Zawieszający się komputer po próbie wejścia wirusa

**Posty:** 17 · przez **aga.jaska** 31 Mar 2010, 21:21

Kilka dni temu jakiś wirus próbował zagnieździć mi się w kompie. Jakoś go zatrzymałam, ale od tegu czasu strasznie się zwiesza...Przeskanowałam go OTL i wygenerowałam logi. Co dalej z nimi zrobić? Wogóle na jakiej zasadzie wybiera się te pliki do dalszej "obróbki" w OTL? Czy jest jakaś zasada, czy tzreba się na tym dobrze znać?:)
Poniżej przesyłam logi..

Będę wdzięczna za pomoc...

**Posty:** 12734 · przez **Mikou@j** 31 Mar 2010, 21:24

Przeczytaj obowiazkowe-zasady-wstawiania-logow-wazne-vt117887.html i popraw post.
Zła nazwa tematu, brak loga z gmera, brak loga otl.txt. Poza tym logi wstawiamy w tagi code. Wszystko jest napisane w tym linku.

**Posty:** 17 · przez **aga.jaska** 31 Mar 2010, 21:37

Nie wiem czemu, ale jak cchę wejść na te srtony, które mi wysłałeś, to wyświetla mi się, że nie mogę wejść, bo nie mam uprawnień..

**Posty:** 12734 · przez **Mikou@j** 31 Mar 2010, 21:40

gmer-opis-dzialania-vt117883.html
programy-emulujace-napedy-wazne-vt117886.html
otl-dds-combofix-vt117885.html
tutaj powinnaś dać radę wejść

**Posty:** 17 · przez **aga.jaska** 31 Mar 2010, 23:14

OTL: http://wklej.org/id/307650/

Dodano Dzisiaj, 23:16:
Extras: http://wklej.org/id/307657/

**Posty:** 1916 · przez **lamar** 31 Mar 2010, 23:22

Daj jeszcze loga z Gmera, ale przed jego użyciem wykasuj plik sptd.sys i program emulujący napęd.

DRV - [2008-02-24 15:20:46 | 000,685,816 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)

programy-emulujace-napedy-wazne-vt117886.html

**Posty:** 17 · przez **aga.jaska** 01 Kwi 2010, 07:27

Kod: Zaznacz wszystko: GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-04-01 02:06:53 Windows 5.1.2600 Dodatek Service Pack 3 Running: t607vfkq[1].exe; Driver: C:\DOCUME~1\AGA\USTAWI~1\Temp\fxrdqpoc.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xAA9276B8] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xAA927A52] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xAA92714C] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xAA92764E] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xAA92776E] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xAA92772E] ---- Kernel code sections - GMER 1.0.15 ---- ? C:\DOCUME~1\AGA\USTAWI~1\Temp\fxrdqpow.sys Nie można odnaleźć określonego pliku. ! ---- User code sections - GMER 1.0.15 ---- .text C:\WINDOWS\Explorer.EXE[1528] ntdll.dll!NtQueryDirectoryFile + 6 7C90D774 4 Bytes [90, 61, F9, 01] .text C:\Program Files\Internet Explorer\iexplore.exe[2908] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 405D56E9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2908] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 406AD964 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2908] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 407A43AF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2908] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 407A42E1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2908] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 407A434C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2908] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 407A41B2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2908] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 407A4214 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2908] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 407A4412 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2908] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 407A4276 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3224] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 405D56E9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3224] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 406A9AD5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3224] USER32.dll!CallNextHookEx 7E37B3C6 5 Bytes JMP 4069D189 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3224] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 406AD964 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3224] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 406148CE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3224] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 407A43AF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3224] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 407A42E1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3224] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 407A434C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3224] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 407A41B2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3224] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 407A4214 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3224] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 407A4412 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3224] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 407A4276 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3224] ole32.dll!CoCreateInstance 774F057E 5 Bytes JMP 406AD9C0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3224] ole32.dll!OleLoadFromStream 77519C85 5 Bytes JMP 407A4717 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\WINDOWS\system32\services.exe[728] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003D0002 IAT C:\WINDOWS\system32\services.exe[728] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 003D0000 IAT C:\WINDOWS\Explorer.EXE[1528] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [02102F60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\WINDOWS\Explorer.EXE[1528] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [02102DB0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\WINDOWS\Explorer.EXE[1528] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [02102D70] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\WINDOWS\Explorer.EXE[1528] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [02102DC0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\Program Files\Messenger\msmsgs.exe[1680] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00FD2F60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\Program Files\Messenger\msmsgs.exe[1680] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00FD2DB0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\Program Files\Messenger\msmsgs.exe[1680] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00FD2D70] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\Program Files\Messenger\msmsgs.exe[1680] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00FD2DC0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\WINDOWS\system32\wuauclt.exe[2332] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00A32F60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\WINDOWS\system32\wuauclt.exe[2332] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00A32DB0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\WINDOWS\system32\wuauclt.exe[2332] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00A32D70] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\WINDOWS\system32\wuauclt.exe[2332] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00A32DC0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\Program Files\Internet Explorer\iexplore.exe[2908] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00B32F60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\Program Files\Internet Explorer\iexplore.exe[2908] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00B32DB0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\Program Files\Internet Explorer\iexplore.exe[2908] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00B32D70] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\Program Files\Internet Explorer\iexplore.exe[2908] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00B32DC0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\Program Files\Internet Explorer\iexplore.exe[3224] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00B32F60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\Program Files\Internet Explorer\iexplore.exe[3224] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00B32DB0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\Program Files\Internet Explorer\iexplore.exe[3224] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00B32D70] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\Program Files\Internet Explorer\iexplore.exe[3224] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00B32DC0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\Program Files\Internet Explorer\iexplore.exe[3224] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation) IAT C:\Documents and Settings\AGA\Ustawienia lokalne\Temporary Internet Files\Content.IE5\3JJY9HPP\t607vfkq[1].exe[3764] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00B32F60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\Documents and Settings\AGA\Ustawienia lokalne\Temporary Internet Files\Content.IE5\3JJY9HPP\t607vfkq[1].exe[3764] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00B32DB0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\Documents and Settings\AGA\Ustawienia lokalne\Temporary Internet Files\Content.IE5\3JJY9HPP\t607vfkq[1].exe[3764] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00B32D70] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\Documents and Settings\AGA\Ustawienia lokalne\Temporary Internet Files\Content.IE5\3JJY9HPP\t607vfkq[1].exe[3764] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00B32DC0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software) AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x05 0x99 0x22 0xB8 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x63 0x1F 0xC8 0x42 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xAB 0x83 0x22 0x63 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xB8 0x31 0x06 0xC7 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x05 0x99 0x22 0xB8 ... ---- EOF - GMER 1.0.15 ----

**Posty:** 2183 · przez **NieWiem** 01 Kwi 2010, 15:05

Kto wie, czy tutaj nie ma Viruta. Są jakieś dziwne hooki od ntdll w gmerze... Najpierw to sprawdźmy, a potem możemy myśleć o reszcie.

Pobierz program Dr Web Cure It.
Kliknij dwukrotnie na ikonę, aby uruchomić program (użytkownicy systemów Vista oraz Se7en => prawoklik oraz wybrać opcję Uruchom jako Administrator).
Kliknij Scan żeby odpalić szybkie skanowanie, w wyskakującym okienku wciśnij OK.
Jeśli coś zostanie znalezione, kliknij Yes żeby wyleczyć/usunąć.
Po szybkim skanowaniu wybierz opcję Complete Scan.
Po prawej stronie kliknij zieloną strzałkę.
Jeśli zostaniesz poproszony w trakcie skanowania, kliknij Yes to all (automatyczne leczenie i/lub usuwanie).
Ten skan może trwać bardzo długo - zalecam, żeby odpalić go na noc, zostawiając komputer włączonym!
Po ukończeniu skanowania, wybierz Menu File => Save Report list.
Plik zapisz na pulpicie. Będzie nazywał się DrWeb.cvs
Zrestartuj komputer - to bardzo ważne, ponieważ Dr Web niektóre pliki będzie mógł wyleczyć/usunąć dopiero po restarcie!
Za pomocą notatnika otwórz plik DrWeb.csv i wklej jego zawartość na forum w znacznikach [code] na forum, albo na stronie http://www.wklej.org, a w poście daj tylko linka.

**Posty:** 17 · przez **aga.jaska** 02 Kwi 2010, 08:09

Zrobiłam te skany, jak napisałeś, ale w trakcie tego kompletnego skanowania wystapił jakiś problem z aplikacją i program się zamknął. Rano miałam tylko informację o tym, gdzie było napisane też, że jest jakiś wirus i że raport skanowania jest na dysku c. Tylko że on jest niepełny...A teraz mam jeszcze problem z jego wklejeniem tu, bo jak chcę wkleić, to mi się wszystko zawiesza. Spróbuję go jeszcze wyslać..A co dalej robić? Skanowac jeszcze raz?:(

**Posty:** 8001 · przez **Okocza** 02 Kwi 2010, 08:56

aga.jaska, daj log z RSIT

**Posty:** 17 · przez **aga.jaska** 02 Kwi 2010, 10:22

co to jest? Wysłałam tam logi z OTL i Gmera...A teraz jak włączyłam kompute, to program wyłapała mi Rootkita w Autostarcie...

Wydaje mi się, że zamiast lepiej, robi się coraz gorzej...

Dodano Dzisiaj, 10:25:
Próbowałam wrzucić jeszcze ten raport ze skanowania przez dr web cure, ale za każdym razem jak daję wklej, to strona i wszystko się zawiesza...

**Posty:** 4765 · przez **ordynat** 02 Kwi 2010, 11:21

W logu OTL było wyrażnie widać infekcję.
Ponieważ nie wiem, co Dr.Web usuwał, wię daję usuwanie tej infekcji:
Uruchom OTL i w oknie Custom Scans/Fixes wklej to:

:OTL
[2010-03-27 19:38:01 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\AGA\Dane aplikacji\avdrn.dat
O4 - Startup: C:\Documents and Settings\AGA\Menu Start\Programy\Autostart\syspck32.exe ()

:Commands
[emptytemp]
[Reboot]

Kliknij w Run Fix. Zatwierdź restart komputera. Zapisz raport, który pokaże się po restarcie.
Następnie uruchom OTL ponownie, tym razem kliknij "Run Scan".
Pokaż nowy log OTL.txt oraz raport z usuwania.
.

**Posty:** 17 · przez **aga.jaska** 02 Kwi 2010, 11:59

Kod: Zaznacz wszystko: All processes killed ========== OTL ========== C:\Documents and Settings\AGA\Dane aplikacji\avdrn.dat moved successfully. File C:\Documents and Settings\AGA\Menu Start\Programy\Autostart\syspck32.exe not found. ========== COMMANDS ========== [EMPTYTEMP] User: AGA ->Temp folder emptied: 26632027 bytes ->Temporary Internet Files folder emptied: 358684606 bytes ->Java cache emptied: 38771042 bytes ->Apple Safari cache emptied: 318331 bytes ->Flash cache emptied: 181729 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: LocalService ->Temp folder emptied: 66016 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 136872508 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 590163 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 536,00 mb OTL by OldTimer - Version 3.1.37.3 log created on 04022010_113538 Files\Folders moved on Reboot... C:\Documents and Settings\AGA\Ustawienia lokalne\Temporary Internet Files\Content.IE5\TF7D142Z\viewtopic[1].php moved successfully. C:\Documents and Settings\AGA\Ustawienia lokalne\Temporary Internet Files\Content.IE5\E5VG2AK3\adsCAU9N8CU.htm moved successfully. C:\Documents and Settings\AGA\Ustawienia lokalne\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully. C:\Documents and Settings\AGA\Ustawienia lokalne\Temporary Internet Files\SuggestedSites.dat moved successfully. File move failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot. C:\WINDOWS\temp\Perflib_Perfdata_60c.dat moved successfully. Registry entries deleted on Reboot...

Dodano Dzisiaj, 11:59:
to jest raport z usuwania..Dałam go w code..

Dodano Dzisiaj, 12:00:

Kod: Zaznacz wszystko: OTL logfile created on: 2010-04-02 11:48:50 - Run 4 OTL by OldTimer - Version 3.1.37.3 Folder = C:\Documents and Settings\AGA\Pulpit Windows XP Home Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 1 015,00 Mb Total Physical Memory | 572,00 Mb Available Physical Memory | 56,00% Memory free 2,00 Gb Paging File | 2,00 Gb Available in Paging File | 82,00% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 19,91 Gb Total Space | 6,24 Gb Free Space | 31,34% Space Free | Partition Type: NTFS Drive D: | 73,24 Gb Total Space | 7,68 Gb Free Space | 10,48% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: GRAZYNA Current User Name: AGA Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2010-03-31 15:55:04 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\AGA\Pulpit\OTL.exe PRC - [2010-01-20 14:05:04 | 012,067,432 | ---- | M] (GG Network S.A.) -- C:\Program Files\Gadu-Gadu 10\gg.exe PRC - [2009-11-25 01:51:40 | 000,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe PRC - [2009-11-25 01:51:35 | 000,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe PRC - [2009-11-25 01:51:21 | 000,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe PRC - [2009-11-25 01:48:48 | 000,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe PRC - [2009-11-25 01:43:56 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe PRC - [2009-06-03 14:46:36 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe PRC - [2008-04-14 19:21:16 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007-09-02 14:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.exe PRC - [2005-12-09 16:37:42 | 000,081,920 | ---- | M] (Logitech Inc.) -- c:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe PRC - [2005-09-23 23:05:26 | 000,029,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [color=#E56717]========== Modules (SafeList) ==========[/color] MOD - [2010-03-31 15:55:04 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\AGA\Pulpit\OTL.exe MOD - [2007-09-02 14:57:36 | 000,069,632 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.dll MOD - [2005-12-09 16:37:42 | 000,086,016 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - [2009-11-25 01:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus) SRV - [2009-11-25 01:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner) SRV - [2009-11-25 01:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner) SRV - [2009-11-25 01:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv) SRV - [2009-06-03 14:46:36 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService) SRV - [2007-03-20 03:19:14 | 000,263,168 | ---- | M] (Ares Development Group) [On_Demand | Stopped] -- D:\Instalki\Ares\chatServer.exe -- (AresChatServer) SRV - [2005-12-09 16:37:42 | 000,081,920 | ---- | M] (Logitech Inc.) [Auto | Running] -- c:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2009-11-25 01:50:59 | 000,094,160 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2) DRV - [2009-11-25 01:50:12 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP) DRV - [2009-11-25 01:50:00 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2009-11-25 01:49:07 | 000,048,560 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi) DRV - [2009-11-25 01:48:57 | 000,023,120 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr) DRV - [2009-11-25 01:47:54 | 000,027,408 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4) DRV - [2008-04-13 20:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) Sterownik audio USB (WDM) DRV - [2008-04-13 18:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus) DRV - [2006-09-06 10:04:12 | 004,377,600 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2006-08-10 07:10:32 | 000,136,832 | R--- | M] (Motorola Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\m3aux.sys -- (M3AD) DRV - [2006-07-26 04:39:32 | 001,707,776 | R--- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw3x32.sys -- (NETw3x32) Sterownik karty Intel(R) DRV - [2005-12-09 16:37:42 | 002,400,256 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVMVdrv.sys -- (lvmvdrv) DRV - [2005-12-09 16:37:42 | 000,016,768 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPrcMon.sys -- (LVPrcMon) DRV - [2005-12-09 16:35:54 | 002,174,464 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Lvckap.sys -- (Lvckap) DRV - [2005-05-27 18:46:20 | 000,913,280 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV302AV.SYS -- (PID_08A0) QuickCam IM(PID_08A0) DRV - [2005-05-27 18:37:58 | 000,007,136 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lv302af.sys -- (pepifilter) DRV - [2005-05-27 18:31:26 | 000,022,016 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta) DRV - [2005-02-17 17:07:48 | 000,005,632 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ATKACPI.sys -- (MTsensor) DRV - [2005-02-16 17:19:00 | 000,070,144 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp) DRV - [2004-08-04 00:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Sterownik NT karty Realtek RTL8139(A/B/C) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local [2009-07-06 16:54:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\AGA\Dane aplikacji\Mozilla\Extensions [2009-07-06 16:54:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\AGA\Dane aplikacji\Mozilla\Extensions\home2@tomtom.com O1 HOSTS File: ([2006-03-02 14:00:00 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll () O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software) O4 - HKCU..\Run: [Gadu-Gadu 10] C:\Program Files\Gadu-Gadu 10\gg.exe (GG Network S.A.) O4 - HKCU..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe () O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Easy-WebPrint Add To Print List - C:\Program Files\Canon\Easy-WebPrint\Resource.dll () O8 - Extra context menu item: Easy-WebPrint High Speed Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll () O8 - Extra context menu item: Easy-WebPrint Preview - C:\Program Files\Canon\Easy-WebPrint\Resource.dll () O8 - Extra context menu item: Easy-WebPrint Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll () O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1266411268468 (MUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} http://game07.zylom.com/activex/zylomgamesplayer.cab (Zylom Games Player) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.251.1 O18 - Protocol\Handler\bw+0 {f8cf5810-09d6-4a9f-a257-548509cf2102} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw+0s {f8cf5810-09d6-4a9f-a257-548509cf2102} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw-0 {f8cf5810-09d6-4a9f-a257-548509cf2102} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw00 {f8cf5810-09d6-4a9f-a257-548509cf2102} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw00s {f8cf5810-09d6-4a9f-a257-548509cf2102} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw-0s {f8cf5810-09d6-4a9f-a257-548509cf2102} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw10 {f8cf5810-09d6-4a9f-a257-548509cf2102} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw10s {f8cf5810-09d6-4a9f-a257-548509cf2102} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw20 {f8cf5810-09d6-4a9f-a257-548509cf2102} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw20s {f8cf5810-09d6-4a9f-a257-548509cf2102} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw30 {f8cf5810-09d6-4a9f-a257-548509cf2102} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw30s {f8cf5810-09d6-4a9f-a257-548509cf2102} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw40 {f8cf5810-09d6-4a9f-a257-548509cf2102} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw40s {f8cf5810-09d6-4a9f-a257-548509cf2102} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw50 {f8cf5810-09d6-4a9f-a257-548509cf2102} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw50s {f8cf5810-09d6-4a9f-a257-548509cf2102} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw60 {f8cf5810-09d6-4a9f-a257-548509cf2102} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw60s {f8cf5810-09d6-4a9f-a257-548509cf2102} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw70 {f8cf5810-09d6-4a9f-a257-548509cf2102} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw70s {f8cf5810-09d6-4a9f-a257-548509cf2102} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw80 {f8cf5810-09d6-4a9f-a257-548509cf2102} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw80s {f8cf5810-09d6-4a9f-a257-548509cf2102} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw90 {f8cf5810-09d6-4a9f-a257-548509cf2102} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw90s {f8cf5810-09d6-4a9f-a257-548509cf2102} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwa0 {f8cf5810-09d6-4a9f-a257-548509cf2102} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwa0s {f8cf5810-09d6-4a9f-a257-548509cf2102} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwb0 {f8cf5810-09d6-4a9f-a257-548509cf2102} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwb0s {f8cf5810-09d6-4a9f-a257-548509cf2102} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwc0 {f8cf5810-09d6-4a9f-a257-548509cf2102} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwc0s {f8cf5810-09d6-4a9f-a257-548509cf2102} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwd0 {f8cf5810-09d6-4a9f-a257-548509cf2102} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwd0s {f8cf5810-09d6-4a9f-a257-548509cf2102} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwe0 {f8cf5810-09d6-4a9f-a257-548509cf2102} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwe0s {f8cf5810-09d6-4a9f-a257-548509cf2102} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwf0 {f8cf5810-09d6-4a9f-a257-548509cf2102} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwf0s {f8cf5810-09d6-4a9f-a257-548509cf2102} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwg0 {f8cf5810-09d6-4a9f-a257-548509cf2102} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwg0s {f8cf5810-09d6-4a9f-a257-548509cf2102} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwh0 {f8cf5810-09d6-4a9f-a257-548509cf2102} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwh0s {f8cf5810-09d6-4a9f-a257-548509cf2102} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwi0 {f8cf5810-09d6-4a9f-a257-548509cf2102} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwi0s {f8cf5810-09d6-4a9f-a257-548509cf2102} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwj0 {f8cf5810-09d6-4a9f-a257-548509cf2102} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwj0s {f8cf5810-09d6-4a9f-a257-548509cf2102} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwk0 {f8cf5810-09d6-4a9f-a257-548509cf2102} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwk0s {f8cf5810-09d6-4a9f-a257-548509cf2102} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwl0 {f8cf5810-09d6-4a9f-a257-548509cf2102} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwl0s {f8cf5810-09d6-4a9f-a257-548509cf2102} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwm0 {f8cf5810-09d6-4a9f-a257-548509cf2102} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwm0s {f8cf5810-09d6-4a9f-a257-548509cf2102} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwn0 {f8cf5810-09d6-4a9f-a257-548509cf2102} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwn0s {f8cf5810-09d6-4a9f-a257-548509cf2102} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwo0 {f8cf5810-09d6-4a9f-a257-548509cf2102} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwo0s {f8cf5810-09d6-4a9f-a257-548509cf2102} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwp0 {f8cf5810-09d6-4a9f-a257-548509cf2102} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwp0s {f8cf5810-09d6-4a9f-a257-548509cf2102} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwq0 {f8cf5810-09d6-4a9f-a257-548509cf2102} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwq0s {f8cf5810-09d6-4a9f-a257-548509cf2102} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwr0 {f8cf5810-09d6-4a9f-a257-548509cf2102} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwr0s {f8cf5810-09d6-4a9f-a257-548509cf2102} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bws0 {f8cf5810-09d6-4a9f-a257-548509cf2102} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bws0s {f8cf5810-09d6-4a9f-a257-548509cf2102} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwt0 {f8cf5810-09d6-4a9f-a257-548509cf2102} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwt0s {f8cf5810-09d6-4a9f-a257-548509cf2102} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwu0 {f8cf5810-09d6-4a9f-a257-548509cf2102} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwu0s {f8cf5810-09d6-4a9f-a257-548509cf2102} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwv0 {f8cf5810-09d6-4a9f-a257-548509cf2102} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwv0s {f8cf5810-09d6-4a9f-a257-548509cf2102} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bww0 {f8cf5810-09d6-4a9f-a257-548509cf2102} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bww0s {f8cf5810-09d6-4a9f-a257-548509cf2102} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwx0 {f8cf5810-09d6-4a9f-a257-548509cf2102} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwx0s {f8cf5810-09d6-4a9f-a257-548509cf2102} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwy0 {f8cf5810-09d6-4a9f-a257-548509cf2102} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwy0s {f8cf5810-09d6-4a9f-a257-548509cf2102} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwz0 {f8cf5810-09d6-4a9f-a257-548509cf2102} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwz0s {f8cf5810-09d6-4a9f-a257-548509cf2102} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\offline-8876480 {F8CF5810-09D6-4A9F-A257-548509CF2102} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation) O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\AGA\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\AGA\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008-02-23 13:01:27 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{7dd9170c-6a3b-11de-8b5a-0018dea08600}\Shell\AutoRun\command - "" = F:\InstallTomTomHOME.exe -- File not found O33 - MountPoints2\{bf907fc2-4692-11de-8ab5-0018dea08600}\Shell - "" = AutoRun O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2010-04-02 11:35:38 | 000,000,000 | ---D | C] -- C:\_OTL [2010-04-01 16:21:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AGA\DoctorWeb [2010-03-31 15:55:03 | 000,555,520 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\AGA\Pulpit\OTL.exe [2010-03-20 11:14:28 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\browserchoice.exe [2010-03-10 23:02:51 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe [2010-03-08 23:20:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AGA\.gstreamer-0.10 [2010-03-08 23:18:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\OpenFM [2010-03-08 23:18:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AGA\Dane aplikacji\OpenFM [2010-03-08 09:14:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10 [2010-03-08 09:14:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AGA\Dane aplikacji\Gadu-Gadu 10 [2010-03-08 09:14:20 | 000,000,000 | ---D | C] -- C:\Program Files\Gadu-Gadu 10 [2008-12-29 16:24:57 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Dane aplikacji\Microsoft [2008-09-05 15:11:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft [2008-04-19 17:29:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Apple [2008-02-23 13:04:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft [2008-02-23 13:01:19 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji\Microsoft [2007-07-20 01:48:24 | 001,673,576 | ---- | C] (Microsoft Corporation) -- C:\Program Files\dsetup32.dll [2007-07-20 01:48:24 | 000,503,144 | ---- | C] (Microsoft Corporation) -- C:\Program Files\DXSETUP.exe [2007-07-20 01:48:24 | 000,077,160 | ---- | C] (Microsoft Corporation) -- C:\Program Files\DSETUP.dll [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2010-04-02 11:41:42 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010-04-02 11:41:35 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010-04-02 11:40:25 | 004,718,592 | -H-- | M] () -- C:\Documents and Settings\AGA\NTUSER.DAT [2010-04-02 11:40:25 | 000,000,188 | -HS- | M] () -- C:\Documents and Settings\AGA\ntuser.ini [2010-04-02 07:43:03 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010-04-02 07:41:06 | 004,287,014 | -H-- | M] () -- C:\Documents and Settings\AGA\Ustawienia lokalne\Dane aplikacji\IconCache.db [2010-04-02 07:29:37 | 000,000,458 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{A861C439-E734-4C94-B4B2-DB36E88B4B42}.job [2010-04-01 16:19:03 | 036,080,968 | ---- | M] () -- C:\Documents and Settings\AGA\Pulpit\drweb-cureit.exe [2010-03-31 15:55:04 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\AGA\Pulpit\OTL.exe [2010-03-31 15:49:58 | 000,000,573 | ---- | M] () -- C:\WINDOWS\win.ini [2010-03-31 15:49:58 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini [2010-03-31 15:49:58 | 000,000,211 | -HS- | M] () -- C:\boot.ini [2010-03-30 18:19:30 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2010-03-30 16:06:12 | 000,000,010 | ---- | M] () -- C:\WINDOWS\popcinfo.dat [2010-03-28 09:16:40 | 000,763,990 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010-03-28 09:16:40 | 000,356,068 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat [2010-03-28 09:16:40 | 000,311,938 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010-03-28 09:16:40 | 000,049,910 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat [2010-03-28 09:16:40 | 000,040,326 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010-03-13 19:28:53 | 000,055,296 | ---- | M] () -- C:\Documents and Settings\AGA\Moje dokumenty\analiza porównawcza programów.doc [2010-03-11 21:43:31 | 014,339,061 | ---- | M] () -- C:\Documents and Settings\AGA\Pulpit\Re_ciekawostki.zip [2010-03-11 09:08:18 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2010-03-04 20:40:07 | 000,037,376 | ---- | M] () -- C:\Documents and Settings\AGA\Moje dokumenty\działka.xls [2010-03-04 19:53:32 | 000,121,722 | ---- | M] () -- C:\Documents and Settings\AGA\Moje dokumenty\pit-37-2008.pdf [2010-03-04 09:21:24 | 000,175,104 | ---- | M] () -- C:\Documents and Settings\AGA\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010-03-04 09:21:24 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [color=#E56717]========== Files Created - No Company Name ==========[/color] [2010-04-01 16:19:01 | 036,080,968 | ---- | C] () -- C:\Documents and Settings\AGA\Pulpit\drweb-cureit.exe [2010-03-13 19:28:53 | 000,055,296 | ---- | C] () -- C:\Documents and Settings\AGA\Moje dokumenty\analiza porównawcza programów.doc [2010-03-11 21:43:31 | 014,339,061 | ---- | C] () -- C:\Documents and Settings\AGA\Pulpit\Re_ciekawostki.zip [2010-03-04 20:24:00 | 000,037,376 | ---- | C] () -- C:\Documents and Settings\AGA\Moje dokumenty\działka.xls [2010-03-04 19:53:32 | 000,121,722 | ---- | C] () -- C:\Documents and Settings\AGA\Moje dokumenty\pit-37-2008.pdf [2008-03-31 23:25:46 | 000,831,488 | ---- | C] () -- C:\WINDOWS\System32\divx_xx0a.dll [2008-03-21 22:30:08 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll [2008-03-21 22:28:54 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest [2008-03-21 22:28:54 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest [2008-03-21 22:28:20 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll [2008-02-24 22:50:39 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat [2008-02-24 16:35:10 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS76.DLL [2008-02-24 16:23:21 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2008-02-24 16:19:53 | 000,009,255 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini [2008-02-24 16:17:01 | 000,000,719 | R--- | C] () -- C:\WINDOWS\System32\InstExec.ini [2008-02-24 16:12:35 | 000,000,051 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\Installer.log [2008-02-24 15:17:59 | 000,000,421 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2008-02-24 14:59:10 | 000,010,479 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini [2008-02-24 14:58:59 | 000,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS [2008-02-23 16:40:13 | 000,175,104 | ---- | C] () -- C:\Documents and Settings\AGA\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008-02-23 13:13:13 | 000,005,632 | R--- | C] () -- C:\WINDOWS\System32\drivers\ATKACPI.sys [2008-02-23 13:13:00 | 000,007,424 | R--- | C] () -- C:\WINDOWS\System32\drivers\MMIOPORT.SYS [2007-07-20 02:19:00 | 001,803,760 | ---- | C] () -- C:\Program Files\AUG2007_d3dx9_35_x64.cab [2007-07-20 02:19:00 | 000,855,886 | ---- | C] () -- C:\Program Files\AUG2007_d3dx10_35_x64.cab [2007-07-20 02:19:00 | 000,800,467 | ---- | C] () -- C:\Program Files\AUG2007_d3dx10_35_x86.cab [2007-07-20 02:18:58 | 000,201,696 | ---- | C] () -- C:\Program Files\AUG2007_XACT_x64.cab [2007-07-20 02:18:56 | 001,711,752 | ---- | C] () -- C:\Program Files\AUG2007_d3dx9_35_x86.cab [2007-07-20 02:18:56 | 000,156,612 | ---- | C] () -- C:\Program Files\AUG2007_XACT_x86.cab [2007-07-20 02:18:56 | 000,044,684 | ---- | C] () -- C:\Program Files\dxdllreg_x86.cab [2007-07-20 01:48:24 | 001,610,886 | ---- | C] () -- C:\Program Files\JUN2007_d3dx9_34_x86.cab [2007-07-20 01:48:24 | 001,413,862 | ---- | C] () -- C:\Program Files\OCT2006_d3dx9_31_x64.cab [2007-07-20 01:48:24 | 001,128,177 | ---- | C] () -- C:\Program Files\OCT2006_d3dx9_31_x86.cab [2007-07-20 01:48:24 | 000,200,722 | ---- | C] () -- C:\Program Files\JUN2007_XACT_x64.cab [2007-07-20 01:48:24 | 000,183,321 | ---- | C] () -- C:\Program Files\OCT2006_XACT_x64.cab [2007-07-20 01:48:24 | 000,156,509 | ---- | C] () -- C:\Program Files\JUN2007_XACT_x86.cab [2007-07-20 01:48:24 | 000,138,977 | ---- | C] () -- C:\Program Files\OCT2006_XACT_x86.cab [2007-07-20 01:48:24 | 000,086,925 | ---- | C] () -- C:\Program Files\Oct2005_xinput_x64.cab [2007-07-20 01:48:24 | 000,086,709 | ---- | C] () -- C:\Program Files\dxupdate.cab [2007-07-20 01:48:24 | 000,046,247 | ---- | C] () -- C:\Program Files\Oct2005_xinput_x86.cab [2007-07-20 01:48:22 | 001,611,374 | ---- | C] () -- C:\Program Files\JUN2007_d3dx9_34_x64.cab [2007-07-20 01:48:22 | 001,575,336 | ---- | C] () -- C:\Program Files\DEC2006_d3dx9_32_x86.cab [2007-07-20 01:48:22 | 001,572,114 | ---- | C] () -- C:\Program Files\DEC2006_d3dx9_32_x64.cab [2007-07-20 01:48:22 | 001,363,684 | ---- | C] () -- C:\Program Files\Feb2006_d3dx9_29_x64.cab [2007-07-20 01:48:22 | 001,358,864 | ---- | C] () -- C:\Program Files\Dec2005_d3dx9_28_x64.cab [2007-07-20 01:48:22 | 001,351,430 | ---- | C] () -- C:\Program Files\Aug2005_d3dx9_27_x64.cab [2007-07-20 01:48:22 | 001,336,890 | ---- | C] () -- C:\Program Files\Jun2005_d3dx9_26_x64.cab [2007-07-20 01:48:22 | 001,248,387 | ---- | C] () -- C:\Program Files\Feb2005_d3dx9_24_x64.cab [2007-07-20 01:48:22 | 001,085,608 | ---- | C] () -- C:\Program Files\Feb2006_d3dx9_29_x86.cab [2007-07-20 01:48:22 | 001,080,344 | ---- | C] () -- C:\Program Files\Dec2005_d3dx9_28_x86.cab [2007-07-20 01:48:22 | 001,078,532 | ---- | C] () -- C:\Program Files\Aug2005_d3dx9_27_x86.cab [2007-07-20 01:48:22 | 001,065,813 | ---- | C] () -- C:\Program Files\Jun2005_d3dx9_26_x86.cab [2007-07-20 01:48:22 | 001,014,113 | ---- | C] () -- C:\Program Files\Feb2005_d3dx9_24_x86.cab [2007-07-20 01:48:22 | 000,702,644 | ---- | C] () -- C:\Program Files\JUN2007_d3dx10_34_x64.cab [2007-07-20 01:48:22 | 000,702,072 | ---- | C] () -- C:\Program Files\JUN2007_d3dx10_34_x86.cab [2007-07-20 01:48:22 | 000,213,767 | ---- | C] () -- C:\Program Files\DEC2006_d3dx10_00_x64.cab [2007-07-20 01:48:22 | 000,199,366 | ---- | C] () -- C:\Program Files\APR2007_XACT_x64.cab [2007-07-20 01:48:22 | 000,198,275 | ---- | C] () -- C:\Program Files\FEB2007_XACT_x64.cab [2007-07-20 01:48:22 | 000,193,435 | ---- | C] () -- C:\Program Files\DEC2006_XACT_x64.cab [2007-07-20 01:48:22 | 000,192,680 | ---- | C] () -- C:\Program Files\DEC2006_d3dx10_00_x86.cab [2007-07-20 01:48:22 | 000,183,863 | ---- | C] () -- C:\Program Files\AUG2006_XACT_x64.cab [2007-07-20 01:48:22 | 000,181,745 | ---- | C] () -- C:\Program Files\JUN2006_XACT_x64.cab [2007-07-20 01:48:22 | 000,179,247 | ---- | C] () -- C:\Program Files\Feb2006_XACT_x64.cab [2007-07-20 01:48:22 | 000,154,825 | ---- | C] () -- C:\Program Files\APR2007_XACT_x86.cab [2007-07-20 01:48:22 | 000,151,583 | ---- | C] () -- C:\Program Files\FEB2007_XACT_x86.cab [2007-07-20 01:48:22 | 000,146,559 | ---- | C] () -- C:\Program Files\DEC2006_XACT_x86.cab [2007-07-20 01:48:22 | 000,138,195 | ---- | C] () -- C:\Program Files\AUG2006_XACT_x86.cab [2007-07-20 01:48:22 | 000,134,631 | ---- | C] () -- C:\Program Files\JUN2006_XACT_x86.cab [2007-07-20 01:48:22 | 000,133,297 | ---- | C] () -- C:\Program Files\Feb2006_XACT_x86.cab [2007-07-20 01:48:22 | 000,100,417 | ---- | C] () -- C:\Program Files\APR2007_xinput_x64.cab [2007-07-20 01:48:22 | 000,088,102 | ---- | C] () -- C:\Program Files\AUG2006_xinput_x64.cab [2007-07-20 01:48:22 | 000,056,902 | ---- | C] () -- C:\Program Files\APR2007_xinput_x86.cab [2007-07-20 01:48:22 | 000,047,018 | ---- | C] () -- C:\Program Files\AUG2006_xinput_x86.cab [2007-07-20 01:48:20 | 004,163,518 | ---- | C] () -- C:\Program Files\Apr2006_MDX1_x86_Archive.cab [2007-07-20 01:48:20 | 001,610,958 | ---- | C] () -- C:\Program Files\APR2007_d3dx9_33_x64.cab [2007-07-20 01:48:20 | 001,609,639 | ---- | C] () -- C:\Program Files\APR2007_d3dx9_33_x86.cab [2007-07-20 01:48:20 | 001,398,718 | ---- | C] () -- C:\Program Files\Apr2006_d3dx9_30_x64.cab [2007-07-20 01:48:20 | 001,348,242 | ---- | C] () -- C:\Program Files\Apr2005_d3dx9_25_x64.cab [2007-07-20 01:48:20 | 001,116,109 | ---- | C] () -- C:\Program Files\Apr2006_d3dx9_30_x86.cab [2007-07-20 01:48:20 | 001,079,850 | ---- | C] () -- C:\Program Files\Apr2005_d3dx9_25_x86.cab [2007-07-20 01:48:20 | 000,917,318 | ---- | C] () -- C:\Program Files\Apr2006_MDX1_x86.cab [2007-07-20 01:48:20 | 000,702,212 | ---- | C] () -- C:\Program Files\APR2007_d3dx10_33_x64.cab [2007-07-20 01:48:20 | 000,699,465 | ---- | C] () -- C:\Program Files\APR2007_d3dx10_33_x86.cab [2007-07-20 01:48:20 | 000,180,021 | ---- | C] () -- C:\Program Files\Apr2006_XACT_x64.cab [2007-07-20 01:48:20 | 000,133,991 | ---- | C] () -- C:\Program Files\Apr2006_XACT_x86.cab [2007-07-20 01:48:20 | 000,087,989 | ---- | C] () -- C:\Program Files\Apr2006_xinput_x64.cab [2007-07-20 01:48:20 | 000,046,898 | ---- | C] () -- C:\Program Files\Apr2006_xinput_x86.cab [2007-07-20 01:48:18 | 013,265,040 | ---- | C] () -- C:\Program Files\dxnt.cab [2007-07-20 01:48:18 | 001,156,363 | ---- | C] () -- C:\Program Files\BDANT.cab [2007-07-20 01:48:18 | 000,976,020 | ---- | C] () -- C:\Program Files\BDAXP.cab [2005-12-09 16:37:42 | 002,400,256 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVMVdrv.sys [2005-12-09 16:37:42 | 000,016,768 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPrcMon.sys [2005-12-09 16:35:54 | 002,174,464 | ---- | C] () -- C:\WINDOWS\System32\drivers\Lvckap.sys [2005-10-14 12:56:50 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll [2005-10-14 12:56:50 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2005-10-14 12:56:50 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll [2005-10-14 12:56:50 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll [2005-10-14 12:56:50 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll [2005-10-14 12:56:50 | 000,155,136 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2005-10-14 12:56:50 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll [2005-01-24 11:30:35 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll [2005-01-24 11:30:34 | 000,831,488 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll [2003-04-08 12:40:22 | 000,005,679 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI [1999-01-27 14:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll [1997-06-13 08:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll < End of report >

Dodano Dzisiaj, 12:03:
to jest log ze skanowania w otl...A czy powinnam jeszcze raz przeskanować ty dr. cure, czy już nie trzeba? Co jeszcze zrobić, żeby cały ten syf usunąć? Bo chciałabym już tak to zrobić, żeby nie było problemów i żeby dokładnie oczyścić kompa, jak się juz za to wzięłam...MOżecie też doradzić mi jakiegoś dobrego antywirusa, najlepiej, żeby był bezpłatny..Ja teraz mam avast!, ale on chyba nie jest zbyt dobry...

**Posty:** 4765 · przez **ordynat** 02 Kwi 2010, 12:04

syspck32.exe not found.

A więc jednak Dr.Web musiał go już usunąć, skoro teraz go nie było.
W logu nic więcej szkodliwego nie ma.
.

**Posty:** 12734 · przez **Mikou@j** 02 Kwi 2010, 12:06

aga.jaska napisał(a):MOżecie też doradzić mi jakiegoś dobrego antywirusa, najlepiej, żeby był bezpłatny

Avira, Comodo Internet Security + zdrowy rozsądek.

**Posty:** 17 · przez **aga.jaska** 02 Kwi 2010, 12:23

OK, mam nadzieję, że na jakiś czas nie będę potrzebowała Waszej pomocy...

Dziękuję wszystkim za pomoc i życzę Wesołych Świąt!:)