Wirus - your computer is infected

[17rafal]

siemanko, pojawił mi sie bialy krzyzyk na czerwonym tle kolo zegara, użyłem SmitfraudFix ale nic nie dalo, wiec daje loga z rsit

Kod: Zaznacz wszystko

Logfile of random's system information tool 1.06 (written by random/random)
Run by Rafal at 2009-10-25 10:42:20
Microsoft Windows XP Professional Dodatek Service Pack 3
System drive C: has 2 GB (12%) free of 15 GB
Total RAM: 511 MB (23% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:43:34, on 2009-10-25
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\PnkBstrA.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\PC Tools AntiVirus\PCTAV.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\Temp\wpv821255703227.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AutoConnect\AutoConnect.exe
C:\Program Files\Messenger\msmsgs.exe
H:\Picasa2\PicasaMediaDetector.exe
C:\Program Files\ipla\ipla.exe
C:\WINDOWS\system32\restorer64_a.exe
C:\Documents and Settings\Rafal\Dane aplikacji\seres.exe
C:\Documents and Settings\Rafal\Dane aplikacji\svcst.exe
C:\Documents and Settings\Rafal\restorer64_a.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Rafal\Pulpit\RSIT.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\trend micro\Rafal.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe rundll32.exe cpcp.cpo bef0regiiav
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - E:\Program Files\BitComet\tools\BitCometBHO_1.1.2.7.dll
O2 - BHO: MEGAUPLOADTOOLBAR - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: MEGAUPLOADTOOLBAR - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 -lock
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [PCTAVApp] "C:\Program Files\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini
O4 - HKLM\..\Run: [Onet.pl AutoUpdate] "C:\Program Files\Common Files\Onet.pl\NewAutoUpdate.exe" /updateexe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [sysgif32] C:\WINDOWS\Temp\wpv821255703227.exe
O4 - HKLM\..\Run: [restorer64_a] C:\WINDOWS\system32\restorer64_a.exe
O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe
O4 - HKLM\..\Run: [Antivirus Pro 2010] "C:\Program Files\AntivirusPro_2010\AntivirusPro_2010.exe" /hide
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AutoConnect] C:\Program Files\AutoConnect\AutoConnect.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Picasa Media Detector] H:\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [IPLA!] C:\Program Files\ipla\ipla.exe /autorun
O4 - HKCU\..\Run: [restorer64_a] C:\Documents and Settings\Rafal\restorer64_a.exe
O4 - HKCU\..\Run: [mserv] C:\Documents and Settings\Rafal\Dane aplikacji\seres.exe
O4 - HKCU\..\Run: [svchost] C:\Documents and Settings\Rafal\Dane aplikacji\svcst.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) )" -"http://www.intel.com/personal/computing/emea/pol/racing/index.html?iid=gg_about-PL+intel_aboutintel"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: zavupd32.exe
O8 - Extra context menu item: Download all links using BitComet - res://E:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://E:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://E:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://E:\Programy\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\Programy\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {4B4513E2-4E57-43DF-9496-FCD37E9DFA64} (GameDesire Sea Battle) - http://download.gamedesire.com/g_bin/pl/navy_2_0_0_29.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {631FF594-EC25-4CFF-B869-402DF294E1D6} (Instalator oprogramowania Onet.pl) - http://slimak.onet.pl/_m/kamerzysta/OnetInstalator012s.ocx
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BFA1F11D-3121-AFE1-4112-894323212DAC} (GameDesire Word Games) - http://download.gamedesire.com/g_bin/pl/words_2_0_0_51.cab
O16 - DPF: {E95CF138-A587-4C54-8175-3AD80997CB14} (GameDesire Soccer) - http://download.gamedesire.com/g_bin/pl/soccer_2_0_0_20.cab
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} (GameDesire Snooker) - http://download.gamedesire.com/g_bin/pl/snooker_2_0_0_35.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3980F47C-DED6-4F68-8178-5F1D94423FA7}: NameServer = 194.204.159.1 217.98.63.164
O23 - Service: ABBYY FineReader 9.0 PE Licensing Service (ABBYY.Licensing.FineReader.Professional.9.0) - ABBYY (BIT Software) - C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: CreateProcess Service (CreateProcess) - Unknown owner - C:\WINDOWS\system\svchost.exe (file missing)
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: PC Tools AntiVirus Engine (PCTAVSvc) - PC Tools Research Pty Ltd - C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\System32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Media (wmplayer) - Unknown owner - C:\WINDOWS\System32\wmplayer.exe (file missing)

--
End of file - 11757 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}]
BitComet Helper - E:\Program Files\BitComet\tools\BitCometBHO_1.1.2.7.dll [2007-02-08 158272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}]
MEGAUPLOADTOOLBAR - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL [2007-08-05 1933256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll [2008-02-22 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - MEGAUPLOADTOOLBAR - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL [2007-08-05 1933256]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2004-07-27 68096]
"ATICCC"=C:\Program Files\ATI Technologies\ATI.ACE\cli.exe [2004-11-25 32768]
"DAEMON Tools-1033"=C:\Program Files\D-Tools\daemon.exe [2004-08-22 81920]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe [2008-02-22 144784]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2004-11-24 344064]
"PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE [2007-08-07 200704]
"PCTAVApp"=C:\Program Files\PC Tools AntiVirus\PCTAV.exe [2007-09-26 1082664]
"BrMfcWnd"=C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [2007-03-12 663552]
"ControlCenter3"=C:\Program Files\Brother\ControlCenter3\brctrcen.exe [2007-01-26 65536]
"SSBkgdUpdate"=C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-10-25 210472]
"PaperPort PTD"=C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [2007-01-29 30248]
"IndexSearch"=C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [2007-01-29 46632]
"PPort11reminder"=C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe [2007-02-01 255528]
"Onet.pl AutoUpdate"=C:\Program Files\Common Files\Onet.pl\NewAutoUpdate.exe /updateexe []
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
"sysgif32"=C:\WINDOWS\Temp\wpv821255703227.exe [2009-10-23 21504]
"restorer64_a"=C:\WINDOWS\system32\restorer64_a.exe [2009-10-23 58729]
"Regedit32"=C:\WINDOWS\system32\regedit.exe []
"Antivirus Pro 2010"=C:\Program Files\AntivirusPro_2010\AntivirusPro_2010.exe /hide []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"AutoConnect"=C:\Program Files\AutoConnect\AutoConnect.exe [2006-12-03 310784]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"Picasa Media Detector"=H:\Picasa2\PicasaMediaDetector.exe [2008-08-21 443968]
"IPLA!"=C:\Program Files\ipla\ipla.exe [2009-09-01 4726168]
"restorer64_a"=C:\Documents and Settings\Rafal\restorer64_a.exe [2009-10-23 58729]
"mserv"=C:\Documents and Settings\Rafal\Dane aplikacji\seres.exe [2009-10-23 44032]
"svchost"=C:\Documents and Settings\Rafal\Dane aplikacji\svcst.exe [2009-10-23 44032]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"=C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE [2008-08-06 447928]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe [2008-09-26 2356088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Name of App]
C:\Program Files\SAMSUNG\FW LiveUpdate\FWManager.exe [2007-04-05 684118]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [2006-11-24 487424]

C:\Documents and Settings\Rafal\Menu Start\Programy\Autostart
zavupd32.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2004-11-24 94208]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PCTAVSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0
"ForceClassicControlPanel"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\PROGRA~1\Wapster\AQQ\AQQ.exe"="C:\PROGRA~1\Wapster\AQQ\AQQ.exe:*:Enabled:P2P AQQ"
"C:\Program Files\Wapster\AQQ\AQQ.exe"="C:\Program Files\Wapster\AQQ\AQQ.exe:*:Enabled:P2P AQQ"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"E:\Programy\Gadu-Gadu\gg.exe"="E:\Programy\Gadu-Gadu\gg.exe:*:Enabled:Gadu-Gadu - program główny"
"E:\WapSter AQQ\AQQ.exe"="E:\WapSter AQQ\AQQ.exe:*:Enabled:AQQ"
"E:\Program Files\BitComet\BitComet.exe"="E:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"E:\Programy\eMule\emule.exe"="E:\Programy\eMule\emule.exe:*:Enabled:eMule"
"C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe"="C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe:*:Enabled:Nero Home"
"E:\Programy\LimeWire\LimeWire.exe"="E:\Programy\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\WINDOWS\Temp\wpv821255703227.exe"="C:\WINDOWS\Temp\wpv821255703227.exe:*:Enabled:services"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a765df54-d8fc-11dd-8714-4d6564696130}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL explore.exe


======List of files/folders created in the last 1 months======

2009-10-25 10:42:20 ----D---- C:\rsit
2009-10-25 10:29:00 ----A---- C:\WINDOWS\ebaxubuno.dll
2009-10-25 10:29:00 ----A---- C:\Documents and Settings\Rafal\Dane aplikacji\serezed.exe
2009-10-25 10:28:59 ----A---- C:\WINDOWS\xatawa.dll
2009-10-25 10:28:59 ----A---- C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\dabozubi.bat
2009-10-25 00:51:18 ----A---- C:\WINDOWS\system32\tmp.txt
2009-10-25 00:51:10 ----A---- C:\rapport.txt
2009-10-25 00:50:59 ----A---- C:\WINDOWS\system32\WS2Fix.exe
2009-10-25 00:50:59 ----A---- C:\WINDOWS\system32\VCCLSID.exe
2009-10-25 00:50:59 ----A---- C:\WINDOWS\system32\VACFix.exe
2009-10-25 00:50:59 ----A---- C:\WINDOWS\system32\swxcacls.exe
2009-10-25 00:50:59 ----A---- C:\WINDOWS\system32\swsc.exe
2009-10-25 00:50:59 ----A---- C:\WINDOWS\system32\swreg.exe
2009-10-25 00:50:59 ----A---- C:\WINDOWS\system32\SrchSTS.exe
2009-10-25 00:50:59 ----A---- C:\WINDOWS\system32\Process.exe
2009-10-25 00:50:59 ----A---- C:\WINDOWS\system32\o4Patch.exe
2009-10-25 00:50:59 ----A---- C:\WINDOWS\system32\IEDFix.exe
2009-10-25 00:50:59 ----A---- C:\WINDOWS\system32\IEDFix.C.exe
2009-10-25 00:50:59 ----A---- C:\WINDOWS\system32\dumphive.exe
2009-10-25 00:50:59 ----A---- C:\WINDOWS\system32\Agent.OMZ.Fix.exe
2009-10-25 00:50:59 ----A---- C:\WINDOWS\system32\404Fix.exe
2009-10-25 00:50:11 ----A---- C:\WINDOWS\ntbtlog.txt
2009-10-24 11:38:35 ----D---- C:\ERDNT
2009-10-23 21:59:37 ----A---- C:\Documents and Settings\Rafal\Dane aplikacji\lizkavd.exe
2009-10-23 21:59:28 ----A---- C:\Documents and Settings\Rafal\Dane aplikacji\svcst.exe
2009-10-23 21:59:27 ----A---- C:\Documents and Settings\Rafal\Dane aplikacji\seres.exe
2009-10-23 21:59:10 ----A---- C:\WINDOWS\system32\restorer64_a.exe

======List of files/folders modified in the last 1 months======

2009-10-25 10:43:34 ----D---- C:\Program Files\Trend Micro
2009-10-25 10:41:21 ----D---- C:\Program Files\Mozilla Firefox
2009-10-25 10:41:04 ----D---- C:\Documents and Settings\Rafal\Dane aplikacji\MegauploadToolbar
2009-10-25 10:40:00 ----D---- C:\WINDOWS\temp
2009-10-25 10:39:40 ----AD---- C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\TEMP
2009-10-25 10:39:20 ----D---- C:\Documents and Settings\Rafal\Dane aplikacji\ipla
2009-10-25 10:39:18 ----D---- C:\Program Files\AutoConnect
2009-10-25 10:39:17 ----D---- C:\Program Files\PC Tools AntiVirus
2009-10-25 10:39:06 ----D---- C:\WINDOWS
2009-10-25 10:37:46 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-10-25 10:32:45 ----RD---- C:\Program Files
2009-10-25 10:29:00 ----D---- C:\Program Files\Common Files
2009-10-25 10:28:59 ----D---- C:\WINDOWS\system32
2009-10-25 10:22:27 ----D---- C:\Program Files\Eurobarre
2009-10-25 10:16:31 ----HD---- C:\WINDOWS\inf
2009-10-25 10:15:44 ----D---- C:\WINDOWS\system32\CatRoot2
2009-10-25 10:13:32 ----HD---- C:\WINDOWS\$hf_mig$
2009-10-25 09:33:18 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-10-25 09:31:26 ----D---- C:\WINDOWS\system32\CatRoot
2009-10-25 09:29:42 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-10-25 00:59:27 ----D---- C:\WINDOWS\Help
2009-10-25 00:51:17 ----D---- C:\WINDOWS\system
2009-10-25 00:28:57 ----D---- C:\Documents and Settings\Rafal\Dane aplikacji\OpenOffice.org2
2009-10-23 21:59:27 ----D---- C:\WINDOWS\Prefetch
2009-10-19 20:50:18 ----D---- C:\Program Files\Opera
2009-10-01 09:16:14 ----D---- C:\Documents and Settings\Rafal\Dane aplikacji\Kamerzysta
2009-09-26 09:16:09 ----D---- C:\Documents and Settings\Rafal\Dane aplikacji\EurekaLog

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2007-08-07 33052]
R1 WS2IFSL;Środowisko wspomagające dostawcę usług innych niż IFS - Windows Socket 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-17 12032]
R2 AVFilter;AVFilter; C:\WINDOWS\system32\drivers\AVFilter.sys [2007-09-17 15872]
R3 adiusbaw;USB ADSL WAN Adapter; C:\WINDOWS\System32\DRIVERS\adiusbaw.sys [2004-03-02 127065]
R3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2004-02-24 400384]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-08-02 635281]
R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2004-11-24 872960]
R3 AVHook;AVHook; C:\WINDOWS\system32\drivers\AVHook.sys [2007-09-17 22528]
R3 AVRec;AVRec; C:\WINDOWS\system32\drivers\AVRec.sys [2007-09-17 15872]
R3 BTKRNL;Licznik magistrali Bluetooth; C:\WINDOWS\System32\DRIVERS\btkrnl.sys [2005-08-29 853258]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2001-08-17 5888]
R3 usbehci;Sterownik Miniport rozszerzonego kontrolera hosta USB 2.0 Microsoft; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Standardowy sterownik koncentratora USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbohci;Sterownik Miniport otwartego kontrolera hosta USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-14 17152]
S1 kbdhid;Sterownik klawiatury HID; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2008-04-14 14720]
S2 ADILOADER;General Purpose USB Driver (adildr.sys); C:\WINDOWS\System32\Drivers\adildr.sys [2004-03-02 50007]
S3 ATE_PROCMON;ATE_PROCMON; \??\C:\Program Files\Anti Trojan Elite\ATEPMon.sys []
S3 AvFlt;Antivirus Filter Driver; C:\WINDOWS\system32\drivers\av5flt.sys []
S3 BrScnUsb;Brother USB Still Image driver; C:\WINDOWS\System32\DRIVERS\BrScnUsb.sys [2004-10-15 15295]
S3 btaudio;Urządzenie dźwiękowe Bluetooth; C:\WINDOWS\system32\drivers\btaudio.sys [2005-08-29 428269]
S3 BTDriver;Sterownik do komunikacji wirtualnej Bluetooth; C:\WINDOWS\System32\DRIVERS\btport.sys [2005-08-29 30363]
S3 BTWDNDIS;Serwer dostępu do sieci LAN Bluetooth; C:\WINDOWS\System32\DRIVERS\btwdndis.sys [2005-08-29 148360]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2005-08-29 64344]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 EagleNT;EagleNT; \??\C:\WINDOWS\System32\drivers\EagleNT.sys []
S3 ENTECH;ENTECH; \??\C:\WINDOWS\System32\DRIVERS\ENTECH.sys []
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\System32\DRIVERS\hamachi.sys [2007-01-30 17480]
S3 HidUsb;Sterownik Microsoft klasy HID; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-14 10368]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [2004-12-15 51120]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [2004-12-15 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [2005-10-22 21568]
S3 LwAdiHid;Urządzenia cyfrowe Logitech WingMan (autowykrywanie); C:\WINDOWS\System32\DRIVERS\LwAdiHid.sys [2002-08-28 20864]
S3 mouhid;Sterownik myszy HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-10-26 12160]
S3 SE27bus;Sony Ericsson Device 039 Driver driver (WDM); C:\WINDOWS\System32\DRIVERS\SE27bus.sys [2006-09-18 61600]
S3 SE27mdfl;Sony Ericsson Device 039 USB WMC Modem Filter; C:\WINDOWS\System32\DRIVERS\SE27mdfl.sys [2006-09-18 9360]
S3 SE27mdm;Sony Ericsson Device 039 USB WMC Modem Driver; C:\WINDOWS\System32\DRIVERS\SE27mdm.sys [2006-09-18 97184]
S3 SE27mgmt;Sony Ericsson Device 039 USB WMC Device Management Drivers (WDM); C:\WINDOWS\System32\DRIVERS\SE27mgmt.sys [2006-09-18 88688]
S3 se27nd5;Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (NDIS); C:\WINDOWS\System32\DRIVERS\se27nd5.sys [2006-09-18 18704]
S3 SE27obex;Sony Ericsson Device 039 USB WMC OBEX Interface; C:\WINDOWS\System32\DRIVERS\SE27obex.sys [2006-09-18 86560]
S3 se27unic;Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (WDM); C:\WINDOWS\System32\DRIVERS\se27unic.sys [2006-09-18 90800]
S3 ss_bus;Samsung Mobile USB Device 1.0 driver (WDM); C:\WINDOWS\System32\DRIVERS\ss_bus.sys [2005-01-24 52384]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter; C:\WINDOWS\System32\DRIVERS\ss_mdfl.sys [2005-01-24 6064]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers; C:\WINDOWS\System32\DRIVERS\ss_mdm.sys [2005-01-24 84512]
S3 usbbus;LGE Mobile Composite USB Device; C:\WINDOWS\System32\DRIVERS\lgusbbus.sys [2007-07-11 12416]
S3 usbccgp;Rodzajowy sterownik nadrzędny USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 UsbDiag;LGE Mobile USB Serial Port; C:\WINDOWS\System32\DRIVERS\lgusbdiag.sys [2007-07-11 19840]
S3 USBModem;LGE Mobile USB Modem; C:\WINDOWS\System32\DRIVERS\lgusbmodem.sys [2007-07-11 21632]
S3 usbprint;Klasa PRINTER USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;Sterownik skanera USB; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 USBSTOR;Sterownik magazynu masowego USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service; C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [2007-12-06 660768]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\System32\Ati2evxx.exe [2004-11-24 425984]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2005-08-29 266295]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance; C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe [2004-12-13 65536]
R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2002-08-15 299008]
R2 MSSQL$INSERTGT;SQL Server (INSERTGT); C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2007-02-10 29178224]
R2 PCTAVSvc;PC Tools AntiVirus Engine; C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe [2007-10-02 750928]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\HPZipm12.exe [2004-09-29 69632]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\System32\PnkBstrA.exe [2007-12-06 66872]
R2 SQLBrowser;SQL Server Browser; C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2007-02-10 242544]
R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2007-02-10 89968]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\System32\wdfmgr.exe [2005-01-28 38912]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance; C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe [2004-12-13 1527893]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2004-11-24 516096]
S2 CreateProcess;CreateProcess Service; C:\WINDOWS\system\svchost.exe []
S2 wmplayer;Media; C:\WINDOWS\System32\wmplayer.exe []
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2006-07-19 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2007-10-25 77944]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-04 136120]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-08-08 208896]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2007-03-26 292864]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2005-10-14 45272]

-----------------EOF-----------------


[wojtas]

Daj loga z combofixa ale zainstaluj wraz z nim konsolę odzyskiwania ( instrukcja programu )

[17rafal]

http://wklej.org/id/185230/ log z combo

[wojtas]

Otworz notatnik i wklej w nim to:

File::
c:\documents and settings\Rafal\restorer64_a.exe
c:\windows\system32\restorer64_a.exe
c:\documents and settings\Rafal\Menu Start\Programy\Autostart\zavupd32.exe

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"restorer64_a"=-
"mserv"=-
"svchost"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"restorer64_a"=-
"sysgif32"=-

>>Plik>>Zapisz jako... >>> CFScript
Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe
-->
Rozpocznie się usuwanie i powstanie log daj go.

[17rafal]

Kod: Zaznacz wszystko

http://wklej.org/id/185895/

[wojtas]

Otworz notatnik i wklej w nim to:

File::
c:\windows\system32\burid.dat
c:\windows\system32\ufadipajoq.dat
c:\windows\system32\ahap.dat

>>Plik>>Zapisz jako... >>> CFScript
Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe
-->
Rozpocznie się usuwanie i powstanie log daj go.

[17rafal]

http://wklej.org/id/186825/

[wojtas]

2. wykonaj optymalizację windowsa
3.Wyłącz przywracanie systemu ( właściwości mój komputer-zakładka przywracanie - wyłącz przywracanie na wszystkich dyskach). Po chwili włącz je powrotem]
4. zrób skan Malwarebytes Anti-Malware (usuń co znajdzie )

[17rafal]

daje loga z tego co wyszlo

Kod: Zaznacz wszystko

Malwarebytes' Anti-Malware 1.41
Wersja bazy definicji: 2775
Windows 5.1.2600 Dodatek Service Pack 3

2009-10-28 18:35:42
mbam-log-2009-10-28 (18-35-42).txt

Typ skanowania: Szybkie skanowanie
Przeskanowane obiekty: 154124
Upłynęło: 31 minute(s), 22 second(s)

Zainfekowane procesy w pamięci: 0
Zainfekowane moduły pamięci: 0
Zainfekowane klucze rejestru: 12
Zainfekowane wartości rejestru: 0
Zainfekowane pliki rejestru: 1
Zainfekowane foldery: 0
Zainfekowane pliki: 1

Zainfekowane procesy w pamięci:
(Nie wykryto groźnych plików)

Zainfekowane moduły pamięci:
(Nie wykryto groźnych plików)

Zainfekowane klucze rejestru:
HKEY_CLASSES_ROOT\alewinsecure.winsecure (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\alewinsecure.winsecure.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\sampletrack.aletrack (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\sampletrack.aletrack.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1d2cc793-b043-4dd2-a52c-3d9ade61bbbd} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7be6b643-6201-4cf7-b8b1-d79ffae57cba} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{a93a1ba9-9ee8-469f-a9fe-fd1c26700bda} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a1789eb6-b263-4bd6-8830-d3daaf78949a} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{58696980-c6b3-4ad2-ab53-718f1c3c57ca} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{97641909-2311-4513-8581-f5c84b3f05f2} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\AleWinSecure.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\VAV (Rogue.VistaAntiVirus2008) -> Quarantined and deleted successfully.

Zainfekowane wartości rejestru:
(Nie wykryto groźnych plików)

Zainfekowane pliki rejestru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Zainfekowane foldery:
(Nie wykryto groźnych plików)

Zainfekowane pliki:
C:\Documents and Settings\Rafal\Pulpit\ECBarre_V_01.exe (Rogue.Installer) -> Quarantined and deleted successfully.


[wojtas]

juz powinno być ok

Autor postu otrzymał pochwałę

[17rafal]

Ok dzieki