Duban utworzono 6 września 2009 utworzono 6 września 2009 Witam, prosze o sprawdzenie logów z PC. Ten komputer jest mocno "zasyfiony". Widzę już tu parę popularnych "programów antywirusowych", króte w rzczywistości wiadomo czym są Log do sprawdzenia OTL logfile created on: 2009-09-06 17:36:22 - Run 1OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\user\Pulpit\OTL log Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 383,49 Mb Total Physical Memory | 155,16 Mb Available Physical Memory | 40,46% Memory free 1,31 Gb Paging File | 1,09 Gb Available in Paging File | 83,18% Paging File free Paging file location(s): C:\pagefile.sys 500 700E:\pagefile.sys 500 700 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 14,81 Gb Total Space | 0,33 Gb Free Space | 2,26% Space Free | Partition Type: NTFS D: Drive not present or media not loaded Drive E: | 22,46 Gb Total Space | 20,76 Gb Free Space | 92,45% Space Free | Partition Type: NTFS F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: DOMOWY Current User Name: user Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: On Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2004-09-07 15:25:12 | 01,151,090 | ---- | M] (Ahead Software AG) -- C:\Program Files\Ahead\InCD\InCDsrv.exe PRC - [2007-10-29 13:27:04 | 00,587,096 | ---- | M] (Lavasoft AB) -- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe PRC - [2006-04-17 19:42:14 | 00,311,296 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\System32\LEXBCES.EXE PRC - [2006-04-17 19:41:24 | 00,174,592 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\System32\LEXPPS.EXE PRC - [2004-08-23 14:49:56 | 00,040,960 | ---- | M] (France Telecom) -- C:\WINDOWS\System32\FTRTSVC.exe PRC - [2007-03-27 09:29:52 | 00,192,512 | ---- | M] (AltrixSoft (http://www.altrixsoft.com/)) -- C:\WINDOWS\System32\HDDSvc.exe PRC - [2003-10-06 14:16:00 | 00,081,920 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe PRC - [2008-09-06 00:30:06 | 00,952,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\WgaTray.exe PRC - [2007-06-13 15:23:49 | 01,034,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE PRC - [2006-10-12 04:10:54 | 00,049,263 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe PRC - [2006-07-13 07:33:38 | 00,057,344 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe PRC - [2004-09-07 17:25:57 | 01,400,944 | ---- | M] (Ahead Software AG) -- C:\Program Files\Ahead\InCD\InCD.exe PRC - [2007-11-07 19:12:20 | 00,429,056 | ---- | M] () -- C:\Program Files\Common Files\OczyszczaczKomputerza\mc.exe PRC - [2004-08-04 00:44:28 | 00,012,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\regsvr32.exe PRC - [2005-10-28 16:25:44 | 00,094,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe PRC - [2004-10-05 17:00:12 | 00,061,440 | ---- | M] (France Télécom R&D) -- C:\Program Files\neostrada tp\TaskBarIcon.exe PRC - [2006-07-13 07:33:14 | 00,053,248 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files\Lexmark 1200 Series\lxczbmon.exe PRC - [2004-08-04 00:44:22 | 00,093,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe PRC - [2005-12-06 14:53:30 | 00,819,200 | ---- | M] (France Télécom R&D) -- C:\Program Files\neostrada tp\neostradatp.exe PRC - [2005-11-22 12:54:18 | 00,249,856 | ---- | M] (France Télécom R&D) -- C:\Program Files\neostrada tp\ComComp.exe PRC - [2004-11-02 15:31:20 | 00,069,632 | ---- | M] (France Telecom R&D) -- C:\Program Files\neostrada tp\Toaster.exe PRC - [2004-10-27 11:30:44 | 00,032,768 | ---- | M] () -- C:\Program Files\neostrada tp\Inactivity.exe PRC - [2004-10-27 11:07:06 | 00,069,632 | ---- | M] () -- C:\Program Files\neostrada tp\PollingModule.exe PRC - [2004-10-21 08:50:52 | 00,045,056 | ---- | M] () -- C:\WINDOWS\System32\AlertModule\AlertModule.exe PRC - [2004-08-23 14:49:56 | 00,020,480 | ---- | M] (France Télécom R&D) -- C:\Program Files\neostrada tp\Watch.exe PRC - [2004-08-04 00:44:22 | 00,093,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\IEXPLORE.EXE PRC - [2009-09-06 17:34:59 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Pulpit\OTL log\OTL.exe ========== Win32 Services (SafeList) ========== SRV - [2007-10-29 13:27:04 | 00,587,096 | ---- | M] (Lavasoft AB) -- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe -- (aawservice [Disabled | Running]) SRV - [2007-03-20 03:19:14 | 00,263,168 | ---- | M] (Ares Development Group) -- C:\Program Files\Ares\chatServer.exe -- (AresChatServer [Disabled | Stopped]) SRV - [2006-03-22 02:36:36 | 00,208,384 | ---- | M] (OuterTechnologies) -- C:\Program Files\CachemanXP\CachemanXP.exe -- (CachemanXPService [Disabled | Stopped]) SRV - [2004-08-23 14:49:56 | 00,040,960 | ---- | M] (France Telecom) -- C:\WINDOWS\System32\FTRTSVC.exe -- (FTRTSVC [Auto | Running]) SRV - [2007-03-27 09:29:52 | 00,192,512 | ---- | M] (AltrixSoft (http://www.altrixsoft.com/)) -- C:\WINDOWS\System32\HDDSvc.exe -- (HDDSvc [Disabled | Running]) SRV - [2004-08-04 00:44:08 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running]) SRV - [2004-09-07 15:25:12 | 01,151,090 | ---- | M] (Ahead Software AG) -- C:\Program Files\Ahead\InCD\InCDsrv.exe -- (InCDsrv [Disabled | Running]) SRV - [2006-04-17 19:42:14 | 00,311,296 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\System32\LEXBCES.EXE -- (LexBceS [Auto | Running]) SRV - [2003-10-06 14:16:00 | 00,081,920 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (NVSvc [Auto | Running]) SRV - File not found -- -- (ScheduleRemoteAccess [Auto | Stopped]) SRV - [2006-12-01 12:46:28 | 00,918,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped]) ========== Driver Services (SafeList) ========== DRV - [2003-11-17 20:39:38 | 00,099,476 | ---- | M] (Syntek Ltd.) -- C:\WINDOWS\System32\DRIVERS\STK017W2.sys -- (DCamUSBSTK017 [On_Demand | Stopped]) DRV - [2006-09-19 11:03:28 | 00,116,992 | ---- | M] (Analog Devices Inc.) -- C:\WINDOWS\System32\DRIVERS\e4usbaw.sys -- (e4usbaw [On_Demand | Running]) DRV - [2001-08-17 22:19:34 | 00,040,704 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\drivers\es1371mp.sys -- (es1371 [On_Demand | Running]) DRV - [2004-08-04 01:08:22 | 00,010,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\gameenum.sys -- (gameenum [On_Demand | Running]) DRV - [2006-09-15 11:07:54 | 00,064,000 | ---- | M] (Analog Deivces) -- C:\WINDOWS\System32\Drivers\e4ldr.sys -- (IKANLOADER2 [Auto | Stopped]) DRV - [2004-09-07 15:27:22 | 00,091,136 | ---- | M] (Ahead Software AG) -- C:\WINDOWS\System32\drivers\InCDFs.sys -- (InCDFs [Disabled | Running]) DRV - [2004-09-07 15:27:38 | 00,028,544 | ---- | M] (Ahead Software AG) -- C:\WINDOWS\System32\DRIVERS\InCDPass.sys -- (InCDPass [system | Running]) DRV - [2003-10-06 14:16:00 | 01,550,043 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running]) DRV - [2003-08-04 14:22:44 | 00,016,128 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\PCANDIS5.SYS -- (PCANDIS5 [On_Demand | Stopped]) DRV - [2001-08-18 01:49:56 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running]) DRV - [2006-08-25 05:47:00 | 00,036,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [boot | Running]) DRV - [2007-11-13 12:25:55 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped]) DRV - [2007-06-23 23:52:38 | 00,639,224 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [boot | Running]) DRV - [2001-10-26 17:05:44 | 00,006,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\serscan.sys -- (StillCam [On_Demand | Running]) DRV - [2004-08-03 22:32:32 | 00,084,480 | ---- | M] (VIA Technologies, Inc.) -- C:\WINDOWS\System32\drivers\ac97via.sys -- (VIAudio [On_Demand | Running]) DRV - [2008-02-11 22:51:11 | 00,019,584 | ---- | M] () -- C:\WINDOWS\system32\drivers\vywxiecp.dat -- (zoolmfmr [boot | Running]) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-823518204-813497703-1060284298-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKU\S-1-5-21-823518204-813497703-1060284298-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKU\S-1-5-21-823518204-813497703-1060284298-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - URLSearchHook: {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\neostrada tp\SearchPageURL.dll () IE - HKU\S-1-5-21-823518204-813497703-1060284298-1003\S-1-5-21-823518204-813497703-1060284298-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 O1 HOSTS File: (742 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (BrowserCmp) - {1D8282E6-BC4F-469B-AAED-7E4FF077AD93} - C:\WINDOWS\System32\iebrowserc.dll () O2 - BHO: (Search Assistant MySidesearch) - {6156A32A-C512-4e23-AA9A-2315F4265681} - C:\WINDOWS\System32\myss_sb.dll () O2 - BHO: (dcads) - {733716E1-76D2-4003-AC39-845281C0EF85} - C:\WINDOWS\System32\nsxBE.dll () O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (browser optimizer superiorads) - {8E015787-B1E3-404a-95DE-3E71E1FA0305} - C:\WINDOWS\System32\spads.dll () O2 - BHO: (dcads) - {9912ce08-239e-bf0f-04f4-ca54ac12ae2e} - C:\WINDOWS\System32\7b960f06-5882-b6e2-edb2-7c32e0e6bd20.dll () O2 - BHO: (superiorads browser enhancer) - {B10365F6-6519-A127-9136-ED710C808860} - C:\WINDOWS\System32\kwhivwvfdrxukmn.dll () O2 - BHO: (no name) - {BD60DCCF-2225-48C2-9EF8-C706E0ED21FF} - C:\WINDOWS\System32\cnvfa.dll () O2 - BHO: (mysidesearch search enhancer) - {C8BF4735-0BE4-F62D-C058-E2AFD853BCE3} - C:\WINDOWS\System32\zssrkylxwhoruugp.dll () O2 - BHO: (iercptbho Class) - {D4CDC21D-43BE-4101-A1EF-E379F134771E} - C:\Program Files\QuickDownloadPack\iercpt.dll (QuickDownloadPack Solution) O3 - HKU\S-1-5-21-823518204-813497703-1060284298-1003\..\Toolbar\WebBrowser: (no name) - {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - No CLSID value found. O4 - HKLM..\Run: [bm] C:\Program Files\Common Files\AVSystemCare\bm.exe File not found O4 - HKLM..\Run: [Lexmark 1200 Series] C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe (Lexmark International, Inc.) O4 - HKLM..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe (Microsoft Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation) O4 - HKLM..\Run: [salestart] C:\Program Files\Common Files\OczyszczaczKomputerza\mc.exe () O4 - HKLM..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\GestMaj.exe TaskBarIcon.exe File not found O4 - HKLM..\Run: [WOOWATCH] C:\Program Files\neostrada tp\Watch.exe (France Télécom R&D) O4 - HKU\S-1-5-21-823518204-813497703-1060284298-1003..\Run: [Gadu-Gadu] C:\Program Files\Gadu-Gadu\gg.exe (Gadu-Gadu S.A.) O4 - HKU\S-1-5-21-823518204-813497703-1060284298-1003..\Run: [NvMediaCenter] C:\WINDOWS\System32\NVMCTRAY.DLL (NVIDIA Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-823518204-813497703-1060284298-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95 00 00 00 [binary data] O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll (Sun Microsystems, Inc.) O9 - Extra Button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab (Java Plug-in 1.5.0_09) O16 - DPF: {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-1_4_0_03-win.cab (Java Plug-in 1.4.0_03) O16 - DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab (Java Plug-in 1.5.0_03) O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab (Java Plug-in 1.5.0_09) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab (Java Plug-in 1.5.0_09) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\ntos.exe) - C:\WINDOWS\System32\ntos.exe [FILE handle not seen by OS] O20 - Winlogon\Notify\WinCtrl32: DllName - WinCtrl32.dll - C:\WINDOWS\System32\WinCtrl32.dll () O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2007-04-05 10:03:18 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{0f083200-3cfe-11d5-9f27-90b6fe221ac4}\Shell\Open(&0)\command - "" = Recycled\ctfmon.exe O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: (*) - File not found O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe () ========== Files/Folders - Created Within 30 Days ========== [3 C:\WINDOWS\*.tmp files] [2009-09-06 17:34:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\user\Pulpit\OTL log [2009-09-06 12:50:09 | 00,000,256 | ---- | C] () -- C:\Documents and Settings\user\Dane aplikacji\urlredir.cfg [2009-08-26 11:16:34 | 00,467,456 | ---- | C] () -- C:\WINDOWS\System32\zssrkylxwhoruugp.dll [2009-08-23 10:13:08 | 00,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles [2009-08-23 10:08:46 | 00,058,334 | ---- | C] () -- C:\WINDOWS\System32\u_zssrkylxwhoruugp.dll.exe [2009-08-17 12:01:46 | 01,318,400 | ---- | C] () -- C:\WINDOWS\System32\7b960f06-5882-b6e2-edb2-7c32e0e6bd20.dll [2009-06-05 20:14:52 | 00,122,368 | ---- | C] () -- C:\WINDOWS\System32\cnvfa.dll [2009-05-11 22:12:56 | 00,479,232 | ---- | C] () -- C:\WINDOWS\System32\kwhivwvfdrxukmn.dll [2009-01-17 14:38:25 | 00,058,738 | ---- | C] () -- C:\WINDOWS\System32\zssrkylxwhoruugp.dll-uninst.exe [2008-11-11 16:24:04 | 00,014,336 | ---- | C] () -- C:\WINDOWS\System32\WinCtrl32.dll [2008-11-03 12:21:48 | 00,554,496 | ---- | C] () -- C:\WINDOWS\System32\nstE4.dll [2008-04-20 18:24:10 | 00,000,032 | ---- | C] () -- C:\WINDOWS\Kit.ini [2008-04-14 22:18:44 | 00,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI [2008-04-13 13:20:41 | 00,063,915 | ---- | C] () -- C:\WINDOWS\System32\{3bcc8c6d-9722-1598-5385-e131488cf6a9}.dll-uninst.exe [2008-04-11 17:46:26 | 00,334,848 | ---- | C] () -- C:\WINDOWS\System32\myss_sb.dll [2008-03-06 18:33:36 | 00,000,080 | ---- | C] () -- C:\WINDOWS\ben5.ini [2008-02-08 19:53:02 | 00,233,472 | ---- | C] () -- C:\WINDOWS\System32\nsxBE.dll [2008-01-18 12:06:18 | 00,294,912 | ---- | C] () -- C:\WINDOWS\System32\iebrowserc.dll [2008-01-05 21:38:39 | 00,001,005 | ---- | C] () -- C:\WINDOWS\ftdvdopt.ini [2008-01-05 21:38:35 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll [2007-12-18 16:54:24 | 00,319,488 | ---- | C] () -- C:\WINDOWS\System32\dcads_sidebar.dll [2007-11-19 12:36:54 | 00,064,000 | ---- | C] () -- C:\WINDOWS\System32\spads.dll [2007-08-27 23:03:56 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2007-07-30 08:19:05 | 00,000,083 | ---- | C] () -- C:\WINDOWS\Wwp.INI [2007-06-23 23:52:38 | 00,639,224 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys [2007-04-18 19:39:18 | 00,000,168 | ---- | C] () -- C:\WINDOWS\adidsl.ini [2007-04-18 19:39:18 | 00,000,021 | ---- | C] () -- C:\WINDOWS\Fast800.ini [2007-04-18 19:38:57 | 00,126,976 | ---- | C] () -- C:\WINDOWS\System32\coclassfast.dll [2007-04-18 19:38:55 | 00,046,892 | ---- | C] () -- C:\WINDOWS\System32\ADADIX16.DLL [2007-04-18 19:36:54 | 00,041,068 | ---- | C] () -- C:\WINDOWS\System32\ActPanel.dll [2007-04-18 19:03:00 | 00,000,278 | ---- | C] () -- C:\WINDOWS\lexstat.ini [2007-04-18 19:02:54 | 00,000,092 | ---- | C] () -- C:\WINDOWS\dellstat.ini [2007-04-08 14:16:48 | 01,138,688 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2007-04-08 14:16:48 | 00,217,088 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2007-04-08 14:16:46 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll [2007-04-08 14:16:40 | 00,005,120 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2007-04-08 14:16:40 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest [2007-04-05 17:21:04 | 00,000,492 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2007-04-05 09:54:32 | 00,030,080 | ---- | C] () -- C:\WINDOWS\System32\drivers\Wingk37.sys [2006-01-30 14:42:22 | 00,000,270 | ---- | C] () -- C:\WINDOWS\System32\lxczcoin.ini [2003-11-17 20:39:32 | 00,032,140 | ---- | C] () -- C:\WINDOWS\System32\drivers\STK017W1.sys [2003-10-06 14:16:00 | 00,027,136 | ---- | C] () -- C:\WINDOWS\System32\nvcod.dll [2002-11-13 09:40:22 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxczvs.dll [2001-07-22 02:16:20 | 00,000,603 | ---- | C] () -- C:\WINDOWS\win.ini [2001-07-22 02:15:52 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini [1999-01-22 17:46:58 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL ========== Files - Modified Within 30 Days ========== [7 C:\WINDOWS\System32\*.tmp files] [3 C:\WINDOWS\*.tmp files] [2065-04-07 06:28:11 | 00,107,264 | ---- | M] (Alcohol Soft Development Team) -- C:\WINDOWS\System32\cmuti.dll [2009-09-06 17:27:10 | 00,000,603 | ---- | M] () -- C:\WINDOWS\win.ini [2009-09-06 17:27:10 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini [2009-09-06 17:27:10 | 00,000,211 | -HS- | M] () -- C:\boot.ini [2009-09-06 17:23:47 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2009-09-06 17:23:32 | 00,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job [2009-09-06 17:22:52 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2009-09-06 17:22:32 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2009-09-06 17:22:29 | 40,218,6240 | -HS- | M] () -- C:\hiberfil.sys [2009-09-06 12:51:04 | 00,101,225 | ---- | M] () -- C:\WINDOWS\System32\80dd2438-22b6-0429-af75-82073a58fcd6.exe [2009-09-06 12:50:43 | 00,048,281 | ---- | M] () -- C:\WINDOWS\System32\gdkjwghsnfcmuq.exe [2009-09-06 12:50:28 | 00,058,334 | ---- | M] () -- C:\WINDOWS\System32\u_zssrkylxwhoruugp.dll.exe [2009-09-06 12:50:12 | 00,000,256 | ---- | M] () -- C:\Documents and Settings\user\Dane aplikacji\urlredir.cfg [2009-08-31 21:05:15 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2009-08-26 11:16:34 | 00,467,456 | ---- | M] () -- C:\WINDOWS\System32\zssrkylxwhoruugp.dll [2009-08-23 10:22:59 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2009-08-17 12:01:46 | 01,318,400 | ---- | M] () -- C:\WINDOWS\System32\7b960f06-5882-b6e2-edb2-7c32e0e6bd20.dll [2009-08-14 01:37:30 | 00,479,232 | ---- | M] () -- C:\WINDOWS\System32\kwhivwvfdrxukmn.dll ========== LOP Check ========== [2009-05-28 20:32:58 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Dane aplikacji [2007-04-18 19:09:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\BVRP Software [2009-05-28 20:13:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Cleaner2009 Freeware [2008-01-19 11:29:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\OczyszczaczKomputerza [2009-05-28 19:47:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\QuickDownloadPack [2009-09-06 17:28:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\SEC [2009-05-28 19:47:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\SpywareRemover2009 [2007-04-05 11:44:56 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Default User\Dane aplikacji [2007-04-05 10:12:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Dane aplikacji [2007-04-05 10:12:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji [2009-09-06 12:50:12 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\user\Dane aplikacji [2007-06-27 23:04:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Dane aplikacji\Ahead [2008-01-19 11:36:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Dane aplikacji\AVSystemCare [2009-05-28 20:08:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Dane aplikacji\Cleaner2009 Freeware [2007-04-09 16:29:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Dane aplikacji\COWON [2007-04-18 20:26:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Dane aplikacji\Gadu-Gadu [2009-02-28 20:07:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Dane aplikacji\LimeWire [2009-05-28 19:53:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Dane aplikacji\Logs [2008-01-19 11:34:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Dane aplikacji\OczyszczaczKomputerza [2009-05-28 19:47:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Dane aplikacji\QuickDownloadPack [2009-05-28 20:38:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Dane aplikacji\SecureExpertCleaner [2009-05-28 20:00:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Dane aplikacji\VirusRemover2009 [2007-04-08 14:21:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Dane aplikacji\ZipGenius [2001-07-22 02:17:50 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini [2009-09-06 17:22:52 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT [2009-09-06 17:23:32 | 00,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job ========== Purity Check ========== < End of report > Prosiłbym o jak najszybszą pomoc, gdyż długo nie będę przy tym PC Z góry dzięki.
MarekM25 komentarz 6 września 2009 komentarz 6 września 2009 Niestety obawiam się, że w wypadku tego komputera szybka pomoc będzie niemożliwa. Daj loga z combofixa, bo nie wiem czy otl by sobie dał ze wszystkim radę. Przy okazji zrób skan MBAMem oraz Dr webem 1
Duban komentarz 6 września 2009 Autor komentarz 6 września 2009 Log z CFa: Log do sprawdzenia ComboFix 09-09-05.03 - user 2009-09-06 18:34.1.1 - NTFSx86Microsoft Windows XP Professional 5.1.2600.2.1250.48.1045.18.383.193 [GMT 2:00] Uruchomiony z: c:\documents and settings\user\Pulpit\combofix log\ComboFix.exe FW: Outpost Firewall Pro *disabled* {8A20CA2A-9E02-4A64-923B-0A38208EB7FD} . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\docume~1\user\USTAWI~1\Temp\tmp1.tmp c:\docume~1\user\USTAWI~1\Temp\tmp2.tmp c:\documents and settings\user\Dane aplikacji\AVSystemCare c:\documents and settings\user\Dane aplikacji\AVSystemCare\Logs\threats.log c:\documents and settings\user\Dane aplikacji\AVSystemCare\Logs\update.log c:\documents and settings\user\Dane aplikacji\urlredir.cfg c:\documents and settings\user\ResErrors.log c:\program files\QuickDownloadPack c:\program files\QuickDownloadPack\iercpt.dll c:\program files\QuickDownloadPack\qdpack.exe c:\program files\QuickDownloadPack\uninst.exe c:\windows\system32\{3bcc8c6d-9722-1598-5385-e131488cf6a9}.dll-uninst.exe c:\windows\system32\373168060.dat c:\windows\system32\80dd2438-22b6-0429-af75-82073a58fcd6.exe c:\windows\system32\cmuti.1 c:\windows\system32\cont_dcads-remove.exe c:\windows\system32\dcads-remove.exe c:\windows\system32\dcads_sidebar.dll c:\windows\system32\dcads_sidebar_uninstall.exe c:\windows\system32\DcadsSocial-uninstall.exe c:\windows\system32\ieBRowserc.dll c:\windows\system32\ieuinit.inf c:\windows\system32\kwhivwvfdrxukmn.dll c:\windows\system32\mysidesearch_sidebar_uninstall.exe c:\windows\system32\myss_sb_uninstall.exe c:\windows\system32\nsXBe.dll c:\windows\system32\ntos.exe c:\windows\system32\spADs.dll c:\windows\system32\superiorads-uninst.exe c:\windows\system32\u_zssrkylxwhoruugp.dll.exe c:\windows\system32\UpMedia c:\windows\system32\WinCtrl32.dll c:\windows\system32\wsnpoem c:\windows\system32\wsnpoem\audio.dll c:\windows\system32\wsnpoem\audio.dll.cla c:\windows\system32\wsnpoem\video.dll c:\windows\system32\zssrkylxwhoruugp.dll-uninst.exe c:\windows\system32\cmuti.dll . . . . nie udało się usunąć . ((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_DHLP ((((((((((((((((((((((((( Pliki utworzone od 2009-08-06 do 2009-09-06 ))))))))))))))))))))))))))))))) . 2009-09-06 15:59 . 2009-09-06 15:59 -------- d-----w- c:\documents and settings\user\Dane aplikacji\Malwarebytes 2009-09-06 15:59 . 2008-10-22 14:28 15504 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-09-06 15:59 . 2008-10-22 14:28 38496 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-09-06 15:59 . 2009-09-06 15:59 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Malwarebytes 2009-09-06 15:59 . 2009-09-06 15:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-08-26 09:16 . 2009-08-26 09:16 467456 ----a-w- c:\windows\system32\zssrkylxwhoruugp.dll 2009-08-23 08:13 . 2009-08-23 08:13 -------- d-----w- c:\windows\ServicePackFiles 2009-08-17 10:01 . 2009-08-17 10:01 1318400 ----a-w- c:\windows\system32\7b960f06-5882-b6e2-edb2-7c32e0e6bd20.dll . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-09-06 16:50 . 2007-04-12 17:43 -------- d-----w- c:\program files\neostrada tp 2009-09-06 16:44 . 2008-01-06 14:23 107264 ----a-w- c:\windows\system32\cmuti.dll 2009-09-06 15:28 . 2009-05-28 18:32 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\SEC 2009-09-06 10:51 . 2009-05-28 18:02 -------- d-----w- c:\program files\Cleaner2009 Freeware 2009-09-06 10:50 . 2008-07-30 08:00 48281 ----a-w- c:\windows\system32\gdkjwghsnfcmuq.exe 2009-08-05 09:08 . 2004-08-03 22:44 205312 ----a-w- c:\windows\system32\mswebdvd.dll 2009-07-17 18:57 . 2004-08-03 22:43 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-13 21:43 . 2004-08-03 22:44 286208 ----a-w- c:\windows\system32\wmpdxm.dll 2009-06-26 16:19 . 2004-08-03 22:44 662016 ----a-w- c:\windows\system32\wininet.dll 2009-06-26 16:19 . 2004-08-03 22:44 81920 ----a-w- c:\windows\system32\ieencode.dll 2009-06-25 18:37 . 2004-08-03 22:44 95744 ----a-w- c:\windows\system32\mqsec.dll 2009-06-25 18:37 . 2004-08-03 22:44 661504 ----a-w- c:\windows\system32\mqqm.dll 2009-06-25 18:37 . 2004-08-03 22:44 517120 ----a-w- c:\windows\system32\mqsnap.dll 2009-06-25 18:37 . 2004-08-03 22:44 512000 ----a-w- c:\windows\system32\mqutil.dll 2009-06-25 18:37 . 2004-08-03 22:44 48640 ----a-w- c:\windows\system32\mqupgrd.dll 2009-06-25 18:37 . 2004-08-03 22:44 47104 ----a-w- c:\windows\system32\mqdscli.dll 2009-06-25 18:37 . 2004-08-03 22:44 225280 ----a-w- c:\windows\system32\mqoa.dll 2009-06-25 18:37 . 2004-08-03 22:44 186880 ----a-w- c:\windows\system32\mqtrig.dll 2009-06-25 18:37 . 2004-08-03 22:44 177152 ----a-w- c:\windows\system32\mqrt.dll 2009-06-25 18:37 . 2004-08-03 22:44 16896 ----a-w- c:\windows\system32\mqise.dll 2009-06-25 18:37 . 2004-08-03 22:44 138240 ----a-w- c:\windows\system32\mqad.dll 2009-06-25 18:37 . 2004-08-03 22:44 123392 ----a-w- c:\windows\system32\mqrtdep.dll 2009-06-22 11:49 . 2004-08-03 22:44 19968 ----a-w- c:\windows\system32\mqbkup.exe 2009-06-22 11:49 . 2004-08-03 22:44 117248 ----a-w- c:\windows\system32\mqtgsvc.exe 2009-06-22 11:49 . 2004-08-03 22:44 4608 ----a-w- c:\windows\system32\mqsvc.exe 2009-06-22 11:48 . 2004-08-03 20:58 91776 ----a-w- c:\windows\system32\drivers\mqac.sys 2009-06-16 14:55 . 2004-08-03 22:44 119808 ----a-w- c:\windows\system32\t2embed.dll 2009-06-16 14:55 . 2001-10-26 19:29 82432 ----a-w- c:\windows\system32\fontsub.dll 2009-06-15 16:40 . 2009-06-05 18:14 122368 ----a-w- c:\windows\system32\cnvfa.dll 2009-06-15 11:33 . 2004-08-03 22:44 78336 ----a-w- c:\windows\system32\telnet.exe 2009-06-15 11:33 . 2004-08-03 22:44 82944 ----a-w- c:\windows\system32\tlntsess.exe 2009-06-10 14:25 . 2004-08-03 22:43 84992 ----a-w- c:\windows\system32\avifil32.dll 2009-06-10 06:31 . 2004-08-03 22:44 132096 ----a-w- c:\windows\system32\wkssvc.dll . ------- Sigcheck ------- [7] B2220C618B42A2212A59D91EBD6FC4B4 [5.1.2600.2892 (xpsp.060420-0256)] c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys [7] 64798ECFA43D78C7178375FCDD16D8C8 [5.1.2600.3244 (xpsp_sp2_qfe.071030-1255)] c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys [7] 744E57C99232201AE98C49168B918F48 [5.1.2600.3394 (xpsp_sp2_qfe.080620-1259)] c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys [7] 9AEFA14BD6B182D61E3119FA5F436D3D [5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)] c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys [7] AD978A1B783B5719720CFF204B666C8E [5.1.2600.5625 (xpsp_sp3_qfe.080620-1309)] c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys [7] 9F4B36614A0FC234525BA224957DE55C [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\$NtUninstallKB917953$\tcpip.sys [7] 1DBF125862891817F374F407626967F4 [5.1.2600.2892 (xpsp_sp2_gdr.060420-0254)] c:\windows\$NtUninstallKB941644$\tcpip.sys [7] 90CAFF4B094573449A0872A0F919B178 [5.1.2600.3244 (xpsp_sp2_gdr.071030-1259)] c:\windows\$NtUninstallKB951748$\tcpip.sys [-] 93EA8D04EC73A85DB02EB8805988F733 [5.1.2600.5512 (xpsp.080413-0852)] c:\windows\SoftwareDistribution\Download\dd64aa87403cfac627c6c8f37d245aa4\tcpip.sys [-] 1CC09561E21A48A7F649A40F18235860 [5.1.2600.3394 (xpsp_sp2_gdr.080620-1245)] c:\windows\system32\dllcache\tcpip.sys [-] 1CC09561E21A48A7F649A40F18235860 [5.1.2600.3394 (xpsp_sp2_gdr.080620-1245)] c:\windows\system32\drivers\tcpip.sys . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1363678E-4658-41F3-A6D0-E77EA0C41477}] 2009-06-15 16:40 122368 ----a-w- c:\windows\system32\cnvfa.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9912ce08-239e-bf0f-04f4-ca54ac12ae2e}] 2009-08-17 10:01 1318400 ----a-w- c:\windows\system32\7b960f06-5882-b6e2-edb2-7c32e0e6bd20.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BD60DCCF-2225-48C2-9EF8-C706E0ED21FF}] 2009-06-15 16:40 122368 ----a-w- c:\windows\system32\cnvfa.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C8BF4735-0BE4-F62D-C058-E2AFD853BCE3}] 2009-08-26 09:16 467456 ----a-w- c:\windows\system32\zssrkylxwhoruugp.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2007-04-17 2113536] "NvMediaCenter"="c:\windows\system32\NVMCTRAY.DLL" [2003-10-06 49152] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WOOWATCH"="c:\progra~1\NEOSTR~1\Watch.exe" [2004-08-23 20480] "WOOTASKBARICON"="c:\progra~1\NEOSTR~1\GestMaj.exe" [2004-10-14 32768] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-10-06 5058560] "Lexmark 1200 Series"="c:\program files\Lexmark 1200 Series\lxczbmgr.exe" [2006-07-13 57344] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2003-10-06 741376] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Microsoft Office.lnk] path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Microsoft Office.lnk backup=c:\windows\pss\Microsoft Office.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "InCDsrv"=2 (0x2) "HDDSvc"=2 (0x2) "CachemanXPService"=3 (0x3) "AresChatServer"=3 (0x3) "aawservice"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Gadu-Gadu\\gg.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\Ares\\Ares.exe"= R0 zoolmfmr;zoolmfmr;c:\windows\system32\drivers\vywxiecp.dat --> c:\windows\system32\drivers\vywxiecp.dat [?] R3 e4usbaw;USB ADSL2 WAN Adapter;c:\windows\system32\drivers\e4usbaw.sys [2007-04-18 116992] S2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);c:\windows\system32\drivers\e4ldr.sys [2007-04-18 64000] S2 ScheduleRemoteAccess;Harmonogram zadań ScheduleRemoteAccess;đ%€|x srv --> đ%€|x srv [?] S3 DCamUSBSTK017;STK017 Camera;c:\windows\system32\drivers\STK017W2.sys [2003-11-17 99476] S4 CachemanXPService;CachemanXP;c:\progra~1\CACHEM~1\CachemanXP.exe [2007-04-08 208384] . Zawartość folderu 'Zaplanowane zadania' 2009-09-06 c:\windows\Tasks\WGASetup.job - c:\windows\system32\KB905474\wgasetup.exe [2009-05-29 20:18] . - - - - USUNIĘTO PUSTE WPISY - - - - BHO-{B10365F6-6519-A127-9136-ED710C808860} - c:\windows\system32\kwhivwvfdrxukmn.dll . ------- Skan uzupełniający ------- . uStart Page = hxxp://www.google.com/ IE: { - c:\program files\Messenger\msmsgs.exe TCP: {21641CC2-80A4-4154-BAF2-B9BBDFDA4CC7} = 194.204.159.1 217.98.63.164 . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-09-06 18:50 Windows 5.1.2600 Dodatek Service Pack 2 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ScheduleRemoteAccess] "ImagePath"="đ%€|x\01\09 srv" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\zoolmfmr] "ImagePath"="system32\drivers\vywxiecp.dat" . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- - - - - - - - > 'explorer.exe'(3524) c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Pozostałe uruchomione procesy ------------------------ . c:\windows\system32\LEXBCES.EXE c:\windows\system32\LEXPPS.EXE c:\windows\system32\FTRTSVC.exe c:\windows\system32\nvsvc32.exe c:\windows\system32\WgaTray.exe c:\progra~1\NEOSTR~1\TaskBarIcon.exe c:\windows\system32\rundll32.exe c:\program files\Lexmark 1200 Series\lxczbmon.exe . ************************************************************************** . Czas ukończenia: 2009-09-06 18:57 - komputer został uruchomiony ponownie ComboFix-quarantined-files.txt 2009-09-06 16:57 Przed: 267 665 408 bajtów wolnych Po: 1 333 747 712 bajtów wolnych 211 --- E O F --- 2009-09-01 16:22 Widzę, że CF sobie juz coś pousuwał.MBAM: Log do sprawdzenia Malwarebytes' Anti-Malware 1.30Wersja bazy definicji: 1306 Windows 5.1.2600 Dodatek Service Pack 2 2009-09-06 18:19:34 mbam-log-2009-09-06 (18-18-45).txt Typ skanowania: Szybkie skanowanie Przeskanowane obiekty: 45213 Upłynęło: 15 minute(s), 0 second(s) Zainfekowane procesy w pamięci: 1 Zainfekowane moduły pamięci: 5 Zainfekowane klucze rejestru: 64 Zainfekowane wartości rejestru: 15 Zainfekowane pliki rejestru: 3 Zainfekowane foldery: 12 Zainfekowane pliki: 169 Zainfekowane procesy w pamięci: C:\Program Files\Common Files\OczyszczaczKomputerza\mc.exe (Rogue.Multiple) -> No action taken. Zainfekowane moduły pamięci: C:\WINDOWS\system32\myss_sb.dll (Adware.BHO) -> No action taken. C:\WINDOWS\system32\nsxBE.dll (Trojan.BHO) -> No action taken. C:\WINDOWS\system32\iebrowserc.dll (Adware.RightOnAds) -> No action taken. C:\Program Files\QuickDownloadPack\iercpt.dll (Rogue.Multiple) -> No action taken. C:\WINDOWS\system32\spads.dll (Trojan.Zlob) -> No action taken. Zainfekowane klucze rejestru: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bd60dccf-2225-48c2-9ef8-c706e0ed21ff} (Trojan.BHO.H) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{bd60dccf-2225-48c2-9ef8-c706e0ed21ff} (Trojan.BHO.H) -> No action taken. HKEY_CLASSES_ROOT\TypeLib\{c3c0ec2c-2c1c-495c-9ad0-1f0ef833d7b5} (Adware.BHO) -> No action taken. HKEY_CLASSES_ROOT\Interface\{1601d447-7424-4866-8dcc-acf98a2a41e1} (Adware.BHO) -> No action taken. HKEY_CLASSES_ROOT\Interface\{ceb9c60d-f0ad-4b73-a3ab-4fc822e38d66} (Adware.BHO) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{3d87b50d-542a-45b6-96e9-f03cfaa8c962} (Adware.BHO) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{3d87b50d-542a-45b6-96e9-f03cfaa8c962} (Adware.BHO) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{6156a32a-c512-4e23-aa9a-2315f4265681} (Adware.BHO) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6156a32a-c512-4e23-aa9a-2315f4265681} (Adware.BHO) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{ceb9c60d-f0ad-4b73-a3ab-4fc822e38d66} (Adware.BHO) -> No action taken. HKEY_CLASSES_ROOT\dc_ads.ads (Trojan.BHO) -> No action taken. HKEY_CLASSES_ROOT\TypeLib\{e94c3af8-d32c-4389-ac9a-be17471edc42} (Trojan.BHO) -> No action taken. HKEY_CLASSES_ROOT\Interface\{63eadaa3-1cea-43e0-a7dd-eb46dba8a47e} (Trojan.BHO) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{733716e1-76d2-4003-ac39-845281c0ef85} (Trojan.BHO) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{733716e1-76d2-4003-ac39-845281c0ef85} (Trojan.BHO) -> No action taken. HKEY_CLASSES_ROOT\dc_ads.ads.1 (Trojan.BHO) -> No action taken. HKEY_CLASSES_ROOT\iebrowsercmp.browsercmp (Adware.RightOnAds) -> No action taken. HKEY_CLASSES_ROOT\TypeLib\{3160f356-e8c3-4de2-a698-92eeeb3d3400} (Adware.RightOnAds) -> No action taken. HKEY_CLASSES_ROOT\Interface\{c1a6d8b8-93c3-4186-9dd1-13983f9f1d9b} (Adware.RightOnAds) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{1d8282e6-bc4f-469b-aaed-7e4ff077ad93} (Adware.RightOnAds) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1d8282e6-bc4f-469b-aaed-7e4ff077ad93} (Adware.RightOnAds) -> No action taken. HKEY_CLASSES_ROOT\iebrowsercmp.browsercmp.1 (Adware.RightOnAds) -> No action taken. HKEY_CLASSES_ROOT\iercpt.iercptbho (Rogue.Multiple) -> No action taken. HKEY_CLASSES_ROOT\TypeLib\{a6fbd2e4-1c7e-4eab-80dd-01de2645566a} (Rogue.Multiple) -> No action taken. HKEY_CLASSES_ROOT\Interface\{59c345ba-3d5e-44e3-9d10-d3848af15d73} (Rogue.Multiple) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{d4cdc21d-43be-4101-a1ef-e379f134771e} (Rogue.Multiple) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d4cdc21d-43be-4101-a1ef-e379f134771e} (Rogue.Multiple) -> No action taken. HKEY_CLASSES_ROOT\iercpt.iercptbho.1 (Rogue.Multiple) -> No action taken. HKEY_CLASSES_ROOT\rotator.gizmo3 (Trojan.Zlob) -> No action taken. HKEY_CLASSES_ROOT\TypeLib\{2a52f970-1166-437b-8bc7-79d03cf1492c} (Trojan.Zlob) -> No action taken. HKEY_CLASSES_ROOT\Interface\{3786a03b-108d-48f4-b09c-60262531e895} (Trojan.Zlob) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{8e015787-b1e3-404a-95de-3e71e1fa0305} (Trojan.Zlob) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8e015787-b1e3-404a-95de-3e71e1fa0305} (Trojan.Zlob) -> No action taken. HKEY_CLASSES_ROOT\rotator.gizmo3.1 (Trojan.Zlob) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\{5222008a-dd62-49c7-a735-7bd18ecc7350} (Rogue.VirusRemover) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\{5222008a-dd62-49c7-a735-7bd18ecc7350} (Rogue.VirusRemover) -> No action taken. HKEY_CLASSES_ROOT\AppID\{3a9377a6-be7f-485d-908c-d44114691389} (Rogue.Multiple) -> No action taken. HKEY_CLASSES_ROOT\AppID\{8d71eeb8-a1a7-4733-8fa2-1cac015c967d} (Adware.BHO) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mysearchassistant (Adware.BHO) -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\zoolmfmr (Rootkit.Agent) -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\zoolmfmr (Rootkit.Agent) -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\zoolmfmr (Rootkit.Agent) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\virusremover2009 (Rogue.VirusRemove) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\secureexpertcleaner_uninstall (Rogue.SecureExpertCleaner) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\cleaner2009 freeware (Rogue.Cleaner2009) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\cleaner2009 freeware (Rogue.Cleaner2009) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UCLN_install_is1 (Rogue.Cleaner2009) -> No action taken. HKEY_CLASSES_ROOT\AppID\iercpt.DLL (Rogue.Multiple) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\virusremover2009 (Rogue.VirusRemove) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\virusremover2009 (Rogue.VirusRemove) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WinCtrl32 (Trojan.Agent) -> No action taken. HKEY_CLASSES_ROOT\AppID\Sidebar.DLL (Adware.BHO) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\MySidesearch (Adware.BHO) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\dcadssearchassistant (Adware.BHO) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\UpMedia (Adware.SmartShopper) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\AdvRemoteDbg (Adware.Agent) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\dcadssocial (Adware.RightOnAds) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\ugac (Rogue.PCSecureSystem) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\spyshredder (Rogue.SpyShredder) -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wingk37 (Rootkit.Agent) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9912ce08-239e-bf0f-04f4-ca54ac12ae2e} (Trojan.BHO) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{9912ce08-239e-bf0f-04f4-ca54ac12ae2e} (Trojan.BHO) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c8bf4735-0be4-f62d-c058-e2afd853bce3} (Adware.BHO) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{c8bf4735-0be4-f62d-c058-e2afd853bce3} (Adware.BHO) -> No action taken. Zainfekowane wartości rejestru: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\salestart (Rogue.Multiple) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{02ffac45-0b10-5633-4296-1801f1a36678} (Trojan.Agent) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Program Files\Cleaner2009 Freeware\ATL80.dll (Rogue.Cleaner2009) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Program Files\Cleaner2009 Freeware\mfc80.dll (Rogue.Cleaner2009) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Program Files\Cleaner2009 Freeware\msvcp80.dll (Rogue.Cleaner2009) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Program Files\Cleaner2009 Freeware\msvcr80.dll (Rogue.Cleaner2009) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Products\rdomain (Rogue.PCVirusless) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Products\prodname (Rogue.PCVirusless) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Products\compname (Rogue.PCVirusless) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\mu (Trojan.Agent) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ADP (Rogue.Multiple) -> No action taken. Zainfekowane pliki rejestru: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Backdoor.Bot) -> Data: c:\windows\system32\ntos.exe -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Backdoor.Bot) -> Data: system32\ntos.exe -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ntos.exe,) Good: (userinit.exe) -> No action taken. Zainfekowane foldery: C:\WINDOWS\system32\wsnpoem (Trojan.Agent) -> No action taken. C:\WINDOWS\system32\UpMedia (Adware.SmartShopper) -> No action taken. C:\Program Files\VirusRemover2009 (Rogue.VirusRemove) -> No action taken. C:\Program Files\SecureExpertCleaner (Rogue.SecureExpertCleaner) -> No action taken. C:\Documents and Settings\All Users\Dane aplikacji\SEC (Rogue.SecureExpertCleaner) -> No action taken. C:\Program Files\Cleaner2009 Freeware (Rogue.Cleaner2009) -> No action taken. C:\Program Files\Cleaner2009 Freeware\Appbase (Rogue.Cleaner2009) -> No action taken. C:\Documents and Settings\user\Ustawienia lokalne\Temp\NI.UGA6P_0001_N122M2210 (Rogue.Multiple) -> No action taken. C:\Documents and Settings\user\Dane aplikacji\AVSystemCare (Rogue.AVSystemcare) -> No action taken. C:\Documents and Settings\user\Dane aplikacji\AVSystemCare\Logs (Rogue.AVSystemcare) -> No action taken. C:\Documents and Settings\user\Dane aplikacji\VirusRemover2009 (Rogue.VirusRemover) -> No action taken. C:\Documents and Settings\user\Dane aplikacji\VirusRemover2009\Logs (Rogue.VirusRemover) -> No action taken. Zainfekowane pliki: C:\WINDOWS\system32\cnvfa.dll (Trojan.BHO.H) -> No action taken. C:\Program Files\Common Files\OczyszczaczKomputerza\mc.exe (Rogue.Multiple) -> No action taken. C:\WINDOWS\system32\myss_sb.dll (Adware.BHO) -> No action taken. C:\WINDOWS\system32\nsxBE.dll (Trojan.BHO) -> No action taken. C:\WINDOWS\system32\iebrowserc.dll (Adware.RightOnAds) -> No action taken. C:\Program Files\QuickDownloadPack\iercpt.dll (Rogue.Multiple) -> No action taken. C:\WINDOWS\system32\spads.dll (Trojan.Zlob) -> No action taken. C:\WINDOWS\system32\WhoisCL.exe (Adware.BHO) -> No action taken. C:\WINDOWS\system32\myss_sb_uninstall.exe (Adware.BHO) -> No action taken. C:\WINDOWS\system32\Drivers\vywxiecp.dat (Rootkit.Agent) -> No action taken. C:\Documents and Settings\user\Ustawienia lokalne\Temp\tmp11B.tmp (Trojan.Agent) -> No action taken. C:\Documents and Settings\user\Ustawienia lokalne\Temp\s1qg (Adware.Agent) -> No action taken. C:\Documents and Settings\user\Dane aplikacji\install_en[1].exe (Trojan.Downloader) -> No action taken. C:\WINDOWS\system32\wsnpoem\audio.dll (Trojan.Agent) -> No action taken. C:\WINDOWS\system32\wsnpoem\audio.dll.cla (Trojan.Agent) -> No action taken. C:\WINDOWS\system32\wsnpoem\video.dll (Trojan.Agent) -> No action taken. C:\Program Files\VirusRemover2009\ExtSecurityCenter.exe (Rogue.VirusRemove) -> No action taken. C:\Program Files\VirusRemover2009\ExtSecurityCenter.ini (Rogue.VirusRemove) -> No action taken. C:\Program Files\VirusRemover2009\ExtSecurityCenter.xml (Rogue.VirusRemove) -> No action taken. C:\Program Files\VirusRemover2009\PP.exe (Rogue.VirusRemove) -> No action taken. C:\Program Files\VirusRemover2009\Uninstall.exe (Rogue.VirusRemove) -> No action taken. C:\Program Files\VirusRemover2009\VRM2009.exe (Rogue.VirusRemove) -> No action taken. C:\Program Files\SecureExpertCleaner\ATL80.dll (Rogue.SecureExpertCleaner) -> No action taken. C:\Program Files\SecureExpertCleaner\mfc80.dll (Rogue.SecureExpertCleaner) -> No action taken. C:\Program Files\SecureExpertCleaner\Microsoft.VC80.ATL.manifest (Rogue.SecureExpertCleaner) -> No action taken. C:\Program Files\SecureExpertCleaner\Microsoft.VC80.CRT.manifest (Rogue.SecureExpertCleaner) -> No action taken. C:\Program Files\SecureExpertCleaner\Microsoft.VC80.MFC.manifest (Rogue.SecureExpertCleaner) -> No action taken. C:\Program Files\SecureExpertCleaner\msvcp80.dll (Rogue.SecureExpertCleaner) -> No action taken. C:\Program Files\SecureExpertCleaner\msvcr80.dll (Rogue.SecureExpertCleaner) -> No action taken. C:\Program Files\SecureExpertCleaner\PP.exe (Rogue.SecureExpertCleaner) -> No action taken. C:\Program Files\SecureExpertCleaner\Reminder.exe (Rogue.SecureExpertCleaner) -> No action taken. C:\Program Files\SecureExpertCleaner\SEC.exe (Rogue.SecureExpertCleaner) -> No action taken. C:\Program Files\SecureExpertCleaner\SEC.xml (Rogue.SecureExpertCleaner) -> No action taken. C:\Program Files\SecureExpertCleaner\uninst.exe (Rogue.SecureExpertCleaner) -> No action taken. C:\Documents and Settings\All Users\Dane aplikacji\SEC\base.dat (Rogue.SecureExpertCleaner) -> No action taken. C:\Documents and Settings\All Users\Dane aplikacji\SEC\schedule.dat (Rogue.SecureExpertCleaner) -> No action taken. C:\Program Files\Cleaner2009 Freeware\ATL80.dll (Rogue.Cleaner2009) -> No action taken. C:\Program Files\Cleaner2009 Freeware\AV.dat (Rogue.Cleaner2009) -> No action taken. C:\Program Files\Cleaner2009 Freeware\cookies.dat (Rogue.Cleaner2009) -> No action taken. C:\Program Files\Cleaner2009 Freeware\errors.log (Rogue.Cleaner2009) -> No action taken. C:\Program Files\Cleaner2009 Freeware\lapv.dat (Rogue.Cleaner2009) -> No action taken. C:\Program Files\Cleaner2009 Freeware\license.rtf (Rogue.Cleaner2009) -> No action taken. C:\Program Files\Cleaner2009 Freeware\mfc80.dll (Rogue.Cleaner2009) -> No action taken. C:\Program Files\Cleaner2009 Freeware\Microsoft.VC80.ATL.manifest (Rogue.Cleaner2009) -> No action taken. C:\Program Files\Cleaner2009 Freeware\Microsoft.VC80.CRT.manifest (Rogue.Cleaner2009) -> No action taken. C:\Program Files\Cleaner2009 Freeware\Microsoft.VC80.MFC.manifest (Rogue.Cleaner2009) -> No action taken. C:\Program Files\Cleaner2009 Freeware\msvcp80.dll (Rogue.Cleaner2009) -> No action taken. C:\Program Files\Cleaner2009 Freeware\msvcr80.dll (Rogue.Cleaner2009) -> No action taken. C:\Program Files\Cleaner2009 Freeware\PP.exe (Rogue.Cleaner2009) -> No action taken. C:\Program Files\Cleaner2009 Freeware\pv.dat (Rogue.Cleaner2009) -> No action taken. C:\Program Files\Cleaner2009 Freeware\readme.rtf (Rogue.Cleaner2009) -> No action taken. C:\Program Files\Cleaner2009 Freeware\remnag.dat (Rogue.Cleaner2009) -> No action taken. C:\Program Files\Cleaner2009 Freeware\ScanReport.dat (Rogue.Cleaner2009) -> No action taken. C:\Program Files\Cleaner2009 Freeware\Schedule.dat (Rogue.Cleaner2009) -> No action taken. C:\Program Files\Cleaner2009 Freeware\softwaredetect.dat (Rogue.Cleaner2009) -> No action taken. C:\Program Files\Cleaner2009 Freeware\state.dat (Rogue.Cleaner2009) -> No action taken. C:\Program Files\Cleaner2009 Freeware\UCLN.dmp (Rogue.Cleaner2009) -> No action taken. C:\Program Files\Cleaner2009 Freeware\UCLN.exe (Rogue.Cleaner2009) -> No action taken. C:\Program Files\Cleaner2009 Freeware\UCLN.xml (Rogue.Cleaner2009) -> No action taken. C:\Program Files\Cleaner2009 Freeware\unins000.dat (Rogue.Cleaner2009) -> No action taken. C:\Program Files\Cleaner2009 Freeware\unins000.exe (Rogue.Cleaner2009) -> No action taken. C:\Program Files\Cleaner2009 Freeware\uninstall.ico (Rogue.Cleaner2009) -> No action taken. C:\Program Files\Cleaner2009 Freeware\UserAgent.dll (Rogue.Cleaner2009) -> No action taken. C:\Program Files\Cleaner2009 Freeware\vbpv.dat (Rogue.Cleaner2009) -> No action taken. C:\Program Files\Cleaner2009 Freeware\Appbase\AE_CD_Cr.dat (Rogue.Cleaner2009) -> No action taken. C:\Program Files\Cleaner2009 Freeware\Appbase\AReadr4.dat (Rogue.Cleaner2009) -> No action taken. C:\Program Files\Cleaner2009 Freeware\Appbase\AReadr5.dat (Rogue.Cleaner2009) -> No action taken. C:\Program Files\Cleaner2009 Freeware\Appbase\ASDSEEpv.dat (Rogue.Cleaner2009) -> No action taken. C:\Program Files\Cleaner2009 Freeware\Appbase\ASPack.dat (Rogue.Cleaner2009) -> No action taken. C:\Program Files\Cleaner2009 Freeware\Appbase\Babylon.dat (Rogue.Cleaner2009) -> No action taken. C:\Program Files\Cleaner2009 Freeware\Appbase\BDelphi5.dat (Rogue.Cleaner2009) -> No action taken. C:\Program Files\Cleaner2009 Freeware\Appbase\CatchUp.dat (Rogue.Cleaner2009) -> No action taken. C:\Program Files\Cleaner2009 Freeware\Appbase\CBuildr5.dat (Rogue.Cleaner2009) -> No action taken. C:\Program Files\Cleaner2009 Freeware\Appbase\CCGA.dat (Rogue.Cleaner2009) -> No action taken. C:\Program Files\Cleaner2009 Freeware\Appbase\CManager.dat (Rogue.Cleaner2009) -> No action taken. C:\Program Files\Cleaner2009 Freeware\Appbase\CuteFTP4.dat (Rogue.Cleaner2009) -> No action taken. C:\Program Files\Cleaner2009 Freeware\Appbase\CuteHTML.dat (Rogue.Cleaner2009) -> No action taken. C:\Program Files\Cleaner2009 Freeware\Appbase\DAcceler.dat (Rogue.Cleaner2009) -> No action taken. C:\Program Files\Cleaner2009 Freeware\Appbase\DiscJug.dat (Rogue.Cleaner2009) -> No action taken. C:\Program Files\Cleaner2009 Freeware\Appbase\ECDCreat4.dat (Rogue.Cleaner2009) -> No action taken. C:\Program Files\Cleaner2009 Freeware\Appbase\Far.dat (Rogue.Cleaner2009) -> No action taken. C:\Program Files\Cleaner2009 Freeware\Appbase\FFTsks.dat (Rogue.Cleaner2009) -> No action taken. C:\Program Files\Cleaner2009 Freeware\Appbase\FlashFXP.dat (Rogue.Cleaner2009) -> No action taken. C:\Program Files\Cleaner2009 Freeware\Appbase\FrntPage.dat (Rogue.Cleaner2009) -> No action taken. C:\Program Files\Cleaner2009 Freeware\Appbase\FrontPEx.dat (Rogue.Cleaner2009) -> No action taken. C:\Program Files\Cleaner2009 Freeware\Appbase\FtpEXP.dat (Rogue.Cleaner2009) -> No action taken. C:\Program Files\Cleaner2009 Freeware\Appbase\FtpVoya.dat (Rogue.Cleaner2009) -> No action taken. C:\Program Files\Cleaner2009 Freeware\Appbase\GetRight.dat (Rogue.Cleaner2009) -> No action taken. C:\Program Files\Cleaner2009 Freeware\Appbase\GoZilla.dat (Rogue.Cleaner2009) -> No action taken. C:\Program Files\Cleaner2009 Freeware\Appbase\GravMRU.dat (Rogue.Cleaner2009) -> No action taken. C:\Program Files\Cleaner2009 Freeware\Appbase\HomeSite.dat (Rogue.Cleaner2009) -> No action taken. C:\Program Files\Cleaner2009 Freeware\Appbase\HotDogPr.dat (Rogue.Cleaner2009) -> No action taken. C:\Program Files\Cleaner2009 Freeware\Appbase\H_TxtPad.dat (Rogue.Cleaner2009) -> No action taken. C:\Program Files\Cleaner2009 Freeware\Appbase\IconExtr.dat (Rogue.Cleaner2009) -> No action taken. C:\Program Files\Cleaner2009 Freeware\Appbase\iMesh.dat (Rogue.Cleaner2009) -> No action taken. C:\Program Files\Cleaner2009 Freeware\Appbase\ImgReady3.dat (Rogue.Cleaner2009) -> No action taken. C:\Program Files\Cleaner2009 Freeware\Appbase\InsShExp.dat (Rogue.Cleaner2009) -> No action taken. C:\Program Files\Cleaner2009 Freeware\Appbase\JASC_P_P.dat (Rogue.Cleaner2009) -> No action taken. C:\Program Files\Cleaner2009 Freeware\Appbase\KaZaA.dat (Rogue.Cleaner2009) -> No action taken. C:\Program Files\Cleaner2009 Freeware\Appbase\LView.dat (Rogue.Cleaner2009) -> No action taken. C:\Program Files\Cleaner2009 Freeware\Appbase\MacDir.dat (Rogue.Cleaner2009) -> No action taken. C:\Program Files\Cleaner2009 Freeware\Appbase\MacDrWea.dat (Rogue.Cleaner2009) -> No action taken. C:\Program Files\Cleaner2009 Freeware\Appbase\MicAng.dat (Rogue.Cleaner2009) -> No action taken. C:\Program Files\Cleaner2009 Freeware\Appbase\MicDes.dat (Rogue.Cleaner2009) -> No action taken. C:\Program Files\Cleaner2009 Freeware\Appbase\MMUnDisk.dat (Rogue.Cleaner2009) -> No action taken. C:\Program Files\Cleaner2009 Freeware\Appbase\MM_CON.dat (Rogue.Cleaner2009) -> No action taken. C:\Program Files\Cleaner2009 Freeware\Appbase\Morpheus.dat (Rogue.Cleaner2009) -> No action taken. C:\Program Files\Cleaner2009 Freeware\Appbase\MPaint.dat (Rogue.Cleaner2009) -> No action taken. C:\Program Files\Cleaner2009 Freeware\Appbase\MPicPub.dat (Rogue.Cleaner2009) -> No action taken. C:\Program Files\Cleaner2009 Freeware\Appbase\MPImaGal.dat (Rogue.Cleaner2009) -> No action taken. C:\Program Files\Cleaner2009 Freeware\Appbase\MSExplorer.dat (Rogue.Cleaner2009) -> No action taken. C:\Program Files\Cleaner2009 Freeware\Appbase\MSoffice.dat (Rogue.Cleaner2009) -> No action taken. C:\Program Files\Cleaner2009 Freeware\Appbase\MSRegEdit.dat (Rogue.Cleaner2009) -> No action taken. C:\Program Files\Cleaner2009 Freeware\Appbase\MSWMP.dat (Rogue.Cleaner2009) -> No action taken. C:\Program Files\Cleaner2009 Freeware\Appbase\MSWordPad.dat (Rogue.Cleaner2009) -> No action taken. C:\Program Files\Cleaner2009 Freeware\Appbase\Nero.dat (Rogue.Cleaner2009) -> No action taken. C:\Program Files\Cleaner2009 Freeware\Appbase\NetShow.dat (Rogue.Cleaner2009) -> No action taken. C:\Program Files\Cleaner2009 Freeware\Appbase\NTBackup.dat (Rogue.Cleaner2009) -> No action taken. C:\Program Files\Cleaner2009 Freeware\Appbase\pfilelst.xda (Rogue.Cleaner2009) -> No action taken. C:\Program Files\Cleaner2009 Freeware\Appbase\PhotShel.dat (Rogue.Cleaner2009) -> No action taken. C:\Program Files\Cleaner2009 Freeware\Appbase\PHPCoder.dat (Rogue.Cleaner2009) -> No action taken. C:\Program Files\Cleaner2009 Freeware\Appbase\PowerZIP.dat (Rogue.Cleaner2009) -> No action taken. C:\Program Files\Cleaner2009 Freeware\Appbase\RapidBr.dat (Rogue.Cleaner2009) -> No action taken. C:\Program Files\Cleaner2009 Freeware\Appbase\RealAuPl.dat (Rogue.Cleaner2009) -> No action taken. C:\Program Files\Cleaner2009 Freeware\Appbase\RealDown.dat (Rogue.Cleaner2009) -> No action taken. C:\Program Files\Cleaner2009 Freeware\Appbase\SecurCRT.dat (Rogue.Cleaner2009) -> No action taken. C:\Program Files\Cleaner2009 Freeware\Appbase\SL_BlWin.dat (Rogue.Cleaner2009) -> No action taken. C:\Program Files\Cleaner2009 Freeware\Appbase\SmartClr.dat (Rogue.Cleaner2009) -> No action taken. C:\Program Files\Cleaner2009 Freeware\Appbase\Sonique.dat (Rogue.Cleaner2009) -> No action taken. C:\Program Files\Cleaner2009 Freeware\Appbase\StuffIt.dat (Rogue.Cleaner2009) -> No action taken. C:\Program Files\Cleaner2009 Freeware\Appbase\TelepPro.dat (Rogue.Cleaner2009) -> No action taken. C:\Program Files\Cleaner2009 Freeware\Appbase\UGifAnim.dat (Rogue.Cleaner2009) -> No action taken. C:\Program Files\Cleaner2009 Freeware\Appbase\UltraEd.dat (Rogue.Cleaner2009) -> No action taken. C:\Program Files\Cleaner2009 Freeware\Appbase\UMedStud.dat (Rogue.Cleaner2009) -> No action taken. C:\Program Files\Cleaner2009 Freeware\Appbase\UPhImpV.dat (Rogue.Cleaner2009) -> No action taken. C:\Program Files\Cleaner2009 Freeware\Appbase\UPhotoEx.dat (Rogue.Cleaner2009) -> No action taken. C:\Program Files\Cleaner2009 Freeware\Appbase\UVidStud.dat (Rogue.Cleaner2009) -> No action taken. C:\Program Files\Cleaner2009 Freeware\Appbase\VNC.dat (Rogue.Cleaner2009) -> No action taken. C:\Program Files\Cleaner2009 Freeware\Appbase\WebFeret.dat (Rogue.Cleaner2009) -> No action taken. C:\Program Files\Cleaner2009 Freeware\Appbase\WebReap.dat (Rogue.Cleaner2009) -> No action taken. C:\Program Files\Cleaner2009 Freeware\Appbase\WinACE.dat (Rogue.Cleaner2009) -> No action taken. C:\Program Files\Cleaner2009 Freeware\Appbase\WinGate.dat (Rogue.Cleaner2009) -> No action taken. C:\Program Files\Cleaner2009 Freeware\Appbase\WinRAR.dat (Rogue.Cleaner2009) -> No action taken. C:\Program Files\Cleaner2009 Freeware\Appbase\WinZIP.dat (Rogue.Cleaner2009) -> No action taken. C:\Program Files\Cleaner2009 Freeware\Appbase\WiseInst.dat (Rogue.Cleaner2009) -> No action taken. C:\Program Files\Cleaner2009 Freeware\Appbase\wordslst.xda (Rogue.Cleaner2009) -> No action taken. C:\Program Files\Cleaner2009 Freeware\Appbase\YahooPl.dat (Rogue.Cleaner2009) -> No action taken. C:\Program Files\Cleaner2009 Freeware\Appbase\ZipMagic.dat (Rogue.Cleaner2009) -> No action taken. C:\Documents and Settings\user\Ustawienia lokalne\Temp\NI.UGA6P_0001_N122M2210\settings.ini (Rogue.Multiple) -> No action taken. C:\Documents and Settings\user\Ustawienia lokalne\Temp\NI.UGA6P_0001_N122M2210\setup.exe (Rogue.Multiple) -> No action taken. C:\Documents and Settings\user\Ustawienia lokalne\Temp\NI.UGA6P_0001_N122M2210\setup.len (Rogue.Multiple) -> No action taken. C:\Documents and Settings\user\Dane aplikacji\AVSystemCare\Logs\threats.log (Rogue.AVSystemcare) -> No action taken. C:\Documents and Settings\user\Dane aplikacji\AVSystemCare\Logs\update.log (Rogue.AVSystemcare) -> No action taken. C:\Documents and Settings\user\Dane aplikacji\VirusRemover2009\Logs\scns.log (Rogue.VirusRemover) -> No action taken. C:\Documents and Settings\user\Dane aplikacji\Microsoft\Internet Explorer\Quick Launch\SecureExpertCleaner.lnk (Rogue.SecureExpertCleaner) -> No action taken. C:\WINDOWS\system32\WinCtrl32.dll (Trojan.Agent) -> No action taken. C:\WINDOWS\system32\{3bcc8c6d-9722-1598-5385-e131488cf6a9}.dll-uninst.exe (Trojan.Agent) -> No action taken. C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe (Adware.BHO) -> No action taken. C:\WINDOWS\system32\dcads_sidebar.dll (Adware.BHO) -> No action taken. C:\WINDOWS\system32\dcads_sidebar_uninstall.exe (Adware.BHO) -> No action taken. C:\WINDOWS\system32\superiorads-uninst.exe (Adware.BHO) -> No action taken. C:\WINDOWS\system32\DcadsSocial-uninstall.exe (Adware.RightOnAds) -> No action taken. C:\Documents and Settings\All Users\Pulpit\SpywareRemover2009.lnk (Rogue.Spyware.Remover) -> No action taken. C:\WINDOWS\system32\ntos.exe (Backdoor.Bot) -> No action taken. C:\Documents and Settings\user\Pulpit\Cleaner2009 Freeware.lnk (Rogue.Cleaner2009) -> No action taken. C:\Documents and Settings\user\Dane aplikacji\urlredir.cfg (Adware.RightOnAds) -> No action taken. C:\WINDOWS\system32\drivers\Wingk37.sys (Rootkit.Agent) -> No action taken. C:\WINDOWS\system32\7b960f06-5882-b6e2-edb2-7c32e0e6bd20.dll (Trojan.BHO) -> No action taken. C:\WINDOWS\system32\zssrkylxwhoruugp.dll (Adware.BHO) -> No action taken. Sorki, że tak długo, ale szybciej się nie dało na tym komputerze
MarekM25 komentarz 6 września 2009 komentarz 6 września 2009 Właśnie o to chodziło. Cf wszystko pięknie usunął + Mbam także. Usuń koniecznie to co znalazł MBAM. Jeszcze jeden plik został. Może avenger sobie poradzi. Pobierz Avenger. W polu Input script here wklej taki tekst: Files to delete:c:\windows\system32\cmuti.dll Kliknij Execute. Komputer uruchomi się ponownie. Potem pokaż C:\avenger.txt i powiedz czy komputer lepiej działa. 1
Duban komentarz 6 września 2009 Autor komentarz 6 września 2009 Avenger: Log do sprawdzenia Logfile of The Avenger Version 2.0, © by Swandog46http://swandog46.geekstogo.com Platform: Windows XP ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Rootkit scan active. No rootkits found! Completed script processing. ******************* Finished! Terminate. ////////////////////////////////////////// Avenger Pre-Processor log ////////////////////////////////////////// Platform: Windows XP (build 2600, Dodatek Service Pack 2) Sun Sep 06 19:27:46 2009 19:27:46: Error: Invalid script. A valid script must begin with a command directive. Aborting execution! ////////////////////////////////////////// Logfile of The Avenger Version 2.0, © by Swandog46 http://swandog46.geekstogo.com Platform: Windows XP ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Rootkit scan active. No rootkits found! Error: could not open file "c:\windows\system32\cmuti.dll" Deletion of file "c:\windows\system32\cmuti.dll" failed! Status: 0xc0000022 (STATUS_ACCESS_DENIED) Completed script processing. ******************* Finished! Terminate. teraz jeszcze spróbuje usunąć to co znalazł MBAM. Czuję, że PC lepiej chodzi, ale i tak to nie jest marzenie (XP i 64MB RAM ^^). Za wszytko dzięki Oczywiście plusy będą MBAM po usuwaniu: Log do sprawdzenia Malwarebytes' Anti-Malware 1.30Wersja bazy definicji: 1306 Windows 5.1.2600 Dodatek Service Pack 2 2009-09-06 19:44:56 mbam-log-2009-09-06 (19-44-56).txt Typ skanowania: Szybkie skanowanie Przeskanowane obiekty: 41581 Upłynęło: 8 minute(s), 40 second(s) Zainfekowane procesy w pamięci: 0 Zainfekowane moduły pamięci: 0 Zainfekowane klucze rejestru: 25 Zainfekowane wartości rejestru: 9 Zainfekowane pliki rejestru: 0 Zainfekowane foldery: 7 Zainfekowane pliki: 144 Zainfekowane procesy w pamięci: (Nie wykryto groźnych plików) Zainfekowane moduły pamięci: (Nie wykryto groźnych plików) Zainfekowane klucze rejestru: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1363678e-4658-41f3-a6d0-e77ea0c41477} (Trojan.BHO.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{1363678e-4658-41f3-a6d0-e77ea0c41477} (Trojan.BHO.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5d439cb0-ac46-4519-972d-0c3e1273aedc} (Trojan.BHO.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{5d439cb0-ac46-4519-972d-0c3e1273aedc} (Trojan.BHO.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bd60dccf-2225-48c2-9ef8-c706e0ed21ff} (Trojan.BHO.H) -> Delete on reboot. HKEY_CLASSES_ROOT\CLSID\{bd60dccf-2225-48c2-9ef8-c706e0ed21ff} (Trojan.BHO.H) -> Delete on reboot. HKEY_CLASSES_ROOT\Interface\{59c345ba-3d5e-44e3-9d10-d3848af15d73} (Rogue.AntiMalwareSuite) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\{3a9377a6-be7f-485d-908c-d44114691389} (Rogue.Multiple) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\zoolmfmr (Rootkit.Agent) -> Delete on reboot. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\zoolmfmr (Rootkit.Agent) -> Delete on reboot. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\zoolmfmr (Rootkit.Agent) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\virusremover2009 (Rogue.VirusRemove) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\secureexpertcleaner_uninstall (Rogue.SecureExpertCleaner) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\cleaner2009 freeware (Rogue.Cleaner2009) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\cleaner2009 freeware (Rogue.Cleaner2009) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UCLN_install_is1 (Rogue.Cleaner2009) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\iercpt.DLL (Rogue.Multiple) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\virusremover2009 (Rogue.VirusRemove) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\virusremover2009 (Rogue.VirusRemove) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\ugac (Rogue.PCSecureSystem) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wingk37 (Rootkit.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9912ce08-239e-bf0f-04f4-ca54ac12ae2e} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{9912ce08-239e-bf0f-04f4-ca54ac12ae2e} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c8bf4735-0be4-f62d-c058-e2afd853bce3} (Adware.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{c8bf4735-0be4-f62d-c058-e2afd853bce3} (Adware.BHO) -> Quarantined and deleted successfully. Zainfekowane wartości rejestru: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{02ffac45-0b10-5633-4296-1801f1a36678} (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Program Files\Cleaner2009 Freeware\ATL80.dll (Rogue.Cleaner2009) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Program Files\Cleaner2009 Freeware\mfc80.dll (Rogue.Cleaner2009) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Program Files\Cleaner2009 Freeware\msvcp80.dll (Rogue.Cleaner2009) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Program Files\Cleaner2009 Freeware\msvcr80.dll (Rogue.Cleaner2009) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\mu (Trojan.Agent) -> Delete on reboot. Zainfekowane pliki rejestru: (Nie wykryto groźnych plików) Zainfekowane foldery: C:\Program Files\VirusRemover2009 (Rogue.VirusRemove) -> Quarantined and deleted successfully. C:\Program Files\SecureExpertCleaner (Rogue.SecureExpertCleaner) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Dane aplikacji\SEC (Rogue.SecureExpertCleaner) -> Quarantined and deleted successfully. C:\Program Files\Cleaner2009 Freeware (Rogue.Cleaner2009) -> Quarantined and deleted successfully. C:\Program Files\Cleaner2009 Freeware\Appbase (Rogue.Cleaner2009) -> Quarantined and deleted successfully. C:\Documents and Settings\user\Dane aplikacji\VirusRemover2009 (Rogue.VirusRemover) -> Quarantined and deleted successfully. C:\Documents and Settings\user\Dane aplikacji\VirusRemover2009\Logs (Rogue.VirusRemover) -> Quarantined and deleted successfully. Zainfekowane pliki: C:\WINDOWS\system32\cnvfa.dll (Trojan.BHO.H) -> Delete on reboot. C:\WINDOWS\system32\WhoisCL.exe (Adware.BHO) -> Quarantined and deleted successfully. C:\WINDOWS\system32\myss_sb.dll (Adware.BHO) -> Quarantined and deleted successfully. C:\WINDOWS\system32\Drivers\vywxiecp.dat (Rootkit.Agent) -> Delete on reboot. C:\Documents and Settings\user\Dane aplikacji\install_en[1].exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Program Files\VirusRemover2009\ExtSecurityCenter.exe (Rogue.VirusRemove) -> Quarantined and deleted successfully. C:\Program Files\VirusRemover2009\ExtSecurityCenter.ini (Rogue.VirusRemove) -> Quarantined and deleted successfully. C:\Program Files\VirusRemover2009\ExtSecurityCenter.xml (Rogue.VirusRemove) -> Quarantined and deleted successfully. C:\Program Files\VirusRemover2009\PP.exe (Rogue.VirusRemove) -> Quarantined and deleted successfully. C:\Program Files\VirusRemover2009\Uninstall.exe (Rogue.VirusRemove) -> Quarantined and deleted successfully. C:\Program Files\VirusRemover2009\VRM2009.exe (Rogue.VirusRemove) -> Quarantined and deleted successfully. C:\Program Files\SecureExpertCleaner\ATL80.dll (Rogue.SecureExpertCleaner) -> Quarantined and deleted successfully. C:\Program Files\SecureExpertCleaner\mfc80.dll (Rogue.SecureExpertCleaner) -> Quarantined and deleted successfully. C:\Program Files\SecureExpertCleaner\Microsoft.VC80.ATL.manifest (Rogue.SecureExpertCleaner) -> Quarantined and deleted successfully. C:\Program Files\SecureExpertCleaner\Microsoft.VC80.CRT.manifest (Rogue.SecureExpertCleaner) -> Quarantined and deleted successfully. C:\Program Files\SecureExpertCleaner\Microsoft.VC80.MFC.manifest (Rogue.SecureExpertCleaner) -> Quarantined and deleted successfully. C:\Program Files\SecureExpertCleaner\msvcp80.dll (Rogue.SecureExpertCleaner) -> Quarantined and deleted successfully. C:\Program Files\SecureExpertCleaner\msvcr80.dll (Rogue.SecureExpertCleaner) -> Quarantined and deleted successfully. C:\Program Files\SecureExpertCleaner\PP.exe (Rogue.SecureExpertCleaner) -> Quarantined and deleted successfully. C:\Program Files\SecureExpertCleaner\Reminder.exe (Rogue.SecureExpertCleaner) -> Quarantined and deleted successfully. C:\Program Files\SecureExpertCleaner\SEC.exe (Rogue.SecureExpertCleaner) -> Quarantined and deleted successfully. C:\Program Files\SecureExpertCleaner\SEC.xml (Rogue.SecureExpertCleaner) -> Quarantined and deleted successfully. C:\Program Files\SecureExpertCleaner\uninst.exe (Rogue.SecureExpertCleaner) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Dane aplikacji\SEC\base.dat (Rogue.SecureExpertCleaner) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Dane aplikacji\SEC\schedule.dat (Rogue.SecureExpertCleaner) -> Quarantined and deleted successfully. C:\Program Files\Cleaner2009 Freeware\ATL80.dll (Rogue.Cleaner2009) -> Quarantined and deleted successfully. C:\Program Files\Cleaner2009 Freeware\AV.dat (Rogue.Cleaner2009) -> Quarantined and deleted successfully. C:\Program Files\Cleaner2009 Freeware\cookies.dat (Rogue.Cleaner2009) -> Quarantined and deleted successfully. C:\Program Files\Cleaner2009 Freeware\errors.log (Rogue.Cleaner2009) -> Quarantined and deleted successfully. C:\Program Files\Cleaner2009 Freeware\lapv.dat (Rogue.Cleaner2009) -> Quarantined and deleted successfully. C:\Program Files\Cleaner2009 Freeware\license.rtf (Rogue.Cleaner2009) -> Quarantined and deleted successfully. C:\Program Files\Cleaner2009 Freeware\mfc80.dll (Rogue.Cleaner2009) -> Quarantined and deleted successfully. C:\Program Files\Cleaner2009 Freeware\Microsoft.VC80.ATL.manifest (Rogue.Cleaner2009) -> Quarantined and deleted successfully. C:\Program Files\Cleaner2009 Freeware\Microsoft.VC80.CRT.manifest (Rogue.Cleaner2009) -> Quarantined and deleted successfully. C:\Program Files\Cleaner2009 Freeware\Microsoft.VC80.MFC.manifest (Rogue.Cleaner2009) -> Quarantined and deleted successfully. C:\Program Files\Cleaner2009 Freeware\msvcp80.dll (Rogue.Cleaner2009) -> Quarantined and deleted successfully. C:\Program Files\Cleaner2009 Freeware\msvcr80.dll (Rogue.Cleaner2009) -> Quarantined and deleted successfully. C:\Program Files\Cleaner2009 Freeware\PP.exe (Rogue.Cleaner2009) -> Quarantined and deleted successfully. C:\Program Files\Cleaner2009 Freeware\pv.dat (Rogue.Cleaner2009) -> Quarantined and deleted successfully. C:\Program Files\Cleaner2009 Freeware\readme.rtf (Rogue.Cleaner2009) -> Quarantined and deleted successfully. C:\Program Files\Cleaner2009 Freeware\remnag.dat (Rogue.Cleaner2009) -> Quarantined and deleted successfully. C:\Program Files\Cleaner2009 Freeware\ScanReport.dat (Rogue.Cleaner2009) -> Quarantined and deleted successfully. C:\Program Files\Cleaner2009 Freeware\Schedule.dat (Rogue.Cleaner2009) -> Quarantined and deleted successfully. C:\Program Files\Cleaner2009 Freeware\softwaredetect.dat (Rogue.Cleaner2009) -> Quarantined and deleted successfully. C:\Program Files\Cleaner2009 Freeware\state.dat (Rogue.Cleaner2009) -> Quarantined and deleted successfully. C:\Program Files\Cleaner2009 Freeware\UCLN.dmp (Rogue.Cleaner2009) -> Quarantined and deleted successfully. C:\Program Files\Cleaner2009 Freeware\UCLN.exe (Rogue.Cleaner2009) -> Quarantined and deleted successfully. C:\Program Files\Cleaner2009 Freeware\UCLN.xml (Rogue.Cleaner2009) -> Quarantined and deleted successfully. C:\Program Files\Cleaner2009 Freeware\unins000.dat (Rogue.Cleaner2009) -> Quarantined and deleted successfully. C:\Program Files\Cleaner2009 Freeware\unins000.exe (Rogue.Cleaner2009) -> Quarantined and deleted successfully. C:\Program Files\Cleaner2009 Freeware\uninstall.ico (Rogue.Cleaner2009) -> Quarantined and deleted successfully. C:\Program Files\Cleaner2009 Freeware\UserAgent.dll (Rogue.Cleaner2009) -> Quarantined and deleted successfully. C:\Program Files\Cleaner2009 Freeware\vbpv.dat (Rogue.Cleaner2009) -> Quarantined and deleted successfully. C:\Program Files\Cleaner2009 Freeware\Appbase\AE_CD_Cr.dat (Rogue.Cleaner2009) -> Quarantined and deleted successfully. C:\Program Files\Cleaner2009 Freeware\Appbase\AReadr4.dat (Rogue.Cleaner2009) -> Quarantined and deleted successfully. C:\Program Files\Cleaner2009 Freeware\Appbase\AReadr5.dat (Rogue.Cleaner2009) -> Quarantined and deleted successfully. C:\Program Files\Cleaner2009 Freeware\Appbase\ASDSEEpv.dat (Rogue.Cleaner2009) -> Quarantined and deleted successfully. C:\Program Files\Cleaner2009 Freeware\Appbase\ASPack.dat (Rogue.Cleaner2009) -> Quarantined and deleted successfully. C:\Program Files\Cleaner2009 Freeware\Appbase\Babylon.dat (Rogue.Cleaner2009) -> Quarantined and deleted successfully. C:\Program Files\Cleaner2009 Freeware\Appbase\BDelphi5.dat (Rogue.Cleaner2009) -> Quarantined and deleted successfully. C:\Program Files\Cleaner2009 Freeware\Appbase\CatchUp.dat (Rogue.Cleaner2009) -> Quarantined and deleted successfully. C:\Program Files\Cleaner2009 Freeware\Appbase\CBuildr5.dat (Rogue.Cleaner2009) -> Quarantined and deleted successfully. C:\Program Files\Cleaner2009 Freeware\Appbase\CCGA.dat (Rogue.Cleaner2009) -> Quarantined and deleted successfully. C:\Program Files\Cleaner2009 Freeware\Appbase\CManager.dat (Rogue.Cleaner2009) -> Quarantined and deleted successfully. C:\Program Files\Cleaner2009 Freeware\Appbase\CuteFTP4.dat (Rogue.Cleaner2009) -> Quarantined and deleted successfully. C:\Program Files\Cleaner2009 Freeware\Appbase\CuteHTML.dat (Rogue.Cleaner2009) -> Quarantined and deleted successfully. C:\Program Files\Cleaner2009 Freeware\Appbase\DAcceler.dat (Rogue.Cleaner2009) -> Quarantined and deleted successfully. C:\Program Files\Cleaner2009 Freeware\Appbase\DiscJug.dat (Rogue.Cleaner2009) -> Quarantined and deleted successfully. C:\Program Files\Cleaner2009 Freeware\Appbase\ECDCreat4.dat (Rogue.Cleaner2009) -> Quarantined and deleted successfully. C:\Program Files\Cleaner2009 Freeware\Appbase\Far.dat (Rogue.Cleaner2009) -> Quarantined and deleted successfully. C:\Program Files\Cleaner2009 Freeware\Appbase\FFTsks.dat (Rogue.Cleaner2009) -> Quarantined and deleted successfully. C:\Program Files\Cleaner2009 Freeware\Appbase\FlashFXP.dat (Rogue.Cleaner2009) -> Quarantined and deleted successfully. C:\Program Files\Cleaner2009 Freeware\Appbase\FrntPage.dat (Rogue.Cleaner2009) -> Quarantined and deleted successfully. C:\Program Files\Cleaner2009 Freeware\Appbase\FrontPEx.dat (Rogue.Cleaner2009) -> Quarantined and deleted successfully. C:\Program Files\Cleaner2009 Freeware\Appbase\FtpEXP.dat (Rogue.Cleaner2009) -> Quarantined and deleted successfully. C:\Program Files\Cleaner2009 Freeware\Appbase\FtpVoya.dat (Rogue.Cleaner2009) -> Quarantined and deleted successfully. C:\Program Files\Cleaner2009 Freeware\Appbase\GetRight.dat (Rogue.Cleaner2009) -> Quarantined and deleted successfully. C:\Program Files\Cleaner2009 Freeware\Appbase\GoZilla.dat (Rogue.Cleaner2009) -> Quarantined and deleted successfully. C:\Program Files\Cleaner2009 Freeware\Appbase\GravMRU.dat (Rogue.Cleaner2009) -> Quarantined and deleted successfully. C:\Program Files\Cleaner2009 Freeware\Appbase\HomeSite.dat (Rogue.Cleaner2009) -> Quarantined and deleted successfully. C:\Program Files\Cleaner2009 Freeware\Appbase\HotDogPr.dat (Rogue.Cleaner2009) -> Quarantined and deleted successfully. C:\Program Files\Cleaner2009 Freeware\Appbase\H_TxtPad.dat (Rogue.Cleaner2009) -> Quarantined and deleted successfully. C:\Program Files\Cleaner2009 Freeware\Appbase\IconExtr.dat (Rogue.Cleaner2009) -> Quarantined and deleted successfully. C:\Program Files\Cleaner2009 Freeware\Appbase\iMesh.dat (Rogue.Cleaner2009) -> Quarantined and deleted successfully. C:\Program Files\Cleaner2009 Freeware\Appbase\ImgReady3.dat (Rogue.Cleaner2009) -> Quarantined and deleted successfully. C:\Program Files\Cleaner2009 Freeware\Appbase\InsShExp.dat (Rogue.Cleaner2009) -> Quarantined and deleted successfully. C:\Program Files\Cleaner2009 Freeware\Appbase\JASC_P_P.dat (Rogue.Cleaner2009) -> Quarantined and deleted successfully. C:\Program Files\Cleaner2009 Freeware\Appbase\KaZaA.dat (Rogue.Cleaner2009) -> Quarantined and deleted successfully. C:\Program Files\Cleaner2009 Freeware\Appbase\LView.dat (Rogue.Cleaner2009) -> Quarantined and deleted successfully. C:\Program Files\Cleaner2009 Freeware\Appbase\MacDir.dat (Rogue.Cleaner2009) -> Quarantined and deleted successfully. C:\Program Files\Cleaner2009 Freeware\Appbase\MacDrWea.dat (Rogue.Cleaner2009) -> Quarantined and deleted successfully. C:\Program Files\Cleaner2009 Freeware\Appbase\MicAng.dat (Rogue.Cleaner2009) -> Quarantined and deleted successfully. C:\Program Files\Cleaner2009 Freeware\Appbase\MicDes.dat (Rogue.Cleaner2009) -> Quarantined and deleted successfully. C:\Program Files\Cleaner2009 Freeware\Appbase\MMUnDisk.dat (Rogue.Cleaner2009) -> Quarantined and deleted successfully. C:\Program Files\Cleaner2009 Freeware\Appbase\MM_CON.dat (Rogue.Cleaner2009) -> Quarantined and deleted successfully. C:\Program Files\Cleaner2009 Freeware\Appbase\Morpheus.dat (Rogue.Cleaner2009) -> Quarantined and deleted successfully. C:\Program Files\Cleaner2009 Freeware\Appbase\MPaint.dat (Rogue.Cleaner2009) -> Quarantined and deleted successfully. C:\Program Files\Cleaner2009 Freeware\Appbase\MPicPub.dat (Rogue.Cleaner2009) -> Quarantined and deleted successfully. C:\Program Files\Cleaner2009 Freeware\Appbase\MPImaGal.dat (Rogue.Cleaner2009) -> Quarantined and deleted successfully. C:\Program Files\Cleaner2009 Freeware\Appbase\MSExplorer.dat (Rogue.Cleaner2009) -> Quarantined and deleted successfully. C:\Program Files\Cleaner2009 Freeware\Appbase\MSoffice.dat (Rogue.Cleaner2009) -> Quarantined and deleted successfully. C:\Program Files\Cleaner2009 Freeware\Appbase\MSRegEdit.dat (Rogue.Cleaner2009) -> Quarantined and deleted successfully. C:\Program Files\Cleaner2009 Freeware\Appbase\MSWMP.dat (Rogue.Cleaner2009) -> Quarantined and deleted successfully. C:\Program Files\Cleaner2009 Freeware\Appbase\MSWordPad.dat (Rogue.Cleaner2009) -> Quarantined and deleted successfully. C:\Program Files\Cleaner2009 Freeware\Appbase\Nero.dat (Rogue.Cleaner2009) -> Quarantined and deleted successfully. C:\Program Files\Cleaner2009 Freeware\Appbase\NetShow.dat (Rogue.Cleaner2009) -> Quarantined and deleted successfully. C:\Program Files\Cleaner2009 Freeware\Appbase\NTBackup.dat (Rogue.Cleaner2009) -> Quarantined and deleted successfully. C:\Program Files\Cleaner2009 Freeware\Appbase\pfilelst.xda (Rogue.Cleaner2009) -> Quarantined and deleted successfully. C:\Program Files\Cleaner2009 Freeware\Appbase\PhotShel.dat (Rogue.Cleaner2009) -> Quarantined and deleted successfully. C:\Program Files\Cleaner2009 Freeware\Appbase\PHPCoder.dat (Rogue.Cleaner2009) -> Quarantined and deleted successfully. C:\Program Files\Cleaner2009 Freeware\Appbase\PowerZIP.dat (Rogue.Cleaner2009) -> Quarantined and deleted successfully. C:\Program Files\Cleaner2009 Freeware\Appbase\RapidBr.dat (Rogue.Cleaner2009) -> Quarantined and deleted successfully. C:\Program Files\Cleaner2009 Freeware\Appbase\RealAuPl.dat (Rogue.Cleaner2009) -> Quarantined and deleted successfully. C:\Program Files\Cleaner2009 Freeware\Appbase\RealDown.dat (Rogue.Cleaner2009) -> Quarantined and deleted successfully. C:\Program Files\Cleaner2009 Freeware\Appbase\SecurCRT.dat (Rogue.Cleaner2009) -> Quarantined and deleted successfully. C:\Program Files\Cleaner2009 Freeware\Appbase\SL_BlWin.dat (Rogue.Cleaner2009) -> Quarantined and deleted successfully. C:\Program Files\Cleaner2009 Freeware\Appbase\SmartClr.dat (Rogue.Cleaner2009) -> Quarantined and deleted successfully. C:\Program Files\Cleaner2009 Freeware\Appbase\Sonique.dat (Rogue.Cleaner2009) -> Quarantined and deleted successfully. C:\Program Files\Cleaner2009 Freeware\Appbase\StuffIt.dat (Rogue.Cleaner2009) -> Quarantined and deleted successfully. C:\Program Files\Cleaner2009 Freeware\Appbase\TelepPro.dat (Rogue.Cleaner2009) -> Quarantined and deleted successfully. C:\Program Files\Cleaner2009 Freeware\Appbase\UGifAnim.dat (Rogue.Cleaner2009) -> Quarantined and deleted successfully. C:\Program Files\Cleaner2009 Freeware\Appbase\UltraEd.dat (Rogue.Cleaner2009) -> Quarantined and deleted successfully. C:\Program Files\Cleaner2009 Freeware\Appbase\UMedStud.dat (Rogue.Cleaner2009) -> Quarantined and deleted successfully. C:\Program Files\Cleaner2009 Freeware\Appbase\UPhImpV.dat (Rogue.Cleaner2009) -> Quarantined and deleted successfully. C:\Program Files\Cleaner2009 Freeware\Appbase\UPhotoEx.dat (Rogue.Cleaner2009) -> Quarantined and deleted successfully. C:\Program Files\Cleaner2009 Freeware\Appbase\UVidStud.dat (Rogue.Cleaner2009) -> Quarantined and deleted successfully. C:\Program Files\Cleaner2009 Freeware\Appbase\VNC.dat (Rogue.Cleaner2009) -> Quarantined and deleted successfully. C:\Program Files\Cleaner2009 Freeware\Appbase\WebFeret.dat (Rogue.Cleaner2009) -> Quarantined and deleted successfully. C:\Program Files\Cleaner2009 Freeware\Appbase\WebReap.dat (Rogue.Cleaner2009) -> Quarantined and deleted successfully. C:\Program Files\Cleaner2009 Freeware\Appbase\WinACE.dat (Rogue.Cleaner2009) -> Quarantined and deleted successfully. C:\Program Files\Cleaner2009 Freeware\Appbase\WinGate.dat (Rogue.Cleaner2009) -> Quarantined and deleted successfully. C:\Program Files\Cleaner2009 Freeware\Appbase\WinRAR.dat (Rogue.Cleaner2009) -> Quarantined and deleted successfully. C:\Program Files\Cleaner2009 Freeware\Appbase\WinZIP.dat (Rogue.Cleaner2009) -> Quarantined and deleted successfully. C:\Program Files\Cleaner2009 Freeware\Appbase\WiseInst.dat (Rogue.Cleaner2009) -> Quarantined and deleted successfully. C:\Program Files\Cleaner2009 Freeware\Appbase\wordslst.xda (Rogue.Cleaner2009) -> Quarantined and deleted successfully. C:\Program Files\Cleaner2009 Freeware\Appbase\YahooPl.dat (Rogue.Cleaner2009) -> Quarantined and deleted successfully. C:\Program Files\Cleaner2009 Freeware\Appbase\ZipMagic.dat (Rogue.Cleaner2009) -> Quarantined and deleted successfully. C:\Documents and Settings\user\Dane aplikacji\VirusRemover2009\Logs\scns.log (Rogue.VirusRemover) -> Quarantined and deleted successfully. C:\Documents and Settings\user\Dane aplikacji\Microsoft\Internet Explorer\Quick Launch\SecureExpertCleaner.lnk (Rogue.SecureExpertCleaner) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Pulpit\SpywareRemover2009.lnk (Rogue.Spyware.Remover) -> Quarantined and deleted successfully. C:\Documents and Settings\user\Pulpit\Cleaner2009 Freeware.lnk (Rogue.Cleaner2009) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\Wingk37.sys (Rootkit.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\7b960f06-5882-b6e2-edb2-7c32e0e6bd20.dll (Trojan.BHO) -> Delete on reboot. C:\WINDOWS\system32\zssrkylxwhoruugp.dll (Adware.BHO) -> Delete on reboot.
Gość komentarz 6 września 2009 komentarz 6 września 2009 Wklej najnowszy log z ComboFixa. Avenger sobie nie poradził, nie miał dostępu do tego pliku. .
Duban komentarz 7 września 2009 Autor komentarz 7 września 2009 Już niestety nie zdążyłem Może następnym razem. Dzięki wielkie
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.