Regulamin forum
1. Każdy temat powinien odzwierciedlać treść wątku.2. W przypadku wklejania logów; należy je wykonać od razu przynajmniej z dwóch narzędzi: FRST oraz z GMER
3. Wszelkie logi proszę publikować na przeznaczonych do tego stronach a w poście wklejać tylko link.
4. Nie wskazane jest skracanie logów, należy wkleić cały - od początku, do końca.
5. Nie wskazane jest podczepianie się do tematów innych użytkowników - proszę założyć nowy temat w dziale Bezpieczeństwo, ułatwi to pomoc sprawdzającemu.
6. Osoby nie posiadające odpowiedniej wiedzy, nie powinny sprawdzać logów, ponieważ grozi to poważnym uszkodzeniem systemu lub aplikacji zainstalowanych na komputerze.
7. Należy dokładnie opisać problem, występujące objawy oraz wszelkie podjęte działania.
8. Każdy skrypt jest unikatowy, napisany dla każdego przypadku z osobna, więc nie może być stosowany przez innych.
9. W przypadku zamieszczenia zrzutu ekranu (screenshot'a) proszę korzystać z zewnętrznego serwisu oferującego hosting zdjęć.
08 Mar 2008, 16:43
Sfixuj wszystko i wrzuć nowego loga z HJT ale najpierw zrestartuj kompa. A kosmetycznie to chodzi o to, że możesz ale nie musisz 
znaczy się to co podałem
znaczy się to co podałem
08 Mar 2008, 17:52
- Kod:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:51, on 2008-03-08
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Keyboard Driver\KMWDSrv.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\VMSnap3.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\antiviirus.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\TP-LINK\TL-WN321G Wireless Utility\Installer\WINXP\TWCU.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.start.tcz.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RDL Rolex - {0CB4765E-BF84-461A-B820-E61D8CD7A9E2} - C:\WINDOWS\dkxrstqqlx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: enlfxgw - {B01B1DB1-AEBB-4920-A353-88E1C97BCA2E} - C:\WINDOWS\enlfxgw.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [VMSnap3] C:\WINDOWS\VMSnap3.EXE
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [antiviirus] C:\Program Files\antiviirus.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - Global Startup: TL-WN321G Wireless Utility.lnk = C:\Program Files\TP-LINK\TL-WN321G Wireless Utility\Installer\WINXP\TWCU.exe
O14 - IERESET.INF: START_PAGE_URL=www.onet.pl
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O21 - SSODL: AvpUnknown - {c9d0459c-c32b-4317-9561-a00368a32d42} - C:\WINDOWS\Installer\{c9d0459c-c32b-4317-9561-a00368a32d42}\AvpUnknown.dll
O21 - SSODL: apdqnxp - {A4A3C371-7E4B-4AA4-B9B7-FF78CD32DAC4} - C:\WINDOWS\apdqnxp.dll
O21 - SSODL: btrklfr - {DF875221-6E67-4CD9-AEA8-012E1E62C9B1} - C:\WINDOWS\btrklfr.dll
O21 - SSODL: zip - {6286a187-fab2-41e9-97d6-d8d7e038457f} - C:\WINDOWS\Installer\{6286a187-fab2-41e9-97d6-d8d7e038457f}\zip.dll
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: ipfw_helper (ipfw) - Unknown owner - C:\Program Files\MCS Studios\MCS Firewall 6\system\ipfw.exe (file missing)
O23 - Service: Keyboard And Mouse Communication Service (KMWDSERVICE) - UASSOFT.COM - C:\Program Files\Keyboard Driver\KMWDSrv.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Start BT in service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
--
End of file - 5296 bytes
08 Mar 2008, 20:30
Musisz mieć jakieś świństwo na kompie kolejny syf ci się pojawił do sfixowania
pp3308 ratuj! ja on ma to usunąć? Mi się pomysły skończyły
- Kod:
O21 - SSODL: AvpUnknown - {c9d0459c-c32b-4317-9561-a00368a32d42} - C:\WINDOWS\Installer\{c9d0459c-c32b-4317-9561-a00368a32d42}\AvpUnknown.dll
O21 - SSODL: apdqnxp - {A4A3C371-7E4B-4AA4-B9B7-FF78CD32DAC4} - C:\WINDOWS\apdqnxp.dll
O21 - SSODL: btrklfr - {DF875221-6E67-4CD9-AEA8-012E1E62C9B1} - C:\WINDOWS\btrklfr.dll
O21 - SSODL: zip - {6286a187-fab2-41e9-97d6-d8d7e038457f} -
C:\WINDOWS\Installer\{6286a187-fab2-41e9-97d6-d8d7e038457f}\zip.dll
pp3308 ratuj! ja on ma to usunąć? Mi się pomysły skończyły
- Kod:
O23 - Service: ipfw_helper (ipfw) - Unknown owner - C:\Program Files\MCS Studios\MCS Firewall 6\system\ipfw.exe (file missing)
08 Mar 2008, 20:42
Komp chodzi coraz gorzej...!!!!!!jak pisze na forum to mryga okienko cały czas tak jak by sie coś chciało otworzyć a nie mogło...
HELP!!!!!!
wiecie o co chodzi?
no jest normalnie a zaraz jest w tle...nie umiem tego wytłumaczyć
HELP!!!!!!
wiecie o co chodzi?
no jest normalnie a zaraz jest w tle...nie umiem tego wytłumaczyć
08 Mar 2008, 20:46
Obstawiam jakąś porządną infekcję czy MKS online wykrywa ci jakieś świństwo ?
08 Mar 2008, 20:48
Jak skanowałem wcześniej miałem 4 usunąłem wszystkie, ESET znalazł też 4 i też usunąłem, teraz jak chce włączyć MKS to sie wiesza Explorer i kicha... 
- Kod:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:47, on 2008-03-08
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Keyboard Driver\KMWDSrv.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\VMSnap3.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\antiviirus.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\TP-LINK\TL-WN321G Wireless Utility\Installer\WINXP\TWCU.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.start.tcz.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RDL Rolex - {0CB4765E-BF84-461A-B820-E61D8CD7A9E2} - C:\WINDOWS\dkxrstqqlx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: enlfxgw - {B01B1DB1-AEBB-4920-A353-88E1C97BCA2E} - C:\WINDOWS\enlfxgw.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [VMSnap3] C:\WINDOWS\VMSnap3.EXE
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [antiviirus] C:\Program Files\antiviirus.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - Global Startup: TL-WN321G Wireless Utility.lnk = C:\Program Files\TP-LINK\TL-WN321G Wireless Utility\Installer\WINXP\TWCU.exe
O14 - IERESET.INF: START_PAGE_URL=www.onet.pl
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O21 - SSODL: apdqnxp - {5C6C02C3-CA8A-4956-9DCA-3CF994D88CAF} - C:\WINDOWS\apdqnxp.dll
O21 - SSODL: btrklfr - {F0CE46DA-4DB5-4322-A6B4-D165836012A7} - C:\WINDOWS\btrklfr.dll
O21 - SSODL: zip - {6286a187-fab2-41e9-97d6-d8d7e038457f} - C:\WINDOWS\Installer\{6286a187-fab2-41e9-97d6-d8d7e038457f}\zip.dll
O21 - SSODL: AvpUnknown - {c9d0459c-c32b-4317-9561-a00368a32d42} - C:\WINDOWS\Installer\{c9d0459c-c32b-4317-9561-a00368a32d42}\AvpUnknown.dll
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: ipfw_helper (ipfw) - Unknown owner - C:\Program Files\MCS Studios\MCS Firewall 6\system\ipfw.exe (file missing)
O23 - Service: Keyboard And Mouse Communication Service (KMWDSERVICE) - UASSOFT.COM - C:\Program Files\Keyboard Driver\KMWDSrv.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Start BT in service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
--
End of file - 5342 bytes
08 Mar 2008, 21:12
O4 - HKLM\..\Run: [antiviirus] C:\Program Files\antiviirus.exe
Usuń syfa.
Usuń syfa.
08 Mar 2008, 21:31
NIe da sie
Zaraz prześle log z MKS Online mam trojeny jakieś dziwne
Zaraz prześle log z MKS Online mam trojeny jakieś dziwne
08 Mar 2008, 22:53
start>>uruchom>>msconfig>>zakłądka boot.ini zaznacz safeboot>>ponownie uruchamiasz komputer. Ręcznie usuwasz pliki:
C:\Program Files\antiviirus.exe
C:\WINDOWS\dkxrstqqlx.dll
C:\WINDOWS\enlfxgw.dll
C:\WINDOWS\btrklfr.dll
C:\WINDOWS\apdqnxp.dll
C:\WINDOWS\Installer\{6286a187-fab2-41e9-97d6-d8d7e038457f}\zip.dll
C:\WINDOWS\Installer\{c9d0459c-c32b-4317-9561-a00368a32d42}\AvpUnknown.dll
C:\Program Files\MCS Studios\MCS Firewall 6\system\ipfw.exe
Po usunięciu dajesz logi. Jakby nie chciał się włączyć normalny tryb, to pamiętaj, że działa to wstecz. Aha, wez to skopuj do pliku tekstowego, bo włączy minimalny awaryjny bez dostępu do neta.
C:\Program Files\antiviirus.exe
C:\WINDOWS\dkxrstqqlx.dll
C:\WINDOWS\enlfxgw.dll
C:\WINDOWS\btrklfr.dll
C:\WINDOWS\apdqnxp.dll
C:\WINDOWS\Installer\{6286a187-fab2-41e9-97d6-d8d7e038457f}\zip.dll
C:\WINDOWS\Installer\{c9d0459c-c32b-4317-9561-a00368a32d42}\AvpUnknown.dll
C:\Program Files\MCS Studios\MCS Firewall 6\system\ipfw.exe
Po usunięciu dajesz logi. Jakby nie chciał się włączyć normalny tryb, to pamiętaj, że działa to wstecz. Aha, wez to skopuj do pliku tekstowego, bo włączy minimalny awaryjny bez dostępu do neta.
08 Mar 2008, 23:24
C:\Program Files\MCS Studios\MCS Firewall 6\system\ipfw.exe
TEGO NIE MA NA MOIM KOMPIE!!!!!
Przeskanowałem kompa
-MKS On line - Znalazł jednego trojana, którego usunąłem
-Kaspersky On line - Znalazł dwa wirusy, co to było nie wiem...co sie z nimi stało też nie wiem...
-Mój anty wir z kompa ESET - Znalazł cztery trojany, które usunąłem...
Resztę z tego co mi pp każe usunąć, to jak znajdę usunę ale jutro rano, dam loga...
TEGO NIE MA NA MOIM KOMPIE!!!!!
Przeskanowałem kompa
-MKS On line - Znalazł jednego trojana, którego usunąłem
-Kaspersky On line - Znalazł dwa wirusy, co to było nie wiem...co sie z nimi stało też nie wiem...
-Mój anty wir z kompa ESET - Znalazł cztery trojany, które usunąłem...
Resztę z tego co mi pp każe usunąć, to jak znajdę usunę ale jutro rano, dam loga...
08 Mar 2008, 23:27
Ma być w awaryjnym.
09 Mar 2008, 12:16
Oto log z ESET'a...21 wirusów? przez noc? eh?
Scan Log
Version of virus signature database: 2932 (20080309)
Date: 2008-03-09 Time: 10:58:54
Scanned disks, folders and files: C:\;D:\
C:\pagefile.sys - error opening [4]
C:\Documents and Settings\All Users\Dane aplikacji\Symantec\ErrLogs\{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}9a087e8c.zip » ZIP » [Temp]\LSInstall.log » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users\Dane aplikacji\Symantec\ErrLogs\{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}9a087e8c.zip » ZIP » - archive damaged
C:\Documents and Settings\All Users\Dane aplikacji\Symantec\ErrLogs\{830D8CBD-C668-49e2-A969-C2C2106332E0}2f5dedf6.zip » ZIP » [Temp]\LSInstall.log » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users\Dane aplikacji\Symantec\ErrLogs\{830D8CBD-C668-49e2-A969-C2C2106332E0}2f5dedf6.zip » ZIP » - archive damaged
C:\Documents and Settings\All Users\Dane aplikacji\Symantec\ErrLogs\{830D8CBD-C668-49e2-A969-C2C2106332E0}54a340c2.zip » ZIP » [Temp]\LSInstall.log » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users\Dane aplikacji\Symantec\ErrLogs\{830D8CBD-C668-49e2-A969-C2C2106332E0}eb277736.zip » ZIP » [Temp]\LSInstall.log » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users\Dane aplikacji\Symantec\ErrLogs\{830D8CBD-C668-49e2-A969-C2C2106332E0}eb277736.zip » ZIP » - archive damaged
C:\Documents and Settings\Kamil\NTUSER.DAT - error opening [4]
C:\Documents and Settings\Kamil\ntuser.dat.LOG - error opening [4]
C:\Documents and Settings\Kamil\Dane aplikacji\Mozilla\Firefox\Profiles\9qtrlisq.default\parent.lock - error opening [4]
C:\Documents and Settings\Kamil\Dane aplikacji\Mozilla\Firefox\Profiles\9qtrlisq.default\extensions\{c36177c0-224a-11da-8cd6-0800200c9a66}\chrome.manifest » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Kamil\Ustawienia lokalne\Dane aplikacji\Identities\{03049A7A-265A-4D67-A8D2-50F1692F32DC}\Microsoft\Outlook Express\Skrzynka odbiorcza.dbx » DBX - is OK (internal scanning not performed)
C:\Documents and Settings\Kamil\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat - error opening [4]
C:\Documents and Settings\Kamil\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat.LOG - error opening [4]
C:\Documents and Settings\Kamil\Ustawienia lokalne\Temp\kBewCCKj.exe - Win32/TrojanDropper.Agent.EYA trojan - cleaned by deleting - quarantined [1]
C:\Documents and Settings\Kamil\Ustawienia lokalne\Temp\mso11.exe - Win32/TrojanDropper.Agent.EYA trojan - cleaned by deleting - quarantined [1]
C:\Documents and Settings\Kamil\Ustawienia lokalne\Temporary Internet Files\Content.IE5\6OIFQGAL\1204990559[1].exe - Win32/TrojanDropper.Agent.EYA trojan - cleaned by deleting - quarantined [1]
C:\Documents and Settings\Kamil\Ustawienia lokalne\Temporary Internet Files\Content.IE5\GMB4IU54\1204990549[1].exe - probably a variant of Win32/TrojanDropper.Agent.EYA trojan - cleaned by deleting - quarantined [1]
C:\Documents and Settings\LocalService\NTUSER.DAT - error opening [4]
C:\Documents and Settings\LocalService\ntuser.dat.LOG - error opening [4]
C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat - error opening [4]
C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat.LOG - error opening [4]
C:\Documents and Settings\NetworkService\NTUSER.DAT - error opening [4]
C:\Documents and Settings\NetworkService\ntuser.dat.LOG - error opening [4]
C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat - error opening [4]
C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat.LOG - error opening [4]
C:\Downloads\Inne\BitComet 0.99.exe » NSIS » passport_info_en_us.mht » MIME - is OK (internal scanning not performed)
C:\Downloads\Inne\BitComet 0.99.exe » NSIS » passport_info_zh_cn.mht » MIME - is OK (internal scanning not performed)
C:\Downloads\Inne\BitComet 0.99.exe » NSIS » passport_login_en_us.mht » MIME - is OK (internal scanning not performed)
C:\Downloads\Inne\BitComet 0.99.exe » NSIS » passport_login_zh_cn.mht » MIME - is OK (internal scanning not performed)
C:\Program Files\tmp24328.exe - Win32/TrojanDropper.Agent.EYA trojan - cleaned by deleting - quarantined [1]
C:\Program Files\tmp25812.exe - Win32/TrojanDropper.Agent.EYA trojan - cleaned by deleting - quarantined [1]
C:\Program Files\tmp26453.exe - Win32/TrojanDropper.Agent.EYA trojan - cleaned by deleting - quarantined [1]
C:\Program Files\tmp27375.exe - Win32/TrojanDropper.Agent.EYA trojan - cleaned by deleting - quarantined [1]
C:\Program Files\tmp27609.exe - Win32/TrojanDropper.Agent.EYA trojan - cleaned by deleting - quarantined [1]
C:\Program Files\tmp28921.exe - Win32/TrojanDropper.Agent.EYA trojan - cleaned by deleting - quarantined [1]
C:\Program Files\tmp29437.exe - Win32/TrojanDropper.Agent.EYA trojan - cleaned by deleting - quarantined [1]
C:\Program Files\tmp30875.exe - Win32/TrojanDropper.Agent.EYA trojan - cleaned by deleting - quarantined [1]
C:\Program Files\tmp31546.exe - Win32/TrojanDropper.Agent.EYA trojan - cleaned by deleting - quarantined [1]
C:\Program Files\tmp32421.exe - Win32/TrojanDropper.Agent.EYA trojan - cleaned by deleting - quarantined [1]
C:\Program Files\tmp32671.exe - Win32/TrojanDropper.Agent.EYA trojan - cleaned by deleting - quarantined [1]
C:\Program Files\tmp33984.exe - Win32/TrojanDropper.Agent.EYA trojan - cleaned by deleting - quarantined [1]
C:\Program Files\tmp5927921.exe - Win32/TrojanDropper.Agent.EYA trojan - cleaned by deleting - quarantined [1]
C:\Program Files\tmp5932968.exe - Win32/TrojanDropper.Agent.EYA trojan - cleaned by deleting - quarantined [1]
C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\core3.zip » ZIP » lib/deploy/ffjcext.zip » ZIP » {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}/chrome.manifest » MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\core3.zip » ZIP » lib/resources.jar » ZIP » com/sun/org/apache/xerces/internal/impl/msg/XIncludeMessages.properties » MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\core3.zip » ZIP » lib/resources.jar » ZIP » com/sun/xml/internal/fastinfoset/resources/ResourceBundle.properties » MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\core3.zip » ZIP » lib/resources.jar » ZIP » javax/xml/bind/Messages.properties » MIME - is OK (internal scanning not performed)
C:\Program Files\Java\jre1.6.0_02\lib\resources.jar » ZIP » com/sun/org/apache/xerces/internal/impl/msg/XIncludeMessages.properties » MIME - is OK (internal scanning not performed)
C:\Program Files\Java\jre1.6.0_02\lib\resources.jar » ZIP » com/sun/xml/internal/fastinfoset/resources/ResourceBundle.properties » MIME - is OK (internal scanning not performed)
C:\Program Files\Java\jre1.6.0_02\lib\resources.jar » ZIP » javax/xml/bind/Messages.properties » MIME - is OK (internal scanning not performed)
C:\Program Files\Java\jre1.6.0_02\lib\deploy\ffjcext.zip » ZIP » {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}/chrome.manifest » MIME - is OK (internal scanning not performed)
C:\Program Files\Java\jre1.6.0_03\lib\resources.jar » ZIP » com/sun/org/apache/xerces/internal/impl/msg/XIncludeMessages.properties » MIME - is OK (internal scanning not performed)
C:\Program Files\Java\jre1.6.0_03\lib\resources.jar » ZIP » com/sun/xml/internal/fastinfoset/resources/ResourceBundle.properties » MIME - is OK (internal scanning not performed)
C:\Program Files\Java\jre1.6.0_03\lib\resources.jar » ZIP » javax/xml/bind/Messages.properties » MIME - is OK (internal scanning not performed)
C:\Program Files\Java\jre1.6.0_03\lib\deploy\ffjcext.zip » ZIP » {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}/chrome.manifest » MIME - is OK (internal scanning not performed)
C:\Program Files\Mozilla Firefox\chrome\browser.manifest » MIME - is OK (internal scanning not performed)
C:\Program Files\Mozilla Firefox\chrome\comm.manifest » MIME - is OK (internal scanning not performed)
C:\Program Files\Mozilla Firefox\chrome\pippki.manifest » MIME - is OK (internal scanning not performed)
C:\Program Files\Mozilla Firefox\chrome\toolkit.manifest » MIME - is OK (internal scanning not performed)
C:\Program Files\OpenOffice.ux.pl 2.2.0\program\python-core-2.3.4\lib\compiler\visitor.py » MIME - is OK (internal scanning not performed)
C:\Program Files\OpenOffice.ux.pl 2.2.0\program\python-core-2.3.4\lib\idlelib\MultiStatusBar.py » MIME - is OK (internal scanning not performed)
C:\Program Files\OpenOffice.ux.pl 2.2.0\program\python-core-2.3.4\lib\idlelib\OutputWindow.py » MIME - is OK (internal scanning not performed)
C:\Program Files\OpenOffice.ux.pl 2.2.0\program\python-core-2.3.4\lib\idlelib\Percolator.py » MIME - is OK (internal scanning not performed)
C:\Program Files\OpenOffice.ux.pl 2.2.0\program\python-core-2.3.4\lib\idlelib\ReplaceDialog.py » MIME - is OK (internal scanning not performed)
C:\Program Files\OpenOffice.ux.pl 2.2.0\program\python-core-2.3.4\lib\idlelib\ScrolledList.py » MIME - is OK (internal scanning not performed)
C:\Program Files\OpenOffice.ux.pl 2.2.0\program\python-core-2.3.4\lib\idlelib\SearchDialog.py » MIME - is OK (internal scanning not performed)
C:\Program Files\OpenOffice.ux.pl 2.2.0\program\python-core-2.3.4\lib\idlelib\SearchDialogBase.py » MIME - is OK (internal scanning not performed)
C:\Program Files\OpenOffice.ux.pl 2.2.0\program\python-core-2.3.4\lib\idlelib\WidgetRedirector.py » MIME - is OK (internal scanning not performed)
C:\Program Files\OpenOffice.ux.pl 2.2.0\program\python-core-2.3.4\lib\idlelib\WindowList.py » MIME - is OK (internal scanning not performed)
C:\Program Files\OpenOffice.ux.pl 2.2.0\program\python-core-2.3.4\lib\lib-old\whatsound.py » MIME - is OK (internal scanning not performed)
C:\Program Files\OpenOffice.ux.pl 2.2.0\program\python-core-2.3.4\lib\test\double_const.py » MIME - is OK (internal scanning not performed)
C:\Program Files\OpenOffice.ux.pl 2.2.0\program\python-core-2.3.4\lib\test\testtar.tar » TAR » - archive damaged
C:\Program Files\OpenOffice.ux.pl 2.2.0\program\python-core-2.3.4\lib\test\test_bufio.py » MIME - is OK (internal scanning not performed)
C:\Program Files\OpenOffice.ux.pl 2.2.0\program\python-core-2.3.4\lib\test\test_cgi.py » MIME - is OK (internal scanning not performed)
C:\Program Files\OpenOffice.ux.pl 2.2.0\program\python-core-2.3.4\lib\test\test_codecs.py » MIME - is OK (internal scanning not performed)
C:\Program Files\OpenOffice.ux.pl 2.2.0\program\python-core-2.3.4\lib\test\test_contains.py » MIME - is OK (internal scanning not performed)
C:\Program Files\OpenOffice.ux.pl 2.2.0\program\python-core-2.3.4\lib\test\test_dis.py » MIME - is OK (internal scanning not performed)
C:\Program Files\OpenOffice.ux.pl 2.2.0\program\python-core-2.3.4\lib\test\test_extcall.py » MIME - is OK (internal scanning not performed)
C:\Program Files\OpenOffice.ux.pl 2.2.0\program\python-core-2.3.4\lib\test\test_format.py » MIME - is OK (internal scanning not performed)
C:\Program Files\OpenOffice.ux.pl 2.2.0\program\python-core-2.3.4\lib\test\test_funcattrs.py » MIME - is OK (internal scanning not performed)
C:\Program Files\OpenOffice.ux.pl 2.2.0\program\python-core-2.3.4\lib\test\test_future3.py » MIME - is OK (internal scanning not performed)
C:\Program Files\OpenOffice.ux.pl 2.2.0\program\python-core-2.3.4\lib\test\test_gc.py » MIME - is OK (internal scanning not performed)
C:\Program Files\OpenOffice.ux.pl 2.2.0\program\python-core-2.3.4\lib\test\test_gzip.py » MIME - is OK (internal scanning not performed)
C:\Program Files\OpenOffice.ux.pl 2.2.0\program\python-core-2.3.4\lib\test\test_import.py » MIME - is OK (internal scanning not performed)
C:\Program Files\OpenOffice.ux.pl 2.2.0\program\python-core-2.3.4\lib\test\test_linuxaudiodev.py » MIME - is OK (internal scanning not performed)
C:\Program Files\OpenOffice.ux.pl 2.2.0\program\python-core-2.3.4\lib\test\test_locale.py » MIME - is OK (internal scanning not performed)
C:\Program Files\OpenOffice.ux.pl 2.2.0\program\python-core-2.3.4\lib\test\test_long.py » MIME - is OK (internal scanning not performed)
C:\Program Files\OpenOffice.ux.pl 2.2.0\program\python-core-2.3.4\lib\test\test_long_future.py » MIME - is OK (internal scanning not performed)
C:\Program Files\OpenOffice.ux.pl 2.2.0\program\python-core-2.3.4\lib\test\test_marshal.py » MIME - is OK (internal scanning not performed)
C:\Program Files\OpenOffice.ux.pl 2.2.0\program\python-core-2.3.4\lib\test\test_mmap.py » MIME - is OK (internal scanning not performed)
C:\Program Files\OpenOffice.ux.pl 2.2.0\program\python-core-2.3.4\lib\test\test_mutants.py » MIME - is OK (internal scanning not performed)
C:\Program Files\OpenOffice.ux.pl 2.2.0\program\python-core-2.3.4\lib\test\test_new.py » MIME - is OK (internal scanning not performed)
C:\Program Files\OpenOffice.ux.pl 2.2.0\program\python-core-2.3.4\lib\test\test_nis.py » MIME - is OK (internal scanning not performed)
C:\Program Files\OpenOffice.ux.pl 2.2.0\program\python-core-2.3.4\lib\test\test_normalization.py » MIME - is OK (internal scanning not performed)
C:\Program Files\OpenOffice.ux.pl 2.2.0\program\python-core-2.3.4\lib\test\test_ossaudiodev.py » MIME - is OK (internal scanning not performed)
C:\Program Files\OpenOffice.ux.pl 2.2.0\program\python-core-2.3.4\lib\test\test_quopri.py » MIME - is OK (internal scanning not performed)
C:\Program Files\OpenOffice.ux.pl 2.2.0\program\python-core-2.3.4\lib\test\test_regex.py » MIME - is OK (internal scanning not performed)
C:\Program Files\OpenOffice.ux.pl 2.2.0\program\python-core-2.3.4\lib\test\test_scope.py » MIME - is OK (internal scanning not performed)
C:\Program Files\OpenOffice.ux.pl 2.2.0\program\python-core-2.3.4\lib\test\test_softspace.py » MIME - is OK (internal scanning not performed)
C:\Program Files\OpenOffice.ux.pl 2.2.0\program\python-core-2.3.4\lib\test\test_sort.py » MIME - is OK (internal scanning not performed)
C:\Program Files\OpenOffice.ux.pl 2.2.0\program\python-core-2.3.4\lib\test\test_struct.py » MIME - is OK (internal scanning not performed)
C:\Program Files\OpenOffice.ux.pl 2.2.0\program\python-core-2.3.4\lib\test\test_structseq.py » MIME - is OK (internal scanning not performed)
C:\Program Files\OpenOffice.ux.pl 2.2.0\program\python-core-2.3.4\lib\test\test_sunaudiodev.py » MIME - is OK (internal scanning not performed)
C:\Program Files\OpenOffice.ux.pl 2.2.0\program\python-core-2.3.4\lib\test\test_symtable.py » MIME - is OK (internal scanning not performed)
C:\Program Files\OpenOffice.ux.pl 2.2.0\program\python-core-2.3.4\lib\test\test_time.py » MIME - is OK (internal scanning not performed)
C:\Program Files\OpenOffice.ux.pl 2.2.0\program\python-core-2.3.4\lib\test\test_timing.py » MIME - is OK (internal scanning not performed)
C:\Program Files\OpenOffice.ux.pl 2.2.0\program\python-core-2.3.4\lib\test\test_tokenize.py » MIME - is OK (internal scanning not performed)
C:\Program Files\OpenOffice.ux.pl 2.2.0\program\python-core-2.3.4\lib\test\test_unpack.py » MIME - is OK (internal scanning not performed)
C:\Program Files\OpenOffice.ux.pl 2.2.0\program\python-core-2.3.4\lib\test\test_urllib2.py » MIME - is OK (internal scanning not performed)
C:\Program Files\OpenOffice.ux.pl 2.2.0\program\python-core-2.3.4\lib\test\test_wave.py » MIME - is OK (internal scanning not performed)
C:\Program Files\OpenOffice.ux.pl 2.2.0\program\python-core-2.3.4\lib\test\test_xreadline.py » MIME - is OK (internal scanning not performed)
C:\RECYCLER\S-1-5-21-790525478-764733703-839522115-1003\Dc15.exe - Win32/TrojanDropper.Agent.EYA trojan - cleaned by deleting - quarantined [1]
C:\WINDOWS\Installer\{6286a187-fab2-41e9-97d6-d8d7e038457f}\zip.dll - Win32/TrojanDropper.Agent.EYA trojan - cleaned by deleting (after the next restart) - quarantined [1,2]
C:\WINDOWS\Installer\{c9d0459c-c32b-4317-9561-a00368a32d42}\AvpUnknown.dll - Win32/TrojanDropper.Agent.EYA trojan - cleaned by deleting (after the next restart) - quarantined [1,2]
C:\WINDOWS\SoftwareDistribution\EventCache\{C987DACB-4EE7-4418-A954-450CD7E1C728}.bin - error opening [4]
C:\WINDOWS\system32\config\default - error opening [4]
C:\WINDOWS\system32\config\default.LOG - error opening [4]
C:\WINDOWS\system32\config\SAM - error opening [4]
C:\WINDOWS\system32\config\SAM.LOG - error opening [4]
C:\WINDOWS\system32\config\SECURITY - error opening [4]
C:\WINDOWS\system32\config\SECURITY.LOG - error opening [4]
C:\WINDOWS\system32\config\software - error opening [4]
C:\WINDOWS\system32\config\software.LOG - error opening [4]
C:\WINDOWS\system32\config\system - error opening [4]
C:\WINDOWS\system32\config\system.LOG - error opening [4]
C:\WINDOWS\system32\drivers\sptd.sys - error opening [4]
Number of scanned objects: 170941
Number of threats found: 21
Time of completion: 11:11:21 Total scanning time: 747 sec (00:12:27)
Notes:
[1] Object has been deleted as it only contained the virus body.
[2] Object is in use (open or running). A system restart is required for the cleaning to complete.
[4] Object cannot be opened. It may be in use by another application or operating system.
Scan Log
Version of virus signature database: 2932 (20080309)
Date: 2008-03-09 Time: 10:58:54
Scanned disks, folders and files: C:\;D:\
C:\pagefile.sys - error opening [4]
C:\Documents and Settings\All Users\Dane aplikacji\Symantec\ErrLogs\{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}9a087e8c.zip » ZIP » [Temp]\LSInstall.log » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users\Dane aplikacji\Symantec\ErrLogs\{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}9a087e8c.zip » ZIP » - archive damaged
C:\Documents and Settings\All Users\Dane aplikacji\Symantec\ErrLogs\{830D8CBD-C668-49e2-A969-C2C2106332E0}2f5dedf6.zip » ZIP » [Temp]\LSInstall.log » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users\Dane aplikacji\Symantec\ErrLogs\{830D8CBD-C668-49e2-A969-C2C2106332E0}2f5dedf6.zip » ZIP » - archive damaged
C:\Documents and Settings\All Users\Dane aplikacji\Symantec\ErrLogs\{830D8CBD-C668-49e2-A969-C2C2106332E0}54a340c2.zip » ZIP » [Temp]\LSInstall.log » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users\Dane aplikacji\Symantec\ErrLogs\{830D8CBD-C668-49e2-A969-C2C2106332E0}eb277736.zip » ZIP » [Temp]\LSInstall.log » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users\Dane aplikacji\Symantec\ErrLogs\{830D8CBD-C668-49e2-A969-C2C2106332E0}eb277736.zip » ZIP » - archive damaged
C:\Documents and Settings\Kamil\NTUSER.DAT - error opening [4]
C:\Documents and Settings\Kamil\ntuser.dat.LOG - error opening [4]
C:\Documents and Settings\Kamil\Dane aplikacji\Mozilla\Firefox\Profiles\9qtrlisq.default\parent.lock - error opening [4]
C:\Documents and Settings\Kamil\Dane aplikacji\Mozilla\Firefox\Profiles\9qtrlisq.default\extensions\{c36177c0-224a-11da-8cd6-0800200c9a66}\chrome.manifest » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Kamil\Ustawienia lokalne\Dane aplikacji\Identities\{03049A7A-265A-4D67-A8D2-50F1692F32DC}\Microsoft\Outlook Express\Skrzynka odbiorcza.dbx » DBX - is OK (internal scanning not performed)
C:\Documents and Settings\Kamil\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat - error opening [4]
C:\Documents and Settings\Kamil\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat.LOG - error opening [4]
C:\Documents and Settings\Kamil\Ustawienia lokalne\Temp\kBewCCKj.exe - Win32/TrojanDropper.Agent.EYA trojan - cleaned by deleting - quarantined [1]
C:\Documents and Settings\Kamil\Ustawienia lokalne\Temp\mso11.exe - Win32/TrojanDropper.Agent.EYA trojan - cleaned by deleting - quarantined [1]
C:\Documents and Settings\Kamil\Ustawienia lokalne\Temporary Internet Files\Content.IE5\6OIFQGAL\1204990559[1].exe - Win32/TrojanDropper.Agent.EYA trojan - cleaned by deleting - quarantined [1]
C:\Documents and Settings\Kamil\Ustawienia lokalne\Temporary Internet Files\Content.IE5\GMB4IU54\1204990549[1].exe - probably a variant of Win32/TrojanDropper.Agent.EYA trojan - cleaned by deleting - quarantined [1]
C:\Documents and Settings\LocalService\NTUSER.DAT - error opening [4]
C:\Documents and Settings\LocalService\ntuser.dat.LOG - error opening [4]
C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat - error opening [4]
C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat.LOG - error opening [4]
C:\Documents and Settings\NetworkService\NTUSER.DAT - error opening [4]
C:\Documents and Settings\NetworkService\ntuser.dat.LOG - error opening [4]
C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat - error opening [4]
C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat.LOG - error opening [4]
C:\Downloads\Inne\BitComet 0.99.exe » NSIS » passport_info_en_us.mht » MIME - is OK (internal scanning not performed)
C:\Downloads\Inne\BitComet 0.99.exe » NSIS » passport_info_zh_cn.mht » MIME - is OK (internal scanning not performed)
C:\Downloads\Inne\BitComet 0.99.exe » NSIS » passport_login_en_us.mht » MIME - is OK (internal scanning not performed)
C:\Downloads\Inne\BitComet 0.99.exe » NSIS » passport_login_zh_cn.mht » MIME - is OK (internal scanning not performed)
C:\Program Files\tmp24328.exe - Win32/TrojanDropper.Agent.EYA trojan - cleaned by deleting - quarantined [1]
C:\Program Files\tmp25812.exe - Win32/TrojanDropper.Agent.EYA trojan - cleaned by deleting - quarantined [1]
C:\Program Files\tmp26453.exe - Win32/TrojanDropper.Agent.EYA trojan - cleaned by deleting - quarantined [1]
C:\Program Files\tmp27375.exe - Win32/TrojanDropper.Agent.EYA trojan - cleaned by deleting - quarantined [1]
C:\Program Files\tmp27609.exe - Win32/TrojanDropper.Agent.EYA trojan - cleaned by deleting - quarantined [1]
C:\Program Files\tmp28921.exe - Win32/TrojanDropper.Agent.EYA trojan - cleaned by deleting - quarantined [1]
C:\Program Files\tmp29437.exe - Win32/TrojanDropper.Agent.EYA trojan - cleaned by deleting - quarantined [1]
C:\Program Files\tmp30875.exe - Win32/TrojanDropper.Agent.EYA trojan - cleaned by deleting - quarantined [1]
C:\Program Files\tmp31546.exe - Win32/TrojanDropper.Agent.EYA trojan - cleaned by deleting - quarantined [1]
C:\Program Files\tmp32421.exe - Win32/TrojanDropper.Agent.EYA trojan - cleaned by deleting - quarantined [1]
C:\Program Files\tmp32671.exe - Win32/TrojanDropper.Agent.EYA trojan - cleaned by deleting - quarantined [1]
C:\Program Files\tmp33984.exe - Win32/TrojanDropper.Agent.EYA trojan - cleaned by deleting - quarantined [1]
C:\Program Files\tmp5927921.exe - Win32/TrojanDropper.Agent.EYA trojan - cleaned by deleting - quarantined [1]
C:\Program Files\tmp5932968.exe - Win32/TrojanDropper.Agent.EYA trojan - cleaned by deleting - quarantined [1]
C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\core3.zip » ZIP » lib/deploy/ffjcext.zip » ZIP » {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}/chrome.manifest » MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\core3.zip » ZIP » lib/resources.jar » ZIP » com/sun/org/apache/xerces/internal/impl/msg/XIncludeMessages.properties » MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\core3.zip » ZIP » lib/resources.jar » ZIP » com/sun/xml/internal/fastinfoset/resources/ResourceBundle.properties » MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\core3.zip » ZIP » lib/resources.jar » ZIP » javax/xml/bind/Messages.properties » MIME - is OK (internal scanning not performed)
C:\Program Files\Java\jre1.6.0_02\lib\resources.jar » ZIP » com/sun/org/apache/xerces/internal/impl/msg/XIncludeMessages.properties » MIME - is OK (internal scanning not performed)
C:\Program Files\Java\jre1.6.0_02\lib\resources.jar » ZIP » com/sun/xml/internal/fastinfoset/resources/ResourceBundle.properties » MIME - is OK (internal scanning not performed)
C:\Program Files\Java\jre1.6.0_02\lib\resources.jar » ZIP » javax/xml/bind/Messages.properties » MIME - is OK (internal scanning not performed)
C:\Program Files\Java\jre1.6.0_02\lib\deploy\ffjcext.zip » ZIP » {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}/chrome.manifest » MIME - is OK (internal scanning not performed)
C:\Program Files\Java\jre1.6.0_03\lib\resources.jar » ZIP » com/sun/org/apache/xerces/internal/impl/msg/XIncludeMessages.properties » MIME - is OK (internal scanning not performed)
C:\Program Files\Java\jre1.6.0_03\lib\resources.jar » ZIP » com/sun/xml/internal/fastinfoset/resources/ResourceBundle.properties » MIME - is OK (internal scanning not performed)
C:\Program Files\Java\jre1.6.0_03\lib\resources.jar » ZIP » javax/xml/bind/Messages.properties » MIME - is OK (internal scanning not performed)
C:\Program Files\Java\jre1.6.0_03\lib\deploy\ffjcext.zip » ZIP » {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}/chrome.manifest » MIME - is OK (internal scanning not performed)
C:\Program Files\Mozilla Firefox\chrome\browser.manifest » MIME - is OK (internal scanning not performed)
C:\Program Files\Mozilla Firefox\chrome\comm.manifest » MIME - is OK (internal scanning not performed)
C:\Program Files\Mozilla Firefox\chrome\pippki.manifest » MIME - is OK (internal scanning not performed)
C:\Program Files\Mozilla Firefox\chrome\toolkit.manifest » MIME - is OK (internal scanning not performed)
C:\Program Files\OpenOffice.ux.pl 2.2.0\program\python-core-2.3.4\lib\compiler\visitor.py » MIME - is OK (internal scanning not performed)
C:\Program Files\OpenOffice.ux.pl 2.2.0\program\python-core-2.3.4\lib\idlelib\MultiStatusBar.py » MIME - is OK (internal scanning not performed)
C:\Program Files\OpenOffice.ux.pl 2.2.0\program\python-core-2.3.4\lib\idlelib\OutputWindow.py » MIME - is OK (internal scanning not performed)
C:\Program Files\OpenOffice.ux.pl 2.2.0\program\python-core-2.3.4\lib\idlelib\Percolator.py » MIME - is OK (internal scanning not performed)
C:\Program Files\OpenOffice.ux.pl 2.2.0\program\python-core-2.3.4\lib\idlelib\ReplaceDialog.py » MIME - is OK (internal scanning not performed)
C:\Program Files\OpenOffice.ux.pl 2.2.0\program\python-core-2.3.4\lib\idlelib\ScrolledList.py » MIME - is OK (internal scanning not performed)
C:\Program Files\OpenOffice.ux.pl 2.2.0\program\python-core-2.3.4\lib\idlelib\SearchDialog.py » MIME - is OK (internal scanning not performed)
C:\Program Files\OpenOffice.ux.pl 2.2.0\program\python-core-2.3.4\lib\idlelib\SearchDialogBase.py » MIME - is OK (internal scanning not performed)
C:\Program Files\OpenOffice.ux.pl 2.2.0\program\python-core-2.3.4\lib\idlelib\WidgetRedirector.py » MIME - is OK (internal scanning not performed)
C:\Program Files\OpenOffice.ux.pl 2.2.0\program\python-core-2.3.4\lib\idlelib\WindowList.py » MIME - is OK (internal scanning not performed)
C:\Program Files\OpenOffice.ux.pl 2.2.0\program\python-core-2.3.4\lib\lib-old\whatsound.py » MIME - is OK (internal scanning not performed)
C:\Program Files\OpenOffice.ux.pl 2.2.0\program\python-core-2.3.4\lib\test\double_const.py » MIME - is OK (internal scanning not performed)
C:\Program Files\OpenOffice.ux.pl 2.2.0\program\python-core-2.3.4\lib\test\testtar.tar » TAR » - archive damaged
C:\Program Files\OpenOffice.ux.pl 2.2.0\program\python-core-2.3.4\lib\test\test_bufio.py » MIME - is OK (internal scanning not performed)
C:\Program Files\OpenOffice.ux.pl 2.2.0\program\python-core-2.3.4\lib\test\test_cgi.py » MIME - is OK (internal scanning not performed)
C:\Program Files\OpenOffice.ux.pl 2.2.0\program\python-core-2.3.4\lib\test\test_codecs.py » MIME - is OK (internal scanning not performed)
C:\Program Files\OpenOffice.ux.pl 2.2.0\program\python-core-2.3.4\lib\test\test_contains.py » MIME - is OK (internal scanning not performed)
C:\Program Files\OpenOffice.ux.pl 2.2.0\program\python-core-2.3.4\lib\test\test_dis.py » MIME - is OK (internal scanning not performed)
C:\Program Files\OpenOffice.ux.pl 2.2.0\program\python-core-2.3.4\lib\test\test_extcall.py » MIME - is OK (internal scanning not performed)
C:\Program Files\OpenOffice.ux.pl 2.2.0\program\python-core-2.3.4\lib\test\test_format.py » MIME - is OK (internal scanning not performed)
C:\Program Files\OpenOffice.ux.pl 2.2.0\program\python-core-2.3.4\lib\test\test_funcattrs.py » MIME - is OK (internal scanning not performed)
C:\Program Files\OpenOffice.ux.pl 2.2.0\program\python-core-2.3.4\lib\test\test_future3.py » MIME - is OK (internal scanning not performed)
C:\Program Files\OpenOffice.ux.pl 2.2.0\program\python-core-2.3.4\lib\test\test_gc.py » MIME - is OK (internal scanning not performed)
C:\Program Files\OpenOffice.ux.pl 2.2.0\program\python-core-2.3.4\lib\test\test_gzip.py » MIME - is OK (internal scanning not performed)
C:\Program Files\OpenOffice.ux.pl 2.2.0\program\python-core-2.3.4\lib\test\test_import.py » MIME - is OK (internal scanning not performed)
C:\Program Files\OpenOffice.ux.pl 2.2.0\program\python-core-2.3.4\lib\test\test_linuxaudiodev.py » MIME - is OK (internal scanning not performed)
C:\Program Files\OpenOffice.ux.pl 2.2.0\program\python-core-2.3.4\lib\test\test_locale.py » MIME - is OK (internal scanning not performed)
C:\Program Files\OpenOffice.ux.pl 2.2.0\program\python-core-2.3.4\lib\test\test_long.py » MIME - is OK (internal scanning not performed)
C:\Program Files\OpenOffice.ux.pl 2.2.0\program\python-core-2.3.4\lib\test\test_long_future.py » MIME - is OK (internal scanning not performed)
C:\Program Files\OpenOffice.ux.pl 2.2.0\program\python-core-2.3.4\lib\test\test_marshal.py » MIME - is OK (internal scanning not performed)
C:\Program Files\OpenOffice.ux.pl 2.2.0\program\python-core-2.3.4\lib\test\test_mmap.py » MIME - is OK (internal scanning not performed)
C:\Program Files\OpenOffice.ux.pl 2.2.0\program\python-core-2.3.4\lib\test\test_mutants.py » MIME - is OK (internal scanning not performed)
C:\Program Files\OpenOffice.ux.pl 2.2.0\program\python-core-2.3.4\lib\test\test_new.py » MIME - is OK (internal scanning not performed)
C:\Program Files\OpenOffice.ux.pl 2.2.0\program\python-core-2.3.4\lib\test\test_nis.py » MIME - is OK (internal scanning not performed)
C:\Program Files\OpenOffice.ux.pl 2.2.0\program\python-core-2.3.4\lib\test\test_normalization.py » MIME - is OK (internal scanning not performed)
C:\Program Files\OpenOffice.ux.pl 2.2.0\program\python-core-2.3.4\lib\test\test_ossaudiodev.py » MIME - is OK (internal scanning not performed)
C:\Program Files\OpenOffice.ux.pl 2.2.0\program\python-core-2.3.4\lib\test\test_quopri.py » MIME - is OK (internal scanning not performed)
C:\Program Files\OpenOffice.ux.pl 2.2.0\program\python-core-2.3.4\lib\test\test_regex.py » MIME - is OK (internal scanning not performed)
C:\Program Files\OpenOffice.ux.pl 2.2.0\program\python-core-2.3.4\lib\test\test_scope.py » MIME - is OK (internal scanning not performed)
C:\Program Files\OpenOffice.ux.pl 2.2.0\program\python-core-2.3.4\lib\test\test_softspace.py » MIME - is OK (internal scanning not performed)
C:\Program Files\OpenOffice.ux.pl 2.2.0\program\python-core-2.3.4\lib\test\test_sort.py » MIME - is OK (internal scanning not performed)
C:\Program Files\OpenOffice.ux.pl 2.2.0\program\python-core-2.3.4\lib\test\test_struct.py » MIME - is OK (internal scanning not performed)
C:\Program Files\OpenOffice.ux.pl 2.2.0\program\python-core-2.3.4\lib\test\test_structseq.py » MIME - is OK (internal scanning not performed)
C:\Program Files\OpenOffice.ux.pl 2.2.0\program\python-core-2.3.4\lib\test\test_sunaudiodev.py » MIME - is OK (internal scanning not performed)
C:\Program Files\OpenOffice.ux.pl 2.2.0\program\python-core-2.3.4\lib\test\test_symtable.py » MIME - is OK (internal scanning not performed)
C:\Program Files\OpenOffice.ux.pl 2.2.0\program\python-core-2.3.4\lib\test\test_time.py » MIME - is OK (internal scanning not performed)
C:\Program Files\OpenOffice.ux.pl 2.2.0\program\python-core-2.3.4\lib\test\test_timing.py » MIME - is OK (internal scanning not performed)
C:\Program Files\OpenOffice.ux.pl 2.2.0\program\python-core-2.3.4\lib\test\test_tokenize.py » MIME - is OK (internal scanning not performed)
C:\Program Files\OpenOffice.ux.pl 2.2.0\program\python-core-2.3.4\lib\test\test_unpack.py » MIME - is OK (internal scanning not performed)
C:\Program Files\OpenOffice.ux.pl 2.2.0\program\python-core-2.3.4\lib\test\test_urllib2.py » MIME - is OK (internal scanning not performed)
C:\Program Files\OpenOffice.ux.pl 2.2.0\program\python-core-2.3.4\lib\test\test_wave.py » MIME - is OK (internal scanning not performed)
C:\Program Files\OpenOffice.ux.pl 2.2.0\program\python-core-2.3.4\lib\test\test_xreadline.py » MIME - is OK (internal scanning not performed)
C:\RECYCLER\S-1-5-21-790525478-764733703-839522115-1003\Dc15.exe - Win32/TrojanDropper.Agent.EYA trojan - cleaned by deleting - quarantined [1]
C:\WINDOWS\Installer\{6286a187-fab2-41e9-97d6-d8d7e038457f}\zip.dll - Win32/TrojanDropper.Agent.EYA trojan - cleaned by deleting (after the next restart) - quarantined [1,2]
C:\WINDOWS\Installer\{c9d0459c-c32b-4317-9561-a00368a32d42}\AvpUnknown.dll - Win32/TrojanDropper.Agent.EYA trojan - cleaned by deleting (after the next restart) - quarantined [1,2]
C:\WINDOWS\SoftwareDistribution\EventCache\{C987DACB-4EE7-4418-A954-450CD7E1C728}.bin - error opening [4]
C:\WINDOWS\system32\config\default - error opening [4]
C:\WINDOWS\system32\config\default.LOG - error opening [4]
C:\WINDOWS\system32\config\SAM - error opening [4]
C:\WINDOWS\system32\config\SAM.LOG - error opening [4]
C:\WINDOWS\system32\config\SECURITY - error opening [4]
C:\WINDOWS\system32\config\SECURITY.LOG - error opening [4]
C:\WINDOWS\system32\config\software - error opening [4]
C:\WINDOWS\system32\config\software.LOG - error opening [4]
C:\WINDOWS\system32\config\system - error opening [4]
C:\WINDOWS\system32\config\system.LOG - error opening [4]
C:\WINDOWS\system32\drivers\sptd.sys - error opening [4]
Number of scanned objects: 170941
Number of threats found: 21
Time of completion: 11:11:21 Total scanning time: 747 sec (00:12:27)
Notes:
[1] Object has been deleted as it only contained the virus body.
[2] Object is in use (open or running). A system restart is required for the cleaning to complete.
[4] Object cannot be opened. It may be in use by another application or operating system.
09 Mar 2008, 13:17
C:\WINDOWS\Installer\{6286a187-fab2-41e9-97d6-d8d7e038457f}\zip.dll - Win32/TrojanDropper.Agent.EYA trojan - cleaned by deleting (after the next restart) - quarantined [1,2]
C:\WINDOWS\Installer\{c9d0459c-c32b-4317-9561-a00368a32d42}\AvpUnknown.dll - Win32/TrojanDropper.Agent.EYA trojan - cleaned by deleting (after the next restart) - quarantined [1,2]
kazałem Ci to usunąć. Nie chcesz współpracować, radź sobie sam.
Powodzenia.
C:\WINDOWS\Installer\{c9d0459c-c32b-4317-9561-a00368a32d42}\AvpUnknown.dll - Win32/TrojanDropper.Agent.EYA trojan - cleaned by deleting (after the next restart) - quarantined [1,2]
kazałem Ci to usunąć. Nie chcesz współpracować, radź sobie sam.
Powodzenia.
09 Mar 2008, 13:23
Skan sie sam włączył jak włączyłem kompa... już to on sam usunął...a ja usunąłem resztę jak skończył skanować
Nowy LoG
Nowy LoG
- Kod:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:35, on 2008-03-09
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Keyboard Driver\KMWDSrv.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\VMSnap3.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\TP-LINK\TL-WN321G Wireless Utility\Installer\WINXP\TWCU.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.start.tcz.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [VMSnap3] C:\WINDOWS\VMSnap3.EXE
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - Global Startup: TL-WN321G Wireless Utility.lnk = C:\Program Files\TP-LINK\TL-WN321G Wireless Utility\Installer\WINXP\TWCU.exe
O14 - IERESET.INF: START_PAGE_URL=www.onet.pl
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virusscanner/kavwebscan_unicode.cab
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O21 - SSODL: zip - {6286a187-fab2-41e9-97d6-d8d7e038457f} - C:\WINDOWS\Installer\{6286a187-fab2-41e9-97d6-d8d7e038457f}\zip.dll (file missing)
O21 - SSODL: AvpUnknown - {c9d0459c-c32b-4317-9561-a00368a32d42} - C:\WINDOWS\Installer\{c9d0459c-c32b-4317-9561-a00368a32d42}\AvpUnknown.dll (file missing)
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: ipfw_helper (ipfw) - Unknown owner - C:\Program Files\MCS Studios\MCS Firewall 6\system\ipfw.exe (file missing)
O23 - Service: Keyboard And Mouse Communication Service (KMWDSERVICE) - UASSOFT.COM - C:\Program Files\Keyboard Driver\KMWDSrv.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Start BT in service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
--
End of file - 5018 bytes
09 Mar 2008, 14:04
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O21 - SSODL: zip - {6286a187-fab2-41e9-97d6-d8d7e038457f} - C:\WINDOWS\Installer\{6286a187-fab2-41e9-97d6-d8d7e038457f}\zip.dll (file missing)
O21 - SSODL: AvpUnknown - {c9d0459c-c32b-4317-9561-a00368a32d42} - C:\WINDOWS\Installer\{c9d0459c-c32b-4317-9561-a00368a32d42}\AvpUnknown.dll (file missing)
Usuń w HJT.