Win32/Pacex.Gen

sajki · 22 Maj 2009 11:47

Witam, mój NOD32 wykrył wirusa Pacex.Gen. Jest on na każdej partycji w System Volume Information. Czytałem, że najlepiej użyć combofixa. Oto co wykazał:

ComboFix 09-05-21.01 - ABC 2009-05-22 13:00.2 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.3.1250.48.1045.18.2047.1480 [GMT 2:00]

Uruchomiony z: c:\documents and settings\ABC\Pulpit\ComboFix.exe

AV: System antywirusowy NOD32 2.70 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

.

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\docume~1\ABC\USTAWI~1\Temp\WLZ214E.tmp\burnlib.lng

c:\docume~1\ABC\USTAWI~1\Temp\WLZ214E.tmp\dsp_sps.lng

c:\docume~1\ABC\USTAWI~1\Temp\WLZ214E.tmp\enc_aacplus.lng

c:\docume~1\ABC\USTAWI~1\Temp\WLZ214E.tmp\enc_flac.lng

c:\docume~1\ABC\USTAWI~1\Temp\WLZ214E.tmp\enc_flake.lng

c:\docume~1\ABC\USTAWI~1\Temp\WLZ214E.tmp\enc_lame.lng

c:\docume~1\ABC\USTAWI~1\Temp\WLZ214E.tmp\enc_vorbis.lng

c:\docume~1\ABC\USTAWI~1\Temp\WLZ214E.tmp\enc_wav.lng

c:\docume~1\ABC\USTAWI~1\Temp\WLZ214E.tmp\enc_wma.lng

c:\docume~1\ABC\USTAWI~1\Temp\WLZ214E.tmp\gen_crasher.lng

c:\docume~1\ABC\USTAWI~1\Temp\WLZ214E.tmp\gen_dropbox.lng

c:\docume~1\ABC\USTAWI~1\Temp\WLZ214E.tmp\gen_ff.lng

c:\docume~1\ABC\USTAWI~1\Temp\WLZ214E.tmp\gen_hotkeys.lng

c:\docume~1\ABC\USTAWI~1\Temp\WLZ214E.tmp\gen_ml.lng

c:\docume~1\ABC\USTAWI~1\Temp\WLZ214E.tmp\gen_tray.lng

c:\docume~1\ABC\USTAWI~1\Temp\WLZ214E.tmp\in_cdda.lng

c:\docume~1\ABC\USTAWI~1\Temp\WLZ214E.tmp\in_dshow.lng

c:\docume~1\ABC\USTAWI~1\Temp\WLZ214E.tmp\in_flac.lng

c:\docume~1\ABC\USTAWI~1\Temp\WLZ214E.tmp\in_flv.lng

c:\docume~1\ABC\USTAWI~1\Temp\WLZ214E.tmp\in_linein.lng

c:\docume~1\ABC\USTAWI~1\Temp\WLZ214E.tmp\in_midi.lng

c:\docume~1\ABC\USTAWI~1\Temp\WLZ214E.tmp\in_mod.lng

c:\docume~1\ABC\USTAWI~1\Temp\WLZ214E.tmp\in_mp3.lng

c:\docume~1\ABC\USTAWI~1\Temp\WLZ214E.tmp\in_mp4.lng

c:\docume~1\ABC\USTAWI~1\Temp\WLZ214E.tmp\in_nsv.lng

c:\docume~1\ABC\USTAWI~1\Temp\WLZ214E.tmp\in_swf.lng

c:\docume~1\ABC\USTAWI~1\Temp\WLZ214E.tmp\in_vorbis.lng

c:\docume~1\ABC\USTAWI~1\Temp\WLZ214E.tmp\in_wav.lng

c:\docume~1\ABC\USTAWI~1\Temp\WLZ214E.tmp\in_wave.lng

c:\docume~1\ABC\USTAWI~1\Temp\WLZ214E.tmp\in_wm.lng

c:\docume~1\ABC\USTAWI~1\Temp\WLZ214E.tmp\in_wv.lng

c:\docume~1\ABC\USTAWI~1\Temp\WLZ214E.tmp\ml_autotag.lng

c:\docume~1\ABC\USTAWI~1\Temp\WLZ214E.tmp\ml_bookmarks.lng

c:\docume~1\ABC\USTAWI~1\Temp\WLZ214E.tmp\ml_dash.lng

c:\docume~1\ABC\USTAWI~1\Temp\WLZ214E.tmp\ml_disc.lng

c:\docume~1\ABC\USTAWI~1\Temp\WLZ214E.tmp\ml_history.lng

c:\docume~1\ABC\USTAWI~1\Temp\WLZ214E.tmp\ml_impex.lng

c:\docume~1\ABC\USTAWI~1\Temp\WLZ214E.tmp\ml_local.lng

c:\docume~1\ABC\USTAWI~1\Temp\WLZ214E.tmp\ml_nowplaying.lng

c:\docume~1\ABC\USTAWI~1\Temp\WLZ214E.tmp\ml_online.lng

c:\docume~1\ABC\USTAWI~1\Temp\WLZ214E.tmp\ml_orb.lng

c:\docume~1\ABC\USTAWI~1\Temp\WLZ214E.tmp\ml_playlists.lng

c:\docume~1\ABC\USTAWI~1\Temp\WLZ214E.tmp\ml_plg.lng

c:\docume~1\ABC\USTAWI~1\Temp\WLZ214E.tmp\ml_pmp.lng

c:\docume~1\ABC\USTAWI~1\Temp\WLZ214E.tmp\ml_rg.lng

c:\docume~1\ABC\USTAWI~1\Temp\WLZ214E.tmp\ml_transcode.lng

c:\docume~1\ABC\USTAWI~1\Temp\WLZ214E.tmp\ml_wire.lng

c:\docume~1\ABC\USTAWI~1\Temp\WLZ214E.tmp\out_disk.lng

c:\docume~1\ABC\USTAWI~1\Temp\WLZ214E.tmp\out_ds.lng

c:\docume~1\ABC\USTAWI~1\Temp\WLZ214E.tmp\out_wave.lng

c:\docume~1\ABC\USTAWI~1\Temp\WLZ214E.tmp\playlist.lng

c:\docume~1\ABC\USTAWI~1\Temp\WLZ214E.tmp\pmp_activesync.lng

c:\docume~1\ABC\USTAWI~1\Temp\WLZ214E.tmp\pmp_ipod.lng

c:\docume~1\ABC\USTAWI~1\Temp\WLZ214E.tmp\pmp_njb.lng

c:\docume~1\ABC\USTAWI~1\Temp\WLZ214E.tmp\pmp_p4s.lng

c:\docume~1\ABC\USTAWI~1\Temp\WLZ214E.tmp\pmp_usb.lng

c:\docume~1\ABC\USTAWI~1\Temp\WLZ214E.tmp\tagz.lng

c:\docume~1\ABC\USTAWI~1\Temp\WLZ214E.tmp\vis_avs.lng

c:\docume~1\ABC\USTAWI~1\Temp\WLZ214E.tmp\vis_milk2.lng

c:\docume~1\ABC\USTAWI~1\Temp\WLZ214E.tmp\vis_nsfs.lng

c:\docume~1\ABC\USTAWI~1\Temp\WLZ214E.tmp\winamp.lng

c:\docume~1\ABC\USTAWI~1\Temp\WLZ214E.tmp\winampa.lng

c:\documents and settings\ABC\Ustawienia lokalne\temp\WLZ214E.tmp\burnlib.lng

c:\documents and settings\ABC\Ustawienia lokalne\temp\WLZ214E.tmp\dsp_sps.lng

c:\documents and settings\ABC\Ustawienia lokalne\temp\WLZ214E.tmp\enc_aacplus.lng

c:\documents and settings\ABC\Ustawienia lokalne\temp\WLZ214E.tmp\enc_flac.lng

c:\documents and settings\ABC\Ustawienia lokalne\temp\WLZ214E.tmp\enc_flake.lng

c:\documents and settings\ABC\Ustawienia lokalne\temp\WLZ214E.tmp\enc_lame.lng

c:\documents and settings\ABC\Ustawienia lokalne\temp\WLZ214E.tmp\enc_vorbis.lng

c:\documents and settings\ABC\Ustawienia lokalne\temp\WLZ214E.tmp\enc_wav.lng

c:\documents and settings\ABC\Ustawienia lokalne\temp\WLZ214E.tmp\enc_wma.lng

c:\documents and settings\ABC\Ustawienia lokalne\temp\WLZ214E.tmp\gen_crasher.lng

c:\documents and settings\ABC\Ustawienia lokalne\temp\WLZ214E.tmp\gen_dropbox.lng

c:\documents and settings\ABC\Ustawienia lokalne\temp\WLZ214E.tmp\gen_ff.lng

c:\documents and settings\ABC\Ustawienia lokalne\temp\WLZ214E.tmp\gen_hotkeys.lng

c:\documents and settings\ABC\Ustawienia lokalne\temp\WLZ214E.tmp\gen_ml.lng

c:\documents and settings\ABC\Ustawienia lokalne\temp\WLZ214E.tmp\gen_tray.lng

c:\documents and settings\ABC\Ustawienia lokalne\temp\WLZ214E.tmp\in_cdda.lng

c:\documents and settings\ABC\Ustawienia lokalne\temp\WLZ214E.tmp\in_dshow.lng

c:\documents and settings\ABC\Ustawienia lokalne\temp\WLZ214E.tmp\in_flac.lng

c:\documents and settings\ABC\Ustawienia lokalne\temp\WLZ214E.tmp\in_flv.lng

c:\documents and settings\ABC\Ustawienia lokalne\temp\WLZ214E.tmp\in_linein.lng

c:\documents and settings\ABC\Ustawienia lokalne\temp\WLZ214E.tmp\in_midi.lng

c:\documents and settings\ABC\Ustawienia lokalne\temp\WLZ214E.tmp\in_mod.lng

c:\documents and settings\ABC\Ustawienia lokalne\temp\WLZ214E.tmp\in_mp3.lng

c:\documents and settings\ABC\Ustawienia lokalne\temp\WLZ214E.tmp\in_mp4.lng

c:\documents and settings\ABC\Ustawienia lokalne\temp\WLZ214E.tmp\in_nsv.lng

c:\documents and settings\ABC\Ustawienia lokalne\temp\WLZ214E.tmp\in_swf.lng

c:\documents and settings\ABC\Ustawienia lokalne\temp\WLZ214E.tmp\in_vorbis.lng

c:\documents and settings\ABC\Ustawienia lokalne\temp\WLZ214E.tmp\in_wav.lng

c:\documents and settings\ABC\Ustawienia lokalne\temp\WLZ214E.tmp\in_wave.lng

c:\documents and settings\ABC\Ustawienia lokalne\temp\WLZ214E.tmp\in_wm.lng

c:\documents and settings\ABC\Ustawienia lokalne\temp\WLZ214E.tmp\in_wv.lng

c:\documents and settings\ABC\Ustawienia lokalne\temp\WLZ214E.tmp\ml_autotag.lng

c:\documents and settings\ABC\Ustawienia lokalne\temp\WLZ214E.tmp\ml_bookmarks.lng

c:\documents and settings\ABC\Ustawienia lokalne\temp\WLZ214E.tmp\ml_dash.lng

c:\documents and settings\ABC\Ustawienia lokalne\temp\WLZ214E.tmp\ml_disc.lng

c:\documents and settings\ABC\Ustawienia lokalne\temp\WLZ214E.tmp\ml_history.lng

c:\documents and settings\ABC\Ustawienia lokalne\temp\WLZ214E.tmp\ml_impex.lng

c:\documents and settings\ABC\Ustawienia lokalne\temp\WLZ214E.tmp\ml_local.lng

c:\documents and settings\ABC\Ustawienia lokalne\temp\WLZ214E.tmp\ml_nowplaying.lng

c:\documents and settings\ABC\Ustawienia lokalne\temp\WLZ214E.tmp\ml_online.lng

c:\documents and settings\ABC\Ustawienia lokalne\temp\WLZ214E.tmp\ml_orb.lng

c:\documents and settings\ABC\Ustawienia lokalne\temp\WLZ214E.tmp\ml_playlists.lng

c:\documents and settings\ABC\Ustawienia lokalne\temp\WLZ214E.tmp\ml_plg.lng

c:\documents and settings\ABC\Ustawienia lokalne\temp\WLZ214E.tmp\ml_pmp.lng

c:\documents and settings\ABC\Ustawienia lokalne\temp\WLZ214E.tmp\ml_rg.lng

c:\documents and settings\ABC\Ustawienia lokalne\temp\WLZ214E.tmp\ml_transcode.lng

c:\documents and settings\ABC\Ustawienia lokalne\temp\WLZ214E.tmp\ml_wire.lng

c:\documents and settings\ABC\Ustawienia lokalne\temp\WLZ214E.tmp\out_disk.lng

c:\documents and settings\ABC\Ustawienia lokalne\temp\WLZ214E.tmp\out_ds.lng

c:\documents and settings\ABC\Ustawienia lokalne\temp\WLZ214E.tmp\out_wave.lng

c:\documents and settings\ABC\Ustawienia lokalne\temp\WLZ214E.tmp\playlist.lng

c:\documents and settings\ABC\Ustawienia lokalne\temp\WLZ214E.tmp\pmp_activesync.lng

c:\documents and settings\ABC\Ustawienia lokalne\temp\WLZ214E.tmp\pmp_ipod.lng

c:\documents and settings\ABC\Ustawienia lokalne\temp\WLZ214E.tmp\pmp_njb.lng

c:\documents and settings\ABC\Ustawienia lokalne\temp\WLZ214E.tmp\pmp_p4s.lng

c:\documents and settings\ABC\Ustawienia lokalne\temp\WLZ214E.tmp\pmp_usb.lng

c:\documents and settings\ABC\Ustawienia lokalne\temp\WLZ214E.tmp\tagz.lng

c:\documents and settings\ABC\Ustawienia lokalne\temp\WLZ214E.tmp\vis_avs.lng

c:\documents and settings\ABC\Ustawienia lokalne\temp\WLZ214E.tmp\vis_milk2.lng

c:\documents and settings\ABC\Ustawienia lokalne\temp\WLZ214E.tmp\vis_nsfs.lng

c:\documents and settings\ABC\Ustawienia lokalne\temp\WLZ214E.tmp\winamp.lng

c:\documents and settings\ABC\Ustawienia lokalne\temp\WLZ214E.tmp\winampa.lng

c:\program files\Mozilla Firefox\plugins\NPMyGlSh.dll

c:\program files\myglobalsearch

c:\program files\myglobalsearch\bar\1.bin\M9FFXTBR.JAR

c:\program files\myglobalsearch\bar\1.bin\M9FFXTBR.MANIFEST

c:\program files\myglobalsearch\bar\1.bin\M9NTSTBR.JAR

c:\program files\myglobalsearch\bar\1.bin\M9NTSTBR.MANIFEST

c:\program files\myglobalsearch\bar\1.bin\M9PLUGIN.DLL

c:\program files\myglobalsearch\bar\1.bin\MGSBAR.DLL

c:\program files\myglobalsearch\bar\1.bin\NPMYGLSH.DLL

c:\program files\myglobalsearch\bar\Cache\001D4B63

c:\program files\myglobalsearch\bar\Cache\001D4D86

c:\program files\myglobalsearch\bar\Cache\003082F2.bin

c:\program files\myglobalsearch\bar\Cache\003084A7.bin

c:\program files\myglobalsearch\bar\Cache\0030862E.bin

c:\program files\myglobalsearch\bar\Cache\files.ini

c:\program files\myglobalsearch\bar\History\search

c:\program files\myglobalsearch\bar\Settings\prevcfg.htm

C:\w.com

c:\windows\system32\Dvbpws.dll

D:\w.com

E:\w.com

.

((((((((((((((((((((((((( Pliki utworzone od 2009-04-22 do 2009-05-22 )))))))))))))))))))))))))))))))

.

2009-05-20 18:50 . 2009-05-20 18:50 -------- d-----w c:\documents and settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Apple

2009-05-19 15:14 . 2009-05-19 15:14 -------- d-----w c:\documents and settings\ABC\Dane aplikacji\2K Sports

2009-05-19 14:04 . 2009-05-21 09:49 -------- d-----w c:\program files\Steam

2009-05-19 14:00 . 2009-05-19 14:00 -------- d-----w c:\documents and settings\ABC\Ustawienia lokalne\Dane aplikacji\The Witcher

2009-05-19 13:57 . 2009-05-19 13:57 -------- d-----w c:\documents and settings\ABC\Ustawienia lokalne\Dane aplikacji\Oblivion

2009-05-19 13:54 . 2009-05-19 13:54 -------- d-----w c:\documents and settings\ABC\Dane aplikacji\Sports Interactive

2009-05-18 18:40 . 2008-04-14 20:50 159232 ----a-w c:\windows\system32\ptpusd.dll

2009-05-18 18:40 . 2001-10-26 15:29 5632 ----a-w c:\windows\system32\ptpusb.dll

2009-05-18 18:40 . 2008-04-13 22:15 15104 -c–a-w c:\windows\system32\dllcache\usbscan.sys

2009-05-18 18:40 . 2008-04-13 22:15 15104 ----a-w c:\windows\system32\drivers\usbscan.sys

2009-05-16 23:04 . 2009-05-20 14:14 -------- d-----w c:\documents and settings\ABC\Dane aplikacji\fretsonfire

2009-05-16 22:29 . 2004-06-22 13:44 5632 ----a-w c:\windows\system32\drivers\Entech64.sys

2009-05-16 22:16 . 2009-05-16 22:16 -------- d-----w c:\documents and settings\ABC\Ustawienia lokalne\Dane aplikacji\ACD Systems

2009-05-16 22:16 . 2009-05-16 22:16 -------- d-----w c:\documents and settings\ABC\Dane aplikacji\ACD Systems

2009-05-16 22:16 . 2009-05-16 22:16 -------- d-----w c:\program files\Common Files\Adobe

2009-05-16 22:13 . 2009-05-16 22:13 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\ACD Systems

2009-05-16 22:13 . 2009-05-16 22:13 -------- d-----w c:\program files\Common Files\ACD Systems

2009-05-16 22:13 . 2009-05-16 22:13 -------- d-----w c:\program files\ACD Systems

2009-05-16 22:13 . 2009-05-16 22:13 10368 ----a-w c:\windows\system32\drivers\pfc.sys

2009-05-16 21:26 . 2009-05-16 21:26 -------- d-----w c:\program files\Leadtek Research Inc

2009-05-16 21:26 . 2006-10-18 09:38 9728 ----a-w c:\windows\system32\drivers\cxavxbar.sys

2009-05-16 21:26 . 2006-10-18 09:37 50816 ----a-w c:\windows\system32\drivers\cx88tune.sys

2009-05-16 21:26 . 2006-10-18 09:37 162944 ----a-w c:\windows\system32\drivers\cx88vid.sys

2009-05-16 14:05 . 2009-05-16 14:05 -------- d-----w c:\documents and settings\ABC\Dane aplikacji\Media Player Classic

2009-05-16 14:04 . 2008-06-15 11:29 1774080 ----a-w C:\mplayerc.exe

2009-05-16 13:47 . 2009-05-16 22:28 -------- d-----w c:\program files\Futuremark

2009-05-16 13:46 . 2009-05-16 13:46 -------- d-----w c:\program files\Burn4Free

2009-05-16 13:41 . 2009-05-16 13:41 -------- d-----w c:\documents and settings\ABC\Dane aplikacji\Ashampoo

2009-05-16 12:44 . 2009-05-16 12:44 -------- d-----w c:\windows\system32\Futuremark

2009-05-16 12:44 . 2004-10-25 18:02 21664 ----a-w c:\windows\system32\drivers\Entech.sys

2009-05-16 12:44 . 2001-11-19 17:05 3972 ----a-w c:\windows\system32\drivers\PciBus.sys

2009-05-16 12:24 . 2009-05-16 12:24 -------- d-----w c:\program files\FotoSketcher 1.4

2009-05-16 12:19 . 2009-05-18 08:34 -------- d-----w c:\program files\Słownik Kontekstowy

2009-05-16 12:18 . 2009-05-16 12:18 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\ashampoo

2009-05-16 12:18 . 2009-05-16 12:18 -------- d-----w c:\documents and settings\ABC\Ustawienia lokalne\Dane aplikacji\ashampoo

2009-05-16 12:18 . 2009-05-16 12:22 -------- d-----w c:\program files\Ashampoo

2009-05-16 12:13 . 2004-05-13 21:54 14720 ----a-w c:\windows\system32\drivers\WmHidLo.sys

2009-05-16 12:13 . 2004-05-13 21:54 21440 ----a-w c:\windows\system32\drivers\WmFilter.sys

2009-05-16 12:13 . 2004-05-13 21:54 10144 ----a-w c:\windows\system32\drivers\WmBEnum.sys

2009-05-16 12:13 . 2004-05-13 21:54 5600 ----a-w c:\windows\system32\drivers\WmVirHid.sys

2009-05-16 12:13 . 2004-05-13 21:54 44384 ----a-w c:\windows\system32\drivers\WmXlCore.sys

2009-05-16 12:13 . 2004-05-13 21:40 167936 ----a-w c:\windows\system32\WmJoyFrc.dll

2009-05-16 12:13 . 2009-05-16 12:13 -------- d-----w c:\program files\Common Files\Logitech

2009-05-16 12:13 . 2009-05-16 12:13 -------- d-----w c:\program files\Logitech

2009-05-16 11:37 . 2009-05-16 11:37 -------- d-----w c:\documents and settings\ABC\Ustawienia lokalne\Dane aplikacji\Stardock

2009-05-16 11:37 . 2009-05-16 11:37 -------- dc-h–w c:\documents and settings\All Users\Dane aplikacji{DE032019-B933-4DF4-9174-48C52613DA13}

2009-05-16 11:37 . 2008-07-09 16:18 2397336 -c–a-w c:\documents and settings\All Users\Dane aplikacji{DE032019-B933-4DF4-9174-48C52613DA13}\CursorFX_setup.exe

2009-05-16 11:37 . 2009-05-16 11:37 -------- d-----w c:\program files\Stardock

2009-05-16 11:25 . 2009-05-16 11:25 -------- d-----w c:\documents and settings\ABC\Dane aplikacji\DivX

2009-05-16 11:19 . 2009-05-16 11:20 -------- d-----w c:\program files\ATITool

2009-05-16 11:01 . 2009-05-16 11:01 -------- d–h--r c:\documents and settings\ABC\Dane aplikacji\SecuROM

2009-05-16 10:51 . 2009-05-16 10:51 107888 ----a-w c:\windows\system32\CmdLineExt.dll

2009-05-16 10:49 . 2007-07-19 22:57 267112 ----a-w c:\windows\system32\xactengine2_9.dll

2009-05-16 10:48 . 2009-05-16 10:48 107832 ----a-w c:\windows\system32\PnkBstrB.exe

2009-05-16 10:48 . 2009-05-16 10:48 66872 ----a-w c:\windows\system32\PnkBstrA.exe

2009-05-16 10:48 . 2009-05-16 10:48 2250024 ----a-w c:\windows\system32\pbsvc.exe

2009-05-16 10:48 . 2009-05-16 10:48 -------- d-----w c:\windows\system32\LogFiles

2009-05-16 10:42 . 2009-05-16 10:42 -------- d-----w c:\documents and settings\ABC\Ustawienia lokalne\Dane aplikacji\Scansoft

2009-05-16 10:40 . 2009-05-16 10:40 -------- d-----w c:\program files\Xvid

2009-05-16 10:39 . 2009-05-16 10:39 -------- d-----w c:\program files\DivX

2009-05-16 10:39 . 2009-05-16 10:39 -------- d-----w c:\program files\Common Files\DivX Shared

2009-05-16 10:36 . 2008-04-13 22:17 25856 -c–a-w c:\windows\system32\dllcache\usbprint.sys

2009-05-16 10:36 . 2008-04-13 22:17 25856 ----a-w c:\windows\system32\drivers\usbprint.sys

2009-05-16 10:34 . 2009-05-16 10:34 -------- d-----w c:\program files\Nuance

2009-05-16 10:34 . 2009-05-16 10:34 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\InstallShield

2009-05-16 10:34 . 2009-05-16 10:34 -------- d-----w c:\program files\Common Files\ScanSoft Shared

2009-05-16 10:33 . 2009-05-16 10:34 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\ScanSoft

2009-05-16 10:33 . 2009-05-16 10:33 -------- d-----w c:\program files\ScanSoft

2009-05-16 10:33 . 2009-05-16 10:33 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\Brother

2009-05-16 10:27 . 2009-05-16 13:44 -------- d—a-w c:\documents and settings\All Users\Dane aplikacji\TEMP

2009-05-16 10:27 . 2009-05-16 13:31 -------- d-----w C:\Fraps

2009-05-16 10:24 . 2009-05-16 10:24 -------- d-----w c:\program files\QuickTime

2009-05-16 10:24 . 2009-05-16 10:24 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\Apple Computer

2009-05-16 10:24 . 2009-05-16 10:24 -------- d-----w c:\documents and settings\ABC\Ustawienia lokalne\Dane aplikacji\Apple

2009-05-16 10:24 . 2009-05-16 10:24 -------- d-----w c:\program files\Apple Software Update

2009-05-16 10:24 . 2009-05-16 10:24 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\Apple

2009-05-16 10:24 . 2009-05-16 10:24 -------- d-----w c:\documents and settings\ABC\Ustawienia lokalne\Dane aplikacji\Apple Computer

2009-05-16 10:23 . 2009-05-16 10:23 -------- d-----w c:\program files\VDOWNLOADER

2009-05-16 10:21 . 2009-05-20 18:09 -------- d-----w c:\documents and settings\ABC\Dane aplikacji\XnView

2009-05-16 10:21 . 2009-05-16 10:21 -------- d-----w c:\program files\XnView

2009-05-16 10:15 . 2004-12-23 15:27 27392 ----a-w c:\windows\system32\drivers\ULCDRHlp.sys

2009-05-16 10:14 . 2009-05-16 10:14 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\Ulead Systems

2009-05-16 10:14 . 2007-02-26 18:20 49152 ----a-w c:\windows\system32\TempDel.EXE

2009-05-16 10:14 . 2009-05-16 10:15 -------- d-----w C:\WFDB

2009-05-16 10:14 . 2005-01-06 14:55 9446 ----a-w c:\windows\system32\drivers\WFIOCTL.sys

2009-05-16 10:10 . 2009-05-16 10:10 -------- d-----w c:\program files\IrfanView

2009-05-16 10:09 . 2009-05-16 10:10 -------- d-----w c:\documents and settings\ABC\Dane aplikacji\BESTplayer

2009-05-16 10:09 . 2009-05-20 09:32 -------- d-----w c:\program files\EvilLyrics

2009-05-16 10:05 . 2009-05-21 21:23 -------- d-----w c:\program files\DC++

2009-05-16 10:04 . 2009-05-16 10:04 -------- d-----w c:\program files\coverXP

2009-05-16 10:00 . 2009-05-16 10:00 -------- d-----w C:\My Downloads

2009-05-16 10:00 . 2009-05-16 10:02 -------- d-----w c:\program files\BearShare

2009-05-16 09:56 . 2008-04-14 20:51 221184 ----a-w c:\windows\system32\wmpns.dll

2009-05-16 09:39 . 2009-05-16 09:40 -------- d-----w c:\documents and settings\ABC\Dane aplikacji\Nowe Gadu-Gadu

2009-05-16 09:38 . 2009-05-16 09:38 -------- d-----w c:\program files\Nowe Gadu-Gadu

2009-05-16 09:37 . 2009-05-16 09:37 -------- d-----w c:\documents and settings\ABC\WapSter

2009-05-16 09:36 . 2009-05-16 09:36 -------- d-----w c:\program files\WapSter

2009-05-16 09:33 . 2009-05-16 09:33 -------- d-----w c:\windows\Downloaded Installations

2009-05-16 09:29 . 2009-05-16 09:29 -------- d-----w C:\NVIDIA

2009-05-16 09:27 . 2004-07-09 02:26 354816 -c–a-w c:\windows\system32\dllcache\psisdecd.dll

2009-05-16 09:27 . 2004-07-09 02:26 354816 ----a-w c:\windows\system32\psisdecd.dll

2009-05-16 09:27 . 2004-07-09 02:26 52096 -c–a-w c:\windows\system32\dllcache\msdv.sys

2009-05-16 09:27 . 2004-07-09 02:26 52096 ----a-w c:\windows\system32\drivers\msdv.sys

2009-05-16 09:27 . 2004-07-09 02:26 15104 -c–a-w c:\windows\system32\dllcache\mpe.sys

2009-05-16 09:27 . 2004-07-09 02:26 15104 ----a-w c:\windows\system32\drivers\mpe.sys

2009-05-16 09:27 . 2004-07-09 02:26 11392 -c–a-w c:\windows\system32\dllcache\bdasup.sys

2009-05-16 09:27 . 2004-07-09 02:26 11392 ----a-w c:\windows\system32\drivers\bdasup.sys

2009-05-16 09:27 . 2002-08-29 01:41 31744 -c–a-w c:\windows\system32\dllcache\pid.dll

2009-05-16 09:27 . 2002-12-11 22:14 46592 ----a-w c:\windows\system32\dxdllreg.exe

2009-05-16 09:26 . 2009-05-16 09:27 -------- d–h--w c:\windows\msdownld.tmp

2009-05-16 09:19 . 2009-05-15 11:23 1213952 ----a-w C:\BESTplayer.exe

2009-05-16 09:01 . 2008-04-14 20:50 21504 -c–a-w c:\windows\system32\dllcache\hidserv.dll

2009-05-16 09:01 . 2008-04-14 20:50 21504 ----a-w c:\windows\system32\hidserv.dll

2009-05-16 09:01 . 2001-10-26 14:57 12160 -c–a-w c:\windows\system32\dllcache\mouhid.sys

2009-05-16 09:01 . 2001-10-26 14:57 12160 ----a-w c:\windows\system32\drivers\mouhid.sys

2009-05-16 09:01 . 2008-04-14 19:50 14720 -c–a-w c:\windows\system32\dllcache\kbdhid.sys

2009-05-16 09:01 . 2008-04-14 19:50 14720 ----a-w c:\windows\system32\drivers\kbdhid.sys

2009-05-16 09:01 . 2008-04-13 22:15 10368 -c–a-w c:\windows\system32\dllcache\hidusb.sys

2009-05-16 09:01 . 2008-04-13 22:15 10368 ----a-w c:\windows\system32\drivers\hidusb.sys

2009-05-16 09:00 . 2008-04-13 22:15 32128 -c–a-w c:\windows\system32\dllcache\usbccgp.sys

2009-05-16 09:00 . 2008-04-13 22:15 32128 ----a-w c:\windows\system32\drivers\usbccgp.sys

2009-05-16 06:43 . 2009-05-16 22:11 -------- d-----w C:\WinFast WorkArea

2009-05-16 06:34 . 2003-11-14 10:30 197908 ----a-r c:\windows\system32\drivers\wf88vcap.sys

2009-05-16 06:34 . 2008-04-14 20:50 54784 -c–a-w c:\windows\system32\dllcache\vfwwdm32.dll

2009-05-16 06:34 . 2008-04-14 20:50 54784 ----a-w c:\windows\system32\vfwwdm32.dll

.

(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-05-17 08:47 . 2006-03-02 12:00 74450 ----a-w c:\windows\system32\perfc015.dat

2009-05-17 08:47 . 2006-03-02 12:00 448348 ----a-w c:\windows\system32\perfh015.dat

2009-05-16 22:28 . 2009-05-15 19:05 -------- d–h--w c:\program files\InstallShield Installation Information

2009-05-16 10:49 . 2009-05-16 10:49 22328 ----a-w c:\windows\system32\drivers\PnkBstrK.sys

2009-05-16 10:49 . 2009-05-16 10:49 22328 ----a-w c:\documents and settings\ABC\Dane aplikacji\PnkBstrK.sys

2009-05-16 10:42 . 2009-05-15 19:01 39352 ----a-w c:\documents and settings\ABC\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT

2009-05-16 10:35 . 2009-05-16 10:35 50 ----a-w c:\windows\system32\bridf07a.dat

2009-05-16 10:35 . 2009-05-16 10:35 -------- d-----w c:\program files\Brother

2009-05-16 10:34 . 2009-05-15 19:07 -------- d-----w c:\program files\Common Files\InstallShield

2009-05-16 10:12 . 2009-05-16 05:52 -------- d-----w c:\program files\Eset

2009-05-16 09:51 . 2009-05-16 09:51 -------- d-----w c:\documents and settings\ABC\Dane aplikacji\Winamp

2009-05-16 09:51 . 2009-05-16 09:51 -------- d-----w c:\program files\Winamp

2009-05-16 09:30 . 2009-05-15 19:14 -------- d-----w c:\program files\Common Files\Wise Installation Wizard

2009-05-16 09:30 . 2009-05-15 19:14 -------- d-----w c:\program files\AGEIA Technologies

2009-05-16 06:16 . 2009-05-15 18:58 76487 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat

2009-05-16 05:54 . 2008-04-14 20:51 510464 ----a-w c:\windows\system32\winlogon.exe

2009-05-16 05:53 . 2009-05-16 05:52 -------- d-----w c:\program files\PDFCreator

2009-05-16 05:52 . 2009-05-16 05:52 298104 ----a-w c:\windows\system32\imon.dll

2009-05-16 05:52 . 2009-05-16 05:52 512096 ----a-w c:\windows\system32\drivers\amon.sys

2009-05-16 05:52 . 2009-05-16 05:52 15424 ----a-w c:\windows\system32\drivers\nod32drv.sys

2009-05-16 05:52 . 2009-05-16 05:52 -------- d-----w c:\program files\K-Lite Codec Pack

2009-05-16 05:52 . 2009-05-16 05:52 -------- d-----w c:\program files\Gadu-Gadu

2009-05-15 19:13 . 2009-05-15 19:13 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\Creative

2009-05-15 19:11 . 2009-05-15 19:08 -------- d-----w c:\program files\Creative

2009-05-15 19:05 . 2009-05-15 19:05 -------- d-----w c:\program files\Realtek

2009-05-15 19:05 . 2009-05-15 19:05 -------- d-----w c:\documents and settings\ABC\Dane aplikacji\InstallShield

2009-05-15 19:03 . 2009-05-15 19:03 -------- d-----w c:\program files\Intel

2009-05-15 18:58 . 2009-05-15 18:58 -------- d-----w c:\program files\microsoft frontpage

2009-05-15 18:57 . 2009-05-15 18:57 -------- d-----w c:\program files\Usługi online

2009-05-15 18:56 . 2009-05-15 18:56 21856 ----a-w c:\windows\system32\emptyregdb.dat

2009-05-13 09:03 . 2009-05-13 09:03 1571840 ----a-w c:\windows\system32\sfcfiles.dll

2009-05-13 09:02 . 2009-05-13 09:02 999936 ----a-w c:\windows\system32\syssetup.dll

2009-04-30 22:30 . 2009-04-30 22:30 1194528 ----a-w c:\windows\system32\nvcplui.exe

2009-04-30 20:02 . 2009-05-15 19:14 457248 ----a-w c:\windows\system32\nvudisp.exe

2009-04-30 20:02 . 2009-04-30 20:02 663552 ----a-w c:\windows\system32\nvcuvid.dll

2009-04-30 20:02 . 2009-04-30 20:02 1579630 ----a-w c:\windows\system32\nvdata.bin

2009-04-30 20:02 . 2009-04-30 20:02 1314816 ----a-w c:\windows\system32\nvcuvenc.dll

2009-04-30 20:02 . 2008-12-02 21:11 9994240 ----a-w c:\windows\system32\nvoglnt.dll

2009-04-30 20:02 . 2008-12-02 21:11 806912 ----a-w c:\windows\system32\nvapi.dll

2009-04-30 20:02 . 2008-12-02 21:11 8055584 ----a-w c:\windows\system32\drivers\nv4_mini.sys

2009-04-30 20:02 . 2008-12-02 21:11 5896320 ----a-w c:\windows\system32\nv4_disp.dll

2009-04-30 20:02 . 2008-12-02 21:11 1720320 ----a-w c:\windows\system32\nvcuda.dll

2009-04-30 20:02 . 2008-12-02 21:11 143360 ----a-w c:\windows\system32\nvcodins.dll

2009-04-30 20:02 . 2008-12-02 21:11 143360 ----a-w c:\windows\system32\nvcod.dll

2009-04-26 22:42 . 2009-05-15 19:14 457248 ----a-w c:\windows\system32\NVUNINST.EXE

2009-04-15 20:24 . 2009-04-15 20:24 90112 ----a-w c:\windows\system32\dpl100.dll

2009-04-15 20:24 . 2009-04-15 20:24 823296 ----a-w c:\windows\system32\divx_xx0c.dll

2009-04-15 20:24 . 2009-04-15 20:24 823296 ----a-w c:\windows\system32\divx_xx07.dll

2009-04-15 20:24 . 2009-04-15 20:24 815104 ----a-w c:\windows\system32\divx_xx0a.dll

2009-04-15 20:24 . 2009-04-15 20:24 802816 ----a-w c:\windows\system32\divx_xx11.dll

2009-04-15 20:24 . 2009-04-15 20:24 684032 ----a-w c:\windows\system32\DivX.dll

2009-04-03 10:39 . 2009-04-03 10:39 70936 ----a-w c:\windows\system32\PhysXLoader.dll

2009-03-06 14:22 . 2008-04-14 20:50 285696 ----a-w c:\windows\system32\pdh.dll

2009-04-15 20:24 . 2009-04-15 20:24 1044480 ----a-w c:\program files\mozilla firefox\plugins\libdivx.dll

2009-04-15 20:24 . 2009-04-15 20:24 200704 ----a-w c:\program files\mozilla firefox\plugins\ssldivx.dll

2009-04-15 20:24 . 2009-04-15 20:24 1044480 ----a-w c:\program files\opera\program\plugins\libdivx.dll

2009-04-15 20:24 . 2009-04-15 20:24 200704 ----a-w c:\program files\opera\program\plugins\ssldivx.dll

.

------- Sigcheck -------

[-] 2009-05-16 05:54 510464 A28A6CF17306BAB8B5D5590B8DD734BA c:\windows\system32\winlogon.exe

[-] 2009-05-13 09:03 1571840 C8BDAD4065118558B3DC360FC96D81DB c:\windows\system32\sfcfiles.dll

.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“CursorFX”=“c:\program files\Stardock\CursorFX\CursorFX.exe” [2008-07-07 416768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“UserFaultCheck”=“c:\windows\system32\dumprep 0 -u” [X]

“CTSysVol”=“c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe” [2005-10-31 57344]

“UpdReg”=“c:\windows\UpdReg.EXE” [2000-05-10 90112]

“SunJavaUpdateSched”=“c:\program files\Java\jre1.6.0\bin\jusched.exe” [2009-05-16 57344]

“nod32kui”=“c:\program files\Eset\nod32kui.exe” [2009-05-16 949376]

“NvCplDaemon”=“c:\windows\system32\NvCpl.dll” [2009-04-30 13750272]

“NvMediaCenter”=“c:\windows\system32\NvMcTray.dll” [2009-04-30 86016]

“QuickTime Task”=“c:\program files\QuickTime\QTTask.exe” [2009-01-05 413696]

“SSBkgdUpdate”=“c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe” [2006-10-25 210472]

“PaperPort PTD”=“c:\program files\ScanSoft\PaperPort\pptd40nt.exe” [2007-01-29 30248]

“IndexSearch”=“c:\program files\ScanSoft\PaperPort\IndexSearch.exe” [2007-01-29 46632]

“PPort11reminder”=“c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe” [2007-02-01 255528]

“BrMfcWnd”=“c:\program files\Brother\Brmfcmon\BrMfcWnd.exe” [2007-03-12 663552]

“ControlCenter3”=“c:\program files\Brother\ControlCenter3\brctrcen.exe” [2007-01-26 65536]

“Adobe Reader Speed Launcher”=“c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe” [2009-02-27 35696]

“P17Helper”=“P17.dll” - c:\windows\system32\P17.dll [2005-05-03 64512]

“nwiz”=“nwiz.exe” - c:\windows\system32\nwiz.exe [2009-04-30 1657376]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“c:\windows\system32\CTFMON.EXE” [2008-04-14 15360]

c:\documents and settings\All Users\Menu Start\Programy\Autostart\

ATITool.lnk - c:\program files\ATITool\ATITool.exe [2006-12-8 3035136]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

“AntiVirusOverride”=dword:00000001

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

“%windir%\Network Diagnostic\xpnetdiag.exe”=

“%windir%\system32\sessmgr.exe”=

“c:\Program Files\Gadu-Gadu\gg.exe”=

“c:\Program Files\WapSter\WapSter AQQ\AQQ.exe”=

“c:\Program Files\BearShare\BearShare.exe”=

“c:\Program Files\DC++\DCPlusPlus.exe”=

“d:\Games\Far Cry 2\bin\FarCry2.exe”=

“d:\Games\Far Cry 2\bin\FC2Launcher.exe”=

“d:\Games\Far Cry 2\bin\FC2Editor.exe”=

“c:\WINDOWS\system32\PnkBstrA.exe”=

“c:\WINDOWS\system32\PnkBstrB.exe”=

“c:\Program Files\Steam\steamapps\common\nba 2k9\nba2k9.exe”=

R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2009-05-16 15424]

S2 WF23880;WinFast TV2000/DV2000 WDM Video Capture.;c:\windows\system32\drivers\wf88vcap.sys [2009-05-16 197908]

S2 WF88XBAR;WinFast TV2000/DV2000 WDM Crossbar.;c:\windows\system32\drivers\WF88XBAR.sys [2009-05-16 10405]

S2 WFTUNE;WinFast TV2000/DV2000 WDM Tuner.;c:\windows\system32\drivers\wf88tune.sys [2009-05-16 34422]

S3 AVPsys;AVPsys;??\c:\windows\system32\drivers\cdaudio.sys --> c:\windows\system32\drivers\cdaudio.sys [?]

.

Zawartość folderu ‘Zaplanowane zadania’

2009-05-20 c:\windows\Tasks\AppleSoftwareUpdate.job

c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

.

- - - USUNIĘTO PUSTE WPISY - - - -

HKCU-Run-AdobeUpdater - c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe

.

------- Skan uzupełniający -------

.

uStart Page = hxxp://search.bearshare.com/pl/

IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

LSP: c:\windows\system32\imon.dll

TCP: {E7F6A784-DE32-45F1-B9C3-349664355E80} = 217.30.129.149 217.30.137.200

FF - ProfilePath - c:\documents and settings\ABC\Dane aplikacji\Mozilla\Firefox\Profiles\vaix08ee.default\

FF - plugin: c:\program files\Java\jre1.6.0\bin\npdeploytk.dll

FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava11.dll

FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava12.dll

FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava13.dll

FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava14.dll

FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava32.dll

FF - plugin: c:\program files\Java\jre1.6.0\bin\npjpi160.dll

FF - plugin: c:\program files\Java\jre1.6.0\bin\npoji610.dll

FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll

FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-05-22 13:04

Windows 5.1.2600 Dodatek Service Pack 3 NTFS

skanowanie ukrytych procesów …

skanowanie ukrytych wpisów autostartu …

skanowanie ukrytych plików …

skanowanie pomyślnie ukończone

ukryte pliki: 0

**************************************************************************

.

--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------

[HKEY_USERS\S-1-5-21-1060284298-1979792683-1801674531-1004\Software\SecuROM!CAUTION! NEVER A OR CHANGE ANY KEY*]

“??”=hex:69,45,94,32,06,bb,93,1f,ee,06,49,ed,c3,c3,55,2b,23,43,e1,41,2e,14,b0,

b5,b1,0e,a0,8a,dc,c5,1f,0f,14,a6,a6,77,ab,0d,a6,45,ea,7d,9b,9e,0f,7d,42,3b,\

“??”=hex:72,56,21,09,66,42,4a,09,37,a2,ee,0e,97,73,ec,09

[HKEY_USERS\S-1-5-21-1060284298-1979792683-1801674531-1004\Software\SecuROM\License information*]

“datasecu”=hex:92,2d,36,49,5e,bd,dc,e8,44,02,08,a2,e6,60,46,7c,57,60,0c,b2,22,

ac,e2,de,25,bc,2f,59,b1,31,e2,78,d3,3c,f8,36,00,af,96,82,fa,ee,d9,06,50,bc,\

“rkeysecu”=hex:60,d4,fb,ec,19,05,9c,b8,f0,14,f4,5d,36,dc,08,20

.

--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

- - - - > ‘lsass.exe’(736)

c:\windows\system32\imon.dll

c:\program files\Eset\pr_imon.dll

- - - - > ‘explorer.exe’(3912)

c:\program files\Stardock\CursorFX\CurXP0.dll

c:\progra~1\MICROS~2\OFFICE11\MCPS.DLL

.

------------------------ Pozostałe uruchomione procesy ------------------------

.

c:\windows\system32\nvsvc32.exe

c:\windows\system32\rundll32.exe

c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\program files\Brother\ControlCenter3\BrccMCtl.exe

c:\program files\Brother\Brmfcmon\BrMfcMon.exe

c:\program files\Eset\nod32krn.exe

c:\windows\system32\PnkBstrA.exe

c:\windows\system32\PnkBstrB.exe

c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

c:\windows\system32\wdfmgr.exe

c:\program files\Opera\opera.exe

.

**************************************************************************

.

Czas ukończenia: 2009-05-22 13:05 - komputer został uruchomiony ponownie

ComboFix-quarantined-files.txt 2009-05-22 11:05

Przed: 47 559 622 656 bajtów wolnych

Po: 47 634 837 504 bajtów wolnych

WindowsXP-KB310994-SP2-Home-BootDisk-PLK.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT=“Microsoft Windows Recovery Console” /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS=“Microsoft Windows XP Home Edition” /noexecute=optin /fastdetect

479 — E O F — 2009-05-21 07:50

Proszę o dalsze wskazówki, co teraz robić. Z góry dziekuję.

spandaupol · 22 Maj 2009 13:16

usuń ręcznie folder C: \Qoobox oraz instalkę Combofix z dysku.

Przeczyść system oraz rejestr CCleaner

Wyłącz i włącz przywracanie systemu na wszystkich dyskach. Instrukcja

Przeskanuj obszar Mój komputer Kaspersky Online Scanner Jeśli skaner coś znajdzie daj raport na forum

sajki · 22 Maj 2009 14:45

Ok, usunąłem ten folder. CCleaner po skannowaniu rejestru znalazł takie błędy:

http://img34.imageshack.us/img34/5447/50506781.jpg

Coś z tym mam robić? Jeszcze nie włączałem przywracania systemu.

deFco247 · 22 Maj 2009 14:56

To wszystko co znalazł CCleaner można bezpiecznie usunąć.

sajki · 22 Maj 2009 15:03

Jesteś pewien? Bo doopiero co robiłem gruntowny format, a nie chce znów tego powtarzać… A jeśli można to, co dalej? Mam po prostu wyłączyć przywracanie systemu i zaraz znowu włączyć? Czy to też będzie bezpieczne i w zasadzie po co to robić? No i co dalej? Tylko Kaspersky Online Scanner?

deFco247 · 22 Maj 2009 15:19

Tak, jestem tego pewien. Wszystko co widoczne na zdjęciu możesz bezpiecznie usunąć.

Tak, wyłączyć i włączyć. Robi się to, aby usunąć szkodniki, które mogły ostać się w folderach Przywracania Systemu (System Volume Information)

Tak, tylko skan. Jeśli coś znajdzie to daj raport.

sajki · 22 Maj 2009 18:00

Udało się, Kaspersky nic nie znalazł, NOD32 też nie. Serdeczne dzięki za pomoc, pozdrawiam.