Problem z MS32DLL.dll.vbs jestem "zielona" proszę o pomoc

Witam.

Jak w temacie proszę o sprawdzenie loga i dalsze wskazówki oto log z HijackThis

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:24:45, on 2008-09-17

Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\PnkBstrB.exe

C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

C:\WINDOWS\system32\svchost.exe

C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe

C:\Program Files\A4Tech\Mouse\Amoumain.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE

C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Topro\tppoll.exe

C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\Program Files\Winamp\winamp.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\Program Files\Norton Internet Security\Norton AntiVirus\navw32.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL

O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL

O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: Alcohol Toolbar Helper - {8126A4A5-BFD3-46FE-BBDF-BFB5CF78E489} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll

O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: Alcohol Toolbar - {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll

O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll

O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL

O4 - HKLM…\Run: [symantec PIF AlertEng] “C:\Program Files\Common Files\Symantec Shared\PIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe” /a /m “C:\Program Files\Common Files\Symantec Shared\PIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll”

O4 - HKLM…\Run: [My Web Search Bar Search Scope Monitor] “C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe” /m=0

O4 - HKLM…\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe

O4 - HKLM…\Run: [startCCC] “C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe”

O4 - HKLM…\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM…\Run: [osCheck] “C:\Program Files\Norton Internet Security\osCheck.exe”

O4 - HKLM…\Run: [MyWebSearch Plugin] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL,UPF

O4 - HKLM…\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

O4 - HKLM…\Run: [iSUSScheduler] “C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe” -start

O4 - HKLM…\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM…\Run: [ccApp] “C:\Program Files\Common Files\Symantec Shared\ccApp.exe”

O4 - HKLM…\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM…\Run: [TPPOLL] C:\Program Files\Topro\tppoll.exe

O4 - HKLM…\Run: [securDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe

O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe”

O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU…\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] “C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe”

O4 - HKCU…\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA LOKALNA’)

O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA SIECIOWA’)

O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)

O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi … xmk142YYPL

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocach … .0.1.0.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso … 8228391781

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL … 586-jc.cab

O16 - DPF: {BFA1F11D-3121-AFE1-4112-983219421AEF} (GameDesire 1Player Word Games) - http://download.gamedesire.com/g_bin/pl … 0_0_48.cab

O16 - DPF: {E23FABEE-12E3-33DA-DA12-195DAC123984} (GameDesire Mahjong) - http://download.gamedesire.com/g_bin/pl … 0_0_31.cab

O17 - HKLM\System\CCS\Services\Tcpip…{13F95E89-6E89-4308-A723-8A240AA78743}: NameServer = 217.30.129.149,217.30.137.200

O17 - HKLM\System\CCS\Services\Tcpip…{197A69B6-4CB6-4EC4-A1A3-52EC60BBB0C6}: NameServer = 217.30.129.149 217.30.137.200

O17 - HKLM\System\CS1\Services\Tcpip…{13F95E89-6E89-4308-A723-8A240AA78743}: NameServer = 217.30.129.149,217.30.137.200

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe

O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

End of file - 12768 bytes

wpisy

usuń HijackThisem >> Fix checked

Pobierz Combofix http://www.searchengines.pl/index.php?s … ntry395642 ale nie włączaj.

Podczas pobierania i skanu Combofixem proszę wyłączyć wszelkie zapory i antywirusy

Otwórz notatnik i wklej

zapisz jako CFScript.txt (zapisz by ikonka CFScript.txt była obok ikonki ComboFix.exe) >> Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe

http://img.wklej.org/images/88953CFScri … iemoes.gif

Powinno rozpocząć się usuwanie

Potem log z usuwania Combofix

:slight_smile:

oto log z combo

ComboFix 08-09-16.05 - komp 2008-09-17 22:13:44.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1250.1.1045.18.1506 [GMT 2:00]

Uruchomiony z: C:\Documents and Settings\komp\Pulpit\ComboFix.exe

Command switches used :: C:\Documents and Settings\komp\Pulpit\CFScript.txt

* Utworzono nowy punkt przywracania

UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA!!

.

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\autorun.inf

C:\Documents and Settings\komp\Cookies\komp@nuggad[2].txt

C:\Documents and Settings\komp\Cookies\komp@tradedoubler[2].txt

C:\PROGRA~1\MYWEBS~1

C:\PROGRA~1\MYWEBS~1\bar\1.bin\F3BKGERR.JPG

C:\PROGRA~1\MYWEBS~1\bar\1.bin\F3CJPEG.DLL

C:\PROGRA~1\MYWEBS~1\bar\1.bin\F3DTACTL.DLL

C:\PROGRA~1\MYWEBS~1\bar\1.bin\F3HISTSW.DLL

C:\PROGRA~1\MYWEBS~1\bar\1.bin\F3HTMLMU.DLL

C:\PROGRA~1\MYWEBS~1\bar\1.bin\F3HTTPCT.DLL

C:\PROGRA~1\MYWEBS~1\bar\1.bin\F3IMSTUB.DLL

C:\PROGRA~1\MYWEBS~1\bar\1.bin\F3POPSWT.DLL

C:\PROGRA~1\MYWEBS~1\bar\1.bin\F3PSSAVR.SCR

C:\PROGRA~1\MYWEBS~1\bar\1.bin\F3REPROX.DLL

C:\PROGRA~1\MYWEBS~1\bar\1.bin\F3RESTUB.DLL

C:\PROGRA~1\MYWEBS~1\bar\1.bin\F3SCHMON.EXE

C:\PROGRA~1\MYWEBS~1\bar\1.bin\F3SCRCTR.DLL

C:\PROGRA~1\MYWEBS~1\bar\1.bin\F3SPACER.WMV

C:\PROGRA~1\MYWEBS~1\bar\1.bin\F3WALLPP.DAT

C:\PROGRA~1\MYWEBS~1\bar\1.bin\F3WPHOOK.DLL

C:\PROGRA~1\MYWEBS~1\bar\1.bin\FWPBUDDY.PNG

C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3FFXTBR.JAR

C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3FFXTBR.MANIFEST

C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3HIGHIN.EXE

C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3HTML.DLL

C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3IDLE.DLL

C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3IMPIPE.EXE

C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3MEDINT.EXE

C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3MSG.DLL

C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3NTSTBR.JAR

C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3NTSTBR.MANIFEST

C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3OUTLCN.DLL

C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL

C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3SKIN.DLL

C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3SKPLAY.EXE

C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3SLSRCH.EXE

C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3SRCHMN.EXE

C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL

C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSOEMON.EXE

C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSOEPLG.DLL

C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSOESTB.DLL

C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSSVC.EXE

C:\PROGRA~1\MYWEBS~1\bar\1.bin\NPMYWEBS.DLL

C:\PROGRA~1\MYWEBS~1\bar\Avatar\COMMON.F3S

C:\PROGRA~1\MYWEBS~1\bar\Cache\0009718A.bin

C:\PROGRA~1\MYWEBS~1\bar\Cache\00097F46.bin

C:\PROGRA~1\MYWEBS~1\bar\Cache\0009809E.bin

C:\PROGRA~1\MYWEBS~1\bar\Cache\000981F5.bin

C:\PROGRA~1\MYWEBS~1\bar\Cache\00818DC5

C:\PROGRA~1\MYWEBS~1\bar\Cache\008193E0

C:\PROGRA~1\MYWEBS~1\bar\Cache\00819566.bin

C:\PROGRA~1\MYWEBS~1\bar\Cache\0081A286.bin

C:\PROGRA~1\MYWEBS~1\bar\Cache\0081A41C.bin

C:\PROGRA~1\MYWEBS~1\bar\Cache\0081A593.bin

C:\PROGRA~1\MYWEBS~1\bar\Cache\files.ini

C:\PROGRA~1\MYWEBS~1\bar\Game\CHECKERS.F3S

C:\PROGRA~1\MYWEBS~1\bar\Game\CHESS.F3S

C:\PROGRA~1\MYWEBS~1\bar\Game\REVERSI.F3S

C:\PROGRA~1\MYWEBS~1\bar\History\search3

C:\PROGRA~1\MYWEBS~1\bar\icons\CM.ICO

C:\PROGRA~1\MYWEBS~1\bar\icons\MFC.ICO

C:\PROGRA~1\MYWEBS~1\bar\icons\PSS.ICO

C:\PROGRA~1\MYWEBS~1\bar\icons\SMILEY.ICO

C:\PROGRA~1\MYWEBS~1\bar\icons\WB.ICO

C:\PROGRA~1\MYWEBS~1\bar\icons\ZWINKY.ICO

C:\PROGRA~1\MYWEBS~1\bar\Message\COMMON.F3S

C:\PROGRA~1\MYWEBS~1\bar\Notifier\COMMON.F3S

C:\PROGRA~1\MYWEBS~1\bar\Notifier\DOG.F3S

C:\PROGRA~1\MYWEBS~1\bar\Notifier\FISH.F3S

C:\PROGRA~1\MYWEBS~1\bar\Notifier\KUNGFU.F3S

C:\PROGRA~1\MYWEBS~1\bar\Notifier\LIFEGARD.F3S

C:\PROGRA~1\MYWEBS~1\bar\Notifier\MAID.F3S

C:\PROGRA~1\MYWEBS~1\bar\Notifier\MAILBOX.F3S

C:\PROGRA~1\MYWEBS~1\bar\Notifier\OPERA.F3S

C:\PROGRA~1\MYWEBS~1\bar\Notifier\ROBOT.F3S

C:\PROGRA~1\MYWEBS~1\bar\Notifier\SEDUCT.F3S

C:\PROGRA~1\MYWEBS~1\bar\Notifier\SURFER.F3S

C:\PROGRA~1\MYWEBS~1\bar\Settings\prevcfg2.htm

C:\PROGRA~1\MYWEBS~1\bar\Settings\s_pid.dat

C:\PROGRA~1\MYWEBS~1\bar\Settings\setting2.htm

C:\PROGRA~1\MYWEBS~1\bar\Settings\settings.dat

C:\PROGRA~1\MYWEBS~1\SrchAstt\1.bin\MWSSRCAS.DLL

C:\Program Files\FunWebProducts

C:\Program Files\FunWebProducts\ScreenSaver\Images\0081AB30.urr

C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html

C:\Program Files\FunWebProducts\Shared\Cache\MailStampBtn.html

C:\Program Files\FunWebProducts\Shared\Cache\MyStationeryBtn.html

C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html

C:\Program Files\internet explorer\msimg32.dll

C:\Program Files\MyWebSearch

C:\Program Files\MyWebSearch\bar\1.bin\F3BKGERR.JPG

C:\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL

C:\Program Files\MyWebSearch\bar\1.bin\F3DTACTL.DLL

C:\Program Files\MyWebSearch\bar\1.bin\F3HISTSW.DLL

C:\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL

C:\Program Files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL

C:\Program Files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL

C:\Program Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL

C:\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR

C:\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL

C:\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL

C:\Program Files\MyWebSearch\bar\1.bin\F3SCHMON.EXE

C:\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL

C:\Program Files\MyWebSearch\bar\1.bin\F3SPACER.WMV

C:\Program Files\MyWebSearch\bar\1.bin\F3WALLPP.DAT

C:\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL

C:\Program Files\MyWebSearch\bar\1.bin\FWPBUDDY.PNG

C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR

C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST

C:\Program Files\MyWebSearch\bar\1.bin\M3HIGHIN.EXE

C:\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL

C:\Program Files\MyWebSearch\bar\1.bin\M3IDLE.DLL

C:\Program Files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE

C:\Program Files\MyWebSearch\bar\1.bin\M3MEDINT.EXE

C:\Program Files\MyWebSearch\bar\1.bin\M3MSG.DLL

C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR

C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST

C:\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL

C:\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL

C:\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL

C:\Program Files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE

C:\Program Files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE

C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE

C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL

C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE

C:\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL

C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL

C:\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE

C:\Program Files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL

C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S

C:\Program Files\MyWebSearch\bar\Cache\0009718A.bin

C:\Program Files\MyWebSearch\bar\Cache\00097F46.bin

C:\Program Files\MyWebSearch\bar\Cache\0009809E.bin

C:\Program Files\MyWebSearch\bar\Cache\000981F5.bin

C:\Program Files\MyWebSearch\bar\Cache\00818DC5

C:\Program Files\MyWebSearch\bar\Cache\008193E0

C:\Program Files\MyWebSearch\bar\Cache\00819566.bin

C:\Program Files\MyWebSearch\bar\Cache\0081A286.bin

C:\Program Files\MyWebSearch\bar\Cache\0081A41C.bin

C:\Program Files\MyWebSearch\bar\Cache\0081A593.bin

C:\Program Files\MyWebSearch\bar\Cache\files.ini

C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S

C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S

C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S

C:\Program Files\MyWebSearch\bar\History\search3

C:\Program Files\MyWebSearch\bar\icons\CM.ICO

C:\Program Files\MyWebSearch\bar\icons\MFC.ICO

C:\Program Files\MyWebSearch\bar\icons\PSS.ICO

C:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO

C:\Program Files\MyWebSearch\bar\icons\WB.ICO

C:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO

C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S

C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S

C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S

C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S

C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S

C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S

C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S

C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S

C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S

C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S

C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S

C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S

C:\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm

C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat

C:\Program Files\MyWebSearch\bar\Settings\setting2.htm

C:\Program Files\MyWebSearch\bar\Settings\settings.dat

C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL

C:\WINDOWS\system32\f3PSSavr.scr

E:\Autorun.inf

F:\Autorun.inf

.

((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_MYWEBSEARCHSERVICE

-------\Service_MyWebSearchService

((((((((((((((((((((((((( Pliki utworzone od 2008-08-17 do 2008-09-17 )))))))))))))))))))))))))))))))

.

2008-09-17 21:23 . 2008-09-17 21:23

2008-09-15 12:49 . 2008-09-15 12:49

2008-09-15 12:20 . 2008-09-15 12:20

2008-09-15 12:20 . 2008-04-14 19:20 221,184 --a------ C:\WINDOWS\system32\wmpns.dll

2008-09-15 12:19 . 2008-09-15 12:19

2008-09-11 15:59 . 2008-09-11 15:59

2008-09-09 16:34 . 2008-09-09 16:34

2008-09-09 16:31 . 2008-09-09 16:31

2008-09-09 16:30 . 2008-09-09 16:30

2008-09-09 16:30 . 2008-09-09 16:30

2008-09-09 16:30 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl

2008-09-09 16:29 . 2008-09-09 16:29

2008-09-08 08:44 . 2008-09-08 08:44

2008-09-08 08:42 . 2008-09-08 08:42

2008-09-07 13:53 . 2008-09-16 22:12 69 --a------ C:\WINDOWS\NeroDigital.ini

2008-09-06 19:43 . 2008-09-06 19:43

2008-09-06 19:41 . 2008-09-06 19:41

2008-09-06 19:40 . 2008-09-07 13:53

2008-09-06 19:39 . 2008-09-06 19:39

2008-09-06 19:37 . 2008-09-06 19:37

2008-09-06 19:37 . 2008-09-06 19:39

2008-09-06 19:37 . 2008-09-06 19:37

2008-09-05 17:04 . 2008-09-06 01:19

2008-09-02 10:52 . 2003-09-08 14:01 1,523,712 --a------ C:\WINDOWS\system32\ToproVC.dll

2008-09-02 10:52 . 2005-03-04 10:27 221,184 --a------ C:\WINDOWS\ToproUI.exe

2008-09-02 10:52 . 2006-05-18 16:29 197,556 --a------ C:\WINDOWS\system32\drivers\TP6800.sys

2008-09-02 10:52 . 2003-09-01 14:16 65,536 --a------ C:\WINDOWS\system32\camlib.dll

2008-09-02 10:52 . 2006-02-21 10:35 49,152 --a------ C:\WINDOWS\system32\drivers\CustPage.ax

2008-09-02 10:52 . 2005-02-25 10:24 28,672 --a------ C:\WINDOWS\tpsti.exe

2008-08-30 19:57 . 2008-08-30 20:57

2008-08-30 19:56 . 2008-08-30 19:59

2008-08-27 19:50 . 2008-08-27 19:51

2008-08-24 18:16 . 2008-08-24 18:19

2008-08-24 15:34 . 2008-08-24 19:30

2008-08-24 15:33 . 2008-08-24 15:33

2008-08-22 15:19 . 2008-08-22 15:19

2008-08-22 15:15 . 2008-08-22 15:15

2008-08-22 15:15 . 2008-08-22 15:15

2008-08-22 15:14 . 2008-09-11 15:59

2008-08-21 19:16 . 2008-08-21 19:16

2008-08-21 19:16 . 2008-08-21 19:16 4 --a------ C:\WINDOWS\system32\proc-1037709799.bin

2008-08-21 01:13 . 2008-08-21 01:13

2008-08-20 23:38 . 2008-07-12 08:18 3,851,784 --a------ C:\WINDOWS\system32\D3DX9_39.dll

2008-08-20 23:38 . 2008-07-12 08:18 1,493,528 --a------ C:\WINDOWS\system32\D3DCompiler_39.dll

2008-08-20 23:38 . 2008-07-31 10:40 509,448 --a------ C:\WINDOWS\system32\XAudio2_2.dll

2008-08-20 23:38 . 2008-07-12 08:18 467,984 --a------ C:\WINDOWS\system32\d3dx10_39.dll

2008-08-20 23:38 . 2008-07-31 10:41 238,088 --a------ C:\WINDOWS\system32\xactengine3_2.dll

2008-08-20 23:38 . 2008-07-31 10:41 68,616 --a------ C:\WINDOWS\system32\XAPOFX1_1.dll

2008-08-20 16:43 . 2008-08-20 16:43

2008-08-20 11:41 . 2008-08-20 11:42

2008-08-20 11:31 . 2008-08-21 14:00

.

(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-09-17 20:16 --------- d-----w C:\Program Files\Common Files\Symantec Shared

2008-09-17 20:16 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Symantec

2008-09-17 20:10 --------- d-----w C:\Documents and Settings\komp\Dane aplikacji\Skype

2008-09-17 20:07 --------- d-----w C:\Program Files\Symantec

2008-09-17 16:17 --------- d-----w C:\Documents and Settings\komp\Dane aplikacji\skypePM

2008-09-17 14:37 --------- d-----w C:\Documents and Settings\komp\Dane aplikacji\uTorrent

2008-09-08 06:44 --------- d–h--w C:\Program Files\InstallShield Installation Information

2008-09-05 15:04 --------- d-----w C:\Program Files\DAEMON Tools Toolbar

2008-09-02 08:52 --------- d-----w C:\Program Files\Topro

2008-08-19 14:38 --------- d-----w C:\Program Files\Microsoft Silverlight

2008-08-12 15:57 --------- d-----w C:\Documents and Settings\komp\Dane aplikacji\Winamp

2008-08-12 12:24 --------- d-----w C:\Program Files\Winamp

2008-08-10 17:48 --------- d-----w C:\Documents and Settings\komp\Dane aplikacji\Printer Info Cache

2008-08-10 17:48 --------- d-----w C:\Documents and Settings\komp\Dane aplikacji\Image Zone Express

2008-08-08 23:16 --------- d-----w C:\Program Files\Common Files\Adobe

2008-08-08 16:33 --------- d-----w C:\Documents and Settings\komp\Dane aplikacji\DAEMON Tools Pro

2008-08-08 16:31 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\DAEMON Tools Pro

2008-08-08 13:55 --------- d-----w C:\Program Files\PLATINUM technology

2008-08-07 23:31 --------- d-----w C:\Documents and Settings\komp\Dane aplikacji\HP

2008-08-07 23:19 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\WEBREG

2008-08-07 23:18 --------- d-----w C:\Program Files\HP

2008-08-07 23:18 --------- d-----w C:\Program Files\Common Files\HP

2008-08-07 23:17 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\HP

2008-08-07 23:16 --------- d-----w C:\Program Files\Hewlett-Packard

2008-08-07 23:16 --------- d-----w C:\Program Files\Common Files\Hewlett-Packard

2008-08-07 23:16 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\HPSSUPPLY

2008-08-07 23:14 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Hewlett-Packard

2008-08-07 11:40 --------- d-----w C:\Program Files\AWS

2008-08-06 08:11 --------- d-----w C:\Program Files\MSXML 4.0

2008-08-05 21:32 --------- d-----w C:\Documents and Settings\komp\Dane aplikacji\Corel

2008-08-05 21:31 --------- d-----w C:\Program Files\Corel

2008-08-05 21:31 --------- d-----w C:\Program Files\Common Files\InstallShield

2008-08-05 21:31 --------- d-----w C:\Program Files\Common Files\Corel

2008-08-05 21:31 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\InstallShield

2008-08-05 18:17 --------- d-----w C:\Program Files\uTorrent

2008-07-28 21:03 --------- d-----w C:\Program Files\AbiSuite2

2008-07-28 19:55 --------- d-----w C:\Program Files\Microsoft.NET

2008-07-28 19:23 --------- d-----w C:\Program Files\Skype

2008-07-28 19:23 --------- d-----w C:\Program Files\Common Files\Skype

2008-07-28 19:23 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Skype

2008-07-28 17:26 228,863 ----a-w C:\WINDOWS\Alcohol_Toolbar_Uninstaller_531.exe

2008-07-28 17:26 --------- d-----w C:\Program Files\Alcohol Toolbar

2008-07-28 17:26 --------- d-----w C:\Program Files\Alcohol Soft

2008-07-28 16:33 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys

2008-07-28 16:33 --------- d-----w C:\Documents and Settings\komp\Dane aplikacji\DAEMON Tools

2008-07-28 11:15 --------- d-----w C:\Program Files\A4Tech

2008-07-24 16:50 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys

2008-07-24 16:50 22,328 ----a-w C:\Documents and Settings\komp\Dane aplikacji\PnkBstrK.sys

2008-07-24 09:48 --------- d-----w C:\Documents and Settings\komp\Dane aplikacji\Gadu-Gadu

2008-07-24 09:41 --------- d-----w C:\Program Files\Google

2008-07-24 09:09 --------- d-----w C:\Program Files\Gadu-Gadu

2008-07-24 01:27 --------- d-----w C:\Program Files\Realtek

2008-07-24 01:12 --------- d-----w C:\Program Files\Marvell

2008-07-23 23:26 --------- d–h--r C:\Documents and Settings\komp\Dane aplikacji\SecuROM

2008-07-23 22:58 --------- d-----w C:\Program Files\Attansic

2008-07-23 22:56 315,392 ----a-w C:\WINDOWS\HideWin.exe

2008-07-23 22:50 --------- d-----w C:\Program Files\Intel

2008-07-23 22:45 --------- d-----w C:\Documents and Settings\komp\Dane aplikacji\ATI

2008-07-23 22:45 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\ATI

2008-07-23 22:44 --------- d-----w C:\Program Files\My Company Name

2008-07-23 22:43 --------- d-----w C:\Program Files\ATI Technologies

2008-07-23 22:42 --------- d-----w C:\Program Files\Common Files\ATI Technologies

2008-07-23 22:30 --------- d-----w C:\Program Files\microsoft frontpage

2008-07-23 22:28 --------- d-----w C:\Program Files\Usługi online

.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” [2008-04-14 15360]

“BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}”=“C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe” [2007-06-27 152872]

“swg”=“C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe” [2008-08-08 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“Symantec PIF AlertEng”=“C:\Program Files\Common Files\Symantec Shared\PIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe” [2008-01-29 583048]

“WheelMouse”=“C:\Program Files\A4Tech\Mouse\Amoumain.exe” [2007-02-11 241664]

“StartCCC”=“C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe” [2006-11-10 90112]

“ISUSScheduler”=“C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe” [2004-06-16 81920]

“ISUSPM Startup”=“C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe” [2004-06-16 221184]

“TPPOLL”=“C:\Program Files\Topro\tppoll.exe” [2005-03-02 24576]

“SecurDisc”=“C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe” [2007-06-25 1629480]

“SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe” [2008-06-10 144784]

“RTHDCPL”=“RTHDCPL.EXE” [2007-03-21 C:\WINDOWS\RTHDCPL.exe]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2008-04-14 15360]

[HKLM~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^HP Digital Imaging Monitor.lnk]

path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\HP Digital Imaging Monitor.lnk

backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

–a------ 2008-08-08 14:11 490952 C:\Program Files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

–a------ 2006-12-10 21:52 49152 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]

–a------ 2007-06-25 08:47 1057064 C:\Program Files\Nero\Nero 7\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]

–a------ 2007-08-23 17:36 455968 C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

–a------ 2007-03-01 15:57 153136 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

–a------ 2008-08-08 21:15 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

–a------ 2008-08-04 01:02 36352 C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

“DisableMonitoring”=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

“DisableMonitoring”=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

“DisableMonitoring”=dword:00000001

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

“%windir%\system32\sessmgr.exe”=

“C:\WINDOWS\system32\PnkBstrA.exe”=

“C:\WINDOWS\system32\PnkBstrB.exe”=

“C:\WINDOWS\system32\usmt\migwiz.exe”=

“%windir%\Network Diagnostic\xpnetdiag.exe”=

“C:\Program Files\uTorrent\uTorrent.exe”=

“F:\GRY\FLAT OUT\FlatOut Ultimate Carnage\Fouc.exe”=

“C:\Program Files\Midway Home Entertainment\Stranglehold\Binaries\Retail-Stranglehold.exe”=

“C:\Program Files\Skype\Phone\Skype.exe”=

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

“1723:TCP”= 1723:TCP:@xpsp2res.dll,-22015

“1701:UDP”= 1701:UDP:@xpsp2res.dll,-22016

“500:UDP”= 500:UDP:@xpsp2res.dll,-22017

R0 mv61xx;mv61xx;C:\WINDOWS\system32\DRIVERS\mv61xx.sys [2007-05-25 137728]

R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;C:\WINDOWS\system32\DRIVERS\atl01_xp.sys [2007-03-15 38656]

R3 DCamUSBIntel;USB Video Camera;C:\WINDOWS\system32\Drivers\TP6800.sys [2006-05-18 197556]

R3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

S3 usbscan;Sterownik skanera USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{1b9cb734-7933-11dd-9697-001e8c87d26c}]

\Shell\AutoRun\command - I:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{79b51298-71e4-11dd-9666-806d6172696f}]

\Shell\AutoRun\command - oufddh.exe

\Shell\explore\Command - oufddh.exe

\Shell\open\Command - oufddh.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{79b51299-71e4-11dd-9666-806d6172696f}]

\Shell\AutoRun\command - oufddh.exe

\Shell\explore\Command - oufddh.exe

\Shell\open\Command - oufddh.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{79b5129a-71e4-11dd-9666-806d6172696f}]

\Shell\AutoRun\command - oufddh.exe

\Shell\explore\Command - oufddh.exe

\Shell\open\Command - oufddh.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{cc42aaed-5912-11dd-be3a-806d6172696f}]

\Shell\AutoRun\command - D:.\Bin\Assetup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

“C:\Program Files\Common Files\LightScribe\LSRunOnce.exe”

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-09-17 22:17:13

Windows 5.1.2600 Dodatek Service Pack 3 NTFS

skanowanie ukrytych procesów …

skanowanie ukrytych wpisów autostartu …

skanowanie ukrytych plików …

skanowanie pomyślnie ukończone

ukryte pliki: 0

**************************************************************************

.

------------------------ Pozostałe uruchomione procesy ------------------------

.

C:\WINDOWS\system32\ati2evxx.exe

C:\WINDOWS\system32\ati2evxx.exe

C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\PnkBstrB.exe

C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\ComboFix\pv.cfexe

.

**************************************************************************

.

Czas ukończenia: 2008-09-17 22:19:10 - komputer został uruchomiony ponownie [komp]

ComboFix-quarantined-files.txt 2008-09-17 20:19:08

Przed: 18,555,932,672 bajt˘w wolnych

Po: 18,791,477,248 bajt˘w wolnych

425 — E O F — 2008-09-17 16:25:57

Wylecz pendriva lub kartę pamięci http://www.softpedia.com/get/Security/S … Tool.shtml

Flash Disinfector http://www.searchengines.pl/index.php?s … ntry369724

lub format

Otwórz notatnik i wklej

zapisz jako plik.reg >> wszystkie pliki >> scal z rejestrem >> restart

b57f17008275c957m.jpg

powstanie plik o takiej ikonie

062aec4c9b51c033m.jpg

w który dwa razy klikniesz potwierdzisz chęć dodania do rejestru potem restart

Pobierz CCleaner http://www.filehippo.com/download_ccleaner/

przeskanuj nim i wyczyść rejestr.

zrób optymalizacje uruchamiania

http://cybertrash.netarteria.pl/cyber/i … 378.0.html

usuń ręcznie folder C: \Qoobox usuń instalkę Combofix z dysku.

Wyłącz I włącz przywracanie systemu na wszystkich dyskach.http://support.microsoft.com/kb/310405/pl

przeskanuj obszar Mój komputer http://www.kaspersky.pl/virusscanner.html pokaż raport stronę uruchomić przez IE

lub

Dr.WEB CureIt! http://dobreprogramy.pl/index.php?dz=2 … It!+4.44.5

:slight_smile:

Witam oto raport z Kasperskyego

KASPERSKY ONLINE SCANNER REPORT

18 wrzesień 2008 23:53:35

System operacyjny: Microsoft Windows XP Professional, Dodatek Service Pack 3 (Build 2600)

Kaspersky Online Scanner wersja: 5.0.98.1

Ostatnia aktualizacja Kaspersky Anti-Virus18/09/2008

Liczba wpisów w bazie danych Kaspersky Anti-Virus1248249

Ustawienia skanowania

Skanowanie przy użyciu następujących baz danych rozszerzone

Skanuj archiwa tak

Skanuj pocztowe bazy danych tak

Obszar skanowania Mój komputer

A:\

C:\

D:\

E:\

F:\

G:\

H:\

I:\

J:\

K:\

L:\

M:\

Statystyki skanowania

Liczba skanowanych obiektów 87749

Liczba wykrytych wirusów 16

Liczba zainfekowanych obiektów 21

Liczba podejrzanych obiektów 0

Czas trwania skanowania 01:30:49

Nazwa zainfekowanego obiektu Nazwa wirusa Ostatnie działanie

C:\Documents and Settings\All Users\Dane aplikacji\Symantec\LiveUpdate\2008-09-18_Log.ALUSchedulerSvc.LiveUpdate Object is locked pominięty

C:\Documents and Settings\komp\Cookies\index.dat Object is locked pominięty

C:\Documents and Settings\komp\Dane aplikacji\Skype\aniakk82\call256.dbb Object is locked pominięty

C:\Documents and Settings\komp\Dane aplikacji\Skype\aniakk82\callmember256.dbb Object is locked pominięty

C:\Documents and Settings\komp\Dane aplikacji\Skype\aniakk82\chat256.dbb Object is locked pominięty

C:\Documents and Settings\komp\Dane aplikacji\Skype\aniakk82\chat512.dbb Object is locked pominięty

C:\Documents and Settings\komp\Dane aplikacji\Skype\aniakk82\chatmember256.dbb Object is locked pominięty

C:\Documents and Settings\komp\Dane aplikacji\Skype\aniakk82\chatmsg1024.dbb Object is locked pominięty

C:\Documents and Settings\komp\Dane aplikacji\Skype\aniakk82\chatmsg256.dbb Object is locked pominięty

C:\Documents and Settings\komp\Dane aplikacji\Skype\aniakk82\chatmsg512.dbb Object is locked pominięty

C:\Documents and Settings\komp\Dane aplikacji\Skype\aniakk82\chatsync\1c\1c8c2776388bbc19.dat Object is locked pominięty

C:\Documents and Settings\komp\Dane aplikacji\Skype\aniakk82\chatsync\34\34f4f950d7f10b5b.dat Object is locked pominięty

C:\Documents and Settings\komp\Dane aplikacji\Skype\aniakk82\chatsync\5a\5a0e54c49c80809f.dat Object is locked pominięty

C:\Documents and Settings\komp\Dane aplikacji\Skype\aniakk82\chatsync\b1\b1c715db22604712.dat Object is locked pominięty

C:\Documents and Settings\komp\Dane aplikacji\Skype\aniakk82\contactgroup256.dbb Object is locked pominięty

C:\Documents and Settings\komp\Dane aplikacji\Skype\aniakk82\dyncontent\bundle.dat Object is locked pominięty

C:\Documents and Settings\komp\Dane aplikacji\Skype\aniakk82\index2.dat Object is locked pominięty

C:\Documents and Settings\komp\Dane aplikacji\Skype\aniakk82\profile16384.dbb Object is locked pominięty

C:\Documents and Settings\komp\Dane aplikacji\Skype\aniakk82\sms256.dbb Object is locked pominięty

C:\Documents and Settings\komp\Dane aplikacji\Skype\aniakk82\transfer256.dbb Object is locked pominięty

C:\Documents and Settings\komp\Dane aplikacji\Skype\aniakk82\transfer512.dbb Object is locked pominięty

C:\Documents and Settings\komp\Dane aplikacji\Skype\aniakk82\user1024.dbb Object is locked pominięty

C:\Documents and Settings\komp\Dane aplikacji\Skype\aniakk82\user16384.dbb Object is locked pominięty

C:\Documents and Settings\komp\Dane aplikacji\Skype\aniakk82\user256.dbb Object is locked pominięty

C:\Documents and Settings\komp\Dane aplikacji\Skype\aniakk82\voicemail256.dbb Object is locked pominięty

C:\Documents and Settings\komp\NTUSER.DAT Object is locked pominięty

C:\Documents and Settings\komp\ntuser.dat.LOG Object is locked pominięty

C:\Documents and Settings\komp\Ustawienia lokalne\Dane aplikacji\Ahead\Nero Home\bl.db Object is locked pominięty

C:\Documents and Settings\komp\Ustawienia lokalne\Dane aplikacji\Ahead\Nero Home\is2.db Object is locked pominięty

C:\Documents and Settings\komp\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat Object is locked pominięty

C:\Documents and Settings\komp\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat.LOG Object is locked pominięty

C:\Documents and Settings\komp\Ustawienia lokalne\Historia\History.IE5\index.dat Object is locked pominięty

C:\Documents and Settings\komp\Ustawienia lokalne\Historia\History.IE5\MSHist012008091820080919\index.dat Object is locked pominięty

C:\Documents and Settings\komp\Ustawienia lokalne\Temp\Sma6.tmp Object is locked pominięty

C:\Documents and Settings\komp\Ustawienia lokalne\Temp~DF2D5.tmp Object is locked pominięty

C:\Documents and Settings\komp\Ustawienia lokalne\Temp~DF2E7.tmp Object is locked pominięty

C:\Documents and Settings\komp\Ustawienia lokalne\Temp~DF3D57.tmp Object is locked pominięty

C:\Documents and Settings\komp\Ustawienia lokalne\Temp~DF3D69.tmp Object is locked pominięty

C:\Documents and Settings\komp\Ustawienia lokalne\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked pominięty

C:\Documents and Settings\komp\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat Object is locked pominięty

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked pominięty

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked pominięty

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked pominięty

C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat Object is locked pominięty

C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat.LOG Object is locked pominięty

C:\Documents and Settings\LocalService\Ustawienia lokalne\Historia\History.IE5\index.dat Object is locked pominięty

C:\Documents and Settings\LocalService\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat Object is locked pominięty

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked pominięty

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked pominięty

C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat Object is locked pominięty

C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat.LOG Object is locked pominięty

C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2008-09-18.11-56-35.log Object is locked pominięty

C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked pominięty

C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked pominięty

C:\Program Files\Alwil Software\Avast4\DATA\integ\avast.int Object is locked pominięty

C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked pominięty

C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked pominięty

C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked pominięty

C:\Program Files\Alwil Software\Avast4\DATA\log\selfdef.log Object is locked pominięty

C:\Program Files\Alwil Software\Avast4\DATA\report\Osłona rezydentna.txt Object is locked pominięty

C:\Program Files\Trend Micro\HijackThis\backups\backup-20080917-215814-186.dll Zainfekowanych: not-a-virus:AdTool.Win32.MyWebSearch.ca pominięty

C:\Program Files\Trend Micro\HijackThis\backups\backup-20080917-215814-841.dll Zainfekowanych: not-a-virus:AdTool.Win32.MyWebSearch.cu pominięty

C:\QooBox\Quarantine\C\Program Files\Internet Explorer\msimg32.dll.vir Zainfekowanych: not-a-virus:AdTool.Win32.MyWebSearch.cv pominięty

C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3DTACTL.DLL.vir Zainfekowanych: not-a-virus:WebToolbar.Win32.MyWebSearch.dn pominięty

C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL.vir Zainfekowanych: not-a-virus:AdTool.Win32.MyWebSearch.cn pominięty

C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL.vir Zainfekowanych: not-a-virus:AdTool.Win32.MyWebSearch.cv pominięty

C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL.vir Zainfekowanych: not-a-virus:AdTool.Win32.MyWebSearch.dd pominięty

C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR.vir Zainfekowanych: not-a-virus:AdTool.Win32.MyWebSearch.bg pominięty

C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL.vir Zainfekowanych: not-a-virus:AdTool.Win32.MyWebSearch.cj pominięty

C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL.vir Zainfekowanych: not-a-virus:AdTool.Win32.MyWebSearch.ck pominięty

C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL.vir Zainfekowanych: not-a-virus:AdTool.Win32.MyWebSearch.bh pominięty

C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL.vir Zainfekowanych: not-a-virus:AdTool.Win32.MyWebSearch.cj pominięty

C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3IDLE.DLL.vir Zainfekowanych: not-a-virus:WebToolbar.Win32.MyWebSearch.ax pominięty

C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3MSG.DLL.vir Zainfekowanych: not-a-virus:AdTool.Win32.MyWebSearch.cm pominięty

C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL.vir Zainfekowanych: not-a-virus:WebToolbar.Win32.MyWebSearch.ad pominięty

C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE.vir Zainfekowanych: not-a-virus:AdTool.Win32.MyWebSearch.cl pominięty

C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL.vir Zainfekowanych: not-a-virus:AdTool.Win32.MyWebSearch.cu pominięty

C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL.vir Zainfekowanych: not-a-virus:AdTool.Win32.MyWebSearch.dc pominięty

C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL.vir Zainfekowanych: not-a-virus:AdTool.Win32.MyWebSearch.db pominięty

C:\QooBox\Quarantine\C\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL.vir Zainfekowanych: not-a-virus:AdTool.Win32.MyWebSearch.ca pominięty

C:\QooBox\Quarantine\C\WINDOWS\system32\f3PSSavr.scr.vir Zainfekowanych: not-a-virus:AdTool.Win32.MyWebSearch.bg pominięty

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked pominięty

C:\System Volume Information_restore{B50EBB22-D272-46F7-9ED6-35F858D7B000}\RP134\change.log Object is locked pominięty

C:\WINDOWS\Debug\PASSWD.LOG Object is locked pominięty

C:\WINDOWS\ModemLog_Kabel komunikacyjny między dwoma komputerami.txt Object is locked pominięty

C:\WINDOWS\SchedLgU.Txt Object is locked pominięty

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked pominięty

C:\WINDOWS\Sti_Trace.log Object is locked pominięty

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked pominięty

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked pominięty

C:\WINDOWS\system32\config\ACEEvent.evt Object is locked pominięty

C:\WINDOWS\system32\config\Antivirus.Evt Object is locked pominięty

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked pominięty

C:\WINDOWS\system32\config\default Object is locked pominięty

C:\WINDOWS\system32\config\default.LOG Object is locked pominięty

C:\WINDOWS\system32\config\Internet.evt Object is locked pominięty

C:\WINDOWS\system32\config\SAM Object is locked pominięty

C:\WINDOWS\system32\config\SAM.LOG Object is locked pominięty

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked pominięty

C:\WINDOWS\system32\config\SECURITY Object is locked pominięty

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked pominięty

C:\WINDOWS\system32\config\software Object is locked pominięty

C:\WINDOWS\system32\config\software.LOG Object is locked pominięty

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked pominięty

C:\WINDOWS\system32\config\system Object is locked pominięty

C:\WINDOWS\system32\config\system.LOG Object is locked pominięty

C:\WINDOWS\system32\drivers\sptd.sys Object is locked pominięty

C:\WINDOWS\system32\h323log.txt Object is locked pominięty

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked pominięty

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked pominięty

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked pominięty

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked pominięty

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked pominięty

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked pominięty

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked pominięty

C:\WINDOWS\temp\Perflib_Perfdata_524.dat Object is locked pominięty

C:\WINDOWS\temp_avast4_\Webshlock.txt Object is locked pominięty

C:\WINDOWS\wiadebug.log Object is locked pominięty

C:\WINDOWS\wiaservc.log Object is locked pominięty

C:\WINDOWS\WindowsUpdate.log Object is locked pominięty

E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked pominięty

E:\System Volume Information_restore{B50EBB22-D272-46F7-9ED6-35F858D7B000}\RP134\change.log Object is locked pominięty

F:\System Volume Information\MountPointManagerRemoteDatabase Object is locked pominięty

F:\System Volume Information_restore{B50EBB22-D272-46F7-9ED6-35F858D7B000}\RP134\change.log Object is locked pominięty

Proces skanowania został zakończony.

Pobierz The Avenger

wklej do niego ten tekst:

Folders to delete:

C:\Program Files\Trend Micro\HijackThis\backups

C:\QooBox

kopiuj to i klikasz na Paste Script from Clipboard wybierasz Execute oraz Potwierdzasz i zgadzasz się na restart klikając OK.

Kasujesz ręcznie z dysku plik: C:\Avenger\backup.zip i wklejasz na forum raport: C:\avenger.txt

Logfile of The Avenger Version 2.0, © by Swandog46

http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.

Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.

No rootkits found!

Folder “C:\Program Files\Trend Micro\HijackThis\backups” deleted successfully.

Folder “C:\QooBox” deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

Usunięte

:slight_smile:

:lol: =D> Dzieki serdeczne! !!