TR/Crypt.XPACK.Gen - jak usunąć

[ptica]

Witam
wykonałem czynności podane dla kolegów z podobnym problemem i oto wyniki:
code

Kod:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:20:34, on 2008-07-13
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20583)
Boot mode: Normal

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSExplorer.EXE
C:Program FilesAlwil SoftwareAvast4ashServ.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesAviraAntiVir PersonalEdition Classicsched.exe
C:Program Filesa-squared Anti-Malwarea2service.exe
C:Program FilesAviraAntiVir PersonalEdition Classicavguard.exe
C:Program FilesCommon FilesLightScribeLSSrvc.exe
C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe
C:WINDOWSsystem32notepad.exe
C:WINDOWSSOUNDMAN.EXE
C:Program FilesAviraAntiVir PersonalEdition Classicavgnt.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesMozilla Firefoxfirefox.exe
C:Program FilesOutlook Expressmsimn.exe
C:Program FilesTrend MicroHijackThisHijackThis.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = aboutblank
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page =
R1 - HKCUSoftwareMicrosoftInternet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.6.0_02binssv.dll
O4 - HKLM..Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM..Run: [avgnt] "C:Program FilesAviraAntiVir PersonalEdition Classicavgnt.exe" /min
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ''USŁUGA LOKALNA'')
O4 - HKUSS-1-5-19..RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User ''USŁUGA LOKALNA'')
O4 - HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ''USŁUGA SIECIOWA'')
O4 - HKUSS-1-5-20..RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User ''USŁUGA SIECIOWA'')
O4 - HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ''SYSTEM'')
O4 - HKUSS-1-5-18..RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User ''SYSTEM'')
O4 - HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ''Default user'')
O4 - HKUS.DEFAULT..RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User ''Default user'')
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:PROGRA~1MICROS~1Office12EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~1Office12REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra ''Tools'' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O18 - Protocol: AutorunsDisabled - (no CLSID) - (no file)
O18 - Filter: AutorunsDisabled - (no CLSID) - (no file)
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:Program Filesa-squared Anti-Malwarea2service.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:Program FilesAviraAntiVir PersonalEdition Classicsched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:Program FilesAviraAntiVir PersonalEdition Classicavguard.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:WINDOWSsystem32Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashWebSv.exe
O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:WINDOWSsystem32cisvc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver1150Intel 32IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:Program FilesCommon FilesLightScribeLSSrvc.exe
O24 - Desktop Component 0: (no name) - (no file)

--
End of file - 5540 bytes

code

Kod:

ComboFix 08-07-12.6 - Administrator 2008-07-13 19:21:49.2 - NTFSx86
Microsoft Windows XP Professional5.1.2600.2.1250.1.1045.18.52 [GMT 2:00]Running from: C:Documents and SettingsAdministratorPulpitComboFix.exe

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

((((((((((((((((((((((((( Files Created from 2008-06-13 to 2008-07-13)))))))))))))))))))))))))))))))
.

2008-07-13 18:50 . 2008-07-13 18:50    <DIR>    d--------    C:WINDOWSsystem32xircom
2008-07-13 18:50 . 2008-07-13 18:50    <DIR>    d--------    C:WINDOWSsystem32oobe
2008-07-13 18:50 . 2008-07-13 18:50    <DIR>    d--------    C:WINDOWSsrchasst
2008-07-13 18:50 . 2008-07-13 18:50    <DIR>    d--------    C:WINDOWSmsagent
2008-07-13 18:50 . 2008-07-13 18:50    <DIR>    d--------    C:Program Filesmicrosoft frontpage
2008-07-13 18:39 . 2008-07-13 18:40    <DIR>    d--------    C:WINDOWSERUNT
2008-07-13 18:34 . 2008-07-13 18:56    <DIR>    d--------    C:SDFix
2008-07-13 18:21 . 2008-07-13 18:21    <DIR>    d--------    C:Program FilesTrend Micro
2008-07-13 13:10 . 2008-07-13 13:10    <DIR>    d--------    C:Program FilesAvira
2008-07-13 13:10 . 2008-07-13 13:10    <DIR>    d--------    C:Documents and SettingsAll UsersDane aplikacjiAvira
2008-07-09 21:20 . 2008-07-09 23:54    <DIR>    d--------    C:Program Filesa-squared Anti-Malware
2008-07-09 20:39 . 2008-07-09 20:42    <DIR>    d--------    C:Program FilesSkanerOnline
2008-06-26 08:50 . 2008-06-26 08:50    <DIR>    d--------    C:WINDOWSSun
2008-06-22 20:48 . 2008-06-22 20:48    <DIR>    d--------    C:Program FilesMicrosoft Works
2008-06-22 20:45 . 2008-06-22 20:45    <DIR>    d--------    C:Program FilesMicrosoft.NET
2008-06-22 20:39 . 2008-06-22 20:39    <DIR>    d--------    C:WINDOWSSHELLNEW
2008-06-22 20:38 . 2008-06-22 20:50    <DIR>    d--------    C:Documents and SettingsAll UsersDane aplikacjiMicrosoft Help
2008-06-22 20:37 . 2008-06-22 20:37    <DIR>    dr-h-----    C:MSOCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-13 15:47    ---------    d-----w    C:Documents and SettingsAdministratorDane aplikacjiXnView
2008-07-13 14:41    ---------    d-----w    C:Program FilesDC++
2008-05-29 04:46    ---------    d-----w    C:Program FilesHaft Krzyzykowy
2008-05-24 16:23    ---------    d-----w    C:Program FilesNAPI-PROJEKT
2008-05-24 10:22    ---------    d-----w    C:Program FilesOdkurzacz
2008-05-23 21:34    ---------    d-----w    C:Program FilesURUSoft
2008-05-18 12:10    ---------    d-----w    C:Documents and SettingsAdministratorDane aplikacjiPanasonic
2008-05-18 08:12    ---------    d--h--w    C:Program FilesInstallShield Installation Information
2008-05-18 08:12    ---------    d-----w    C:Program FilesPanasonic
2008-05-18 08:10    ---------    d-----w    C:Program FilesCommon FilesInstallShield
2008-05-18 08:09    ---------    d-----w    C:Documents and SettingsAdministratorDane aplikacjiInstallShield
2008-05-18 08:08    ---------    d-----w    C:Program FilesISL
2008-05-04 19:48    524,288    -c--a-w    C:WINDOWSsystem32DivXsm.exe
2008-05-04 18:58    22,782    -c--a-w    C:WINDOWSsystem32UninstXviDDec.exe
2008-05-01 18:05    404,992    -c--a-w    C:WINDOWSsystem32libmplayer.dll
2008-05-01 18:05    3,142,656    -c--a-w    C:WINDOWSsystem32libavcodec.dll
2008-05-01 18:05    126,976    -c--a-w    C:WINDOWSsystem32libmpeg2_ff.dll
2008-04-15 17:26    755,027    -c--a-w    C:WINDOWSsystem32xvidcore.dll
2008-01-25 16:25    16,384    -csha-w    C:WINDOWSsystem32configsystemprofileCookiesindex.dat
2008-01-25 16:25    16,384    -csha-w    C:WINDOWSsystem32configsystemprofileUstawienia lokalneHistoriaHistory.IE5index.dat
2008-01-25 16:25    32,768    -csha-w    C:WINDOWSsystem32configsystemprofileUstawienia lokalneTemporary Internet FilesContent.IE5index.dat
.

------- Sigcheck -------

2007-07-10 15:06642560ce594e18fe0d0af804f1f3694921ce62    C:WINDOWSsystem32user32.dll

2007-07-14 00:56814592ce7193c5f7c01b19768e066087c1c919    C:WINDOWSsystem32wininet.dll

2007-07-28 03:153605760fb6743e937c7bb248b2530a5a77abc6    C:WINDOWSsystem32driverstcpip.sys

2007-07-26 19:3020675845362d54a6925afdcbbba53b43ee65774    C:WINDOWSsystem32ntkrnlpa.exe

2007-07-26 19:3121904649899bb89856e3bd4ef13e11ccee49b71    C:WINDOWSsystem32ntoskrnl.exe

2007-07-14 00:4297484832f67215c57df2c401bf93b7ee65987f    C:WINDOWSexplorer.exe
.
((((((((((((((((((((((((((((( snapshot@2008-07-13_18.31.33.31 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-13 15:35:04    2,048    --s-a-w    C:WINDOWSbootstat.dat
+ 2008-07-13 16:50:22    2,048    --s-a-w    C:WINDOWSbootstat.dat
+ 2008-07-13 04:11:01    163,328    ----a-w    C:WINDOWSERUNTSDFIXERDNT.EXE
+ 2008-07-13 16:40:20    3,256,320    ----a-w    C:WINDOWSERUNTSDFIXUsers[u]0[/u]0000001NTUSER.DAT
+ 2008-07-13 16:40:20    159,744    ----a-w    C:WINDOWSERUNTSDFIXUsers[u]0[/u]0000002UsrClass.dat
+ 2008-07-13 04:11:01    163,328    ----a-w    C:WINDOWSERUNTSDFIX_First_RunERDNT.EXE
+ 2008-07-13 16:40:09    3,256,320    ----a-w    C:WINDOWSERUNTSDFIX_First_RunUsers[u]0[/u]0000001NTUSER.DAT
+ 2008-07-13 16:40:09    159,744    ----a-w    C:WINDOWSERUNTSDFIX_First_RunUsers[u]0[/u]0000002UsrClass.dat
+ 2008-07-13 16:50:49    16,384    ----atw    C:WINDOWSTempPerflib_Perfdata_5c8.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
"ctfmon.exe"="C:WINDOWSsystem32ctfmon.exe" [2004-08-04 02:44 15360]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
"avgnt"="C:Program FilesAviraAntiVir PersonalEdition Classicavgnt.exe" [2008-02-12 10:06 262401]
"SoundMan"="SOUNDMAN.EXE" [2002-09-11 04:57 46592 C:WINDOWSSOUNDMAN.EXE]

[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
"CTFMON.EXE"="C:WINDOWSsystem32CTFMON.EXE" [2004-08-04 02:44 15360]

[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRunOnce]
"nltide_2"="shell32" [X]

C:Documents and SettingsAll UsersMenu StartProgramyAutostartAutorunsDisabled
Adobe Reader Speed Launch.lnk - C:Program FilesAdobeReader 8.0Readerreader_sl.exe [2006-10-23 03:48:00 40048]
Adobe Reader Synchronizer.lnk - C:Program FilesAdobeReader 8.0ReaderAdobeCollabSync.exe [2006-10-23 02:01:00 734872]
LUMIX Simple Viewer.lnk - C:Program FilesPanasonicLUMIXSimpleViewerPhLeAutoRun.exe [2008-05-18 10:10:21 63696]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem]
"DisableStatusMessages"= 1 (0x1)

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
"NoSMMyPictures"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoResolveSearch"= 1 (0x1)

[HKEY_USERS.defaultsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
"NoSMMyPictures"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoResolveSearch"= 1 (0x1)

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversiondrivers32]
"vidc.i420"= i263_32.drv
"vidc.DIV3"= DivXc32.dll
"msacm.divxa32"= DivXa32.acm

[HKLM~startupfolder^ExpressivoCfg.xml]
path=ExpressivoCfg.xml
backup=C:WINDOWSpssExpressivoCfg.xmlCommon Startup

[HKLM~startupfolder^ExpressivoDictionary.xml]
path=ExpressivoDictionary.xml
backup=C:WINDOWSpssExpressivoDictionary.xmlCommon Startup

[HKLM~startupfolder^Slownik dla Expressivo - info.txt]
path=Slownik dla Expressivo - info.txt
backup=C:WINDOWSpssSlownik dla Expressivo - info.txtCommon Startup

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartuprega-squared]
--a------ 2008-07-09 22:26 2132112 C:Program Filesa-squared Anti-Malwarea2guard.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregavast!]
--a------ 2008-05-16 01:19 79224 C:PROGRA~1ALWILS~1Avast4ashDisp.exe

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
"C:\WINDOWS\Network Diagnostic\xpnetdiag.exe"=
"C:\WINDOWS\system32\sessmgr.exe"=

R1 aswSP;avast! Self Protection;C:WINDOWSsystem32driversaswSP.sys [2008-05-16 01:20]
R2 aswFsBlk;aswFsBlk;C:WINDOWSsystem32DRIVERSaswFsBlk.sys [2008-05-16 01:16]
S3 USBSTOR;Sterownik magazynu masowego USB;C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2004-08-04 00:08]


[HKEY_LOCAL_MACHINEsoftwaremicrosoftactive setupinstalled componentsAutorunsDisabled{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:Program FilesCommon FilesLightScribeLSRunOnce.exe"
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-13 19:24:55
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-07-13 19:28:51
ComboFix-quarantined-files.txt2008-07-13 17:28:24
ComboFix2.txt2008-07-13 16:32:58

Pre-Run: 4,506,873,856 bajtów wolnych
Post-Run: 4,499,472,384 bajtów wolnych

143

code

Kod:

[b]SDFix: Version 1.205 [/b]
Run by Administrator on 2008-07-13 at 18:43

Microsoft Windows XP [Wersja 5.1.2600]
Running From: C:SDFix

[b]Checking Services [/b]:


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


[b]Checking Files [/b]:

No Trojan Files Found






Removing Temp Files

[b]ADS Check [/b]:



[b]Final Check [/b]:

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-13 18:54:18
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicessptdCfg]
"s1"=dword:7bc3b3a6
"s2"=dword:48e37883
"h0"=dword:00000001

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicessptdCfg19659239224E364682FA4BAF72C53EA4]
"p0"="C:Program FilesDAEMON Tools"
"h0"=dword:00000000
"khjeh"=hex:00,21,51,5e,55,f6,42,43,ff,d8,cf,27,22,19,ec,80,be,3c,4d,22,3d,..

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicessptdCfg19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,e8,e6,25,a5,09,f2,29,e4,60,76,68,ab,8c,79,f5,4c,ee,..
"khjeh"=hex:dd,ce,c8,4c,7d,20,82,a0,6b,f8,75,d9,7a,ca,1d,9e,29,42,ce,a1,bc,..

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicessptdCfg19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:3b,02,c2,62,bf,31,3d,b3,7b,2e,d4,ea,80,58,ee,e3,5e,c4,8d,b7,ae,..
[HKEY_LOCAL_MACHINESYSTEMControlSet002ServicessptdCfg19659239224E364682FA4BAF72C53EA4]
"p0"="C:Program FilesDAEMON Tools"
"h0"=dword:00000000
"khjeh"=hex:00,21,51,5e,55,f6,42,43,ff,d8,cf,27,22,19,ec,80,be,3c,4d,22,3d,..

[HKEY_LOCAL_MACHINESYSTEMControlSet002ServicessptdCfg19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,e8,e6,25,a5,09,f2,29,e4,60,76,68,ab,8c,79,f5,4c,ee,..
"khjeh"=hex:dd,ce,c8,4c,7d,20,82,a0,6b,f8,75,d9,7a,ca,1d,9e,29,42,ce,a1,bc,..

[HKEY_LOCAL_MACHINESYSTEMControlSet002ServicessptdCfg19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:3b,02,c2,62,bf,31,3d,b3,7b,2e,d4,ea,80,58,ee,e3,5e,c4,8d,b7,ae,..

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


[b]Remaining Services [/b]:




Authorized Application Key Export:

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
"C:\WINDOWS\Network Diagnostic\xpnetdiag.exe"="C:\WINDOWS\Network Diagnostic\xpnetdiag.exe:*:Disabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[b]Remaining Files [/b]:



[b]Files with Hidden Attributes [/b]:


[b]Finished![/b]

Proszę o podanie plików do usunięcia. Dziękuję

[Serafin]

Logi obejmujemy w tagach [code ] [/code ](bez spacji)

R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =
O18 - Protocol: AutorunsDisabled - (no CLSID) - (no file)
O18 - Filter: AutorunsDisabled - (no CLSID) - (no file)
O24 - Desktop Component 0: (no name) - (no file)

Skasuj te wpisy w hijacku.
Przeczyść tempy programem

[Aby zobaczyć linki, zarejestruj się tutaj]

Przeskanuj system online za pomocą

[Aby zobaczyć linki, zarejestruj się tutaj]