Zlob.dnschanger - proszę o pomoc (załączam log z rsita)

[pavao]

Dzień dobry!
Moim problemem jest dobrze już znany tytułowy zlob.DNSchanger. Próbowałem prostych metod usuwania, ale oczywiście nadaremnie. Przeglądnąłem też kilka forów w poszukiwaniu sposobu, ale żaden z nich nie zadziałał.
Mój system to Windows Vista Home. W lokalnej sieci powinniśmy używać w Tcp/ipv4 automatycznego przydzielania DNS. Jednak kiedy pojawił się w sieci zlob.DNSchanger i przypisywał porty 85.255.112.36 i 85.255.112.41, co uniemożliwiało przeglądanie www, administratorzy podali nam zastępczy DNS 193.198.8.211. Przez kilka dni www chodziło na tym adresie, ale potem znowu padło. Innym użytkownikom działa, tylko nie mi i jeszcze paru osobom. Nie udało mi się, jak już wspomniałem, wyeliminować Zloba. Pomimo kilkukrotnego usuwania różnymi programami (także w trybie awaryjnym) zainfekowanych wpisów w rejestrze, problem pojawia się na nowo, a www dalej nie chodzi (mimo, że wpisany jest ręcznie inny adres DNS). Z góry dziękuję za pomoc.
Poniżej wklejam log RSITa:

Kod: Zaznacz wszystko

Logfile of random's system information tool 1.05 (written by random/random)
Run by Paweł at 2009-01-28 17:23:32
Microsoft® Windows Vista™ Home Premium 
System drive C: has 166 GB (85%) free of 195 GB
Total RAM: 3070 MB (64% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:23:33, on 2009-01-28
Platform: Windows Vista  (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16764)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\RtHDVCpl.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\ProgramData\fsc-reg\fscreg.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
D:\paweł\Miranda IM\miranda32.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\conime.exe
C:\Windows\Explorer.exe
C:\Windows\system32\notepad.exe
C:\Windows\NOTEPAD.EXE
C:\Windows\helppane.exe
C:\Windows\system32\mstsc.exe
C:\Users\Paweł\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Paweł.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [StartCCC] "c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [recinfo642] c:\RecInfo\RecInfo.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [CafeNews] C:\Program Files\CafeNews\CN.exe /autostart
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKCU\..\Run: [fsc-reg] C:\ProgramData\fsc-reg\fscreg.exe 20081227
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Subskrybuj w Cafe News - C:\Program Files\CafeNews\addFeed.htm
O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0416E862-C9D6-43FF-8A8D-4168D8740C35}: NameServer = 193.198.8.211
O17 - HKLM\System\CS1\Services\Tcpip\..\{0416E862-C9D6-43FF-8A8D-4168D8740C35}: NameServer = 193.198.8.211
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe

--
End of file - 7177 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Google Software Updater.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-09-23 1088296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2008-10-06 455960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-10 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-10-06 2055960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll [2009-01-18 657904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-10 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-10-06 2055960]
{E0E899AB-F487-11D5-8D29-0050BA6940E3}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-04-10 4431872]
"recinfo642"=c:\RecInfo\RecInfo.exe [2007-10-23 2764800]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-02-26 153136]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-11-27 1261336]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-10 136600]
"CafeNews"=C:\Program Files\CafeNews\CN.exe [2008-07-22 1228800]
"TrojanScanner"=C:\Program Files\Trojan Remover\Trjscan.exe [2009-01-01 1231752]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"fsc-reg"=C:\ProgramData\fsc-reg\fscreg.exe [2007-11-16 234256]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe

C:\Users\Paweł\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="G"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 1 months======

2009-01-28 17:19:30 ----D---- C:\rsit
2009-01-28 17:07:16 ----D---- C:\Windows\temp
2009-01-28 17:07:15 ----A---- C:\ComboFix.txt
2009-01-28 17:04:25 ----A---- C:\Windows\PSEXESVC.EXE
2009-01-28 17:03:03 ----D---- C:\Qoobox
2009-01-28 17:03:03 ----D---- C:\ComboFix
2009-01-28 13:42:52 ----A---- C:\Windows\system32\ztvunace26.dll
2009-01-28 13:42:51 ----A---- C:\Windows\system32\ztvunrar36.dll
2009-01-28 13:42:51 ----A---- C:\Windows\system32\ztvcabinet.dll
2009-01-28 13:42:51 ----A---- C:\Windows\system32\UNRAR3.dll
2009-01-28 13:42:50 ----D---- C:\Users\Paweł\AppData\Roaming\Simply Super Software
2009-01-28 13:42:50 ----D---- C:\ProgramData\Simply Super Software
2009-01-28 13:42:50 ----D---- C:\Program Files\Trojan Remover
2009-01-28 12:13:21 ----A---- C:\Windows\ntbtlog.txt
2009-01-28 12:11:15 ----D---- C:\Users\Paweł\AppData\Roaming\Malwarebytes
2009-01-28 12:11:09 ----D---- C:\ProgramData\Malwarebytes
2009-01-28 12:11:09 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-01-27 14:08:54 ----D---- C:\Program Files\CCleaner
2009-01-27 13:57:28 ----D---- C:\ProgramData\SUPERAntiSpyware.com
2009-01-27 13:57:21 ----D---- C:\Users\Paweł\AppData\Roaming\SUPERAntiSpyware.com
2009-01-27 13:57:21 ----D---- C:\Program Files\SUPERAntiSpyware
2009-01-27 13:56:54 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-01-27 13:47:31 ----D---- C:\fixwareout
2009-01-21 16:40:28 ----D---- C:\Users\Paweł\AppData\Roaming\Ashampoo
2009-01-21 16:40:22 ----D---- C:\ProgramData\ashampoo
2009-01-21 16:39:59 ----D---- C:\Program Files\Ashampoo
2009-01-21 02:22:59 ----A---- C:\Windows\zip.exe
2009-01-21 02:22:59 ----A---- C:\Windows\VFIND.exe
2009-01-21 02:22:59 ----A---- C:\Windows\SWXCACLS.exe
2009-01-21 02:22:59 ----A---- C:\Windows\SWSC.exe
2009-01-21 02:22:59 ----A---- C:\Windows\SWREG.exe
2009-01-21 02:22:59 ----A---- C:\Windows\sed.exe
2009-01-21 02:22:59 ----A---- C:\Windows\NIRCMD.exe
2009-01-21 02:22:59 ----A---- C:\Windows\grep.exe
2009-01-21 02:22:59 ----A---- C:\Windows\fdsv.exe
2009-01-21 02:22:50 ----D---- C:\Windows\ERDNT
2009-01-21 02:11:51 ----D---- C:\Program Files\Trend Micro
2009-01-18 23:17:49 ----D---- C:\Users\Paweł\AppData\Roaming\VoipCheapCom
2009-01-18 23:16:01 ----D---- C:\Program Files\VoipCheapCom
2009-01-18 17:59:50 ----D---- C:\ProgramData\Google Updater
2009-01-18 17:10:46 ----D---- C:\Program Files\Macromedia
2009-01-18 00:59:29 ----D---- C:\Program Files\a-squared Free
2009-01-18 00:47:08 ----AD---- C:\ProgramData\TEMP
2009-01-18 00:06:41 ----D---- C:\ProgramData\Spybot - Search & Destroy
2009-01-18 00:06:41 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-12-30 11:45:36 ----D---- C:\Program Files\Blaze Media Pro
2008-12-30 11:45:09 ----HDC---- C:\ProgramData\{DE097E60-7F86-4350-B083-1F09B6906C92}
2008-12-30 11:32:31 ----D---- C:\Program Files\Windows Media Components
2008-12-30 11:32:31 ----A---- C:\Windows\system32\wmrmcmp.exe
2008-12-30 10:33:59 ----A---- C:\Windows\system32\AudPlayer.dll
2008-12-30 10:33:59 ----A---- C:\Windows\system32\AudioVisu.dll
2008-12-30 10:33:59 ----A---- C:\Windows\system32\AudioRecord.dll
2008-12-30 10:33:59 ----A---- C:\Windows\system32\AudioInfos.dll
2008-12-30 10:33:59 ----A---- C:\Windows\system32\AudFile.dll
2008-12-30 10:33:59 ----A---- C:\Windows\system32\AudDisplay.dll
2008-12-30 10:33:59 ----A---- C:\Windows\system32\AudDesign.dll
2008-12-30 10:33:58 ----A---- C:\Windows\system32\VB6FR.DLL
2008-12-30 10:33:58 ----A---- C:\Windows\system32\TABCTFR.DLL
2008-12-30 10:33:58 ----A---- C:\Windows\system32\MSCMCFR.DLL
2008-12-30 10:33:58 ----A---- C:\Windows\system32\Mscc2fr.dll
2008-12-30 10:33:58 ----A---- C:\Windows\system32\inetfr.DLL
2008-12-30 10:33:58 ----A---- C:\Windows\system32\CMDLGFR.DLL

======List of files/folders modified in the last 1 months======

2009-01-28 17:22:11 ----D---- C:\Windows\System32
2009-01-28 17:22:11 ----D---- C:\Windows\inf
2009-01-28 17:22:11 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-01-28 17:07:16 ----D---- C:\Windows
2009-01-28 17:04:29 ----A---- C:\Windows\system.ini
2009-01-28 17:04:01 ----D---- C:\Windows\Prefetch
2009-01-28 17:03:02 ----D---- C:\Windows\system32\drivers
2009-01-28 14:20:10 ----D---- C:\Windows\Tasks
2009-01-28 14:13:19 ----D---- C:\Users\Paweł\AppData\Roaming\OpenOffice.org2
2009-01-28 13:42:50 ----RD---- C:\Program Files
2009-01-28 13:42:50 ----HD---- C:\ProgramData
2009-01-28 13:10:35 ----D---- C:\Windows\system32\pl-PL
2009-01-28 12:49:37 ----D---- C:\Program Files\Mozilla Firefox
2009-01-28 08:58:21 ----D---- C:\Users\Paweł\AppData\Roaming\foobar2000
2009-01-28 08:01:57 ----SHD---- C:\System Volume Information
2009-01-27 20:26:25 ----D---- C:\Users\Paweł\AppData\Roaming\Skype
2009-01-27 18:41:20 ----D---- C:\Windows\AppPatch
2009-01-27 18:41:20 ----D---- C:\Program Files\Common Files
2009-01-27 17:28:28 ----D---- C:\Users\Paweł\AppData\Roaming\skypePM
2009-01-27 16:01:10 ----D---- C:\Windows\system32\Tasks
2009-01-27 14:33:01 ----SD---- C:\ProgramData\Microsoft
2009-01-27 14:11:03 ----D---- C:\Windows\Minidump
2009-01-27 14:11:03 ----D---- C:\Windows\Debug
2009-01-27 13:57:26 ----SHD---- C:\Windows\Installer
2009-01-26 20:54:50 ----D---- C:\Windows\system32\catroot2
2009-01-21 18:54:32 ----HD---- C:\Program Files\InstallShield Installation Information
2009-01-21 18:53:51 ----D---- C:\ProgramData\Google
2009-01-21 18:53:51 ----D---- C:\Program Files\Google
2009-01-21 18:40:25 ----D---- C:\Program Files\foobar2000
2009-01-21 16:31:14 ----D---- C:\Program Files\ACD Systems
2009-01-21 16:31:13 ----D---- C:\Program Files\Common Files\ACD Systems
2009-01-18 17:12:49 ----D---- C:\Users\Paweł\AppData\Roaming\Macromedia
2009-01-17 19:22:43 ----HD---- C:\$AVG8.VAULT$
2009-01-15 03:02:28 ----D---- C:\Windows\winsxs
2009-01-14 09:43:53 ----D---- C:\Windows\system32\catroot
2009-01-12 23:16:50 ----D---- C:\Program Files\SubEdit-Player
2009-01-10 02:35:28 ----A---- C:\Windows\system32\mrt.exe
2009-01-01 19:21:55 ----D---- C:\Windows\ModemLogs
2009-01-01 19:21:53 ----SD---- C:\Users\Paweł\AppData\Roaming\Microsoft

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG AVI Loader Driver x86; C:\Windows\System32\Drivers\avgldx86.sys [2008-10-06 97928]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\Windows\System32\Drivers\avgmfx86.sys [2008-10-06 26824]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [2009-01-15 8944]
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys [2009-01-15 55024]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2007-10-11 3155456]
R3 AvgWfpX;AVG8 Firewall Driver x86; C:\Windows\System32\Drivers\avgwfpx.sys [2008-10-06 69128]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2007-11-04 14208]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-04-10 1764960]
R3 itecir;ITECIR Infrared Receiver; C:\Windows\system32\DRIVERS\itecir.sys [2007-04-04 46592]
R3 NETw4v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-02-25 2216448]
R3 pfc;Padus ASPI Shell; C:\Windows\system32\drivers\pfc.sys [2008-09-28 10368]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2007-02-16 70144]
R3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys [2006-11-22 982272]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2007-11-04 11264]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2007-11-04 82688]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 5632]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2006-11-02 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2006-11-02 6016]
S3 NETw3v32;Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-11-02 1781760]
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [2009-01-15 7408]
S3 usbvideo;Urządzenie wideo USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2007-11-04 132864]
S4 JRAID;JRAID; C:\Windows\system32\drivers\jraid.sys [2007-06-13 48256]
S4 nvrd32;NVIDIA nForce RAID Driver; C:\Windows\system32\drivers\nvrd32.sys [2007-07-02 131616]
S4 nvstor32;nvstor32; C:\Windows\system32\drivers\nvstor32.sys [2007-07-02 110112]
S4 viamraid;viamraid; C:\Windows\system32\drivers\viamraid.sys [2006-11-08 102912]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 a2free;a-squared Free Service; C:\Program Files\a-squared Free\a2service.exe [2008-12-17 419448]
R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2007-10-11 610304]
R2 avg8emc;AVG8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-10-06 875288]
R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-10-06 231704]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2006-07-20 262247]
R2 TestHandler;Fujitsu Siemens Computers Diagnostic Testhandler; C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe [2006-12-08 204800]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-18 182768]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-02-26 267824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 usnjsvc;Usługa Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

-----------------EOF-----------------


[Okocza]

Ściągnij program Fixwareout i zastosuj go


po czym daj log z combofixa i hijacka

[pavao]

Niestety, Fixwareout nie działa. Próbowałem już wcześniej, ale zawsze pojawia się ten sam komunikat: "Unsupported Windows version".

[Okocza]

pavao, jaki masz Windows? XP? Jeśli tak, spróbuj w awaryjnym, jeśli nie, daj log z combofixa.

[pavao]

Windows Vista Home Premium (niestety). Spróbuję jeszcze w awaryjnym. Co do Combofixa to działał i działał, a jak ostatni raz chciałem go użyć, to wyświetlił komunikat, że to jest już nieaktualna wersja i wykonał jedynie dwa ostatni etapy. Mogę mieć problem ze zdobyciem nowego, ponieważ www mam przez pulpit zdalny od kumpla w Polsce (w ogóle jestem w Chorwacji). Ale postaram się u kogoś usiąść na chwilę.

[Okocza]

pavao, cofnij datę systemową - wtedy odpali wstaw log - czekamy na niego.

[pavao]

Kurde, z tą datą takie proste . Oto log z Combofixa:

Kod: Zaznacz wszystko

ComboFix 09-01-19.05 - Paweł 2009-01-26 19:46:47.6 - NTFSx86
Microsoft® Windows Vista™ Home Premium   6.0.6000.0.1250.1.1045.18.3070.2291 [GMT 1:00]
Uruchomiony z: d:\paweł\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
.

(((((((((((((((((((((((((   Pliki utworzone od 2008-12-26 do 2009-01-26  )))))))))))))))))))))))))))))))
.

2009-01-28 17:19 . 2009-01-28 17:19   <DIR>   d--------   C:\rsit
2009-01-28 13:42 . 2009-01-28 13:42   <DIR>   d--------   c:\users\Paweł\AppData\Roaming\Simply Super Software
2009-01-28 13:42 . 2009-01-28 13:42   <DIR>   d--------   c:\users\All Users\Simply Super Software
2009-01-28 13:42 . 2009-01-28 13:42   <DIR>   d--------   c:\programdata\Simply Super Software
2009-01-28 13:42 . 2009-01-28 13:43   <DIR>   d--------   c:\program files\Trojan Remover
2009-01-28 13:42 . 2006-05-25 14:52   162,304   --a------   c:\windows\System32\ztvunrar36.dll
2009-01-28 13:42 . 2003-02-02 19:06   153,088   --a------   c:\windows\System32\UNRAR3.dll
2009-01-28 13:42 . 2005-08-26 00:50   77,312   --a------   c:\windows\System32\ztvunace26.dll
2009-01-28 13:42 . 2006-06-19 12:01   69,632   --a------   c:\windows\System32\ztvcabinet.dll
2009-01-28 12:11 . 2009-01-28 12:11   <DIR>   d--------   c:\users\Paweł\AppData\Roaming\Malwarebytes
2009-01-28 12:11 . 2009-01-28 12:11   <DIR>   d--------   c:\users\All Users\Malwarebytes
2009-01-28 12:11 . 2009-01-28 12:11   <DIR>   d--------   c:\programdata\Malwarebytes
2009-01-28 12:11 . 2009-01-28 12:11   <DIR>   d--------   c:\program files\Malwarebytes' Anti-Malware
2009-01-28 12:11 . 2009-01-14 16:11   38,496   --a------   c:\windows\System32\drivers\mbamswissarmy.sys
2009-01-28 12:11 . 2009-01-14 16:11   15,504   --a------   c:\windows\System32\drivers\mbam.sys
2009-01-27 14:08 . 2009-01-27 14:08   <DIR>   d--------   c:\program files\CCleaner
2009-01-27 13:57 . 2009-01-27 13:57   <DIR>   d--------   c:\users\Paweł\AppData\Roaming\SUPERAntiSpyware.com
2009-01-27 13:57 . 2009-01-27 13:57   <DIR>   d--------   c:\users\All Users\SUPERAntiSpyware.com
2009-01-27 13:57 . 2009-01-27 13:57   <DIR>   d--------   c:\programdata\SUPERAntiSpyware.com
2009-01-27 13:57 . 2009-01-27 13:57   <DIR>   d--------   c:\program files\SUPERAntiSpyware
2009-01-27 13:56 . 2009-01-27 13:56   <DIR>   d--------   c:\program files\Common Files\Wise Installation Wizard
2009-01-27 13:47 . 2009-01-27 15:10   <DIR>   d--------   C:\fixwareout
2009-01-21 16:40 . 2009-01-21 16:40   <DIR>   d--------   c:\users\Paweł\AppData\Roaming\Ashampoo
2009-01-21 16:40 . 2009-01-21 16:40   <DIR>   d--------   c:\users\All Users\ashampoo
2009-01-21 16:40 . 2009-01-21 16:40   <DIR>   d--------   c:\programdata\ashampoo
2009-01-21 16:39 . 2009-01-21 16:39   <DIR>   d--------   c:\program files\Ashampoo
2009-01-21 02:11 . 2009-01-21 02:11   <DIR>   d--------   c:\program files\Trend Micro
2009-01-18 23:17 . 2009-01-18 23:32   <DIR>   d--------   c:\users\Paweł\AppData\Roaming\VoipCheapCom
2009-01-18 23:16 . 2009-01-18 23:16   <DIR>   d--------   c:\program files\VoipCheapCom
2009-01-18 17:59 . 2009-01-28 18:11   <DIR>   d--------   c:\users\All Users\Google Updater
2009-01-18 17:59 . 2009-01-28 18:11   <DIR>   d--------   c:\programdata\Google Updater
2009-01-18 17:27 . 2009-01-19 03:27   602   --ah-----   C:\os604495.bin
2009-01-18 17:10 . 2009-01-18 17:10   <DIR>   d--------   c:\program files\Macromedia
2009-01-18 00:59 . 2009-01-18 02:44   <DIR>   d--------   c:\program files\a-squared Free
2009-01-18 00:47 . 2009-01-28 17:18   <DIR>   d-a------   c:\users\All Users\TEMP
2009-01-18 00:47 . 2009-01-28 17:18   <DIR>   d-a------   c:\programdata\TEMP
2009-01-18 00:06 . 2009-01-28 11:11   <DIR>   d--------   c:\users\All Users\Spybot - Search & Destroy
2009-01-18 00:06 . 2009-01-28 11:11   <DIR>   d--------   c:\programdata\Spybot - Search & Destroy
2009-01-18 00:06 . 2009-01-27 15:59   <DIR>   d--------   c:\program files\Spybot - Search & Destroy
2009-01-14 09:44 . 2008-12-16 04:07   290,816   --a------   c:\windows\System32\drivers\srv.sys
2008-12-30 11:45 . 2008-12-30 11:46   <DIR>   d--h-c---   c:\users\All Users\{DE097E60-7F86-4350-B083-1F09B6906C92}
2008-12-30 11:45 . 2008-12-30 11:46   <DIR>   d--h-c---   c:\programdata\{DE097E60-7F86-4350-B083-1F09B6906C92}
2008-12-30 11:45 . 2008-12-30 11:46   <DIR>   d--------   c:\program files\Blaze Media Pro
2008-12-30 11:32 . 2008-12-30 11:32   <DIR>   d--------   c:\program files\Windows Media Components
2008-12-30 11:32 . 2000-08-10 16:17   90,169   --a------   c:\windows\System32\wmrmcmp.exe
2008-12-30 10:34 . 1998-06-24 00:00   164,144   --a------   c:\windows\System32\COMCT232.OCX

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-28 12:42   ---------   d-----w   c:\users\Paweł\AppData\Roaming\Simply Super Software
2009-01-28 11:11   ---------   d-----w   c:\users\Paweł\AppData\Roaming\Malwarebytes
2009-01-28 07:58   ---------   d-----w   c:\users\Paweł\AppData\Roaming\foobar2000
2009-01-27 19:26   ---------   d-----w   c:\users\Paweł\AppData\Roaming\Skype
2009-01-27 16:28   ---------   d-----w   c:\users\Paweł\AppData\Roaming\skypePM
2009-01-27 12:57   ---------   d-----w   c:\users\Paweł\AppData\Roaming\SUPERAntiSpyware.com
2009-01-26 18:49   2,883,584   --sha-w   c:\users\Paweł\ntuser.dat
2009-01-26 18:49   2,883,584   --sha-w   c:\users\Paweł\ntuser.dat
2009-01-26 18:45   ---------   d-----w   c:\users\Paweł\AppData\Roaming\OpenOffice.org2
2009-01-21 17:54   ---------   d--h--w   c:\program files\InstallShield Installation Information
2009-01-21 17:53   ---------   d-----w   c:\program files\Google
2009-01-21 17:40   ---------   d-----w   c:\program files\foobar2000
2009-01-21 15:40   ---------   d-----w   c:\users\Paweł\AppData\Roaming\Ashampoo
2009-01-21 15:31   ---------   d-----w   c:\program files\Common Files\ACD Systems
2009-01-21 15:31   ---------   d-----w   c:\program files\ACD Systems
2009-01-18 22:32   ---------   d-----w   c:\users\Paweł\AppData\Roaming\VoipCheapCom
2009-01-18 16:12   ---------   d-----w   c:\users\Paweł\AppData\Roaming\Macromedia
2009-01-12 22:16   ---------   d-----w   c:\program files\SubEdit-Player
2009-01-01 18:21   ---------   d-s---w   c:\users\Paweł\AppData\Roaming\Microsoft
2008-12-13 00:21   ---------   d-----w   c:\program files\Rjecnik
2008-12-13 00:20   73,216   ----a-w   c:\windows\ST6UNST.EXE
2008-12-13 00:20   249,856   ------w   c:\windows\Setup1.exe
2008-12-11 03:03   174   --sha-w   c:\program files\desktop.ini
2008-12-11 02:08   ---------   d-----w   c:\programdata\Microsoft Help
2008-12-10 15:14   410,976   ----a-w   c:\windows\System32\deploytk.dll
2008-12-10 15:13   ---------   d-----w   c:\program files\Java
2008-12-05 11:24   ---------   d-----w   c:\program files\FlashGet
2008-12-03 16:40   ---------   d-----w   c:\users\Paweł\AppData\Roaming\ACD Systems
2008-12-03 16:14   ---------   d-----w   c:\programdata\ACD Systems
2008-11-29 14:43   ---------   d-----w   c:\users\Paweł\AppData\Roaming\mIRC
2008-11-28 17:34   ---------   d-----w   c:\program files\CafeNews
2008-11-03 23:15   1,399,092   ----a-w   c:\users\Paweł\polish_boyfriend.exe
2008-11-03 23:15   1,399,092   ----a-w   c:\users\Paweł\polish_boyfriend.exe
2008-11-01 03:33   52,736   ----a-w   c:\windows\AppPatch\iebrshim.dll
2008-11-01 03:33   449,536   ----a-w   c:\windows\AppPatch\AcSpecfc.dll
2008-11-01 03:33   28,672   ----a-w   c:\windows\System32\Apphlpdm.dll
2008-11-01 03:33   2,144,256   ----a-w   c:\windows\AppPatch\AcGenral.dll
2008-11-01 03:33   1,687,040   ----a-w   c:\windows\System32\gameux.dll
2008-11-01 03:24   537,600   ----a-w   c:\windows\AppPatch\AcLayers.dll
2008-11-01 03:24   173,056   ----a-w   c:\windows\AppPatch\AcXtrnal.dll
2008-10-31 23:38   4,247,552   ----a-w   c:\windows\System32\GameUXLegacyGDFs.dll
2008-10-31 23:23   2,560   ----a-w   c:\windows\AppPatch\AcRes.dll
2008-10-29 06:20   2,923,520   ----a-w   c:\windows\explorer.exe
2008-10-06 19:14   56   ---ha-w   c:\users\All Users\ezsidmv.dat
2008-10-06 19:14   56   ---ha-w   c:\programdata\ezsidmv.dat
.

(((((((((((((((((((((((((((((   snapshot@2009-01-28_17.04.58,72   )))))))))))))))))))))))))))))))))))))))))
.
- 2009-01-28 13:12:38   2,048   --sha-w   c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-01-26 18:43:23   2,048   --sha-w   c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-01-28 13:12:38   2,048   --sha-w   c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-01-26 18:43:23   2,048   --sha-w   c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-01-28 13:14:11   262,144   --sha-w   c:\windows\ServiceProfiles\LocalService\ntuser.dat
+ 2009-01-26 18:45:12   262,144   --sha-w   c:\windows\ServiceProfiles\LocalService\ntuser.dat
+ 2009-01-26 18:45:12   262,144   ---ha-w   c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2009-01-28 13:13:35   262,144   --sha-w   c:\windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2009-01-26 18:45:17   262,144   --sha-w   c:\windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2009-01-26 18:45:17   262,144   ---ha-w   c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2009-01-27 16:08:13   16,384   --sha-w   c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-01-28 17:10:41   16,384   --sha-w   c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-01-27 16:08:13   32,768   --sha-w   c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-01-28 17:10:41   32,768   --sha-w   c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-01-27 16:08:13   16,384   --sha-w   c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-01-28 17:10:41   16,384   --sha-w   c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-01-28 13:18:58   103,924   ----a-w   c:\windows\System32\perfc009.dat
+ 2009-01-28 18:35:35   103,314   ----a-w   c:\windows\System32\perfc009.dat
- 2009-01-28 13:18:58   86,416   ----a-w   c:\windows\System32\perfc015.dat
+ 2009-01-28 18:35:35   85,832   ----a-w   c:\windows\System32\perfc015.dat
- 2009-01-28 13:18:58   610,142   ----a-w   c:\windows\System32\perfh009.dat
+ 2009-01-28 18:35:35   609,532   ----a-w   c:\windows\System32\perfh009.dat
- 2009-01-28 13:18:58   535,568   ----a-w   c:\windows\System32\perfh015.dat
+ 2009-01-28 18:35:35   534,582   ----a-w   c:\windows\System32\perfh015.dat
- 2009-01-28 13:14:33   6,422   ----a-w   c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-139335296-3733032078-1987870897-1000_UserData.bin
+ 2009-01-26 18:45:35   6,422   ----a-w   c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-139335296-3733032078-1987870897-1000_UserData.bin
- 2009-01-28 13:14:33   62,682   ----a-w   c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-01-26 18:45:35   62,950   ----a-w   c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2009-01-28 13:14:31   34,676   ----a-w   c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-01-26 18:45:31   34,818   ----a-w   c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
-- Migawka wyzerowana --
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"fsc-reg"="c:\programdata\fsc-reg\fscreg.exe" [2007-11-16 234256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"recinfo642"="c:\recinfo\RecInfo.exe" [2007-10-23 2764800]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-02-26 153136]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-27 1261336]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-10 136600]
"CafeNews"="c:\program files\CafeNews\CN.exe" [2008-07-22 1228800]
"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2009-01-01 1231752]
"RtHDVCpl"="RtHDVCpl.exe" [2007-04-10 c:\windows\RtHDVCpl.exe]

c:\users\Paweˆ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 393216]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-10-06 113664]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=G

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.mkdmp3enc"= c:\progra~1\CYBERL~1\PowerDV\Kernel\Burner\MKDMP3Enc.ACM
"VIDC.ACDV"= ACDV.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{2AC30F48-7151-4F8D-8BED-3470596C0EAB}"= c:\program files\CyberLink\PowerDV\PowerDV.exe:CyberLink PowerDV
"{D771C348-A613-4680-AA3A-A11B44E92006}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{CB472418-DFBB-4A62-9B5D-46601E60E487}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{6132C310-83B4-473B-A224-FF494377E1EC}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{CB5A9BC1-E0D5-42C9-AB52-1962E89E59F7}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe
"TCP Query User{042D6C4C-00DA-4DE7-9474-3C14146FC0BB}d:\\paweł\\miranda im\\miranda32.exe"= UDP:d:\paweł\miranda im\miranda32.exe:Miranda IM
"UDP Query User{F88AB5D2-EC90-4E32-B71E-8F65D3651833}d:\\paweł\\miranda im\\miranda32.exe"= TCP:d:\paweł\miranda im\miranda32.exe:Miranda IM
"{F3796232-F9E2-409C-A4B1-FD4F2B1E0628}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{7D3CB9B8-5330-4859-AF85-A4732FDF1DCD}c:\\program files\\totalcmd\\totalcmd.exe"= UDP:c:\program files\totalcmd\totalcmd.exe:Total Commander 32 bit international version, file manager replacement for Windows
"UDP Query User{9229284A-5A78-4152-8443-59A7F79618DD}c:\\program files\\totalcmd\\totalcmd.exe"= TCP:c:\program files\totalcmd\totalcmd.exe:Total Commander 32 bit international version, file manager replacement for Windows
"{469E3F41-A8DA-4C36-940D-F4729DAFA9C5}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{2BD61B8F-E8EB-4CBB-963A-6282D9F2D072}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{B4F81541-1779-473C-A2CC-0DA91B55ACF6}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{57C68259-A062-40BC-A071-2253F233D4CD}c:\\program files\\sopcast\\sopcast.exe"= UDP:c:\program files\sopcast\sopcast.exe:SopCast Main Application
"UDP Query User{839296E1-B48A-46F1-8B82-42A486D27115}c:\\program files\\sopcast\\sopcast.exe"= TCP:c:\program files\sopcast\sopcast.exe:SopCast Main Application
"TCP Query User{3C44EF9C-7209-458C-A658-0B4C39B2CC8A}c:\\program files\\sopcast\\adv\\sopadver.exe"= UDP:c:\program files\sopcast\adv\sopadver.exe:SopCast Adver
"UDP Query User{B7DECE76-2E8E-40E2-A520-F0C3D20C4B5F}c:\\program files\\sopcast\\adv\\sopadver.exe"= TCP:c:\program files\sopcast\adv\sopadver.exe:SopCast Adver
"TCP Query User{CA193C7D-4A30-45E8-B21F-667360A16DA1}c:\\program files\\mirc\\mirc.exe"= UDP:c:\program files\mirc\mirc.exe:mIRC
"UDP Query User{B9463798-0449-4882-9B9D-7FBA1C6CFD72}c:\\program files\\mirc\\mirc.exe"= TCP:c:\program files\mirc\mirc.exe:mIRC
"TCP Query User{C3F3761F-EC2F-4B69-BCE8-5C619F665B10}c:\\program files\\opera\\opera.exe"= UDP:c:\program files\opera\opera.exe:Opera Internet Browser
"UDP Query User{86E673FC-4D3A-4F02-8032-52E5D7C29DF2}c:\\program files\\opera\\opera.exe"= TCP:c:\program files\opera\opera.exe:Opera Internet Browser
"TCP Query User{A85A9110-4B11-4246-84A2-33BFEF93A942}c:\\program files\\voipcheapcom\\voipcheapcom.exe"= UDP:c:\program files\voipcheapcom\voipcheapcom.exe:Client to make VoIP calls.
"UDP Query User{24D35EB9-98C6-49C9-AEEF-CD2D514C20C0}c:\\program files\\voipcheapcom\\voipcheapcom.exe"= TCP:c:\program files\voipcheapcom\voipcheapcom.exe:Client to make VoIP calls.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [2008-09-28 97928]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-01-15 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-01-15 55024]
R3 AvgWfpX;AVG8 Firewall Driver x86;c:\windows\System32\drivers\avgwfpx.sys [2008-09-28 69128]
R3 itecir;ITECIR Infrared Receiver;c:\windows\System32\drivers\itecir.sys [2008-02-17 46592]
R4 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-09-28 875288]
R4 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-09-28 231704]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-01-15 7408]
.
Zawartość folderu 'Zaplanowane zadania'

2009-01-26 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-18 17:59]
.
.
------- Skan uzupełniający -------
.
IE: Download All by FlashGet - c:\program files\FlashGet\jc_all.htm
IE: Download using FlashGet - c:\program files\FlashGet\jc_link.htm
IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Subskrybuj w Cafe News - c:\program files\CafeNews\addFeed.htm
TCP: {0416E862-C9D6-43FF-8A8D-4168D8740C35} = 193.198.8.211
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-26 19:49:30
Windows 6.0.6000  NTFS

skanowanie ukrytych procesów ... 

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ... 

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
Czas ukończenia: 2009-01-26 19:52:17
ComboFix-quarantined-files.txt  2009-01-26 18:52:08
ComboFix2.txt  2009-01-28 16:07:15
ComboFix3.txt  2009-01-28 12:10:32

Przed: 174,098,972,672 bajtów wolnych
Po: 174,073,626,624 bajtów wolnych

232   --- E O F ---   2009-01-26 19:55:01


Dodano Dzisiaj, 19:58:
a tu log z hijackthis:

Kod: Zaznacz wszystko

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:57:49, on 2009-01-26
Platform: Windows Vista  (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16764)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\ProgramData\fsc-reg\fscreg.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\conime.exe
C:\Windows\Explorer.exe
C:\Windows\system32\notepad.exe
C:\Windows\helppane.exe
C:\Windows\system32\mstsc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [StartCCC] "c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [recinfo642] c:\RecInfo\RecInfo.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [CafeNews] C:\Program Files\CafeNews\CN.exe /autostart
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKCU\..\Run: [fsc-reg] C:\ProgramData\fsc-reg\fscreg.exe 20081227
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Subskrybuj w Cafe News - C:\Program Files\CafeNews\addFeed.htm
O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0416E862-C9D6-43FF-8A8D-4168D8740C35}: NameServer = 193.198.8.211
O17 - HKLM\System\CS1\Services\Tcpip\..\{0416E862-C9D6-43FF-8A8D-4168D8740C35}: NameServer = 193.198.8.211
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe

--
End of file - 7024 bytes


[Okocza]

fix w hj

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

przeskanuj na www.virustotal.com

C:\ProgramData\fsc-reg\fscreg.exe

wklej w notatnik:

Kod: Zaznacz wszystko

Windows Registry Editor Version 5.00

[-hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

zapisz jako FIX.REG i odpal. dodajesz do rejestru tą wartość.

[pavao]

zeskanowałem ten plik. wynik: http://www.virustotal.com/pl/analisis/6d2b7a4f3f3e7e00f96dccb34c74ac96 (mam nadzieję, że o to chodzi)

[wojtas]

1. Ściągnij OTMoveIt i go włacz i odpal go z opcji CleanUp oraz skasuj folder C:\Qoobox
2. wykonaj optymalizację windowsa
3.sciagnij ATF_Cleaner
zaznacz
Windows Temp
All users Temp
Temporary internet files
Recycle Bin
i wcisnij EMPTY SELECTED
4.Wyłącz przywracanie systemu ( właściwości mój komputer-zakładka przywracanie - wyłącz przywracanie na wszystkich dyskach). Po chwili włącz je powrotem
5. Wykonaj skan Dr. Web CureIt
6. Przeskanuj obszar mojego komputera http://www.kaspersky.pl/virusscanner.html (uruchom przez IE) Daj raport z niego na forum.

i tym:

FixIEDef.

[pavao]

wojtas: jak mam wykonać skanowanie kasperskym onoline, skoro nie działa mi www?

[wojtas]

to looknij tu:
http://www.searchengines.pl/index.php?showtopic=79791&st=0#entry225445

i sprobuj wtedy. jesli nie to pomiń ten krok.

[pavao]

Wygląda na to, że wszystko jest w porządku. Net i komp hulają, że aż miło. Po przeprowadzeniu wszystkich kroków (oprócz Kasperskiego - ten był na końcu) DNSy były dalej przyblokowane, ale zrobiłem wtedy dwa skany Malwarebytesem w trybie awaryjnym i usunąłem błędne wpisy. Minęło już paręnaście godzin, a w regedicie się już nie pojawiają. Okocza i Wojtas: wielkie dzięki!

Raport z Kasperskyego:

Kod: Zaznacz wszystko

--------------------------------------------------------------------------------
RAPORT KASPERSKY ONLINE SCANNER 7.0
czwartek, 29 styczeń 2009
System operacyjny: Microsoft Windows Vista Home Premium Edition, 32-bit (build 6000)
Wersja Kaspersky Online Scanner: 7.0.26.12
Data ostatniej aktualizacji bazy danych: Thursday, January 29, 2009 00:42:11
Liczba wpisów: 1722428
--------------------------------------------------------------------------------

Ustawienia skanowania:
   Typ bazy danych użytej do skanowania: rozszerzona
   Skanuj archiwa: tak
   Skanuj pocztowe bazy danych: tak

Obszar skanowania - Mój komputer:
   C:\
   D:\
   E:\

Statystyki skanowania:
   Przeskanowanych plików: 90013
   Nazwa zagrożenia: 0
   Zainfekowanych obiektów: 0
   Podejrzanych obiektów: 0
   Czas skanowania: 01:36:33

Nie wykryto zagrożeń. Obszar skanowania jest czysty.

Wybrany obszar został przeskanowany.


[wojtas]

jest ok