Avira wykryła hidden object, co dalej?

Dla specjalistów Bezpieczeństwo
#1

Witam.

Podczas ostatniego skanowania Avira wykryła jakiś hidden object, poniżej wycinek z loga:

Starting search for hidden objects.

HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces{E22D3D30-3F82-4BCD-919C-BA41F276EDEE}\ntecontextlist

[iNFO] The registry entry is invisible.

‘29031’ objects were checked, ‘1’ hidden objects were found.

Zauważyłem też, że w menedżerze zadań mam dwa procesy explorer. Czy może to mieć jakiś związek z potencjalnym rootkitem? Proszę o sprawdzenie logów i z góry dziękuję za pomoc.

Log z HiJack

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:33:09, on 2008-07-03

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe

C:\Program Files\COMODO\Firewall\cfp.exe

C:\Program Files\A4Tech\Mouse\Amoumain.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\COMODO\Firewall\cmdagent.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Gadu-Gadu\gg.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM…\Run: [nwiz] nwiz.exe /install

O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM…\Run: [speedTouch USB Diagnostics] “C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe” /icon

O4 - HKLM…\Run: [COMODO Firewall Pro] “C:\Program Files\COMODO\Firewall\cfp.exe” -h

O4 - HKLM…\Run: [WinampAgent] “C:\Program Files\Winamp\winampa.exe”

O4 - HKLM…\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe

O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe”

O4 - HKLM…\Run: [avgnt] “C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe” /min

O4 - HKCU…\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra ‘Tools’ menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O17 - HKLM\System\CCS\Services\Tcpip…{E22D3D30-3F82-4BCD-919C-BA41F276EDEE}: NameServer = 194.204.159.1 217.98.63.164

O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

End of file - 4468 bytes

Log z Silent Runners:

“Silent Runners.vbs”, revision 58, http://www.silentrunners.org/

Operating System: Windows XP SP2

Output limited to non-default values, except where indicated by “{++}”

Startup items buried in registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

“SpybotSD TeaTimer” = “C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe” [“Safer Networking Limited”]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

“NvCplDaemon” = “RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup” [MS]

“nwiz” = “nwiz.exe /install” [“NVIDIA Corporation”]

“NvMediaCenter” = “RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit” [MS]

“SpeedTouch USB Diagnostics” = ““C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe” /icon” [“THOMSON Telecom Belgium”]

“COMODO Firewall Pro” = ““C:\Program Files\COMODO\Firewall\cfp.exe” -h” [“COMODO”]

“WinampAgent” = ““C:\Program Files\Winamp\winampa.exe”” [file not found]

“WheelMouse” = “C:\Program Files\A4Tech\Mouse\Amoumain.exe” [“A4Tech Co., Ltd.”]

“SunJavaUpdateSched” = ““C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe”” [“Sun Microsystems, Inc.”]

“avgnt” = ““C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe” /min” [“Avira GmbH”]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided)

-> {HKLM…CLSID} = “AcroIEHlprObj Class”

\InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll” [“Adobe Systems Incorporated”]

{53707962-6F74-2D53-2644-206D7942484F}(Default) = (no title provided)

-> {HKLM…CLSID} = “Spybot-S&D IE Protection”

\InProcServer32(Default) = “C:\PROGRA~1\SPYBOT~1\SDHelper.dll” [“Safer Networking Limited”]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}(Default) = (no title provided)

-> {HKLM…CLSID} = “SSVHelper Class”

\InProcServer32(Default) = “C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll” [“Sun Microsystems, Inc.”]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

“{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania”

-> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania”

\InProcServer32(Default) = “deskpan.dll” [file not found]

“{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu”

-> {HKLM…CLSID} = “HyperTerminal Icon Ext”

\InProcServer32(Default) = “C:\WINDOWS\system32\hticons.dll” [“Hilgraeve, Inc.”]

“{A70C977A-BF00-412C-90B7-034C51DA2439}” = “NvCpl DesktopContext Class”

-> {HKLM…CLSID} = “DesktopContext Class”

\InProcServer32(Default) = “C:\WINDOWS\system32\nvcpl.dll” [“NVIDIA Corporation”]

“{FFB699E0-306A-11d3-8BD1-00104B6F7516}” = “Play on my TV helper”

-> {HKLM…CLSID} = “NVIDIA CPL Extension”

\InProcServer32(Default) = “C:\WINDOWS\system32\nvcpl.dll” [“NVIDIA Corporation”]

“{1CDB2949-8F65-4355-8456-263E7C208A5D}” = “Desktop Explorer”

-> {HKLM…CLSID} = “Desktop Explorer”

\InProcServer32(Default) = “C:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”]

“{1E9B04FB-F9E5-4718-997B-B8DA88302A47}” = “Desktop Explorer Menu”

-> {HKLM…CLSID} = (no title provided)

\InProcServer32(Default) = “C:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”]

“{1E9B04FB-F9E5-4718-997B-B8DA88302A48}” = “nView Desktop Context Menu”

-> {HKLM…CLSID} = “nView Desktop Context Menu”

\InProcServer32(Default) = “C:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”]

“{45AC2688-0253-4ED8-97DE-B5370FA7D48A}” = “Shell Extension for Malware scanning”

-> {HKLM…CLSID} = “Shell Extension for Malware scanning”

\InProcServer32(Default) = “C:\Program Files\Avira\AntiVir PersonalEdition Classic\shlext.dll” [“Avira GmbH”]

“{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension”

-> {HKLM…CLSID} = “WinRAR”

\InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data]

“{6DEA92E9-8682-4b6a-97DE-354772FE5727}” = “Autodesk DWF Preview”

-> {HKLM…CLSID} = “ACDWFTHMBPRXY”

\InProcServer32(Default) = “C:\Program Files\Common Files\Autodesk Shared\Thumbnail\AcDwfThmbPrxy16.dll” [“Autodesk”]

“{36A21736-36C2-4C11-8ACB-D4136F2B57BD}” = “AutoCAD Digital Signatures Icon Overlay Handler”

-> {HKLM…CLSID} = “AcSignIcon”

\InProcServer32(Default) = “C:\WINDOWS\system32\AcSignIcon.dll” [“Autodesk”]

“{AC1DB655-4F9A-4c39-8AD2-A65324A4C446}” = “Autodesk Drawing Preview”

-> {HKLM…CLSID} = “ACTHUMBNAIL”

\InProcServer32(Default) = “C:\Program Files\Common Files\Autodesk Shared\Thumbnail\AcThumbnail16.dll” [“Autodesk”]

“{AD392E40-428C-459F-961E-9B147782D099}” = “UltraISO”

-> {HKLM…CLSID} = “UIContextMenu Class”

\InProcServer32(Default) = “C:\Program Files\UltraISO\isoshell.dll” [“EZB Systems, Inc.”]

HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\

<> “BootExecute” = “autocheck autochk *”|“lsdelete” [null data]

HKLM\SOFTWARE\Classes*\shellex\ContextMenuHandlers\

Shell Extension for Malware scanning(Default) = “{45AC2688-0253-4ED8-97DE-B5370FA7D48A}”

-> {HKLM…CLSID} = “Shell Extension for Malware scanning”

\InProcServer32(Default) = “C:\Program Files\Avira\AntiVir PersonalEdition Classic\shlext.dll” [“Avira GmbH”]

WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”

-> {HKLM…CLSID} = “WinRAR”

\InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data]

HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\

UltraISO(Default) = “{AD392E40-428C-459F-961E-9B147782D099}”

-> {HKLM…CLSID} = “UIContextMenu Class”

\InProcServer32(Default) = “C:\Program Files\UltraISO\isoshell.dll” [“EZB Systems, Inc.”]

WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”

-> {HKLM…CLSID} = “WinRAR”

\InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data]

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\

Shell Extension for Malware scanning(Default) = “{45AC2688-0253-4ED8-97DE-B5370FA7D48A}”

-> {HKLM…CLSID} = “Shell Extension for Malware scanning”

\InProcServer32(Default) = “C:\Program Files\Avira\AntiVir PersonalEdition Classic\shlext.dll” [“Avira GmbH”]

UltraISO(Default) = “{AD392E40-428C-459F-961E-9B147782D099}”

-> {HKLM…CLSID} = “UIContextMenu Class”

\InProcServer32(Default) = “C:\Program Files\UltraISO\isoshell.dll” [“EZB Systems, Inc.”]

WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”

-> {HKLM…CLSID} = “WinRAR”

\InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data]

Default executables:

<> HKCU\Software\Classes.scr(Default) = “AutoCADScriptFile”

<> HKCU\Software\Classes\AutoCADScriptFile\shell\open\command(Default) = "“C:\WINDOWS\system32\notepad.exe” “%1"” [MS]

Group Policies {GPedit.msc branch and setting}:

Note: detected settings may not have any effect.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\

“shutdownwithoutlogon” = (REG_DWORD) dword:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Shutdown: Allow system to be shut down without having to log on}

“undockwithoutlogon” = (REG_DWORD) dword:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Devices: Allow undock without having to log on}

Active Desktop and Wallpaper:

Active Desktop may be disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Windows Portable Device AutoPlay Handlers

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\

FunMultiMediaHandler\

“Provider” = “MultiMedia Manager”

“ProgID” = “FUNBOX.Autoplay”

HKLM\SOFTWARE\Classes\FUNBOX.Autoplay\CLSID(Default) = “{DF866F1F-10DF-4694-94A9-7F526FC8800A}”

-> {HKLM…CLSID} = “FUNBOX Autoplay Sample 2”

\LocalServer32(Default) = “C:\Program Files\Samsung\Samsung PC Studio 3\Share_autoplay.exe” [“TODO: <** **>” (unwritable string)]

WinampMTPHandler\

“Provider” = “Winamp”

“ProgID” = “Shell.HWEventHandlerShellExecute”

“InitCmdLine” = “C:\Program Files\Winamp\winamp.exe”

HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID(Default) = “{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}”

-> {HKLM…CLSID} = “ShellExecute HW Event Handler”

\LocalServer32(Default) = “rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}” [MS]

WinampPlayMediaOnArrival\

“Provider” = “Winamp”

“InvokeProgID” = “Winamp.File”

“InvokeVerb” = “Play”

HKLM\SOFTWARE\Classes\Winamp.File\shell\Play\command(Default) = "“C:\Program Files\Winamp\winamp.exe” “%1"” [“Nullsoft”]

HKLM\SOFTWARE\Classes\Winamp.File\shell\Play\DropTarget\CLSID = “{46986115-84D6-459c-8F95-52DD653E532E}”

-> {HKLM…CLSID} = (no title provided)

\LocalServer32(Default) = ““C:\Program Files\Winamp\winamp.exe”” [“Nullsoft”]

Startup items in “Boss” & “All Users” startup folders:

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart

“AutoCAD Startup Accelerator” -> shortcut to: “C:\Program Files\Common Files\Autodesk Shared\acstart16.exe” [null data]

“Microsoft Office” -> shortcut to: “C:\Program Files\Microsoft Office\Office\OSA9.EXE -b -l” [MS]

Winsock2 Service Provider DLLs:

Namespace Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS]

000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS]

000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS]

Transport Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15

%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05

Toolbars, Explorer Bars, Extensions:

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\

“MenuText” = “Sun Java Console”

“CLSIDExtension” = “{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}”

-> {HKCU…CLSID} = “Java Plug-in 1.6.0_05”

\InProcServer32(Default) = “C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll” [“Sun Microsystems, Inc.”]

-> {HKLM…CLSID} = “Java Plug-in 1.6.0_05”

\InProcServer32(Default) = “C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll” [“Sun Microsystems, Inc.”]

{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}\

“MenuText” = “Spybot - Search & Destroy Configuration”

“CLSIDExtension” = “{53707962-6F74-2D53-2644-206D7942484F}”

-> {HKLM…CLSID} = “Spybot-S&D IE Protection”

\InProcServer32(Default) = “C:\PROGRA~1\SPYBOT~1\SDHelper.dll” [“Safer Networking Limited”]

{FB5F1910-F110-11D2-BB9E-00C04F795683}\

“ButtonText” = “Messenger”

“MenuText” = “Windows Messenger”

“Exec” = “C:\Program Files\Messenger\msmsgs.exe” [MS]

Running Services (Display Name, Service Name, Path {Service DLL}):

Ad-Aware 2007 Service, aawservice, ““C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe”” [“Lavasoft”]

AntiVir PersonalEdition Classic Guard, AntiVirService, ““C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe”” [“Avira GmbH”]

AntiVir PersonalEdition Classic Scheduler, AntiVirScheduler, ““C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe”” [“Avira GmbH”]

COMODO Firewall Pro Helper Service, cmdAgent, ““C:\Program Files\COMODO\Firewall\cmdagent.exe”” [“COMODO”]

NVIDIA Display Driver Service, NVSvc, “C:\WINDOWS\system32\nvsvc32.exe” [“NVIDIA Corporation”]

Windows User Mode Driver Framework, UMWdf, “C:\WINDOWS\system32\wdfmgr.exe” [MS]

---------- (launch time: 2008-07-03 17:48:26)

<>: Suspicious data at a malware launch point.

  • This report excludes default entries except where indicated.

  • To see *everywhere* the script checks and *everything* it finds,

launch it from a command prompt or a shortcut with the -all parameter.

  • The search for DESKTOP.INI DLL launch points on all local fixed drives

took 80 seconds.

---------- (total run time: 182 seconds)

#2

Zmiana zasad wklejania logów na forum - viewtopic.php?f=16&t=253052

Daj log z ComboFix

#3

Log z ComboFix:

http://wklejto.pl/4825

#4

Wklej do Notatnika:

Driver::

jgameenp

>>Plik>>Zapisz jako… >>> CFScript (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe )

Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe (czyli ikonkę CFScript.txt na ikonkę ComboFix.exe )

– podobnie jak na tym obrazku –>88953CFScript-createdbyMiekiemoes.gif

(jeśli pojawi się pytanie " 1 or 2" - to wpisz 1 i naciśnij ENTER) Ma się rozpocząć usuwanie. (i powstanie log)

Po restarcie usuń ręcznie folder C: ** Qoobox**.

Po tym nowy log z Combo oraz skan http://www.kaspersky.pl/virusscanner.html

#5

Log z ComboFix:

http://wklejto.pl/4881

Log z Kaspersky’ego:

http://www.wklejto.pl/4891

Skanowanie Avirą nic nie wykrywa. Spybot S&D i AdAware też nic nie raportują.

#6

Powinno być Ok

#7

Super.

Dzięki za pomoc.