79FA2-A01A-4F1B-A639-DBA423A9D6EB} = 193.238.171.10,193.238.171.2 DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} - hxxp://67.15.101.33/g_bin/pl/snooker_2_0_0_35.cab . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-08-19 11:31 Windows 5.1.2600 Dodatek Service Pack 2 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\KARINA\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32] @="c:\\WINDOWS\\KARINA\\system32\\Macromed\\Flash\\FlashUtil10c.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}] @Denied: (A 2) (Everyone) @="IFlashBroker3" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*] "OODEFRAG10.00.00.01WORKSTATION"="F6254D981F70306208723C3CFE1864C46F89B60E2ED6957A432B6F22F6B952AA244E04151ABDF7DF892DD58D46DB6ADAE4E6AA51E53BA6E613AC22E32FDD1DC41AFC013E156EDA2BBCF9378AF7128B49573ED2FD354FC16613D3ADB4FB09168A672D702973FC923965B46C333BE26D3DDDEDBA1DA90E1A8051A1B5446C239F79AA1DB7CDEDE2CBA2D67E35668BFBAB88A2969D96A3F2D560E9579325E71E8CB6984FEA090C20A824FB3A046B388CD121641D6C3B5682105412FB55D0A76A2609F90D569AAD3A3D20D01002EAE5CAE42174ABCB3C4C40D8CF90583D9FB97F275DA95EF6A887B5FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6A0AC4980AC7933FEBC9E127BECC74C8EDD5E5BE2F6E6676907069F705751D23DB65D429BFA438640480D63F7186D2CE399EF3161776D07106DB7120D1CC5FDC59874A916B083AB84BB6666C915336D888D1698D0E7318FDC34CEAB2329BD002F33D55B4BF36395816283087BB9B46AA9F81E13F016D0BB94298B4E2CB43EE4EA4C54F7F1418F657B98EDCC9E69E1F574EFE3A450F0A02FF3B9C2A05554A0C2E3C8D6E8F37785BDA4DE427FFCEE7EE20AADDA17344CC90EA977590C000393AD75B75B5870DC9846275BB3281277A00B0290097795DC4803D89B4C3FC2221942EDC5F1B5B8196F2B21D5059A8C95B64AE5190996A0BF6EBB9800AA2DE5F3869D934ABD345638051BA03C10E7CFBC7E02B26D090A36EF5FE8F224970AE69F85639DB9794A002B27CAAD1EC3EA73480C975B58C9A9E8D2944168A94AD0F7B094B8B6B26EB327467AF0BFB1203EC3734871C5C7A394832CDAFCE9D80DC0FE17044A0174FE6FEC41F3C944CE3A42BF61ECFDCC4B7F2A0328525B619BC0D914A57B450FE19E41A8B95F959BF2BB1B1A178C2D3D1CDC111555F09C2701D7650715735DE904D5AFE2AF5B179BBE62323BFC88F2D812CD32A025FE870CBCD96A567E39490D064106DC07D9160E77FEB13FE11A4A572CF6B9BC6D98E452A562383A62F04268B710D2080823DDAE86760BF4F64CAD600B151AB76AAF03B0359F619B258D88DF0E076A8960D03FAE77437160D0FD1E15F5740711398734538B563C168CDA5D4C9FFEE33E9ED18CB27BF05EB8E8E52184D6F7FA7CDCBA4C58EB5CE17D45F509F829641934B8E99E55E8228DE89D09BFB6B995B1E23BB4A652BB1EB157DDD054270BB6A9AB062ED022B68BFD112FC38424D1D8AD621FB69FC9871A4C5B4A300F08C70A7A9D440B811A83777405C3C602BBF5DE33C9B7D51A397D63197862AF8B468707AFB4133E95B38FC079CBE595CB601E5ACB1F957AF98E6FA1C1CF5F3BA0FD186AB74D75DA75D63EDAD9A100087B6669914598AFE02B2E5691B4376316A93DE6" . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- - - - - - - - > 'winlogon.exe'(748) c:\windows\KARINA\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(2384) c:\windows\KARINA\system32\WININET.dll c:\windows\KARINA\system32\webcheck.dll c:\windows\KARINA\system32\browselc.dll c:\program files\free-downloads.net\tbfree.dll c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.POL . ------------------------ Pozostałe uruchomione procesy ------------------------ . c:\windows\KARINA\system32\ati2evxx.exe c:\windows\KARINA\system32\ati2evxx.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\KARINA\system32\oodag.exe c:\windows\KARINA\system32\wdfmgr.exe c:\program files\Internet Explorer\iexplore.exe c:\program files\Internet Explorer\iexplore.exe c:\program files\Internet Explorer\iexplore.exe c:\program files\Internet Explorer\iexplore.exe . ************************************************************************** . Czas ukończenia: 2009-08-19 11:35 - komputer został uruchomiony ponownie ComboFix-quarantined-files.txt 2009-08-19 09:35 Przed: 2 271 526 912 bajtów wolnych Po: 3 970 080 768 bajtów wolnych WindowsXP-KB310994-SP2-Home-BootDisk-PLK.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS\KARINA [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS\KARINA="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect 272 --- E O F --- 2009-03-11 08:40

**Posty:** 8001 · przez **Okocza** 19 Sie 2009, 11:55

coolkidofdeath, log jest czysty, powinno być lepiej już.

**Posty:** 14516 · przez **ToServeAndProtect** 19 Sie 2009, 11:58

jeżeli pisałaś że nie masz antywirusa to polecam coś zainstalować. tylko broń Boże nie avasta. jest wiele bardzo dobrych alternatywnych i darmowych rozwiązań

Kto jest na forum