wirus

Wszystko co dotyczy bezpieczeństwa systemów oraz walki z malware, w szczególności analiza logów
Kama84

Użytkownik
Posty: 1
Rejestracja: 15 paź 2012, 16:59

wirus

Post15 paź 2012, 17:59

witam ... mam rowniez problem ze spamem na skype ... prosze o pomoc bo nie wiem co robic ...
Log OTL : Dostępne tylko dla zarejestrowanych użytkowników
Log Ex Dostępne tylko dla zarejestrowanych użytkowników
Na górę
Awatar użytkownika
kominekl

Ekspert
Posty: 5855
Rejestracja: 27 lis 2011, 14:25
Kontaktowanie:
Skontaktuj się z kominekl

wirus

Post15 paź 2012, 18:56

"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"AVG Secure Search" = AVG Security Toolbar
"Babylon" = Babylon
"BabylonToolbar" = Babylon toolbar
"eMusic Promotion" = 50 FREE MP3s +1 Free Audiobook!
"FilesFrog Update Checker" = FilesFrog Update Checker
"InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}" = Acer Backup Manager
"InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}" = MyWinLocker Suite
"Softonic" = Softonic toolbar on IE
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Winamp Toolbar" = Winamp Toolbar


Odinstaluj to oprogramowanie.

Logi.


Uruchom OTL -> w oknie Własne opcje skanowania/skrypt wklej:

:OTL

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Dostępne tylko dla zarejestrowanych użytkowników
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Dostępne tylko dla zarejestrowanych użytkowników
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = Dostępne tylko dla zarejestrowanych użytkowników{searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Dostępne tylko dla zarejestrowanych użytkowników
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Dostępne tylko dla zarejestrowanych użytkowników
IE - HKLM\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL Inc.)
IE - HKLM\..\SearchScopes,DefaultScope = {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = Dostępne tylko dla zarejestrowanych użytkowników{searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = Dostępne tylko dla zarejestrowanych użytkowników{searchTerms}&invocationType=tb50-ie-winamp-chromesbox-en-us&tb_uuid=20121012081427633&tb_oid=12-10-2012&tb_mrud=12-10-2012
IE - HKU\S-1-5-21-800571740-3179711735-3881391780-1000\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = Dostępne tylko dla zarejestrowanych użytkowników
IE - HKU\S-1-5-21-800571740-3179711735-3881391780-1000\SOFTWARE\Microsoft\Internet Explorer\Main,BrowserMngr Start Page = Dostępne tylko dla zarejestrowanych użytkowników
IE - HKU\S-1-5-21-800571740-3179711735-3881391780-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Dostępne tylko dla zarejestrowanych użytkowników
IE - HKU\S-1-5-21-800571740-3179711735-3881391780-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Dostępne tylko dla zarejestrowanych użytkowników{E76DDD4B-5294-4087-8168-0C80C8D53077}&mid=4358d15705e747d0aee8f123ccb9f27b-0b326c707aa04370711d6653b5a0f491933074a5&lang=pl&ds=xn011&pr=sa&d=2012-10-11 21:52:02&v=13.2.0.1&sap=hp
IE - HKU\S-1-5-21-800571740-3179711735-3881391780-1000\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL Inc.)
IE - HKU\S-1-5-21-800571740-3179711735-3881391780-1000\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-800571740-3179711735-3881391780-1000\..\SearchScopes,BrowserMngrDefaultScope = {5AEC38E6-8F94-445B-BEC3-FE1AF270B7E0}
IE - HKU\S-1-5-21-800571740-3179711735-3881391780-1000\..\SearchScopes,DefaultScope = {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}
IE - HKU\S-1-5-21-800571740-3179711735-3881391780-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = Dostępne tylko dla zarejestrowanych użytkowników{searchTerms}&affID=114435&tt=130812_ppcs0_3312_8&babsrc=SP_ss&mntrId=d49766be0000000000009439e567afd2
IE - HKU\S-1-5-21-800571740-3179711735-3881391780-1000\..\SearchScopes\{5AEC38E6-8F94-445B-BEC3-FE1AF270B7E0}: "URL" = Dostępne tylko dla zarejestrowanych użytkowników{searchTerms}&SearchSource=4&cc=&r=654
IE - HKU\S-1-5-21-800571740-3179711735-3881391780-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = Dostępne tylko dla zarejestrowanych użytkowników{E76DDD4B-5294-4087-8168-0C80C8D53077}&mid=4358d15705e747d0aee8f123ccb9f27b-0b326c707aa04370711d6653b5a0f491933074a5&lang=pl&ds=xn011&pr=sa&d=2012-10-11 21:52:02&v=13.2.0.1&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-800571740-3179711735-3881391780-1000\..\SearchScopes\{AD1DBF3A-F9BF-4639-A390-A70271953265}: "URL" = Dostępne tylko dla zarejestrowanych użytkowników{searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=YYYYYYYYSE&apn_uid=8741EBB3-B2C7-4531-849B-2C4EE0BB8954&apn_sauid=D1FEC0DF-6FDE-41DC-92F7-0E8C1BEF3C28
IE - HKU\S-1-5-21-800571740-3179711735-3881391780-1000\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = Dostępne tylko dla zarejestrowanych użytkowników{searchTerms}&invocationType=tb50-ie-winamp-chromesbox-en-us&tb_uuid=20121012081427633&tb_oid=12-10-2012&tb_mrud=12-10-2012
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"
FF - prefs.js..browser.startup.homepage: "http://search.babylon.com/home?affID=17425&tt=4112_1"
FF - prefs.js..extensions.enabledAddons: ffxtlbra@softonic.com:1.6.0
FF - prefs.js..extensions.enabledAddons: {b64982b1-d112-42b5-b1e4-d3867c4533f8}:2.3.787.43
FF - prefs.js..keyword.URL: "http://search.babylon.com/?affID=17425&tt=4112_1&babsrc=KW_def&mntrId=d49766be0000000000009439e567afd2&q="
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
[2012-10-12 10:14:36 | 000,000,000 | ---D | M] (Winamp Toolbar) -- C:\Users\Kamila\AppData\Roaming\mozilla\Firefox\Profiles\3pjrhw06.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
[2012-08-20 07:37:56 | 000,000,000 | ---D | M] (HP Detect) -- C:\Users\Kamila\AppData\Roaming\mozilla\Firefox\Profiles\3pjrhw06.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}
[2012-09-25 19:31:54 | 000,000,000 | ---D | M] (softonic.com) -- C:\Users\Kamila\AppData\Roaming\mozilla\Firefox\Profiles\3pjrhw06.default\extensions\ffxtlbra@softonic.com
[2012-08-21 07:49:15 | 000,002,568 | ---- | M] () -- C:\Users\Kamila\AppData\Roaming\mozilla\firefox\profiles\3pjrhw06.default\searchplugins\askcom.xml
[2012-09-25 17:08:03 | 000,002,062 | ---- | M] () -- C:\Users\Kamila\AppData\Roaming\mozilla\firefox\profiles\3pjrhw06.default\searchplugins\softonic.xml
[2012-09-03 22:34:59 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012-10-11 21:51:57 | 000,003,743 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012-10-12 10:11:12 | 000,002,349 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKU\S-1-5-21-800571740-3179711735-3881391780-1000..\Run: [ChomikBox] C:\Program Files (x86)\ChomikBox\chomikbox.exe File not found
O4 - HKU\S-1-5-21-800571740-3179711735-3881391780-1000..\Run: [Oavevs] C:\Users\Kamila\AppData\Roaming\Oavevs.exe (Skype Technologies S.A.)
O4 - HKU\S-1-5-21-800571740-3179711735-3881391780-1000..\Run: [PCSpeedUp] C:\Program Files (x86)\PC Speed Up\PCSUNotifier.exe ()
O4 - HKU\S-1-5-21-800571740-3179711735-3881391780-1000..\Run: [SDP] C:\Program Files (x86)\FilesFrog Update Checker\update_checker.exe (Somoto)
O4 - HKU\S-1-5-21-800571740-3179711735-3881391780-1000..\Run: [Spotify] C:\Users\Kamila\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
O4 - HKU\S-1-5-21-800571740-3179711735-3881391780-1000..\Run: [Spotify Web Helper] C:\Users\Kamila\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKU\S-1-5-21-800571740-3179711735-3881391780-1000..\Run: [zunnuviczink] C:\Users\Kamila\zunnuviczink.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O20 - AppInit_DLLs: (c:\progra~3\browse~1\22643~1.41\{16cdf~1\browse~1.dll) - File not found
[2012-10-14 11:29:17 | 000,000,000 | ---D | C] -- C:\Users\Kamila\AppData\Local\{C2CBD65B-E85D-4D1E-9C5B-06DE3BA3C66A}
[2012-10-13 08:09:02 | 000,000,000 | ---D | C] -- C:\Users\Kamila\AppData\Local\{2423221A-C482-45E8-A9C3-E52979BC4A6A}
[2012-10-12 10:14:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Winamp Toolbar
[2012-10-12 10:14:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winamp Toolbar
[2012-10-12 10:11:50 | 000,000,000 | ---D | C] -- C:\Users\Kamila\Documents\PCSpeedUp
[2012-10-12 10:11:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Babylon
[2012-10-12 10:11:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Speed Up
[2012-10-12 10:11:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Speed Up
[2012-10-12 10:11:31 | 000,000,000 | ---D | C] -- C:\Program Files\Babylon
[2012-10-12 10:11:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Babylon
[2012-10-12 10:11:19 | 004,951,030 | ---- | C] (FLVMPlayer ) -- C:\Users\Kamila\Desktop\FlvMPlayer.exe
[2012-10-12 07:00:34 | 000,000,000 | ---D | C] -- C:\Users\Kamila\AppData\Local\{4F793DF3-3CE3-46A4-8FBC-E090A63D5B23}
[2012-10-11 21:53:35 | 000,000,000 | ---D | C] -- C:\temp
[2012-10-11 21:52:10 | 000,000,000 | ---D | C] -- C:\Users\Kamila\AppData\Local\AVG Secure Search
[2012-10-11 21:52:08 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
[2012-10-11 21:52:01 | 000,030,568 | ---- | C] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2012-10-11 21:52:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search
[2012-10-11 21:51:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG Secure Search
[2012-10-08 10:39:09 | 000,000,000 | ---D | C] -- C:\Users\Kamila\AppData\Local\{56D4BF37-15C3-4170-B342-E226C5425230}
[2012-10-04 21:04:29 | 000,000,000 | ---D | C] -- C:\Users\Kamila\AppData\Local\{BC49C8EC-801F-467E-AD0E-1A70A468D24D}
[2012-10-03 20:52:49 | 000,000,000 | ---D | C] -- C:\Users\Kamila\AppData\Local\{A08DC0E8-C67D-420B-BDA9-F25131E86E1C}
[2012-10-02 20:52:15 | 000,000,000 | ---D | C] -- C:\Users\Kamila\AppData\Local\{72E107D1-C099-44F7-8F8F-B63A90142612}
[2012-09-30 20:51:18 | 000,000,000 | ---D | C] -- C:\Users\Kamila\AppData\Local\{5021B89F-21E6-4B8B-826C-8E98503C16B1}
[2012-09-30 08:50:59 | 000,000,000 | ---D | C] -- C:\Users\Kamila\AppData\Local\{5D679ABD-285F-47ED-8C8B-0FA684B3EAD1}
[2012-09-30 05:19:50 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2012-09-28 02:26:36 | 000,000,000 | ---D | C] -- C:\Users\Kamila\AppData\Local\{36C8E612-67C0-4339-B720-B75299F2B02E}
[2012-09-25 22:08:27 | 000,000,000 | ---D | C] -- C:\Users\Kamila\AppData\Local\{729A8940-DD4E-4D7D-875F-60473809F2F0}
[2012-09-25 17:08:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Softonic
[2012-09-25 17:06:38 | 001,697,768 | ---- | C] (Softonic) -- C:\Users\Kamila\Desktop\softonic_ggl_1.6.7.4.exe
[2012-09-24 22:07:51 | 000,000,000 | ---D | C] -- C:\Users\Kamila\AppData\Local\{FAA783DE-A654-4986-8EC9-FC32DFFBC01C}
[2012-09-23 10:06:58 | 000,000,000 | ---D | C] -- C:\Users\Kamila\AppData\Local\{2EB3E113-2CED-4455-9BFD-46B7D789E20F}
[2012-09-22 19:14:47 | 000,000,000 | ---D | C] -- C:\Users\Kamila\AppData\Local\{61F024BE-B019-4587-A76E-9A5747752E68}
[2012-09-21 15:50:31 | 000,000,000 | ---D | C] -- C:\Users\Kamila\AppData\Local\{B8FB57A0-BD51-4FA6-927A-A166B5C463C8}
[2012-09-20 21:08:14 | 000,000,000 | ---D | C] -- C:\Users\Kamila\AppData\Local\{C5AD3836-C423-4639-BF45-56C8B54A987B}
[2012-09-20 20:11:28 | 000,000,000 | ---D | C] -- C:\Users\Kamila\AppData\Local\{2CD9412B-378C-4D48-B2DA-586E34E92F8D}
[2012-09-18 20:25:04 | 000,000,000 | ---D | C] -- C:\Users\Kamila\AppData\Local\{226027DC-DFF9-4C3C-BCD3-01D9B3042112}
[2012-10-15 17:46:36 | 000,075,776 | ---- | M] () -- C:\Users\Kamila\AppData\Roaming\5FC8.exe
[2012-10-15 16:50:27 | 000,075,776 | ---- | M] () -- C:\Users\Kamila\AppData\Roaming\F560.exe
[2012-10-15 16:32:38 | 000,075,776 | ---- | M] () -- C:\Users\Kamila\AppData\Roaming\A868.exe
[2012-10-15 15:27:46 | 000,000,369 | ---- | M] () -- C:\Users\Kamila\AppData\Roaming\42FF.exe
[2012-10-15 15:09:56 | 000,075,776 | ---- | M] () -- C:\Users\Kamila\AppData\Roaming\F02E.exe
[2012-10-15 14:51:52 | 000,075,776 | ---- | M] () -- C:\Users\Kamila\AppData\Roaming\66A3.exe
[2012-10-15 14:33:45 | 000,000,369 | ---- | M] () -- C:\Users\Kamila\AppData\Roaming\D08A.exe
[2012-10-15 14:15:46 | 000,000,000 | ---- | M] () -- C:\Users\Kamila\AppData\Roaming\5A41.exe
[2012-10-15 13:57:46 | 000,000,369 | ---- | M] () -- C:\Users\Kamila\AppData\Roaming\DD73.exe
[2012-10-15 13:39:48 | 000,075,776 | ---- | M] () -- C:\Users\Kamila\AppData\Roaming\6C19.exe
[2012-10-15 13:21:50 | 000,075,776 | ---- | M] () -- C:\Users\Kamila\AppData\Roaming\F9B7.exe
[2012-10-15 13:03:44 | 000,000,369 | ---- | M] () -- C:\Users\Kamila\AppData\Roaming\6718.exe
[2012-10-15 12:45:53 | 000,075,776 | ---- | M] () -- C:\Users\Kamila\AppData\Roaming\CF6.exe
[2012-10-15 12:27:46 | 000,075,776 | ---- | M] () -- C:\Users\Kamila\AppData\Roaming\77D7.exe
[2012-10-15 12:09:52 | 000,075,776 | ---- | M] () -- C:\Users\Kamila\AppData\Roaming\1462.exe
[2012-10-15 11:51:52 | 000,075,776 | ---- | M] () -- C:\Users\Kamila\AppData\Roaming\9B8A.exe
[2012-10-15 11:33:44 | 000,000,369 | ---- | M] () -- C:\Users\Kamila\AppData\Roaming\FF79.exe
[2012-10-15 11:15:54 | 000,075,776 | ---- | M] () -- C:\Users\Kamila\AppData\Roaming\ADEF.exe
[2012-10-15 10:57:54 | 000,075,776 | ---- | M] () -- C:\Users\Kamila\AppData\Roaming\3130.exe
[2012-10-15 10:39:48 | 000,075,776 | ---- | M] () -- C:\Users\Kamila\AppData\Roaming\9E62.exe
[2012-10-15 10:21:52 | 000,075,776 | ---- | M] () -- C:\Users\Kamila\AppData\Roaming\34D5.exe
[2012-10-15 10:03:46 | 000,075,776 | ---- | M] () -- C:\Users\Kamila\AppData\Roaming\A274.exe
[2012-10-15 09:45:50 | 000,075,776 | ---- | M] () -- C:\Users\Kamila\AppData\Roaming\356F.exe
[2012-10-15 09:32:37 | 000,075,776 | ---- | M] () -- C:\Users\Kamila\AppData\Roaming\1C14.exe
[2012-10-14 22:38:02 | 000,091,136 | ---- | M] () -- C:\Users\Kamila\AppData\Roaming\D289.exe
[2012-10-14 22:20:12 | 000,091,136 | ---- | M] () -- C:\Users\Kamila\AppData\Roaming\7FA7.exe
[2012-10-14 22:02:12 | 000,000,000 | ---- | M] () -- C:\Users\Kamila\AppData\Roaming\549.exe
[2012-10-14 21:13:26 | 000,091,136 | ---- | M] () -- C:\Users\Kamila\AppData\Roaming\5D84.exe
[2012-10-14 20:35:16 | 000,000,000 | ---- | M] () -- C:\Users\Kamila\AppData\Roaming\6C32.exe
[2012-10-14 19:50:31 | 000,091,136 | ---- | M] () -- C:\Users\Kamila\AppData\Roaming\7709.exe
[2012-10-14 14:46:33 | 000,091,136 | ---- | M] () -- C:\Users\Kamila\AppData\Roaming\2B05.exe
[2012-10-14 14:29:33 | 000,091,136 | ---- | M] () -- C:\Users\Kamila\AppData\Roaming\996F.exe
[2012-10-14 14:12:33 | 000,091,136 | ---- | M] () -- C:\Users\Kamila\AppData\Roaming\BC0.exe
[2012-10-14 13:55:37 | 000,091,136 | ---- | M] () -- C:\Users\Kamila\AppData\Roaming\883D.exe
[2012-10-14 13:38:26 | 000,000,369 | ---- | M] () -- C:\Users\Kamila\AppData\Roaming\CECD.exe
[2012-10-14 13:21:38 | 000,091,136 | ---- | M] () -- C:\Users\Kamila\AppData\Roaming\6D2C.exe
[2012-10-14 13:04:32 | 000,091,136 | ---- | M] () -- C:\Users\Kamila\AppData\Roaming\C3B3.exe
[2012-10-14 12:47:33 | 000,091,136 | ---- | M] () -- C:\Users\Kamila\AppData\Roaming\3910.exe
[2012-10-14 12:30:30 | 000,091,136 | ---- | M] () -- C:\Users\Kamila\AppData\Roaming\9D2D.exe
[2012-10-14 12:13:35 | 000,091,136 | ---- | M] () -- C:\Users\Kamila\AppData\Roaming\1EE9.exe
[2012-10-14 11:56:33 | 000,091,136 | ---- | M] () -- C:\Users\Kamila\AppData\Roaming\8622.exe
[2012-10-14 11:39:25 | 000,000,369 | ---- | M] () -- C:\Users\Kamila\AppData\Roaming\D884.exe
[2012-10-14 11:30:01 | 000,091,136 | ---- | M] () -- C:\Users\Kamila\AppData\Roaming\2EDC.exe
[2012-10-12 10:04:55 | 000,047,104 | ---- | M] () -- C:\Users\Kamila\AppData\Roaming\7B9B.exe
[2012-10-12 09:41:57 | 000,047,104 | ---- | M] () -- C:\Users\Kamila\AppData\Roaming\736F.exe
[2012-10-12 09:32:23 | 000,047,104 | ---- | M] () -- C:\Users\Kamila\AppData\Roaming\B280.exe
[2012-10-12 06:52:08 | 000,074,752 | ---- | M] () -- C:\Users\Kamila\AppData\Roaming\F565.exe
[2012-10-11 22:55:55 | 000,974,970 | ---- | M] () -- C:\Users\Kamila\Desktop\wrar320pl.exe
[2012-10-11 21:51:53 | 000,030,568 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2012-10-10 22:11:05 | 000,028,160 | ---- | M] () -- C:\Users\Kamila\AppData\Roaming\8B22.exe
[2012-10-10 21:49:01 | 000,028,160 | ---- | M] () -- C:\Users\Kamila\AppData\Roaming\5562.exe
[2012-10-10 21:25:38 | 000,028,160 | ---- | M] () -- C:\Users\Kamila\AppData\Roaming\EC13.exe
[2012-10-10 21:04:48 | 000,028,160 | ---- | M] () -- C:\Users\Kamila\AppData\Roaming\DA56.exe
[2012-10-10 20:53:45 | 000,028,160 | ---- | M] () -- C:\Users\Kamila\AppData\Roaming\BC89.exe
[2012-10-10 20:17:32 | 000,000,369 | ---- | M] () -- C:\Users\Kamila\AppData\Roaming\946E.exe
[2012-10-10 19:52:13 | 000,028,160 | ---- | M] () -- C:\Users\Kamila\AppData\Roaming\65EE.exe
[2012-10-10 19:42:53 | 000,000,000 | ---- | M] () -- C:\Users\Kamila\AppData\Roaming\DB6A.exe
[2012-10-10 18:52:18 | 000,000,369 | ---- | M] () -- C:\Users\Kamila\AppData\Roaming\8A5C.exe
[2012-10-10 17:54:36 | 000,000,369 | ---- | M] () -- C:\Users\Kamila\AppData\Roaming\B791.exe
[2012-10-10 17:54:21 | 000,000,369 | ---- | M] () -- C:\Users\Kamila\AppData\Roaming\7D2F.exe
[2012-10-10 17:33:56 | 000,000,369 | ---- | M] () -- C:\Users\Kamila\AppData\Roaming\CAD0.exe
[2012-10-10 15:08:33 | 000,028,672 | ---- | M] () -- C:\Users\Kamila\AppData\Roaming\B20F.exe
[2012-10-10 13:46:43 | 000,028,672 | ---- | M] () -- C:\Users\Kamila\AppData\Roaming\C741.exe
[2012-10-10 09:12:42 | 000,000,369 | ---- | M] () -- C:\Users\Kamila\AppData\Roaming\E6EB.exe
[2012-10-10 08:49:44 | 000,028,672 | ---- | M] () -- C:\Users\Kamila\AppData\Roaming\E219.exe
[2012-10-10 08:26:43 | 000,028,672 | ---- | M] () -- C:\Users\Kamila\AppData\Roaming\CDFC.exe
[2012-10-10 08:03:42 | 000,000,369 | ---- | M] () -- C:\Users\Kamila\AppData\Roaming\BC8D.exe
[2012-10-10 07:40:42 | 000,028,672 | ---- | M] () -- C:\Users\Kamila\AppData\Roaming\AD8E.exe
[2012-10-10 07:17:44 | 000,028,672 | ---- | M] () -- C:\Users\Kamila\AppData\Roaming\A801.exe
[2012-10-10 06:54:44 | 000,028,672 | ---- | M] () -- C:\Users\Kamila\AppData\Roaming\974D.exe
[2012-10-10 06:32:03 | 000,028,672 | ---- | M] () -- C:\Users\Kamila\AppData\Roaming\D525.exe
[2012-10-10 04:45:11 | 000,028,672 | ---- | M] () -- C:\Users\Kamila\AppData\Roaming\FC32.exe
[2012-10-10 04:11:43 | 000,028,672 | ---- | M] () -- C:\Users\Kamila\AppData\Roaming\5A18.exe
[2012-10-10 02:51:30 | 000,000,369 | ---- | M] () -- C:\Users\Kamila\AppData\Roaming\E6AB.exe
[2012-10-10 02:28:39 | 000,026,624 | ---- | M] () -- C:\Users\Kamila\AppData\Roaming\FD74.exe
[2012-10-10 02:01:06 | 000,028,672 | ---- | M] () -- C:\Users\Kamila\AppData\Roaming\C266.exe
[2012-10-10 01:42:13 | 000,028,672 | ---- | M] () -- C:\Users\Kamila\AppData\Roaming\7945.exe
[2012-10-09 23:37:19 | 000,038,400 | ---- | M] () -- C:\Users\Kamila\zunnuviczink.exe
[2012-10-09 23:37:19 | 000,038,400 | ---- | M] () -- C:\Users\Kamila\AppData\Roaming\21CF.exe
[2012-10-09 23:35:03 | 000,038,400 | ---- | M] () -- C:\Users\Kamila\AppData\Roaming\BA0.exe
[2012-10-09 18:30:55 | 000,000,000 | ---- | M] () -- C:\Users\Kamila\AppData\Roaming\9CC1.exe
[2012-10-09 16:26:07 | 000,070,656 | ---- | M] () -- C:\Users\Kamila\AppData\Roaming\58DB.exe
[2012-10-09 14:06:04 | 000,070,656 | ---- | M] () -- C:\Users\Kamila\AppData\Roaming\221F.exe
[2012-10-09 12:23:39 | 000,000,369 | ---- | M] () -- C:\Users\Kamila\AppData\Roaming\5C8C.exe
[2012-10-09 12:00:38 | 000,000,369 | ---- | M] () -- C:\Users\Kamila\AppData\Roaming\4CD2.exe
[2012-10-09 11:37:39 | 000,000,369 | ---- | M] () -- C:\Users\Kamila\AppData\Roaming\3EAD.exe
[2012-10-09 11:14:39 | 000,000,369 | ---- | M] () -- C:\Users\Kamila\AppData\Roaming\30B7.exe
[2012-10-09 10:51:48 | 000,070,656 | ---- | M] () -- C:\Users\Kamila\AppData\Roaming\46C5.exe
[2012-10-09 10:28:38 | 000,000,369 | ---- | M] () -- C:\Users\Kamila\AppData\Roaming\1114.exe
[2012-10-09 10:05:38 | 000,000,000 | ---- | M] () -- C:\Users\Kamila\AppData\Roaming\38B.exe
[2012-10-09 09:39:52 | 000,000,369 | ---- | M] () -- C:\Users\Kamila\AppData\Roaming\6C4B.exe
[2012-10-09 09:17:10 | 000,000,369 | ---- | M] () -- C:\Users\Kamila\AppData\Roaming\A459.exe
[2012-10-09 08:55:39 | 000,070,656 | ---- | M] () -- C:\Users\Kamila\AppData\Roaming\EEB0.exe
[2012-10-09 08:32:08 | 000,070,656 | ---- | M] () -- C:\Users\Kamila\AppData\Roaming\6776.exe
[2012-10-09 08:09:33 | 000,070,656 | ---- | M] () -- C:\Users\Kamila\AppData\Roaming\BB8D.exe
[2012-10-09 07:48:08 | 000,070,656 | ---- | M] () -- C:\Users\Kamila\AppData\Roaming\1F6C.exe
[2012-10-09 07:25:16 | 000,000,369 | ---- | M] () -- C:\Users\Kamila\AppData\Roaming\2FBF.exe
[2012-10-08 15:02:20 | 000,024,064 | ---- | M] () -- C:\Users\Kamila\AppData\Roaming\4992.exe
[2012-10-08 14:55:31 | 000,024,064 | ---- | M] () -- C:\Users\Kamila\AppData\Roaming\AFC.exe
[2012-10-08 14:09:29 | 000,024,064 | ---- | M] () -- C:\Users\Kamila\AppData\Roaming\E763.exe
[2012-10-08 13:46:29 | 000,024,064 | ---- | M] () -- C:\Users\Kamila\AppData\Roaming\D92F.exe
[2012-10-08 13:23:28 | 000,000,369 | ---- | M] () -- C:\Users\Kamila\AppData\Roaming\C62B.exe
[2012-10-08 13:00:32 | 000,024,064 | ---- | M] () -- C:\Users\Kamila\AppData\Roaming\C465.exe
[2012-10-08 12:50:34 | 000,024,064 | ---- | M] () -- C:\Users\Kamila\AppData\Roaming\A2E0.exe
[2012-10-08 11:05:30 | 000,024,064 | ---- | M] () -- C:\Users\Kamila\AppData\Roaming\74EA.exe
[2012-10-08 10:42:29 | 000,024,064 | ---- | M] () -- C:\Users\Kamila\AppData\Roaming\634C.exe
[2012-10-08 10:39:33 | 000,024,064 | ---- | M] () -- C:\Users\Kamila\AppData\Roaming\B477.exe
[2012-10-08 08:24:38 | 000,024,064 | ---- | M] () -- C:\Users\Kamila\AppData\Roaming\2EB1.exe
[2012-10-08 08:11:19 | 000,000,000 | ---- | M] () -- C:\Users\Kamila\AppData\Roaming\FEE9.exe
[2012-10-08 07:50:53 | 000,000,369 | ---- | M] () -- C:\Users\Kamila\AppData\Roaming\32F2.exe
[2012-10-08 07:47:43 | 000,024,064 | ---- | M] () -- C:\Users\Kamila\AppData\Roaming\4845.exe
[2012-10-07 12:41:50 | 000,061,440 | ---- | M] () -- C:\Users\Kamila\AppData\Roaming\C070.exe
[2012-10-07 12:02:33 | 000,061,440 | ---- | M] () -- C:\Users\Kamila\AppData\Roaming\C973.exe
[2012-10-07 11:24:44 | 000,061,440 | ---- | M] () -- C:\Users\Kamila\AppData\Roaming\2882.exe
[2012-10-07 11:13:10 | 000,061,440 | ---- | M] () -- C:\Users\Kamila\AppData\Roaming\93F0.exe
[2012-10-07 10:47:42 | 000,061,440 | ---- | M] () -- C:\Users\Kamila\AppData\Roaming\4265.exe
[2012-10-07 10:16:23 | 000,061,440 | ---- | M] () -- C:\Users\Kamila\AppData\Roaming\8DD5.exe
[2012-10-07 02:32:26 | 000,000,369 | ---- | M] () -- C:\Users\Kamila\AppData\Roaming\D575.exe
[2012-10-07 02:10:32 | 000,061,440 | ---- | M] () -- C:\Users\Kamila\AppData\Roaming\C8D6.exe
[2012-10-07 01:48:16 | 000,000,000 | ---- | M] () -- C:\Users\Kamila\AppData\Roaming\62D2.exe
[2012-10-07 01:26:16 | 000,061,440 | ---- | M] () -- C:\Users\Kamila\AppData\Roaming\3FB7.exe
[2012-10-07 01:04:15 | 000,000,369 | ---- | M] () -- C:\Users\Kamila\AppData\Roaming\18C5.exe
[2012-10-07 00:42:24 | 000,061,440 | ---- | M] () -- C:\Users\Kamila\AppData\Roaming\16F0.exe
[2012-10-07 00:22:35 | 000,061,440 | ---- | M] () -- C:\Users\Kamila\AppData\Roaming\F348.exe
[2012-09-25 17:07:13 | 001,697,768 | ---- | M] (Softonic) -- C:\Users\Kamila\Desktop\softonic_ggl_1.6.7.4.exe
[2012-09-23 20:23:15 | 002,771,494 | ---- | M] () -- C:\Users\Kamila\Documents\screamer044.exe

:Files
C:\Windows\tasks\*.*
C:\Users\Kamila\AppData\Roaming\OpenCandy

:Reg
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

:Commands
[emptyflash]
[clearallrestorepoints]
[emptytemp]


Klikasz Wykonaj skrypt. Dajesz log z usuwania. Następnie podaj log z ADWCleaner (z opcji Delete) -> Dostępne tylko dla zarejestrowanych użytkowników + log z TDSSKiller -> http://www.hotfix.pl/instrukcja-obslugi ... r-a341.htm + nowe logi z OTL.
Kiedy komputery staną się twoim jedynym życiem, jedynym totemem odstraszającym klątwę nudy, wtedy prędzej czy później granica między tymi dwoma wymiarami zniknie i postacie z Błękitnej Pustki zaczną pojawiać się w Realu. Czasem są twoimi przyjaciółmi. A czasem nie.
Na górę

  • Reklama

Wróć do „Bezpieczeństwo”



Kto jest online

Użytkownicy przeglądający to forum: Obecnie na forum nie ma żadnego zarejestrowanego użytkownika i 11 gości