Oto log :
Może mi się wydaje, ale jeśli ktoś chciałby nabić sobie posta, a przy tym powiedzieć mi czy wszystko jest w porządku to byłbym wdzięczny. Pozdrawiam
Oto log :
Może mi się wydaje, ale jeśli ktoś chciałby nabić sobie posta, a przy tym powiedzieć mi czy wszystko jest w porządku to byłbym wdzięczny. Pozdrawiam
ComboFix 08-10-18.03 - ppp 2008-10-19 19:46:50.1 - NTFSx86
Uruchomiony z: C:\Users\ppp\Desktop\ComboFix.exe
* Utworzono nowy punkt przywracania
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\myglobalsearch
C:\Program Files\myglobalsearch\bar\History\search
.
((((((((((((((((((((((((( Pliki utworzone od 2008-09-19 do 2008-10-19 )))))))))))))))))))))))))))))))
.
2008-10-18 10:26 . 2008-10-18 10:26 0 --a------ C:\Windows\System32\msexcr.ini
2008-10-17 21:51 . 2008-10-17 21:51 0 -ra------ C:\logwmemory.bin
2008-10-17 21:50 . 2008-10-17 21:50
2008-10-17 21:50 . 2008-10-17 21:50
2008-10-17 21:43 . 2008-10-17 21:48
2008-10-17 17:49 . 2008-10-17 17:49
2008-10-17 17:49 . 2008-10-17 17:49
2008-10-17 17:49 . 2008-10-17 17:49
2008-10-16 21:53 . 2008-10-16 21:53
2008-10-16 17:53 . 2008-10-16 17:53
2008-10-16 17:52 . 2008-10-16 17:52
2008-10-14 19:06 . 2008-10-14 19:06 98,304 --a------ C:\Windows\System32\CmdLineExt.dll
2008-10-14 19:01 . 2008-10-14 19:01
2008-10-10 17:08 . 2008-10-10 17:08 106,496 --a------ C:\Windows\DIIUnin.exe
2008-10-10 17:08 . 2008-10-10 17:18 26,076 --a------ C:\Windows\DIIUnin.dat
2008-10-10 17:08 . 2008-10-10 17:08 2,829 --a------ C:\Windows\DIIUnin.pif
2008-10-01 22:32 . 2008-10-01 22:32
2008-09-30 22:15 . 2008-09-30 22:15
2008-09-30 21:49 . 2008-09-30 21:49 394 --a------ C:\Windows\capture.ini
2008-09-30 21:21 . 2008-10-16 21:54
2008-09-30 21:14 . 2008-09-30 21:14
2008-09-30 21:14 . 2008-09-30 21:14
2008-09-30 21:09 . 2008-09-30 21:09
2008-09-30 21:09 . 2008-09-30 21:09
2008-09-30 21:09 . 2008-09-30 21:09
2008-09-30 21:09 . 2008-09-30 21:09
2008-09-30 21:09 . 2008-09-30 21:09
2008-09-30 21:09 . 2008-09-30 21:09
2008-09-30 21:09 . 2008-09-30 21:09
2008-09-30 21:09 . 2008-09-30 21:09
2008-09-30 21:09 . 2008-09-30 22:15 2,516 --ahs---- C:\Windows\System32\KGyGaAvL.sys
2008-09-30 13:54 . 2008-09-30 13:55
2008-09-24 12:00 . 2008-09-24 12:00
2008-09-24 11:59 . 2008-10-19 00:51
2008-09-21 22:38 . 2008-09-21 22:38
2008-09-21 21:51 . 2004-08-18 03:34 442,368 --a------ C:\Windows\System32\vp6vfw.dll
2008-09-21 21:47 . 2008-09-21 21:48
2008-09-21 21:47 . 2008-07-28 17:19 116,736 --a------ C:\Windows\System32\drivers\mcdbus.sys
2008-09-21 21:09 . 2008-09-21 21:33
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-19 16:30 --------- d-----w C:\Users\ppp\AppData\Roaming\Azureus
2008-10-18 18:58 --------- d–h--w C:\Program Files\InstallShield Installation Information
2008-10-15 06:28 --------- d-----w C:\Program Files\Windows Mail
2008-10-02 03:49 827,392 ----a-w C:\Windows\System32\wininet.dll
2008-09-30 19:12 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-09-22 19:57 --------- d-----w C:\Users\ppp\AppData\Roaming\Skype
2008-09-22 17:58 --------- d-----w C:\Users\ppp\AppData\Roaming\skypePM
2008-09-20 20:49 --------- d-----w C:\Program Files\IP Monitor
2008-09-19 16:08 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-09-19 15:41 --------- d-----w C:\Users\ppp\AppData\Roaming\OpenOffice.org2
2008-09-18 07:59 --------- d-----w C:\ProgramData\Avery
2008-09-18 07:29 --------- d-----w C:\Users\ppp\AppData\Roaming\mojosoft
2008-09-18 05:09 3,601,464 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-09-18 05:09 3,549,240 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-09-18 02:16 2,032,640 ----a-w C:\Windows\System32\win32k.sys
2008-09-17 10:54 43,520 ----a-w C:\Windows\System32\CmdLineExt03.dll
2008-09-15 20:35 --------- d-----w C:\ProgramData\Skype
2008-09-15 20:35 --------- d-----w C:\Program Files\Skype
2008-09-15 20:35 --------- d-----w C:\Program Files\Common Files\Skype
2008-09-11 15:45 --------- d-----w C:\Users\ppp\AppData\Roaming\SPORE
2008-08-30 17:48 --------- d-----w C:\Users\ppp\AppData\Roaming\Tibia
2008-08-30 11:39 --------- d-----w C:\Users\ppp\AppData\Roaming\WNR
2008-08-27 01:06 288,768 ----a-w C:\Windows\system32\drivers\srv.sys
2008-08-24 08:20 --------- d-----w C:\Program Files\BearShare Applications
2008-08-24 08:20 --------- d-----w C:\Program Files\BearShare
2008-08-21 19:47 21,840 ----a-w C:\Windows\System32\SIntfNT.dll
2008-08-21 19:47 17,212 ----a-w C:\Windows\System32\SIntf32.dll
2008-08-21 19:47 12,067 ----a-w C:\Windows\System32\SIntf16.dll
2008-08-21 11:37 --------- d-----w C:\Program Files\Hotspot Shield
2008-08-15 18:32 253,696 ----a-w C:\Windows\hppunin.exe
2008-08-02 03:26 36,864 ----a-w C:\Windows\System32\cdd.dll
2008-07-31 08:41 68,616 ----a-w C:\Windows\System32\XAPOFX1_1.dll
2008-07-31 08:41 238,088 ----a-w C:\Windows\System32\xactengine3_2.dll
2008-07-31 08:40 509,448 ----a-w C:\Windows\System32\XAudio2_2.dll
2008-07-31 03:32 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-07-31 03:32 28,160 ----a-w C:\Windows\System32\Apphlpdm.dll
2008-07-31 03:32 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-07-31 03:32 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-07-31 01:13 4,240,384 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-07-19 05:10 53,448 ----a-w C:\Windows\System32\wuauclt.exe
2008-07-19 05:10 45,768 ----a-w C:\Windows\System32\wups2.dll
2008-07-19 05:10 36,552 ----a-w C:\Windows\System32\wups.dll
2008-07-19 05:09 563,912 ----a-w C:\Windows\System32\wuapi.dll
2008-07-19 05:09 1,811,656 ----a-w C:\Windows\System32\wuaueng.dll
2008-07-19 03:44 83,456 ----a-w C:\Windows\System32\wudriver.dll
2008-07-19 03:44 1,524,736 ----a-w C:\Windows\System32\wucltux.dll
2008-06-19 07:58 174 --sha-w C:\Program Files\desktop.ini
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“Sidebar”=“C:\Program Files\Windows Sidebar\sidebar.exe” [2008-01-19 1233920]
“Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2008-03-20 2127296]
“ehTray.exe”=“C:\Windows\ehome\ehTray.exe” [2008-01-19 125952]
“DAEMON Tools Lite”=“C:\Program Files\DAEMON Tools Lite\daemon.exe” [2008-07-24 490952]
“ISUSPM Startup”=“C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe” [2004-06-16 221184]
“WMPNSCFG”=“C:\Program Files\Windows Media Player\WMPNSCFG.exe” [2008-01-19 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“TBPanel”=“C:\Program Files\VDOTool\TBPanel.exe” [2008-01-29 2157096]
“SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe” [2008-06-10 144784]
“NvSvc”=“C:\Windows\system32\nvsvc.dll” [2008-01-08 86016]
“NvCplDaemon”=“C:\Windows\system32\NvCpl.dll” [2008-01-08 8530464]
“NvMediaCenter”=“C:\Windows\system32\NvMcTray.dll” [2008-01-08 81920]
“avgnt”=“C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe” [2008-07-18 266497]
“Adobe Reader Speed Launcher”=“C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe” [2008-06-12 34672]
“ISUSScheduler”=“C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe” [2004-06-16 81920]
“CorelDRAW Graphics Suite 11b”=“C:\Program Files\Corel\Corel Graphics 12\Languages\PL\Programs\Registration.exe” [2004-06-23 733184]
“RtHDVCpl”=“RtHDVCpl.exe” [2007-09-19 C:\Windows\RtHDVCpl.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
“EnableUIADesktopToggle”= 0 (0x0)
[HKLM~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
“TCP Query User{6D7D31DB-896D-44E6-BF0C-35CABCCBCA14}C:\program files\flashget\flashget.exe”= UDP:C:\program files\flashget\flashget.exe:FlashGet
“UDP Query User{43424A8B-CC32-4E6E-9C78-DFDCD7C9DC6F}C:\program files\flashget\flashget.exe”= TCP:C:\program files\flashget\flashget.exe:FlashGet
“TCP Query User{1253C18D-9FD8-4A87-A5C5-8308F1899D9F}C:\program files\gadu-gadu\gg.exe”= UDP:C:\program files\gadu-gadu\gg.exe:Gadu-Gadu - program główny
“UDP Query User{9CD125E2-198F-4ACC-8EFA-A5F8471F9EB5}C:\program files\gadu-gadu\gg.exe”= TCP:C:\program files\gadu-gadu\gg.exe:Gadu-Gadu - program główny
“TCP Query User{656A1623-9D14-451C-94FF-515D64911A3A}D:\wonderland online\main.exe”= UDP:D:\wonderland online\main.exe:Main
“UDP Query User{1F3FC144-17C8-4CBF-9F31-E6F551FC2767}D:\wonderland online\main.exe”= TCP:D:\wonderland online\main.exe:Main
“TCP Query User{CB2157E7-110A-4693-B2D1-2D7C7CEC2D69}C:\program files\internet explorer\iexplore.exe”= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
“UDP Query User{FE52C241-D155-4357-B5D5-AF220DE88A38}C:\program files\internet explorer\iexplore.exe”= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
“TCP Query User{50D69129-7B2A-460E-A9F8-904325F4C1FB}C:\wonderland online\main.exe”= UDP:C:\wonderland online\main.exe:Main
“UDP Query User{5A00AAB6-506A-48C8-9EFD-E93FE6123206}C:\wonderland online\main.exe”= TCP:C:\wonderland online\main.exe:Main
“TCP Query User{3D5EB8AA-A625-4D42-B10B-234F8974C457}C:\program files\bearshare\bearshare.exe”= UDP:C:\program files\bearshare\bearshare.exe:BearShare
“UDP Query User{4EE008BC-D006-430F-80E5-33DB67D2DF28}C:\program files\bearshare\bearshare.exe”= TCP:C:\program files\bearshare\bearshare.exe:BearShare
“TCP Query User{C5B02B6E-E1A7-4257-98AC-FD343DBA741D}C:\program files\bearshare applications\bearshare\bearshare.exe”= UDP:C:\program files\bearshare applications\bearshare\bearshare.exe:BearShare
“UDP Query User{59ECF281-43DB-4F1C-BAA0-B5379959AE79}C:\program files\bearshare applications\bearshare\bearshare.exe”= TCP:C:\program files\bearshare applications\bearshare\bearshare.exe:BearShare
“TCP Query User{B68BAD81-E747-4366-A5F4-953E5F15B201}C:\program files\mozilla firefox\firefox.exe”= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
“UDP Query User{4803DE8E-FC4A-4981-B44F-A2CBC8D5CE31}C:\program files\mozilla firefox\firefox.exe”= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
“TCP Query User{732AEF0E-9533-4FBA-BE42-C56D2413DA14}D:\bb\game.exe”= UDP:D:\bb\game.exe:BBTanks Launcher
“UDP Query User{7F23B0D5-D706-4223-92FC-CACC988A5660}D:\bb\game.exe”= TCP:D:\bb\game.exe:BBTanks Launcher
“TCP Query User{61D3A4C1-1902-469D-9205-071A8A9F5E7E}C:\downloads\bots_downloader_us_6-13-2008.exe”= UDP:C:\downloads\bots_downloader_us_6-13-2008.exe:BOTS_downloader_us_6-13-2008
“UDP Query User{1105446E-8F91-4F1A-9C02-63E3D96B03AE}C:\downloads\bots_downloader_us_6-13-2008.exe”= TCP:C:\downloads\bots_downloader_us_6-13-2008.exe:BOTS_downloader_us_6-13-2008
“TCP Query User{A62C8519-71D4-4DE5-AE36-EAA2DED712E4}D:\bots\bots.dat”= UDP:D:\bots\bots.dat:Bout_d
“UDP Query User{BFD9276F-A423-4A83-9558-5E9B82338497}D:\bots\bots.dat”= TCP:D:\bots\bots.dat:Bout_d
“TCP Query User{B6CB7BCF-C780-4EF3-99FE-E8E69703B2D6}C:\downloads\2moons_downloader_us_6-19-2008.exe”= UDP:C:\downloads\2moons_downloader_us_6-19-2008.exe:2moons_downloader_us_6-19-2008
“UDP Query User{0A058FD0-BD6D-4950-8B3A-618744A0ECA6}C:\downloads\2moons_downloader_us_6-19-2008.exe”= TCP:C:\downloads\2moons_downloader_us_6-19-2008.exe:2moons_downloader_us_6-19-2008
“TCP Query User{A7EFF518-5B1D-432F-A6CF-09B143987896}D:\goa\gunbound\gunbound.gme”= UDP:D:\goa\gunbound\gunbound.gme:GunBound
“UDP Query User{F91A2E20-1716-4DC4-86C9-F8760956F2D1}D:\goa\gunbound\gunbound.gme”= TCP:D:\goa\gunbound\gunbound.gme:GunBound
“TCP Query User{E7574C17-7660-4DFD-9C88-A3380D3D1D54}D:\freestylers crew\fgunz\theduel.exe”= UDP:D:\freestylers crew\fgunz\theduel.exe:Freestyle GunZ
“UDP Query User{2175933A-B6AA-4AE9-8166-54BAAE50183E}D:\freestylers crew\fgunz\theduel.exe”= TCP:D:\freestylers crew\fgunz\theduel.exe:Freestyle GunZ
“TCP Query User{3414EB0A-8B67-4B16-B1F1-ADF391883D20}D:\windslayer\windslayer.exe”= UDP:D:\windslayer\windslayer.exe:WindSlayer
“UDP Query User{4B2863C2-5695-4B4B-9CA3-CB79C6DBF5FA}D:\windslayer\windslayer.exe”= TCP:D:\windslayer\windslayer.exe:WindSlayer
“TCP Query User{7176C0F3-B7DB-4C10-9989-5327F837C611}C:\windows\system32\java.exe”= UDP:C:\windows\system32\java.exe:Java Platform SE binary
“UDP Query User{8F44DDB7-A83E-4C57-AC75-A294AEC0A76C}C:\windows\system32\java.exe”= TCP:C:\windows\system32\java.exe:Java Platform SE binary
“TCP Query User{6654963B-686C-4EEE-B70D-47802E405B6D}C:\wamp\bin\apache\apache2.2.8\bin\httpd.exe”= UDP:C:\wamp\bin\apache\apache2.2.8\bin\httpd.exe:Apache HTTP Server
“UDP Query User{0640F3EE-B59A-4323-85EA-F1051483068E}C:\wamp\bin\apache\apache2.2.8\bin\httpd.exe”= TCP:C:\wamp\bin\apache\apache2.2.8\bin\httpd.exe:Apache HTTP Server
“TCP Query User{DF6E2596-AD6B-416E-B20D-CE32A221DC76}C:\program files\little fighter 2.5 - v2.0\lf2.5\lf2.5.exe”= UDP:C:\program files\little fighter 2.5 - v2.0\lf2.5\lf2.5.exe:lf2.5
“UDP Query User{63017F66-1EFF-40F2-9D42-8D0DCB02E008}C:\program files\little fighter 2.5 - v2.0\lf2.5\lf2.5.exe”= TCP:C:\program files\little fighter 2.5 - v2.0\lf2.5\lf2.5.exe:lf2.5
“TCP Query User{DA8C1517-40C7-4D71-A2B0-150D84B2F5AF}C:\program files\vuze\azureus.exe”= UDP:C:\program files\vuze\azureus.exe:Azureus
“UDP Query User{F207561F-1D63-4CCB-AD8B-FCC975645565}C:\program files\vuze\azureus.exe”= TCP:C:\program files\vuze\azureus.exe:Azureus
“TCP Query User{37C22091-ECB7-4BFE-9A36-9C2508F8B8DA}D:\neverwinternights\nwn\nwmain.exe”= UDP:D:\neverwinternights\nwn\nwmain.exe:Neverwinter Nights
“UDP Query User{8E7BAD26-6893-41D5-96DA-1A5F42646A85}D:\neverwinternights\nwn\nwmain.exe”= TCP:D:\neverwinternights\nwn\nwmain.exe:Neverwinter Nights
“TCP Query User{C07095D9-99B3-4AC2-B270-D061A9A76ED2}C:\users\ppp\documents\god\god.exe”= UDP:C:\users\ppp\documents\god\god.exe:god.exe
“UDP Query User{0550145D-B30D-4A0E-ADCC-8B0B08F2E669}C:\users\ppp\documents\god\god.exe”= TCP:C:\users\ppp\documents\god\god.exe:god.exe
“TCP Query User{B7BFD13F-D061-439A-8413-5DB816F16B8C}D:\sacred underworld\gameserver.exe”= UDP:D:\sacred underworld\gameserver.exe:Sacred Gameserver
“UDP Query User{14EBD64F-CC7E-4A86-A881-993337DFA909}D:\sacred underworld\gameserver.exe”= TCP:D:\sacred underworld\gameserver.exe:Sacred Gameserver
“TCP Query User{9B6FF8E1-3582-4476-A464-FFC536A018B5}C:\users\ppp\desktop\mwodownloader.exe”= UDP:C:\users\ppp\desktop\mwodownloader.exe:mwodownloader.exe
“UDP Query User{32CA7484-63D7-44AB-9426-21CE4C94D335}C:\users\ppp\desktop\mwodownloader.exe”= TCP:C:\users\ppp\desktop\mwodownloader.exe:mwodownloader.exe
“TCP Query User{2AF212DF-4FEC-4E8B-B52C-7AB9555D4120}D:\sierra\arcanum\arcanum (2).exe”= UDP:D:\sierra\arcanum\arcanum (2).exe:Arcanum
“UDP Query User{AED7B6CC-F76F-4894-B844-EA2DDB379835}D:\sierra\arcanum\arcanum (2).exe”= TCP:D:\sierra\arcanum\arcanum (2).exe:Arcanum
“{7EC9F35C-FDA7-4669-9E2A-9DD17D38E079}”= C:\Program Files\Skype\Phone\Skype.exe:Skype
“TCP Query User{63EB4690-8963-4DF4-A98C-4E46AFC3D289}C:\program files\vuze\azureus.exe”= UDP:C:\program files\vuze\azureus.exe:Azureus
“UDP Query User{03560833-3220-4A92-8382-053A4AB4D4E0}C:\program files\vuze\azureus.exe”= TCP:C:\program files\vuze\azureus.exe:Azureus
“{62C5CCF0-83C8-4EAE-9BDB-139FDC0BB8D5}”= UDP:C:\Program Files\Proxy Switcher Standard\ProxySwitcher.exe:Proxy Switcher
“{B88FE933-1083-43FC-B52E-81942211E7CD}”= TCP:C:\Program Files\Proxy Switcher Standard\ProxySwitcher.exe:Proxy Switcher
“{BDC9B4A5-60B0-4B5A-8E56-F46024970A27}”= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
“{636E75CD-57A0-44FA-9463-31CE3923A733}”= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
“TCP Query User{30B77B6A-6523-4EE5-AE51-7F2742F4BB4F}C:\program files\utorrent\utorrent.exe”= UDP:C:\program files\utorrent\utorrent.exe:µTorrent
“UDP Query User{B2C9AB0E-989E-47CE-AB28-32BC7752B3BA}C:\program files\utorrent\utorrent.exe”= TCP:C:\program files\utorrent\utorrent.exe:µTorrent
“TCP Query User{4AB85619-BCA3-4D71-83AB-CE2822BC6543}C:\soldat\soldat.exe”= UDP:C:\soldat\soldat.exe:Soldat
“UDP Query User{D77765B3-1041-424A-89C1-560350F4BED0}C:\soldat\soldat.exe”= TCP:C:\soldat\soldat.exe:Soldat
[HKLM~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
“DoNotAllowExceptions”= 0 (0x0)
R3 lredbooo;lredbooo;C:\Users\ppp\AppData\Local\Temp\lredbooo.sys []
R3 XDva189;XDva189;C:\Windows\system32\XDva189.sys []
R3 XDva193;XDva193;C:\Windows\system32\XDva193.sys []
S0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);C:\Windows\System32\drivers\sfsync03.sys [2005-10-13 15:46]
S3 tapvpn;TAP VPN Adapter;C:\Windows\system32\DRIVERS\tapvpn.sys [2008-01-23 23:25]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{7f96a13c-6c67-11dd-be3b-001d7dc7ba6f}]
\shell\AutoRun\command - F:_AUTORUN\AUTORUN.EXE
\shell\readme\command - notepad czytajto.txt
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{85115ce6-86e9-11dd-b200-000999123456}]
\shell\AutoRun\command - G:\LRSplash.exe
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Zawartość folderu ‘Zaplanowane zadania’
2008-10-19 C:\Windows\Tasks\User_Feed_Synchronization-{82748A27-BAE4-4996-B3BC-821D02800214}.job
.
HKLM-Run-BearShare - C:\Program Files\BearShare\BearShare.exe
HKLM-Run-Emurayden PSX Emulator - (no file)
.
------- Skan uzupełniający -------
.
FireFox -: Profile - C:\Users\ppp\AppData\Roaming\Mozilla\Firefox\Profiles\2n3ounsw.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://search.bearshare.com/pl/
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-19 19:49:29
Windows 6.0.6001 Service Pack 1 NTFS
skanowanie ukrytych procesów …
skanowanie ukrytych wpisów autostartu …
skanowanie ukrytych plików …
**************************************************************************
.
Czas ukończenia: 2008-10-19 19:51:39
ComboFix-quarantined-files.txt 2008-10-19 17:50:37
Przed: 12 633 612 288 bajtów wolnych
Po: 12,451,184,640 bajtów wolnych
227 — E O F — 2008-10-15 06:22:56
wklej do notatnika:
Zapisz plik jako CFScript.txt najlepiej aby ikonka tego pliku znajdowała się obok ikonki ComboFix.exe
Przeciągnij i upuść plik CFScript.txt na ikonkę ComboFix.exe powinno rozpocząć się usuwanie po tym daj log na forum.
Loga wklej na www.wklejto.pl lub http://www.wklej.org/ a w poście daj linka
Zrobiłem to co powiedziałeś po czym komputer sie zresetował i wyskoczył błąd ‘‘Uszkodzony plik rejestru’’ naszczęście miałem płytkę Vista i udało się naprawić problem --.–’’. Proszę o nie podawanie mi tak ryzykownych sposobów, ponieważ komputer jest mi potrzebny ‘‘jeszcze’’.
Wpisy które podałem do usunięcia są według mnie prawidłowe. Nie usuwaliśmy żadnego pliku rejestru
Nie wątpie, ale sobie tego nie wymysliłem ;p.
Masz Vistę 64bity Niestety Combofix na tym systemie może powodować błędy, nie zwróciłem wcześniej na to uwagi?
Dla pewności czy coś jeszcze nie zostało
Wyłącz i włącz przywracanie systemu na wszystkich dyskach
Przeczyść system oraz rejestr CCleaner
Przeskanuj obszar Mój komputer Kaspersky Online Scanner Uruchom pod IE daj raport na forum
lub Dr.WEB CureIt!