komputer wolno chodzi

[piotrek234]

cześć tak jak w temacie i proszę o sprawdzenie loga

HJT

Kod: Zaznacz wszystko

Logfile of HijackThis v1.99.1
Scan saved at 15:18:30, on 2007-09-10
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
D:\Program Files\mks_vir_2007\bin\MksFwall.exe
D:\Program Files\mks_vir_2007\bin\MksPC.exe
D:\Program Files\mks_vir_2007\bin\mksupdate.exe
D:\Program Files\mks_vir_2007\bin\mksvirmonsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
D:\Program Files\mks_vir_2007\bin\mkstray.exe
D:\Program Files\mks_vir_2007\bin\mks_mail.exe
D:\Program Files\mks_vir_2007\bin\mksregmon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Gadu-Gadu2\gg.exe
D:\Program Files\Winamp\winamp.exe
C:\Program Files\Opera\Opera.exe
C:\Documents and Settings\rodzinka\Pulpit\częściowe pliki\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.5.19.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [mkstray] D:\Program Files\mks_vir_2007\bin\mkstray.exe
O4 - HKLM\..\Run: [mks_mail] D:\Program Files\mks_vir_2007\bin\mks_mail.exe
O4 - HKLM\..\Run: [MKSRegmon] D:\Program Files\mks_vir_2007\bin\mksregmon.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Wyslij SMS'a - {215940F1-E7E0-4801-BEE3-44D045534106} - C:\Program Files\Common Files\moje.js
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: d:\program files\mks_vir_2007\bin\\mkslsp.dll
O10 - Unknown file in Winsock LSP: d:\program files\mks_vir_2007\bin\\mkslsp.dll
O10 - Unknown file in Winsock LSP: d:\program files\mks_vir_2007\bin\\mkslsp.dll
O10 - Unknown file in Winsock LSP: d:\program files\mks_vir_2007\bin\\mkslsp.dll
O16 - DPF: {112857FE-03FF-11D5-9A3F-0080C8D85044} (GameDesire Solitaires) - http://67.15.101.3/g_bin/pl/solitaire_2_0_0_28.cab
O16 - DPF: {18506D80-9B80-11D4-82C2-0080C8D7ED4A} (GameDesire Roulette) - http://67.15.101.3/g_bin/pl/roulette_2_0_0_27.cab
O16 - DPF: {41ACD49D-1974-791A-0981-AA9872721044} (Ganymede Board Games) - http://67.15.101.3/g_bin/pl/boards_2_0_0_34.cab
O16 - DPF: {4539348E-01D7-11D5-9A39-0080C8D85044} (GameDesire Slots 90th) - http://67.15.101.3/g_bin/pl/slots90_2_0_0_35.cab
O16 - DPF: {4B4513E2-4E57-43DF-9496-FCD37E9DFA64} (GameDesire Sea Battle) - http://67.15.101.3/g_bin/pl/navy_2_0_0_29.cab
O16 - DPF: {A6212120-01D4-11D5-9A39-0080C8D85044} (GameDesire Slots 70th) - http://67.15.101.3/g_bin/pl/slots70_2_0_0_35.cab
O16 - DPF: {A7196C8E-35A5-4FF0-9E46-E28918B5CAF6} (GameDesire Domino) - http://67.15.101.3/g_bin/pl/domino_2_0_0_33.cab
O16 - DPF: {A9ED6AA2-D9D4-4D71-9586-E293E2E3580B} (GameDesire Marbles&Diamonds&Runes) - http://67.15.101.3/g_bin/pl/marbles_2_0_0_32.cab
O16 - DPF: {AC120B1D-9411-4111-AF52-118052D85D45} (GameDesire Darts Games) - http://67.15.101.3/g_bin/pl/darts_2_0_0_40.cab
O16 - DPF: {BFA1F11D-3121-AFE1-4112-894323212DAC} (GameDesire Word Games) - http://67.15.101.3/g_bin/pl/words_2_0_0_51.cab
O16 - DPF: {BFA1F11D-3121-AFE1-4112-983219421AEF} (GameDesire 1Player Word Games) - http://67.15.101.3/g_bin/pl/wordssingle_2_0_0_48.cab
O16 - DPF: {E23FABEE-12E3-33DA-DA12-195DAC123984} (GameDesire Mahjong) - http://67.15.101.3/g_bin/pl/mahjong_2_0_0_29.cab
O16 - DPF: {E95CF138-A587-4C54-8175-3AD80997CB14} (GameDesire Soccer) - http://67.15.101.3/g_bin/pl/soccer_2_0_0_19.cab
O16 - DPF: {ECEAD8AE-01D6-11D5-9A39-0080C8D85044} (GameDesire Slots 80th) - http://67.15.101.3/g_bin/pl/slots80_2_0_0_35.cab
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://67.15.101.3/g_bin/pl/billard8_2_0_0_35.cab
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C6} (GameDesire Pool 8UK) - http://67.15.101.3/g_bin/pl/billard8UK_2_0_0_35.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: MksFwall - MKS Sp z o.o. - D:\Program Files\mks_vir_2007\bin\MksFwall.exe
O23 - Service: MksPC - Unknown owner - D:\Program Files\mks_vir_2007\bin\MksPC.exe
O23 - Service: MksUpdate - MKS Sp. z o. o. - D:\Program Files\mks_vir_2007\bin\mksupdate.exe
O23 - Service: mks_vir file monitor (MksVirMonSvc) - Unknown owner - D:\Program Files\mks_vir_2007\bin\mksvirmonsvc.exe
O23 - Service: MkS_Scan - Unknown owner - D:\Program Files\mks_vir_2007\bin\mks_scan.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

Combofix

Kod: Zaznacz wszystko

ComboFix 07-08-04.3 - "rodzinka" 2007-09-10 15:20:39.2 [GMT 2:00] - NTFS
Microsoft Windows XP Professional  5.1.2600.2.1250.1.1045.18.Prawda


(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))



C:\DOCUME~1\rodzinka\Pulpit.\internet explorer.lnk


(((((((((((((((((((((((((   Files Created from 2007-08-10 to 2007-09-10  )))))))))))))))))))))))))))))))


2007-09-09 10:40   <DIR>   d--------   C:\WINDOWS\SHELLNEW
2007-09-09 10:40   <DIR>   d--------   C:\Program Files\Microsoft.NET
2007-09-05 17:49   45   ---h-----   C:\WINDOWS\dsez0875.dat
2007-09-03 12:50   <DIR>   d--------   C:\Program Files\GameSpy Arcade
2007-08-29 13:52   <DIR>   d--------   C:\Program Files\Silver Style Entertainment
2007-08-29 13:38   <DIR>   d--------   C:\Program Files\SCAR
2007-08-24 21:27   <DIR>   d--------   C:\Program Files\Google
2007-08-24 21:27   <DIR>   d--------   C:\DOCUME~1\rodzinka\DANEAP~1\Google
2007-08-17 17:41   <DIR>   d--------   C:\DOCUME~1\rodzinka\DANEAP~1\Soldat
2007-08-16 20:05   <DIR>   d--------   C:\Program Files\Gadu-Gadu2
2007-08-16 20:02   <DIR>   d--------   C:\DOCUME~1\rodzinka\DANEAP~1\MksVir2007


((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-09-09 23:16   ---------   d--------   C:\Program Files\eMule
2007-09-08 10:11   ---------   d--------   C:\Program Files\nLite
2007-09-07 23:05   ---------   d--------   C:\DOCUME~1\rodzinka\DANEAP~1\Skype
2007-09-07 18:21   ---------   d--------   C:\DOCUME~1\rodzinka\DANEAP~1\Tibia
2007-09-05 11:40   83790   --a------   C:\WINDOWS\system32\perfc015.dat
2007-09-05 11:40   489558   --a------   C:\WINDOWS\system32\perfh015.dat
2007-09-04 11:31   ---------   d--------   C:\Program Files\Ganymede
2007-08-30 12:57   10345   --a------   C:\WINDOWS\system32\drivers\hamachi.sys
2007-08-21 08:47   ---------   d--------   C:\Program Files\Opera
2007-08-12 09:36   ---------   d--------   C:\DOCUME~1\rodzinka\DANEAP~1\GanymedeNet
2007-08-03 19:53   ---------   d--------   C:\Program Files\FRISK Software
2007-08-03 18:36   ---------   d--------   C:\Program Files\TryMedia
2007-08-03 18:36   ---------   d--------   C:\Program Files\FreshGames
2007-08-02 16:22   ---------   d--------   C:\DOCUME~1\rodzinka\DANEAP~1\CallingID
2007-07-29 17:55   ---------   d--------   C:\DOCUME~1\rodzinka\DANEAP~1\Languages
2007-07-29 14:40   ---------   d--------   C:\Program Files\ExPLabs.com
2007-07-27 10:26   ---------   d--------   C:\Program Files\SpeedFan
2007-07-25 22:03   ---------   d--------   C:\DOCUME~1\rodzinka\DANEAP~1\Temp
2007-07-25 22:03   ---------   d--------   C:\DOCUME~1\rodzinka\DANEAP~1\GinSlots
2007-07-25 22:03   ---------   d--------   C:\DOCUME~1\rodzinka\DANEAP~1\Common
2007-07-25 22:03   ---------   d--------   C:\DOCUME~1\rodzinka\DANEAP~1\Adv
2007-07-22 11:47   ---------   d--------   C:\Program Files\Common Files\iS3
2007-07-20 19:00   ---------   d--------   C:\DOCUME~1\rodzinka\DANEAP~1\Artweaver
2007-07-20 08:49   ---------   d--------   C:\Program Files\EA SPORTS
2007-07-12 19:19   4096   --a------   C:\WINDOWS\d3dx.dat
2007-07-12 19:17   12400   --a------   C:\WINDOWS\system32\drivers\secdrv.sys
2007-07-12 19:07   ---------   d--h-----   C:\Program Files\InstallShield Installation Information
2007-07-10 11:41   ---------   d--------   C:\DOCUME~1\rodzinka\DANEAP~1\Ethereal
2007-06-26 16:53   766   --a------   C:\Program Files\Common Files\sms.ico
2007-06-26 16:53   70   --a------   C:\Program Files\Common Files\moje.js
2007-06-20 18:43   4498   --a------   C:\WINDOWS\unins000.dat
2007-06-19 18:11   3426   --a------   C:\WINDOWS\unins001.dat
2007-06-17 00:11   51200   --a------   C:\WINDOWS\nircmd.exe
2007-06-15 15:59   2560   --a------   C:\WINDOWS\system32\BitCometRes.dll
2005-09-09 19:55   7155864   --a------   C:\Program Files\NGhost10.msi
2005-09-09 19:55   4588454   --a------   C:\Program Files\setup.exe
2005-09-09 19:55   37766164   --a------   C:\Program Files\Data1.cab
2005-09-09 19:55   35   --a------   C:\Program Files\SCSSDist.ini


(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
 
 
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 15:21 C:\WINDOWS\system32\HdAShCut.exe]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 03:11]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2005-09-07 15:35]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2006-06-01 11:22]
"NvMediaCenter"="NvMCTray.dll" [2006-06-01 11:22 C:\WINDOWS\system32\nvmctray.dll]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"nwiz"="nwiz.exe" [2006-06-01 11:22 C:\WINDOWS\system32\nwiz.exe]
"mkstray"="D:\Program Files\mks_vir_2007\bin\mkstray.exe" [2007-08-07 20:10]
"mks_mail"="D:\Program Files\mks_vir_2007\bin\mks_mail.exe" [2007-05-24 05:06]
"MKSRegmon"="D:\Program Files\mks_vir_2007\bin\mksregmon.exe" [2007-05-24 05:06]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoInstrumentation"=0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MkS_Scan]
@="service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^rodzinka^Menu Start^Programy^Autostart^DeskPins.lnk]
path=C:\Documents and Settings\rodzinka\Menu Start\Programy\Autostart\DeskPins.lnk
backup=C:\WINDOWS\pss\DeskPins.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
"D:\bittorrent.exe" --force_start_minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"D:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flashget]
D:\Program Files\FlashGet\FlashGet.exe /min

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu]
"C:\Program Files\Gadu-Gadu\gg.exe" /tray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
C:\Program Files\Nero\Nero 7\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstalkiLite]
D:\Program Files\INSTALKI.pl\InstalkiLite\InstalkiLite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2 (0x2)
"szserver"=2 (0x2)

R0 hotcore2;hotcore2;C:\WINDOWS\system32\drivers\hotcore2.sys
R0 mksidsa;mksidsa;C:\WINDOWS\system32\mksidsa.sys
R0 sfvfs02;StarForce Protection VFS Driver (version 2.x);C:\WINDOWS\system32\drivers\sfvfs02.sys
R0 speedfan;speedfan;C:\WINDOWS\system32\speedfan.sys
R1 aslm75;aslm75;\??\C:\WINDOWS\system32\drivers\aslm75.sys
R1 asuskbnt;Enhanced Display Driver Helper Service;C:\WINDOWS\system32\drivers\atkkbnt.sys
R1 mksfwallt;mksfwallt;\??\C:\WINDOWS\system32\mksfwallt.sys
R2 Dnscache;Klient DNS;C:\WINDOWS\System32\svchost.exe -k NetworkService
R2 EIO;EIO;\??\C:\WINDOWS\system32\drivers\EIO.sys
R2 MksFwall;MksFwall;"D:\Program Files\mks_vir_2007\bin\MksFwall.exe"
R2 MksPC;MksPC;"D:\Program Files\mks_vir_2007\bin\MksPC.exe"
R2 MksUpdate;MksUpdate;"D:\Program Files\mks_vir_2007\bin\mksupdate.exe"
R3 AEAudioService;AEAudio Service;C:\WINDOWS\system32\drivers\AEAudio.sys
R3 mksfwallf;mksfwallf;\??\C:\WINDOWS\system32\mksfwallf.sys
R3 mksidsf;mksidsf;\??\C:\WINDOWS\system32\mksidsf.sys
R3 MksMonEn;MksMonEn;\??\D:\Program Files\mks_vir_2007\bin\MksMonEn.sys
R3 MksMonEv;MksMonEv;\??\D:\Program Files\mks_vir_2007\bin\MksMonEv.sys
R3 MksMonFd;MksMonFd;\??\D:\Program Files\mks_vir_2007\bin\MksMonFd.sys
R3 ndiscm;Motorola SURFboard USB Cable Modem Windows Driver;C:\WINDOWS\system32\DRIVERS\NetMotCM.sys
R3 SenFiltService;SenFilt Service;C:\WINDOWS\system32\drivers\Senfilt.sys
S0 szkg;szkg;C:\WINDOWS\system32\DRIVERS\szkg.sys
S3 idsvc;Windows CardSpace;"C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe"
S3 MEMSWEEP2;MEMSWEEP2;\??\C:\WINDOWS\system32\B1.tmp
S3 PSSdk23;PSSdk23;\??\C:\WINDOWS\system32\Drivers\PsSdk23.drv
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service;"C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c229c4ce-f16a-11db-8b7e-0014040ba33e}]
AutoRun\command- F:\RunGame.exe

*Newly Created Service* - GMER

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-10 15:24:48
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\A\1\5\1c]
"Order"=hex:08,00,00,00,02,00,00,00,b8,01,00,00,01,00,00,00,04,00,00,00,8c,..

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-09-10 15:27:19
C:\ComboFix-quarantined-files.txt ... 2007-09-10 15:26
C:\ComboFix2.txt ... 2007-08-07 13:28

   --- E O F ---


[pp3088]

Jak dla mnie czysto. Przeczyśc tempy, rejestr.

start>.uruchom>>msconfig>>odznacz pozycje :
-High Definition Audio Property Page Shortcut
-SunJavaUpdateSched
-nwiz

[piotrek234]

temp mam wyłączone (nie dodaje nowych plikuw) i tam pusto jest cały czas

[slake1]

Czysto jednak chyba nie jest.

piotrek234, masz pendrive'a? Jeżeli tak, sformatuj go, gdyż wygląda na to, że jest on zarażony.

Do Notatnika wklej zawartość z

Kod: Zaznacz wszystko

http://wklej.org/id/a3586b0f32

Następnie: Plik-> Zapisz jako-> Ustaw rozszerzenie na Wszystkie pliki-> zapisz plik pod nazwą FIX.REG i odpal w trybie awaryjnym.

Następnie nowy log z ComboFix.

[pp3088]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c229c4ce-f16a-11db-8b7e-0014040ba33e}]
AutoRun\command- F:\RunGame.exe

Co to jest niby takiego szkodliwego?: O

[piotrek234]

pendrive nie mam aby MP3 na którym mam programy (paczka) w którym jestr autorun (z gazety CHIP nie pamietam które wdanie) a i nie wiem skąd się wzioł ten wpis w rejestrze być może moja mama coś instalowała i to od jej gier

[buzu]

Spoko nie przejmuj się.Wpis jest nieszkodliwy.
Zastosuj się do porad pp3088 czyli uszczuplij autostart (wpisy 04 w logu HJT) co nie potrzebne odhacz.