wolny komputer

[Hemel]

Witam
Koledze komputer strasznie wolno chodzi, po jakimś czasie się wyłącza. Daje Logi:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:16:30, on 2008-05-02
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavProt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Firewall\PavFires.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\APVXDWIN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavFnSvr.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Pavkre.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\AVENGINE.EXE
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\prevsrv.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PsImSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [Speed racer] C:\Program Files\Creative\PlayCenter\CTSRReg.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_01] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User '?')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_01] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User '?')
O4 - HKUS\S-1-5-21-1085031214-484763869-1060284298-1003\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E53EA77-34F2-474E-9046-B2B0C86F1821} (OggX Control) - http://www.eska.pl/streamplayers/OggX.ocx
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Panda Firewall Service (PAVFIRES) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Firewall\PavFires.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavFnSvr.exe
O23 - Service: Panda Pavkre (Pavkre) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Pavkre.exe
O23 - Service: Panda PavProt (PavProt) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavProt.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\pavsrv51.exe
O23 - Service: Panda Preventium+ Service (PREVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\prevsrv.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software Internacional - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PsImSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 6891 bytes

[Okocza]

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

daj log z combofixa

http://www.forum.programosy.pl/jak-generujemy-logi-z-combofixa-oraz-dssa-vt95026.html

[Hemel]

A więc daje też loga z Combofixa, przepraszam za opóźnienie, ale kolega wyjechał na weekend majowy :p

ComboFix 08-05-01.1 - Matiboss 2008-05-02 14:04:28.1 - NTFSx86

Running from: C:\Documents and Settings\Matiboss\Pulpit\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\setup.ini

.
((((((((((((((((((((((((( Files Created from 2008-04-02 to 2008-05-02 )))))))))))))))))))))))))))))))
.

2008-05-02 10:16 . 2008-05-02 10:16 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-28 20:09 . 2008-04-28 20:07 14,568 --a------ C:\WINDOWS\system32\drivers\WG6N.SYS
2008-04-28 20:09 . 2008-04-28 20:07 14,568 --a------ C:\WINDOWS\system32\drivers\wg5n.SYS
2008-04-28 20:09 . 2008-04-28 20:07 14,568 --a------ C:\WINDOWS\system32\drivers\wg4n.SYS
2008-04-28 20:08 . 2008-04-29 16:39 245,760 --a------ C:\WINDOWS\system32\TpUtil.dll
2008-04-28 20:08 . 2008-04-29 16:39 208,896 --a------ C:\WINDOWS\system32\PavSHook.dll
2008-04-28 19:52 . 2008-04-28 20:01 784 ---h----- C:\PANDA.RPT
2008-04-28 19:28 . 2008-05-02 13:50 80 --a------ C:\WINDOWS\system32\drivers\netfltConfig.dat
2008-04-28 19:24 . 2008-04-29 16:39 71,424 --a------ C:\WINDOWS\system32\drivers\pavdrv51.sys
2008-04-28 19:23 . 2008-04-28 19:23 <DIR> d-------- C:\Program Files\Panda Software
2008-04-28 19:22 . 2008-04-28 19:22 <DIR> d-------- C:\Program Files\Common Files\Panda Software
2008-04-28 19:22 . 2008-04-29 16:39 163,856 --a------ C:\WINDOWS\system32\drivers\PavProc.sys
2008-04-28 19:22 . 2008-04-29 16:39 26,752 --a------ C:\WINDOWS\system32\drivers\ShldDrv.sys
2008-04-28 19:02 . 2008-04-28 19:02 <DIR> d--hs---- C:\found.002
2008-04-28 16:19 . 2008-04-28 16:19 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files
2008-04-23 17:40 . 2008-04-23 17:40 <DIR> d--hs---- C:\found.001
2008-04-17 17:25 . 2006-08-23 09:01 8,576 --a------ C:\WINDOWS\system32\drivers\hidgame.sys
2008-04-17 17:25 . 2006-08-23 09:01 8,576 --a--c--- C:\WINDOWS\system32\dllcache\hidgame.sys
2008-04-16 20:28 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2008-04-03 20:34 . 2008-04-03 20:36 <DIR> d-------- C:\Program Files\Deutsch Translator 2
2008-04-03 17:35 . 2008-04-03 17:35 <DIR> d--hs---- C:\found.000

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-02 09:22 --------- d-----w C:\Documents and Settings\Matiboss\Dane aplikacji\foobar2000
2008-04-29 14:39 98,304 ----a-w C:\WINDOWS\system32\pavipc.dll
2008-04-28 18:07 60,496 ----a-w C:\WINDOWS\system32\drivers\TEEFER.SYS
2008-04-28 18:07 21,075 ----a-w C:\WINDOWS\system32\drivers\WPSDRVNT.SYS
2008-04-28 18:07 14,568 ----a-w C:\WINDOWS\system32\drivers\WG3N.SYS
2008-04-28 18:07 102,400 ----a-w C:\WINDOWS\system32\systools.dll
2008-04-28 17:23 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-24 18:39 --------- d-----w C:\Program Files\BearShare
2008-04-07 17:46 --------- d-----w C:\Program Files\Gadu-Gadu
2008-04-05 19:50 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\PC Suite
2008-03-29 12:32 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-29 11:35 102,400 ----a-w C:\WINDOWS\DUMP33f3.tmp
2008-03-29 11:34 102,400 ----a-w C:\WINDOWS\DUMP341b.tmp
2008-03-27 20:51 --------- d-----w C:\Program Files\PC Drivers HeadQuarters
2008-03-27 20:51 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\PC Drivers HeadQuarters
2008-03-27 20:11 102,400 ----a-w C:\WINDOWS\DUMP3bb1.tmp
2008-03-20 08:01 1,846,144 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-12 12:13 --------- d-----w C:\Program Files\Creative
2008-03-10 21:11 --------- d-----w C:\Program Files\Musicnotes
2008-03-10 21:11 --------- d-----w C:\Documents and Settings\Matiboss\Dane aplikacji\Sibelius Software
2008-03-10 21:06 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Musicnotes
2008-03-10 18:36 --------- d-----w C:\Program Files\SlowView
2008-03-10 18:36 --------- d-----w C:\Program Files\GameSpy Arcade
2008-03-10 18:36 --------- d-----w C:\Documents and Settings\Matiboss\Dane aplikacji\Nokia
2008-03-10 18:35 --------- d-----w C:\Program Files\FlexSoft
2008-03-07 21:58 --------- d-----w C:\Program Files\Uniblue
2008-03-07 21:58 --------- d-----w C:\Documents and Settings\Matiboss\Dane aplikacji\Uniblue
2008-03-07 14:44 91,136 ----a-w C:\WINDOWS\system32\1E4.tmp
2008-03-07 14:43 --------- d-----w C:\Program Files\Winamp
2008-03-07 14:43 --------- d-----w C:\Program Files\PC Connectivity Solution
2008-03-07 14:43 --------- d-----w C:\Program Files\D-Tools
2008-03-07 14:42 --------- d-----w C:\Program Files\Google
2008-03-07 14:41 --------- d-----w C:\Program Files\foobar2000
2008-02-20 18:53 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 06:53 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-16 09:32 668,672 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-09 16:49 32 ----a-w C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44 15360]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-11-14 12:54 2131392]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-07 03:55 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2006-08-23 09:08 65536 C:\WINDOWS\SOUNDMAN.EXE]
"WINDVDPatch"="CTHELPER.EXE" [2002-07-02 18:56 24576 C:\WINDOWS\system32\CTHELPER.EXE]
"AdslTaskBar"="stmctrl.dll" [2006-06-02 13:01 151552 C:\WINDOWS\system32\stmctrl.dll]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 18:05 81920]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 16:10 271360]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 21:24 32768]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2004-12-20 20:41 33792]
"BearShare"="C:\Program Files\BearShare\BearShare.exe" [ ]
"Speed racer"="C:\Program Files\Creative\PlayCenter\CTSRReg.exe" [1999-11-16 02:00 5632]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 14:06 40048]
"APVXDWIN"="C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\APVXDWIN.exe" [2005-03-31 20:08 315392]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:44 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 11:17 1241088]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i263_32.drv
"vidc.3iv2"= 3ivxVfWCodec.dll
"msacm.divxa32"= divxa32.acm
"VIDC.HFYU"= huffyuv.dll
"VIDC.i263"= i263_32.drv
"msacm.imc"= imc32.acm
"VIDC.VP31"= vp31vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Gadu-Gadu\\gg.exe"=
"C:\\Program Files\\K-Lite Codec Pack\\Media Player Classic\\mplayerc.exe"=
"C:\\Documents and Settings\\All Users\\Dane aplikacji\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 7.0.1.325\\Polish\\setup.exe"=


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bdc89a95-af28-11dc-84c9-000ae6a7bc82}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cc133120-b4b1-11dc-84dd-000ae6a7bc82}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d7f12a40-0bc6-11dd-af28-000ae6a7bc82}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d7f12a41-0bc6-11dd-af28-000ae6a7bc82}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f4cc8a20-ab32-11dc-84ba-000ae6a7bc82}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

*Newly Created Service* - CATCHME
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-02 14:12:36
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

detected NTDLL code modification:
ZwEnumerateKey, ZwQueryKey, ZwOpenKey, ZwClose, ZwEnumerateValueKey, ZwQueryValueKey, ZwOpenFile

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-05-02 14:17:00
ComboFix-quarantined-files.txt 2008-05-02 12:16:48

Pre-Run: 11,832,463,360 bajtów wolnych
Post-Run: 12,039,217,152 bajtów wolnych

143

[wojtas]

Otworz notatnik i wklej w nim to:

File::
C:\WINDOWS\system32\1E4.tmp
C:\WINDOWS\DUMP3bb1.tmp
C:\WINDOWS\DUMP341b.tmp
C:\WINDOWS\DUMP33f3.tmp

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bdc89a95-af28-11dc-84c9-000ae6a7bc82}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cc133120-b4b1-11dc-84dd-000ae6a7bc82}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d7f12a40-0bc6-11dd-af28-000ae6a7bc82}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d7f12a41-0bc6-11dd-af28-000ae6a7bc82}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f4cc8a20-ab32-11dc-84ba-000ae6a7bc82}]

Plik >>> zapisz jako CFScript.txt .Plik przeciągnij i upuść na ikonę ComboFixa (tak jak tu ) . odczekaj az wygeneruje sie nowy log i go daj na forum