Amvo.exe - mam loga, jak usunac?


(Afros88) #1

Oto moj log z ComboFixa :slight_smile: czy moglby mi ktos powiedziec jak usunac trojana? Z gory dziekuje :slight_smile:

ComboFix 08-04-29.3 - Tomek 2008-04-30 16:02:43.6 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1250.1.1045.18.1137 [GMT 2:00]

Running from: C:\ComboFix.exe

* Created a new restore point

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Windows\system32\amvo.exe

.

((((((((((((((((((((((((( Files Created from 2008-03-28 to 2008-04-30 )))))))))))))))))))))))))))))))

.

2008-04-30 10:54 . 2008-04-30 10:54

2008-04-30 10:54 . 2008-04-30 10:54

2008-04-30 10:50 . 2008-04-30 10:50

2008-04-30 10:50 . 2008-04-30 10:50

2008-04-30 10:49 . 2008-04-30 10:53

2008-04-30 10:36 . 2008-04-30 10:36

2008-04-17 21:49 . 2008-04-17 21:49

2008-04-17 21:46 . 2008-04-17 21:46

2008-04-17 21:44 . 2008-04-17 21:48

2008-04-17 21:41 . 2006-12-15 18:19 258,048 --a------ C:\Windows\System32\hpzids01.dll

2008-04-17 21:41 . 2006-12-30 15:49 117,760 --a------ C:\Windows\System32\hpzll4v2.dll

2008-04-17 21:40 . 2008-04-17 21:49 140,753 --a------ C:\Windows\HPHins13.dat

2008-04-17 21:40 . 2007-01-22 18:05 2,977 --------- C:\Windows\hphmdl13.dat

2008-04-14 12:06 . 2008-04-14 13:11

2008-04-02 12:51 . 2008-04-02 12:51

2008-03-25 21:58 . 2008-04-01 16:05

2008-03-25 21:57 . 1998-10-07 13:54 327,168 --a------ C:\Windows\IsUn0415.exe

2008-03-25 14:22 . 2008-03-25 14:28

2008-03-25 12:58 . 2008-03-25 13:01

2008-03-25 12:58 . 1999-04-23 23:22 151,552 --a------ C:\Windows\System32\MSOSS.DLL

2008-03-25 12:56 . 2008-03-25 12:56

2008-03-25 12:50 . 2008-03-25 12:50 717,296 --a------ C:\Windows\System32\drivers\sptd.sys

2008-03-25 12:49 . 2008-03-25 12:49

2008-03-23 18:50 . 2008-03-23 18:50 0 --a------ C:\Windows\PowerReg.dat

2008-03-23 18:32 . 2008-03-23 18:56

2008-03-22 00:59 . 2007-03-12 17:42 3,495,784 --a------ C:\Windows\System32\d3dx9_33.dll

2008-03-22 00:55 . 2008-03-22 00:58

2008-03-22 00:47 . 2008-04-17 22:20

2008-03-22 00:47 . 2008-04-17 22:19

2008-03-21 20:20 . 2008-03-21 20:20 4,096 --a------ C:\Windows\d3dx.dat

2008-03-21 18:53 . 2008-03-25 13:03 21,840 --a----t- C:\Windows\System32\SIntfNT.dll

2008-03-21 18:53 . 2008-03-25 13:03 17,212 --a----t- C:\Windows\System32\SIntf32.dll

2008-03-21 18:53 . 2008-03-25 13:03 12,067 --a----t- C:\Windows\System32\SIntf16.dll

2008-03-21 16:07 . 2008-03-21 16:07

2008-03-14 19:38 . 2000-08-08 13:31 254,224 --a------ C:\Windows\System32\drmclien.dll

2008-03-14 01:39 . 2008-03-14 01:39

2008-03-13 23:58 . 2008-03-14 00:03

2008-03-11 16:14 . 2008-03-11 16:14

2008-03-01 20:21 . 2008-03-01 20:21

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-04-30 13:59 1,779,787 ----a-w C:\ComboFix.exe

2008-04-30 10:02 27,335 ----a-w C:\Users\Tomek\AppData\Roaming\nvModes.dat

2008-04-30 08:49 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-04-30 08:30 --------- d-----w C:\Users\Tomek\AppData\Roaming\uTorrent

2008-04-17 19:48 --------- d-----w C:\Program Files\Hewlett-Packard

2008-04-17 19:46 --------- d-----w C:\Program Files\HP

2008-04-17 19:42 --------- d-----w C:\ProgramData\Hewlett-Packard

2008-04-01 14:05 --------- d-----w C:\Program Files\Na Kłopoty Pantera

2008-03-29 17:32 50,768 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys

2008-03-05 15:03 479,752 ----a-w C:\Windows\System32\XAudio2_0.dll

2008-03-05 15:03 238,088 ----a-w C:\Windows\System32\xactengine3_0.dll

2008-03-05 15:00 25,608 ----a-w C:\Windows\System32\X3DAudio1_3.dll

2008-03-05 14:56 3,786,760 ----a-w C:\Windows\System32\D3DX9_37.dll

2008-03-05 14:56 1,420,824 ----a-w C:\Windows\System32\D3DCompiler_37.dll

2008-03-01 09:42 --------- d-----w C:\Program Files\Java

2008-02-29 04:14 223,744 ----a-w C:\Windows\System32\b4fm.dll

2008-02-15 23:26 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr

2008-02-15 23:26 67,584 ----a-w C:\Windows\System32\wlanhlp.dll

2008-02-15 23:26 542,720 ----a-w C:\Windows\System32\sysmain.dll

2008-02-15 23:26 502,784 ----a-w C:\Windows\System32\wlansvc.dll

2008-02-15 23:26 47,104 ----a-w C:\Windows\System32\wlanapi.dll

2008-02-15 23:26 299,008 ----a-w C:\Windows\System32\wlansec.dll

2008-02-15 23:26 289,280 ----a-w C:\Windows\System32\wlanmsm.dll

2008-02-15 23:26 24,064 ----a-w C:\Windows\System32\wtsapi32.dll

2008-02-15 23:26 2,923,520 ----a-w C:\Windows\explorer.exe

2008-02-15 23:26 2,027,008 ----a-w C:\Windows\System32\win32k.sys

2008-02-15 23:25 194,560 ----a-w C:\Windows\System32\WebClnt.dll

2008-02-15 22:05 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL

2008-02-15 22:05 7,680 ----a-w C:\Windows\System32\spwmp.dll

2008-02-15 22:04 8,704 ----a-w C:\Windows\System32\hcrstco.dll

2008-02-15 22:04 8,704 ----a-w C:\Windows\System32\hccoin.dll

2008-02-15 22:04 4,096 ----a-w C:\Windows\System32\dxmasf.dll

2008-02-15 22:04 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll

2008-02-15 22:04 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe

2008-02-15 22:04 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe

2008-02-15 22:02 84,480 ----a-w C:\Windows\System32\INETRES.dll

2008-02-15 22:02 737,792 ----a-w C:\Windows\System32\inetcomm.dll

2008-02-15 22:02 11,776 ----a-w C:\Windows\System32\sbunattend.exe

2008-02-15 22:01 788,992 ----a-w C:\Windows\System32\rpcrt4.dll

2008-02-15 21:59 2,048 ----a-w C:\Windows\System32\tzres.dll

2008-02-15 21:57 824,832 ----a-w C:\Windows\System32\wininet.dll

2008-02-15 21:57 56,320 ----a-w C:\Windows\System32\iesetup.dll

2008-02-15 21:57 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll

2008-02-15 21:57 26,624 ----a-w C:\Windows\System32\ieUnatt.exe

2008-02-15 21:56 1,244,672 ----a-w C:\Windows\System32\mcmde.dll

2008-02-15 21:38 53,080 ----a-w C:\Windows\System32\wuauclt.exe

2008-02-15 21:38 43,352 ----a-w C:\Windows\System32\wups2.dll

2008-02-15 21:38 1,712,984 ----a-w C:\Windows\System32\wuaueng.dll

2008-02-15 21:38 1,524,224 ----a-w C:\Windows\System32\wucltux.dll

2008-02-15 21:37 80,896 ----a-w C:\Windows\System32\wudriver.dll

2008-02-15 21:37 549,720 ----a-w C:\Windows\System32\wuapi.dll

2008-02-15 21:37 33,624 ----a-w C:\Windows\System32\wups.dll

2008-02-15 21:37 31,232 ----a-w C:\Windows\System32\wuapp.exe

2008-02-15 21:37 163,000 ----a-w C:\Windows\System32\wuwebv.dll

2008-02-15 18:13 7,680 ----a-w C:\Windows\System32\ff_vfw.dll

2008-02-15 18:13 60,273 ----a-w C:\Windows\System32\pthreadGC2.dll

2008-02-05 22:07 462,864 ----a-w C:\Windows\System32\d3dx10_37.dll

2007-11-22 03:44 174 --sha-w C:\Program Files\desktop.ini

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-02-16 00:02 1232896]

"ISUSPM"="C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2007-03-29 16:41 222128]

"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2005-03-31 11:18 790528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-09-19 22:05 86016]

"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-09-19 22:05 8497696]

"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-09-19 22:05 81920]

"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 10:29 102400]

"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2007-09-30 20:34 181544]

"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-19 15:31 202032]

"OnScreenDisplay"="C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 14:54 554320]

"UCam_Menu"="C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-08-17 00:13 218408]

"DpAgent"="C:\Program Files\DigitalPersona\Bin\dpagent.exe" [2007-09-20 12:12 671744]

"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-11-22 05:06 1006264]

"HP Health Check Scheduler"="[ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" []

"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 09:47 480560]

"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 16:53 311296]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]

"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2006-12-10 21:52 49152]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 14:06 40048]

"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 19:37 79224]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.l3codecp"= l3codecp.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{25A58860-6C8E-4A69-BF35-778A6D081443}"= C:\Program Files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector

"{44B85228-BA2C-4F12-8E9A-932B64AE5936}"= C:\Program Files\HP\QuickPlay\QP.exe:Quick Play

"{5BC2A226-07B0-4786-9B96-42A70F5218E8}"= C:\Program Files\HP\QuickPlay\QPService.exe:Quick Play Resident Program

"{4DAB04F3-8C05-43AE-979D-5E639A9ECF97}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)

"TCP Query User{CDD44593-37C2-4367-8C9A-483432686755}C:\program files\gadu-gadu\gg.exe"= UDP:C:\program files\gadu-gadu\gg.exe:Gadu-Gadu - program glowny

"UDP Query User{1495D276-EC7B-4A6D-82B0-C7F1968D2A6A}C:\program files\gadu-gadu\gg.exe"= TCP:C:\program files\gadu-gadu\gg.exe:Gadu-Gadu - program glowny

"TCP Query User{5F8AB58F-A158-42F9-A287-BDBA1614BF5F}C:\program files\bearshare\bearshare.exe"= UDP:C:\program files\bearshare\bearshare.exe:BearShare

"UDP Query User{9209BA29-E143-4377-8C0F-67FD9AC89D73}C:\program files\bearshare\bearshare.exe"= TCP:C:\program files\bearshare\bearshare.exe:BearShare

"TCP Query User{5F4AF8C1-F47A-44F2-9998-38A623961BD7}C:\program files\bearshare\bearshare.exe"= UDP:C:\program files\bearshare\bearshare.exe:BearShare

"UDP Query User{A250E5C8-5764-4578-886B-D55E826DDD57}C:\program files\bearshare\bearshare.exe"= TCP:C:\program files\bearshare\bearshare.exe:BearShare

"TCP Query User{4B395D85-2BC4-41E5-BE1B-A9FC39228466}C:\program files\gadu-gadu\gg.exe"= UDP:C:\program files\gadu-gadu\gg.exe:Gadu-Gadu - program glowny

"UDP Query User{44DD78B3-D3D4-4CBD-8A30-1C3A7B6E2377}C:\program files\gadu-gadu\gg.exe"= TCP:C:\program files\gadu-gadu\gg.exe:Gadu-Gadu - program glowny

"TCP Query User{CDFA11D6-6AB4-4ADB-9FBC-F5761E4B486B}C:\program files\sopcast\adv\sopadver.exe"= UDP:C:\program files\sopcast\adv\sopadver.exe:SopCast Adver

"UDP Query User{DA4AE158-1BE3-4D02-BB52-EA700E0164E1}C:\program files\sopcast\adv\sopadver.exe"= TCP:C:\program files\sopcast\adv\sopadver.exe:SopCast Adver

"TCP Query User{3E589B6C-369D-4297-B3AD-909645EBA492}C:\program files\sopcast\sopcast.exe"= UDP:C:\program files\sopcast\sopcast.exe:SopCast Main Application

"UDP Query User{0AD76FB7-5A53-43C9-85BE-464E28640854}C:\program files\sopcast\sopcast.exe"= TCP:C:\program files\sopcast\sopcast.exe:SopCast Main Application

"{C27FB026-46F7-4FE6-9BCB-454073AD6F4C}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent

"{E63D55DF-2E8E-4C94-9391-D1C7B0627596}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent

"{34F7C8BA-0EE9-428F-AACE-0808ACBAD97E}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent

"{E378104B-078D-4B56-91FD-D36A528BD070}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent

"TCP Query User{2DDEA86A-9B9C-4A4A-BA6F-7078AFD7D2D4}C:\program files\counter-strike 1.6\hl.exe"= UDP:C:\program files\counter-strike 1.6\hl.exe:Half-Life Launcher

"UDP Query User{6C9BAD9B-8E9D-4B54-9EA8-FCD1198B88C6}C:\program files\counter-strike 1.6\hl.exe"= TCP:C:\program files\counter-strike 1.6\hl.exe:Half-Life Launcher

"TCP Query User{305FD8AA-5FD1-44B5-BA02-ADFEE1ABF072}C:\program files\counter-strike 1.6\hlds.exe"= UDP:C:\program files\counter-strike 1.6\hlds.exe:HLDS Launcher

"UDP Query User{BA02A4C1-3DD2-4471-8E42-2977FB5417A1}C:\program files\counter-strike 1.6\hlds.exe"= TCP:C:\program files\counter-strike 1.6\hlds.exe:HLDS Launcher

"TCP Query User{B3E326AA-D5DE-4CF2-B2D1-92D02380DACF}C:\program files\sopcast\sopcast.exe"= UDP:C:\program files\sopcast\sopcast.exe:SopCast Main Application

"UDP Query User{19C7A2A5-8B5C-4641-9F8B-23BD0E47A332}C:\program files\sopcast\sopcast.exe"= TCP:C:\program files\sopcast\sopcast.exe:SopCast Main Application

"TCP Query User{F744F787-ADB7-4EC7-A4EF-68A6F35C1834}C:\program files\valve\hl.exe"= UDP:C:\program files\valve\hl.exe:Half-Life Launcher

"UDP Query User{C11563F8-99B4-4FF7-8A72-D36B91B82743}C:\program files\valve\hl.exe"= TCP:C:\program files\valve\hl.exe:Half-Life Launcher

"TCP Query User{E99C295E-B35F-44B1-8A58-D25A6A9DF18F}C:\program files\valve\hl.exe"= UDP:C:\program files\valve\hl.exe:Half-Life Launcher

"UDP Query User{8FC1E58F-E4D6-4290-9647-E5ABBF5745A9}C:\program files\valve\hl.exe"= TCP:C:\program files\valve\hl.exe:Half-Life Launcher

"TCP Query User{B7B68D6D-4BD1-4BB1-9C05-FB9B2095BE7D}C:\program files\valve\hlds.exe"= UDP:C:\program files\valve\hlds.exe:HLDS Launcher

"UDP Query User{1491774B-1771-47CE-9C74-07D58FED02D4}C:\program files\valve\hlds.exe"= TCP:C:\program files\valve\hlds.exe:HLDS Launcher

"TCP Query User{680A81B0-892D-41C6-A2C4-18956463B852}C:\program files\counter-strike\hl.exe"= UDP:C:\program files\counter-strike\hl.exe:Half-Life Launcher

"UDP Query User{94592A75-4B36-4A52-B9B2-1A23E74E0262}C:\program files\counter-strike\hl.exe"= TCP:C:\program files\counter-strike\hl.exe:Half-Life Launcher

"{DB0FD0B3-CE72-4031-A13B-DB79F04C63A9}"= UDP:C:\Program Files\Pro Evolution Soccer 2008\PES2008.exe:Pro Evolution Soccer 2008

"{2EEBBB41-5561-435B-91CE-6CB63BF50095}"= TCP:C:\Program Files\Pro Evolution Soccer 2008\PES2008.exe:Pro Evolution Soccer 2008

"{336F3CE6-B966-4615-944F-5F8F98240FDC}"= UDP:C:\Program Files\Pro Evolution Soccer 2008\PES2008.exe:Pro Evolution Soccer 2008

"{F9F749B3-BC61-40F1-9483-42920779DF7E}"= TCP:C:\Program Files\Pro Evolution Soccer 2008\PES2008.exe:Pro Evolution Soccer 2008

"TCP Query User{C6DCD32E-C4EC-4190-9DB3-C23E8AA5CB30}C:\program files\mozilla firefox\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox

"UDP Query User{1203BC89-5D4B-44B6-B6D2-14F244219ED2}C:\program files\mozilla firefox\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]

"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-03-29 19:31]

R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]

R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-03-29 19:32]

R2 QPCapSvc;QuickPlay Background Capture Service (QBCS);"C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe" [2007-09-30 20:34]

R2 QPSched;QuickPlay Task Scheduler (QTS);"C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe" [2007-09-30 20:34]

R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2007-07-10 16:27]

R3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys [2007-05-30 16:40]

R3 HpqRemHid;HP Remote Control HID Device;C:\Windows\system32\DRIVERS\HpqRemHid.sys [2007-07-11 11:30]

R3 nvsmu;nvsmu;C:\Windows\system32\DRIVERS\nvsmu.sys [2007-02-16 23:50]

S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver;C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 09:30]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{8fcd8e6e-e49b-11dc-ac10-001e68052646}]

\shell\AutoRun\command - G:\m9j.com

\shell\explore\Command - G:\m9j.com

\shell\open\Command - G:\m9j.com

*Newly Created Service* - CATCHME

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"

.

Contents of the 'Scheduled Tasks' folder

"2008-04-30 14:05:00 C:\Windows\Tasks\User_Feed_Synchronization-{53E02083-4C75-4C26-B471-520B0BB1AE16}.job"

  • C:\Windows\system32\msfeedssync.exe

.

**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-04-30 16:06:18

Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

folder error: C:\Users\Tomek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2008-04-30 16:07:21

ComboFix-quarantined-files.txt 2008-04-30 14:07:18

Pre-Run: 91,721,072,640 bajtów wolnych

Post-Run: 91,741,044,736 bajtów wolnych

232 --- E O F --- 2008-02-15 23:26:22


(Leon$) #2

Otwórz notatnik i wklej

zapisz jako plik.reg >> wszystkie pliki >> scal z rejestrem >> restart

b57f17008275c957m.jpg

powstanie plik o takiej ikonie

062aec4c9b51c033m.jpg

w który dwa razy klikniesz potwierdzisz chęć dodania do rejestru potem restart

Log wygląda na czysty

zrób optymalizacje uruchamiania http://cybertrash.netarteria.pl/cyber/index.php/topic,378.0.html

usuń ręcznie folder C: \Qoobox usuń instalkę Combofix z dysku.

Wyłącz przywracanie systemu na wszystkich dyskach.http://support.microsoft.com/kb/310405/pl

Wylecz pendriva lub kartę pamięci http://www.softpedia.com/get/Security/S ... Tool.shtml lub format

przeskanuj obszar Mój komputer http://www.kaspersky.pl/virusscanner.html pokaż raport stronę uruchomić przez IE

włącz przywracanie systemu

:slight_smile: