Logi - Wielki powrót wirusa

mam przypuszczenia ze wirus win.32 powraca do mnie juz raz zakldalem temat i pomogl nod32 i dr.web ale cos mi nadal nie pasuje.
ComboFix 08-04-28.2 - Administrator 2008-04-29 16:21:51.3 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.316 [GMT 2:00]
Running from: C:Documents and SettingsAdministratorPulpitComboFix.exe
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED
.

((((((((((((((((((((((((( Files Created from 2008-03-28 to 2008-04-29 )))))))))))))))))))))))))))))))
.

2008-04-27 21:08 . 2008-04-27 21:08 <DIR> d-------- C:Program FilesCommon FilesAdobe Systems Shared
2008-04-27 21:08 . 2008-04-27 21:08 <DIR> d-------- C:Documents and SettingsAll UsersDane aplikacjiAdobe Systems
2008-04-27 20:12 . 2008-04-27 20:12 <DIR> d-------- C:Program FilesCommon FilesAdobe
2008-04-25 18:26 . 2008-04-25 18:26 <DIR> d-------- C:WINDOWSDownloaded Installations
2008-04-24 19:46 . 2008-04-24 19:46 <DIR> d-------- C:Program FilesBearShare
2008-04-24 19:46 . 2008-04-24 19:46 <DIR> d-------- C:My Downloads
2008-04-23 18:30 . 2008-04-23 18:30 <DIR> d--hs---- C:FOUND.001
2008-04-21 21:24 . 2004-08-03 23:08 26,496 --a------ C:WINDOWSsystem32dllcacheusbstor.sys
2008-04-20 16:58 . 2008-04-20 16:58 <DIR> d-------- C:Documents and SettingsAdministratorDane aplikacjiMedia Player Classic
2008-04-19 20:22 . 2008-03-21 22:30 3,596,288 --a------ C:WINDOWSsystem32qt-dx331.dll
2008-04-19 20:22 . 2008-01-10 14:15 755,027 --a------ C:WINDOWSsystem32xvidcore.dll
2008-04-19 20:22 . 2008-03-31 23:25 682,496 --a------ C:WINDOWSsystem32divx.dll
2008-04-19 20:22 . 2006-09-24 17:11 389,120 --a------ C:WINDOWSsystem32lameACM.acm
2008-04-19 20:22 . 2004-01-25 18:18 217,088 --a------ C:WINDOWSsystem32yv12vfw.dll
2008-04-19 20:22 . 2007-09-04 18:56 164,352 --a------ C:WINDOWSsystem32unrar.dll
2008-04-19 20:22 . 2008-01-10 14:16 159,839 --a------ C:WINDOWSsystem32xvidvfw.dll
2008-04-19 20:22 . 2007-09-21 02:52 118,784 --a------ C:WINDOWSsystem32ac3acm.acm
2008-04-19 20:22 . 2008-03-21 22:28 81,920 --a------ C:WINDOWSsystem32dpl100.dll
2008-04-19 20:22 . 2007-10-03 17:03 414 --a------ C:WINDOWSsystem32lame_acm.xml
2008-04-19 20:21 . 2008-04-19 20:21 <DIR> d-------- C:Program FilesK-Lite Codec Pack
2008-04-19 20:21 . 2004-01-12 00:00 348,160 --a------ C:WINDOWSsystem32msvcr71.dll
2008-04-19 20:21 . 2008-03-28 19:41 7,680 --a------ C:WINDOWSsystem32ff_vfw.dll
2008-04-19 20:21 . 2007-07-10 18:10 547 --a------ C:WINDOWSsystem32ff_vfw.dll.manifest
2008-04-19 15:10 . 2008-04-19 15:10 <DIR> d-------- C:WINDOWSsystem32XPSViewer
2008-04-19 15:10 . 2008-04-19 15:10 <DIR> d-------- C:Program FilesMSBuild
2008-04-19 15:09 . 2008-04-19 15:09 <DIR> d-------- C:Program FilesReference Assemblies
2008-04-19 15:09 . 2006-06-29 13:07 14,048 --------- C:WINDOWSsystem32spmsg2.dll
2008-04-19 15:07 . 2008-04-19 15:07 <DIR> d-------- C:Program FilesMSXML 6.0
2008-04-19 14:53 . 2008-04-19 14:53 <DIR> d-------- C:Program FilesMoorHunt
2008-04-19 12:02 . 2008-04-19 12:02 <DIR> d-------- C:Documents and SettingsAdministratorDane aplikacjiTibia
2008-04-19 12:01 . 2008-04-19 12:02 <DIR> d-------- C:Program FilesTibia
2008-04-19 10:37 . 2008-04-19 10:37 <DIR> d-------- C:Program FilesWinamp
2008-04-19 10:37 . 2008-04-19 10:37 <DIR> d-------- C:Documents and SettingsAdministratorDane aplikacjiWinamp
2008-04-19 09:06 . 2008-04-19 09:06 <DIR> d-------- C:Documents and SettingsAdministratorDoctorWeb
2008-04-19 08:55 . 2008-03-01 15:02 6,066,176 --------- C:WINDOWSsystem32dllcacheieframe.dll
2008-04-19 08:55 . 2007-07-01 05:31 2,455,488 --------- C:WINDOWSsystem32dllcacheieapfltr.dat
2008-04-19 08:55 . 2007-07-01 05:36 1,036,288 --------- C:WINDOWSsystem32dllcacheieframe.dll.mui
2008-04-19 08:55 . 2008-03-01 15:02 459,264 --------- C:WINDOWSsystem32dllcachemsfeeds.dll
2008-04-19 08:55 . 2008-03-01 15:02 383,488 --------- C:WINDOWSsystem32dllcacheieapfltr.dll
2008-04-19 08:55 . 2008-03-01 15:02 267,776 --------- C:WINDOWSsystem32dllcacheiertutil.dll
2008-04-19 08:55 . 2008-03-01 15:02 63,488 --------- C:WINDOWSsystem32dllcacheicardie.dll
2008-04-19 08:55 . 2008-03-01 15:02 52,224 --------- C:WINDOWSsystem32dllcachemsfeedsbs.dll
2008-04-19 08:55 . 2008-02-22 12:00 13,824 --------- C:WINDOWSsystem32dllcacheieudinit.exe
2008-04-19 08:54 . 2008-04-19 08:54 <DIR> d-------- C:WINDOWSsystem32pl-pl
2008-04-19 08:51 . 2007-08-13 18:54 33,792 --a------ C:WINDOWSsystem32dllcachecustsat.dll
2008-04-18 22:57 . 2008-04-18 22:57 <DIR> d-------- C:Documents and SettingsAdministratorDane aplikacjiGadu-Gadu
2008-04-18 22:50 . 2007-07-09 15:11 584,192 --------- C:WINDOWSsystem32dllcacherpcrt4.dll
2008-04-18 22:40 . 2008-04-18 22:40 <DIR> d-------- C:Program FilesGadu-Gadu
2008-04-18 22:40 . 2008-04-18 22:40 <DIR> d-------- C:Documents and SettingsAdministratorGadu-Gadu
2008-04-18 22:32 . 2008-04-18 22:32 <DIR> d--h----- C:WINDOWS$hf_mig$
2008-04-18 22:26 . 2008-04-18 22:26 <DIR> d-------- C:Documents and SettingsLocalServiceMenu Start
2008-04-18 22:25 . 2008-04-18 22:25 <DIR> d---s---- C:WINDOWSsystem32Microsoft
2008-04-18 22:19 . 2008-04-18 22:20 <DIR> d-------- C:WINDOWSprovisioning
2008-04-18 22:19 . 2008-04-18 22:20 <DIR> d-------- C:WINDOWSpeernet
2008-04-18 22:17 . 2008-04-18 22:17 <DIR> d-------- C:WINDOWSServicePackFiles
2008-04-18 22:12 . 2006-10-16 16:10 23,856 --a------ C:WINDOWSsystem32spupdsvc.exe
2008-04-18 22:12 . 2004-07-17 11:40 19,528 --a------ C:WINDOWS002385_.tmp
2008-04-18 22:08 . 2008-04-18 22:08 <DIR> d-------- C:WINDOWSEHome
2008-04-18 21:32 . 2008-04-18 21:32 <DIR> d--h----- C:WINDOWSsystem32GroupPolicy
2008-04-18 21:23 . 2008-03-05 16:03 479,752 --a------ C:WINDOWSsystem32XAudio2_0.dll
2008-04-18 21:23 . 2008-03-05 16:03 238,088 --a------ C:WINDOWSsystem32xactengine3_0.dll
2008-04-18 21:21 . 2004-08-04 00:43 2,113,536 --a------ C:WINDOWSsystem32dxdiagn.dll
2008-04-18 20:13 . 2008-04-18 20:13 <DIR> d-------- C:Program FilesSpybot - Search & Destroy
2008-04-18 20:13 . 2008-04-18 20:13 <DIR> d-------- C:Documents and SettingsAll UsersDane aplikacjiSpybot - Search & Destroy
2008-04-18 20:03 . 2008-04-18 20:03 <DIR> d-------- C:Program FilesTrend Micro
2008-04-18 19:50 . 2008-04-18 19:50 <DIR> d--hs---- C:FOUND.000
2008-04-18 19:47 . 2008-04-18 19:47 <DIR> d-------- C:WINDOWSERUNT
2008-04-18 19:44 . 2008-04-09 10:46 <DIR> d-------- C:SDFix
2008-04-18 19:08 . 2008-04-18 19:08 <DIR> d--hs---- C:Recycled
2008-04-18 19:08 . 2008-04-18 19:08 <DIR> d-------- C:Program FilesESET
2008-04-18 19:08 . 2008-04-18 19:08 <DIR> d-------- C:Documents and SettingsAll UsersDane aplikacjiESET
2008-04-18 19:07 . 2008-04-18 19:07 <DIR> d-------- C:Program FilesOpera
2008-04-18 18:58 . 2008-04-18 18:58 <DIR> d--hs---- C:Documents and SettingsAdministratorUserData
2008-04-18 18:01 . 2003-01-16 06:17 40,960 -ra------ C:WINDOWSsystem32driversfetnd5b.sys
2008-04-18 18:01 . 2002-09-13 02:29 6,016 -ra------ C:WINDOWSsystem32ntsim.sys
2008-04-18 18:00 . 2001-10-26 16:47 36,224 --a------ C:WINDOWSsystem32driversisapnp.sys
2008-04-18 18:00 . 2001-10-26 16:47 36,224 --a------ C:WINDOWSsystem32dllcacheisapnp.sys
2008-04-18 18:00 . 2003-07-02 04:42 27,904 --a------ C:WINDOWSsystem32driversviaagp1.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-18 15:58 --------- d--h--w C:Program FilesInstallShield Installation Information
2008-04-18 15:58 --------- d-----w C:Program FilesCommon FilesInstallShield
2008-04-18 15:58 --------- d-----w C:Program FilesAnalog Devices
2008-04-18 15:51 --------- d-----w C:Program Filesmicrosoft frontpage
2008-04-18 15:48 --------- d-----w C:Program FilesUsługi online
2008-03-20 08:09 1,845,504 ----a-w C:WINDOWSsystem32win32k.sys
2008-03-20 08:09 1,845,504 ------w C:WINDOWSsystem32dllcachewin32k.sys
2008-03-13 14:52 33,800 ----a-w C:WINDOWSsystem32driversepfwtdir.sys
2008-03-13 14:44 29,704 ----a-w C:WINDOWSsystem32driverseasdrv.sys
2008-03-13 14:43 40,456 ----a-w C:WINDOWSsystem32driverseamon.sys
2008-03-05 14:00 25,608 ----a-w C:WINDOWSsystem32X3DAudio1_3.dll
2008-03-05 13:56 3,786,760 ----a-w C:WINDOWSsystem32D3DX9_37.dll
2008-03-05 13:56 1,420,824 ----a-w C:WINDOWSsystem32D3DCompiler_37.dll
2008-03-05 13:50 80,896 ----a-w C:WINDOWSsystem32dxdllreg.exe
2008-03-01 16:32 3,591,680 ------w C:WINDOWSsystem32dllcachemshtml.dll
2008-02-29 08:59 70,656 ------w C:WINDOWSsystem32dllcacheie4uinit.exe
2008-02-29 08:59 625,664 ------w C:WINDOWSsystem32dllcacheiexplore.exe
2008-02-20 06:51 282,624 ----a-w C:WINDOWSsystem32gdi32.dll
2008-02-20 06:51 282,624 ------w C:WINDOWSsystem32dllcachegdi32.dll
2008-02-20 05:38 45,568 ----a-w C:WINDOWSsystem32dnsrslvr.dll
2008-02-20 05:38 45,568 ------w C:WINDOWSsystem32dllcachednsrslvr.dll
2008-02-20 05:38 148,992 ------w C:WINDOWSsystem32dllcachednsapi.dll
2008-02-16 09:05 474,112 ------w C:WINDOWSsystem32dllcacheshlwapi.dll
2008-02-16 09:05 151,552 ------w C:WINDOWSsystem32dllcachecdfview.dll
2008-02-16 09:05 1,494,528 ------w C:WINDOWSsystem32dllcacheshdocvw.dll
2008-02-16 09:05 1,055,744 ------w C:WINDOWSsystem32dllcachedanim.dll
2008-02-16 09:05 1,023,488 ------w C:WINDOWSsystem32dllcachebrowseui.dll
2008-02-15 05:44 161,792 ------w C:WINDOWSsystem32dllcacheieakui.dll
2008-02-05 21:07 462,864 ----a-w C:WINDOWSsystem32d3dx10_37.dll
.

((((((((((((((((((((((((((((( snapshot@2008-04-29_16.18.52.59 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-29 12:39:04 2,048 --s-a-w C:WINDOWSbootstat.dat
+ 2008-04-29 14:21:06 2,048 --s-a-w C:WINDOWSbootstat.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
"CTFMON.EXE"="C:WINDOWSsystem32ctfmon.exe" [2004-08-04 00:44 15360]
"MSMSGS"="C:Program FilesMessengermsmsgs.exe" [2004-10-13 18:24 1694208]
"NvMediaCenter"="C:WINDOWSSystem32NVMCTRAY.DLL" [2003-09-23 10:33 49152]
"SpybotSD TeaTimer"="C:Program FilesSpybot - Search & DestroyTeaTimer.exe" [2008-01-28 11:43 2097488]
"Gadu-Gadu"="C:Program FilesGadu-Gadugg.exe" [2008-03-20 12:04 2127296]
"AdobeUpdater"="C:Program FilesCommon FilesAdobeUpdaterAdobeUpdater.exe" [2005-03-16 19:16 970752]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
"Smapp"="C:Program FilesAnalog DevicesSoundMAXSMTray.exe" [2003-05-05 08:57 143360]
"nwiz"="nwiz.exe" [2003-09-23 10:33 323584 C:WINDOWSsystem32nwiz.exe]
"egui"="C:Program FilesESETESET NOD32 Antivirusegui.exe" [2008-03-13 16:48 1443072]
"WinampAgent"="C:Program FilesWinampwinampa.exe" [2008-04-01 20:49 36352]
"Adobe Reader Speed Launcher"="C:Program FilesAdobeReader 8.0ReaderReader_sl.exe" [2008-01-11 22:16 39792]

[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
"CTFMON.EXE"="C:WINDOWSSystem32CTFMON.EXE" [2004-08-04 00:44 15360]

C:Documents and SettingsAdministratorMenu StartProgramyAutostart
Adobe Gamma.lnk - C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe [2005-03-16 19:16:50 113664]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversiondrivers32]
"VIDC.YV12"= yv12vfw.dll

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthoriz
edApplicationsList]
"%windir%system32sessmgr.exe"=
"%windir%Network Diagnosticxpnetdiag.exe"=
"C:Program FilesBearShareBearShare.exe"=

R1 epfwtdir;epfwtdir;C:WINDOWSsystem32DRIVERSepfwtdir.sys [2008-03-13 16:52]

.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-29 16:23:26
Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-29 16:23:45
ComboFix-quarantined-files.txt 2008-04-29 14:23:44
ComboFix2.txt 2008-04-29 14:19:04

Pre-Run: 14,779,301,888 bajtów wolnych
Post-Run: 14,791,540,736 bajtów wolnych

170 --- E O F --- 2008-04-19 19:11:11




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:26:08, on 2008-04-29
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesAnalog DevicesSoundMAXSMTray.exe
C:Program FilesESETESET NOD32 Antivirusegui.exe
C:Program FilesWinampwinampa.exe
C:Program FilesAdobeReader 8.0ReaderReader_sl.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesMessengermsmsgs.exe
C:WINDOWSsystem32RUNDLL32.EXE
C:Program FilesGadu-Gadugg.exe
C:Program FilesESETESET NOD32 Antivirusekrn.exe
C:WINDOWSSystem32nvsvc32.exe
C:Program FilesAnalog DevicesSoundMAXSMAgent.exe
C:WINDOWSsystem32wuauclt.exe
C:Program FilesSpybot - Search & DestroyTeaTimer.exe
C:WINDOWSexplorer.exe
C:WINDOWSsystem32notepad.exe
C:Program FilesOperaOpera.exe
C:Program FilesTrend MicroHijackThisHijackThis.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.google.pl/
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:Program FilesSpybot - Search & DestroySDHelper.dll
O4 - HKLM..Run: [Smapp] C:Program FilesAnalog DevicesSoundMAXSMTray.exe
O4 - HKLM..Run: [nwiz] nwiz.exe /install
O4 - HKLM..Run: [egui] "C:Program FilesESETESET NOD32 Antivirusegui.exe" /hide /waitservice
O4 - HKLM..Run: [WinampAgent] "C:Program FilesWinampwinampa.exe"
O4 - HKLM..Run: [Adobe Reader Speed Launcher] "C:Program FilesAdobeReader 8.0ReaderReader_sl.exe"
O4 - HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /background
O4 - HKCU..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSSystem32NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU..Run: [SpybotSD TeaTimer] C:Program FilesSpybot - Search & DestroyTeaTimer.exe
O4 - HKCU..Run: [Gadu-Gadu] "C:Program FilesGadu-Gadugg.exe" /tray
O4 - HKCU..Run: [AdobeUpdater] C:Program FilesCommon FilesAdobeUpdaterAdobeUpdater.exe
O4 - HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSSystem32CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSSystem32CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSSystem32CTFMON.EXE (User 'SYSTEM')
O4 - HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSSystem32CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:Program FilesSpybot - Search & DestroySDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:Program FilesSpybot - Search & DestroySDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:Program FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:Program FilesESETESET NOD32 AntivirusEHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:Program FilesESETESET NOD32 Antivirusekrn.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:WINDOWSSystem32nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:Program FilesAnalog DevicesSoundMAXSMAgent.exe

--
End of file - 4879 bytes
co myslicie o tych logach. oraz podam wam z menedzera zadan
taskmgr.exe ADMin
Opera.exe Admin
TeaTimer.exe Admin
EXPLORER.EXE Admin
ALG.EXE Usługa lok
GG.EXE admin
RUNDLL.EXE Admin
MSMSGS.EXE admin
CTFMON.EXE admin
WINAMP.EXE admin
EGUI.EXE admin
SMTray.exe admin
SPOOLSV.ExE SYSTem
SVCHOST.ExE usługa lokalna,sieciowa,system
SMAgent.exe system
LSASS.EXE System
SERVICES.EXE System
WINLOGON.ExE system
CSRSS.EXE system
SMSS.EXE system
NVSVC32.EXE system
EKRN.EXE system
System
proces bez...
Czego sie nie robi zeby dobrze dzialal komp ;p

Czy ktoś moze popatrzec na te logi i mi powiedziec czy wszystko jest ok z gory dzieki

Wklej do notatnika

Folder::

C:\FOUND.001
C:\FOUND.000

>>Plik>>Zapisz jako... >>> CFScript (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe)
Przeciągnij i upuść plik [*color=red][*b]CFScript.txt[/b][/color] na plik ComboFix.exe (czyli ikonkę CFScript.txt na ikonkę ComboFix.exe)
– podobnie jak na tym obrazku -->
(jeśli pojawi się pytanie "1 or 2" - to wpisz 1 i naciśnij ENTER) Ma się rozpocząć usuwanie. (i powstanie log)
Po restarcie usuń ręcznie folder C: \Qoobox.


Reszta czysta