proimage Opublikowano 11 Listopada 2010 Zgłoś Udostępnij Opublikowano 11 Listopada 2010 witam Podczas startu systemu wyskakuje komunikat: RunDLL Wystąpił problem podczas uruchamiania pliku C:\Users\Maciej\AppData\Local\Temp\sshnas21.dll Nie można odnaleźć określonego modułu. wyczytałem że to trojan, proszę o sprawdzenie mojego loga z OTL OTL.Txt Extras.Txt Odnośnik do komentarza
picasso Opublikowano 11 Listopada 2010 Zgłoś Udostępnij Opublikowano 11 Listopada 2010 Owszem, infekcja. Przy okazji usunę też ogłuszającą liczbę plików Temp*.html nabitą przez GG10. 1. Uruchom OTL i w sekcji Własne opcje skanowania / skrypt wklej: :OTL SRV - [2009-06-24 01:41:22 | 000,094,298 | ---- | M] (Sver) [Auto | Running] -- c:\Windows\SysWOW64\tuoyqin.exe -- (tblphymjojafsi) O4 - HKU\S-1-5-21-3579702200-2269351193-524947640-1000..\Run: [Canaveral] C:\Users\Maciej\AppData\Local\Temp\sshnas21.DLL File not found O4 - HKU\S-1-5-21-3579702200-2269351193-524947640-1000..\Run: [M5T8QL3YW3] C:\Users\Maciej\AppData\Local\Temp\Asx.exe File not found O4 - HKU\S-1-5-21-3579702200-2269351193-524947640-1000..\Run: [] File not found O4 - HKLM..\Run: [] File not found :Files C:\Program Files (x86)\Hbldvhyredee C:\Windows\SysWow64\msrunrerm.dll C:\Users\Maciej\AppData\Local\Temp*.html :Commands [emptyflash] [emptytemp] Uruchom proces przez Wykonaj skrypt. Po restarcie otrzymasz z tego log. 2. Do prezentacji: log powstały z usuwania oraz nowe logi z OTL. . Odnośnik do komentarza
proimage Opublikowano 11 Listopada 2010 Autor Zgłoś Udostępnij Opublikowano 11 Listopada 2010 Postąpiłem zgodnie z instrukcją. Przy starcie systemu nie ma już informacji o problemie z sshnas21.dll Mam jeszcze pytanie, korzystam z dysków zewnętrznych podłączanych przez eSATA, co prawda antywirus nie pokazuje żadnej infekcji na tych dyskach, ale czy nie czai się tam coś przy tego typu wirusie? Log z wykonania skryptu wklejam poniżej bo coś się nie chce załadować All processes killed ========== OTL ========== Service tblphymjojafsi stopped successfully! Service tblphymjojafsi deleted successfully! c:\Windows\SysWOW64\tuoyqin.exe moved successfully. Registry value HKEY_USERS\S-1-5-21-3579702200-2269351193-524947640-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Canaveral deleted successfully. Registry value HKEY_USERS\S-1-5-21-3579702200-2269351193-524947640-1000\Software\Microsoft\Windows\CurrentVersion\Run\\M5T8QL3YW3 deleted successfully. Registry value HKEY_USERS\S-1-5-21-3579702200-2269351193-524947640-1000\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully. ========== FILES ========== C:\Program Files (x86)\Hbldvhyredee\Log\Visual folder moved successfully. C:\Program Files (x86)\Hbldvhyredee\Log\Text folder moved successfully. C:\Program Files (x86)\Hbldvhyredee\Log\Audio folder moved successfully. C:\Program Files (x86)\Hbldvhyredee\Log folder moved successfully. Folder move failed. C:\Program Files (x86)\Hbldvhyredee scheduled to be moved on reboot. C:\Windows\SysWow64\msrunrerm.dll moved successfully. C:\Users\Maciej\AppData\Local\TempAB1684.html moved successfully. C:\Users\Maciej\AppData\Local\Tempac2036.html moved successfully. C:\Users\Maciej\AppData\Local\TempaC2212.html moved successfully. C:\Users\Maciej\AppData\Local\TempaE1576.html moved successfully. C:\Users\Maciej\AppData\Local\TempaE1592.html moved successfully. C:\Users\Maciej\AppData\Local\TempAi1436.html moved successfully. C:\Users\Maciej\AppData\Local\TempaI2032.html moved successfully. C:\Users\Maciej\AppData\Local\TempaJ1832.html moved successfully. C:\Users\Maciej\AppData\Local\TempaM2816.html moved successfully. C:\Users\Maciej\AppData\Local\TempaN1596.html moved successfully. C:\Users\Maciej\AppData\Local\Tempao1552.html moved successfully. C:\Users\Maciej\AppData\Local\TempAo1644.html moved successfully. C:\Users\Maciej\AppData\Local\TempAp1408.html moved successfully. C:\Users\Maciej\AppData\Local\TempAP1944.html moved successfully. C:\Users\Maciej\AppData\Local\TempaP3472.html moved successfully. C:\Users\Maciej\AppData\Local\Tempaq2032.html moved successfully. C:\Users\Maciej\AppData\Local\TempAT1184.html moved successfully. C:\Users\Maciej\AppData\Local\TempaU1204.html moved successfully. C:\Users\Maciej\AppData\Local\TempaV1096.html moved successfully. C:\Users\Maciej\AppData\Local\Tempav1488.html moved successfully. C:\Users\Maciej\AppData\Local\TempB12408.html moved successfully. C:\Users\Maciej\AppData\Local\TempBC2812.html moved successfully. C:\Users\Maciej\AppData\Local\TempBE2300.html moved successfully. C:\Users\Maciej\AppData\Local\Tempbf1292.html moved successfully. C:\Users\Maciej\AppData\Local\TempBg1956.html moved successfully. C:\Users\Maciej\AppData\Local\Tempbi1088.html moved successfully. C:\Users\Maciej\AppData\Local\TempbJ3900.html moved successfully. C:\Users\Maciej\AppData\Local\Tempbk4536.html moved successfully. C:\Users\Maciej\AppData\Local\TempBO1208.html moved successfully. C:\Users\Maciej\AppData\Local\Tempbo2036.html moved successfully. C:\Users\Maciej\AppData\Local\Tempbp1812.html moved successfully. C:\Users\Maciej\AppData\Local\Tempbq3680.html moved successfully. C:\Users\Maciej\AppData\Local\TempbQ3904.html moved successfully. C:\Users\Maciej\AppData\Local\Tempbs2408.html moved successfully. C:\Users\Maciej\AppData\Local\TempbU1080.html moved successfully. C:\Users\Maciej\AppData\Local\TempbU1196.html moved successfully. C:\Users\Maciej\AppData\Local\TempBu1916.html moved successfully. C:\Users\Maciej\AppData\Local\Tempbu3124.html moved successfully. C:\Users\Maciej\AppData\Local\Tempbu4184.html moved successfully. C:\Users\Maciej\AppData\Local\TempBw3236.html moved successfully. C:\Users\Maciej\AppData\Local\Tempbz1224.html moved successfully. C:\Users\Maciej\AppData\Local\TempCb1528.html moved successfully. C:\Users\Maciej\AppData\Local\TempCb2212.html moved successfully. C:\Users\Maciej\AppData\Local\TempCB3900.html moved successfully. C:\Users\Maciej\AppData\Local\TempcDi412.html moved successfully. C:\Users\Maciej\AppData\Local\TempCE1584.html moved successfully. C:\Users\Maciej\AppData\Local\Tempce2896.html moved successfully. C:\Users\Maciej\AppData\Local\TempCF3608.html moved successfully. C:\Users\Maciej\AppData\Local\TempCI1656.html moved successfully. C:\Users\Maciej\AppData\Local\TempCi1852.html moved successfully. C:\Users\Maciej\AppData\Local\Tempcj1512.html moved successfully. C:\Users\Maciej\AppData\Local\TempCK1860.html moved successfully. C:\Users\Maciej\AppData\Local\TempCk3756.html moved successfully. C:\Users\Maciej\AppData\Local\TempcL2692.html moved successfully. C:\Users\Maciej\AppData\Local\TempCL2948.html moved successfully. C:\Users\Maciej\AppData\Local\TempcM1540.html moved successfully. C:\Users\Maciej\AppData\Local\Tempcm3056.html moved successfully. C:\Users\Maciej\AppData\Local\TempCM3808.html moved successfully. C:\Users\Maciej\AppData\Local\TempCN1436.html moved successfully. C:\Users\Maciej\AppData\Local\Tempcn3592.html moved successfully. C:\Users\Maciej\AppData\Local\TempCq3924.html moved successfully. C:\Users\Maciej\AppData\Local\Tempcr1848.html moved successfully. C:\Users\Maciej\AppData\Local\TempCU2956.html moved successfully. C:\Users\Maciej\AppData\Local\TempCw1092.html moved successfully. C:\Users\Maciej\AppData\Local\TempcW1612.html moved successfully. C:\Users\Maciej\AppData\Local\Tempcx1352.html moved successfully. C:\Users\Maciej\AppData\Local\TempcY2456.html moved successfully. C:\Users\Maciej\AppData\Local\TempcZ1856.html moved successfully. C:\Users\Maciej\AppData\Local\TempdA1852.html moved successfully. C:\Users\Maciej\AppData\Local\TempDa1864.html moved successfully. C:\Users\Maciej\AppData\Local\TempDA4040.html moved successfully. C:\Users\Maciej\AppData\Local\TempDB2032.html moved successfully. C:\Users\Maciej\AppData\Local\TempDC1048.html moved successfully. C:\Users\Maciej\AppData\Local\TempDe2704.html moved successfully. C:\Users\Maciej\AppData\Local\Tempdi1696.html moved successfully. C:\Users\Maciej\AppData\Local\TempdM5012.html moved successfully. C:\Users\Maciej\AppData\Local\TempDN2816.html moved successfully. C:\Users\Maciej\AppData\Local\TempDn3168.html moved successfully. C:\Users\Maciej\AppData\Local\TempDP3996.html moved successfully. C:\Users\Maciej\AppData\Local\TempdQ1164.html moved successfully. C:\Users\Maciej\AppData\Local\TempdR1956.html moved successfully. C:\Users\Maciej\AppData\Local\Tempdt1136.html moved successfully. C:\Users\Maciej\AppData\Local\TempdU1156.html moved successfully. C:\Users\Maciej\AppData\Local\Tempdu1192.html moved successfully. C:\Users\Maciej\AppData\Local\TempDU1580.html moved successfully. C:\Users\Maciej\AppData\Local\TempdU1864.html moved successfully. C:\Users\Maciej\AppData\Local\TempDV1496.html moved successfully. C:\Users\Maciej\AppData\Local\Tempdv1556.html moved successfully. C:\Users\Maciej\AppData\Local\TempDX1196.html moved successfully. C:\Users\Maciej\AppData\Local\TempdY1656.html moved successfully. C:\Users\Maciej\AppData\Local\Tempdz1204.html moved successfully. C:\Users\Maciej\AppData\Local\TempdZ1856.html moved successfully. C:\Users\Maciej\AppData\Local\TempDz1976.html moved successfully. C:\Users\Maciej\AppData\Local\TempdZ4012.html moved successfully. C:\Users\Maciej\AppData\Local\Tempea2748.html moved successfully. C:\Users\Maciej\AppData\Local\Tempea3280.html moved successfully. C:\Users\Maciej\AppData\Local\TempeB3168.html moved successfully. C:\Users\Maciej\AppData\Local\TempEc1632.html moved successfully. C:\Users\Maciej\AppData\Local\TempEC1996.html moved successfully. C:\Users\Maciej\AppData\Local\Tempee2096.html moved successfully. C:\Users\Maciej\AppData\Local\TempeG1012.html moved successfully. C:\Users\Maciej\AppData\Local\TempeH1084.html moved successfully. C:\Users\Maciej\AppData\Local\TempEH1988.html moved successfully. C:\Users\Maciej\AppData\Local\TempeH2692.html moved successfully. C:\Users\Maciej\AppData\Local\Tempei2300.html moved successfully. C:\Users\Maciej\AppData\Local\TempeI2456.html moved successfully. C:\Users\Maciej\AppData\Local\Tempek1472.html moved successfully. C:\Users\Maciej\AppData\Local\Tempek3888.html moved successfully. C:\Users\Maciej\AppData\Local\TempEN3720.html moved successfully. C:\Users\Maciej\AppData\Local\TempEo2044.html moved successfully. C:\Users\Maciej\AppData\Local\TempeO2892.html moved successfully. C:\Users\Maciej\AppData\Local\Tempep1184.html moved successfully. C:\Users\Maciej\AppData\Local\Tempep3492.html moved successfully. C:\Users\Maciej\AppData\Local\TempeR2032.html moved successfully. C:\Users\Maciej\AppData\Local\TempeU1700.html moved successfully. C:\Users\Maciej\AppData\Local\TempEU1732.html moved successfully. C:\Users\Maciej\AppData\Local\TempEv3100.html moved successfully. C:\Users\Maciej\AppData\Local\TempEW1456.html moved successfully. C:\Users\Maciej\AppData\Local\TempEx1204.html moved successfully. C:\Users\Maciej\AppData\Local\TempFa3152.html moved successfully. C:\Users\Maciej\AppData\Local\TempfB1084.html moved successfully. C:\Users\Maciej\AppData\Local\TempFb1168.html moved successfully. C:\Users\Maciej\AppData\Local\TempFd1448.html moved successfully. C:\Users\Maciej\AppData\Local\TempFE6292.html moved successfully. C:\Users\Maciej\AppData\Local\TempFg3160.html moved successfully. C:\Users\Maciej\AppData\Local\TempfI1544.html moved successfully. C:\Users\Maciej\AppData\Local\TempFj1352.html moved successfully. C:\Users\Maciej\AppData\Local\TempfJ1564.html moved successfully. C:\Users\Maciej\AppData\Local\TempFK1076.html moved successfully. C:\Users\Maciej\AppData\Local\TempFk1124.html moved successfully. C:\Users\Maciej\AppData\Local\TempfK3184.html moved successfully. C:\Users\Maciej\AppData\Local\TempFk4008.html moved successfully. C:\Users\Maciej\AppData\Local\Tempfn2216.html moved successfully. C:\Users\Maciej\AppData\Local\TempfO1136.html moved successfully. C:\Users\Maciej\AppData\Local\Tempfp1592.html moved successfully. C:\Users\Maciej\AppData\Local\TempfQ1784.html moved successfully. C:\Users\Maciej\AppData\Local\TempfR1012.html moved successfully. C:\Users\Maciej\AppData\Local\TempFS6412.html moved successfully. C:\Users\Maciej\AppData\Local\TempFT1960.html moved successfully. C:\Users\Maciej\AppData\Local\TempFt3304.html moved successfully. C:\Users\Maciej\AppData\Local\TempFT3780.html moved successfully. C:\Users\Maciej\AppData\Local\Tempft4028.html moved successfully. C:\Users\Maciej\AppData\Local\TempFw1980.html moved successfully. C:\Users\Maciej\AppData\Local\Tempfx3492.html moved successfully. C:\Users\Maciej\AppData\Local\TempFx3696.html moved successfully. C:\Users\Maciej\AppData\Local\Tempg11032.html moved successfully. C:\Users\Maciej\AppData\Local\Tempg12408.html moved successfully. C:\Users\Maciej\AppData\Local\TempGC2036.html moved successfully. C:\Users\Maciej\AppData\Local\Tempgd3000.html moved successfully. C:\Users\Maciej\AppData\Local\TempgE1528.html moved successfully. C:\Users\Maciej\AppData\Local\TempgE1868.html moved successfully. C:\Users\Maciej\AppData\Local\Tempgf4068.html moved successfully. C:\Users\Maciej\AppData\Local\TempgG1076.html moved successfully. C:\Users\Maciej\AppData\Local\Tempgg1700.html moved successfully. C:\Users\Maciej\AppData\Local\Tempgk9372.html moved successfully. C:\Users\Maciej\AppData\Local\TempGl1152.html moved successfully. C:\Users\Maciej\AppData\Local\TempGl1352.html moved successfully. C:\Users\Maciej\AppData\Local\Tempgo1668.html moved successfully. C:\Users\Maciej\AppData\Local\TempGP1712.html moved successfully. C:\Users\Maciej\AppData\Local\TempgP3656.html moved successfully. C:\Users\Maciej\AppData\Local\Tempgp3788.html moved successfully. C:\Users\Maciej\AppData\Local\TempgQ1112.html moved successfully. C:\Users\Maciej\AppData\Local\TempgQ1960.html moved successfully. C:\Users\Maciej\AppData\Local\TempGr2880.html moved successfully. C:\Users\Maciej\AppData\Local\TempGS3764.html moved successfully. C:\Users\Maciej\AppData\Local\Tempgt2956.html moved successfully. C:\Users\Maciej\AppData\Local\TempgU1292.html moved successfully. C:\Users\Maciej\AppData\Local\Tempgu1988.html moved successfully. C:\Users\Maciej\AppData\Local\Tempgu2264.html moved successfully. C:\Users\Maciej\AppData\Local\TempGu3184.html moved successfully. C:\Users\Maciej\AppData\Local\TempgU3764.html moved successfully. C:\Users\Maciej\AppData\Local\Tempgv3092.html moved successfully. C:\Users\Maciej\AppData\Local\TempgW2924.html moved successfully. C:\Users\Maciej\AppData\Local\TempGX1064.html moved successfully. C:\Users\Maciej\AppData\Local\TempgX1580.html moved successfully. C:\Users\Maciej\AppData\Local\TempGy1492.html moved successfully. C:\Users\Maciej\AppData\Local\TempGy2924.html moved successfully. C:\Users\Maciej\AppData\Local\TempHA2000.html moved successfully. C:\Users\Maciej\AppData\Local\TemphB1556.html moved successfully. C:\Users\Maciej\AppData\Local\TemphB1572.html moved successfully. C:\Users\Maciej\AppData\Local\Temphd1408.html moved successfully. C:\Users\Maciej\AppData\Local\TempHd1556.html moved successfully. C:\Users\Maciej\AppData\Local\TempHD3900.html moved successfully. C:\Users\Maciej\AppData\Local\TempHE1596.html moved successfully. C:\Users\Maciej\AppData\Local\Temphf1560.html moved successfully. C:\Users\Maciej\AppData\Local\TemphI1644.html moved successfully. C:\Users\Maciej\AppData\Local\TempHk1320.html moved successfully. C:\Users\Maciej\AppData\Local\Temphk1640.html moved successfully. C:\Users\Maciej\AppData\Local\Temphm1180.html moved successfully. C:\Users\Maciej\AppData\Local\TempHO4604.html moved successfully. C:\Users\Maciej\AppData\Local\TempHq1572.html moved successfully. C:\Users\Maciej\AppData\Local\TempHQ3068.html moved successfully. C:\Users\Maciej\AppData\Local\TempHs1180.html moved successfully. C:\Users\Maciej\AppData\Local\TempHs3044.html moved successfully. C:\Users\Maciej\AppData\Local\Tempht1680.html moved successfully. C:\Users\Maciej\AppData\Local\TemphT1816.html moved successfully. C:\Users\Maciej\AppData\Local\TempHu1752.html moved successfully. C:\Users\Maciej\AppData\Local\TempHX1208.html moved successfully. C:\Users\Maciej\AppData\Local\TemphX1236.html moved successfully. C:\Users\Maciej\AppData\Local\TempHy1596.html moved successfully. C:\Users\Maciej\AppData\Local\TempHYD908.html moved successfully. C:\Users\Maciej\AppData\Local\TemphZ2496.html moved successfully. C:\Users\Maciej\AppData\Local\TempI10232.html moved successfully. C:\Users\Maciej\AppData\Local\TempIa1496.html moved successfully. C:\Users\Maciej\AppData\Local\Tempia3612.html moved successfully. C:\Users\Maciej\AppData\Local\Tempia4536.html moved successfully. C:\Users\Maciej\AppData\Local\TempIB6680.html moved successfully. C:\Users\Maciej\AppData\Local\TempiG1584.html moved successfully. C:\Users\Maciej\AppData\Local\Tempig3984.html moved successfully. C:\Users\Maciej\AppData\Local\TempiH3304.html moved successfully. C:\Users\Maciej\AppData\Local\TempII1484.html moved successfully. C:\Users\Maciej\AppData\Local\Tempii2000.html moved successfully. C:\Users\Maciej\AppData\Local\Tempii3052.html moved successfully. C:\Users\Maciej\AppData\Local\TempII3808.html moved successfully. C:\Users\Maciej\AppData\Local\TempIj1576.html moved successfully. C:\Users\Maciej\AppData\Local\Tempil3680.html moved successfully. C:\Users\Maciej\AppData\Local\TempIm1076.html moved successfully. C:\Users\Maciej\AppData\Local\TempIM1824.html moved successfully. C:\Users\Maciej\AppData\Local\TempIn1312.html moved successfully. C:\Users\Maciej\AppData\Local\Tempio1200.html moved successfully. C:\Users\Maciej\AppData\Local\Tempio1728.html moved successfully. C:\Users\Maciej\AppData\Local\Tempip1076.html moved successfully. C:\Users\Maciej\AppData\Local\TempiR1384.html moved successfully. C:\Users\Maciej\AppData\Local\TempIS1976.html moved successfully. C:\Users\Maciej\AppData\Local\TempIT1092.html moved successfully. C:\Users\Maciej\AppData\Local\Tempiv1248.html moved successfully. C:\Users\Maciej\AppData\Local\TempiW3828.html moved successfully. C:\Users\Maciej\AppData\Local\TempIX1008.html moved successfully. C:\Users\Maciej\AppData\Local\TempIx1560.html moved successfully. C:\Users\Maciej\AppData\Local\Tempiys612.html moved successfully. C:\Users\Maciej\AppData\Local\TempIz1236.html moved successfully. C:\Users\Maciej\AppData\Local\TempiZ3280.html moved successfully. C:\Users\Maciej\AppData\Local\TempJA4044.html moved successfully. C:\Users\Maciej\AppData\Local\TempJB1672.html moved successfully. C:\Users\Maciej\AppData\Local\TempJb1976.html moved successfully. C:\Users\Maciej\AppData\Local\TempJd1672.html moved successfully. C:\Users\Maciej\AppData\Local\TempJd2016.html moved successfully. C:\Users\Maciej\AppData\Local\TempJd4028.html moved successfully. C:\Users\Maciej\AppData\Local\Tempjf1076.html moved successfully. C:\Users\Maciej\AppData\Local\TempJF1816.html moved successfully. C:\Users\Maciej\AppData\Local\Tempjf3696.html moved successfully. C:\Users\Maciej\AppData\Local\TempjF6412.html moved successfully. C:\Users\Maciej\AppData\Local\TempJg1484.html moved successfully. C:\Users\Maciej\AppData\Local\TempjH3756.html moved successfully. C:\Users\Maciej\AppData\Local\TempJHo928.html moved successfully. C:\Users\Maciej\AppData\Local\TempJj1740.html moved successfully. C:\Users\Maciej\AppData\Local\Tempjj1944.html moved successfully. C:\Users\Maciej\AppData\Local\TempJj2032.html moved successfully. C:\Users\Maciej\AppData\Local\Tempjk3832.html moved successfully. C:\Users\Maciej\AppData\Local\TempjL1708.html moved successfully. C:\Users\Maciej\AppData\Local\TempJm2000.html moved successfully. C:\Users\Maciej\AppData\Local\Tempjm2024.html moved successfully. C:\Users\Maciej\AppData\Local\TempJM3268.html moved successfully. C:\Users\Maciej\AppData\Local\TempJm6940.html moved successfully. C:\Users\Maciej\AppData\Local\TempJq1076.html moved successfully. C:\Users\Maciej\AppData\Local\TempJq1308.html moved successfully. C:\Users\Maciej\AppData\Local\TempJs1196.html moved successfully. C:\Users\Maciej\AppData\Local\TempJS3236.html moved successfully. C:\Users\Maciej\AppData\Local\TempjT1572.html moved successfully. C:\Users\Maciej\AppData\Local\TempJv1600.html moved successfully. C:\Users\Maciej\AppData\Local\TempjW2040.html moved successfully. C:\Users\Maciej\AppData\Local\TempjX1076.html moved successfully. C:\Users\Maciej\AppData\Local\TempjX1580.html moved successfully. C:\Users\Maciej\AppData\Local\TempjX2024.html moved successfully. C:\Users\Maciej\AppData\Local\TempJX5308.html moved successfully. C:\Users\Maciej\AppData\Local\Tempjy1232.html moved successfully. C:\Users\Maciej\AppData\Local\Tempjy1720.html moved successfully. C:\Users\Maciej\AppData\Local\Tempjy1896.html moved successfully. C:\Users\Maciej\AppData\Local\TempJy1900.html moved successfully. C:\Users\Maciej\AppData\Local\TempjZ1968.html moved successfully. C:\Users\Maciej\AppData\Local\TempKa1484.html moved successfully. C:\Users\Maciej\AppData\Local\TempKb3788.html moved successfully. C:\Users\Maciej\AppData\Local\TempkC2692.html moved successfully. C:\Users\Maciej\AppData\Local\TempKE1700.html moved successfully. C:\Users\Maciej\AppData\Local\TempkE3044.html moved successfully. C:\Users\Maciej\AppData\Local\Tempke3756.html moved successfully. C:\Users\Maciej\AppData\Local\TempKF1828.html moved successfully. C:\Users\Maciej\AppData\Local\Tempkf2892.html moved successfully. C:\Users\Maciej\AppData\Local\TempKi1708.html moved successfully. C:\Users\Maciej\AppData\Local\Tempkj1580.html moved successfully. C:\Users\Maciej\AppData\Local\TempkJ3120.html moved successfully. C:\Users\Maciej\AppData\Local\TempkK1192.html moved successfully. C:\Users\Maciej\AppData\Local\TempKl1180.html moved successfully. C:\Users\Maciej\AppData\Local\TempKL1196.html moved successfully. C:\Users\Maciej\AppData\Local\Tempkl1588.html moved successfully. C:\Users\Maciej\AppData\Local\TempKM1640.html moved successfully. C:\Users\Maciej\AppData\Local\TempKn1420.html moved successfully. C:\Users\Maciej\AppData\Local\TempKN1732.html moved successfully. C:\Users\Maciej\AppData\Local\TempKp1580.html moved successfully. C:\Users\Maciej\AppData\Local\TempkP3764.html moved successfully. C:\Users\Maciej\AppData\Local\TempkR1552.html moved successfully. C:\Users\Maciej\AppData\Local\Tempks1468.html moved successfully. C:\Users\Maciej\AppData\Local\TempkU1704.html moved successfully. C:\Users\Maciej\AppData\Local\TempKu1720.html moved successfully. C:\Users\Maciej\AppData\Local\Tempkv1804.html moved successfully. C:\Users\Maciej\AppData\Local\TempkV3924.html moved successfully. C:\Users\Maciej\AppData\Local\TempKw1196.html moved successfully. C:\Users\Maciej\AppData\Local\Tempky1556.html moved successfully. C:\Users\Maciej\AppData\Local\TempKy1720.html moved successfully. C:\Users\Maciej\AppData\Local\TempkY2024.html moved successfully. C:\Users\Maciej\AppData\Local\TempKy2208.html moved successfully. C:\Users\Maciej\AppData\Local\TempkY6292.html moved successfully. C:\Users\Maciej\AppData\Local\Tempkz1584.html moved successfully. C:\Users\Maciej\AppData\Local\TempKz3700.html moved successfully. C:\Users\Maciej\AppData\Local\Templa2044.html moved successfully. C:\Users\Maciej\AppData\Local\Templa3160.html moved successfully. C:\Users\Maciej\AppData\Local\TempLc1340.html moved successfully. C:\Users\Maciej\AppData\Local\TemplC2876.html moved successfully. C:\Users\Maciej\AppData\Local\Templcb912.html moved successfully. C:\Users\Maciej\AppData\Local\TempLD2024.html moved successfully. C:\Users\Maciej\AppData\Local\TemplF1536.html moved successfully. C:\Users\Maciej\AppData\Local\TemplF1752.html moved successfully. C:\Users\Maciej\AppData\Local\TempLF2000.html moved successfully. C:\Users\Maciej\AppData\Local\TempLF2036.html moved successfully. C:\Users\Maciej\AppData\Local\Templg2308.html moved successfully. C:\Users\Maciej\AppData\Local\Templh1076.html moved successfully. C:\Users\Maciej\AppData\Local\Templi1996.html moved successfully. C:\Users\Maciej\AppData\Local\Templj2000.html moved successfully. C:\Users\Maciej\AppData\Local\TempLk1824.html moved successfully. C:\Users\Maciej\AppData\Local\TemplM1916.html moved successfully. C:\Users\Maciej\AppData\Local\TempLm2552.html moved successfully. C:\Users\Maciej\AppData\Local\TemplmX412.html moved successfully. C:\Users\Maciej\AppData\Local\TempLN1496.html moved successfully. C:\Users\Maciej\AppData\Local\TemplN1548.html moved successfully. C:\Users\Maciej\AppData\Local\TempLO1560.html moved successfully. C:\Users\Maciej\AppData\Local\TempLP1656.html moved successfully. C:\Users\Maciej\AppData\Local\Templp3068.html moved successfully. C:\Users\Maciej\AppData\Local\TemplQ2000.html moved successfully. C:\Users\Maciej\AppData\Local\Templr1344.html moved successfully. C:\Users\Maciej\AppData\Local\TemplR3008.html moved successfully. C:\Users\Maciej\AppData\Local\TempLu1308.html moved successfully. C:\Users\Maciej\AppData\Local\TempLU3828.html moved successfully. C:\Users\Maciej\AppData\Local\Templv1804.html moved successfully. C:\Users\Maciej\AppData\Local\TempLW1900.html moved successfully. C:\Users\Maciej\AppData\Local\TemplY1896.html moved successfully. C:\Users\Maciej\AppData\Local\TemplZ1192.html moved successfully. C:\Users\Maciej\AppData\Local\TemplZ1740.html moved successfully. C:\Users\Maciej\AppData\Local\TempMb1564.html moved successfully. C:\Users\Maciej\AppData\Local\Tempmd3700.html moved successfully. C:\Users\Maciej\AppData\Local\TempMe1552.html moved successfully. C:\Users\Maciej\AppData\Local\Tempme2044.html moved successfully. C:\Users\Maciej\AppData\Local\TempMf1216.html moved successfully. C:\Users\Maciej\AppData\Local\Tempmg2044.html moved successfully. C:\Users\Maciej\AppData\Local\TempMI1220.html moved successfully. C:\Users\Maciej\AppData\Local\TempMJ4224.html moved successfully. C:\Users\Maciej\AppData\Local\TempMK2040.html moved successfully. C:\Users\Maciej\AppData\Local\TempmK2948.html moved successfully. C:\Users\Maciej\AppData\Local\Tempmk9868.html moved successfully. C:\Users\Maciej\AppData\Local\Tempmm1868.html moved successfully. C:\Users\Maciej\AppData\Local\Tempmm1880.html moved successfully. C:\Users\Maciej\AppData\Local\TempmM2044.html moved successfully. C:\Users\Maciej\AppData\Local\Tempmn3484.html moved successfully. C:\Users\Maciej\AppData\Local\TempMP1124.html moved successfully. C:\Users\Maciej\AppData\Local\Tempmp1544.html moved successfully. C:\Users\Maciej\AppData\Local\TempMP2900.html moved successfully. C:\Users\Maciej\AppData\Local\Tempmp5308.html moved successfully. C:\Users\Maciej\AppData\Local\TempmQ1232.html moved successfully. C:\Users\Maciej\AppData\Local\Tempms1720.html moved successfully. C:\Users\Maciej\AppData\Local\TempMT2948.html moved successfully. C:\Users\Maciej\AppData\Local\TempMu1084.html moved successfully. C:\Users\Maciej\AppData\Local\TempmU1576.html moved successfully. C:\Users\Maciej\AppData\Local\TempmuM312.html moved successfully. C:\Users\Maciej\AppData\Local\Tempmv1848.html moved successfully. C:\Users\Maciej\AppData\Local\TempmV1956.html moved successfully. C:\Users\Maciej\AppData\Local\TempMw1240.html moved successfully. C:\Users\Maciej\AppData\Local\TempmW3592.html moved successfully. C:\Users\Maciej\AppData\Local\Tempn12872.html moved successfully. C:\Users\Maciej\AppData\Local\Tempnb1900.html moved successfully. C:\Users\Maciej\AppData\Local\Tempnc2900.html moved successfully. C:\Users\Maciej\AppData\Local\TempnD1856.html moved successfully. C:\Users\Maciej\AppData\Local\TempnD2012.html moved successfully. C:\Users\Maciej\AppData\Local\Tempne1720.html moved successfully. C:\Users\Maciej\AppData\Local\TempnE1960.html moved successfully. C:\Users\Maciej\AppData\Local\TempNE3056.html moved successfully. C:\Users\Maciej\AppData\Local\TempNe3268.html moved successfully. C:\Users\Maciej\AppData\Local\TempNg2552.html moved successfully. C:\Users\Maciej\AppData\Local\TempnH1848.html moved successfully. C:\Users\Maciej\AppData\Local\Tempnj2268.html moved successfully. C:\Users\Maciej\AppData\Local\Tempnk1344.html moved successfully. C:\Users\Maciej\AppData\Local\TempnK1560.html moved successfully. C:\Users\Maciej\AppData\Local\TempnK3152.html moved successfully. C:\Users\Maciej\AppData\Local\TempNL1828.html moved successfully. C:\Users\Maciej\AppData\Local\Tempnm1088.html moved successfully. C:\Users\Maciej\AppData\Local\TempNM1196.html moved successfully. C:\Users\Maciej\AppData\Local\TempNM3588.html moved successfully. C:\Users\Maciej\AppData\Local\TempNM3756.html moved successfully. C:\Users\Maciej\AppData\Local\TempNN3992.html moved successfully. C:\Users\Maciej\AppData\Local\TempNP1156.html moved successfully. C:\Users\Maciej\AppData\Local\TempNq1580.html moved successfully. C:\Users\Maciej\AppData\Local\TempNr2500.html moved successfully. C:\Users\Maciej\AppData\Local\TempNs1524.html moved successfully. C:\Users\Maciej\AppData\Local\TempNT1684.html moved successfully. C:\Users\Maciej\AppData\Local\TempnU1240.html moved successfully. C:\Users\Maciej\AppData\Local\TempNU1540.html moved successfully. C:\Users\Maciej\AppData\Local\TempnW1468.html moved successfully. C:\Users\Maciej\AppData\Local\TempNX1832.html moved successfully. C:\Users\Maciej\AppData\Local\TempNY1536.html moved successfully. C:\Users\Maciej\AppData\Local\TempNZ2876.html moved successfully. C:\Users\Maciej\AppData\Local\Tempo11032.html moved successfully. C:\Users\Maciej\AppData\Local\TempOa2032.html moved successfully. C:\Users\Maciej\AppData\Local\TempoB1472.html moved successfully. C:\Users\Maciej\AppData\Local\TempOf1756.html moved successfully. C:\Users\Maciej\AppData\Local\Tempog1152.html moved successfully. C:\Users\Maciej\AppData\Local\TempOg1212.html moved successfully. C:\Users\Maciej\AppData\Local\TempOh2096.html moved successfully. C:\Users\Maciej\AppData\Local\Tempoh4068.html moved successfully. C:\Users\Maciej\AppData\Local\TempOi3224.html moved successfully. C:\Users\Maciej\AppData\Local\Tempoi3400.html moved successfully. C:\Users\Maciej\AppData\Local\TempoJ1568.html moved successfully. C:\Users\Maciej\AppData\Local\TempoM1916.html moved successfully. C:\Users\Maciej\AppData\Local\TempOO1108.html moved successfully. C:\Users\Maciej\AppData\Local\TempOO2168.html moved successfully. C:\Users\Maciej\AppData\Local\TempOp1312.html moved successfully. C:\Users\Maciej\AppData\Local\TempoP3256.html moved successfully. C:\Users\Maciej\AppData\Local\TempOq1992.html moved successfully. C:\Users\Maciej\AppData\Local\TempOR3888.html moved successfully. C:\Users\Maciej\AppData\Local\TempOR4044.html moved successfully. C:\Users\Maciej\AppData\Local\TempOT1696.html moved successfully. C:\Users\Maciej\AppData\Local\TempOt1700.html moved successfully. C:\Users\Maciej\AppData\Local\TempOu3564.html moved successfully. C:\Users\Maciej\AppData\Local\TempOV1008.html moved successfully. C:\Users\Maciej\AppData\Local\Tempox1848.html moved successfully. C:\Users\Maciej\AppData\Local\TempoX1916.html moved successfully. C:\Users\Maciej\AppData\Local\TempoY1196.html moved successfully. C:\Users\Maciej\AppData\Local\TempOy1528.html moved successfully. C:\Users\Maciej\AppData\Local\TempoZ1700.html moved successfully. C:\Users\Maciej\AppData\Local\TemppA1248.html moved successfully. C:\Users\Maciej\AppData\Local\TemppC2812.html moved successfully. C:\Users\Maciej\AppData\Local\TempPE1804.html moved successfully. C:\Users\Maciej\AppData\Local\TempPf1148.html moved successfully. C:\Users\Maciej\AppData\Local\Temppf1176.html moved successfully. C:\Users\Maciej\AppData\Local\TempPf3304.html moved successfully. C:\Users\Maciej\AppData\Local\TemppG1884.html moved successfully. C:\Users\Maciej\AppData\Local\TemppH1828.html moved successfully. C:\Users\Maciej\AppData\Local\TempPI2044.html moved successfully. C:\Users\Maciej\AppData\Local\TempPJ2924.html moved successfully. C:\Users\Maciej\AppData\Local\TempPJ3444.html moved successfully. C:\Users\Maciej\AppData\Local\TempPK1236.html moved successfully. C:\Users\Maciej\AppData\Local\Temppk1628.html moved successfully. C:\Users\Maciej\AppData\Local\TempPL3048.html moved successfully. C:\Users\Maciej\AppData\Local\Temppm1804.html moved successfully. C:\Users\Maciej\AppData\Local\Temppn1212.html moved successfully. C:\Users\Maciej\AppData\Local\TemppO1548.html moved successfully. C:\Users\Maciej\AppData\Local\Temppoh612.html moved successfully. C:\Users\Maciej\AppData\Local\Temppp1304.html moved successfully. C:\Users\Maciej\AppData\Local\TempPp1628.html moved successfully. C:\Users\Maciej\AppData\Local\Temppq2208.html moved successfully. C:\Users\Maciej\AppData\Local\TemppT3984.html moved successfully. C:\Users\Maciej\AppData\Local\TempPU1732.html moved successfully. C:\Users\Maciej\AppData\Local\TemppV3276.html moved successfully. C:\Users\Maciej\AppData\Local\TemppW1060.html moved successfully. C:\Users\Maciej\AppData\Local\TempPX3428.html moved successfully. C:\Users\Maciej\AppData\Local\TempPz1352.html moved successfully. C:\Users\Maciej\AppData\Local\Temppz2040.html moved successfully. C:\Users\Maciej\AppData\Local\TemppZ3544.html moved successfully. C:\Users\Maciej\AppData\Local\TempQB2044.html moved successfully. C:\Users\Maciej\AppData\Local\Tempqc1048.html moved successfully. C:\Users\Maciej\AppData\Local\Tempqc1992.html moved successfully. C:\Users\Maciej\AppData\Local\TempQE1556.html moved successfully. C:\Users\Maciej\AppData\Local\TempqE3904.html moved successfully. C:\Users\Maciej\AppData\Local\Tempqg1956.html moved successfully. C:\Users\Maciej\AppData\Local\TempqH1576.html moved successfully. C:\Users\Maciej\AppData\Local\TempQi1196.html moved successfully. C:\Users\Maciej\AppData\Local\TempqJ3124.html moved successfully. C:\Users\Maciej\AppData\Local\TempqK2308.html moved successfully. C:\Users\Maciej\AppData\Local\Tempqk3900.html moved successfully. C:\Users\Maciej\AppData\Local\Tempql3608.html moved successfully. C:\Users\Maciej\AppData\Local\TempqO1588.html moved successfully. C:\Users\Maciej\AppData\Local\TempQp1592.html moved successfully. C:\Users\Maciej\AppData\Local\TempQQ1088.html moved successfully. C:\Users\Maciej\AppData\Local\TempQr1068.html moved successfully. C:\Users\Maciej\AppData\Local\TempqTq908.html moved successfully. C:\Users\Maciej\AppData\Local\TempQv3276.html moved successfully. C:\Users\Maciej\AppData\Local\TempQv9868.html moved successfully. C:\Users\Maciej\AppData\Local\TempQw1300.html moved successfully. C:\Users\Maciej\AppData\Local\TempQX6680.html moved successfully. C:\Users\Maciej\AppData\Local\TempQy1200.html moved successfully. C:\Users\Maciej\AppData\Local\TempQy1724.html moved successfully. C:\Users\Maciej\AppData\Local\TempQZ1088.html moved successfully. C:\Users\Maciej\AppData\Local\Tempr12872.html moved successfully. C:\Users\Maciej\AppData\Local\Tempra1888.html moved successfully. C:\Users\Maciej\AppData\Local\TemprF1200.html moved successfully. C:\Users\Maciej\AppData\Local\Temprf1652.html moved successfully. C:\Users\Maciej\AppData\Local\TemprF1960.html moved successfully. C:\Users\Maciej\AppData\Local\TempRH1616.html moved successfully. C:\Users\Maciej\AppData\Local\TempRi1572.html moved successfully. C:\Users\Maciej\AppData\Local\TempRi1716.html moved successfully. C:\Users\Maciej\AppData\Local\TemprI2168.html moved successfully. C:\Users\Maciej\AppData\Local\TempRi3184.html moved successfully. C:\Users\Maciej\AppData\Local\TempRJ1524.html moved successfully. C:\Users\Maciej\AppData\Local\TempRJ1824.html moved successfully. C:\Users\Maciej\AppData\Local\TempRk3100.html moved successfully. C:\Users\Maciej\AppData\Local\TempRk3764.html moved successfully. C:\Users\Maciej\AppData\Local\Temprl1524.html moved successfully. C:\Users\Maciej\AppData\Local\Temprl1936.html moved successfully. C:\Users\Maciej\AppData\Local\TempRM1724.html moved successfully. C:\Users\Maciej\AppData\Local\TemprM1784.html moved successfully. C:\Users\Maciej\AppData\Local\TemprM2928.html moved successfully. C:\Users\Maciej\AppData\Local\TemprM4040.html moved successfully. C:\Users\Maciej\AppData\Local\TemprO2224.html moved successfully. C:\Users\Maciej\AppData\Local\TempRO2420.html moved successfully. C:\Users\Maciej\AppData\Local\TempRo3656.html moved successfully. C:\Users\Maciej\AppData\Local\TempRQ2796.html moved successfully. C:\Users\Maciej\AppData\Local\Temprr2552.html moved successfully. C:\Users\Maciej\AppData\Local\TempRs3940.html moved successfully. C:\Users\Maciej\AppData\Local\Temprt3032.html moved successfully. C:\Users\Maciej\AppData\Local\TemprU3120.html moved successfully. C:\Users\Maciej\AppData\Local\TemprU3996.html moved successfully. C:\Users\Maciej\AppData\Local\Temprv1580.html moved successfully. C:\Users\Maciej\AppData\Local\TempRV2040.html moved successfully. C:\Users\Maciej\AppData\Local\Temprw1528.html moved successfully. C:\Users\Maciej\AppData\Local\TempRx2748.html moved successfully. C:\Users\Maciej\AppData\Local\Tempsb1544.html moved successfully. C:\Users\Maciej\AppData\Local\TempSC1112.html moved successfully. C:\Users\Maciej\AppData\Local\TempSG3992.html moved successfully. C:\Users\Maciej\AppData\Local\TempSi1180.html moved successfully. C:\Users\Maciej\AppData\Local\TempSi2216.html moved successfully. C:\Users\Maciej\AppData\Local\TempSk1152.html moved successfully. C:\Users\Maciej\AppData\Local\TempsL1080.html moved successfully. C:\Users\Maciej\AppData\Local\TempSL1684.html moved successfully. C:\Users\Maciej\AppData\Local\TempSL4012.html moved successfully. C:\Users\Maciej\AppData\Local\TempSl4044.html moved successfully. C:\Users\Maciej\AppData\Local\TempSM3780.html moved successfully. C:\Users\Maciej\AppData\Local\Tempsp1168.html moved successfully. C:\Users\Maciej\AppData\Local\TempsP2880.html moved successfully. C:\Users\Maciej\AppData\Local\Tempsq1720.html moved successfully. C:\Users\Maciej\AppData\Local\TempSr1564.html moved successfully. C:\Users\Maciej\AppData\Local\TempsR2016.html moved successfully. C:\Users\Maciej\AppData\Local\TempsT1156.html moved successfully. C:\Users\Maciej\AppData\Local\Tempst3008.html moved successfully. C:\Users\Maciej\AppData\Local\Tempsuv812.html moved successfully. C:\Users\Maciej\AppData\Local\TempsX2496.html moved successfully. C:\Users\Maciej\AppData\Local\TempSX2500.html moved successfully. C:\Users\Maciej\AppData\Local\Tempsz2928.html moved successfully. C:\Users\Maciej\AppData\Local\TempSz3564.html moved successfully. C:\Users\Maciej\AppData\Local\TemptA1656.html moved successfully. C:\Users\Maciej\AppData\Local\Temptb1256.html moved successfully. C:\Users\Maciej\AppData\Local\Temptb3676.html moved successfully. C:\Users\Maciej\AppData\Local\TempTC3444.html moved successfully. C:\Users\Maciej\AppData\Local\Temptd2372.html moved successfully. C:\Users\Maciej\AppData\Local\TemptD3544.html moved successfully. C:\Users\Maciej\AppData\Local\TemptH1060.html moved successfully. C:\Users\Maciej\AppData\Local\Tempth4604.html moved successfully. C:\Users\Maciej\AppData\Local\TempTJ2020.html moved successfully. C:\Users\Maciej\AppData\Local\TempTJ3484.html moved successfully. C:\Users\Maciej\AppData\Local\Temptk3224.html moved successfully. C:\Users\Maciej\AppData\Local\TemptKl312.html moved successfully. C:\Users\Maciej\AppData\Local\TempTl1196.html moved successfully. C:\Users\Maciej\AppData\Local\TempTl2692.html moved successfully. C:\Users\Maciej\AppData\Local\Temptm2948.html moved successfully. C:\Users\Maciej\AppData\Local\TempTn2012.html moved successfully. C:\Users\Maciej\AppData\Local\TemptR1756.html moved successfully. C:\Users\Maciej\AppData\Local\TempTR1888.html moved successfully. C:\Users\Maciej\AppData\Local\TemptR3588.html moved successfully. C:\Users\Maciej\AppData\Local\Tempts3184.html moved successfully. C:\Users\Maciej\AppData\Local\TemptS3648.html moved successfully. C:\Users\Maciej\AppData\Local\TempTu2420.html moved successfully. C:\Users\Maciej\AppData\Local\Temptv1648.html moved successfully. C:\Users\Maciej\AppData\Local\Temptw1052.html moved successfully. C:\Users\Maciej\AppData\Local\Temptw2896.html moved successfully. C:\Users\Maciej\AppData\Local\TempTx3048.html moved successfully. C:\Users\Maciej\AppData\Local\TempTy1196.html moved successfully. C:\Users\Maciej\AppData\Local\TemptY2024.html moved successfully. C:\Users\Maciej\AppData\Local\Tempub1584.html moved successfully. C:\Users\Maciej\AppData\Local\TempuB2372.html moved successfully. C:\Users\Maciej\AppData\Local\TempUD3184.html moved successfully. C:\Users\Maciej\AppData\Local\TempUE2384.html moved successfully. C:\Users\Maciej\AppData\Local\TempUf1084.html moved successfully. C:\Users\Maciej\AppData\Local\TempUG1176.html moved successfully. C:\Users\Maciej\AppData\Local\TempUg1812.html moved successfully. C:\Users\Maciej\AppData\Local\TempuG4224.html moved successfully. C:\Users\Maciej\AppData\Local\TempUH1308.html moved successfully. C:\Users\Maciej\AppData\Local\Tempuh1540.html moved successfully. C:\Users\Maciej\AppData\Local\TempuH1644.html moved successfully. C:\Users\Maciej\AppData\Local\TempUj1192.html moved successfully. C:\Users\Maciej\AppData\Local\Tempuk2016.html moved successfully. C:\Users\Maciej\AppData\Local\Tempun1656.html moved successfully. C:\Users\Maciej\AppData\Local\TempUs3832.html moved successfully. C:\Users\Maciej\AppData\Local\TempUU2024.html moved successfully. C:\Users\Maciej\AppData\Local\TempUV2016.html moved successfully. C:\Users\Maciej\AppData\Local\TempUv2924.html moved successfully. C:\Users\Maciej\AppData\Local\TempUW1156.html moved successfully. C:\Users\Maciej\AppData\Local\Tempuw1304.html moved successfully. C:\Users\Maciej\AppData\Local\TempUW1496.html moved successfully. C:\Users\Maciej\AppData\Local\TempUY1492.html moved successfully. C:\Users\Maciej\AppData\Local\TempUZ1956.html moved successfully. C:\Users\Maciej\AppData\Local\TempuZ1980.html moved successfully. C:\Users\Maciej\AppData\Local\Tempva1148.html moved successfully. C:\Users\Maciej\AppData\Local\Tempva1600.html moved successfully. C:\Users\Maciej\AppData\Local\TempvB1260.html moved successfully. C:\Users\Maciej\AppData\Local\TempVc3304.html moved successfully. C:\Users\Maciej\AppData\Local\Tempvh3564.html moved successfully. C:\Users\Maciej\AppData\Local\Tempvi3172.html moved successfully. C:\Users\Maciej\AppData\Local\Tempvi3428.html moved successfully. C:\Users\Maciej\AppData\Local\TempVK1256.html moved successfully. C:\Users\Maciej\AppData\Local\TempvMA812.html moved successfully. C:\Users\Maciej\AppData\Local\TempvN1236.html moved successfully. C:\Users\Maciej\AppData\Local\TempvN3032.html moved successfully. C:\Users\Maciej\AppData\Local\TempvO3388.html moved successfully. C:\Users\Maciej\AppData\Local\TempVp1076.html moved successfully. C:\Users\Maciej\AppData\Local\Tempvp1308.html moved successfully. C:\Users\Maciej\AppData\Local\Tempvq1560.html moved successfully. C:\Users\Maciej\AppData\Local\TempVq2264.html moved successfully. C:\Users\Maciej\AppData\Local\TempvS3184.html moved successfully. C:\Users\Maciej\AppData\Local\TempVV1484.html moved successfully. C:\Users\Maciej\AppData\Local\TempVX3052.html moved successfully. C:\Users\Maciej\AppData\Local\Tempvy1648.html moved successfully. C:\Users\Maciej\AppData\Local\TempVZ1712.html moved successfully. C:\Users\Maciej\AppData\Local\TempW10232.html moved successfully. C:\Users\Maciej\AppData\Local\Tempwa1976.html moved successfully. C:\Users\Maciej\AppData\Local\TempWB1064.html moved successfully. C:\Users\Maciej\AppData\Local\TempwD3388.html moved successfully. C:\Users\Maciej\AppData\Local\TempWD4008.html moved successfully. C:\Users\Maciej\AppData\Local\Tempwe1884.html moved successfully. C:\Users\Maciej\AppData\Local\TempWE2704.html moved successfully. C:\Users\Maciej\AppData\Local\TempWe4044.html moved successfully. C:\Users\Maciej\AppData\Local\TempWF1224.html moved successfully. C:\Users\Maciej\AppData\Local\TempWf1420.html moved successfully. C:\Users\Maciej\AppData\Local\TempWg2044.html moved successfully. C:\Users\Maciej\AppData\Local\TempWi1656.html moved successfully. C:\Users\Maciej\AppData\Local\TempWj1108.html moved successfully. C:\Users\Maciej\AppData\Local\TempWj3172.html moved successfully. C:\Users\Maciej\AppData\Local\TempWn1700.html moved successfully. C:\Users\Maciej\AppData\Local\Tempwo1168.html moved successfully. C:\Users\Maciej\AppData\Local\Tempwo1680.html moved successfully. C:\Users\Maciej\AppData\Local\Tempwo2232.html moved successfully. C:\Users\Maciej\AppData\Local\TempwQ1568.html moved successfully. C:\Users\Maciej\AppData\Local\TempWs1668.html moved successfully. C:\Users\Maciej\AppData\Local\TempWS5012.html moved successfully. C:\Users\Maciej\AppData\Local\TempWT1544.html moved successfully. C:\Users\Maciej\AppData\Local\TempWT2036.html moved successfully. C:\Users\Maciej\AppData\Local\TempWT2044.html moved successfully. C:\Users\Maciej\AppData\Local\TempwU2044.html moved successfully. C:\Users\Maciej\AppData\Local\TempwV1780.html moved successfully. C:\Users\Maciej\AppData\Local\TempWW2552.html moved successfully. C:\Users\Maciej\AppData\Local\TempWx1168.html moved successfully. C:\Users\Maciej\AppData\Local\TempXa1780.html moved successfully. C:\Users\Maciej\AppData\Local\TempxB1524.html moved successfully. C:\Users\Maciej\AppData\Local\TempXC1160.html moved successfully. C:\Users\Maciej\AppData\Local\TempXc1564.html moved successfully. C:\Users\Maciej\AppData\Local\TempXD1632.html moved successfully. C:\Users\Maciej\AppData\Local\TempxG1592.html moved successfully. C:\Users\Maciej\AppData\Local\TempXg3124.html moved successfully. C:\Users\Maciej\AppData\Local\Tempxh1512.html moved successfully. C:\Users\Maciej\AppData\Local\TempxH1556.html moved successfully. C:\Users\Maciej\AppData\Local\TempxH2032.html moved successfully. C:\Users\Maciej\AppData\Local\TempxJ3720.html moved successfully. C:\Users\Maciej\AppData\Local\TempXK1224.html moved successfully. C:\Users\Maciej\AppData\Local\TempXK1732.html moved successfully. C:\Users\Maciej\AppData\Local\TempXL1560.html moved successfully. C:\Users\Maciej\AppData\Local\TempXL1704.html moved successfully. C:\Users\Maciej\AppData\Local\TempXl1900.html moved successfully. C:\Users\Maciej\AppData\Local\Tempxl3092.html moved successfully. C:\Users\Maciej\AppData\Local\TempxM9372.html moved successfully. C:\Users\Maciej\AppData\Local\TempXN1196.html moved successfully. C:\Users\Maciej\AppData\Local\Tempxn2044.html moved successfully. C:\Users\Maciej\AppData\Local\TempXN3648.html moved successfully. C:\Users\Maciej\AppData\Local\TempXO1596.html moved successfully. C:\Users\Maciej\AppData\Local\Tempxp1320.html moved successfully. C:\Users\Maciej\AppData\Local\Tempxq1304.html moved successfully. C:\Users\Maciej\AppData\Local\Tempxq1716.html moved successfully. C:\Users\Maciej\AppData\Local\TempXR1304.html moved successfully. C:\Users\Maciej\AppData\Local\TempXt1572.html moved successfully. C:\Users\Maciej\AppData\Local\TempXu1968.html moved successfully. C:\Users\Maciej\AppData\Local\TempXuy912.html moved successfully. C:\Users\Maciej\AppData\Local\TempXV1076.html moved successfully. C:\Users\Maciej\AppData\Local\TempXv2224.html moved successfully. C:\Users\Maciej\AppData\Local\Tempxw1204.html moved successfully. C:\Users\Maciej\AppData\Local\TempXw1880.html moved successfully. C:\Users\Maciej\AppData\Local\TempXY1384.html moved successfully. C:\Users\Maciej\AppData\Local\TempxY6940.html moved successfully. C:\Users\Maciej\AppData\Local\TempXZ1856.html moved successfully. C:\Users\Maciej\AppData\Local\Tempyb1644.html moved successfully. C:\Users\Maciej\AppData\Local\TempYc2408.html moved successfully. C:\Users\Maciej\AppData\Local\Tempyd1600.html moved successfully. C:\Users\Maciej\AppData\Local\TempyD3256.html moved successfully. C:\Users\Maciej\AppData\Local\Tempye2268.html moved successfully. C:\Users\Maciej\AppData\Local\TempYG1160.html moved successfully. C:\Users\Maciej\AppData\Local\TempYG1636.html moved successfully. C:\Users\Maciej\AppData\Local\TempYJ1096.html moved successfully. C:\Users\Maciej\AppData\Local\TempYk3124.html moved successfully. C:\Users\Maciej\AppData\Local\TempyM1164.html moved successfully. C:\Users\Maciej\AppData\Local\TempYN1224.html moved successfully. C:\Users\Maciej\AppData\Local\TempyN1860.html moved successfully. C:\Users\Maciej\AppData\Local\TempYN3676.html moved successfully. C:\Users\Maciej\AppData\Local\TempYp2796.html moved successfully. C:\Users\Maciej\AppData\Local\Tempyp4184.html moved successfully. C:\Users\Maciej\AppData\Local\TempyQ1340.html moved successfully. C:\Users\Maciej\AppData\Local\TempYr1260.html moved successfully. C:\Users\Maciej\AppData\Local\TempYr1828.html moved successfully. C:\Users\Maciej\AppData\Local\TempYT1052.html moved successfully. C:\Users\Maciej\AppData\Local\TempYT1200.html moved successfully. C:\Users\Maciej\AppData\Local\TempYv1300.html moved successfully. C:\Users\Maciej\AppData\Local\TempYV1580.html moved successfully. C:\Users\Maciej\AppData\Local\Tempyv2044.html moved successfully. C:\Users\Maciej\AppData\Local\TempyW3832.html moved successfully. C:\Users\Maciej\AppData\Local\Tempyy2008.html moved successfully. C:\Users\Maciej\AppData\Local\Tempyz2008.html moved successfully. C:\Users\Maciej\AppData\Local\TempzC1448.html moved successfully. C:\Users\Maciej\AppData\Local\Tempzc1684.html moved successfully. C:\Users\Maciej\AppData\Local\Tempzf1068.html moved successfully. C:\Users\Maciej\AppData\Local\Tempzh1456.html moved successfully. C:\Users\Maciej\AppData\Local\TempzH2032.html moved successfully. C:\Users\Maciej\AppData\Local\TempzI3000.html moved successfully. C:\Users\Maciej\AppData\Local\TempZj3612.html moved successfully. C:\Users\Maciej\AppData\Local\TempZJ3832.html moved successfully. C:\Users\Maciej\AppData\Local\TempZm1196.html moved successfully. C:\Users\Maciej\AppData\Local\TempZn1152.html moved successfully. C:\Users\Maciej\AppData\Local\Tempzn1616.html moved successfully. C:\Users\Maciej\AppData\Local\TempZn1936.html moved successfully. C:\Users\Maciej\AppData\Local\TempZN3564.html moved successfully. C:\Users\Maciej\AppData\Local\TempZo1652.html moved successfully. C:\Users\Maciej\AppData\Local\TempZP1824.html moved successfully. C:\Users\Maciej\AppData\Local\Tempzq1728.html moved successfully. C:\Users\Maciej\AppData\Local\Tempzq3472.html moved successfully. C:\Users\Maciej\AppData\Local\TempZQn928.html moved successfully. C:\Users\Maciej\AppData\Local\TempzS1216.html moved successfully. C:\Users\Maciej\AppData\Local\TempZs1552.html moved successfully. C:\Users\Maciej\AppData\Local\TempzT2384.html moved successfully. C:\Users\Maciej\AppData\Local\TempZV1956.html moved successfully. C:\Users\Maciej\AppData\Local\Tempzw1600.html moved successfully. C:\Users\Maciej\AppData\Local\Tempzw2020.html moved successfully. C:\Users\Maciej\AppData\Local\Tempzw2036.html moved successfully. C:\Users\Maciej\AppData\Local\TempZy1220.html moved successfully. C:\Users\Maciej\AppData\Local\TempZy1540.html moved successfully. C:\Users\Maciej\AppData\Local\Tempzy2232.html moved successfully. ========== COMMANDS ========== [EMPTYFLASH] User: Administrator User: All Users User: Default User: Default User User: Maciej ->Flash cache emptied: 23239 bytes User: Public Total Flash Files Cleaned = 0,00 mb [EMPTYTEMP] User: Administrator User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Maciej ->Temp folder emptied: 5360046962 bytes ->Temporary Internet Files folder emptied: 997473028 bytes ->Java cache emptied: 29409394 bytes ->Apple Safari cache emptied: 112798720 bytes ->Flash cache emptied: 0 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 2829824 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 27953544 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 68032 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 6 228,00 mb OTL by OldTimer - Version 3.2.17.3 log created on 11112010_182950 Files\Folders moved on Reboot... C:\Program Files (x86)\Hbldvhyredee\Log\Visual folder moved successfully. C:\Program Files (x86)\Hbldvhyredee\Log\Text folder moved successfully. C:\Program Files (x86)\Hbldvhyredee\Log\Audio folder moved successfully. C:\Program Files (x86)\Hbldvhyredee\Log folder moved successfully. Folder move failed. C:\Program Files (x86)\Hbldvhyredee scheduled to be moved on reboot. C:\Users\Maciej\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. C:\Users\Maciej\AppData\Local\Temp\~DF1F37FF17E5CD3444.TMP moved successfully. File move failed. C:\Windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot. Registry entries deleted on Reboot... dzisiaj rano urzyłem USBfix, aby sprawdzić czy nie mam jakiejś infekcji na pendrajwie, niestety chyba pozmieniał mi coś w rejestrach na dyskach, w załączniku logi z operacji OTL.Txt Extras.Txt UsbFix.txt UsbFix 2.txt Odnośnik do komentarza
picasso Opublikowano 12 Listopada 2010 Zgłoś Udostępnij Opublikowano 12 Listopada 2010 Niestety, ta infekcja jest czynna. W procesach się ładuje to co już niby było usuwane: PRC - [2010-01-13 18:29:53 | 000,094,298 | ---- | M] (Sver) -- c:\Windows\SysWOW64\tuoyqin.exePRC - [2006-05-03 01:41:13 | 002,194,748 | ---- | M] (Indexer) -- c:\Program Files (x86)\Hbldvhyredee\tuoyqi.exeSRV - [2010-01-13 18:29:53 | 000,094,298 | ---- | M] (Sver) [Auto | Running] -- c:\Windows\SysWOW64\tuoyqin.exe -- (tblphymjojafsi) Są także dwa dziwne pliki DLL: [2010-01-25 16:59:35 | 000,131,072 | ---- | C] () -- C:\Windows\SysWow64\msrec-ood.dll[2009-05-15 18:35:30 | 000,009,849 | ---- | C] () -- C:\Windows\SysWow64\mswen-ooe.dll[2009-04-10 11:20:07 | 000,131,072 | ---- | C] () -- C:\Windows\SysWow64\msrunrerm.dll Wykonaj kompleksowy skan przez Malwarebytes' Anti-Malware. Zaprezentuj wyniki. Mam jeszcze pytanie, korzystam z dysków zewnętrznych podłączanych przez eSATA, co prawda antywirus nie pokazuje żadnej infekcji na tych dyskach, ale czy nie czai się tam coś przy tego typu wirusie? Wątpię. . Odnośnik do komentarza
proimage Opublikowano 12 Listopada 2010 Autor Zgłoś Udostępnij Opublikowano 12 Listopada 2010 przeskanowałem Malwarebytes' Anti-Malware, znalazło jednego trojana którego usunołem poniżej log z programu mbam-log-2010-11-12 (10-01-03).txt Odnośnik do komentarza
picasso Opublikowano 12 Listopada 2010 Zgłoś Udostępnij Opublikowano 12 Listopada 2010 Hmm, MBAM nie widzi tego. Ostatnia próba usuwania przez OTL: 1. W polu Własne opcje skanowania / skrypt wklej: :Processes killallprocesses :Files C:\Program Files (x86)\Hbldvhyredee C:\Windows\SysWow64\tuoyqin.exe C:\Windows\SysWow64\mswen-ooe.dll C:\Windows\SysWow64\msrec-ood.dll C:\Windows\SysWow64\msrunrerm.dll :Services tblphymjojafsi Wykonaj skrypt. 2. Jak poprzednio: pokazujesz log z usuwania, oraz logi zrobione już po. . Odnośnik do komentarza
proimage Opublikowano 12 Listopada 2010 Autor Zgłoś Udostępnij Opublikowano 12 Listopada 2010 zrobiłem jak radzisz, poniżej log z wykonania skryptu i logi po w załącznikach ========== PROCESSES ========== All processes killed ========== FILES ========== C:\Program Files (x86)\Hbldvhyredee\Log\Visual folder moved successfully. C:\Program Files (x86)\Hbldvhyredee\Log\Text folder moved successfully. C:\Program Files (x86)\Hbldvhyredee\Log\Audio folder moved successfully. C:\Program Files (x86)\Hbldvhyredee\Log folder moved successfully. Folder move failed. C:\Program Files (x86)\Hbldvhyredee scheduled to be moved on reboot. C:\Windows\SysWow64\tuoyqin.exe moved successfully. C:\Windows\SysWow64\mswen-ooe.dll moved successfully. C:\Windows\SysWow64\msrec-ood.dll moved successfully. C:\Windows\SysWow64\msrunrerm.dll moved successfully. ========== SERVICES/DRIVERS ========== Service tblphymjojafsi stopped successfully! Service\Driver key tblphymjojafsi not found. OTL by OldTimer - Version 3.2.17.3 log created on 11122010_133350 Files\Folders moved on Reboot... C:\Program Files (x86)\Hbldvhyredee\Log\Visual folder moved successfully. C:\Program Files (x86)\Hbldvhyredee\Log\Text folder moved successfully. C:\Program Files (x86)\Hbldvhyredee\Log\Audio folder moved successfully. C:\Program Files (x86)\Hbldvhyredee\Log folder moved successfully. Folder move failed. C:\Program Files (x86)\Hbldvhyredee scheduled to be moved on reboot. Registry entries deleted on Reboot... Extras.Txt OTL.Txt Odnośnik do komentarza
picasso Opublikowano 15 Listopada 2010 Zgłoś Udostępnij Opublikowano 15 Listopada 2010 Bez zmian. To się odtwarza z miejsca którego w raportach nie widzę. Proszę o wykonanie jeszcze jednego skanu przez narzędzie Kaspersky Virus Removal Tool (skan pełny, uwzględnij cały dysk systemowy) i podanie wyników. Odnośnik do komentarza
proimage Opublikowano 16 Listopada 2010 Autor Zgłoś Udostępnij Opublikowano 16 Listopada 2010 Strasznie wolno idzie to skanowanie, skanuje już 19 godzin i mam dopiero przeskanowane 48%. Po głębszym zastanowieniu wykryłem, że na moim laptopie oprucz partycji C i D są jeszcze 2 małe partycje HP_TOOLS (99MB) i SYSTEM (199MB), może to tam znajduje się źódło infekcji? w załączniku screen z partycjami. Odnośnik do komentarza
picasso Opublikowano 16 Listopada 2010 Zgłoś Udostępnij Opublikowano 16 Listopada 2010 Po głębszym zastanowieniu wykryłem, że na moim laptopie oprucz partycji C i D są jeszcze 2 małe partycje HP_TOOLS (99MB) i SYSTEM (199MB), może to tam znajduje się źódło infekcji? Wątpię. Te serwisowe partycje są ukryte, nie mają liternictwa przypisanego. Odnośnik do komentarza
proimage Opublikowano 16 Listopada 2010 Autor Zgłoś Udostępnij Opublikowano 16 Listopada 2010 (edytowane) skanowanie ukończone, program znalazł rotkita http://www.speedyshare.com/files/25227464/avptool_sysinfo.zip Edytowane 18 Listopada 2010 przez picasso Posty połączone. //picasso Odnośnik do komentarza
picasso Opublikowano 16 Listopada 2010 Zgłoś Udostępnij Opublikowano 16 Listopada 2010 Ale, hmmm, to nie jest raport ze skanu narzędzia, to jest raport "kondycji systemu". EDIT: coś zamilkłeś. Wyjaśniam dokładniej. Zrobiłeś raport przechodząc do karty "Ręczne leczenie" i klikając w opcję "Pobierz informacje o systemie". Natomiast wyniki skanowania są dostępne w pierwszej karcie "Automatyczne skanowanie" > buttonik Raport > w nowym oknie jest opcja Zapisz (lub można bezpośrednio na wynikach skanowania zaznaczyć wykryte infekcje i z prawokliku w menu kontekstowym wybrać Kopiuj). Odnośnik do komentarza
proimage Opublikowano 17 Listopada 2010 Autor Zgłoś Udostępnij Opublikowano 17 Listopada 2010 przepraszam ale wczoraj byłem na nogach od 3.00, coś nagrzebałem i raport zrobił mi się prawie 200MB i odpadłem w miedzyczasie. Przesyłam raport zrobiony dzisiaj ale jakiś mizerny on jest, przesyłam też to co przysłąli z kasperskiego ale też jakoś niedziała wywala błąd, jeszcze raz przepraszam za zwłokę. raport 3.txt log kasperski.txt Odnośnik do komentarza
picasso Opublikowano 17 Listopada 2010 Zgłoś Udostępnij Opublikowano 17 Listopada 2010 1. Nie możemy coś dojść do ładu. Mówiłeś "skanowanie ukończone, program znalazł rotkita" i ja muszę wiedzieć w czym, bo sprawę infekcji mamy nie rozwiązaną (rekonstrukcja usuwanych obiektów). To co pokazujesz w ogóle nie potwierdza tego faktu, nie ma żadnych danych na temat znalezisk skanu automatycznego. Czy ów raport jest ustawiony na widoku w taki sposób, by pokazać właściwe wydarzenia? Dla pewności proszę ustaw filtry w taki sposób: To co jest tu "niepokojące" to spis w tym raporcie, który świadczy, że w ogóle nie odbyło się żadne skanowanie, bo nie ma znacznika "Automatyczne skanowanie". Są tylko odczyty "Ręczne leczenie" + "Pobieranie informacji o systemie" a to: przesyłam też to co przysłąli z kasperskiego ale też jakoś niedziała wywala błąd Nie interesuj się w ogóle kartą "Ręczne leczenie" ani figurującą tam opcją generowania informacji o systemie ani skryptami. Masz tylko i wyłącznie działać w karcie "Automatyczne leczenie". 2. Proszę także o skan przy udziale Sophos Anti-Rootkit (częściowa kompatybilność z x64). . Odnośnik do komentarza
proimage Opublikowano 17 Listopada 2010 Autor Zgłoś Udostępnij Opublikowano 17 Listopada 2010 skanowanie kasperskim napewno doszło do końca (Automatyczne skanowanie: zakończono 1 dzień temu (zdarzeń: 8, obiektów: 1267550, czas: 22:33:50)) trwało to prawie 24 godziny, raport z takimi ustawieniami żeby pokazał wszystkie zdarzenia zajmuje 192 748 KB, jeżeli trzeba to go gdzieś wstawię. co do rootkita to wyczytałem to z analizy wyniku systemu: "jest (rootkit w trybie użytkownika),Błąd pobierania informacji o pliku Wiersz poleceń" załanczam screen z tą informacją, przepraszam jeśli źle to zinterpretowałem. Zamieszczam też info po skanowaniu Sophos Anti-Rootkit. scan Sophos.txt Odnośnik do komentarza
picasso Opublikowano 18 Listopada 2010 Zgłoś Udostępnij Opublikowano 18 Listopada 2010 No tak, teraz rozumiem skąd ten dziwaczny skrypt otrzymany z automatu, błędnie oceniłeś sytuację i sam zaprojektowałeś wadliwy skrypt. Na pałę zaznaczyłeś "jak leci" i chciałeś sobie wywalić w kosmos prawidłowe procesy / sterowniki systemu. Dobrze, że to się nie udało. To wszystko co zamalowane na czerwono to prawidłowe procesy. Zgłoszenie "rootkit" świadczy raczej o tym, że do tych procesów jest wszczepiona pamięć innego obiektu, ale tu nie jest w ogóle podane jaki to obiekt (zresztą dla procesu nadrzędnego jest: "błąd pobierania informacji"). Czyli: niestety nadal nic nie wiadomo. Widzę w raporcie tylko to o czym już wiem, ale usuwanie tego jest nieskuteczne i to wraca. Dla odmiany Sophos nie widzi nic szczególnego, punktuje folder Tymczasowych plików internetowych. Spróbuję jeszcze zmienić metodę usuwania, to znaczy wezmę narzędzie działające całkowicie inną techniką niż OTL. 1. Uruchom BlitzBlank i w karcie Script wklej: DeleteFolder: "C:\Program Files (x86)\Hbldvhyredee" DeleteFile: C:\Windows\SysWow64\tuoyqin.exe C:\Windows\SysWow64\msrec-ood.dll C:\Windows\SysWow64\mswen-ooe.dll C:\Windows\SysWow64\msrunrerm.dll Klik w Execute Now. Pozatwierdzaj restart komputera. 2. Po restarcie systemu, gdy już pomyślnie wejdziesz na Pulpit, wytwórz nowy log z OTL oraz zaprezentuj zawartość loga BlitzBlank. EDIT: Jeszcze nie zawadzi sprawdzenie co powie Kaspersky TDSSKiller (gdyby cokolwiek wykrył, wszystko ustaw na Skip i tylko zaprezentuj log). . Odnośnik do komentarza
proimage Opublikowano 18 Listopada 2010 Autor Zgłoś Udostępnij Opublikowano 18 Listopada 2010 Przepraszam za wprowadzenie w błąd, jestem laikiem w tej dziedzinie. Wszystko przeprowadziłem zgodnie z opisem. Poniżej logi z programów: log z BlitzBlank nie chciał się załadować więc go wkleję: BlitzBlank 1.0.0.32 File/Registry Modification Engine native application MoveDirectoryOnReboot: sourceDirectory = "\??\c:\program files (x86)\hbldvhyredee", destinationDirectory = "(null)", replaceWithDummy = 0 MoveFileOnReboot: sourceFile = "\??\c:\program files (x86)\hbldvhyredee\help.chm", destinationFile = "(null)", replaceWithDummy = 0 MoveDirectoryOnReboot: sourceDirectory = "\??\c:\program files (x86)\hbldvhyredee\Log", destinationDirectory = "(null)", replaceWithDummy = 0 MoveDirectoryOnReboot: sourceDirectory = "\??\c:\program files (x86)\hbldvhyredee\Log\Audio", destinationDirectory = "(null)", replaceWithDummy = 0 MoveDirectoryOnReboot: sourceDirectory = "\??\c:\program files (x86)\hbldvhyredee\Log\Text", destinationDirectory = "(null)", replaceWithDummy = 0 MoveDirectoryOnReboot: sourceDirectory = "\??\c:\program files (x86)\hbldvhyredee\Log\Visual", destinationDirectory = "(null)", replaceWithDummy = 0 MoveFileOnReboot: sourceFile = "\??\c:\program files (x86)\hbldvhyredee\tuoyqi.exe", destinationFile = "(null)", replaceWithDummy = 0 MoveFileOnReboot: sourceFile = "\??\c:\program files (x86)\hbldvhyredee\unins000.dat", destinationFile = "(null)", replaceWithDummy = 0 MoveFileOnReboot: sourceFile = "\??\c:\program files (x86)\hbldvhyredee\unins000.exe", destinationFile = "(null)", replaceWithDummy = 0 MoveFileOnReboot: sourceFile = "\??\c:\windows\syswow64\tuoyqin.exe", destinationFile = "(null)", replaceWithDummy = 0 MoveFileOnReboot: sourceFile = "\??\c:\windows\syswow64\msrec-ood.dll", destinationFile = "(null)", replaceWithDummy = 0 MoveFileOnReboot: sourceFile = "\??\c:\windows\syswow64\mswen-ooe.dll", destinationFile = "(null)", replaceWithDummy = 0 MoveFileOnReboot: sourceFile = "\??\c:\windows\syswow64\msrunrerm.dll", destinationFile = "(null)", replaceWithDummy = 0 Extras.Txt OTL.Txt TDSSKiller.2.4.8.0_18.11.2010_07.41.15_log.txt Odnośnik do komentarza
picasso Opublikowano 18 Listopada 2010 Zgłoś Udostępnij Opublikowano 18 Listopada 2010 Czyżby się wreszcie udało? BlitzBlank usunął co zadałam i w OTL nie widzę by cokolwiek wróciło. Uruchom Kaspersky Removal Tool, wejdź do karty "Ręczne leczenie" i wygeneruj sobie do wglądu raport opcją "Pobierz informacje o systemie". Sprawdź w tym pliku HTML czy nadal przy procesach jest oznaczenie "rootkit" / są czerwone. Natomiast zignoruj odczyty "błąd pobierania informacji o pliku". Podaj mi tylko informację czy są zgłoszenia o rootkicie w procesach. Ponadto podsumuj co się dzieje z systemem, czy są jakieś dziwne objawy, czy może już wszystko zdaje się być w porządku? Odnośnik do komentarza
proimage Opublikowano 18 Listopada 2010 Autor Zgłoś Udostępnij Opublikowano 18 Listopada 2010 Raport z Kaspersky Removal Tool identyczny jak poprzedni na czerwono tylko "błąd pobierania informacji o pliku". Co do systemu to długo się ładuje przy starcie (ale to może moja wina muszę zrobić porządek z auto-startem), i zaobserwowałem że czasami jak na coś kliknę na przykład banerek w w Kasperskim "Pobierz informacje o systemie" to brak reakcji jakby nic się nie działo a po powtórnym kliknięciu pojawia się ikonka oczekiwania (wirujące kółeczko) a czasami wyświetla na pasku programu brak odpowiedzi, jak poczekam chwilę do wszystko wraca do normy. To chyba tyle z dziwnych zachowań Odnośnik do komentarza
picasso Opublikowano 18 Listopada 2010 Zgłoś Udostępnij Opublikowano 18 Listopada 2010 (edytowane) Raport z Kaspersky Removal Tool identyczny jak poprzedni na czerwono tylko "błąd pobierania informacji o pliku". "Błąd .." nieistotny. Tu jest edycja 64-bitowa systemu, a z takiej są "zwariowane" odczyty. Np. u mnie procesy natywnie 64-bit mają wszystkie jak leci ów błąd, nie wspominając już o fakcie, że nieproporcjonalnie dużo "zagrożeń". Mnie interesuje czy przestał się pojawiać napis "rootkit trybu użytkownika". Tak po prawdzie to i ja zaczynam wątpić w miarodajność tego raportu. Co do systemu to długo się ładuje przy starcie (ale to może moja wina muszę zrobić porządek z auto-startem) Możemy od razu to sprawdzić. W programie Autoruns w karcie Logon odptaszkuj te pozycje: O4:[b]64bit:[/b] - HKLM..\Run: [smartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()O4:[b]64bit:[/b] - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe (Adobe Systems Incorporated)O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)O4 - HKLM..\Run: [HPCam_Menu] c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)O4 - HKLM..\Run: [NokiaMServer] C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)O4 - HKLM..\Run: [updatePRCShortCut] C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)O4 - HKCU..\Run: [AdobeBridge] File not foundO4 - HKCU..\Run: [Gadu-Gadu 10] C:\Program Files (x86)\Gadu-Gadu 10\gg.exe (GG Network S.A.)O4 - HKCU..\Run: [iPLA!] C:\Program Files (x86)\ipla\ipla.exe (Redefine Sp z o.o.)O4 - HKCU..\Run: [NokiaOviSuite2] C:\Program Files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe (Nokia)O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)O4 - Startup: C:\Users\Maciej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () W karcie Services odptaszkuj: SRV - [2010-03-18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) (Przy okazji, proponuję zastąpić ciężarne GG10 lższejszym alternatywnym odpowiednikiem, takim jak WTW czy Miranda, i mają edycje natywnie 64-bit, w przeciwieństwie do GG10. Wszystko opisane w temacie Darmowe komunikatory) Zresetuj system. Podaj wyniki czy nadal jest wolny start. Dla potwierdzenia operacji w Autoruns możesz dodać log z OTL, by było wiadome czy na pewno wyłączyłeś co podane. . Edytowane 17 Października 2011 przez picasso 21.12.2010 - Temat zostaje zamknięty z powodu braku odpowiedzi. //picasso Odnośnik do komentarza
Rekomendowane odpowiedzi