Wykonaj pełny skan Malwarebytes oraz DrWebem Jak coś zostanie wykryte pokaż raporty na forum. Jeśli nic nie zostanie wykryte pokaż jaki błąd teraz występuje w trakcie aktualizacji.
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Wersja bazy: 8365
Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000
2011-12-13 20:57:09
malwares
Typ skanowania: Pełne skanowanie (C:\|D:\|)
Przeskanowano obiektów: 422693
Upłynęło: 4 godzin(y), 22 minut(y), 23 sekund(y)
Zainfekowanych procesów w pamięci: 0
Zainfekowanych modułów w pamięci: 0
Zainfekowanych kluczy rejestru: 0
Zainfekowanych wartości rejestru: 1
Zainfekowane informacje rejestru systemowego: 0
Zainfekowanych folderów: 0
Zainfekowanych plików: 7
Zainfekowanych procesów w pamięci:
(Nie znaleziono zagrożeń)
Zainfekowanych modułów w pamięci:
(Nie znaleziono zagrożeń)
Zainfekowanych kluczy rejestru:
(Nie znaleziono zagrożeń)
Zainfekowanych wartości rejestru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\yzrcfya (Rogue.SecurityShield) -> Value: yzrcfya -> No action taken.
Zainfekowane informacje rejestru systemowego:
(Nie znaleziono zagrożeń)
Zainfekowanych folderów:
(Nie znaleziono zagrożeń)
Zainfekowanych plików:
c:\Users\emil zbyszewski\AppData\Local\yzrcfya.exe (Rogue.SecurityShield) -> No action taken.
c:\Users\emil zbyszewski\AppData\Local\euowrf.exe (Trojan.Downloader) -> No action taken.
c:\Users\emil zbyszewski\AppData\Local\plbysma.exe (Trojan.Downloader) -> No action taken.
c:\Users\emil zbyszewski\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\9Q6YMDNU\adeea1d0609bffe983748ec7a8d28fcf[1] (Trojan.Zbot.CBCGen) -> No action taken.
c:\Users\emil zbyszewski\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\B18OUG3G\d22e6bdee4d3dadfdb8e40765ad90919[1] (Trojan.Zbot.CBCGen) -> No action taken.
c:\Users\emil zbyszewski\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\R3BFKRKT\239e49339cb7c29a973035e3d4b998f8[1] (Trojan.Zbot.CBCGen) -> No action taken.
c:\Users\emil zbyszewski\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\R3BFKRKT\82ce6b1b04619769ec12203ecf6d23c3[1] (Trojan.Zbot.CBCGen) -> No action taken.
Dr. Web nci nie znalazł.
emil1702 , Jak Ty to robisz :o Wszystko do usunięcia
Pokaż nowe raporty OTL bo prawdę mówiąc nie wiem w jaki sposób ten folder się ulotnił 
Avira nic nie wykrywa, muszę ją odinstalować i pozyskać innego antywirusa… Nie wiem czy lepszym rozwiązaniem niż usuwanie wirusów byłoby ponowne zainstalowanie Windowsa?
http://www.wklej.org/id/647874/ OTL
Extras:
OTL Extras logfile created on: 2011-12-14 20:57:12 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Emil Zbyszewski\Downloads
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd
1,99 Gb Total Physical Memory | 0,75 Gb Available Physical Memory | 37,57% Memory free
4,21 Gb Paging File | 1,33 Gb Available in Paging File | 31,48% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 51,14 Gb Total Space | 7,97 Gb Free Space | 15,58% Space Free | Partition Type: NTFS
Drive D: | 50,89 Gb Total Space | 12,95 Gb Free Space | 25,45% Space Free | Partition Type: NTFS
Drive J: | 7,55 Gb Total Space | 0,06 Gb Free Space | 0,79% Space Free | Partition Type: FAT32
Computer Name: EMILZBYSZEWS-PC | User Name: Emil Zbyszewski | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
[color=#E56717]========== File Associations ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- D:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
.js [@ = js_file] -- D:\Program Files\Ager Web Edytor\AgerWebEdytor.exe (statjacek@o2.pl)
[HKEY_USERS\S-1-5-21-320540460-4132873613-2890245965-1000\SOFTWARE\Classes\]
.bat [@ = batfile] -- Reg Error: Key error. File not found
.chm [@ = chm.file] -- Reg Error: Key error. File not found
.cmd [@ = cmdfile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- D:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.pif [@ = piffile] -- Reg Error: Key error. File not found
.vbs [@ = VBSFile] -- Reg Error: Key error. File not found
[color=#E56717]========== Shell Spawning ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
https [open] -- C:\PROGRA~1\MOZILL~1\FIREFOX.EXE -requestPending -osint -url "%1" (Mozilla Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[color=#E56717]========== Security Center Settings ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[color=#E56717]========== System Restore Settings ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[color=#E56717]========== Firewall Settings ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[color=#E56717]========== Authorized Applications List ==========[/color]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{A1A688D5-7A4A-4F24-B92A-A0BDC918C73B}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{DCDF7803-816D-4C56-B960-0C8016411F35}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{FC79B029-3FD0-46E8-8A26-43DB2669DDF5}" = lport=27015 | protocol=6 | dir=in | name=cs |
[color=#E56717]========== Vista Active Application Exception List ==========[/color]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{208A21E6-D75D-4F56-8A9D-FC797E76AAC6}" = protocol=6 | dir=in | app=c:\users\emil zbyszewski\appdata\local\temp\~os16cb.tmp\rlvknlg.exe |
"{2715FE0A-B12F-407F-8585-35673A0AAD97}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{28DF4FC8-1333-4FDA-8DA4-63B0E1489711}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{336A4D35-FC4C-4519-9AD0-6CD3A6A3EFF0}" = protocol=6 | dir=in | app=d:\program files\steam\steam.exe |
"{57A3FD2B-A990-4863-A036-CCAE777B319F}" = protocol=17 | dir=in | app=c:\program files\relevantknowledge\rlvknlg.exe |
"{64BB2BC1-6321-48AF-9C8C-1908C17C7A06}" = protocol=17 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe |
"{655B4323-414C-442C-AA72-D700F797F976}" = protocol=17 | dir=in | app=d:\program files\steam\steam.exe |
"{719DB1A9-1B04-4FEC-9CB2-D48DF985EC8E}" = dir=in | app=c:\program files\acer\homemedia\homemedia.exe |
"{7DF4A605-CD08-4F3F-9044-0DDA3763E0AC}" = dir=in | app=c:\program files\acer\acer arcade\powercinema.exe |
"{907E4155-0915-4492-ABEB-5A41AF108BF8}" = protocol=6 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe |
"{9574A42F-8091-486C-BBA6-58CDD37A8852}" = dir=in | app=c:\program files\acer\acer arcade\kernel\dmp\clbrowserengine.exe |
"{9D5EBE8D-6777-423E-B5D4-B4D5BE6E9774}" = protocol=6 | dir=in | app=c:\windows\temp\~os20aa.tmp\rlvknlg.exe |
"{A9A09CFF-A573-49B4-8463-A752F4ECC71A}" = dir=in | app=c:\program files\avg\avg9\avgnsx.exe |
"{BA766D29-5B63-4DA1-9CCC-FDB4B2D2D7D0}" = dir=in | app=c:\program files\acer\acer arcade\kernel\dms\clmsservice.exe |
"{C8953903-8806-40B4-8BE9-61FEBC6B419C}" = protocol=6 | dir=in | app=c:\windows\temp\~os4125.tmp\rlvknlg.exe |
"{CAB18D13-701F-4C0D-B484-4F4F1FEAB785}" = dir=in | app=c:\program files\acer\acer arcade\pcmservice.exe |
"{DD9A3194-BFA5-4E8C-950D-7EF29333EDDF}" = dir=in | app=c:\program files\avg\avg9\avgupd.exe |
"{E2528897-09CC-4681-AB4F-851AFF79523A}" = protocol=6 | dir=in | app=c:\program files\relevantknowledge\rlvknlg.exe |
"{E2A50233-E27A-4DA6-B5FD-41DCB7839ADF}" = dir=in | app=c:\program files\avg\avg9\avgemc.exe |
"{F3651262-7003-475F-BD68-4BFC3FBBBC79}" = protocol=6 | dir=in | app=c:\windows\temp\~os9618.tmp\rlvknlg.exe |
"TCP Query User{01D5E718-714F-4BF9-9962-604392D84F09}D:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=d:\program files\mozilla firefox\firefox.exe |
"TCP Query User{0943C3AF-3A74-4AEA-B465-0992777A237F}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{0BBC72B8-EA1B-42DD-95B2-5131CF45CC36}D:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=d:\program files\mozilla firefox\plugin-container.exe |
"TCP Query User{108622E1-469D-488C-9B64-95F007317634}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{149CDC3E-CEF6-4966-BA98-944B717DBBE7}C:\program files\relevantknowledge\rlvknlg.exe" = protocol=6 | dir=in | app=c:\program files\relevantknowledge\rlvknlg.exe |
"TCP Query User{1571B5C7-B46F-4CB6-A541-98276CE2B92B}C:\program files\bitcomet\bitcomet.exe" = protocol=6 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
"TCP Query User{17F1FED5-B18E-4D73-ADB7-C9ADC4518A9F}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{18F2D2F1-09FF-4A15-94EE-6880A01BD55D}C:\combofix\combofix-download.3xe" = protocol=6 | dir=in | app=c:\combofix\combofix-download.3xe |
"TCP Query User{1B8F7576-F307-4214-A094-E3E8B8CF4D1B}D:\program files\counter strike 1.6\hl.exe" = protocol=6 | dir=in | app=d:\program files\counter strike 1.6\hl.exe |
"TCP Query User{2E25F9F3-D959-43DF-B77C-FD11D77CC374}C:\program files\bitcomet\bitcomet.exe" = protocol=6 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
"TCP Query User{2E6B363C-96A7-47F6-B9D7-43C2B1ABAF6D}D:\totalcmd\totalcmd.exe" = protocol=6 | dir=in | app=d:\totalcmd\totalcmd.exe |
"TCP Query User{326B44D1-AE2F-4B28-97B0-CA98D6921FDC}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{340D122D-038D-49CF-A434-F0BCB362F144}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"TCP Query User{3BF330EB-0274-44EF-BFDC-FD2777903C9A}C:\program files\gadu-gadu\gg.exe" = protocol=6 | dir=in | app=c:\program files\gadu-gadu\gg.exe |
"TCP Query User{46E65E77-B2C8-459E-A12B-F10A7BFAB538}D:\program files\webserv\webserv.exe" = protocol=6 | dir=in | app=d:\program files\webserv\webserv.exe |
"TCP Query User{49395F0D-7967-4E20-972B-7813B697A644}D:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=d:\program files\sopcast\sopcast.exe |
"TCP Query User{4A04EF97-58D3-491E-A7F1-2E1CE733F406}C:\windows\system32\wercon.exe" = protocol=6 | dir=in | app=c:\windows\system32\wercon.exe |
"TCP Query User{4C03759C-7250-4CC9-86A5-BBDF4404294A}C:\users\emil zbyszewski\desktop\pulpit\miniracingonline\miniracingonline.exe" = protocol=6 | dir=in | app=c:\users\emil zbyszewski\desktop\pulpit\miniracingonline\miniracingonline.exe |
"TCP Query User{5B9663AE-6DF0-4011-BA93-3D7EFE59C01C}D:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=d:\program files\sopcast\sopcast.exe |
"TCP Query User{5DFF25E0-6E7E-49D0-9241-4454D27C4B66}D:\soldat\soldat.exe" = protocol=6 | dir=in | app=d:\soldat\soldat.exe |
"TCP Query User{5EAD592F-FD6B-4859-81EB-CB55F9B5531F}D:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=d:\program files\mozilla firefox\firefox.exe |
"TCP Query User{614622B9-4AAA-449C-BBE3-AA15A0E5681A}D:\program files\football challenge 2010\game.exe" = protocol=6 | dir=in | app=d:\program files\football challenge 2010\game.exe |
"TCP Query User{61A6966C-4F42-4536-8372-1E8B72C2D391}C:\program files\jollygood games\turbo sliders\sliders.exe" = protocol=6 | dir=in | app=c:\program files\jollygood games\turbo sliders\sliders.exe |
"TCP Query User{62FBEFCC-78BD-47D9-808A-D66CDA08B659}D:\totalcmd\totalcmd.exe" = protocol=6 | dir=in | app=d:\totalcmd\totalcmd.exe |
"TCP Query User{66D17F31-59BC-4CED-A66F-EAB9274BA5A0}C:\program files\wapster\wapster aqq\aqq.exe" = protocol=6 | dir=in | app=c:\program files\wapster\wapster aqq\aqq.exe |
"TCP Query User{6C7AE60C-C459-4880-AB1D-B362420CF546}C:\windows\system32\ftp.exe" = protocol=6 | dir=in | app=c:\windows\system32\ftp.exe |
"TCP Query User{73010CA3-2256-433E-AB9E-A67805BEFCBD}C:\windows\system32\dllhost.exe" = protocol=6 | dir=in | app=c:\windows\system32\dllhost.exe |
"TCP Query User{756E6078-66F3-41A1-BBCE-5A78B6B30C72}C:\program files\windows defender\msascui.exe" = protocol=6 | dir=in | app=c:\program files\windows defender\msascui.exe |
"TCP Query User{7596945B-9157-44C6-B3F2-E9D5FF2F9581}C:\programdata\kaspersky lab setup files\kaspersky anti-virus 2009\polish\setup.exe" = protocol=6 | dir=in | app=c:\programdata\kaspersky lab setup files\kaspersky anti-virus 2009\polish\setup.exe |
"TCP Query User{75FA0D78-4A33-497A-ABB2-07B8B61CFCC4}D:\program files\webserv\mysql\bin\webserv(mysqld).exe" = protocol=6 | dir=in | app=d:\program files\webserv\mysql\bin\webserv(mysqld).exe |
"TCP Query User{76074EE0-69A7-49EB-9B51-FD8809722FCB}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{76442D9A-740E-4FCE-B785-9B4CBBD8FA1B}C:\program files\wapster\wapster aqq\aqq.exe" = protocol=6 | dir=in | app=c:\program files\wapster\wapster aqq\aqq.exe |
"TCP Query User{7891373C-0390-4E54-9A2A-C592F879370B}D:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=d:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{7933261D-74F0-4703-943B-8023E288B423}D:\program files\advanced systemcare\advanced systemcare 3\awc.exe" = protocol=6 | dir=in | app=d:\program files\advanced systemcare\advanced systemcare 3\awc.exe |
"TCP Query User{7B4DCA48-4AD8-4C81-BB4B-978A01B64D57}C:\users\emil zbyszewski\desktop\f1sl 2010-1\f1sl.exe" = protocol=6 | dir=in | app=c:\users\emil zbyszewski\desktop\f1sl 2010-1\f1sl.exe |
"TCP Query User{7B6F473C-5E05-4CD6-B39D-C0DA510D044D}C:\users\emil zbyszewski\desktop\miniracingonline\miniracingonline.exe" = protocol=6 | dir=in | app=c:\users\emil zbyszewski\desktop\miniracingonline\miniracingonline.exe |
"TCP Query User{8363E553-0D89-4BBD-B7B0-3DC17761925E}D:\program files\counter strike 1.6\hl.exe" = protocol=6 | dir=in | app=d:\program files\counter strike 1.6\hl.exe |
"TCP Query User{84374DDA-BA79-48D7-AAD2-6522868A2CD2}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"TCP Query User{8437BB7A-2F42-4231-9A0F-64B2F858C7BB}C:\program files\rayv\rayv\rayv.exe" = protocol=6 | dir=in | app=c:\program files\rayv\rayv\rayv.exe |
"TCP Query User{8836118F-EA2E-410B-965F-72A0C1D9FA6B}D:\program files\shoutcast\sc_serv.exe" = protocol=6 | dir=in | app=d:\program files\shoutcast\sc_serv.exe |
"TCP Query User{8865F28B-5C4F-4500-AAB5-CFB87706D8E6}C:\program files\gadu-gadu\gg.exe" = protocol=6 | dir=in | app=c:\program files\gadu-gadu\gg.exe |
"TCP Query User{8D8421A4-DC83-4BF5-B913-E4F7DAEC42C6}C:\program files\adobe\reader 8.0\reader\acrord32.exe" = protocol=6 | dir=in | app=c:\program files\adobe\reader 8.0\reader\acrord32.exe |
"TCP Query User{927F006F-6983-4F5C-8AA7-B37C05676674}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe |
"TCP Query User{93E539D6-25CB-49FD-99BF-028D547FB4F7}C:\program files\postal2stp\system\postal2mp.exe" = protocol=6 | dir=in | app=c:\program files\postal2stp\system\postal2mp.exe |
"TCP Query User{96E373CC-3D0C-4047-A3EE-1527F3CC0614}D:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=d:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{9E8D9EE8-0375-47FE-91BC-6B6299D17FB5}C:\users\emil zbyszewski\desktop\tdsskiller.exe" = protocol=6 | dir=in | app=c:\users\emil zbyszewski\desktop\tdsskiller.exe |
"TCP Query User{9FAA1585-57E2-45D7-9E21-EA65FC1EF46D}D:\program files\nowe gadu-gadu\gg.exe" = protocol=6 | dir=in | app=d:\program files\nowe gadu-gadu\gg.exe |
"TCP Query User{A2A5151E-EF1A-48BE-8EE0-1FD1FCF12456}D:\program files\valve\hl.exe" = protocol=6 | dir=in | app=d:\program files\valve\hl.exe |
"TCP Query User{A6D718C9-B812-4049-935B-9FF2C4BA143B}D:\program files\nowe gadu-gadu\gg.exe" = protocol=6 | dir=in | app=d:\program files\nowe gadu-gadu\gg.exe |
"TCP Query User{A76462B4-4B3A-431E-A9ED-BC8EE90D106A}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{AA75CA2F-31D3-4F42-B930-5756C36BF91D}D:\program files\demonicspeedway\ds_serwer.exe" = protocol=6 | dir=in | app=d:\program files\demonicspeedway\ds_serwer.exe |
"TCP Query User{AB6C0328-B4FC-48C6-A278-618D1A6893C0}D:\program files\counter strike 1.6\hlds.exe" = protocol=6 | dir=in | app=d:\program files\counter strike 1.6\hlds.exe |
"TCP Query User{AC0C9F43-4302-4883-AD43-0AEE1BB5C6D1}C:\users\emil zbyszewski\desktop\fifa09.exe" = protocol=6 | dir=in | app=c:\users\emil zbyszewski\desktop\fifa09.exe |
"TCP Query User{BA4FE19F-3BDE-4310-8B4D-43247EEF17C5}C:\windows\system32\wermgr.exe" = protocol=6 | dir=in | app=c:\windows\system32\wermgr.exe |
"TCP Query User{BC4F9EAD-968E-47F0-A2F7-A51420BFE014}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"TCP Query User{C3F378FF-91E7-4887-8199-58E48E264262}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"TCP Query User{C5E7FCF6-C9FD-4F2E-B662-DAB125043B50}C:\program files\common files\java\java update\jucheck.exe" = protocol=6 | dir=in | app=c:\program files\common files\java\java update\jucheck.exe |
"TCP Query User{C6A25E49-6323-4B0D-BFD8-244C88390D20}D:\program files\advanced systemcare\advanced systemcare 3\awc.exe" = protocol=6 | dir=in | app=d:\program files\advanced systemcare\advanced systemcare 3\awc.exe |
"TCP Query User{C9950294-25C3-44B4-B4A6-92906C3243D3}D:\program files\ascaron\piłkarskie mistrzostwa świata 2002\anstossaction.exe" = protocol=6 | dir=in | app=d:\program files\ascaron\piłkarskie mistrzostwa świata 2002\anstossaction.exe |
"TCP Query User{CAEE0E65-B8D6-4D06-89A3-D8220871EB83}C:\users\emil zbyszewski\desktop\tdsskiller.exe" = protocol=6 | dir=in | app=c:\users\emil zbyszewski\desktop\tdsskiller.exe |
"TCP Query User{D2E5242F-C178-4125-8B50-6F9C141E2167}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{D379C73E-8129-4855-8024-81EC0DC9875E}C:\program files\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files\mirc\mirc.exe |
"TCP Query User{DA1FFD03-3960-4B4B-845B-34F261CC7EBF}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{DF17ABAD-FAEB-47E9-B482-85E88FA67C81}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{E108AE31-5628-44F3-9247-BDBBCED157EE}D:\program files\konami\pro evolution soccer 2010\pes2010.exe" = protocol=6 | dir=in | app=d:\program files\konami\pro evolution soccer 2010\pes2010.exe |
"TCP Query User{E4D28643-2487-4365-8907-2512889CB1E3}D:\program files\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=d:\program files\tmnationsforever\tmforever.exe |
"TCP Query User{E7E70449-983A-4D71-B983-33EFCCC4BF9D}D:\program files\jollygood games\turbo sliders\sliders.exe" = protocol=6 | dir=in | app=d:\program files\jollygood games\turbo sliders\sliders.exe |
"TCP Query User{F4C245A7-9E37-48CB-9C98-F915CB23A086}C:\program files\allplayer\allupdate.exe" = protocol=6 | dir=in | app=c:\program files\allplayer\allupdate.exe |
"TCP Query User{F5B2BDCD-1CE3-440A-9FAB-A09E62EEF928}C:\program files\allplayer\allupdate.exe" = protocol=6 | dir=in | app=c:\program files\allplayer\allupdate.exe |
"TCP Query User{F616DE9D-A8B5-4596-A99B-D390F8E36B71}D:\program files\webserv\apache2\bin\webserv(apache).exe" = protocol=6 | dir=in | app=d:\program files\webserv\apache2\bin\webserv(apache).exe |
"TCP Query User{F7B7EE47-28B9-42B2-AED8-64C69D8BECD2}D:\program files\ascaron\piłkarskie mistrzostwa świata 2002\anstossaction.exe" = protocol=6 | dir=in | app=d:\program files\ascaron\piłkarskie mistrzostwa świata 2002\anstossaction.exe |
"TCP Query User{F8F86847-429F-46A8-A17D-50090A692E09}D:\program files\ea sports\fifa 06\fifa06.exe" = protocol=6 | dir=in | app=d:\program files\ea sports\fifa 06\fifa06.exe |
"TCP Query User{FE988106-C563-4934-BD36-C93FA95BAB9D}C:\program files\rayv\rayv\rayv.exe" = protocol=6 | dir=in | app=c:\program files\rayv\rayv\rayv.exe |
"UDP Query User{004BA57B-5B5B-4386-B1D7-F995456AA4DA}D:\program files\webserv\mysql\bin\webserv(mysqld).exe" = protocol=17 | dir=in | app=d:\program files\webserv\mysql\bin\webserv(mysqld).exe |
"UDP Query User{005B859C-AA76-4149-BE1C-BDFBFC3E2998}D:\program files\konami\pro evolution soccer 2010\pes2010.exe" = protocol=17 | dir=in | app=d:\program files\konami\pro evolution soccer 2010\pes2010.exe |
"UDP Query User{02B0D912-B081-4C57-839A-C79599E4ED67}D:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=d:\program files\mozilla firefox\firefox.exe |
"UDP Query User{09C4A850-F3C7-4B3E-B976-0C91A2BD06BA}C:\program files\postal2stp\system\postal2mp.exe" = protocol=17 | dir=in | app=c:\program files\postal2stp\system\postal2mp.exe |
"UDP Query User{0B4BA4FD-01C9-4D12-9F4E-E9F955B816B5}C:\program files\gadu-gadu\gg.exe" = protocol=17 | dir=in | app=c:\program files\gadu-gadu\gg.exe |
"UDP Query User{0C0133B3-76BE-4D36-8AD0-31C532520691}C:\program files\windows defender\msascui.exe" = protocol=17 | dir=in | app=c:\program files\windows defender\msascui.exe |
"UDP Query User{0D11AA83-B3CE-4AEC-9993-783B3755F89E}C:\users\emil zbyszewski\desktop\tdsskiller.exe" = protocol=17 | dir=in | app=c:\users\emil zbyszewski\desktop\tdsskiller.exe |
"UDP Query User{1055FEB6-D801-4870-95CF-D19EEB98ADB8}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{10F8E89D-51A5-470C-B04E-15495DD2A94C}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{162A24A2-B959-4F0C-8273-21E56DD7C997}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{18C8D0BB-7E8E-4250-B106-881927FCCE23}D:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=d:\program files\mozilla firefox\firefox.exe |
"UDP Query User{20EC4EF5-D3EC-4144-AC6A-27D9EFF0B01A}D:\totalcmd\totalcmd.exe" = protocol=17 | dir=in | app=d:\totalcmd\totalcmd.exe |
"UDP Query User{233A5100-5B51-4D85-9BB5-A435A9FF6B3B}C:\program files\rayv\rayv\rayv.exe" = protocol=17 | dir=in | app=c:\program files\rayv\rayv\rayv.exe |
"UDP Query User{2C19E61C-E7F8-46A2-9FEF-EEAF44EE8C86}C:\program files\allplayer\allupdate.exe" = protocol=17 | dir=in | app=c:\program files\allplayer\allupdate.exe |
"UDP Query User{30444914-CCF4-47D2-943F-FDC787CD1D22}C:\program files\wapster\wapster aqq\aqq.exe" = protocol=17 | dir=in | app=c:\program files\wapster\wapster aqq\aqq.exe |
"UDP Query User{367456A6-91ED-455F-8287-1758F93BCB74}C:\windows\system32\wercon.exe" = protocol=17 | dir=in | app=c:\windows\system32\wercon.exe |
"UDP Query User{401E6D78-4D28-472D-9F1E-6A8BD524DCB4}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{41ACCA12-616B-46EA-98D0-A49EAA2731A2}C:\programdata\kaspersky lab setup files\kaspersky anti-virus 2009\polish\setup.exe" = protocol=17 | dir=in | app=c:\programdata\kaspersky lab setup files\kaspersky anti-virus 2009\polish\setup.exe |
"UDP Query User{42F617DC-E4E3-4C97-82B5-E5A2A506A849}C:\program files\wapster\wapster aqq\aqq.exe" = protocol=17 | dir=in | app=c:\program files\wapster\wapster aqq\aqq.exe |
"UDP Query User{444526A6-E581-4D53-9915-F674409364FE}D:\program files\demonicspeedway\ds_serwer.exe" = protocol=17 | dir=in | app=d:\program files\demonicspeedway\ds_serwer.exe |
"UDP Query User{489EF142-7E22-4522-A7AC-39A99E8E59B5}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe |
"UDP Query User{48F285D3-EEBA-436A-8E92-2F722AF6A54D}D:\program files\ascaron\piłkarskie mistrzostwa świata 2002\anstossaction.exe" = protocol=17 | dir=in | app=d:\program files\ascaron\piłkarskie mistrzostwa świata 2002\anstossaction.exe |
"UDP Query User{4D2ECAFB-7F28-4D91-BED0-F1084E74D0BE}D:\program files\webserv\webserv.exe" = protocol=17 | dir=in | app=d:\program files\webserv\webserv.exe |
"UDP Query User{4FE29479-2B01-4E9C-91FF-025D43E465A0}C:\program files\allplayer\allupdate.exe" = protocol=17 | dir=in | app=c:\program files\allplayer\allupdate.exe |
"UDP Query User{54249C45-06B7-4017-90C4-F1EED78B143F}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{55805CC2-6194-4DA2-8CC2-4E641181E79D}D:\totalcmd\totalcmd.exe" = protocol=17 | dir=in | app=d:\totalcmd\totalcmd.exe |
"UDP Query User{55DCD2D6-AC73-4D45-A836-D2C6E754FD52}D:\program files\counter strike 1.6\hl.exe" = protocol=17 | dir=in | app=d:\program files\counter strike 1.6\hl.exe |
"UDP Query User{58F31BFD-D445-4816-8E5D-3E0A6D41BADC}D:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=d:\program files\sopcast\sopcast.exe |
"UDP Query User{5A68DA50-DB0F-4560-B1F9-B9DB2DEEE4E9}D:\program files\football challenge 2010\game.exe" = protocol=17 | dir=in | app=d:\program files\football challenge 2010\game.exe |
"UDP Query User{5FA7C82A-6C97-4167-953B-62FFF8733344}D:\program files\webserv\apache2\bin\webserv(apache).exe" = protocol=17 | dir=in | app=d:\program files\webserv\apache2\bin\webserv(apache).exe |
"UDP Query User{677178FD-49FF-4E7A-A667-FDDFF4CFE7B8}C:\users\emil zbyszewski\desktop\pulpit\miniracingonline\miniracingonline.exe" = protocol=17 | dir=in | app=c:\users\emil zbyszewski\desktop\pulpit\miniracingonline\miniracingonline.exe |
"UDP Query User{6A876F0D-C24A-44F9-B71F-ACA7DB05B85B}D:\program files\counter strike 1.6\hl.exe" = protocol=17 | dir=in | app=d:\program files\counter strike 1.6\hl.exe |
"UDP Query User{6AC0FA60-522B-421B-A9D6-D0D20D71C394}C:\program files\jollygood games\turbo sliders\sliders.exe" = protocol=17 | dir=in | app=c:\program files\jollygood games\turbo sliders\sliders.exe |
"UDP Query User{7185D3CD-2818-4DB0-919D-C6D89A830A49}C:\users\emil zbyszewski\desktop\miniracingonline\miniracingonline.exe" = protocol=17 | dir=in | app=c:\users\emil zbyszewski\desktop\miniracingonline\miniracingonline.exe |
"UDP Query User{7BFBEA0B-CA6E-4D82-AF57-AD99F388CEC2}C:\users\emil zbyszewski\desktop\tdsskiller.exe" = protocol=17 | dir=in | app=c:\users\emil zbyszewski\desktop\tdsskiller.exe |
"UDP Query User{81F1622B-177E-4EBE-8B23-F6571F2D389A}C:\program files\bitcomet\bitcomet.exe" = protocol=17 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
"UDP Query User{81F3E58F-69FF-4CC9-B19A-EAF86324D8DE}C:\program files\rayv\rayv\rayv.exe" = protocol=17 | dir=in | app=c:\program files\rayv\rayv\rayv.exe |
"UDP Query User{8426D07B-BDEE-4531-B504-C97A5C486F90}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{84A68D45-944C-4139-967E-9212E7DCEF1F}C:\program files\adobe\reader 8.0\reader\acrord32.exe" = protocol=17 | dir=in | app=c:\program files\adobe\reader 8.0\reader\acrord32.exe |
"UDP Query User{9019D729-C89E-4490-8AE3-E9C8272FEB1B}D:\program files\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=d:\program files\tmnationsforever\tmforever.exe |
"UDP Query User{91ACA17D-8AFE-4186-86DC-38FAE6FF2B6E}C:\windows\system32\wermgr.exe" = protocol=17 | dir=in | app=c:\windows\system32\wermgr.exe |
"UDP Query User{91B1DC44-F1AC-41EE-BDC5-E4A428F4F124}D:\program files\shoutcast\sc_serv.exe" = protocol=17 | dir=in | app=d:\program files\shoutcast\sc_serv.exe |
"UDP Query User{9FEAEDCC-66B5-4480-A055-7FF64D753E5A}C:\windows\system32\ftp.exe" = protocol=17 | dir=in | app=c:\windows\system32\ftp.exe |
"UDP Query User{A6F8605A-6014-45D7-A5D4-BE5FDFF444DF}C:\program files\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files\mirc\mirc.exe |
"UDP Query User{A9CBD2D2-898C-4D8E-B02A-368C8C6A8AFE}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{AAF3A4AB-EA98-43EC-85BA-632E5E8715A3}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{AB66B0A1-2A38-4817-A0E2-8EB6ED2B3AEF}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{B23403B8-DF4E-42E2-BC7A-B22966EB58A2}C:\users\emil zbyszewski\desktop\f1sl 2010-1\f1sl.exe" = protocol=17 | dir=in | app=c:\users\emil zbyszewski\desktop\f1sl 2010-1\f1sl.exe |
"UDP Query User{B3FA152B-8552-46BE-849D-0AF5B8FC6051}D:\program files\nowe gadu-gadu\gg.exe" = protocol=17 | dir=in | app=d:\program files\nowe gadu-gadu\gg.exe |
"UDP Query User{B45EC932-4432-4377-8B71-5E23B2F7EE1F}C:\program files\common files\java\java update\jucheck.exe" = protocol=17 | dir=in | app=c:\program files\common files\java\java update\jucheck.exe |
"UDP Query User{B46B3282-3D4D-4A90-8263-66C15F81F6D6}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"UDP Query User{B6245EC5-50BD-4EB8-B6DE-FBCC6058FF56}D:\program files\counter strike 1.6\hlds.exe" = protocol=17 | dir=in | app=d:\program files\counter strike 1.6\hlds.exe |
"UDP Query User{B66870CC-5C84-4807-9699-561776B662F3}C:\program files\relevantknowledge\rlvknlg.exe" = protocol=17 | dir=in | app=c:\program files\relevantknowledge\rlvknlg.exe |
"UDP Query User{B944D580-1CED-4C98-881E-AC364EAA9586}D:\program files\ea sports\fifa 06\fifa06.exe" = protocol=17 | dir=in | app=d:\program files\ea sports\fifa 06\fifa06.exe |
"UDP Query User{BDA45D8E-6E89-4F1C-8D67-3ACD7729DABC}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"UDP Query User{C18215D5-0D7F-42F4-9802-2A372C1CBB08}D:\program files\jollygood games\turbo sliders\sliders.exe" = protocol=17 | dir=in | app=d:\program files\jollygood games\turbo sliders\sliders.exe |
"UDP Query User{C349DEA8-961B-43D4-9541-27376B7A38CE}D:\program files\ascaron\piłkarskie mistrzostwa świata 2002\anstossaction.exe" = protocol=17 | dir=in | app=d:\program files\ascaron\piłkarskie mistrzostwa świata 2002\anstossaction.exe |
"UDP Query User{C86C0378-046A-4008-8473-3393984A7DE4}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{CC300C12-C897-4108-8EC7-FCA484462EC0}D:\program files\advanced systemcare\advanced systemcare 3\awc.exe" = protocol=17 | dir=in | app=d:\program files\advanced systemcare\advanced systemcare 3\awc.exe |
"UDP Query User{CD11B0C1-330E-42D3-A86B-5D13370592D9}D:\program files\nowe gadu-gadu\gg.exe" = protocol=17 | dir=in | app=d:\program files\nowe gadu-gadu\gg.exe |
"UDP Query User{D349A6D6-37DF-4E55-BBE4-964ADF29561B}D:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=d:\program files\mozilla firefox\plugin-container.exe |
"UDP Query User{D3B27058-84D0-400B-B3B3-ECC8AB385A12}C:\program files\bitcomet\bitcomet.exe" = protocol=17 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
"UDP Query User{D8A3728C-90C7-4FC9-9CB3-EC43AE5A44C6}D:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=d:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{D8E4745C-705A-4F9B-9CB8-873B686F795B}C:\users\emil zbyszewski\desktop\fifa09.exe" = protocol=17 | dir=in | app=c:\users\emil zbyszewski\desktop\fifa09.exe |
"UDP Query User{DD24EA01-211E-46E2-9347-0629F61E816A}D:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=d:\program files\sopcast\sopcast.exe |
"UDP Query User{DE0C1195-189E-48D4-A371-574DEDA05BB4}D:\program files\advanced systemcare\advanced systemcare 3\awc.exe" = protocol=17 | dir=in | app=d:\program files\advanced systemcare\advanced systemcare 3\awc.exe |
"UDP Query User{E450D980-B54D-484B-9D5F-A14E1AD4CB0A}C:\program files\gadu-gadu\gg.exe" = protocol=17 | dir=in | app=c:\program files\gadu-gadu\gg.exe |
"UDP Query User{E72DA717-0CC5-4E0F-B956-85B02324517E}C:\windows\system32\dllhost.exe" = protocol=17 | dir=in | app=c:\windows\system32\dllhost.exe |
"UDP Query User{F0BEC6DE-7282-465A-B249-9CE924ABD53F}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{F621099A-B415-4396-9BF5-430384A2C10B}C:\combofix\combofix-download.3xe" = protocol=17 | dir=in | app=c:\combofix\combofix-download.3xe |
"UDP Query User{F99A48AF-4EED-4981-9310-02AF074B7412}D:\program files\valve\hl.exe" = protocol=17 | dir=in | app=d:\program files\valve\hl.exe |
"UDP Query User{FC3FC85E-3E87-4066-BDCC-6C44B969CDAD}D:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=d:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{FC8B50CD-CE8B-4BC3-B07C-DC7831F859C7}D:\soldat\soldat.exe" = protocol=17 | dir=in | app=d:\soldat\soldat.exe |
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}" = Acer eLock Management
"{11B83AD3-7A46-4C2E-A568-9505981D4C6F}" = HP Update
"{13A1C880-672C-11D6-8520-00C0CA129740}" = Piłkarskie Mistrzostwa Świata 2002
"{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7
"{174D5678-D941-433C-BD23-58A5C7B0D36D}" = Jasc Animation Shop 3
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1BC4026B-1957-4514-9058-2B542557F143}" = Opera 9.63
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade
"{26A24AE4-039D-4CA4-87B4-2F83217001FF}" = Java(TM) 7 Update 1
"{283FFB23-8751-4B08-ACB8-5E0F8BCF7727}" = Pro Evolution Soccer 2010
"{32A3A4F4-B792-11D6-A78A-00B0D0170010}" = Java(TM) SE Development Kit 7 Update 1
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Acer Crystal Eye webcam
"{47AA42FD-0450-4CB4-ADAF-B6E770AA7B2F}" = Sony Media Manager 2.2
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EAB2511-0135-48CA-A47B-CE1E6836793A}" = COMODO Internet Security
"{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC
"{521AAD14-5030-44BB-8B0E-5CE65FCE57E0}" = InterVideo DeviceService
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{5C74694C-A687-E3EB-FF18-B018D4A76ECD}" = Adobe Media Player
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71A3814A-FBDD-4744-A5DD-693DB10E1DDF}_is1" = Uberstaller 2.1
"{7421E270-0140-4F62-AE39-ECB9F1C81B35}" = SAGEM Wi-Fi 11g USB adapter (driver)
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo
"{7988ba74-4a27-4685-991a-53f072f22808}" = F2200_Help
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}" = Zuma Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11029123}" = Bricks of Egypt
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111263673}" = Treasures of the Deep
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111271497}" = Mystery Case Files - Prime Suspects
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11170417}" = Luxor 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112179547}" = Mystery Case Files Ravenhearst
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{8B743AA0-53B2-11D2-808A-00600895FB43}" = Heroes of Might and Magic III - Złota Edycja
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90120000-0016-0415-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Polish) 2007
"{90120000-0016-0415-0000-0000000FF1CE}_HOMESTUDENTR_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0415-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Polish) 2007
"{90120000-0018-0415-0000-0000000FF1CE}_HOMESTUDENTR_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0415-0000-0000000FF1CE}" = Microsoft Office Word MUI (Polish) 2007
"{90120000-001B-0415-0000-0000000FF1CE}_HOMESTUDENTR_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0415-0000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2007
"{90120000-001F-0415-0000-0000000FF1CE}_HOMESTUDENTR_{E9EA2604-8AC9-47D2-8F4B-6BF60787A357}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0415-0000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2007
"{90120000-006E-0415-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2007
"{90120000-006E-0415-0000-0000000FF1CE}_HOMESTUDENTR_{D45F91DE-F0FC-4D5F-9A0C-FDE5B251AAC6}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0415-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Polish) 2007
"{90120000-00A1-0415-0000-0000000FF1CE}_HOMESTUDENTR_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92B94569-6683-4617-8C54-EB27A1B51B30}" = GTAIII
"{94389919-B0AA-4882-9BE8-9F0B004ECA35}" = Acer Tour
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9EFDFBA8-9174-3C61-8645-28376C5CA994}" = Microsoft .NET Framework 3.5 Language Pack SP1 - plk
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA047D7C-5E7C-4878-B75C-77589151B563}" = Acer Crystal Eye webcam
"{AAFD22B6-A6C7-4134-AF4E-080BCBCD3493}" = Sagem Wi-Fi 11g USB adapter (utility)
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0
"{AEEAE013-92F1-4515-B278-139F1A692A36}" = Acer eDataSecurity Management
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer 3.72
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BF839132-BD43-4056-ACBF-4377F4A88E2A}" = Acer ePresentation Management
"{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management
"{c6922d7f-c698-4d9e-9671-8b3de04d1511}" = DJ_AIO_03_F2200_Software_Min
"{CA567AD5-33A4-403D-86D1-EE2D38251951}_is1" = VDownloader 1.1
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D77D43B5-ED55-426b-B67B-E21F804F6102}" = HP Deskjet F2200 All-In-One Driver Software 10.0 Rel .3
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{db18dc72-cd20-4801-be82-f5d2caeec4d7}" = DJ_AIO_03_F2200_Software
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)
"{E2AA331E-E10E-438C-B1C0-24B2FFD3D9C4}" = Odinstaluj SAGEM Wi-Fi 11g USB adapter (sterownik)
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{e97a9fd7-2fa1-4474-820d-3f8893a5b78a}" = F2200
"{E9AD90C1-6281-45AB-9458-098D2EF770A1}" = Microsoft Works
"{eca3039b-e429-420f-bd5e-7dec0683fc32}" = DJ_AIO_03_F2200_ProductContext
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony Ericsson PC Companion
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F42CD69D-E393-47c8-B2CD-B139C4ADA9A8}" = Copy
"{F99F9E24-EE2F-47FD-AEB0-FDB82859B5C9}" = VideoStudio
"{FC7DDAAE-7F2B-4270-9BFD-5A130B667E9E}" = livebox tp
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"123 Flash Menu" = 123 Flash Menu v4.4.1.1710
"18 Wheels of Steel Pedal to the Metal" = 18 Wheels of Steel Pedal to the Metal
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Adobe Shockwave Player" = Adobe Shockwave Player
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"Advanced WindowsCare V2 Personal_is1" = Advanced WindowsCare 2.30 Personal
"Ager Web Edytor_is1" = Ager Web Edytor 3.6
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"ALLPlayer_is1" = ALLPlayer V4.X
"AQQ" = WapSter AQQ
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.9 (Unicode)
"Avira AntiVir Desktop" = Avira AntiVir Premium
"Belt Generator_is1" = Belt Generator 2.2
"Beneton Movie GIF_is1" = Beneton Movie GIF 1.1.2
"BitComet" = BitComet 1.03
"CamStudio" = CamStudio
"CCleaner" = CCleaner (remove only)
"Cheat Engine 5.6.1_is1" = Cheat Engine 5.6.1
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"COMODO GeekBuddy" = COMODO GeekBuddy
"Cool Record Edit Pro" = Cool Record Edit Pro
"CPUID HWMonitor_is1" = CPUID HWMonitor 1.16
"Ekspert CD_is1" = Ekspert CD
"Expressivo" = Expressivo
"FileZilla Client" = FileZilla Client 3.5.1
"Firebird SQL Server UK" = Firebird SQL Server - MAGIX Edition
"Football Manager 2012_is1" = Football Manager 2012
"FreePascal_is1" = Free Pascal 2.4.4
"Gadu-Gadu" = Gadu-Gadu 7.7
"GameDesire-Poker" = GameDesire-Poker
"GameDesire-Pool & Snooker" = GameDesire-Pool & Snooker
"GridVista" = Acer GridVista
"HD Tune_is1" = HD Tune 2.55
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"Igrzyska Sportowe 2004" = Odinstaluj Igrzyska Sportowe 2004
"InstallShield_{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7
"InstallShield_{F99F9E24-EE2F-47FD-AEB0-FDB82859B5C9}" = Ulead VideoStudio 11
"KeePassPasswordSafe2_is1" = KeePass Password Safe 2.09
"Kobeman_is1" = Alleycode HTML Editor 2.2.1
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"LManager" = Launch Manager
"London Racer - World Challenge" = London Racer - World Challenge
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware wersja 1.51.2.1300
"Microsoft .NET Framework 3.5 Language Pack SP1 - plk" = Pakiet językowy programu Microsoft .NET Framework 3.5 z dodatkiem SP1 — PLK
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (2.0.0.20)" = Mozilla Firefox (2.0.0.20)
"Mozilla Firefox 4.0 (x86 pl)" = Mozilla Firefox 4.0 (x86 pl)
"Notepad++" = Notepad++
"Nowe Gadu-Gadu" = Nowe Gadu-Gadu
"OpenAL" = OpenAL
"Pajączek 5 NxG PRO_is1" = Pajączek 5 NxG PRO - Deinstalacja
"PhotoFiltre" = PhotoFiltre
"PSPad editor_is1" = PSPad editor
"RayV" = PL-IPTV
"RocketDock_is1" = RocketDock 1.3.5
"Shop for HP Supplies" = Shop for HP Supplies
"SopCast" = SopCast 3.2.4
"SPOLSZCZENIE PRO EVOLUTION SOCCER 2010" = SPOLSZCZENIE PRO EVOLUTION SOCCER 2010
"ST6UNST #1" = Speedway Meeting 5.2.1
"TmNationsForever_is1" = TmNationsForever
"Total Video Converter 3.02_is1" = Total Video Converter 3.02
"Totalcmd" = Total Commander (Remove or Repair)
"Winamp" = Winamp
"WinRAR archiver" = Archiwizator WinRAR
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Toolbar" = Yahoo! Toolbar
[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]
[HKEY_USERS\S-1-5-21-320540460-4132873613-2890245965-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Mozilla Firefox 7.0.1 (x86 pl)" = Mozilla Firefox 7.0.1 (x86 pl)
"Winamp Detect" = Detektor Winampa
[color=#E56717]========== Last 10 Event Log Errors ==========[/color]
[Application Events]
Error - 2011-12-12 11:16:29 | Computer Name = EmilZbyszews-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 2011-12-12 11:16:29 | Computer Name = EmilZbyszews-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 2011-12-12 11:16:29 | Computer Name = EmilZbyszews-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 2011-12-12 11:16:29 | Computer Name = EmilZbyszews-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 2011-12-12 11:16:30 | Computer Name = EmilZbyszews-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 2011-12-12 11:16:30 | Computer Name = EmilZbyszews-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 2011-12-12 11:16:30 | Computer Name = EmilZbyszews-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 2011-12-12 11:16:30 | Computer Name = EmilZbyszews-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 2011-12-12 11:32:58 | Computer Name = EmilZbyszews-PC | Source = Perflib | ID = 1010
Description =
Error - 2011-12-13 14:11:39 | Computer Name = EmilZbyszews-PC | Source = ESENT | ID = 467
Description = Windows (2824) Windows: Baza danych C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb:
Indeks System_ItemFolderPathDisplayNarrow415 tabeli SystemIndex_0A jest uszkodzony
(0).
[System Events]
Error - 2011-12-14 01:58:39 | Computer Name = EmilZbyszews-PC | Source = Service Control Manager | ID = 7022
Description =
Error - 2011-12-14 01:58:39 | Computer Name = EmilZbyszews-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 2011-12-14 08:49:42 | Computer Name = EmilZbyszews-PC | Source = volmgr | ID = 262190
Description = Inicjowanie zrzutu awaryjnego nie powiodło się!
Error - 2011-12-14 08:49:51 | Computer Name = EmilZbyszews-PC | Source = volmgr | ID = 262190
Description = Inicjowanie zrzutu awaryjnego nie powiodło się!
Error - 2011-12-14 08:50:11 | Computer Name = EmilZbyszews-PC | Source = HTTP | ID = 15016
Description =
Error - 2011-12-14 08:50:43 | Computer Name = EmilZbyszews-PC | Source = Service Control Manager | ID = 7003
Description =
Error - 2011-12-14 08:50:43 | Computer Name = EmilZbyszews-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 2011-12-14 08:50:43 | Computer Name = EmilZbyszews-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 2011-12-14 08:52:36 | Computer Name = EmilZbyszews-PC | Source = Service Control Manager | ID = 7022
Description =
Error - 2011-12-14 08:52:36 | Computer Name = EmilZbyszews-PC | Source = Service Control Manager | ID = 7026
Description =
< End of report >Cały czas usuwamy i nadal to samo Nie wiem skąd Ty to łapiesz Jeśli podejmiesz taką decyzje daj znać
W okno Własne opcje skanowania / skrypt w OTL wklej:
Klikasz na Wykonaj skrypt. Zgadzasz się na restart komputera. Log z usuwania na forum
Następnie ponownie uruchamiasz OTL klikasz raz jeszcze Skanuj i dajesz nowy log na forum Czyli dwa logi jeden z usuwania drugi z nowego skanowania po usuwaniu.
http://www.wklej.org/id/648316/ <- usuwanie.
http://www.wklej.org/id/648310/ <- późniejsze skanowanie.
Czy nawrot infekcji może być spowodowany takimi zdarzeniami:
zarażenie komputera -> wirus dostaje się na FTP serwera, którego hasło jest zapamiętane w Total Commanderze -> zarażenie plików/serwera -> usunięcie wirusa na komputerze -> wejście na stronę www, której serwer/pliki zostały zarażone -> ponowna infekcja?
Czy wirus na serwerze może dodać tylko złośliwy kod do plików czy także zarażać serwer dodając własne pliki itd?
Jak najlepiej usunąć antywirus Avira AntiVir Premium, którego licencja kończy mi się jutro?
Hasła na pewno są do wymiany Co robiłeś jak wszedłeś na stronkę? Proszę spakować wszystkie pliki które masz na serwerze do formatu zip
W kwestii plików na serwerze to o ile sobie przypominam pytałem czy masz ich kopie? Niestety nic nie odpowiedziałeś, ale po kolei:
Usuń ręcznie plik C:\Users\Emil Zbyszewski\AppData\Local\ Security Shield.cfg
Uruchom OTL klikasz Sprzątanie
Na początek próbujesz zrobić to przez Start - Panel Sterowania - Odinstaluj Program Ponieważ masz Comodo Zainstaluj sobie Kasperski antywirus http://www.kaspersky.pl/download.html?s=trial wersja testowa
Wykonaj ponownie pełny skan Malwarebytes Jak program coś wykryje pokaż raport na forum, jak nic nie wykryje wykonaj pełny skan Kasperskim, jak coś wykryje raport na forum Jak nic nie wykryje Spakowane pliki z serwera (plik zip) dajesz kasperskiemu do przeskanowania pokaż wynik tego skanu.
skan 
emil1702 , Wszytko napraw. Tylko że to jest pozycja Problemy dotyczące bezpieczeństwa. A ja prosiłem żebyś spakował wszystko ze strony do zip i przeskanował Kasperskim Antywirus nie ma takiej opcje bo KIS ma?
Ten screen pochodzi z pełnego skanowania, a tego spakowanego jeszcze nie skanowałem. Lecz podobne pliki mam na komputerze i wykryło to jako IFrame, zaraz będę naprawiał i skanował to spakowane.
Gdy klikam napraw upgrade[1] to pyta tylko czy:
-
usunąć
-
ignorować
-
dodać do wykluczeń
Plik to c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\temporary internet files\content.ie5\op00kfyf\upgrade[1].cab//upgrade.exe
oraz
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1FENZW9K\upgrade[1].cab//upgrade.exe
a wirus to
adware
not-a-virus:AdWare.Win32.Zwani.ht
emil1702 , Proszę to usunąć. Skan proszę wykonać. Czy ja nie podawałem Ci wcześniej tego linku http://www.searchengines.pl/Infekcja-hi … 24457.html (ostatni mój post strona 7 naszej dyskusji) Tu jest wszystko opisane Masz w Usuwanie / zapobieganie: punkt 1 oraz 2 Zobacz także to
Przeskanowałem pliki z serwera i nic nie zostało wykryte, jednak przy przeglądaniu ręcznym kodu znalazłem w kilku plikach złośliwy kod, więc go usuwam.
Jak mogę usunąć kod z tych plików, które zostały znalezione przez antywirusa? Bo gdy chce je włączyć Kaspersky mi je blokuje.
Czytałeś http://www.searchengines.pl/Infekcja-hi … 24457.html ?
Skanowałeś stronkę tutaj http://www.unmaskparasites.com/ po usunięciu tego złośliwego kodu z plików na serwerze Jeśli tak co zostało wykryte
Chodzi o pliki które masz na dysku - to chyba kopie, tak to chyba możesz usunąć?
Przeczytane
Skanowałem, same zielone haczyki.
W takim razie usuń to wszystko co znalazł Kasperski na Twoim dysku - rozumie, że wykonałeś pełny skan? Jeśli już nic nie jest wykrywane możemy przejść do próby instalacji aktualizacji przez windows update. Oczywiście jeśli próba skończy się niepowodzeniem proszę podać szczegóły błędu.
Usunięte. Poniżej screen z W. Update. W czarnej ramce pokazane to co wyświetla się po kliknięciu sprawdz, czy sa aktualizacje.
Zakładam, że Kasperski nic już nie wykrywa. Przyznam że długo zastanawiałem się od czego zacząć Więc tak najpierw sprawdzę czy rzeczywiście nie ma tego folderu
Pobierz SystemLook (SystemLook) http://jpshortstuff.247fixes.com/SystemLook.html Wklej do niego
Klikasz Look pokaż log na forum
Jeśli system look nic nie znajdzie Wykonaj reset Windows update przy użyciu narzędzia Fix WU Utility http://www.fixitpc.pl/topic/1230-proble … ws-update/ Następnie pobierz IE8 dla Vista http://www.microsoft.com/download/en/de … x?id=22166 (wybierz przed pobraniem wersje PL) wejdź na konto administratora z prawokiku Uruchom instalator jako Administrator. Jeśli będzie jakiś błąd przy instalacji oczywiście podasz kod błędu.
SystemLook 30.07.11 by jpshortstuff
Log created at 17:54 on 20/12/2011 by Emil Zbyszewski
Administrator - Elevation successful
========== folderfind ==========
Searching for "$NtUninstallKB61619$"
No folders found.
========== filefind ==========
Searching for "$NtUninstallKB61619$"
No files found.
-= EOF =-
Wejdź na konto administratora http://www.vista.pl/porady/453_konto_ad … vista.html i spróbuj ponownie zainstalować IE8 Jak się nie uda pokaż kod błędu oraz Wyłącz konto administratora, sposób opisany w linku.