Skocz do zawartości


tablety.pl
Zdjęcie

Muli neta i błąd systemu




  • Zaloguj się, aby dodać odpowiedź
13 odpowiedzi w tym temacie

#1 mikord

mikord

    Second Rank

  • Użytkownicy +
  • 154 postów

Napisano 03 03 2012 - 17:15

Witam

Ostatnio zauważyłem żę przy przeglądaniu stron, strony bardzo wolno się ładują (choć mam łącze 10Mb). Używam opery. Do tego czasem np. jak oglądam jakiś film Allplayer-em to wyskakuje taki błąd i program się zamyka

Dołączona grafika

Zainstalowałem też dzisiaj gre ale nie mogłem zmienić w niej ustawień np. rozdzielczości - po przeinstalowaniu bez zmian. W czasie instalacji wyskoczył mi błąd jak wyżej ale instalacja została zakończona.

Probowałem użyć programów do naprawy rejestru RegCompact, EasyCleaner, Wise Registry Cleaner. Nie zmieniło to sytuacji.

Użyłem Defogger
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 14:19 on 03/03/2012 (acer)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
HKCU:DAEMON Tools Lite -> Removed

Checking for services/drivers...
Unable to read sptd.sys
SPTD -> Disabled (Service running -> reboot required)


-=E.O.F=-

Logi
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-03-03 15:30:04
Windows 6.0.6001 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 TOSHIBA_MK1637GSX rev.DL050J
Running: jonc5jwo.exe; Driver: C:\Users\acer\AppData\Local\Temp\kgldrpob.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice  \FileSystem\Ntfs \Ntfs                   eamon.sys (Amon monitor/ESET)
AttachedDevice  \FileSystem\fastfat \Fat                 fltmgr.sys (Menedżer filtrów systemu plików firmy Microsoft/Microsoft Corporation)
AttachedDevice  \FileSystem\fastfat \Fat                 eamon.sys (Amon monitor/ESET)
AttachedDevice  \Driver\tdx \Device\Tcp                  nltdi.sys
AttachedDevice  \Driver\tdx \Device\Udp                  nltdi.sys
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0  Wdf01000.sys (Dynamiczna struktura WDF/Microsoft Corporation)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1  Wdf01000.sys (Dynamiczna struktura WDF/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-03-03 17:05:48
Windows 6.0.6001 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 TOSHIBA_MK1637GSX rev.DL050J
Running: jonc5jwo.exe; Driver: C:\Users\acer\AppData\Local\Temp\kgldrpob.sys


---- System - GMER 1.0.15 ----

INT 0x06                                                                                                                              \??\C:\Windows\system32\drivers\Haspnt.sys                                                                          ADE7C16D
INT 0x0E                                                                                                                              \??\C:\Windows\system32\drivers\Haspnt.sys                                                                          ADE7BFC2

---- Kernel code sections - GMER 1.0.15 ----

PAGE                                                                                                                                  spsys.sys!?SPVersion@@3PADA + 1A67                                                                                  A0A5003F 240 Bytes  [8B, FF, 55, 8B, EC, 8B, 45, ...]
PAGE                                                                                                                                  spsys.sys!?SPVersion@@3PADA + 1B58                                                                                  A0A50130 6 Bytes  [0E, 83, 78, 14, 01, 75]
PAGE                                                                                                                                  spsys.sys!?SPVersion@@3PADA + 1B5F                                                                                  A0A50137 2214 Bytes  [83, 78, 18, 37, 75, 02, B3, ...]
PAGE                                                                                                                                  spsys.sys!?SPVersion@@3PADA + 2406                                                                                  A0A509DE 47 Bytes  [04, BB, A8, 01, 00, 00, 8D, ...]
PAGE                                                                                                                                  spsys.sys!?SPVersion@@3PADA + 2436                                                                                  A0A50A0E 44 Bytes  [05, 00, 00, 39, 54, 8D, D0, ...]
PAGE                                                                                                                                  ...                                                                                                                 
.text                                                                                                                                 C:\Windows\system32\DRIVERS\atksgt.sys                                                                              section is writeable [0xADE9D300, 0x3B6D8, 0xE8000020]
.text                                                                                                                                 C:\Windows\system32\drivers\hardlock.sys                                                                            section is writeable [0xADF06400, 0x7960C, 0xE8000020]
.protect˙˙˙˙hardlockentry point in ".protect˙˙˙˙hardlockentry point in ".protect˙˙˙˙hardlockentry point in ".p" section [0xADFA8420]  C:\Windows\system32\drivers\hardlock.sys                                                                            entry point in ".protect˙˙˙˙hardlockentry point in ".protect˙˙˙˙hardlockentry point in ".p" section [0xADFA8420]
.protect˙˙˙˙hardlockunknown last code section [0xADFA8200, 0x5049, 0xE0000020]                                                        C:\Windows\system32\drivers\hardlock.sys                                                                            unknown last code section [0xADFA8200, 0x5049, 0xE0000020]
.text                                                                                                                                 C:\Windows\system32\DRIVERS\lirsgt.sys                                                                              section is writeable [0xADFBF300, 0x1BEE, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text                                                                                                                                 C:\Program Files\ESET\ESET Smart Security\ekrn.exe[2112] kernel32.dll!SetUnhandledExceptionFilter                   77656E2D 4 Bytes  [C2, 04, 00, 00]

---- User IAT/EAT - GMER 1.0.15 ----

IAT                                                                                                                                   C:\Windows\Explorer.EXE[1996] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown]                               [74398864] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT                                                                                                                                   C:\Windows\Explorer.EXE[1996] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage]                                [743D9855] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT                                                                                                                                   C:\Windows\Explorer.EXE[1996] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI]                            [7439B984] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT                                                                                                                                   C:\Windows\Explorer.EXE[1996] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode]                      [7438FB47] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT                                                                                                                                   C:\Windows\Explorer.EXE[1996] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup]                                [74397A29] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT                                                                                                                                   C:\Windows\Explorer.EXE[1996] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC]                             [7438EA65] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT                                                                                                                                   C:\Windows\Explorer.EXE[1996] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM]                 [743CB12D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT                                                                                                                                   C:\Windows\Explorer.EXE[1996] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream]                    [7439BC4A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT                                                                                                                                   C:\Windows\Explorer.EXE[1996] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight]                            [74390756] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT                                                                                                                                   C:\Windows\Explorer.EXE[1996] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth]                             [743906BD] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT                                                                                                                                   C:\Windows\Explorer.EXE[1996] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage]                              [743871B3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT                                                                                                                                   C:\Windows\Explorer.EXE[1996] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM]                      [7441D9E0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT                                                                                                                                   C:\Windows\Explorer.EXE[1996] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile]                         [743B7329] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT                                                                                                                                   C:\Windows\Explorer.EXE[1996] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics]                            [7438E109] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT                                                                                                                                   C:\Windows\Explorer.EXE[1996] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree]                                      [7438697E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT                                                                                                                                   C:\Windows\Explorer.EXE[1996] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc]                                     [743869A9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT                                                                                                                                   C:\Windows\Explorer.EXE[1996] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode]                        [74392475] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice                                                                                                                        \FileSystem\Ntfs \Ntfs                                                                                              eamon.sys (Amon monitor/ESET)
AttachedDevice                                                                                                                        \Driver\kbdclass \Device\KeyboardClass0                                                                             Wdf01000.sys (Dynamiczna struktura WDF/Microsoft Corporation)
AttachedDevice                                                                                                                        \Driver\kbdclass \Device\KeyboardClass1                                                                             Wdf01000.sys (Dynamiczna struktura WDF/Microsoft Corporation)
AttachedDevice                                                                                                                        \Driver\tdx \Device\Tcp                                                                                             nltdi.sys
AttachedDevice                                                                                                                        \Driver\tdx \Device\Udp                                                                                             nltdi.sys
AttachedDevice                                                                                                                        \FileSystem\fastfat \Fat                                                                                            fltmgr.sys (Menedżer filtrów systemu plików firmy Microsoft/Microsoft Corporation)
AttachedDevice                                                                                                                        \FileSystem\fastfat \Fat                                                                                            eamon.sys (Amon monitor/ESET)

---- Registry - GMER 1.0.15 ----

Reg                                                                                                                                   HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001c26e4049e                                         
Reg                                                                                                                                   HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001c26e4049e@001cd6aa8015                            0x46 0x86 0x9D 0x05 ...
Reg                                                                                                                                   HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001c26e4049e@001c43f8b059                            0x81 0xB2 0x20 0x2D ...
Reg                                                                                                                                   HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04                                    
Reg                                                                                                                                   HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                                 1
Reg                                                                                                                                   HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                              0x92 0xC4 0xC8 0x5E ...
Reg                                                                                                                                   HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                    
Reg                                                                                                                                   HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                 0x00 0x00 0x00 0x00 ...
Reg                                                                                                                                   HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                 0
Reg                                                                                                                                   HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                              0xA9 0x0C 0xCE 0x9B ...
Reg                                                                                                                                   HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                 C:\Program Files\DAEMON Tools Lite\
Reg                                                                                                                                   HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                           
Reg                                                                                                                                   HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                        0x20 0x01 0x00 0x00 ...
Reg                                                                                                                                   HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                     0xBB 0xAE 0xF1 0x75 ...
Reg                                                                                                                                   HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                      
Reg                                                                                                                                   HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                0xBD 0xF9 0x4B 0xCE ...
Reg                                                                                                                                   HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1                      
Reg                                                                                                                                   HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12                0x0D 0xA3 0x61 0x0F ...
Reg                                                                                                                                   HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4                                    
Reg                                                                                                                                   HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                 0
Reg                                                                                                                                   HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                              0xE9 0x8B 0xDE 0x3A ...
Reg                                                                                                                                   HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001c26e4049e (not active ControlSet)                     
Reg                                                                                                                                   HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001c26e4049e@001cd6aa8015                                0x46 0x86 0x9D 0x05 ...
Reg                                                                                                                                   HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001c26e4049e@001c43f8b059                                0x81 0xB2 0x20 0x2D ...
Reg                                                                                                                                   HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)                
Reg                                                                                                                                   HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                                     1
Reg                                                                                                                                   HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                                  0x92 0xC4 0xC8 0x5E ...
Reg                                                                                                                                   HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                
Reg                                                                                                                                   HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                     0x00 0x00 0x00 0x00 ...
Reg                                                                                                                                   HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                     0
Reg                                                                                                                                   HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                  0xA9 0x0C 0xCE 0x9B ...
Reg                                                                                                                                   HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                     C:\Program Files\DAEMON Tools Lite\
Reg                                                                                                                                   HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)       
Reg                                                                                                                                   HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                            0x20 0x01 0x00 0x00 ...
Reg                                                                                                                                   HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                         0xBB 0xAE 0xF1 0x75 ...
Reg                                                                                                                                   HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)  
Reg                                                                                                                                   HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                    0xBD 0xF9 0x4B 0xCE ...
Reg                                                                                                                                   HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)  
Reg                                                                                                                                   HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12                    0x0D 0xA3 0x61 0x0F ...
Reg                                                                                                                                   HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)                
Reg                                                                                                                                   HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                     0
Reg                                                                                                                                   HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                  0xE9 0x8B 0xDE 0x3A ...

---- EOF - GMER 1.0.15 ----

Załączone pliki

  • Załączony plik  OTL.Txt   125,21 KB   150 Ilość pobrań


#2 wirusolog

wirusolog

    Expert

  • Moderatorzy
  • 5774 postów
  • Płeć:Mężczyzna

Napisano 03 03 2012 - 18:30

1) Użyj USBFix, >http://searchengines...67
(jeśli masz folder o nazwie "muza" lub "muzyka" to zmień tę nazwę)
Kliknij w nim na: DELETION.
Daj raport z tego usuwania.

2) Użyj >Ad-Remover i kliknij w nim Clean (uruchom z prawokliku "jako Administrator)
Pokaż raport z niego.

3) Uruchom OTL i w dolne białe pole wklej to:
:OTL
[2012-02-25 11:49:48 | 000,133,632 | RHS- | C] () -- C:\Users\acer\deh3ubd.exe
[2012-03-03 10:24:28 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2012-03-03 10:24:26 | 000,000,000 | ---D | C] -- C:\Users\acer\AppData\Local\Conduit
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O20 - HKLM Winlogon: TaskMan - (C:\Users\acer\deh3ubd.exe) - C:\Users\acer\deh3ubd.exe ()
O8 - Extra context menu item: Add to &Teleport - Reg Error: Value error. File not found
O4 - Startup: C:\Users\acer\.android [2012-01-25 19:49:04 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\acer\.gimp-2.2 [2008-06-16 17:44:48 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\acer\.gimp-2.4 [2009-04-05 19:43:11 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\acer\.gstreamer-0.10 [2010-11-11 17:20:52 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\acer\.recently-used.xbel ()
O4 - Startup: C:\Users\acer\.thumbnails [2008-02-09 10:08:45 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\acer\AppData [2009-02-16 14:05:13 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Users\acer\Application Data [2012-01-21 20:33:09 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\acer\Bez tytułu.jpg ()
O4 - Startup: C:\Users\acer\Bluetooth Software [2007-10-11 15:27:11 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\acer\Board FrazPC.pl - jak sprawdzić ilosc badow i kondycje dysku.url ()
O4 - Startup: C:\Users\acer\Calibre Library [2011-09-03 08:21:02 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\acer\Contacts [2007-10-29 15:26:49 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\acer\Cookies [2007-10-04 18:52:39 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\acer\Dane aplikacji [2007-10-04 18:52:39 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\acer\defogger_reenable ()
O4 - Startup: C:\Users\acer\deh3ubd.exe ()
O4 - Startup: C:\Users\acer\Desktop [2012-03-03 14:19:24 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\acer\Documents [2012-02-29 19:35:37 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\acer\Downloads [2011-09-15 21:35:04 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\acer\dwhelper [2010-10-24 11:43:50 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\acer\Eset.Smart.Security.4.0.x32.rar ()
O4 - Startup: C:\Users\acer\Favorites [2010-11-27 09:54:48 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\acer\Filmy.xls ()
O4 - Startup: C:\Users\acer\Gadu-Gadu [2008-09-15 13:46:43 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\acer\Graphisoft [2009-12-09 12:40:35 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\acer\JDownloader [2012-02-22 19:37:25 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\acer\Links [2007-10-29 15:26:49 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\acer\listen.pls ()
O4 - Startup: C:\Users\acer\Menu Start [2007-10-04 18:52:39 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\acer\Miejsca Bluetooth — skrót.lnk =  File not found
O4 - Startup: C:\Users\acer\Moje dokumenty [2007-10-04 18:52:39 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\acer\Music [2010-03-20 17:12:47 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\acer\NetHood [2007-10-04 18:52:39 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\acer\Nowy dokument tekstowy.txt ()
O4 - Startup: C:\Users\acer\NTI-Shadow [2007-10-04 17:02:59 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\acer\NTUSER.DAT ()
O4 - Startup: C:\Users\acer\ntuser.dat.LOG1 ()
O4 - Startup: C:\Users\acer\ntuser.dat.LOG2 ()
O4 - Startup: C:\Users\acer\NTUSER.DAT{00c1d87b-1fb5-11e0-9782-000000000000}.TM.blf ()
O4 - Startup: C:\Users\acer\NTUSER.DAT{00c1d87b-1fb5-11e0-9782-000000000000}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\acer\NTUSER.DAT{00c1d87b-1fb5-11e0-9782-000000000000}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\acer\NTUSER.DAT{11149f56-6967-11df-9529-f27d2c04985a}.TM.blf ()
O4 - Startup: C:\Users\acer\NTUSER.DAT{11149f56-6967-11df-9529-f27d2c04985a}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\acer\NTUSER.DAT{11149f56-6967-11df-9529-f27d2c04985a}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\acer\NTUSER.DAT{2a155b85-3db9-11e1-b397-000000000000}.TM.blf ()
O4 - Startup: C:\Users\acer\NTUSER.DAT{2a155b85-3db9-11e1-b397-000000000000}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\acer\NTUSER.DAT{2a155b85-3db9-11e1-b397-000000000000}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\acer\NTUSER.DAT{2c9dd9b0-c215-11df-9fc2-000000000000}.TM.blf ()
O4 - Startup: C:\Users\acer\NTUSER.DAT{2c9dd9b0-c215-11df-9fc2-000000000000}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\acer\NTUSER.DAT{2c9dd9b0-c215-11df-9fc2-000000000000}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\acer\NTUSER.DAT{3590b2d8-d10c-11df-8b4f-000000000000}.TM.blf ()
O4 - Startup: C:\Users\acer\NTUSER.DAT{3590b2d8-d10c-11df-8b4f-000000000000}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\acer\NTUSER.DAT{3590b2d8-d10c-11df-8b4f-000000000000}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\acer\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf ()
O4 - Startup: C:\Users\acer\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\acer\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\acer\NTUSER.DAT{420cd193-99c2-11e0-8f7a-e8e6a16659f0}.TM.blf ()
O4 - Startup: C:\Users\acer\NTUSER.DAT{420cd193-99c2-11e0-8f7a-e8e6a16659f0}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\acer\NTUSER.DAT{420cd193-99c2-11e0-8f7a-e8e6a16659f0}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\acer\NTUSER.DAT{4f2d0ab1-6fcb-11df-8e4d-c4ebdef4e2f7}.TM.blf ()
O4 - Startup: C:\Users\acer\NTUSER.DAT{4f2d0ab1-6fcb-11df-8e4d-c4ebdef4e2f7}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\acer\NTUSER.DAT{4f2d0ab1-6fcb-11df-8e4d-c4ebdef4e2f7}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\acer\NTUSER.DAT{5c8159d2-ad03-11df-88bd-000000000000}.TM.blf ()
O4 - Startup: C:\Users\acer\NTUSER.DAT{5c8159d2-ad03-11df-88bd-000000000000}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\acer\NTUSER.DAT{5c8159d2-ad03-11df-88bd-000000000000}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\acer\NTUSER.DAT{91d0b4f7-5131-11e0-b723-9b1b049193f5}.TM.blf ()
O4 - Startup: C:\Users\acer\NTUSER.DAT{91d0b4f7-5131-11e0-b723-9b1b049193f5}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\acer\NTUSER.DAT{91d0b4f7-5131-11e0-b723-9b1b049193f5}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\acer\NTUSER.DAT{a54e9b43-657f-11df-aab9-f6c50b9d05f2}.TM.blf ()
O4 - Startup: C:\Users\acer\NTUSER.DAT{a54e9b43-657f-11df-aab9-f6c50b9d05f2}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\acer\NTUSER.DAT{a54e9b43-657f-11df-aab9-f6c50b9d05f2}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\acer\ntuser.ini ()
O4 - Startup: C:\Users\acer\OpenP2M-download list ()
O4 - Startup: C:\Users\acer\OpenP2M.cfg ()
O4 - Startup: C:\Users\acer\Oznaczenia jakości filmów - Forum Wielotematyczne Nedds.pl.url ()
O4 - Startup: C:\Users\acer\Pictures [2011-12-28 15:47:50 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\acer\pornBB  View topic - hotwivesandgirlfriends.com.url ()
O4 - Startup: C:\Users\acer\PrintHood [2007-10-04 18:52:39 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\acer\PuzzleCollectionPortable [2011-01-29 10:11:52 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\acer\Recent [2007-10-04 18:52:39 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\acer\Saved Games [2007-10-29 15:26:49 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\acer\Searches [2007-10-29 15:26:50 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\acer\seedowaniepa0.jpg ()
O4 - Startup: C:\Users\acer\SendTo [2007-10-04 18:52:39 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\acer\Szablony [2007-10-04 18:52:39 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\acer\Słownik ENGLISH [2007-10-29 15:26:50 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\acer\Ustawienia lokalne [2007-10-04 18:52:39 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\acer\utorrent.gadget ()
O4 - Startup: C:\Users\acer\webui_v0.310_beta_2.rar ()
O4 - Startup: C:\Users\acer\[Torrentos.com.pl] Amatorki 1200 [2011-11-19 10:42:12 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\.zreglib ()
O4 - Startup: C:\Users\All Users\0F840E29F2.sys ()
O4 - Startup: C:\Users\All Users\AA2DeployClient [2009-06-13 13:21:44 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\AA3DeployClient [2009-11-04 21:08:59 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\ABBYY [2008-11-13 17:03:36 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Adobe [2012-01-13 16:15:29 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\AlawarWrapper [2010-12-11 18:33:35 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\ALLPlayer [2010-08-25 18:11:56 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Apple [2010-12-05 16:56:45 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Apple Computer [2009-07-19 18:30:46 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Application Data [2006-11-02 14:02:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\ArcaBit [2007-12-02 10:16:03 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\ashampoo [2010-09-26 13:47:12 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\ATI [2007-10-04 21:50:35 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Autodesk [2011-02-03 17:20:29 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\AVS4YOU [2010-11-11 19:45:38 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\boost_interprocess [2012-01-22 11:39:18 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\BVRP Software [2010-01-01 16:34:16 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\cfg ()
O4 - Startup: C:\Users\All Users\Corel [2011-10-29 10:18:21 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\CyberLink [2010-12-23 10:15:59 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\DAEMON Tools Lite [2010-03-07 10:51:51 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Dane aplikacji [2007-10-04 18:51:58 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Desktop [2006-11-02 14:02:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Documents [2006-11-02 14:02:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Dokumenty [2007-10-04 18:51:58 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Dr. Tax Light - PIT 2011 [2012-02-06 18:03:53 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\DriverScanner [2012-01-13 15:59:55 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Elaborate Bytes [2008-08-19 08:24:48 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\eMule [2011-11-27 19:24:14 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\ESET [2009-08-23 21:00:03 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\ezsidmv.dat ()
O4 - Startup: C:\Users\All Users\Favorites [2006-11-02 14:02:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\FLEXnet [2011-02-03 18:16:58 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Gadu-Gadu 10 [2010-05-07 12:50:46 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Google [2008-06-11 16:47:45 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\hpzinstall.log ()
O4 - Startup: C:\Users\All Users\InterAction studios [2009-02-15 12:31:56 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\ipla [2009-11-22 18:17:16 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\KGyGaAvL.sys ()
O4 - Startup: C:\Users\All Users\LauncherAccess.dt ()
O4 - Startup: C:\Users\All Users\Lavasoft [2008-07-16 16:28:37 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\leverage.drm.log ()
O4 - Startup: C:\Users\All Users\LGMOBILEAX [2010-11-27 14:00:02 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\LightScribe [2007-11-16 19:28:39 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Locktime [2007-10-30 17:47:20 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Macrovision [2010-05-28 20:29:47 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Malwarebytes [2009-07-15 15:56:41 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Memeo [2008-06-11 15:56:51 | 000,000,000 | --SD | M]
O4 - Startup: C:\Users\All Users\Menu Start [2007-10-04 18:51:58 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Microsoft [2010-10-10 15:27:44 | 000,000,000 | --SD | M]
O4 - Startup: C:\Users\All Users\Microsoft Help [2011-05-21 19:26:20 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\MSScanAppDataDir [2007-10-16 17:27:42 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Nero [2010-05-26 21:38:56 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\NtiDvdCopy [2009-07-12 08:28:33 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\OpenFM [2010-12-27 09:18:21 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\pdf995 [2011-09-25 13:59:22 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Pulpit [2007-10-04 18:51:58 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Raxco [2010-05-27 19:05:09 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Real [2009-09-27 12:05:57 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\SDL [2010-05-29 15:12:54 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Skype [2011-12-25 19:46:11 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Sony Ericsson [2011-12-10 11:43:23 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\SSScanAppDataDir [2008-01-28 16:35:05 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Start Menu [2006-11-02 14:02:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Sun [2010-04-17 12:32:12 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Symantec [2009-08-26 14:02:48 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Szablony [2007-10-04 18:51:58 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\TEMP [2010-11-08 22:21:30 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Templates [2006-11-02 14:02:04 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Trymedia [2009-07-25 20:16:44 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Ulubione [2007-10-04 18:51:58 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Uniblue [2012-01-13 16:34:44 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\VMware [2010-01-24 08:46:14 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\vsosdk [2008-06-22 16:42:27 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\WindowsSearch [2011-06-21 19:18:52 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Wondershare [2010-10-24 16:55:26 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Xerox [2007-10-21 16:05:33 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\{174892B1-CBE7-44F5-86FF-AB555EFD73A3} [2007-06-15 11:30:20 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Default\AppData [2006-11-02 12:18:34 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Users\Default\Application Data [2006-11-02 14:02:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Dane aplikacji [2007-10-04 18:51:58 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Desktop [2006-11-02 11:23:35 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Documents [2007-10-04 18:51:58 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Downloads [2006-11-02 11:23:35 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Favorites [2006-11-02 11:23:35 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Links [2006-11-02 11:23:35 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Local Settings [2006-11-02 14:02:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Menu Start [2007-10-04 18:51:58 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Moje dokumenty [2007-10-04 18:51:58 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Music [2006-11-02 11:23:35 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\My Documents [2006-11-02 14:02:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\NetHood [2006-11-02 14:02:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\NTUSER.DAT ()
O4 - Startup: C:\Users\Default\NTUSER.DAT.LOG ()
O4 - Startup: C:\Users\Default\ntuser.dat.LOG1 ()
O4 - Startup: C:\Users\Default\ntuser.dat.LOG2 ()
O4 - Startup: C:\Users\Default\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf ()
O4 - Startup: C:\Users\Default\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Default\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Default\Pictures [2006-11-02 11:23:35 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\PrintHood [2006-11-02 14:02:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Recent [2006-11-02 14:02:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Saved Games [2006-11-02 11:23:35 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Default\SendTo [2006-11-02 14:02:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Start Menu [2006-11-02 14:02:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Szablony [2007-10-04 18:51:58 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Templates [2006-11-02 14:02:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Ustawienia lokalne [2007-10-04 18:51:58 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Videos [2006-11-02 11:23:35 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\AppData [2009-09-05 08:47:31 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Public\CyberLink [2010-11-08 22:26:10 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Public\Desktop [2012-03-02 19:39:50 | 000,000,000 | RH-D | M]
O4 - Startup: C:\Users\Public\Documents [2011-02-03 17:01:46 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Downloads [2007-10-29 15:26:50 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Favorites [2006-11-02 11:23:35 | 000,000,000 | RH-D | M]
O4 - Startup: C:\Users\Public\Music [2007-10-29 15:26:50 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Pictures [2007-10-29 15:26:50 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Recorded TV [2011-03-19 19:22:53 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Videos [2007-10-29 15:26:50 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\SDLUser\AppData [2006-11-02 12:18:34 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Users\SDLUser\Cookies [2010-05-28 20:45:38 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\SDLUser\Dane aplikacji [2010-05-28 20:45:38 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\SDLUser\Desktop [2006-11-02 11:23:35 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\SDLUser\Documents [2010-05-28 20:45:38 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\SDLUser\Downloads [2006-11-02 11:23:35 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\SDLUser\Favorites [2006-11-02 11:23:35 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\SDLUser\Links [2006-11-02 11:23:35 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\SDLUser\Menu Start [2010-05-28 20:45:38 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\SDLUser\Moje dokumenty [2010-05-28 20:45:38 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\SDLUser\Music [2006-11-02 11:23:35 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\SDLUser\NetHood [2010-05-28 20:45:38 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\SDLUser\NTUSER.DAT ()
O4 - Startup: C:\Users\SDLUser\ntuser.dat.LOG1 ()
O4 - Startup: C:\Users\SDLUser\ntuser.dat.LOG2 ()
O4 - Startup: C:\Users\SDLUser\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf ()
O4 - Startup: C:\Users\SDLUser\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\SDLUser\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\SDLUser\ntuser.ini ()
O4 - Startup: C:\Users\SDLUser\Pictures [2006-11-02 11:23:35 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\SDLUser\PrintHood [2010-05-28 20:45:38 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\SDLUser\Recent [2010-05-28 20:45:38 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\SDLUser\Saved Games [2006-11-02 11:23:35 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\SDLUser\SendTo [2010-05-28 20:45:38 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\SDLUser\Szablony [2010-05-28 20:45:38 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\SDLUser\Ustawienia lokalne [2010-05-28 20:45:38 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\SDLUser\Videos [2006-11-02 11:23:35 | 000,000,000 | R--D | M]
IE - HKLM\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3072253
IE - HKU\S-1-5-21-3494417039-2227282466-2097967848-1003\..\URLSearchHook: {08C06D61-F1F3-4799-86F8-BE1A89362C85} - SOFTWARE\Classes\CLSID\{08C06D61-F1F3-4799-86F8-BE1A89362C85}\InprocServer32 File not found
IE - HKU\S-1-5-21-3494417039-2227282466-2097967848-1003\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
IE - HKU\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = http://www.daemon-search.com/search/web?q={searchTerms}
IE - HKU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3072253
O2 - BHO: (uTorrentControl2 Toolbar) - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (uTorrentControl2 Toolbar) - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
DRV - File not found [Kernel | Auto | Stopped] --  -- (adfs)

:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"TaskMan"=-

:Commands
[emptyflash]
[emptytemp]
[resethosts]

Kliknij w Wykonaj Script. Zapisz raport, który się pokaże.
Pokaż nowy log OTL.txt oraz raport z usuwania.

4) Użyj > MBAM
Przed użyciem zrób ręcznie aktualizację bazy danych wirusów.
Na końcu kliknij na Usuń zaznaczone.
Pokaż raport końcowy.

5) Zrób log z GMER, ale na ustawieniu:
>>gmer>>Rootkit>>zaznacz tylko "Usługi" i "Pokaż wszystko">>Szukaj>

6) Daj log z TDSSKiller >http://searchengines...15 -- post nr 21

Na początek tyle ...

.

#3 mikord

mikord

    Second Rank

  • Użytkownicy +
  • 154 postów

Napisano 04 03 2012 - 18:57

Nie udało mi się wszystkiego wykonać, wykonałem tylko do pewnego momentu.

Ad.1 UsbFix.txt - w załączniku (czemu on się czepia folderów muza albo muzyka?)
Ad.2 Ad-Remover
======= REPORT FROM AD-REMOVER 2.0.0.2,G | ONLY XP/VISTA/7 =======

Updated by TeamXscript on 12/04/11
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
website: http://www.teamxscript.org

C:\Program Files\Ad-Remover\main.exe (CLEAN [1]) -> Launched at 17:25:59 on 04/03/2012, Normal boot

Microsoft® Windows Vista™ Home Premium  Service Pack 1 (X86) 
acer@ACER-PC (Acer TravelMate 5520) 
 
============== ACTION(S) ==============


Folder deleted: C:\Users\acer\AppData\Local\Conduit
Folder deleted: C:\Users\acer\AppData\LocalLow\Conduit
Folder deleted: C:\Program Files\Conduit
Folder deleted: C:\ProgramData\Trymedia

(!) -- Temporary files deleted.


-- File opened: C:\Users\acer\AppData\Roaming\Mozilla\FireFox\Profiles\kel2eua2.default\Prefs.js --
Line deleted: user_pref("CT3072253.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT307... 
Line deleted: user_pref("CT3072253.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT3072253&SearchSource=13"); 
Line deleted: user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT3072253/CT3072253... 
Line deleted: user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1463702/1459356/PL", "\"0\"... 
Line deleted: user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT3072253", ... 
Line deleted: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo... 
Line deleted: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc... 
Line deleted: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo... 
Line deleted: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local... 
Line deleted: user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\... 
Line deleted: user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.9.... 
Line deleted: user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT3072253",... 
Line deleted: user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"cde... 
Line deleted: user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\acer\\AppData\\Roaming\\Mozilla\\Fi... 
Line deleted: user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.9.0.3"); 
Line deleted: user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", ""); 
Line deleted: user_pref("CommunityToolbar.ToolbarsList", "CT3072253"); 
Line deleted: user_pref("CommunityToolbar.ToolbarsList2", "CT3072253"); 
Line deleted: user_pref("CommunityToolbar.ToolbarsList4", "CT3072253"); 
Line deleted: user_pref("CommunityToolbar.globalUserId", "52f7aa4c-b4b0-4286-9cbc-772ead901d7c"); 
Line deleted: user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true); 
Line deleted: user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true); 
Line deleted: user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT3072253"); 
Line deleted: user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Sat Mar 03 2012 12:30:4... 
Line deleted: user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440); 
Line deleted: user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Sat Mar 03 2012 17:35:00 GMT+010... 
Line deleted: user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com"); 
Line deleted: user_pref("CommunityToolbar.notifications.locale", "en"); 
Line deleted: user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440); 
Line deleted: user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Sun Mar 04 2012 12:53:47 GMT+0100"); 
Line deleted: user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611"); 
Line deleted: user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20); 
Line deleted: user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com"); 
Line deleted: user_pref("CommunityToolbar.notifications.showTrayIcon", false); 
Line deleted: user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300); 
Line deleted: user_pref("CommunityToolbar.notifications.userId", "8b33f2fc-1393-4bed-b692-ba62ff77f1e0"); 
Line deleted: user_pref("CommunityToolbar.originalHomepage", "chrome://branding/locale/browserconfig.properties"); 
Line deleted: user_pref("CommunityToolbar.originalSearchEngine", "chrome://browser-region/locale/region.properties... 
-- File closed --
 

Key deleted: HKLM\Software\Classes\Interface\{E5E0A023-3A5B-4F93-9705-2F302440D83C}
Key deleted: HKLM\Software\Classes\Toolbar.CT3072253
Key deleted: HKLM\Software\Conduit
Key deleted: HKLM\Software\PopCap
Key deleted: HKLM\Software\Trymedia Systems
Key deleted: HKCU\Software\AppDataLow\Toolbar
Key deleted: HKCU\Software\AppDataLow\Software\Conduit
Key deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Key deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}


============== ADDITIONNAL SCAN ==============

**** Mozilla Firefox Version [10.0.2 (pl)] ****

HKLM_MozillaPlugins\@parallelgraphics.com/Cortona (x)
HKLM_MozillaPlugins\Adobe Reader (x)
Searchplugins\allegro-pl.xml (hxxp://www.allegro.pl/search.php?string={searchTerms}&sourceid=Mozilla-search)
Searchplugins\fbc-pl.xml (hxxp://fbc.pionier.net.pl/owoc/results)
Searchplugins\merlin-pl.xml (hxxp://www.merlin.com.pl/frontend/search?sourceid=Mozilla-search&fraza={searchTerms}&skad=crhhxmkohb)
Searchplugins\pwn-pl.xml (hxxp://encyklopedia.pwn.pl/szukaj.php?co={searchTerms})
Searchplugins\wikipedia-pl.xml (hxxp://pl.wikipedia.org/wiki/Specjalna:Szukaj)
Searchplugins\wp-pl.xml (hxxp://szukaj.wp.pl/szukaj.html?z=T&r=T&szukaj={searchTerms})
Components\browsercomps.dll (Mozilla Foundation)
Extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} (Skype Click to Call)

-- C:\Users\acer\AppData\Roaming\Mozilla\FireFox\Profiles\kel2eua2.default --
Extensions\{687578b9-7132-4a7a-80e4-30ee31099e03} (uTorrentControl2 Community Toolbar)
Prefs.js - browser.download.lastDir, C:\\Users\\acer\\Desktop
Prefs.js - browser.startup.homepage_override.buildID, 20120215223356
Prefs.js - browser.startup.homepage_override.mstone, rv:10.0.2

========================================

**** Internet Explorer Version [8.0.6001.19019] ****

HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896
HKCU_Main|Start Page - hxxp://fr.msn.com/
HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm
HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Start Page - hxxp://fr.msn.com/
HKCU_URLSearchHooks|{08C06D61-F1F3-4799-86F8-BE1A89362C85} - "Search Class" (x)
HKCU_URLSearchHooks|{687578b9-7132-4a7a-80e4-30ee31099e03} - "uTorrentControl2 Toolbar" (C:\Program Files\uTorrentControl2\prxtbuTor.dll)
HKLM_URLSearchHooks|{687578b9-7132-4a7a-80e4-30ee31099e03} - "uTorrentControl2 Toolbar" (C:\Program Files\uTorrentControl2\prxtbuTor.dll)
HKCU_SearchScopes\{FA2B54E1-3E4D-4817-9F9A-CE467995EEBB} - "Wikipedia (pl)" (hxxp://pl.wikipedia.org/w/index.php?title=Specjalna:Szukaj&search={searchTerms})
HKCU_SearchScopes\{FD1597BB-614E-49ab-8CED-00D06682C79D} - "SpeedBit Search" (hxxp://search.speedbit.com/searchresults.asp?src=default&q={searchTerms})
HKCU_Toolbar\ShellBrowser|{5CBE3B7C-1E47-477E-A7DD-396DB0476E29} (C:\Windows\system32\eDStoolbar.dll)
HKCU_Toolbar\WebBrowser|{5CBE3B7C-1E47-477E-A7DD-396DB0476E29} (C:\Windows\system32\eDStoolbar.dll)
HKCU_Toolbar\WebBrowser|{0D704FAD-66E9-4F0A-BFED-4F665770DDB3} (C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll)
HKCU_Toolbar\WebBrowser|{687578B9-7132-4A7A-80E4-30EE31099E03} (C:\Program Files\uTorrentControl2\prxtbuTor.dll)
HKLM_Toolbar|{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} (C:\Windows\system32\eDStoolbar.dll)
HKLM_Toolbar|{0D704FAD-66E9-4F0A-BFED-4F665770DDB3} (C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll)
HKLM_Toolbar|{687578b9-7132-4a7a-80e4-30ee31099e03} (C:\Program Files\uTorrentControl2\prxtbuTor.dll)
HKLM_ElevationPolicy\{0AA6ABD3-EB78-43C4-A1EA-947B0F4FE375} - C:\Program Files\uTorrentControl2\uTorrentControl2ToolbarHelper.exe (?)
HKLM_ElevationPolicy\{629AD008-31E6-41AC-80A4-1638E2863877} - C:\Users\acer\AppData\Local\Conduit\CT3072253\uTorrentControl2AutoUpdateHelper.exe (x)
HKLM_ElevationPolicy\{70f641fd-9ffc-4d5b-a4dc-962af4ed7999} - C:\Program Files\Internet Explorer\iedw.exe (x)
HKLM_Extensions\{B46B0919-62BA-4D99-A5C4-916B57A6805C} - "?" (?)
HKLM_Extensions\{CCA281CA-C863-46ef-9331-5C8D4460577F} - "@btrez.dll,-4015" (C:\Program Files\WIDCOMM\Bluetooth Software\bt_cold_icon.ico)
BHO\{31FF080D-12A3-439A-A2EF-4BA95A3148E8} - "GetRight IE Download Helper" (C:\Program Files\GetRight\xx2gr.dll)
BHO\{687578b9-7132-4a7a-80e4-30ee31099e03} - "uTorrentControl2 Toolbar" (C:\Program Files\uTorrentControl2\prxtbuTor.dll)
BHO\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - "Skype Browser Helper" (C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll)
BHO\{DF925EF3-7A87-44E4-9CAF-8D7B280BF616} - "IplexToALLPlayer" (C:\PROGRA~1\ALLPLA~1\Iplex\IPLEXT~1.DLL)
BHO\{F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - "IEPluginBHO Class" () (x)

========================================

C:\Program Files\Ad-Remover\Quarantine: 24 File(s)
C:\Program Files\Ad-Remover\Backup: 16 File(s)

C:\Ad-Report-CLEAN[1].txt - 04/03/2012 17:26:14 (10096 Byte(s)) 

End at: 17:27:39, 04/03/2012 
 
============== E.O.F ============== 

Ad.3 Wkleiłem ->Wykonaj skrypt i program pracował ok. godziny (czarne tło tylko okienko OTL).
Potem wykoczył komunikat taki jak na wklejonym przezemnie wyżej screnie, dałem OK - OTL się zamknął. Po resecie czarne ekran. Uruchomiłem menadżera zadań i uruchomiłem explorera. W procesach był czynny OTL ale nic się nie działo. Jeszcze raz zresetowałem komputer. Wszystko ok, uruchamiam OTL - nie pojawia się żadne okno. Ale w procesach widnieje OTL. Dalej nie kombinowałem daje co do tej pory udało mi się wykonać.

Załączone pliki

  • Załączony plik  UsbFix.txt   26,75 KB   119 Ilość pobrań


#4 wirusolog

wirusolog

    Expert

  • Moderatorzy
  • 5774 postów
  • Płeć:Mężczyzna

Napisano 04 03 2012 - 21:48

No cóż, skoro nie ma nowego logu z OTL, to nawet nie mogę ocenić, czy infekcja jeszcze jest widzialna w logu.

W takim razie już na nic się tu nie przydam.


.

#5 mikord

mikord

    Second Rank

  • Użytkownicy +
  • 154 postów

Napisano 05 03 2012 - 19:48

Prubowałem uruchomić OTL-a w trybie awaryjnym ale z tym samym skutkiem (okienko się nie pojawia ale w menadżrze proces widniej).
Da się coś na to poradzić? Albo jakimś innym programem wykonać skrypty?

Wykonać punkty 4, 5 i 6?

#6 wirusolog

wirusolog

    Expert

  • Moderatorzy
  • 5774 postów
  • Płeć:Mężczyzna

Napisano 05 03 2012 - 21:04

Wykonać punkty 4, 5 i 6?

możesz wykonać

Daj też logi z RSIT >http://searchengines...142#entry626142 - zobaczymy, czy Script coś usunął, czy nic.

.

#7 mikord

mikord

    Second Rank

  • Użytkownicy +
  • 154 postów

Napisano 06 03 2012 - 19:51

Ad. 4
http://wklej.org/id/703476/

Ad. 5
http://wklej.org/id/703485/

Ad. 6
http://wklej.org/id/703487/

logi z RSIT
http://wklej.org/id/703489/
http://wklej.org/id/703490/

#8 wirusolog

wirusolog

    Expert

  • Moderatorzy
  • 5774 postów
  • Płeć:Mężczyzna

Napisano 06 03 2012 - 21:24

Wygląda na to, że Script OTL usunął, co miał usunąć.

Uruchom GMER >
Rozwiń>>>zakładka CMD>>zaznacz CMD ---w górne czarne pole wklej to:

0bi8by0s -del service cpuvis
0bi8by0s -reboot

Kliknij „Uruchom” z prawej strony. Komputer powinien się samoczynnie wyłączyć i włączyć.

W USBFix kliknij na przycisk UNINSTALL.

W OTL kliknij na przycisk Sprzątanie - to go usunie razem z jego Kwarantanną.

Usuń kopie szkodników z folderu "System Volume Information" poprzez chwilowe wyłączenie "Przywracania Systemu" wg >http://searchengines...mu-t141981.html

Czy zamknąć temat?


.

#9 mikord

mikord

    Second Rank

  • Użytkownicy +
  • 154 postów

Napisano 07 03 2012 - 19:53

Mam jeszcze tylko 2 pytania, co to za infekcja service cpuvis?
Jaki może być powód że OTL uruchamia się (proces) ale żadne okno nie jest widoczne, czy coś można z tym zrobić?

Temat do zamknięcia.

Dziękuje

#10 wirusolog

wirusolog

    Expert

  • Moderatorzy
  • 5774 postów
  • Płeć:Mężczyzna

Napisano 07 03 2012 - 19:57

"cpuvis" to Rootkit sprzężony z jedną infekcją.
Tej infekcji co prawda w logach nie widzę, ale to nie powód, by nie usuwać Rootkita.


OTL uruchamia się (proces) ale żadne okno nie jest widoczne, czy coś można z tym zrobić?

Nie wiem, dlaczego u Ciebie tak się dzieje.

Temat do zamknięcia.

Temat zostanie zamknięty.

.

#11 mikord

mikord

    Second Rank

  • Użytkownicy +
  • 154 postów

Napisano 07 03 2012 - 20:23

A chwila, bo coś się stało. Usunołem ręcznie katalog _OTL. Zresetowałem komputer a po włączniu znikły mi wszystkie ikony z paska szybkiego uruchomienia.

#12 wirusolog

wirusolog

    Expert

  • Moderatorzy
  • 5774 postów
  • Płeć:Mężczyzna

Napisano 07 03 2012 - 21:47

Może wystarczy ponowny restart?

.

#13 mikord

mikord

    Second Rank

  • Użytkownicy +
  • 154 postów

Napisano 08 03 2012 - 08:10

Nie wystarczył.
Prubowałem odzyskać folder _OTL programem easyrecovery ale w połowie wyskakuje błąd i program się zamyka.

#14 wirusolog

wirusolog

    Expert

  • Moderatorzy
  • 5774 postów
  • Płeć:Mężczyzna

Napisano 08 03 2012 - 09:55

Nie mam VISTY, więc zgłoszę Moderatorom, by przesunęli temat do działu http://searchengines...Vista-f156.html
Może tam znajdzie się ktoś, kto poda Ci prawidłowe wartości klucza:
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Streams\Desktop]
"TaskbarWinXP"=hex:



.




Użytkownicy przeglądający ten temat: 0

0 użytkowników, 0 gości, 0 anonimowych