Proszę o sprawdzenie loga

[arturartur8]

pomocy mam loga i nie wiem co ma dalej z nim zrobic

ComboFix 08-06-19.2 - Burak 2008-06-20 14:13:11.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.188 [GMT 2:00]
Running from: C:\Documents and Settings\Burak\Pulpit\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\accesss.exe
C:\WINDOWS\astctl32.ocx
C:\WINDOWS\avpcc.dll
C:\WINDOWS\clrssn.exe
C:\WINDOWS\cpan.dll
C:\WINDOWS\ctfmon32.exe
C:\WINDOWS\ctrlpan.dll
C:\WINDOWS\default.htm
C:\WINDOWS\directx32.exe
C:\WINDOWS\dnsrelay.dll
C:\WINDOWS\editpad.exe
C:\WINDOWS\explore.exe
C:\WINDOWS\explorer32.exe
C:\WINDOWS\funniest.exe
C:\WINDOWS\funny.exe
C:\WINDOWS\gfmnaaa.dll
C:\WINDOWS\helpcvs.exe
C:\WINDOWS\iedll.exe
C:\WINDOWS\iexplorer.exe
C:\WINDOWS\inetinf.exe
C:\WINDOWS\internet.exe
C:\WINDOWS\loader.exe
C:\WINDOWS\msconfd.dll
C:\WINDOWS\msspi.dll
C:\WINDOWS\mssys.exe
C:\WINDOWS\msupdate.exe
C:\WINDOWS\mswsc10.dll
C:\WINDOWS\mswsc20.dll
C:\WINDOWS\mtwirl32.dll
C:\WINDOWS\notepad32.exe
C:\WINDOWS\olehelp.exe
C:\WINDOWS\qttasks.exe
C:\WINDOWS\quicken.exe
C:\WINDOWS\rundll16.exe
C:\WINDOWS\rundll32.vbe
C:\WINDOWS\searchword.dll
C:\WINDOWS\sistem.exe
C:\WINDOWS\svchost32.exe
C:\WINDOWS\svcinit.exe
C:\WINDOWS\systeem.exe
C:\WINDOWS\system32\jlynqqpa.ini
C:\WINDOWS\system32\npqWxyxx.ini
C:\WINDOWS\system32\npqWxyxx.ini2
C:\WINDOWS\systemcritical.exe
C:\WINDOWS\time.exe
C:\WINDOWS\users32.exe
C:\WINDOWS\waol.exe
C:\WINDOWS\win32e.exe
C:\WINDOWS\win64.exe
C:\WINDOWS\winajbm.dll
C:\WINDOWS\window.exe
C:\WINDOWS\winmgnt.exe
C:\WINDOWS\x.exe
C:\WINDOWS\xplugin.dll
C:\WINDOWS\xxxvideo.hta
C:\WINDOWS\y.exe

.
((((((((((((((((((((((((( Files Created from 2008-05-20 to 2008-06-20 )))))))))))))))))))))))))))))))
.

2008-06-20 14:10 . 2008-06-20 14:10 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-20 13:37 . 2008-06-20 13:37 <DIR> d-------- C:\WINDOWS\ERUNT
2008-06-20 13:35 . 2008-06-20 13:55 <DIR> d-------- C:\SDFix
2008-06-20 13:33 . 2008-06-20 13:33 <DIR> d-------- C:\Documents and Settings\Administrator
2008-06-20 13:15 . 2008-06-20 13:15 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Yahoo! Companion
2008-06-20 13:13 . 2008-06-20 13:13 <DIR> d-------- C:\Program Files\Yahoo!
2008-06-20 13:13 . 2008-06-20 13:14 <DIR> d-------- C:\Program Files\CCleaner
2008-06-20 13:05 . 2008-06-20 13:05 <DIR> d-------- C:\Program Files\Ashampoo
2008-06-20 13:04 . 2008-06-20 13:04 96,256 --a------ C:\WINDOWS\system32\apqqnylj.dll
2008-06-20 13:03 . 2008-06-20 13:03 294 ---hs---- C:\WINDOWS\system32\vdocirrw.ini
2008-06-20 10:51 . 2008-06-20 10:51 <DIR> d-------- C:\Documents and Settings\LocalService\Dane aplikacji\Gram Mail
2008-06-20 10:10 . 2008-06-20 10:10 96,256 --a------ C:\WINDOWS\system32\xislvyxk.dll
2008-06-20 10:09 . 2008-06-20 10:09 295,424 --a------ C:\WINDOWS\system32\xxyxWqpn.dll
2008-06-20 10:05 . 2008-06-20 11:49 <DIR> d--hs---- C:\WINDOWS\YnVyYWs
2008-06-20 10:05 . 2008-06-20 11:46 <DIR> d-------- C:\WINDOWS\system32\wH1
2008-06-20 10:05 . 2008-06-20 10:05 <DIR> d-------- C:\WINDOWS\system32\mI5
2008-06-20 10:05 . 2008-06-20 10:05 <DIR> d-------- C:\WINDOWS\system32\bG2
2008-06-20 10:05 . 2008-06-20 10:05 <DIR> dr------- C:\Documents and Settings\LocalService\Ulubione
2008-06-20 10:05 . 2008-06-20 10:05 100,817 --a------ C:\Temp\opnige7.exe
2008-06-20 10:05 . 2008-06-20 10:05 88,537 --a------ C:\WINDOWS\system32\iftuyszv.exe
2008-06-20 10:04 . 2008-06-20 10:05 <DIR> d-------- C:\Temp\itmp4
2008-06-20 10:04 . 2008-06-20 12:26 <DIR> d-------- C:\Temp
2008-06-13 21:41 . 2008-06-17 08:29 <DIR> d-------- C:\Documents and Settings\Burak\Dane aplikacji\AdobeUM
2008-06-13 21:35 . 2008-06-13 21:35 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-06-13 19:24 . 2008-06-13 19:24 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-06-13 19:24 . 2008-06-13 21:35 <DIR> d-------- C:\Program Files\GameShadow
2008-06-12 10:31 . 2008-06-12 10:34 <DIR> d-------- C:\Program Files\Postal2STP
2008-06-12 09:07 . 2008-06-12 09:07 271,360 --a------ C:\WINDOWS\system32\drivers\atksgt.sys
2008-06-12 09:07 . 2008-06-12 09:07 18,048 --a------ C:\WINDOWS\system32\drivers\lirsgt.sys
2008-06-12 08:51 . 2008-06-12 08:51 <DIR> d-------- C:\Program Files\PowerISO
2008-06-11 08:16 . 2008-04-14 17:53 273,024 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 08:16 . 2008-04-14 17:53 273,024 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-10 19:06 . 2008-06-10 19:09 106 --a------ C:\htsetup.err
2008-06-08 16:14 . 2008-06-08 16:14 <DIR> d-------- C:\WINDOWS\Logs
2008-06-07 11:34 . 2008-06-07 11:34 <DIR> d-------- C:\Program Files\Alcohol Soft
2008-06-07 07:24 . 2008-06-07 07:24 <DIR> d-------- C:\Program Files\Common Files\INCA Shared
2008-06-07 07:24 . 2003-07-21 05:17 5,174 --a------ C:\WINDOWS\system32\nppt9x.vxd
2008-06-07 07:24 . 2005-01-04 20:43 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys
2008-06-06 11:47 . 2008-06-06 14:13 <DIR> d-------- C:\Program Files\BitComet
2008-06-06 11:47 . 2008-06-06 11:47 2,560 --a------ C:\WINDOWS\system32\bitcometres.dll
2008-06-06 10:15 . 2005-07-27 15:15 149,392 -ra------ C:\WINDOWS\system32\drivers\ar5523.bin
2008-06-06 10:14 . 2005-09-26 10:02 362,944 -ra------ C:\WINDOWS\system32\drivers\WPN111.sys
2008-06-03 11:53 . 2008-06-03 11:53 4,096 --a------ C:\WINDOWS\d3dx.dat
2008-05-31 17:32 . 1999-10-13 21:12 4,398 --a------ C:\WINDOWS\caesar3.ico
2008-05-30 11:35 . 2008-05-30 11:35 <DIR> d-------- C:\Program Files\Sony
2008-05-30 11:33 . 2008-05-30 11:33 <DIR> d-------- C:\Program Files\Common Files\SWF Studio
2008-05-30 10:47 . 1998-09-02 10:02 194,320 --a------ C:\WINDOWS\system32\qcut.dll
2008-05-30 10:47 . 1998-08-27 06:51 182,032 --a------ C:\WINDOWS\system32\dxtmsft3.dll
2008-05-30 10:47 . 1998-08-20 13:02 140,800 --a------ C:\WINDOWS\system32\tm20dec.ax
2008-05-30 10:47 . 1998-09-02 10:28 63,488 --a------ C:\WINDOWS\system32\unam4ie.exe
2008-05-30 10:47 . 1998-09-02 10:28 38,160 --a------ C:\WINDOWS\system32\LMRTREND.dll
2008-05-30 10:47 . 1998-08-17 11:21 11,776 --a------ C:\WINDOWS\system32\mciqtz.drv
2008-05-30 10:47 . 1998-08-17 11:21 10,240 --a------ C:\WINDOWS\system32\vidx16.dll
2008-05-30 10:47 . 1998-08-17 11:21 5,672 --a------ C:\WINDOWS\system32\quartz.vxd
2008-05-30 10:47 . 2008-05-30 10:47 4,608 --a------ C:\WINDOWS\system32\w95inf32.dll
2008-05-30 10:47 . 2008-05-30 10:47 2,272 --a------ C:\WINDOWS\system32\w95inf16.dll
2008-05-30 10:41 . 1998-01-23 12:22 304,128 --a------ C:\WINDOWS\IsUninst.exe
2008-05-29 12:41 . 2008-05-29 12:43 <DIR> d-------- C:\Program Files\7-Zip
2008-05-26 19:22 . 2008-05-26 19:22 <DIR> d-------- C:\Program Files\Gram Mail
2008-05-20 23:15 . 2008-05-20 23:17 <DIR> d-------- C:\Program Files\NAPI-PROJEKT

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-20 12:21 --------- d---a-w C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2008-06-13 19:36 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-07 09:32 716,272 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-05-30 12:19 507,400 ----a-w C:\WINDOWS\system32\XAudio2_1.dll
2008-05-30 12:18 238,088 ----a-w C:\WINDOWS\system32\xactengine3_1.dll
2008-05-30 12:17 65,032 ----a-w C:\WINDOWS\system32\XAPOFX1_0.dll
2008-05-30 12:17 25,608 ----a-w C:\WINDOWS\system32\X3DAudio1_4.dll
2008-05-30 12:11 467,984 ----a-w C:\WINDOWS\system32\d3dx10_38.dll
2008-05-30 12:11 3,850,760 ----a-w C:\WINDOWS\system32\D3DX9_38.dll
2008-05-30 12:11 1,491,992 ----a-w C:\WINDOWS\system32\D3DCompiler_38.dll
2008-05-29 13:40 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-05-29 13:39 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-05-26 17:24 --------- d-----w C:\Documents and Settings\Burak\Dane aplikacji\Gram Mail
2008-05-26 17:23 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\part dead amok eggs
2008-05-21 21:42 --------- d-----w C:\Documents and Settings\Burak\Dane aplikacji\Ahead
2008-05-19 14:58 --------- d-----w C:\Program Files\Amazing Photo Editor
2008-05-16 20:18 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\CyberLink
2008-05-16 20:17 --------- d-----w C:\Program Files\CyberLink
2008-05-16 20:16 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-05-16 20:09 --------- d-----w C:\Program Files\XP Codec Pack
2008-05-15 12:33 --------- d-----w C:\Program Files\Common Files\Ahead
2008-05-15 12:28 --------- d-----w C:\Program Files\Nero
2008-05-13 16:43 --------- d-----w C:\Program Files\Sierra On-Line
2008-05-12 11:34 --------- d-----w C:\Program Files\GoD
2008-05-11 02:26 --------- d-----w C:\Program Files\ReflexiveArcade
2008-05-10 11:31 --------- d-----w C:\Program Files\PopCap Games
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:16 1,291,264 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-03 20:30 --------- d-----w C:\Program Files\JetAudio
2008-05-02 19:25 --------- d-----w C:\Program Files\BearShare
2008-04-25 17:45 --------- d-----w C:\Documents and Settings\Burak\Dane aplikacji\Media Player Classic
2008-04-23 07:20 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-04-20 22:43 --------- d-----w C:\Program Files\Electronic Arts
2008-04-20 17:55 --------- d-----w C:\Program Files\Games-Masters.com
2008-04-16 15:57 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-04-16 14:37 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-03-25 04:52 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:52 178,976 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys
.

((((((((((((((((((((((((((((( snapshot@2008-06-20_13.01.14.12 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-20 10:54:40 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-20 12:21:05 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-20 09:55:10 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2008-06-20 11:59:40 4,325,376 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
+ 2008-06-20 11:59:40 446,464 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2008-06-20 09:55:10 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-06-20 11:37:27 4,325,376 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\NTUSER.DAT
+ 2008-06-20 11:37:27 446,464 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00110011-4b0b-44d5-9718-90c88817369b}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{086ae192-23a6-48d6-96ec-715f53797e85}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{150fa160-130d-451f-b863-b655061432ba}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{17da0c9e-4a27-4ac5-bb75-5d24b8cdb972}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2d38a51a-23c9-48a1-a33c-48675aa2b494}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2e9caff6-30c7-4208-8807-e79d4ec6f806}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{467faeb2-5f5b-4c81-bae0-2a4752ca7f4e}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5321e378-ffad-4999-8c62-03ca8155f0b3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{587dbf2d-9145-4c9e-92c2-1f953da73773}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6cc1c91a-ae8b-4373-a5b4-28ba1851e39a}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{79369d5c-2903-4b7a-ade2-d5e0dee14d24}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{799a370d-5993-4887-9df7-0a4756a77d00}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{98dbbf16-ca43-4c33-be80-99e6694468a4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a55581dc-2cdb-4089-8878-71a080b22342}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b847676d-72ac-4393-bfff-43a1eb979352}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bc97b254-b2b9-4d40-971d-78e0978f5f26}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cf021f40-3e14-23a5-cba2-717765721306}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e2ddf680-9905-4dee-8c64-0a5de7fe133c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e3eebbe8-9cab-4c76-b26a-747e25ebb4c6}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e7afff2a-1b57-49c7-bf6b-e5123394c970}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F6C9EB10-7A89-4E31-95B8-F0B303B46F8C}]
2008-06-20 10:09 295424 --a------ C:\WINDOWS\system32\xxyxWqpn.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fd9bc004-8331-4457-b830-4759ff704c22}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 14:00 15360]
"Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" [2008-04-13 22:36 2115728]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-13 23:06 68856]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 13:32 94208]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2004-11-22 08:18 307200]

SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9ca1f876-301b-11dd-bb77-0018f3c775d7}]
\Shell\Auto\command - F:\Start.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ef42f014-3dca-11dd-8375-a1530c131c78}]
\Shell\Auto\command - K:\Start.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-06-20 11:00:03 C:\WINDOWS\Tasks\B15C6B0F906BE617.job"
- c:\docume~1\burak\daneap~1\gramma~1\load start tons.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-20 14:21:41
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\lsass.exe
C:\Program Files\Ashampoo\Ashampoo FireWall\spi.dll

PROCESS: C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\apqqnylj.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\iftuyszv.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Ashampoo\Ashampoo FireWall\FireWall.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\ATKKBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\CCleaner\CCleaner.exe
.
**************************************************************************
.
Completion time: 2008-06-20 14:24:08 - machine was rebooted [Burak]
ComboFix-quarantined-files.txt 2008-06-20 12:24:00
ComboFix2.txt 2008-06-20 11:03:28

Pre-Run: 15,055,237,120 bajtów wolnych
Post-Run: 15,045,120,000 bajt˘w wolnych

272 --- E O F --- 2008-06-11 16:32:19


prosze o dalsze instrukcje

[huber2t]

Pobierz ComboFix, ale nie uruchamiaj
Wklej do notatnika:

Kod: Zaznacz wszystko

File::
C:\WINDOWS\system32\apqqnylj.dll
C:\WINDOWS\system32\vdocirrw.ini
C:\WINDOWS\system32\xislvyxk.dll
C:\WINDOWS\system32\xxyxWqpn.dll
C:\WINDOWS\YnVyYWs
C:\Temp\opnige7.exe
C:\WINDOWS\system32\iftuyszv.exe
C:\WINDOWS\system32\xxyxWqpn.dll

Folder::
C:\WINDOWS\system32\wH1
C:\WINDOWS\system32\mI5
C:\WINDOWS\system32\bG2
C:\Temp\itmp4

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00110011-4b0b-44d5-9718-90c88817369b}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{086ae192-23a6-48d6-96ec-715f53797e85}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{150fa160-130d-451f-b863-b655061432ba}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{17da0c9e-4a27-4ac5-bb75-5d24b8cdb972}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2d38a51a-23c9-48a1-a33c-48675aa2b494}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2e9caff6-30c7-4208-8807-e79d4ec6f806}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{467faeb2-5f5b-4c81-bae0-2a4752ca7f4e}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5321e378-ffad-4999-8c62-03ca8155f0b3}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{587dbf2d-9145-4c9e-92c2-1f953da73773}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6cc1c91a-ae8b-4373-a5b4-28ba1851e39a}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{79369d5c-2903-4b7a-ade2-d5e0dee14d24}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{799a370d-5993-4887-9df7-0a4756a77d00}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{98dbbf16-ca43-4c33-be80-99e6694468a4}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a55581dc-2cdb-4089-8878-71a080b22342}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b847676d-72ac-4393-bfff-43a1eb979352}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bc97b254-b2b9-4d40-971d-78e0978f5f26}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cf021f40-3e14-23a5-cba2-717765721306}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e2ddf680-9905-4dee-8c64-0a5de7fe133c}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e3eebbe8-9cab-4c76-b26a-747e25ebb4c6}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e7afff2a-1b57-49c7-bf6b-e5123394c970}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F6C9EB10-7A89-4E31-95B8-F0B303B46F8C}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fd9bc004-8331-4457-b830-4759ff704c22}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2]


Plik zapisz jako CFScript.txt (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe)
Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe tak jak tu

Rozpocznie się usuwanie i powstanie log, daj ten log na forum.

Logi dajesz na http://www.wklej.org a w poście dajesz tylko link