Zwolnienie systemu ,restarty.

**Posty:** 1451 · przez **eisu** 18 Lut 2009, 16:32

tak jak w temacie mam problemy z komputerem takie jak nagle resetowanie sie kompa,zwolnienie systemu i problemy z polaczeniem internetowym
daje log:

Kod: Zaznacz wszystko: ComboFix 09-02-17.02 - Beata 2009-02-18 14:54:50.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1250.1.1045.18.2046.1673 [GMT 1:00] Uruchomiony z: c:\documents and settings\Beata\Pulpit\ComboFix.exe AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated) . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\drivers\ntndis.sys . ---- Poprzednie uruchomienie ------- . c:\windows\system32\setup.ini D:\Autorun.inf E:\Autorun.inf [COLOR=RED] . . . jest zainfekowany!![/COLOR] [COLOR=RED] . . . jest zainfekowany!![/COLOR] [COLOR=RED] . . . jest zainfekowany!![/COLOR] [COLOR=RED] . . . jest zainfekowany!![/COLOR] [COLOR=RED] . . . jest zainfekowany!![/COLOR] [COLOR=RED] . . . jest zainfekowany!![/COLOR] . ((((((((((((((((((((((((( Pliki utworzone od 2009-01-18 do 2009-02-18 ))))))))))))))))))))))))))))))) . 2009-02-18 00:12 . 2009-02-18 00:12 <DIR> d-------- c:\program files\Kaspersky Lab 2009-02-18 00:12 . 2009-02-18 14:46 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab 2009-02-18 00:12 . 2009-02-18 15:10 2,877,984 --ahs---- c:\windows\system32\drivers\fidbox.dat 2009-02-18 00:12 . 2009-02-18 15:10 761,888 --ahs---- c:\windows\system32\drivers\fidbox2.dat 2009-02-18 00:12 . 2009-02-18 00:18 101,287 --a------ c:\windows\system32\drivers\klin.dat 2009-02-18 00:12 . 2009-02-18 00:18 89,601 --a------ c:\windows\system32\drivers\klick.dat 2009-02-18 00:12 . 2009-02-18 15:10 25,660 --ahs---- c:\windows\system32\drivers\fidbox.idx 2009-02-18 00:12 . 2009-02-18 15:10 5,780 --ahs---- c:\windows\system32\drivers\fidbox2.idx 2009-02-18 00:11 . 2009-02-18 00:11 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files 2009-02-18 00:02 . 2009-02-18 00:02 <DIR> d-------- c:\program files\nLite 2009-02-17 18:55 . 2009-02-17 18:55 <DIR> d-------- c:\program files\ZTE ZXDSL 852 2009-02-17 18:55 . 2006-06-02 19:38 425,984 -ra------ c:\windows\system32\stmcfg32.dll 2009-02-17 18:55 . 2006-06-02 12:01 151,552 -ra------ c:\windows\system32\stmctrl.dll 2009-02-17 18:54 . 2009-02-17 18:56 3,856 --a------ c:\windows\stsetup.htm 2009-02-17 18:53 . 2009-02-17 18:53 21 --a------ c:\windows\kit.ini 2009-02-17 18:51 . 2009-02-18 14:59 <DIR> d--h----- c:\documents and settings\Administrator.PRZYGODA-A47EE9.000\Ustawienia lokalne 2009-02-17 18:51 . 2009-01-13 22:22 <DIR> d-------- c:\documents and settings\Administrator.PRZYGODA-A47EE9.000\Ulubione 2009-02-17 18:51 . 2009-01-13 21:30 <DIR> d--h----- c:\documents and settings\Administrator.PRZYGODA-A47EE9.000\Szablony 2009-02-17 18:51 . 2009-01-13 22:22 <DIR> d-------- c:\documents and settings\Administrator.PRZYGODA-A47EE9.000\Pulpit 2009-02-17 18:51 . 2009-01-13 22:22 <DIR> d-------- c:\documents and settings\Administrator.PRZYGODA-A47EE9.000\Moje dokumenty 2009-02-17 18:51 . 2009-01-13 22:22 <DIR> dr------- c:\documents and settings\Administrator.PRZYGODA-A47EE9.000\Menu Start 2009-02-17 18:51 . 2009-01-13 22:22 <DIR> dr-h----- c:\documents and settings\Administrator.PRZYGODA-A47EE9.000\Dane aplikacji 2009-02-17 18:51 . 2009-02-17 18:51 <DIR> d-------- c:\documents and settings\Administrator.PRZYGODA-A47EE9.000 2009-02-16 21:55 . 2009-02-16 21:55 <DIR> d-------- c:\program files\CCleaner 2009-02-16 19:21 . 2009-02-16 19:21 <DIR> d-------- c:\documents and settings\Beata\Dane aplikacji\Media Player Classic 2009-02-16 19:16 . 2009-02-16 19:16 <DIR> d-------- c:\documents and settings\Beata\.dvdcss 2009-02-16 18:44 . 2009-02-16 18:44 <DIR> d-------- c:\program files\Winamp Toolbar 2009-02-16 18:44 . 2009-02-16 18:44 <DIR> d-------- c:\program files\Lavalys 2009-02-16 18:44 . 2009-02-16 18:44 <DIR> d-------- c:\program files\G DATA Software 2009-02-16 18:44 . 2009-02-16 18:44 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Winamp Toolbar 2009-02-16 18:42 . 2009-02-16 18:43 <DIR> d-------- c:\documents and settings\Administrator.PRZYGODA-A47EE9\Ustawienia lokalne 2009-02-16 18:42 . 2009-02-16 18:43 <DIR> d-------- c:\documents and settings\Administrator.PRZYGODA-A47EE9\Szablony 2009-02-16 18:42 . 2009-02-16 18:43 <DIR> d-------- c:\documents and settings\Administrator.PRZYGODA-A47EE9\Dane aplikacji 2009-02-16 18:42 . 2009-02-16 18:43 <DIR> d---s---- c:\documents and settings\Administrator.PRZYGODA-A47EE9 2009-02-16 17:00 . 2009-02-16 17:00 <DIR> d-------- c:\program files\Alcohol Soft 2009-02-15 23:57 . 2009-02-16 18:43 <DIR> d-------- c:\program files\NAPI-PROJEKT 2009-02-15 23:10 . 2009-02-15 23:10 <DIR> d-------- c:\program files\Ashampoo 2009-02-15 23:10 . 2009-02-15 23:10 <DIR> d-------- c:\documents and settings\Beata\Dane aplikacji\Ashampoo 2009-02-15 23:10 . 2009-02-15 23:10 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\ashampoo 2009-02-15 18:00 . 2009-02-16 18:43 <DIR> d-------- c:\program files\Nero(2) 2009-02-15 18:00 . 2009-02-16 18:43 <DIR> d-------- c:\program files\Common Files\Nero(2) 2009-02-15 17:48 . 2009-02-15 17:48 182,656 --a--c--- c:\windows\system32\dllcache\ndis.sys 2009-02-15 17:48 . 2009-02-15 17:48 616 --a------ c:\windows\system32\C8.tmp 2009-02-15 17:47 . 2009-02-16 18:43 <DIR> d-------- c:\program files\Keyfinder Advanced 2007 (Trial Version) 2009-02-15 17:45 . 2009-02-15 17:45 132 --a------ c:\windows\system32\C2.tmp 2009-02-15 13:19 . 2009-02-16 18:44 <DIR> d-------- c:\documents and settings\Administrator\Ustawienia lokalne 2009-02-15 13:19 . 2009-02-16 18:44 <DIR> d-------- c:\documents and settings\Administrator\Szablony 2009-02-15 13:19 . 2009-02-16 18:44 <DIR> d-------- c:\documents and settings\Administrator\Dane aplikacji 2009-02-15 13:19 . 2009-02-16 18:44 <DIR> d---s---- c:\documents and settings\Administrator 2009-02-15 01:26 . 2009-01-13 21:29 211 --ahs---- C:\BOOT.BKK 2009-02-15 01:17 . 2009-02-15 01:17 <DIR> d-------- c:\program files\TGTSoft 2009-02-15 01:14 . 2009-02-16 18:44 <DIR> d-------- c:\program files\KeenfinderSrch 2009-02-15 01:13 . 2009-02-16 18:44 <DIR> d-------- c:\program files\Adparatus 2009-02-15 01:12 . 2009-02-15 01:12 <DIR> d-------- c:\program files\FileSubmit 2009-02-15 00:01 . 2009-02-16 18:44 <DIR> d-------- c:\program files\TrueCrypt 2009-02-15 00:01 . 2009-02-15 00:07 <DIR> d-------- c:\documents and settings\Beata\Dane aplikacji\TrueCrypt 2009-02-14 23:19 . 2009-02-16 18:44 <DIR> d-------- c:\program files\SkanerOnline 2009-02-14 03:15 . 2001-10-26 00:40 31,776 --a------ c:\windows\system32\drivers\AFPAnsi.sys 2009-02-14 03:15 . 2001-10-22 01:24 16,803 --a------ c:\windows\system32\AFPAnsi.vxd 2009-02-14 02:56 . 2009-02-14 02:56 <DIR> d-------- c:\program files\Dziobas Rar Player 2009-02-12 21:05 . 2009-02-14 02:58 200 --a------ C:\sccfg.sys 2009-02-12 21:04 . 2009-02-13 00:06 <DIR> d-------- c:\program files\Folder Lock 2009-02-12 21:04 . 2002-12-25 09:44 380,928 --a------ c:\windows\system32\vaultskn.ocx 2009-02-12 21:04 . 2009-02-18 03:09 81,920 --a------ c:\windows\system32\FLKill.exe 2009-02-12 21:04 . 1999-04-23 22:22 20,992 --a------ c:\windows\system32\hhopen.ocx 2009-02-12 18:56 . 2009-02-12 18:56 <DIR> d-------- c:\program files\Winamp Remote 2009-02-12 18:55 . 2009-02-12 18:55 <DIR> d-------- c:\windows\system32\RTCOM 2009-02-12 18:55 . 2009-02-12 18:55 <DIR> d-------- c:\windows\system32\Lang 2009-02-12 18:55 . 2009-02-12 18:55 <DIR> d-------- c:\program files\Realtek 2009-02-12 18:54 . 2009-02-12 18:54 <DIR> d-------- c:\windows\system32\pl 2009-02-12 18:54 . 2009-02-12 18:54 <DIR> d-------- c:\windows\system32\bits 2009-02-12 18:39 . 2009-02-12 18:39 <DIR> d-------- c:\program files\MSXML 4.0 2009-02-12 18:38 . 2009-02-12 18:38 <DIR> d-------- c:\windows\system32\Samsung_USB_Drivers 2009-02-12 18:38 . 2009-02-12 18:39 <DIR> d-------- c:\windows\system32\IOSUBSYS 2009-02-12 18:37 . 2009-02-12 18:37 <DIR> d--hs---- c:\windows\ftpcache 2009-02-12 18:37 . 2009-02-12 18:48 <DIR> d-------- c:\program files\Common Files\InstallShield 2009-02-08 20:15 . 2009-02-08 20:15 <DIR> d-------- C:\games 2009-02-01 12:46 . 2009-02-15 17:48 <DIR> d-------- c:\program files\Winamp 2009-02-01 12:46 . 2009-02-12 18:56 <DIR> d-------- c:\documents and settings\Beata\Dane aplikacji\Winamp 2009-01-29 19:45 . 2009-02-12 18:56 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\OrbNetworks 2009-01-29 19:40 . 2007-03-08 00:51 129,784 --------- c:\windows\system32\pxafs.dll 2009-01-27 19:21 . 2009-01-27 19:21 940,794 --a------ c:\windows\system32\LoopyMusic.wav 2009-01-27 19:21 . 2009-01-27 19:21 146,650 --a------ c:\windows\system32\BuzzingBee.wav 2009-01-26 21:49 . 2008-04-14 18:20 221,184 --a------ c:\windows\system32\wmpns.dll 2009-01-26 21:25 . 2009-01-26 21:25 <DIR> d-------- c:\windows\l2schemas 2009-01-26 21:24 . 2009-01-26 21:24 <DIR> d-------- c:\windows\ServicePackFiles 2009-01-26 15:22 . 2009-02-14 03:00 <DIR> d-------- c:\windows\system32\pl-pl . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-18 02:10 25,600 ----a-w c:\windows\twunk_32.exe 2009-02-18 02:10 15,872 ----a-w c:\windows\TASKMAN.EXE 2009-02-18 02:08 90,112 ----a-w c:\windows\SoundMan.exe 2009-02-18 02:08 36,864 ----a-w c:\windows\slrundll.exe 2009-02-18 02:08 106,496 ----a-r c:\windows\stmtrace.exe 2009-02-18 02:08 1,814,528 ----a-w c:\windows\SkyTel.exe 2009-02-18 02:06 9,716,736 ----a-w c:\windows\RTLCPL.exe 2009-02-18 02:06 69,632 ----a-r c:\windows\DSLTest.exe 2009-02-18 02:06 475,136 ----a-w c:\windows\Radeon Omega Drivers v4.8.442 Uninstall.exe 2009-02-18 02:06 319,488 ----a-w c:\windows\HideWin.exe 2009-02-18 02:06 2,810,880 ----a-w c:\windows\alcwzrd.exe 2009-02-18 02:06 2,166,784 ----a-w c:\windows\MicCal.exe 2009-02-18 02:06 1,183,744 ----a-w c:\windows\RtlUpd.exe 2009-02-17 23:51 16,863,232 ----a-w c:\windows\RTHDCPL.exe 2009-02-17 23:51 1,035,264 ----a-w c:\windows\explorer.exe 2009-02-17 23:27 285,696 ----a-w c:\windows\winhlp32.exe 2009-02-17 23:26 73,728 ----a-w c:\windows\Alcmtr.exe 2009-02-17 23:26 70,656 ----a-w c:\windows\notepad.exe 2009-02-17 23:26 150,016 ----a-w c:\windows\regedit.exe 2009-02-17 23:26 11,264 ----a-w c:\windows\hh.exe 2009-02-17 23:18 33,808 ----a-w c:\windows\system32\drivers\klbg.sys 2009-02-17 17:53 --------- d-----w c:\program files\neostrada tp 2009-02-16 17:44 --------- d-----w c:\program files\MultiRes 2009-02-16 17:43 --------- d--h--w c:\program files\InstallShield Installation Information 2009-02-15 16:48 182,656 ----a-w c:\windows\system32\drivers\ndis.sys 2009-02-12 17:39 --------- d-----w c:\program files\Google 2009-02-12 17:39 --------- d-----w c:\program files\Common Files\Ahead 2009-02-12 17:39 --------- d-----w c:\program files\Ahead 2009-02-12 17:37 --------- d-----w c:\program files\Gadu-Gadu 2009-01-27 18:19 520,192 ----a-w c:\windows\RtlExUpd.dll 2009-01-27 18:19 4,739,072 ----a-w c:\windows\system32\drivers\RtkHDAud.sys 2009-01-15 11:43 --------- d-----w c:\documents and settings\Beata\Dane aplikacji\Ahead 2009-01-14 08:57 --------- d-----w c:\documents and settings\Beata\Dane aplikacji\Samsung 2009-01-14 08:54 --------- d-----w c:\program files\Samsung 2009-01-14 08:53 --------- d-----w c:\program files\Common Files\Adobe 2009-01-13 21:22 --------- d-----w c:\documents and settings\Beata\Dane aplikacji\Gadu-Gadu 2009-01-13 20:43 --------- d-----w c:\program files\Java 2009-01-13 20:39 --------- d-----w c:\program files\Radeon Omega Drivers 2009-01-13 20:34 --------- d-----w c:\program files\microsoft frontpage 2009-01-13 20:33 --------- d-----w c:\program files\Usługi online . ------- Sigcheck ------- 2009-02-18 03:05 14848 83117b7f3ef83dc039aa1b81be496d5b c:\windows\$NtServicePackUninstall$\svchost.exe 2009-02-18 03:07 14336 25b5758cc80f7b90232dc360601b97fb c:\windows\ServicePackFiles\i386\svchost.exe 2009-02-18 00:51 14848 4298ce1f69bc53ca77a3d55e6344590f c:\windows\system32\svchost.exe 2004-08-03 22:14 182912 1df7f42665c94b825322fae71721130d c:\windows\$NtServicePackUninstall$\ndis.sys 2008-04-13 20:20 182656 1df7f42665c94b825322fae71721130d c:\windows\ServicePackFiles\i386\ndis.sys 2009-02-15 17:48 213120 1df7f42665c94b825322fae71721130d c:\windows\system32\dllcache\ndis.sys 2009-02-15 17:48 213120 1df7f42665c94b825322fae71721130d c:\windows\system32\drivers\ndis.sys 2009-02-18 00:51 1035264 cd1234bdb57582ff80bf0084dd64ab56 c:\windows\explorer.exe 2009-02-18 03:05 1033728 8153919884de6d2661efc5a9c3de2a1e c:\windows\$NtServicePackUninstall$\explorer.exe 2009-02-18 03:06 1035264 cd1234bdb57582ff80bf0084dd64ab56 c:\windows\ServicePackFiles\i386\explorer.exe 2009-02-18 03:05 15360 dd1ded042401eba5ffbd55c87d6743f8 c:\windows\$NtServicePackUninstall$\ctfmon.exe 2009-02-18 03:06 15360 7a265752848cb16730682f39af528d47 c:\windows\ServicePackFiles\i386\ctfmon.exe 2009-02-18 00:51 15360 7a265752848cb16730682f39af528d47 c:\windows\system32\ctfmon.exe 2009-02-18 03:05 57856 d48d604e0c7006ccb76571b64e960755 c:\windows\$NtServicePackUninstall$\spoolsv.exe 2009-02-18 03:07 57856 a7ad3398d912c9bb7f38f50a52a2004a c:\windows\ServicePackFiles\i386\spoolsv.exe 2008-04-14 18:21 74752 040d768e82d56a9c3f9f944998c3a229 c:\windows\system32\spoolsv.exe 2009-02-18 03:06 25088 41bb1de28dafced1583b6e5421bcf42e c:\windows\$NtServicePackUninstall$\userinit.exe 2009-02-18 03:07 26624 4d2b2ac414b8ea377a810bdbd23a07cc c:\windows\ServicePackFiles\i386\userinit.exe 2009-02-18 00:27 27136 558752402155671189fb4bd2e7be5263 c:\windows\system32\userinit.exe . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2008-07-16 1266992] [HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1] [HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2009-02-18 15360] "Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2008-03-20 2127296] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NeroCheck"="c:\windows\system32\NeroCheck.exe" [2009-02-18 159744] "Hidder"="c:\progra~1\GDATAS~1\SEKRET~1\Hidder.exe" [2009-02-18 569344] "AtiPTA"="atiptaxx.exe" [2009-02-18 c:\windows\system32\atiptaxx.exe] "RTHDCPL"="RTHDCPL.EXE" [2009-02-18 c:\windows\RTHDCPL.exe] "AdslTaskBar"="stmctrl.dll" [2006-06-02 c:\windows\system32\stmctrl.dll] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2009-02-18 15360] [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "8461:TCP"= 8461:TCP:GoD High Port "8462:TCP"= 8462:TCP:GoD Low Port R0 AFPAnsi;G-DATA UkrywaczAnsi;c:\windows\system32\drivers\AFPAnsi.sys [2009-02-14 31776] R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 33808] R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-04-30 24592] R3 Stmatm;ATM/ADSL miniport;c:\windows\system32\drivers\stmatm.sys [2009-02-17 60255] R3 TaurusUsb;ADSL Modem USB Service;c:\windows\system32\drivers\torususb.sys [2009-02-17 684265] . . ------- Skan uzupełniający ------- . uStart Page = hxxp://www.neostrada.pl IE: &Winamp Search - c:\documents and settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 FF - ProfilePath - c:\documents and settings\Beata\Dane aplikacji\Mozilla\Firefox\Profiles\i82mr224.default\ FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query= FF - prefs.js: browser.search.selectedEngine - qtl FF - prefs.js: browser.startup.homepage - www.google.pl FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query= FF - component: c:\documents and settings\Beata\Dane aplikacji\Mozilla\Firefox\Profiles\i82mr224.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll FF - plugin: c:\program files\Java\j2re1.4.0_03\bin\NPJava11.dll FF - plugin: c:\program files\Java\j2re1.4.0_03\bin\NPJava12.dll FF - plugin: c:\program files\Java\j2re1.4.0_03\bin\NPJava13.dll FF - plugin: c:\program files\Java\j2re1.4.0_03\bin\NPJava32.dll FF - plugin: c:\program files\Java\j2re1.4.0_03\bin\NPJPI140_03.dll FF - plugin: c:\program files\Java\j2re1.4.0_03\bin\NPOJI610.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-02-18 15:12:14 Windows 5.1.2600 Dodatek Service Pack 3 NTFS detected NTDLL code modification: ZwOpenFile skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... c:\windows\hide.conf 13 bytes skanowanie pomyślnie ukończone ukryte pliki: 1 ************************************************************************** . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- - - - - - - - > 'winlogon.exe'(1024) c:\windows\system32\Ati2evxx.dll . ------------------------ Pozostałe uruchomione procesy ------------------------ . c:\windows\system32\ati2evxx.exe c:\windows\system32\ati2evxx.exe c:\windows\system32\wscntfy.exe c:\windows\system32\rundll32.exe . ************************************************************************** . Czas ukończenia: 2009-02-18 15:13:43 - komputer został uruchomiony ponownie [Beata] ComboFix-quarantined-files.txt 2009-02-18 14:13:40 Przed: 102,385,516,544 bajtów wolnych Po: 102,333,988,864 bajtów wolnych 265 --- E O F --- 2009-02-12 19:09:57

**Posty:** 8001 · przez **Okocza** 18 Lut 2009, 17:41

Wykonaj to co jest podane w tym temacie

Zastosuj SDFix . Po pobraniu uruchom go a rozpakuje się do C:\SDFix. Uruchom komputer w trybie awaryjnym (F8 przy stracie systemu). Będąc w awaryjnym uruchom plik RunThis.bat z folderu SDFixa. Zatwierdź czyszczenie przez Y. Poczekaj aż ukończy i komputer zresetuje

Potem wejdz do folderu C:\SDFix wrzuc zawartość pliku Report.txt + log z combofixa oraz daj loga z hijacka