x-kom hosting

Kilka trojanów / log

Kojo
utworzono
utworzono

Witam,

Postanowiłam wziąć się za sprzątanie dysku, gdyż w kwarantannie zalega mi już trochę różnego robactwa itp. Ostatnio wpakowało mi się na 7 trojanów(Win32/TrojanDownloader.Bredolab.AA) jeden po drugim, które NOD32 od razu wykrył i przerzucił do kwarantanny.

Jako że zupełnie nie znam się na ich usuwaniu byłabym wdzięczna za pomoc w pozbyciu się ich:)

Dołączam zrzut z kwarantanny do pozostałego robactwa i loga z OTL:

Log do sprawdzenia

OTL logfile created on: 2009-08-26 22:23:44 - Run 2

OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\Administrator\Moje dokumenty\Pobieranie

Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.2180)

Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 100,00% Memory free

4,00 Gb Paging File | 4,00 Gb Available in Paging File | 100,00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 298,08 Gb Total Space | 275,72 Gb Free Space | 92,50% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: LIWI-56CBBA89C6

Current User Name: Administrator

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: On

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Processes (SafeList) ==========

PRC - [2002-12-31 14:00:00 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE

PRC - [2007-08-10 09:21:56 | 16,384,000 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE

PRC - [2009-07-25 05:23:12 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe

PRC - [2007-05-30 14:31:10 | 00,312,880 | ---- | M] (GRISOFT s.r.o.) -- C:\Program Files\AVG Anti-Spyware 7.5\guard.exe

PRC - [2009-02-06 14:23:36 | 00,727,720 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

PRC - [2009-07-25 05:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe

PRC - [2007-08-23 17:40:48 | 00,079,136 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe

PRC - [2007-11-06 11:30:00 | 00,155,716 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe

PRC - [2005-01-10 13:10:38 | 00,729,088 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\System32\Tablet.exe

PRC - [2002-12-31 14:00:00 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wscntfy.exe

PRC - [2009-08-26 21:27:16 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Moje dokumenty\Pobieranie\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2005-09-23 07:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])

SRV - [2007-05-30 14:31:10 | 00,312,880 | ---- | M] (GRISOFT s.r.o.) -- C:\Program Files\AVG Anti-Spyware 7.5\guard.exe -- (AVG Anti-Spyware Guard [Auto | Running])

SRV - [2005-09-23 07:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])

SRV - [1999-12-12 19:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTsvcCDA.exe -- (Creative Service for CDROM Access [Disabled | Stopped])

SRV - [2009-02-06 14:27:06 | 00,020,680 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv [On_Demand | Stopped])

SRV - [2009-02-06 14:23:36 | 00,727,720 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn [Auto | Running])

SRV - [2002-12-31 14:00:00 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])

SRV - [2007-05-15 15:55:46 | 01,550,896 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv [Disabled | Stopped])

SRV - [2009-07-25 05:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])

SRV - [2007-08-23 17:40:48 | 00,079,136 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Auto | Running])

SRV - [2007-04-13 21:09:56 | 00,792,112 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService [On_Demand | Stopped])

SRV - [2007-05-08 19:47:22 | 00,271,920 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService [On_Demand | Stopped])

SRV - [2007-11-06 11:30:00 | 00,155,716 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (NVSvc [Auto | Running])

SRV - [2005-08-08 06:54:00 | 00,167,936 | ---- | M] () -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe -- (RichVideo [Disabled | Stopped])

SRV - [2005-01-10 13:10:38 | 00,729,088 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\System32\Tablet.exe -- (TabletService [Auto | Running])

========== Driver Services (SafeList) ==========

DRV - [2006-07-01 23:32:26 | 00,043,520 | ---- | M] (Advanced Micro Devices) -- C:\WINDOWS\System32\DRIVERS\AmdK8.sys -- (AmdK8 [system | Running])

DRV - [2006-11-01 14:42:14 | 00,033,280 | ---- | M] (AMD, Inc.) -- C:\WINDOWS\System32\DRIVERS\AmdLLD.sys -- (AmdLLD [On_Demand | Running])

DRV - [2007-05-30 14:10:42 | 00,011,000 | ---- | M] () -- C:\Program Files\AVG Anti-Spyware 7.5\guard.sys -- (AVG Anti-Spyware Driver [system | Running])

DRV - [2007-05-30 14:10:42 | 00,010,872 | ---- | M] (GRISOFT, s.r.o.) -- C:\WINDOWS\System32\DRIVERS\AvgAsCln.sys -- (AvgAsCln [system | Running])

DRV - [2007-04-17 14:42:00 | 00,028,160 | ---- | M] (MICRO-STAR INT'L CO., LTD.) -- C:\Program Files\MSI\DualCoreCenter\NTGLM7X.sys -- (DualCoreCenter [On_Demand | Stopped])

DRV - [2009-02-06 14:19:52 | 00,113,448 | ---- | M] (ESET) -- C:\WINDOWS\System32\DRIVERS\eamon.sys -- (eamon [Auto | Running])

DRV - [2009-02-06 14:23:18 | 00,106,208 | ---- | M] (ESET) -- C:\WINDOWS\System32\DRIVERS\ehdrv.sys -- (ehdrv [system | Running])

DRV - [2009-02-06 14:24:24 | 00,093,336 | ---- | M] (ESET) -- C:\WINDOWS\System32\DRIVERS\epfwtdir.sys -- (epfwtdir [system | Running])

DRV - [2007-08-16 11:49:14 | 00,155,792 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\FTT3.sys -- (FTT3 [boot | Running])

DRV - [2005-01-07 17:07:18 | 00,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])

DRV - [2007-05-15 15:55:36 | 00,118,576 | ---- | M] (Nero AG) -- C:\WINDOWS\System32\drivers\InCDFs.sys -- (InCDfs [Disabled | Running])

DRV - [2007-05-15 15:55:36 | 00,037,040 | ---- | M] (Nero AG) -- C:\WINDOWS\System32\drivers\InCDPass.sys -- (InCDPass [system | Running])

DRV - [2007-05-15 15:55:36 | 00,038,576 | ---- | M] (Nero AG) -- C:\WINDOWS\System32\drivers\InCDRm.sys -- (incdrm [system | Running])

DRV - [2007-08-10 07:52:44 | 04,603,904 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running])

DRV - [2007-11-06 11:30:00 | 07,429,088 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])

DRV - [2008-06-19 17:24:30 | 00,028,544 | ---- | M] (Panda Security, S.L.) -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot [boot | Running])

DRV - [2003-08-04 14:22:44 | 00,016,128 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\PCANDIS5.SYS -- (PCANDIS5 [On_Demand | Stopped])

DRV - [2001-04-09 14:45:00 | 00,008,138 | ---- | M] (Wacom Technology Corporation) -- C:\WINDOWS\system32\drivers\PenClass.sys -- (PenClass [boot | Running])

DRV - [2002-12-31 14:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])

DRV - [2007-03-08 01:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [boot | Running])

DRV - [2007-05-31 09:19:22 | 00,096,896 | R--- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\System32\DRIVERS\Rtenicxp.sys -- (RTLE8023xp [On_Demand | Running])

DRV - [2007-10-18 00:09:08 | 00,051,200 | ---- | M] (Your Corporation) -- C:\Program Files\MSI\DualCoreCenter\RushTop.sys -- (RushTopDevice2 [On_Demand | Stopped])

DRV - [2002-12-31 14:00:00 | 00,027,440 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])

DRV - [2004-09-14 22:19:56 | 00,007,552 | ---- | M] (Sony Corporation) -- C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS -- (SONYPVU1 [On_Demand | Stopped])

DRV - [2007-01-25 17:45:02 | 00,006,784 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\whfltr2k.sys -- (whfltr2k [On_Demand | Running])

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1482476501-746137067-839522115-500\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKU\S-1-5-21-1482476501-746137067-839522115-500\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

IE - HKU\S-1-5-21-1482476501-746137067-839522115-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl

IE - HKU\S-1-5-21-1482476501-746137067-839522115-500\S-1-5-21-1482476501-746137067-839522115-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://onet.pl"

FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20090123.1

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {ea9be299-129b-4c3c-8876-d98c18c2fd39}:0.9.6

FF - prefs.js..extensions.enabledItems: {C4A808D2-254E-4039-832A-C75B72FBA2DA}:0.6.20080306

FF - prefs.js..extensions.enabledItems: {9E1A1CD4-8916-4951-AAB4-2D4497FDFD90}:0.5.20071013

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.2

FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009-03-26 19:26:43 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009-08-09 13:56:29 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009-08-09 13:56:29 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

[2008-08-27 14:52:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\mozilla\Extensions

[2008-08-27 14:52:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

[2009-08-26 21:08:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\mozilla\Firefox\Profiles\9cloutq6.default\extensions

[2008-08-16 00:27:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\mozilla\Firefox\Profiles\9cloutq6.default\extensions\{6D898772-AD34-4c16-86BB-9DE787A5DEA0}

[2008-08-16 15:15:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\mozilla\Firefox\Profiles\9cloutq6.default\extensions\{9E1A1CD4-8916-4951-AAB4-2D4497FDFD90}

[2008-08-16 15:15:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\mozilla\Firefox\Profiles\9cloutq6.default\extensions\{C4A808D2-254E-4039-832A-C75B72FBA2DA}

[2009-08-26 21:08:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\mozilla\Firefox\Profiles\9cloutq6.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}

[2009-07-01 15:44:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\mozilla\Firefox\Profiles\9cloutq6.default\extensions\{ea9be299-129b-4c3c-8876-d98c18c2fd39}

[2008-06-09 21:50:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\mozilla\Firefox\Profiles\9cloutq6.default\extensions\pbreak.br@gmail.com

[2009-08-26 21:08:46 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions

[2009-08-09 13:56:25 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2009-03-26 19:26:55 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

[2009-08-26 19:42:35 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

[2009-08-09 13:56:23 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll

[2009-08-09 13:56:23 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll

[2009-07-25 05:23:01 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll

[2009-02-24 21:34:22 | 00,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll

[2007-02-04 23:02:56 | 01,642,496 | ---- | M] (LizardTech) -- C:\Program Files\mozilla firefox\plugins\npdjvu.dll

[2009-08-09 13:56:25 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll

[2007-05-10 22:52:00 | 00,095,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll

[2009-07-20 13:39:10 | 00,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml

[2009-07-20 13:39:10 | 00,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml

[2009-07-20 13:39:10 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml

[2009-07-20 13:39:10 | 00,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml

[2009-07-20 13:39:10 | 00,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml

[2009-07-20 13:39:10 | 00,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml

[2009-07-20 13:39:10 | 00,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml

O1 HOSTS File: (742 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

O3 - HKLM\..\Toolbar: (no name) - {37B85A29-692B-4205-9CAD-2626E4993404} - No CLSID value found.

O3 - HKU\S-1-5-21-1482476501-746137067-839522115-500\..\Toolbar\WebBrowser: (no name) - {37B85A29-692B-4205-9CAD-2626E4993404} - No CLSID value found.

O4 - HKLM..\Run: [!AVG Anti-Spyware] C:\Program Files\AVG Anti-Spyware 7.5\avgas.exe (GRISOFT s.r.o.)

O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()

O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe (Simply Super Software)

O4 - HKLM..\Run: [WinSys2] C:\WINDOWS\System32\winsys2.exe ()

O4 - HKU\.DEFAULT..\RunOnce: [tscuninstall] C:\WINDOWS\System32\tscupgrd.exe (Microsoft Corporation)

O4 - HKU\S-1-5-18..\RunOnce: [tscuninstall] C:\WINDOWS\System32\tscupgrd.exe (Microsoft Corporation)

O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)

O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\TabUserW.exe.lnk = C:\WINDOWS\System32\WTablet\TabUserW.exe (Wacom Technology, Corp.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceClassicControlPanel = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-1482476501-746137067-839522115-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-1482476501-746137067-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-21-1482476501-746137067-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\S-1-5-21-1482476501-746137067-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-21-1482476501-746137067-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0

O7 - HKU\S-1-5-21-1482476501-746137067-839522115-500_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.

O16 - DPF: {051D0E35-F4E3-4C8D-B411-AB0875F4C683} http://install.anark.com/client/version4/windows-ie/en/AMClient.cab (Reg Error: Key error.)

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} http://www.kaspersky.pl/resources/virusscanner/kavwebscan_unicode.cab (CKAVWebScan Object)

O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} http://www.mks.com.pl/skaner/SkanerOnline.cab (Reg Error: Key error.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)

O16 - DPF: {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} Reg Error: Key error. (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.204.159.1 217.98.63.164

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp - No CLSID value found

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)

O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home

O28 - HKLM ShellExecuteHooks: {57B86673-276A-48B2-BAE7-C6DBB3020EB8} - C:\Program Files\AVG Anti-Spyware 7.5\shellexecutehook.dll (GRISOFT s.r.o.)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2008-06-04 20:18:09 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck) - File not found

O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)

O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009-08-26 22:18:20 | 00,382,246 | ---- | C] () -- C:\Documents and Settings\Administrator\Pulpit\nod32.jpg

[2009-08-26 21:54:08 | 00,000,000 | ---D | C] -- C:\Program Files\BearShare

[2009-08-26 20:47:10 | 00,000,754 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Trojan Remover.lnk

[2009-08-26 20:47:09 | 00,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll

[2009-08-26 20:47:09 | 00,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNRAR3.dll

[2009-08-26 20:47:09 | 00,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll

[2009-08-26 20:47:09 | 00,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll

[2009-08-26 20:47:09 | 00,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ztvcabinet.dll

[2009-08-26 20:46:57 | 00,000,000 | ---D | C] -- C:\Program Files\Trojan Remover

[2009-08-26 20:46:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Simply Super Software

[2009-08-26 20:46:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Moje dokumenty\Simply Super Software

[2009-08-26 20:46:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Dane aplikacji\Simply Super Software

[2009-08-26 20:26:58 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy

[2009-08-26 20:26:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy

[2009-08-26 19:49:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Dane aplikacji\Grisoft

[2009-08-26 19:49:21 | 00,010,872 | ---- | C] (GRISOFT, s.r.o.) -- C:\WINDOWS\System32\drivers\AvgAsCln.sys

[2009-08-26 19:49:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Grisoft

[2009-08-26 19:49:19 | 00,000,000 | ---D | C] -- C:\Program Files\AVG Anti-Spyware 7.5

[2009-08-25 23:23:16 | 00,110,606 | ---- | C] () -- C:\Documents and Settings\Administrator\Moje dokumenty\0719.jpg

[2009-08-25 23:23:11 | 00,139,746 | ---- | C] () -- C:\Documents and Settings\Administrator\Moje dokumenty\0823.jpg

[2009-08-25 23:22:29 | 00,116,111 | ---- | C] () -- C:\Documents and Settings\Administrator\Moje dokumenty\0717.jpg

[2009-08-25 23:21:12 | 00,101,368 | ---- | C] () -- C:\Documents and Settings\Administrator\Moje dokumenty\0805.jpg

[2009-08-25 23:08:38 | 00,065,610 | ---- | C] () -- C:\Documents and Settings\Administrator\Moje dokumenty\hirako02.jpg

[2009-08-25 22:51:17 | 00,258,180 | ---- | C] () -- C:\Documents and Settings\Administrator\Moje dokumenty\Kawaii_by_Rennard.swf

[2009-08-25 22:50:09 | 02,942,883 | ---- | C] () -- C:\Documents and Settings\Administrator\Moje dokumenty\opening_bleach_by_shinobu7.swf

[2009-08-24 23:28:15 | 00,070,039 | ---- | C] () -- C:\Documents and Settings\Administrator\Moje dokumenty\shinji-1.png

[2009-08-22 23:49:02 | 00,150,095 | ---- | C] () -- C:\Documents and Settings\Administrator\Moje dokumenty\20.png

[2009-08-22 14:21:40 | 00,139,264 | ---- | C] () -- C:\Documents and Settings\Administrator\Moje dokumenty\Tempura.doc

[2009-08-19 00:24:12 | 00,002,874 | ---- | C] () -- C:\Documents and Settings\Administrator\Moje dokumenty\urahara_tessai.gif

[2009-08-19 00:17:56 | 00,025,919 | ---- | C] () -- C:\Documents and Settings\Administrator\Moje dokumenty\62125793448baa3ee106c5.gif

[2009-08-14 14:30:31 | 00,019,968 | ---- | C] () -- C:\Documents and Settings\Administrator\Moje dokumenty\podręczniki.doc

[2009-08-13 15:18:16 | 00,001,927 | ---- | C] () -- C:\Documents and Settings\Administrator\Moje dokumenty\kako_ks2.gif

[2009-08-11 22:42:38 | 00,159,537 | ---- | C] () -- C:\Documents and Settings\Administrator\Moje dokumenty\5205939.jpg

[2009-08-10 20:03:30 | 01,896,174 | ---- | C] () -- C:\Documents and Settings\Administrator\Moje dokumenty\Bleach.gif

[2009-08-09 19:51:40 | 00,525,657 | ---- | C] () -- C:\Documents and Settings\Administrator\Moje dokumenty\Dance_Dance_America_by_yuumei.swf

[2009-07-02 16:20:45 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Route.INI

[2008-11-21 23:47:52 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll

[2008-11-02 18:14:01 | 00,000,000 | ---- | C] () -- C:\WINDOWS\ActivePaint.INI

[2008-10-08 18:27:17 | 00,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI

[2008-08-21 20:34:17 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2008-07-03 21:12:52 | 00,000,427 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2008-06-04 21:40:52 | 00,041,068 | ---- | C] () -- C:\WINDOWS\System32\ActPanel.dll

[2008-06-04 21:35:16 | 00,028,672 | R--- | C] () -- C:\WINDOWS\System32\adinst32.dll

[2008-06-04 21:31:43 | 00,015,744 | ---- | C] () -- C:\WINDOWS\System32\Wintab.dll

[2008-06-04 21:25:09 | 00,000,126 | ---- | C] () -- C:\WINDOWS\SCNDRVU.INI

[2008-06-04 21:25:07 | 00,065,024 | ---- | C] () -- C:\WINDOWS\System32\DECODER.DLL

[2008-06-04 20:47:16 | 00,000,000 | ---- | C] () -- C:\WINDOWS\msicpl.ini

[2008-06-04 20:45:12 | 00,131,072 | R--- | C] () -- C:\WINDOWS\System32\smdll.dll

[2008-06-04 20:45:10 | 00,266,240 | R--- | C] () -- C:\WINDOWS\System32\HookShield.dll

[2008-06-04 20:45:10 | 00,262,144 | R--- | C] () -- C:\WINDOWS\System32\HookMAp.dll

[2008-06-04 20:45:10 | 00,032,768 | R--- | C] () -- C:\WINDOWS\System32\Auxiliary.dll

[2008-06-04 20:39:28 | 00,217,088 | ---- | C] () -- C:\WINDOWS\NVGfxOgl.dll

[2007-11-06 11:30:00 | 01,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll

[2007-11-06 11:30:00 | 01,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll

[2007-11-06 11:30:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll

[2007-11-06 11:30:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll

[2007-11-06 11:30:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll

[2007-01-25 17:45:02 | 00,006,784 | ---- | C] () -- C:\WINDOWS\System32\drivers\whfltr2k.sys

[2006-11-01 08:54:30 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll

[2006-11-01 08:52:38 | 00,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

[2006-05-26 15:29:14 | 00,005,120 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll

[2006-04-03 14:26:36 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest

[2003-05-15 08:39:50 | 00,155,136 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll

[2002-12-31 14:00:00 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll

[2002-12-31 14:00:00 | 00,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys

[2002-12-31 14:00:00 | 00,000,573 | ---- | C] () -- C:\WINDOWS\win.ini

[2002-12-31 14:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini

[2002-05-15 06:58:38 | 00,122,880 | ---- | C] () -- C:\WINDOWS\System32\v2k2_dec.dll

[1999-01-22 18:46:58 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]

[4 C:\WINDOWS\*.tmp files]

[2009-08-26 22:18:20 | 00,382,246 | ---- | M] () -- C:\Documents and Settings\Administrator\Pulpit\nod32.jpg

[2009-08-26 20:54:29 | 00,984,778 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2009-08-26 20:54:29 | 00,448,004 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat

[2009-08-26 20:54:29 | 00,392,296 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2009-08-26 20:54:29 | 00,074,230 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat

[2009-08-26 20:54:29 | 00,058,596 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2009-08-26 20:50:30 | 00,012,398 | ---- | M] () -- C:\WINDOWS\System32\tablet.dat

[2009-08-26 20:50:15 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2009-08-26 20:50:15 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2009-08-26 20:47:10 | 00,000,754 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Trojan Remover.lnk

[2009-08-25 23:23:16 | 00,110,606 | ---- | M] () -- C:\Documents and Settings\Administrator\Moje dokumenty\0719.jpg

[2009-08-25 23:23:11 | 00,139,746 | ---- | M] () -- C:\Documents and Settings\Administrator\Moje dokumenty\0823.jpg

[2009-08-25 23:22:29 | 00,116,111 | ---- | M] () -- C:\Documents and Settings\Administrator\Moje dokumenty\0717.jpg

[2009-08-25 23:21:12 | 00,101,368 | ---- | M] () -- C:\Documents and Settings\Administrator\Moje dokumenty\0805.jpg

[2009-08-25 23:08:38 | 00,065,610 | ---- | M] () -- C:\Documents and Settings\Administrator\Moje dokumenty\hirako02.jpg

[2009-08-25 22:51:17 | 00,258,180 | ---- | M] () -- C:\Documents and Settings\Administrator\Moje dokumenty\Kawaii_by_Rennard.swf

[2009-08-25 22:50:09 | 02,942,883 | ---- | M] () -- C:\Documents and Settings\Administrator\Moje dokumenty\opening_bleach_by_shinobu7.swf

[2009-08-24 23:28:15 | 00,070,039 | ---- | M] () -- C:\Documents and Settings\Administrator\Moje dokumenty\shinji-1.png

[2009-08-23 16:26:32 | 00,150,016 | ---- | M] () -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009-08-22 23:49:02 | 00,150,095 | ---- | M] () -- C:\Documents and Settings\Administrator\Moje dokumenty\20.png

[2009-08-22 21:46:05 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

[2009-08-22 14:21:40 | 00,139,264 | ---- | M] () -- C:\Documents and Settings\Administrator\Moje dokumenty\Tempura.doc

[2009-08-19 00:24:12 | 00,002,874 | ---- | M] () -- C:\Documents and Settings\Administrator\Moje dokumenty\urahara_tessai.gif

[2009-08-19 00:17:57 | 00,025,919 | ---- | M] () -- C:\Documents and Settings\Administrator\Moje dokumenty\62125793448baa3ee106c5.gif

[2009-08-14 14:30:32 | 00,019,968 | ---- | M] () -- C:\Documents and Settings\Administrator\Moje dokumenty\podręczniki.doc

[2009-08-13 15:18:16 | 00,001,927 | ---- | M] () -- C:\Documents and Settings\Administrator\Moje dokumenty\kako_ks2.gif

[2009-08-11 22:42:38 | 00,159,537 | ---- | M] () -- C:\Documents and Settings\Administrator\Moje dokumenty\5205939.jpg

[2009-08-10 20:03:30 | 01,896,174 | ---- | M] () -- C:\Documents and Settings\Administrator\Moje dokumenty\Bleach.gif

[2009-08-09 19:51:41 | 00,525,657 | ---- | M] () -- C:\Documents and Settings\Administrator\Moje dokumenty\Dance_Dance_America_by_yuumei.swf

[2009-08-08 19:47:02 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

========== LOP Check ==========

[2009-08-26 21:54:55 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji

[2008-06-04 22:30:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Ahead

[2008-12-23 15:14:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Any Video Converter

[2008-09-08 21:44:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\AVSMedia

[2008-10-29 20:23:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\CadSoft

[2009-04-23 14:04:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\CyberLink

[2008-07-15 11:47:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\DMCache

[2008-07-15 10:57:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\fltk.org

[2008-10-08 18:15:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Free Sound Recorder

[2008-07-10 18:40:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Gadu-Gadu

[2009-08-26 19:49:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Grisoft

[2009-08-26 20:46:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Simply Super Software

[2009-03-15 16:03:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\SYSTEMAX Software Development

[2009-08-10 20:36:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Tlen.pl

[2009-08-26 20:46:57 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Dane aplikacji

[2008-11-02 22:56:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\10015

[2009-03-08 15:39:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\262EE

[2008-06-04 21:01:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Ahead

[2008-06-04 21:19:07 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\CanonBJ

[2008-11-02 22:56:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\channels

[2008-10-28 17:31:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\CyberLink

[2008-06-20 09:27:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ESET

[2009-08-26 19:49:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Grisoft

[2008-06-04 22:30:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\LightScribe

[2009-08-26 20:46:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Simply Super Software

[2009-01-01 22:30:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\SpeedBit

[2009-03-15 16:03:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\SYSTEMAX Software Development

[2009-08-26 20:53:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP

[2009-03-26 16:30:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Tlen.pl

[2008-06-04 22:06:53 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Default User\Dane aplikacji

[2008-06-04 20:19:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Dane aplikacji

[2008-06-04 20:19:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji

[2002-12-31 14:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini

[2009-08-26 20:50:15 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:9AEE100C

@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:94A19129

@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:CB0AACC9

@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:A9662AE0

< End of report >

nod32.jpg

post-21738-1251319188,69_thumb.jpg

Gość
komentarz
komentarz

Na taką infekcję użyj ComboFixa.

.

Kojo
komentarz
komentarz

Tylko nie wiem czy ten log to wyszedł dobrze, bo jak odpaliłam ComboFixa to mi pokazał że NOD32 jeszcze działa pomimo, że wyłączyłam go w procesach w Menedżerze Zadań...

Log do sprawdzenia

ComboFix 09-08-26.07 - Administrator 2009-08-27 17:21.11.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1250.48.1045.18.3327.2898 [GMT 2:00]

Uruchomiony z: c:\documents and settings\Administrator\Pulpit\ComboFix.exe

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

AV: ESET NOD32 Antivirus 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

* Rezydentny antywirus jest aktywny

.

/wow section - STAGE 41

FINDSTR: Nie moľna otworzy† c:\documents and settings\LocalService\Ustawienia lokalne\Dane aplikacji\*.inf

FINDSTR: Nie moľna otworzy† c:\documents and settings\LocalService\Ustawienia lokalne\Dane aplikacji\*.reg

FINDSTR: Nie moľna otworzy† c:\documents and settings\LocalService\Ustawienia lokalne\Dane aplikacji\*.bat

FINDSTR: Nie moľna otworzy† c:\documents and settings\LocalService\Ustawienia lokalne\Dane aplikacji\*.vbs

FINDSTR: Nie moľna otworzy† c:\documents and settings\Default User\Ustawienia lokalne\Dane aplikacji\*.inf

FINDSTR: Nie moľna otworzy† c:\documents and settings\Default User\Ustawienia lokalne\Dane aplikacji\*.reg

FINDSTR: Nie moľna otworzy† c:\documents and settings\Default User\Ustawienia lokalne\Dane aplikacji\*.bat

FINDSTR: Nie moľna otworzy† c:\documents and settings\Default User\Ustawienia lokalne\Dane aplikacji\*.vbs

FINDSTR: Nie moľna otworzy† c:\documents and settings\NetworkService\Ustawienia lokalne\Dane aplikacji\*.inf

FINDSTR: Nie moľna otworzy† c:\documents and settings\NetworkService\Ustawienia lokalne\Dane aplikacji\*.reg

FINDSTR: Nie moľna otworzy† c:\documents and settings\NetworkService\Ustawienia lokalne\Dane aplikacji\*.bat

FINDSTR: Nie moľna otworzy† c:\documents and settings\NetworkService\Ustawienia lokalne\Dane aplikacji\*.vbs

FINDSTR: Nie moľna otworzy† c:\documents and settings\Administrator\Ustawienia lokalne\Dane aplikacji\*.inf

FINDSTR: Nie moľna otworzy† c:\documents and settings\Administrator\Ustawienia lokalne\Dane aplikacji\*.reg

FINDSTR: Nie moľna otworzy† c:\documents and settings\Administrator\Ustawienia lokalne\Dane aplikacji\*.bat

FINDSTR: Nie moľna otworzy† c:\documents and settings\Administrator\Ustawienia lokalne\Dane aplikacji\*.vbs

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\Administrator\Dane aplikacji\wiaserva.log

c:\windows\system32\ieuinit.inf

c:\windows\system32\msconfig.exe

.

((((((((((((((((((((((((( Pliki utworzone od 2009-07-27 do 2009-08-27 )))))))))))))))))))))))))))))))

.

2009-08-26 18:26 . 2009-08-26 18:30 -------- d-----w- c:\program files\Spybot - Search & Destroy

2009-08-26 17:49 . 2009-08-26 17:49 -------- d-----w- c:\documents and settings\Administrator\Dane aplikacji\Grisoft

2009-08-26 17:49 . 2007-05-30 12:10 10872 ----a-w- c:\windows\system32\drivers\AvgAsCln.sys

2009-08-26 17:49 . 2009-08-26 17:49 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Grisoft

2009-08-26 17:49 . 2009-08-26 17:49 -------- d-----w- c:\program files\AVG Anti-Spyware 7.5

2009-08-26 17:42 . 2009-08-26 17:42 152576 ----a-w- c:\documents and settings\Administrator\Dane aplikacji\Sun\Java\jre1.6.0_15\lzma.dll

.

(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-08-27 15:16 . 2009-08-26 18:26 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Spybot - Search & Destroy

2009-08-27 15:03 . 2002-12-31 12:00 74230 ----a-w- c:\windows\system32\perfc015.dat

2009-08-27 15:03 . 2002-12-31 12:00 448004 ----a-w- c:\windows\system32\perfh015.dat

2009-08-27 14:59 . 2008-06-04 19:31 12398 ----a-w- c:\windows\system32\tablet.dat

2009-08-26 19:54 . 2009-08-26 19:54 -------- d-----w- c:\program files\BearShare

2009-08-26 18:53 . 2008-09-07 17:05 -------- d---a-w- c:\documents and settings\All Users\Dane aplikacji\TEMP

2009-08-26 18:53 . 2009-08-26 18:46 -------- d-----w- c:\program files\Trojan Remover

2009-08-26 18:46 . 2009-08-26 18:46 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Simply Super Software

2009-08-26 18:46 . 2009-08-26 18:46 -------- d-----w- c:\documents and settings\Administrator\Dane aplikacji\Simply Super Software

2009-08-26 17:42 . 2008-06-04 19:40 -------- d-----w- c:\program files\Java

2009-08-10 18:36 . 2008-06-04 20:40 -------- d-----w- c:\documents and settings\Administrator\Dane aplikacji\Tlen.pl

2009-08-05 17:29 . 2009-08-26 18:53 3036024 ----a-w- c:\documents and settings\Administrator\Dane aplikacji\Simply Super Software\Trojan Remover\knc7.exe

2009-07-25 03:23 . 2009-03-26 17:26 411368 ----a-w- c:\windows\system32\deploytk.dll

2009-07-21 13:10 . 2008-06-04 20:07 -------- d-----w- c:\documents and settings\Administrator\Dane aplikacji\Winamp

2009-07-21 11:27 . 2008-06-04 20:07 -------- d-----w- c:\program files\Winamp

2009-07-18 19:11 . 2009-07-18 19:11 -------- d-----w- c:\program files\CDex_170b2

2009-07-13 21:53 . 2009-07-13 21:40 -------- d-----w- c:\program files\CamStudio

2009-07-13 21:36 . 2009-07-13 21:36 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard

2009-07-13 18:12 . 2009-07-13 18:12 -------- d-----w- c:\program files\VDOWNLOADER

2009-07-02 14:13 . 2009-07-02 14:13 -------- d-----w- c:\program files\NAVIGO Copernicus

2009-06-04 18:12 . 2008-06-04 19:03 40600 ----a-w- c:\documents and settings\Administrator\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT

.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-06 8523776]

"WinSys2"="c:\windows\system32\winsys2.exe" [2007-10-30 208896]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-11-06 81920]

"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2021400]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]

"!AVG Anti-Spyware"="c:\program files\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 6731312]

"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2009-08-26 1068424]

"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-08-10 16384000]

"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-11-06 1626112]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2002-12-31 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2002-12-31 44544]

c:\documents and settings\All Users\Menu Start\Programy\Autostart\

Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

TabUserW.exe.lnk - c:\windows\system32\WTablet\TabUserW.exe [2008-6-4 106496]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"ForceClassicControlPanel"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]

@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Gamma Loader.lnk]

path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Adobe Gamma Loader.lnk

backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"RichVideo"=2 (0x2)

"InCDsrv"=2 (0x2)

"Creative Service for CDROM Access"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Tlen.pl\\tlen.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"%windir%\\system32\\drivers\\svchost.exe"=

R0 FTT3;FTT3;c:\windows\system32\drivers\FTT3.sys [2008-06-04 155792]

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-09-09 28544]

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-02-06 106208]

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2009-02-06 93336]

R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-02-06 727720]

R3 whfltr2k;WheelMouse USB Lower Filter Driver;c:\windows\system32\drivers\whfltr2k.sys [2007-01-25 6784]

S2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);c:\windows\system32\Drivers\e4ldr.sys --> c:\windows\system32\Drivers\e4ldr.sys [?]

S3 DualCoreCenter;DualCoreCenter;c:\program files\MSI\DualCoreCenter\NTGLM7X.sys [2008-06-04 28160]

S3 e4usbaw;USB ADSL2 WAN Adapter;c:\windows\system32\DRIVERS\e4usbaw.sys --> c:\windows\system32\DRIVERS\e4usbaw.sys [?]

S3 RushTopDevice2;RushTopDevice2;c:\program files\MSI\DualCoreCenter\RushTop.sys [2008-06-04 51200]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

"c:\program files\Common Files\LightScribe\LSRunOnce.exe"

.

- - - - USUNIĘTO PUSTE WPISY - - - -

SafeBoot-AVG Anti-Spyware Driver

.

------- Skan uzupełniający -------

.

uStart Page = hxxp://www.neostrada.pl

DPF: {051D0E35-F4E3-4C8D-B411-AB0875F4C683} - hxxp://install.anark.com/client/version4/windows-ie/en/AMClient.cab

FF - ProfilePath - c:\documents and settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\9cloutq6.default\

FF - prefs.js: browser.startup.homepage - hxxp://onet.pl

FF - plugin: c:\program files\Java\jre6\bin\npdeploytk.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npdjvu.dll

---- FIREFOX - SPOSÓB POSTĘPOWANIA ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");

c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-08-27 17:23

Windows 5.1.2600 Dodatek Service Pack 2 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone

ukryte pliki: 0

**************************************************************************

.

Czas ukończenia: 2009-08-27 17:24

ComboFix-quarantined-files.txt 2009-08-27 15:24

Przed: 296 071 729 152 bajtów wolnych

Po: 296 051 208 192 bajtów wolnych

WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer

195

Gość
komentarz
komentarz

Uruchom OTL i w oknie Custom Scans/Fixes wklej następujący skrypt:

:OTLPRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)O4 - HKLM..\Run: [WinSys2] C:\WINDOWS\System32\winsys2.exe ():FilesC:\WINDOWS\System32\winsys2.exe:Commands[emptytemp][start explorer][Reboot]

Kliknij w Run Fix. Zatwierdź restart komputera.

Następnie uruchamiasz OTL ponownie, tym razem wywołujesz opcję Run Scan. Pokazujesz nowy log OTL.txt (z czyszczenia + skan).

.

Kojo
komentarz
komentarz

OK, zrobione.

Po czyszczeniu:

Log do sprawdzenia

All processes killed

========== OTL ==========

No active process named explorer.exe was found!

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\WinSys2 deleted successfully.

C:\WINDOWS\System32\winsys2.exe moved successfully.

========== FILES ==========

File\Folder C:\WINDOWS\System32\winsys2.exe not found.

========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

->Temp folder emptied: 587573 bytes

->Temporary Internet Files folder emptied: 42862 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 52952571 bytes

User: All Users

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

User: LocalService

->Temp folder emptied: 0 bytes

File delete failed. C:\Documents and Settings\LocalService\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.

->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

%systemdrive% .tmp files removed: 0 bytes

C:\WINDOWS\130FA2D4E5B34BA89C4A70B615655319.TMP folder deleted successfully.

%systemroot% .tmp files removed: 2641190 bytes

%systemroot%\System32 .tmp files removed: 2596 bytes

Windows Temp folder emptied: 0 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 53,65 mb

OTL by OldTimer - Version 3.0.10.7 log created on 08272009_193502

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Po skanowaniu:

Log do sprawdzenia

OTL logfile created on: 2009-08-27 19:40:52 - Run 3

OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\Administrator\Moje dokumenty\Pobieranie

Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.2180)

Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 100,00% Memory free

4,00 Gb Paging File | 4,00 Gb Available in Paging File | 100,00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 298,08 Gb Total Space | 275,75 Gb Free Space | 92,51% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: LIWI-56CBBA89C6

Current User Name: Administrator

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: On

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Processes (SafeList) ==========

PRC - [2002-12-31 14:00:00 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE

PRC - [2007-05-30 14:31:10 | 00,312,880 | ---- | M] (GRISOFT s.r.o.) -- C:\Program Files\AVG Anti-Spyware 7.5\guard.exe

PRC - [2009-02-06 14:23:36 | 00,727,720 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

PRC - [2009-07-25 05:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe

PRC - [2007-08-23 17:40:48 | 00,079,136 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe

PRC - [2007-11-06 11:30:00 | 00,155,716 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe

PRC - [2005-01-10 13:10:38 | 00,729,088 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\System32\Tablet.exe

PRC - [2002-12-31 14:00:00 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wscntfy.exe

PRC - [2007-08-10 09:21:56 | 16,384,000 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE

PRC - [2009-07-25 05:23:12 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe

PRC - [2005-01-10 13:03:28 | 00,106,496 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\System32\WTablet\TabUserW.exe

PRC - [2009-08-26 21:27:16 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Moje dokumenty\Pobieranie\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2005-09-23 07:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])

SRV - [2007-05-30 14:31:10 | 00,312,880 | ---- | M] (GRISOFT s.r.o.) -- C:\Program Files\AVG Anti-Spyware 7.5\guard.exe -- (AVG Anti-Spyware Guard [Auto | Running])

SRV - [2005-09-23 07:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])

SRV - [1999-12-12 19:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTsvcCDA.exe -- (Creative Service for CDROM Access [Disabled | Stopped])

SRV - [2009-02-06 14:27:06 | 00,020,680 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv [On_Demand | Stopped])

SRV - [2009-02-06 14:23:36 | 00,727,720 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn [Auto | Running])

SRV - [2002-12-31 14:00:00 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])

SRV - [2007-05-15 15:55:46 | 01,550,896 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv [Disabled | Stopped])

SRV - [2009-07-25 05:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])

SRV - [2007-08-23 17:40:48 | 00,079,136 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Auto | Running])

SRV - [2007-04-13 21:09:56 | 00,792,112 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService [On_Demand | Stopped])

SRV - [2007-05-08 19:47:22 | 00,271,920 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService [On_Demand | Stopped])

SRV - [2007-11-06 11:30:00 | 00,155,716 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (NVSvc [Auto | Running])

SRV - [2005-08-08 06:54:00 | 00,167,936 | ---- | M] () -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe -- (RichVideo [Disabled | Stopped])

SRV - [2005-01-10 13:10:38 | 00,729,088 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\System32\Tablet.exe -- (TabletService [Auto | Running])

========== Driver Services (SafeList) ==========

DRV - [2006-07-01 23:32:26 | 00,043,520 | ---- | M] (Advanced Micro Devices) -- C:\WINDOWS\System32\DRIVERS\AmdK8.sys -- (AmdK8 [system | Running])

DRV - [2006-11-01 14:42:14 | 00,033,280 | ---- | M] (AMD, Inc.) -- C:\WINDOWS\System32\DRIVERS\AmdLLD.sys -- (AmdLLD [On_Demand | Running])

DRV - [2007-05-30 14:10:42 | 00,011,000 | ---- | M] () -- C:\Program Files\AVG Anti-Spyware 7.5\guard.sys -- (AVG Anti-Spyware Driver [system | Running])

DRV - [2007-05-30 14:10:42 | 00,010,872 | ---- | M] (GRISOFT, s.r.o.) -- C:\WINDOWS\System32\DRIVERS\AvgAsCln.sys -- (AvgAsCln [system | Running])

DRV - [2007-04-17 14:42:00 | 00,028,160 | ---- | M] (MICRO-STAR INT'L CO., LTD.) -- C:\Program Files\MSI\DualCoreCenter\NTGLM7X.sys -- (DualCoreCenter [On_Demand | Stopped])

DRV - [2009-02-06 14:19:52 | 00,113,448 | ---- | M] (ESET) -- C:\WINDOWS\System32\DRIVERS\eamon.sys -- (eamon [Auto | Running])

DRV - [2009-02-06 14:23:18 | 00,106,208 | ---- | M] (ESET) -- C:\WINDOWS\System32\DRIVERS\ehdrv.sys -- (ehdrv [system | Running])

DRV - [2009-02-06 14:24:24 | 00,093,336 | ---- | M] (ESET) -- C:\WINDOWS\System32\DRIVERS\epfwtdir.sys -- (epfwtdir [system | Running])

DRV - [2007-08-16 11:49:14 | 00,155,792 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\FTT3.sys -- (FTT3 [boot | Running])

DRV - [2005-01-07 17:07:18 | 00,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])

DRV - [2007-05-15 15:55:36 | 00,118,576 | ---- | M] (Nero AG) -- C:\WINDOWS\System32\drivers\InCDFs.sys -- (InCDfs [Disabled | Running])

DRV - [2007-05-15 15:55:36 | 00,037,040 | ---- | M] (Nero AG) -- C:\WINDOWS\System32\drivers\InCDPass.sys -- (InCDPass [system | Running])

DRV - [2007-05-15 15:55:36 | 00,038,576 | ---- | M] (Nero AG) -- C:\WINDOWS\System32\drivers\InCDRm.sys -- (incdrm [system | Running])

DRV - [2007-08-10 07:52:44 | 04,603,904 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running])

DRV - [2007-11-06 11:30:00 | 07,429,088 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])

DRV - [2008-06-19 17:24:30 | 00,028,544 | ---- | M] (Panda Security, S.L.) -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot [boot | Running])

DRV - [2003-08-04 14:22:44 | 00,016,128 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\PCANDIS5.SYS -- (PCANDIS5 [On_Demand | Stopped])

DRV - [2001-04-09 14:45:00 | 00,008,138 | ---- | M] (Wacom Technology Corporation) -- C:\WINDOWS\system32\drivers\PenClass.sys -- (PenClass [boot | Running])

DRV - [2002-12-31 14:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])

DRV - [2007-03-08 01:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [boot | Running])

DRV - [2007-05-31 09:19:22 | 00,096,896 | R--- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\System32\DRIVERS\Rtenicxp.sys -- (RTLE8023xp [On_Demand | Running])

DRV - [2007-10-18 00:09:08 | 00,051,200 | ---- | M] (Your Corporation) -- C:\Program Files\MSI\DualCoreCenter\RushTop.sys -- (RushTopDevice2 [On_Demand | Stopped])

DRV - [2002-12-31 14:00:00 | 00,027,440 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])

DRV - [2004-09-14 22:19:56 | 00,007,552 | ---- | M] (Sony Corporation) -- C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS -- (SONYPVU1 [On_Demand | Stopped])

DRV - [2007-01-25 17:45:02 | 00,006,784 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\whfltr2k.sys -- (whfltr2k [On_Demand | Running])

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1482476501-746137067-839522115-500\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKU\S-1-5-21-1482476501-746137067-839522115-500\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

IE - HKU\S-1-5-21-1482476501-746137067-839522115-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl

IE - HKU\S-1-5-21-1482476501-746137067-839522115-500\S-1-5-21-1482476501-746137067-839522115-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://onet.pl"

FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20090123.1

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {ea9be299-129b-4c3c-8876-d98c18c2fd39}:0.9.6

FF - prefs.js..extensions.enabledItems: {C4A808D2-254E-4039-832A-C75B72FBA2DA}:0.6.20080306

FF - prefs.js..extensions.enabledItems: {9E1A1CD4-8916-4951-AAB4-2D4497FDFD90}:0.5.20071013

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.2

FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009-03-26 19:26:43 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009-08-09 13:56:29 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009-08-09 13:56:29 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

[2008-08-27 14:52:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\mozilla\Extensions

[2008-08-27 14:52:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

[2009-08-27 17:10:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\mozilla\Firefox\Profiles\9cloutq6.default\extensions

[2008-08-16 00:27:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\mozilla\Firefox\Profiles\9cloutq6.default\extensions\{6D898772-AD34-4c16-86BB-9DE787A5DEA0}

[2008-08-16 15:15:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\mozilla\Firefox\Profiles\9cloutq6.default\extensions\{9E1A1CD4-8916-4951-AAB4-2D4497FDFD90}

[2008-08-16 15:15:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\mozilla\Firefox\Profiles\9cloutq6.default\extensions\{C4A808D2-254E-4039-832A-C75B72FBA2DA}

[2009-08-26 21:08:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\mozilla\Firefox\Profiles\9cloutq6.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}

[2009-07-01 15:44:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\mozilla\Firefox\Profiles\9cloutq6.default\extensions\{ea9be299-129b-4c3c-8876-d98c18c2fd39}

[2008-06-09 21:50:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\mozilla\Firefox\Profiles\9cloutq6.default\extensions\pbreak.br@gmail.com

[2009-08-27 17:10:52 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions

[2009-08-09 13:56:25 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2009-03-26 19:26:55 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

[2009-08-26 19:42:35 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

[2009-08-09 13:56:23 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll

[2009-08-09 13:56:23 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll

[2009-07-25 05:23:01 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll

[2009-02-24 21:34:22 | 00,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll

[2007-02-04 23:02:56 | 01,642,496 | ---- | M] (LizardTech) -- C:\Program Files\mozilla firefox\plugins\npdjvu.dll

[2009-08-09 13:56:25 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll

[2007-05-10 22:52:00 | 00,095,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll

[2009-07-20 13:39:10 | 00,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml

[2009-07-20 13:39:10 | 00,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml

[2009-07-20 13:39:10 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml

[2009-07-20 13:39:10 | 00,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml

[2009-07-20 13:39:10 | 00,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml

[2009-07-20 13:39:10 | 00,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml

[2009-07-20 13:39:10 | 00,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml

O1 HOSTS File: (742 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

O3 - HKLM\..\Toolbar: (no name) - {37B85A29-692B-4205-9CAD-2626E4993404} - No CLSID value found.

O3 - HKU\S-1-5-21-1482476501-746137067-839522115-500\..\Toolbar\WebBrowser: (no name) - {37B85A29-692B-4205-9CAD-2626E4993404} - No CLSID value found.

O4 - HKLM..\Run: [!AVG Anti-Spyware] C:\Program Files\AVG Anti-Spyware 7.5\avgas.exe (GRISOFT s.r.o.)

O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()

O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe (Simply Super Software)

O4 - HKU\.DEFAULT..\RunOnce: [tscuninstall] C:\WINDOWS\System32\tscupgrd.exe (Microsoft Corporation)

O4 - HKU\S-1-5-18..\RunOnce: [tscuninstall] C:\WINDOWS\System32\tscupgrd.exe (Microsoft Corporation)

O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)

O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\TabUserW.exe.lnk = C:\WINDOWS\System32\WTablet\TabUserW.exe (Wacom Technology, Corp.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceClassicControlPanel = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-1482476501-746137067-839522115-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-1482476501-746137067-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-21-1482476501-746137067-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\S-1-5-21-1482476501-746137067-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-21-1482476501-746137067-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0

O7 - HKU\S-1-5-21-1482476501-746137067-839522115-500_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.

O16 - DPF: {051D0E35-F4E3-4C8D-B411-AB0875F4C683} http://install.anark.com/client/version4/windows-ie/en/AMClient.cab (Reg Error: Key error.)

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} http://www.kaspersky.pl/resources/virusscanner/kavwebscan_unicode.cab (CKAVWebScan Object)

O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} http://www.mks.com.pl/skaner/SkanerOnline.cab (Reg Error: Key error.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)

O16 - DPF: {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} Reg Error: Key error. (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.204.159.1 217.98.63.164

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp - No CLSID value found

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)

O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home

O28 - HKLM ShellExecuteHooks: {57B86673-276A-48B2-BAE7-C6DBB3020EB8} - C:\Program Files\AVG Anti-Spyware 7.5\shellexecutehook.dll (GRISOFT s.r.o.)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2008-06-04 20:18:09 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck) - File not found

O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)

O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009-08-27 19:35:04 | 00,000,000 | -HSD | C] -- C:\RECYCLER

[2009-08-27 19:35:02 | 00,000,000 | ---D | C] -- C:\_OTL

[2009-08-27 17:24:18 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp

[2009-08-27 17:23:45 | 03,003,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\mshtml.dll

[2009-08-27 17:23:45 | 01,548,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\sfcfiles.dll

[2009-08-27 17:23:45 | 00,924,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\mfc40u.dll

[2009-08-27 17:23:45 | 00,822,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\comres.dll

[2009-08-27 17:23:45 | 00,611,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\comctl32.dll

[2009-08-27 17:23:45 | 00,574,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntfs.sys

[2009-08-27 17:23:45 | 00,435,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntmssvc.dll

[2009-08-27 17:23:45 | 00,407,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\netlogon.dll

[2009-08-27 17:23:45 | 00,395,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\rpcss.dll

[2009-08-27 17:23:45 | 00,382,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\qmgr.dll

[2009-08-27 17:23:45 | 00,246,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\mswsock.dll

[2009-08-27 17:23:45 | 00,246,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\tapisrv.dll

[2009-08-27 17:23:45 | 00,243,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\es.dll

[2009-08-27 17:23:45 | 00,198,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\netman.dll

[2009-08-27 17:23:45 | 00,192,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\schedsvc.dll

[2009-08-27 17:23:45 | 00,185,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\upnphost.dll

[2009-08-27 17:23:45 | 00,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\scecli.dll

[2009-08-27 17:23:45 | 00,171,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\srsvc.dll

[2009-08-27 17:23:45 | 00,142,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\aec.sys

[2009-08-27 17:23:45 | 00,135,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\shsvcs.dll

[2009-08-27 17:23:45 | 00,129,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\xmlprov.dll

[2009-08-27 17:23:45 | 00,110,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\imm32.dll

[2009-08-27 17:23:45 | 00,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\rasauto.dll

[2009-08-27 17:23:45 | 00,077,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\browser.dll

[2009-08-27 17:23:45 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ssdpsrv.dll

[2009-08-27 17:23:45 | 00,060,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\cryptsvc.dll

[2009-08-27 17:23:45 | 00,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\regsvc.dll

[2009-08-27 17:23:45 | 00,055,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\eventlog.dll

[2009-08-27 17:23:45 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\msgsvc.dll

[2009-08-27 17:23:45 | 00,027,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\mspmsnsv.dll

[2009-08-27 17:23:45 | 00,024,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\kbdclass.sys

[2009-08-27 17:23:45 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\lpk.dll

[2009-08-27 17:23:45 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\linkinfo.dll

[2009-08-27 17:23:45 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\powrprof.dll

[2009-08-27 17:23:45 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\asyncmac.sys

[2009-08-27 17:23:45 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\wscntfy.exe

[2009-08-27 17:23:45 | 00,012,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\acpiec.sys

[2009-08-27 17:23:45 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\sfc.dll

[2009-08-27 17:23:45 | 00,004,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\beep.sys

[2009-08-27 17:23:45 | 00,002,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\null.sys

[2009-08-27 17:23:44 | 02,149,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntoskrnl.exe

[2009-08-27 17:23:44 | 02,016,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntkrnlpa.exe

[2009-08-27 17:23:44 | 01,033,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\explorer.exe

[2009-08-27 17:23:44 | 01,012,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\kernel32.dll

[2009-08-27 17:23:44 | 00,296,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\termsrv.dll

[2009-08-27 17:23:44 | 00,182,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ndis.sys

[2009-08-27 17:23:44 | 00,112,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\wuauclt.exe

[2009-08-27 17:23:44 | 00,108,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\services.exe

[2009-08-27 17:23:44 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\spoolsv.exe

[2009-08-27 17:23:44 | 00,029,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ip6fw.sys

[2009-08-27 17:23:44 | 00,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\userinit.exe

[2009-08-27 17:23:44 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ctfmon.exe

[2009-08-27 17:23:44 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\lsass.exe

[2009-08-27 17:23:43 | 00,658,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\wininet.dll

[2009-08-27 17:23:43 | 00,578,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\user32.dll

[2009-08-27 17:23:43 | 00,504,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\winlogon.exe

[2009-08-27 17:23:43 | 00,359,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\tcpip.sys

[2009-08-27 17:23:43 | 00,082,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ws2_32.dll

[2009-08-27 17:23:43 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\svchost.exe

[2009-08-27 17:23:43 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\dllcache\cache

[2009-08-27 17:21:21 | 00,000,223 | ---- | C] () -- C:\Boot.bak

[2009-08-27 17:21:19 | 00,262,400 | ---- | C] () -- C:\cmldr

[2009-08-27 17:21:17 | 00,000,000 | RHSD | C] -- C:\cmdcons

[2009-08-27 17:20:01 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2009-08-27 17:20:00 | 00,229,376 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2009-08-27 17:20:00 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2009-08-27 17:20:00 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2009-08-27 17:20:00 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2009-08-27 17:20:00 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2009-08-27 17:20:00 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2009-08-27 17:20:00 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2009-08-27 17:19:51 | 00,000,000 | --SD | C] -- C:\ComboFix

[2009-08-27 17:16:30 | 00,000,000 | ---D | C] -- C:\Qoobox

[2009-08-27 17:14:45 | 03,185,323 | R--- | C] () -- C:\Documents and Settings\Administrator\Pulpit\ComboFix.exe

[2009-08-27 00:12:41 | 00,369,988 | ---- | C] () -- C:\Documents and Settings\Administrator\Moje dokumenty\Kisuke_and_Isshin_by_zo_ey.jpg

[2009-08-26 23:50:17 | 00,164,612 | ---- | C] () -- C:\Documents and Settings\Administrator\Moje dokumenty\d18_nekokisuke.jpg

[2009-08-26 22:18:20 | 00,382,246 | ---- | C] () -- C:\Documents and Settings\Administrator\Pulpit\nod32.jpg

[2009-08-26 21:54:08 | 00,000,000 | ---D | C] -- C:\Program Files\BearShare

[2009-08-26 20:47:09 | 00,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll

[2009-08-26 20:47:09 | 00,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNRAR3.dll

[2009-08-26 20:47:09 | 00,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll

[2009-08-26 20:47:09 | 00,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll

[2009-08-26 20:47:09 | 00,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ztvcabinet.dll

[2009-08-26 20:46:57 | 00,000,000 | ---D | C] -- C:\Program Files\Trojan Remover

[2009-08-26 20:46:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Simply Super Software

[2009-08-26 20:46:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Moje dokumenty\Simply Super Software

[2009-08-26 20:46:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Dane aplikacji\Simply Super Software

[2009-08-26 20:26:58 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy

[2009-08-26 20:26:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy

[2009-08-26 19:49:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Dane aplikacji\Grisoft

[2009-08-26 19:49:21 | 00,010,872 | ---- | C] (GRISOFT, s.r.o.) -- C:\WINDOWS\System32\drivers\AvgAsCln.sys

[2009-08-26 19:49:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Grisoft

[2009-08-26 19:49:19 | 00,000,000 | ---D | C] -- C:\Program Files\AVG Anti-Spyware 7.5

[2009-08-25 23:23:16 | 00,110,606 | ---- | C] () -- C:\Documents and Settings\Administrator\Moje dokumenty\0719.jpg

[2009-08-25 23:23:11 | 00,139,746 | ---- | C] () -- C:\Documents and Settings\Administrator\Moje dokumenty\0823.jpg

[2009-08-25 23:22:29 | 00,116,111 | ---- | C] () -- C:\Documents and Settings\Administrator\Moje dokumenty\0717.jpg

[2009-08-25 23:21:12 | 00,101,368 | ---- | C] () -- C:\Documents and Settings\Administrator\Moje dokumenty\0805.jpg

[2009-08-25 23:08:38 | 00,065,610 | ---- | C] () -- C:\Documents and Settings\Administrator\Moje dokumenty\hirako02.jpg

[2009-08-25 22:51:17 | 00,258,180 | ---- | C] () -- C:\Documents and Settings\Administrator\Moje dokumenty\Kawaii_by_Rennard.swf

[2009-08-25 22:50:09 | 02,942,883 | ---- | C] () -- C:\Documents and Settings\Administrator\Moje dokumenty\opening_bleach_by_shinobu7.swf

[2009-08-24 23:28:15 | 00,070,039 | ---- | C] () -- C:\Documents and Settings\Administrator\Moje dokumenty\shinji-1.png

[2009-08-22 23:49:02 | 00,150,095 | ---- | C] () -- C:\Documents and Settings\Administrator\Moje dokumenty\20.png

[2009-08-22 14:21:40 | 00,139,264 | ---- | C] () -- C:\Documents and Settings\Administrator\Moje dokumenty\Tempura.doc

[2009-08-19 00:24:12 | 00,002,874 | ---- | C] () -- C:\Documents and Settings\Administrator\Moje dokumenty\urahara_tessai.gif

[2009-08-19 00:17:56 | 00,025,919 | ---- | C] () -- C:\Documents and Settings\Administrator\Moje dokumenty\62125793448baa3ee106c5.gif

[2009-08-14 14:30:31 | 00,019,968 | ---- | C] () -- C:\Documents and Settings\Administrator\Moje dokumenty\podręczniki.doc

[2009-08-13 15:18:16 | 00,001,927 | ---- | C] () -- C:\Documents and Settings\Administrator\Moje dokumenty\kako_ks2.gif

[2009-08-11 22:42:38 | 00,159,537 | ---- | C] () -- C:\Documents and Settings\Administrator\Moje dokumenty\5205939.jpg

[2009-08-10 20:03:30 | 01,896,174 | ---- | C] () -- C:\Documents and Settings\Administrator\Moje dokumenty\Bleach.gif

[2009-08-09 19:51:40 | 00,525,657 | ---- | C] () -- C:\Documents and Settings\Administrator\Moje dokumenty\Dance_Dance_America_by_yuumei.swf

[2009-07-02 16:20:45 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Route.INI

[2008-11-21 23:47:52 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll

[2008-11-02 18:14:01 | 00,000,000 | ---- | C] () -- C:\WINDOWS\ActivePaint.INI

[2008-10-08 18:27:17 | 00,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI

[2008-08-21 20:34:17 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2008-07-03 21:12:52 | 00,000,427 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2008-06-04 21:40:52 | 00,041,068 | ---- | C] () -- C:\WINDOWS\System32\ActPanel.dll

[2008-06-04 21:35:16 | 00,028,672 | R--- | C] () -- C:\WINDOWS\System32\adinst32.dll

[2008-06-04 21:31:43 | 00,015,744 | ---- | C] () -- C:\WINDOWS\System32\Wintab.dll

[2008-06-04 21:25:09 | 00,000,126 | ---- | C] () -- C:\WINDOWS\SCNDRVU.INI

[2008-06-04 21:25:07 | 00,065,024 | ---- | C] () -- C:\WINDOWS\System32\DECODER.DLL

[2008-06-04 20:47:16 | 00,000,000 | ---- | C] () -- C:\WINDOWS\msicpl.ini

[2008-06-04 20:45:12 | 00,131,072 | R--- | C] () -- C:\WINDOWS\System32\smdll.dll

[2008-06-04 20:45:10 | 00,266,240 | R--- | C] () -- C:\WINDOWS\System32\HookShield.dll

[2008-06-04 20:45:10 | 00,262,144 | R--- | C] () -- C:\WINDOWS\System32\HookMAp.dll

[2008-06-04 20:45:10 | 00,032,768 | R--- | C] () -- C:\WINDOWS\System32\Auxiliary.dll

[2008-06-04 20:39:28 | 00,217,088 | ---- | C] () -- C:\WINDOWS\NVGfxOgl.dll

[2007-11-06 11:30:00 | 01,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll

[2007-11-06 11:30:00 | 01,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll

[2007-11-06 11:30:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll

[2007-11-06 11:30:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll

[2007-11-06 11:30:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll

[2007-01-25 17:45:02 | 00,006,784 | ---- | C] () -- C:\WINDOWS\System32\drivers\whfltr2k.sys

[2006-11-01 08:54:30 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll

[2006-11-01 08:52:38 | 00,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

[2006-05-26 15:29:14 | 00,005,120 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll

[2006-04-03 14:26:36 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest

[2003-05-15 08:39:50 | 00,155,136 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll

[2002-12-31 14:00:00 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll

[2002-12-31 14:00:00 | 00,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys

[2002-12-31 14:00:00 | 00,000,573 | ---- | C] () -- C:\WINDOWS\win.ini

[2002-12-31 14:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini

[2002-05-15 06:58:38 | 00,122,880 | ---- | C] () -- C:\WINDOWS\System32\v2k2_dec.dll

[1999-01-22 18:46:58 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== Files - Modified Within 30 Days ==========

[2009-08-27 19:37:56 | 00,012,398 | ---- | M] () -- C:\WINDOWS\System32\tablet.dat

[2009-08-27 19:37:44 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2009-08-27 19:37:44 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2009-08-27 19:32:56 | 00,448,004 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat

[2009-08-27 19:32:56 | 00,392,296 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2009-08-27 19:32:56 | 00,074,230 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat

[2009-08-27 19:32:56 | 00,058,596 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2009-08-27 19:32:55 | 00,984,778 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2009-08-27 17:23:36 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini

[2009-08-27 17:21:21 | 00,000,293 | RHS- | M] () -- C:\boot.ini

[2009-08-27 17:15:14 | 03,185,323 | R--- | M] () -- C:\Documents and Settings\Administrator\Pulpit\ComboFix.exe

[2009-08-27 00:12:41 | 00,369,988 | ---- | M] () -- C:\Documents and Settings\Administrator\Moje dokumenty\Kisuke_and_Isshin_by_zo_ey.jpg

[2009-08-26 23:50:17 | 00,164,612 | ---- | M] () -- C:\Documents and Settings\Administrator\Moje dokumenty\d18_nekokisuke.jpg

[2009-08-26 22:18:20 | 00,382,246 | ---- | M] () -- C:\Documents and Settings\Administrator\Pulpit\nod32.jpg

[2009-08-25 23:23:16 | 00,110,606 | ---- | M] () -- C:\Documents and Settings\Administrator\Moje dokumenty\0719.jpg

[2009-08-25 23:23:11 | 00,139,746 | ---- | M] () -- C:\Documents and Settings\Administrator\Moje dokumenty\0823.jpg

[2009-08-25 23:22:29 | 00,116,111 | ---- | M] () -- C:\Documents and Settings\Administrator\Moje dokumenty\0717.jpg

[2009-08-25 23:21:12 | 00,101,368 | ---- | M] () -- C:\Documents and Settings\Administrator\Moje dokumenty\0805.jpg

[2009-08-25 23:08:38 | 00,065,610 | ---- | M] () -- C:\Documents and Settings\Administrator\Moje dokumenty\hirako02.jpg

[2009-08-25 22:51:17 | 00,258,180 | ---- | M] () -- C:\Documents and Settings\Administrator\Moje dokumenty\Kawaii_by_Rennard.swf

[2009-08-25 22:50:09 | 02,942,883 | ---- | M] () -- C:\Documents and Settings\Administrator\Moje dokumenty\opening_bleach_by_shinobu7.swf

[2009-08-24 23:28:15 | 00,070,039 | ---- | M] () -- C:\Documents and Settings\Administrator\Moje dokumenty\shinji-1.png

[2009-08-23 16:26:32 | 00,150,016 | ---- | M] () -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009-08-23 03:09:13 | 00,229,376 | ---- | M] () -- C:\WINDOWS\PEV.exe

[2009-08-22 23:49:02 | 00,150,095 | ---- | M] () -- C:\Documents and Settings\Administrator\Moje dokumenty\20.png

[2009-08-22 21:46:05 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

[2009-08-22 14:21:40 | 00,139,264 | ---- | M] () -- C:\Documents and Settings\Administrator\Moje dokumenty\Tempura.doc

[2009-08-19 00:24:12 | 00,002,874 | ---- | M] () -- C:\Documents and Settings\Administrator\Moje dokumenty\urahara_tessai.gif

[2009-08-19 00:17:57 | 00,025,919 | ---- | M] () -- C:\Documents and Settings\Administrator\Moje dokumenty\62125793448baa3ee106c5.gif

[2009-08-14 14:30:32 | 00,019,968 | ---- | M] () -- C:\Documents and Settings\Administrator\Moje dokumenty\podręczniki.doc

[2009-08-13 15:18:16 | 00,001,927 | ---- | M] () -- C:\Documents and Settings\Administrator\Moje dokumenty\kako_ks2.gif

[2009-08-11 22:42:38 | 00,159,537 | ---- | M] () -- C:\Documents and Settings\Administrator\Moje dokumenty\5205939.jpg

[2009-08-10 20:03:30 | 01,896,174 | ---- | M] () -- C:\Documents and Settings\Administrator\Moje dokumenty\Bleach.gif

[2009-08-09 19:51:41 | 00,525,657 | ---- | M] () -- C:\Documents and Settings\Administrator\Moje dokumenty\Dance_Dance_America_by_yuumei.swf

[2009-08-08 19:47:02 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

========== LOP Check ==========

[2009-08-27 17:23:20 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji

[2008-06-04 22:30:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Ahead

[2008-12-23 15:14:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Any Video Converter

[2008-09-08 21:44:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\AVSMedia

[2008-10-29 20:23:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\CadSoft

[2009-04-23 14:04:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\CyberLink

[2008-07-15 11:47:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\DMCache

[2008-07-15 10:57:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\fltk.org

[2008-10-08 18:15:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Free Sound Recorder

[2008-07-10 18:40:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Gadu-Gadu

[2009-08-26 19:49:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Grisoft

[2009-08-26 20:46:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Simply Super Software

[2009-03-15 16:03:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\SYSTEMAX Software Development

[2009-08-10 20:36:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Tlen.pl

[2009-08-26 20:46:57 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Dane aplikacji

[2008-11-02 22:56:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\10015

[2009-03-08 15:39:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\262EE

[2008-06-04 21:01:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Ahead

[2008-06-04 21:19:07 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\CanonBJ

[2008-11-02 22:56:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\channels

[2008-10-28 17:31:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\CyberLink

[2008-06-20 09:27:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ESET

[2009-08-26 19:49:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Grisoft

[2008-06-04 22:30:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\LightScribe

[2009-08-26 20:46:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Simply Super Software

[2009-01-01 22:30:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\SpeedBit

[2009-03-15 16:03:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\SYSTEMAX Software Development

[2009-08-27 19:30:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP

[2009-03-26 16:30:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Tlen.pl

[2008-06-04 22:06:53 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Default User\Dane aplikacji

[2008-06-04 20:19:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Dane aplikacji

[2008-06-04 20:19:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji

[2002-12-31 14:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini

[2009-08-27 19:37:44 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:9AEE100C

@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:94A19129

@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:CB0AACC9

@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:A9662AE0

< End of report >

Gość
komentarz
komentarz

Teraz jest czysto.

1. Odpal OTL i wywołaj go z opcji CleanUp, zgódź się na czyszczenie + restart komputera.

2. Wyczyść Kwarantannę NOD'a, tak żeby nic nie pozostało.

3. Z folderu "System Volume Information" usuniesz poprzez chwilowe wyłączenie "Przywracania Systemu":

>Panel Sterowania>System>Przywracanie Systemu>>zaznacz w okienku przy "Wyłącz przywracanie na wszystkich dyskach">Zastosuj>OK.

Potem możesz powrócić do poprzedniego ustawienia (czyli usunąć zaznaczenie z okienka).

4. Użyj programu Malwarebytes.

Wciskamy Skanuj, wybieramy dyski do skanowania i Rozpoczynamy skanowanie, na końcu wciskamy Usuń zaznaczone jak będą i Ok.

Wrzuć wygenerowany raport po usuwaniu MBAMem.

.

Kojo
komentarz
komentarz
Log do sprawdzenia

Malwarebytes' Anti-Malware 1.40
Wersja bazy definicji: 2706
Windows 5.1.2600 Dodatek Service Pack 2

2009-08-27 20:52:12
mbam-log-2009-08-27 (20-52-12).txt

Typ skanowania: Pełne skanowanie (C:\|)
Przeskanowane obiekty: 132386
Upłynęło: 9 minute(s), 42 second(s)

Zainfekowane procesy w pamięci: 0
Zainfekowane moduły pamięci: 0
Zainfekowane klucze rejestru: 1
Zainfekowane wartości rejestru: 3
Zainfekowane pliki rejestru: 0
Zainfekowane foldery: 0
Zainfekowane pliki: 4

Zainfekowane procesy w pamięci:
(Nie wykryto groźnych plików)

Zainfekowane moduły pamięci:
(Nie wykryto groźnych plików)

Zainfekowane klucze rejestru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{37b85a29-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Zainfekowane wartości rejestru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{37b85a29-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{37b85a29-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceClassicControlPanel (Hijack.ControlPanelStyle) -> Delete on reboot.

Zainfekowane pliki rejestru:
(Nie wykryto groźnych plików)

Zainfekowane foldery:
(Nie wykryto groźnych plików)

Zainfekowane pliki:
C:\WINDOWS\temp\wpv421237410850.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\digeste.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\temp\wpv831238011910.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\svchost.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
Gość
komentarz
komentarz

Powinno być w porządku. ;]

.

Kojo
komentarz
komentarz

Baaardzo dziękuję za pomoc :D

Pozdrawiam :)

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.