Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 08:49:46, on 2009-01-17

Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.20935)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

C:\Program Files\Option\GlobeTrotter Connect\GtDetectSc.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\CyberLink\Shared files\RichVideo.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\ATK0100\HControl.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe

C:\Program Files\Option\GlobeTrotter Connect\GlobeTrotter Connect.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\ATK0100\ATKOSD.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - Default URLSearchHook is missing

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O4 - HKLM…\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe

O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM…\Run: [nwiz] nwiz.exe /install

O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM…\Run: [egui] “C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe” /hide /waitservice

O4 - HKLM…\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM…\Run: [iTunesHelper] “C:\Program Files\iTunes\iTunesHelper.exe”

O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray

O4 - HKCU…\Run: [skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized

O4 - HKCU…\Run: [uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S

O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USLUGA LOKALNA’)

O4 - HKUS\S-1-5-19…\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User ‘USLUGA LOKALNA’)

O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USLUGA SIECIOWA’)

O4 - HKUS\S-1-5-20…\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User ‘USLUGA SIECIOWA’)

O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)

O4 - HKUS\S-1-5-18…\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User ‘SYSTEM’)

O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)

O4 - HKUS.DEFAULT…\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User ‘Default user’)

O4 - Global Startup: GlobeTrotter Connect.lnk = C:\Program Files\Option\GlobeTrotter Connect\GlobeTrotter Connect.exe

O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Wyslij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra ‘Tools’ menuitem: Wyslij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s … wflash.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe

O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: GtDetectSc - OptionNV - C:\Program Files\Option\GlobeTrotter Connect\GtDetectSc.exe

O23 - Service: Usluga iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

–

End of file - 7080 byt

Co zrobilem nie tak przepraszam ale jestem zielony

To wyjaśni Ci Moderator, ale sam spójrz na cześć “Ogłoszenia” tej strony >http://forum.dobreprogramy.pl/viewforum.php?f=16

Kosmetyka:

>>Hijack>>scan(Do a system scan only)>>zaznacz je >> Fix checked.

Poza tym - log czysty.

Nie napisałeś nawet, jaki wirus jest wykrywany i gdzie (ścieżka).

Możesz dać jeszcze log z ComboFix

Log wklej na http://wklej.org/, a w poście daj tylko link.(czyli skopiuj adres z paska adresów)

jessi

Jessi mam wkoncu tego combifoxa Probowalem wklejac ale nie dalem rady

ComboFix 09-01-16.03 - ADAM 2009-01-17 11:56:53.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.44.1045.18.2047.1548 [GMT 0:00]

Running from: c:\documents and settings\ADAM\Pulpit\ComboFix.exe

AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Outdated)

* Resident AV is active

.

((((((((((((((((((((((((( Files Created from 2008-12-17 to 2009-01-17 )))))))))))))))))))))))))))))))

.

2009-01-17 08:47 . 2009-01-17 08:47

2009-01-16 20:20 . 2009-01-16 20:20

2009-01-16 20:15 . 2009-01-16 20:15

2009-01-16 20:15 . 2009-01-16 20:15

2009-01-16 20:15 . 2009-01-16 20:15

2009-01-14 17:08 . 2009-01-14 17:08 118 --a------ c:\windows\system32\MRT.INI

2009-01-14 09:54 . 2009-01-14 09:54

2009-01-11 19:10 . 2009-01-17 08:11

2009-01-11 19:10 . 2009-01-11 19:10 56 --ah----- c:\windows\system32\ezsidmv.dat

2009-01-11 19:04 . 2009-01-17 11:48

2009-01-11 19:03 . 2009-01-11 19:03

2009-01-11 19:03 . 2009-01-11 19:03

2009-01-11 19:03 . 2009-01-11 19:03

2009-01-11 18:16 . 2008-04-14 17:20 159,232 --a------ c:\windows\system32\ptpusd.dll

2009-01-11 18:16 . 2001-10-26 17:29 5,632 --a------ c:\windows\system32\ptpusb.dll

2009-01-11 18:08 . 2009-01-11 18:08

2009-01-11 18:08 . 2009-01-11 18:08

2009-01-11 16:45 . 2009-01-11 16:46

2009-01-09 21:15 . 2009-01-09 21:15

2009-01-09 20:42 . 2006-07-22 07:40 143,360 --a------ c:\windows\system32\RtlCPAPI.dll

2009-01-09 20:42 . 2006-08-01 15:02 49,152 --a------ c:\windows\system32\ChCfg.exe

2009-01-09 20:36 . 2009-01-09 20:36

2009-01-09 20:36 . 2005-04-16 22:20 487,424 --a------ c:\windows\RtlExUpd.dll

2009-01-09 19:56 . 2009-01-09 19:56

2009-01-09 18:42 . 2009-01-09 18:43

2009-01-09 14:35 . 2006-03-29 17:36 133,632 -ra------ c:\windows\system32\drivers\m3aux.sys

2009-01-09 14:32 . 2006-04-06 13:58 2,633,728 -ra------ c:\windows\system32\w39MLRes.dll

2009-01-09 14:32 . 2006-04-03 19:17 1,429,632 -ra------ c:\windows\system32\drivers\w39n51.sys

2009-01-09 14:32 . 2006-04-06 13:58 491,520 -ra------ c:\windows\system32\w39NCPA.dll

2009-01-09 14:08 . 2009-01-09 14:08

2009-01-09 14:07 . 2009-01-17 11:58

2009-01-09 14:07 . 2009-01-09 14:08

2009-01-09 14:07 . 2008-03-05 17:11

2009-01-09 14:07 . 2009-01-17 11:39

2009-01-09 14:07 . 2009-01-09 18:44

2009-01-09 14:07 . 2009-01-11 16:45

2009-01-09 14:07 . 2009-01-16 20:20

2009-01-09 14:07 . 2009-01-17 11:45

2009-01-09 14:05 . 2008-10-03 10:04 247,326 --------- c:\windows\system32\dllcache\strmdll.dll

2009-01-05 20:07 . 2009-01-05 20:07

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-01-14 17:10 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Microsoft Help

2009-01-09 20:36 --------- d–h--w c:\program files\InstallShield Installation Information

2009-01-09 14:23 --------- d-----w c:\program files\MegaSpoof

2009-01-09 14:21 --------- d-----w c:\program files\Photomatix

2009-01-09 14:16 --------- d-----w c:\program files\IrfanView

2009-01-09 14:16 --------- d-----w c:\program files\Bonjour

2008-12-13 06:28 3,594,752 ------w c:\windows\system32\dllcache\mshtml.dll

2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys

2008-12-11 10:57 333,952 ------w c:\windows\system32\dllcache\srv.sys

2008-10-24 11:21 455,296 ------w c:\windows\system32\dllcache\mrxsmb.sys

2008-10-23 12:42 286,720 ----a-w c:\windows\system32\gdi32.dll

2008-10-23 12:42 286,720 ------w c:\windows\system32\dllcache\gdi32.dll

2009-01-11 12:48 67,688 ----a-w c:\program files\mozilla firefox\components\jar50.dll

2009-01-11 12:48 54,368 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll

2009-01-11 12:48 34,944 ----a-w c:\program files\mozilla firefox\components\myspell.dll

2009-01-11 12:48 46,712 ----a-w c:\program files\mozilla firefox\components\spellchk.dll

2009-01-11 12:48 172,136 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“c:\windows\system32\ctfmon.exe” [2008-04-14 15360]

“Gadu-Gadu”=“c:\program files\Gadu-Gadu\gg.exe” [2008-03-20 2127296]

“Skype”=“c:\program files\Skype\Phone\Skype.exe” [2008-11-18 21633320]

“Uniblue RegistryBooster 2”=“c:\program files\Uniblue\RegistryBooster 2\RegistryBooster.exe” [2007-12-05 1885464]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“HControl”=“c:\windows\ATK0100\HControl.exe” [2007-10-17 110592]

“NvCplDaemon”=“c:\windows\system32\NvCpl.dll” [2006-03-17 7561216]

“NvMediaCenter”=“c:\windows\system32\NvMcTray.dll” [2006-03-17 86016]

“egui”=“c:\program files\ESET\ESET NOD32 Antivirus\egui.exe” [2008-02-20 1443072]

“iTunesHelper”=“c:\program files\iTunes\iTunesHelper.exe” [2008-03-30 267048]

“nwiz”=“nwiz.exe” [2006-03-17 c:\windows\system32\nwiz.exe]

“RTHDCPL”=“RTHDCPL.EXE” [2006-08-23 c:\windows\RTHDCPL.exe]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“c:\windows\system32\CTFMON.EXE” [2008-04-14 15360]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

“nltide_2”=“shell32” [X]

“nltide_3”=“advpack.dll” [2008-10-16 c:\windows\system32\advpack.dll]

c:\documents and settings\All Users\Menu Start\Programy\Autostart\

GlobeTrotter Connect.lnk - c:\program files\Option\GlobeTrotter Connect\GlobeTrotter Connect.exe [2008-06-04 786432]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

“DisableStatusMessages”= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

“NoSMMyPictures”= 1 (0x1)

“NoSMConfigurePrograms”= 1 (0x1)

“NoSMHelp”= 1 (0x1)

[HKEY_USERS.default\software\microsoft\windows\currentversion\policies\explorer]

“NoSMMyPictures”= 1 (0x1)

“NoSMConfigurePrograms”= 1 (0x1)

“NoSMHelp”= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

“AntiVirusDisableNotify”=dword:00000001

“AntiVirusOverride”=dword:00000001

“FirewallOverride”=dword:00000001

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

“%windir%\Network Diagnostic\xpnetdiag.exe”=

“%windir%\system32\sessmgr.exe”=

“c:\Program Files\CyberLink\PowerDVD\PowerDVD.exe”=

“c:\Program Files\Gadu-Gadu\gg.exe”=

“c:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE”=

“c:\Program Files\Microsoft Office\Office12\GROOVE.EXE”=

“c:\Program Files\Microsoft Office\Office12\ONENOTE.EXE”=

“c:\Program Files\Bonjour\mDNSResponder.exe”=

“c:\WINDOWS\system32\dpvsetup.exe”=

“c:\Program Files\iTunes\iTunes.exe”=

“c:\Program Files\Skype\Phone\Skype.exe”=

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-02-20 33800]

R3 GT72NDISIPXP;GT 72 IP NDIS;c:\windows\system32\drivers\Gt51Ip.sys [2008-02-18 106624]

R3 GT72UBUS;GT 72 U BUS;c:\windows\system32\drivers\gt72ubus.sys [2008-02-08 59648]

R3 GTPTSER;GT PT SER;c:\windows\system32\drivers\gtptser.sys [2007-03-30 8064]

R3 SynMini;ASUS WebCam, 1.3M, USB2.0, FF;c:\windows\system32\drivers\SynMini.sys [2008-03-05 841110]

R3 SynScan;ASUS WebCam Still Image;c:\windows\system32\drivers\SynScan.sys [2008-03-05 8278]

R4 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};c:\program files\CyberLink\PowerDVD\000.fcl [2006-11-02 15:51:58 13560]

R4 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-02-20 472320]

R4 GtDetectSc;GtDetectSc;c:\program files\Option\GlobeTrotter Connect\GtDetectSc.exe [2007-12-18 196704]

S3 CM1063264;C-Media CM106 Like Sound UDAX Interface;c:\windows\system32\drivers\CM106.sys [2008-03-05 1306112]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{26f0c2b6-e221-11dd-ae5c-0018de78c2d1}]

\Shell\AutoRun\command - G:\setup.exe AUTORUN=1

.

Contents of the ‘Scheduled Tasks’ folder

2009-01-15 c:\windows\Tasks\AppleSoftwareUpdate.job

• c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]

2008-06-03 c:\windows\Tasks\Uniblue SpeedUpMyPC Nag.job

• c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe [2007-12-07 08:42]

2008-03-05 c:\windows\Tasks\Uniblue SpeedUpMyPC.job

• c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe [2007-12-07 08:42]

.

.

------- Supplementary Scan -------

.

uStart Page = about:blank

IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000

FF - ProfilePath - c:\documents and settings\ADAM\Dane aplikacji\Mozilla\Firefox\Profiles\t0odubdm.default\

FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll

FF - component: c:\program files\Mozilla Firefox\extensions{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-01-17 11:58:26

Windows 5.1.2600 Dodatek Service Pack 3 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully

hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services{95808DC4-FA4A-4c74-92FE-5B863F82066B}]

“ImagePath”="??\c:\program files\CyberLink\PowerDVD\000.fcl"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID{33455A87-EC18-3D7A-3D7249C0BA41BFCD}{E1E7777D-A2E0-3590-68879D33FAB4B890}{0DF25B16-A097-561D-C33793AF098BCDB4}*]

“JWOYTVPITEDJCHYUGDR5XL6BSC1”=hex:01,00,01,00,00,00,00,00,b1,dc,8a,ef,e5,23,43,

80,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61

[HKEY_LOCAL_MACHINE\software\Classes\CLSID{C19175F0-6343-C058-D551EA9B69721CA5}{44B8D0A6-F0B8-27D0-3AB262946B96BF2A}{D0951FF3-5F85-5129-204F105C4943049E}*]

“JWOYTVPITEDJCHYUGDR5XL6BSC1”=hex:01,00,01,00,00,00,00,00,b1,dc,8a,ef,e5,23,43,

80,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61

[HKEY_LOCAL_MACHINE\software\Classes\CLSID{E4568B1F-886D-9AB5-1E4B01E7F0FA32FF}{B2981650-D0BF-E14F-9D9AB95C0FC2939B}{CDC4F2F4-402E-87A1-4EFD68E3BEB8F4B3}*]

“JWOYTVPITEDJCHYUGDR5XL6BSC1”=hex:01,00,01,00,00,00,00,00,b1,dc,8a,ef,e5,23,43,

80,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61

.

Completion time: 2009-01-17 11:59:27

ComboFix-quarantined-files.txt 2009-01-17 11:59:25

ComboFix2.txt 2009-01-17 11:44:05

Pre-Run: 12,448,014,336 bajtów wolnych

Post-Run: 12,437,602,304 bajtów wolnych

179 — E O F — 2009-01-14 17:10:24

Otwórz notatnik i wklej

zapisz jako plik.reg >> wszystkie pliki

powstanie plik o takiej ikonie

w który dwa razy klikniesz potwierdzisz chęć dodania do rejestru potem restart

Pobierz CCleaner http://www.filehippo.com/download_ccleaner/

przeskanuj nim i wyczyść rejestr.

zrób optymalizacje uruchamiania

http://cybertrash.netarteria.pl/cyber/i … 378.0.html

usuń ręcznie folder C: \Qoobox usuń instalkę Combofix z dysku.

Wyłącz I włącz przywracanie systemu na wszystkich dyskach.http://support.microsoft.com/kb/310405/pl

przeskanuj obszar Mój komputer http://www.kaspersky.pl/virusscanner.html gdy będą wirusy pokaż raport