Skocz do zawartości

Problem z sshnas21.dll


Rekomendowane odpowiedzi

Pomoc jest darmowa, ale proszę rozważ przekazanie dotacji na utrzymanie serwisu: klik.

Owszem, infekcja. Przy okazji usunę też ogłuszającą liczbę plików Temp*.html nabitą przez GG10.

 

1. Uruchom OTL i w sekcji Własne opcje skanowania / skrypt wklej:

 

:OTL
SRV - [2009-06-24 01:41:22 | 000,094,298 | ---- | M] (Sver) [Auto | Running] -- c:\Windows\SysWOW64\tuoyqin.exe -- (tblphymjojafsi)
O4 - HKU\S-1-5-21-3579702200-2269351193-524947640-1000..\Run: [Canaveral] C:\Users\Maciej\AppData\Local\Temp\sshnas21.DLL File not found
O4 - HKU\S-1-5-21-3579702200-2269351193-524947640-1000..\Run: [M5T8QL3YW3] C:\Users\Maciej\AppData\Local\Temp\Asx.exe File not found
O4 - HKU\S-1-5-21-3579702200-2269351193-524947640-1000..\Run: []  File not found
O4 - HKLM..\Run: []  File not found
 
:Files
C:\Program Files (x86)\Hbldvhyredee
C:\Windows\SysWow64\msrunrerm.dll
C:\Users\Maciej\AppData\Local\Temp*.html
 
:Commands
[emptyflash]
[emptytemp]

 

Uruchom proces przez Wykonaj skrypt. Po restarcie otrzymasz z tego log.

 

2. Do prezentacji: log powstały z usuwania oraz nowe logi z OTL.

 

 

 

 

.

Odnośnik do komentarza

Postąpiłem zgodnie z instrukcją. Przy starcie systemu nie ma już informacji o problemie z sshnas21.dll Mam jeszcze pytanie, korzystam z dysków zewnętrznych podłączanych przez eSATA, co prawda antywirus nie pokazuje żadnej infekcji na tych dyskach, ale czy nie czai się tam coś przy tego typu wirusie? Log z wykonania skryptu wklejam poniżej bo coś się nie chce załadować

 

All processes killed

========== OTL ==========

Service tblphymjojafsi stopped successfully!

Service tblphymjojafsi deleted successfully!

c:\Windows\SysWOW64\tuoyqin.exe moved successfully.

Registry value HKEY_USERS\S-1-5-21-3579702200-2269351193-524947640-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Canaveral deleted successfully.

Registry value HKEY_USERS\S-1-5-21-3579702200-2269351193-524947640-1000\Software\Microsoft\Windows\CurrentVersion\Run\\M5T8QL3YW3 deleted successfully.

Registry value HKEY_USERS\S-1-5-21-3579702200-2269351193-524947640-1000\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.

========== FILES ==========

C:\Program Files (x86)\Hbldvhyredee\Log\Visual folder moved successfully.

C:\Program Files (x86)\Hbldvhyredee\Log\Text folder moved successfully.

C:\Program Files (x86)\Hbldvhyredee\Log\Audio folder moved successfully.

C:\Program Files (x86)\Hbldvhyredee\Log folder moved successfully.

Folder move failed. C:\Program Files (x86)\Hbldvhyredee scheduled to be moved on reboot.

C:\Windows\SysWow64\msrunrerm.dll moved successfully.

C:\Users\Maciej\AppData\Local\TempAB1684.html moved successfully.

C:\Users\Maciej\AppData\Local\Tempac2036.html moved successfully.

C:\Users\Maciej\AppData\Local\TempaC2212.html moved successfully.

C:\Users\Maciej\AppData\Local\TempaE1576.html moved successfully.

C:\Users\Maciej\AppData\Local\TempaE1592.html moved successfully.

C:\Users\Maciej\AppData\Local\TempAi1436.html moved successfully.

C:\Users\Maciej\AppData\Local\TempaI2032.html moved successfully.

C:\Users\Maciej\AppData\Local\TempaJ1832.html moved successfully.

C:\Users\Maciej\AppData\Local\TempaM2816.html moved successfully.

C:\Users\Maciej\AppData\Local\TempaN1596.html moved successfully.

C:\Users\Maciej\AppData\Local\Tempao1552.html moved successfully.

C:\Users\Maciej\AppData\Local\TempAo1644.html moved successfully.

C:\Users\Maciej\AppData\Local\TempAp1408.html moved successfully.

C:\Users\Maciej\AppData\Local\TempAP1944.html moved successfully.

C:\Users\Maciej\AppData\Local\TempaP3472.html moved successfully.

C:\Users\Maciej\AppData\Local\Tempaq2032.html moved successfully.

C:\Users\Maciej\AppData\Local\TempAT1184.html moved successfully.

C:\Users\Maciej\AppData\Local\TempaU1204.html moved successfully.

C:\Users\Maciej\AppData\Local\TempaV1096.html moved successfully.

C:\Users\Maciej\AppData\Local\Tempav1488.html moved successfully.

C:\Users\Maciej\AppData\Local\TempB12408.html moved successfully.

C:\Users\Maciej\AppData\Local\TempBC2812.html moved successfully.

C:\Users\Maciej\AppData\Local\TempBE2300.html moved successfully.

C:\Users\Maciej\AppData\Local\Tempbf1292.html moved successfully.

C:\Users\Maciej\AppData\Local\TempBg1956.html moved successfully.

C:\Users\Maciej\AppData\Local\Tempbi1088.html moved successfully.

C:\Users\Maciej\AppData\Local\TempbJ3900.html moved successfully.

C:\Users\Maciej\AppData\Local\Tempbk4536.html moved successfully.

C:\Users\Maciej\AppData\Local\TempBO1208.html moved successfully.

C:\Users\Maciej\AppData\Local\Tempbo2036.html moved successfully.

C:\Users\Maciej\AppData\Local\Tempbp1812.html moved successfully.

C:\Users\Maciej\AppData\Local\Tempbq3680.html moved successfully.

C:\Users\Maciej\AppData\Local\TempbQ3904.html moved successfully.

C:\Users\Maciej\AppData\Local\Tempbs2408.html moved successfully.

C:\Users\Maciej\AppData\Local\TempbU1080.html moved successfully.

C:\Users\Maciej\AppData\Local\TempbU1196.html moved successfully.

C:\Users\Maciej\AppData\Local\TempBu1916.html moved successfully.

C:\Users\Maciej\AppData\Local\Tempbu3124.html moved successfully.

C:\Users\Maciej\AppData\Local\Tempbu4184.html moved successfully.

C:\Users\Maciej\AppData\Local\TempBw3236.html moved successfully.

C:\Users\Maciej\AppData\Local\Tempbz1224.html moved successfully.

C:\Users\Maciej\AppData\Local\TempCb1528.html moved successfully.

C:\Users\Maciej\AppData\Local\TempCb2212.html moved successfully.

C:\Users\Maciej\AppData\Local\TempCB3900.html moved successfully.

C:\Users\Maciej\AppData\Local\TempcDi412.html moved successfully.

C:\Users\Maciej\AppData\Local\TempCE1584.html moved successfully.

C:\Users\Maciej\AppData\Local\Tempce2896.html moved successfully.

C:\Users\Maciej\AppData\Local\TempCF3608.html moved successfully.

C:\Users\Maciej\AppData\Local\TempCI1656.html moved successfully.

C:\Users\Maciej\AppData\Local\TempCi1852.html moved successfully.

C:\Users\Maciej\AppData\Local\Tempcj1512.html moved successfully.

C:\Users\Maciej\AppData\Local\TempCK1860.html moved successfully.

C:\Users\Maciej\AppData\Local\TempCk3756.html moved successfully.

C:\Users\Maciej\AppData\Local\TempcL2692.html moved successfully.

C:\Users\Maciej\AppData\Local\TempCL2948.html moved successfully.

C:\Users\Maciej\AppData\Local\TempcM1540.html moved successfully.

C:\Users\Maciej\AppData\Local\Tempcm3056.html moved successfully.

C:\Users\Maciej\AppData\Local\TempCM3808.html moved successfully.

C:\Users\Maciej\AppData\Local\TempCN1436.html moved successfully.

C:\Users\Maciej\AppData\Local\Tempcn3592.html moved successfully.

C:\Users\Maciej\AppData\Local\TempCq3924.html moved successfully.

C:\Users\Maciej\AppData\Local\Tempcr1848.html moved successfully.

C:\Users\Maciej\AppData\Local\TempCU2956.html moved successfully.

C:\Users\Maciej\AppData\Local\TempCw1092.html moved successfully.

C:\Users\Maciej\AppData\Local\TempcW1612.html moved successfully.

C:\Users\Maciej\AppData\Local\Tempcx1352.html moved successfully.

C:\Users\Maciej\AppData\Local\TempcY2456.html moved successfully.

C:\Users\Maciej\AppData\Local\TempcZ1856.html moved successfully.

C:\Users\Maciej\AppData\Local\TempdA1852.html moved successfully.

C:\Users\Maciej\AppData\Local\TempDa1864.html moved successfully.

C:\Users\Maciej\AppData\Local\TempDA4040.html moved successfully.

C:\Users\Maciej\AppData\Local\TempDB2032.html moved successfully.

C:\Users\Maciej\AppData\Local\TempDC1048.html moved successfully.

C:\Users\Maciej\AppData\Local\TempDe2704.html moved successfully.

C:\Users\Maciej\AppData\Local\Tempdi1696.html moved successfully.

C:\Users\Maciej\AppData\Local\TempdM5012.html moved successfully.

C:\Users\Maciej\AppData\Local\TempDN2816.html moved successfully.

C:\Users\Maciej\AppData\Local\TempDn3168.html moved successfully.

C:\Users\Maciej\AppData\Local\TempDP3996.html moved successfully.

C:\Users\Maciej\AppData\Local\TempdQ1164.html moved successfully.

C:\Users\Maciej\AppData\Local\TempdR1956.html moved successfully.

C:\Users\Maciej\AppData\Local\Tempdt1136.html moved successfully.

C:\Users\Maciej\AppData\Local\TempdU1156.html moved successfully.

C:\Users\Maciej\AppData\Local\Tempdu1192.html moved successfully.

C:\Users\Maciej\AppData\Local\TempDU1580.html moved successfully.

C:\Users\Maciej\AppData\Local\TempdU1864.html moved successfully.

C:\Users\Maciej\AppData\Local\TempDV1496.html moved successfully.

C:\Users\Maciej\AppData\Local\Tempdv1556.html moved successfully.

C:\Users\Maciej\AppData\Local\TempDX1196.html moved successfully.

C:\Users\Maciej\AppData\Local\TempdY1656.html moved successfully.

C:\Users\Maciej\AppData\Local\Tempdz1204.html moved successfully.

C:\Users\Maciej\AppData\Local\TempdZ1856.html moved successfully.

C:\Users\Maciej\AppData\Local\TempDz1976.html moved successfully.

C:\Users\Maciej\AppData\Local\TempdZ4012.html moved successfully.

C:\Users\Maciej\AppData\Local\Tempea2748.html moved successfully.

C:\Users\Maciej\AppData\Local\Tempea3280.html moved successfully.

C:\Users\Maciej\AppData\Local\TempeB3168.html moved successfully.

C:\Users\Maciej\AppData\Local\TempEc1632.html moved successfully.

C:\Users\Maciej\AppData\Local\TempEC1996.html moved successfully.

C:\Users\Maciej\AppData\Local\Tempee2096.html moved successfully.

C:\Users\Maciej\AppData\Local\TempeG1012.html moved successfully.

C:\Users\Maciej\AppData\Local\TempeH1084.html moved successfully.

C:\Users\Maciej\AppData\Local\TempEH1988.html moved successfully.

C:\Users\Maciej\AppData\Local\TempeH2692.html moved successfully.

C:\Users\Maciej\AppData\Local\Tempei2300.html moved successfully.

C:\Users\Maciej\AppData\Local\TempeI2456.html moved successfully.

C:\Users\Maciej\AppData\Local\Tempek1472.html moved successfully.

C:\Users\Maciej\AppData\Local\Tempek3888.html moved successfully.

C:\Users\Maciej\AppData\Local\TempEN3720.html moved successfully.

C:\Users\Maciej\AppData\Local\TempEo2044.html moved successfully.

C:\Users\Maciej\AppData\Local\TempeO2892.html moved successfully.

C:\Users\Maciej\AppData\Local\Tempep1184.html moved successfully.

C:\Users\Maciej\AppData\Local\Tempep3492.html moved successfully.

C:\Users\Maciej\AppData\Local\TempeR2032.html moved successfully.

C:\Users\Maciej\AppData\Local\TempeU1700.html moved successfully.

C:\Users\Maciej\AppData\Local\TempEU1732.html moved successfully.

C:\Users\Maciej\AppData\Local\TempEv3100.html moved successfully.

C:\Users\Maciej\AppData\Local\TempEW1456.html moved successfully.

C:\Users\Maciej\AppData\Local\TempEx1204.html moved successfully.

C:\Users\Maciej\AppData\Local\TempFa3152.html moved successfully.

C:\Users\Maciej\AppData\Local\TempfB1084.html moved successfully.

C:\Users\Maciej\AppData\Local\TempFb1168.html moved successfully.

C:\Users\Maciej\AppData\Local\TempFd1448.html moved successfully.

C:\Users\Maciej\AppData\Local\TempFE6292.html moved successfully.

C:\Users\Maciej\AppData\Local\TempFg3160.html moved successfully.

C:\Users\Maciej\AppData\Local\TempfI1544.html moved successfully.

C:\Users\Maciej\AppData\Local\TempFj1352.html moved successfully.

C:\Users\Maciej\AppData\Local\TempfJ1564.html moved successfully.

C:\Users\Maciej\AppData\Local\TempFK1076.html moved successfully.

C:\Users\Maciej\AppData\Local\TempFk1124.html moved successfully.

C:\Users\Maciej\AppData\Local\TempfK3184.html moved successfully.

C:\Users\Maciej\AppData\Local\TempFk4008.html moved successfully.

C:\Users\Maciej\AppData\Local\Tempfn2216.html moved successfully.

C:\Users\Maciej\AppData\Local\TempfO1136.html moved successfully.

C:\Users\Maciej\AppData\Local\Tempfp1592.html moved successfully.

C:\Users\Maciej\AppData\Local\TempfQ1784.html moved successfully.

C:\Users\Maciej\AppData\Local\TempfR1012.html moved successfully.

C:\Users\Maciej\AppData\Local\TempFS6412.html moved successfully.

C:\Users\Maciej\AppData\Local\TempFT1960.html moved successfully.

C:\Users\Maciej\AppData\Local\TempFt3304.html moved successfully.

C:\Users\Maciej\AppData\Local\TempFT3780.html moved successfully.

C:\Users\Maciej\AppData\Local\Tempft4028.html moved successfully.

C:\Users\Maciej\AppData\Local\TempFw1980.html moved successfully.

C:\Users\Maciej\AppData\Local\Tempfx3492.html moved successfully.

C:\Users\Maciej\AppData\Local\TempFx3696.html moved successfully.

C:\Users\Maciej\AppData\Local\Tempg11032.html moved successfully.

C:\Users\Maciej\AppData\Local\Tempg12408.html moved successfully.

C:\Users\Maciej\AppData\Local\TempGC2036.html moved successfully.

C:\Users\Maciej\AppData\Local\Tempgd3000.html moved successfully.

C:\Users\Maciej\AppData\Local\TempgE1528.html moved successfully.

C:\Users\Maciej\AppData\Local\TempgE1868.html moved successfully.

C:\Users\Maciej\AppData\Local\Tempgf4068.html moved successfully.

C:\Users\Maciej\AppData\Local\TempgG1076.html moved successfully.

C:\Users\Maciej\AppData\Local\Tempgg1700.html moved successfully.

C:\Users\Maciej\AppData\Local\Tempgk9372.html moved successfully.

C:\Users\Maciej\AppData\Local\TempGl1152.html moved successfully.

C:\Users\Maciej\AppData\Local\TempGl1352.html moved successfully.

C:\Users\Maciej\AppData\Local\Tempgo1668.html moved successfully.

C:\Users\Maciej\AppData\Local\TempGP1712.html moved successfully.

C:\Users\Maciej\AppData\Local\TempgP3656.html moved successfully.

C:\Users\Maciej\AppData\Local\Tempgp3788.html moved successfully.

C:\Users\Maciej\AppData\Local\TempgQ1112.html moved successfully.

C:\Users\Maciej\AppData\Local\TempgQ1960.html moved successfully.

C:\Users\Maciej\AppData\Local\TempGr2880.html moved successfully.

C:\Users\Maciej\AppData\Local\TempGS3764.html moved successfully.

C:\Users\Maciej\AppData\Local\Tempgt2956.html moved successfully.

C:\Users\Maciej\AppData\Local\TempgU1292.html moved successfully.

C:\Users\Maciej\AppData\Local\Tempgu1988.html moved successfully.

C:\Users\Maciej\AppData\Local\Tempgu2264.html moved successfully.

C:\Users\Maciej\AppData\Local\TempGu3184.html moved successfully.

C:\Users\Maciej\AppData\Local\TempgU3764.html moved successfully.

C:\Users\Maciej\AppData\Local\Tempgv3092.html moved successfully.

C:\Users\Maciej\AppData\Local\TempgW2924.html moved successfully.

C:\Users\Maciej\AppData\Local\TempGX1064.html moved successfully.

C:\Users\Maciej\AppData\Local\TempgX1580.html moved successfully.

C:\Users\Maciej\AppData\Local\TempGy1492.html moved successfully.

C:\Users\Maciej\AppData\Local\TempGy2924.html moved successfully.

C:\Users\Maciej\AppData\Local\TempHA2000.html moved successfully.

C:\Users\Maciej\AppData\Local\TemphB1556.html moved successfully.

C:\Users\Maciej\AppData\Local\TemphB1572.html moved successfully.

C:\Users\Maciej\AppData\Local\Temphd1408.html moved successfully.

C:\Users\Maciej\AppData\Local\TempHd1556.html moved successfully.

C:\Users\Maciej\AppData\Local\TempHD3900.html moved successfully.

C:\Users\Maciej\AppData\Local\TempHE1596.html moved successfully.

C:\Users\Maciej\AppData\Local\Temphf1560.html moved successfully.

C:\Users\Maciej\AppData\Local\TemphI1644.html moved successfully.

C:\Users\Maciej\AppData\Local\TempHk1320.html moved successfully.

C:\Users\Maciej\AppData\Local\Temphk1640.html moved successfully.

C:\Users\Maciej\AppData\Local\Temphm1180.html moved successfully.

C:\Users\Maciej\AppData\Local\TempHO4604.html moved successfully.

C:\Users\Maciej\AppData\Local\TempHq1572.html moved successfully.

C:\Users\Maciej\AppData\Local\TempHQ3068.html moved successfully.

C:\Users\Maciej\AppData\Local\TempHs1180.html moved successfully.

C:\Users\Maciej\AppData\Local\TempHs3044.html moved successfully.

C:\Users\Maciej\AppData\Local\Tempht1680.html moved successfully.

C:\Users\Maciej\AppData\Local\TemphT1816.html moved successfully.

C:\Users\Maciej\AppData\Local\TempHu1752.html moved successfully.

C:\Users\Maciej\AppData\Local\TempHX1208.html moved successfully.

C:\Users\Maciej\AppData\Local\TemphX1236.html moved successfully.

C:\Users\Maciej\AppData\Local\TempHy1596.html moved successfully.

C:\Users\Maciej\AppData\Local\TempHYD908.html moved successfully.

C:\Users\Maciej\AppData\Local\TemphZ2496.html moved successfully.

C:\Users\Maciej\AppData\Local\TempI10232.html moved successfully.

C:\Users\Maciej\AppData\Local\TempIa1496.html moved successfully.

C:\Users\Maciej\AppData\Local\Tempia3612.html moved successfully.

C:\Users\Maciej\AppData\Local\Tempia4536.html moved successfully.

C:\Users\Maciej\AppData\Local\TempIB6680.html moved successfully.

C:\Users\Maciej\AppData\Local\TempiG1584.html moved successfully.

C:\Users\Maciej\AppData\Local\Tempig3984.html moved successfully.

C:\Users\Maciej\AppData\Local\TempiH3304.html moved successfully.

C:\Users\Maciej\AppData\Local\TempII1484.html moved successfully.

C:\Users\Maciej\AppData\Local\Tempii2000.html moved successfully.

C:\Users\Maciej\AppData\Local\Tempii3052.html moved successfully.

C:\Users\Maciej\AppData\Local\TempII3808.html moved successfully.

C:\Users\Maciej\AppData\Local\TempIj1576.html moved successfully.

C:\Users\Maciej\AppData\Local\Tempil3680.html moved successfully.

C:\Users\Maciej\AppData\Local\TempIm1076.html moved successfully.

C:\Users\Maciej\AppData\Local\TempIM1824.html moved successfully.

C:\Users\Maciej\AppData\Local\TempIn1312.html moved successfully.

C:\Users\Maciej\AppData\Local\Tempio1200.html moved successfully.

C:\Users\Maciej\AppData\Local\Tempio1728.html moved successfully.

C:\Users\Maciej\AppData\Local\Tempip1076.html moved successfully.

C:\Users\Maciej\AppData\Local\TempiR1384.html moved successfully.

C:\Users\Maciej\AppData\Local\TempIS1976.html moved successfully.

C:\Users\Maciej\AppData\Local\TempIT1092.html moved successfully.

C:\Users\Maciej\AppData\Local\Tempiv1248.html moved successfully.

C:\Users\Maciej\AppData\Local\TempiW3828.html moved successfully.

C:\Users\Maciej\AppData\Local\TempIX1008.html moved successfully.

C:\Users\Maciej\AppData\Local\TempIx1560.html moved successfully.

C:\Users\Maciej\AppData\Local\Tempiys612.html moved successfully.

C:\Users\Maciej\AppData\Local\TempIz1236.html moved successfully.

C:\Users\Maciej\AppData\Local\TempiZ3280.html moved successfully.

C:\Users\Maciej\AppData\Local\TempJA4044.html moved successfully.

C:\Users\Maciej\AppData\Local\TempJB1672.html moved successfully.

C:\Users\Maciej\AppData\Local\TempJb1976.html moved successfully.

C:\Users\Maciej\AppData\Local\TempJd1672.html moved successfully.

C:\Users\Maciej\AppData\Local\TempJd2016.html moved successfully.

C:\Users\Maciej\AppData\Local\TempJd4028.html moved successfully.

C:\Users\Maciej\AppData\Local\Tempjf1076.html moved successfully.

C:\Users\Maciej\AppData\Local\TempJF1816.html moved successfully.

C:\Users\Maciej\AppData\Local\Tempjf3696.html moved successfully.

C:\Users\Maciej\AppData\Local\TempjF6412.html moved successfully.

C:\Users\Maciej\AppData\Local\TempJg1484.html moved successfully.

C:\Users\Maciej\AppData\Local\TempjH3756.html moved successfully.

C:\Users\Maciej\AppData\Local\TempJHo928.html moved successfully.

C:\Users\Maciej\AppData\Local\TempJj1740.html moved successfully.

C:\Users\Maciej\AppData\Local\Tempjj1944.html moved successfully.

C:\Users\Maciej\AppData\Local\TempJj2032.html moved successfully.

C:\Users\Maciej\AppData\Local\Tempjk3832.html moved successfully.

C:\Users\Maciej\AppData\Local\TempjL1708.html moved successfully.

C:\Users\Maciej\AppData\Local\TempJm2000.html moved successfully.

C:\Users\Maciej\AppData\Local\Tempjm2024.html moved successfully.

C:\Users\Maciej\AppData\Local\TempJM3268.html moved successfully.

C:\Users\Maciej\AppData\Local\TempJm6940.html moved successfully.

C:\Users\Maciej\AppData\Local\TempJq1076.html moved successfully.

C:\Users\Maciej\AppData\Local\TempJq1308.html moved successfully.

C:\Users\Maciej\AppData\Local\TempJs1196.html moved successfully.

C:\Users\Maciej\AppData\Local\TempJS3236.html moved successfully.

C:\Users\Maciej\AppData\Local\TempjT1572.html moved successfully.

C:\Users\Maciej\AppData\Local\TempJv1600.html moved successfully.

C:\Users\Maciej\AppData\Local\TempjW2040.html moved successfully.

C:\Users\Maciej\AppData\Local\TempjX1076.html moved successfully.

C:\Users\Maciej\AppData\Local\TempjX1580.html moved successfully.

C:\Users\Maciej\AppData\Local\TempjX2024.html moved successfully.

C:\Users\Maciej\AppData\Local\TempJX5308.html moved successfully.

C:\Users\Maciej\AppData\Local\Tempjy1232.html moved successfully.

C:\Users\Maciej\AppData\Local\Tempjy1720.html moved successfully.

C:\Users\Maciej\AppData\Local\Tempjy1896.html moved successfully.

C:\Users\Maciej\AppData\Local\TempJy1900.html moved successfully.

C:\Users\Maciej\AppData\Local\TempjZ1968.html moved successfully.

C:\Users\Maciej\AppData\Local\TempKa1484.html moved successfully.

C:\Users\Maciej\AppData\Local\TempKb3788.html moved successfully.

C:\Users\Maciej\AppData\Local\TempkC2692.html moved successfully.

C:\Users\Maciej\AppData\Local\TempKE1700.html moved successfully.

C:\Users\Maciej\AppData\Local\TempkE3044.html moved successfully.

C:\Users\Maciej\AppData\Local\Tempke3756.html moved successfully.

C:\Users\Maciej\AppData\Local\TempKF1828.html moved successfully.

C:\Users\Maciej\AppData\Local\Tempkf2892.html moved successfully.

C:\Users\Maciej\AppData\Local\TempKi1708.html moved successfully.

C:\Users\Maciej\AppData\Local\Tempkj1580.html moved successfully.

C:\Users\Maciej\AppData\Local\TempkJ3120.html moved successfully.

C:\Users\Maciej\AppData\Local\TempkK1192.html moved successfully.

C:\Users\Maciej\AppData\Local\TempKl1180.html moved successfully.

C:\Users\Maciej\AppData\Local\TempKL1196.html moved successfully.

C:\Users\Maciej\AppData\Local\Tempkl1588.html moved successfully.

C:\Users\Maciej\AppData\Local\TempKM1640.html moved successfully.

C:\Users\Maciej\AppData\Local\TempKn1420.html moved successfully.

C:\Users\Maciej\AppData\Local\TempKN1732.html moved successfully.

C:\Users\Maciej\AppData\Local\TempKp1580.html moved successfully.

C:\Users\Maciej\AppData\Local\TempkP3764.html moved successfully.

C:\Users\Maciej\AppData\Local\TempkR1552.html moved successfully.

C:\Users\Maciej\AppData\Local\Tempks1468.html moved successfully.

C:\Users\Maciej\AppData\Local\TempkU1704.html moved successfully.

C:\Users\Maciej\AppData\Local\TempKu1720.html moved successfully.

C:\Users\Maciej\AppData\Local\Tempkv1804.html moved successfully.

C:\Users\Maciej\AppData\Local\TempkV3924.html moved successfully.

C:\Users\Maciej\AppData\Local\TempKw1196.html moved successfully.

C:\Users\Maciej\AppData\Local\Tempky1556.html moved successfully.

C:\Users\Maciej\AppData\Local\TempKy1720.html moved successfully.

C:\Users\Maciej\AppData\Local\TempkY2024.html moved successfully.

C:\Users\Maciej\AppData\Local\TempKy2208.html moved successfully.

C:\Users\Maciej\AppData\Local\TempkY6292.html moved successfully.

C:\Users\Maciej\AppData\Local\Tempkz1584.html moved successfully.

C:\Users\Maciej\AppData\Local\TempKz3700.html moved successfully.

C:\Users\Maciej\AppData\Local\Templa2044.html moved successfully.

C:\Users\Maciej\AppData\Local\Templa3160.html moved successfully.

C:\Users\Maciej\AppData\Local\TempLc1340.html moved successfully.

C:\Users\Maciej\AppData\Local\TemplC2876.html moved successfully.

C:\Users\Maciej\AppData\Local\Templcb912.html moved successfully.

C:\Users\Maciej\AppData\Local\TempLD2024.html moved successfully.

C:\Users\Maciej\AppData\Local\TemplF1536.html moved successfully.

C:\Users\Maciej\AppData\Local\TemplF1752.html moved successfully.

C:\Users\Maciej\AppData\Local\TempLF2000.html moved successfully.

C:\Users\Maciej\AppData\Local\TempLF2036.html moved successfully.

C:\Users\Maciej\AppData\Local\Templg2308.html moved successfully.

C:\Users\Maciej\AppData\Local\Templh1076.html moved successfully.

C:\Users\Maciej\AppData\Local\Templi1996.html moved successfully.

C:\Users\Maciej\AppData\Local\Templj2000.html moved successfully.

C:\Users\Maciej\AppData\Local\TempLk1824.html moved successfully.

C:\Users\Maciej\AppData\Local\TemplM1916.html moved successfully.

C:\Users\Maciej\AppData\Local\TempLm2552.html moved successfully.

C:\Users\Maciej\AppData\Local\TemplmX412.html moved successfully.

C:\Users\Maciej\AppData\Local\TempLN1496.html moved successfully.

C:\Users\Maciej\AppData\Local\TemplN1548.html moved successfully.

C:\Users\Maciej\AppData\Local\TempLO1560.html moved successfully.

C:\Users\Maciej\AppData\Local\TempLP1656.html moved successfully.

C:\Users\Maciej\AppData\Local\Templp3068.html moved successfully.

C:\Users\Maciej\AppData\Local\TemplQ2000.html moved successfully.

C:\Users\Maciej\AppData\Local\Templr1344.html moved successfully.

C:\Users\Maciej\AppData\Local\TemplR3008.html moved successfully.

C:\Users\Maciej\AppData\Local\TempLu1308.html moved successfully.

C:\Users\Maciej\AppData\Local\TempLU3828.html moved successfully.

C:\Users\Maciej\AppData\Local\Templv1804.html moved successfully.

C:\Users\Maciej\AppData\Local\TempLW1900.html moved successfully.

C:\Users\Maciej\AppData\Local\TemplY1896.html moved successfully.

C:\Users\Maciej\AppData\Local\TemplZ1192.html moved successfully.

C:\Users\Maciej\AppData\Local\TemplZ1740.html moved successfully.

C:\Users\Maciej\AppData\Local\TempMb1564.html moved successfully.

C:\Users\Maciej\AppData\Local\Tempmd3700.html moved successfully.

C:\Users\Maciej\AppData\Local\TempMe1552.html moved successfully.

C:\Users\Maciej\AppData\Local\Tempme2044.html moved successfully.

C:\Users\Maciej\AppData\Local\TempMf1216.html moved successfully.

C:\Users\Maciej\AppData\Local\Tempmg2044.html moved successfully.

C:\Users\Maciej\AppData\Local\TempMI1220.html moved successfully.

C:\Users\Maciej\AppData\Local\TempMJ4224.html moved successfully.

C:\Users\Maciej\AppData\Local\TempMK2040.html moved successfully.

C:\Users\Maciej\AppData\Local\TempmK2948.html moved successfully.

C:\Users\Maciej\AppData\Local\Tempmk9868.html moved successfully.

C:\Users\Maciej\AppData\Local\Tempmm1868.html moved successfully.

C:\Users\Maciej\AppData\Local\Tempmm1880.html moved successfully.

C:\Users\Maciej\AppData\Local\TempmM2044.html moved successfully.

C:\Users\Maciej\AppData\Local\Tempmn3484.html moved successfully.

C:\Users\Maciej\AppData\Local\TempMP1124.html moved successfully.

C:\Users\Maciej\AppData\Local\Tempmp1544.html moved successfully.

C:\Users\Maciej\AppData\Local\TempMP2900.html moved successfully.

C:\Users\Maciej\AppData\Local\Tempmp5308.html moved successfully.

C:\Users\Maciej\AppData\Local\TempmQ1232.html moved successfully.

C:\Users\Maciej\AppData\Local\Tempms1720.html moved successfully.

C:\Users\Maciej\AppData\Local\TempMT2948.html moved successfully.

C:\Users\Maciej\AppData\Local\TempMu1084.html moved successfully.

C:\Users\Maciej\AppData\Local\TempmU1576.html moved successfully.

C:\Users\Maciej\AppData\Local\TempmuM312.html moved successfully.

C:\Users\Maciej\AppData\Local\Tempmv1848.html moved successfully.

C:\Users\Maciej\AppData\Local\TempmV1956.html moved successfully.

C:\Users\Maciej\AppData\Local\TempMw1240.html moved successfully.

C:\Users\Maciej\AppData\Local\TempmW3592.html moved successfully.

C:\Users\Maciej\AppData\Local\Tempn12872.html moved successfully.

C:\Users\Maciej\AppData\Local\Tempnb1900.html moved successfully.

C:\Users\Maciej\AppData\Local\Tempnc2900.html moved successfully.

C:\Users\Maciej\AppData\Local\TempnD1856.html moved successfully.

C:\Users\Maciej\AppData\Local\TempnD2012.html moved successfully.

C:\Users\Maciej\AppData\Local\Tempne1720.html moved successfully.

C:\Users\Maciej\AppData\Local\TempnE1960.html moved successfully.

C:\Users\Maciej\AppData\Local\TempNE3056.html moved successfully.

C:\Users\Maciej\AppData\Local\TempNe3268.html moved successfully.

C:\Users\Maciej\AppData\Local\TempNg2552.html moved successfully.

C:\Users\Maciej\AppData\Local\TempnH1848.html moved successfully.

C:\Users\Maciej\AppData\Local\Tempnj2268.html moved successfully.

C:\Users\Maciej\AppData\Local\Tempnk1344.html moved successfully.

C:\Users\Maciej\AppData\Local\TempnK1560.html moved successfully.

C:\Users\Maciej\AppData\Local\TempnK3152.html moved successfully.

C:\Users\Maciej\AppData\Local\TempNL1828.html moved successfully.

C:\Users\Maciej\AppData\Local\Tempnm1088.html moved successfully.

C:\Users\Maciej\AppData\Local\TempNM1196.html moved successfully.

C:\Users\Maciej\AppData\Local\TempNM3588.html moved successfully.

C:\Users\Maciej\AppData\Local\TempNM3756.html moved successfully.

C:\Users\Maciej\AppData\Local\TempNN3992.html moved successfully.

C:\Users\Maciej\AppData\Local\TempNP1156.html moved successfully.

C:\Users\Maciej\AppData\Local\TempNq1580.html moved successfully.

C:\Users\Maciej\AppData\Local\TempNr2500.html moved successfully.

C:\Users\Maciej\AppData\Local\TempNs1524.html moved successfully.

C:\Users\Maciej\AppData\Local\TempNT1684.html moved successfully.

C:\Users\Maciej\AppData\Local\TempnU1240.html moved successfully.

C:\Users\Maciej\AppData\Local\TempNU1540.html moved successfully.

C:\Users\Maciej\AppData\Local\TempnW1468.html moved successfully.

C:\Users\Maciej\AppData\Local\TempNX1832.html moved successfully.

C:\Users\Maciej\AppData\Local\TempNY1536.html moved successfully.

C:\Users\Maciej\AppData\Local\TempNZ2876.html moved successfully.

C:\Users\Maciej\AppData\Local\Tempo11032.html moved successfully.

C:\Users\Maciej\AppData\Local\TempOa2032.html moved successfully.

C:\Users\Maciej\AppData\Local\TempoB1472.html moved successfully.

C:\Users\Maciej\AppData\Local\TempOf1756.html moved successfully.

C:\Users\Maciej\AppData\Local\Tempog1152.html moved successfully.

C:\Users\Maciej\AppData\Local\TempOg1212.html moved successfully.

C:\Users\Maciej\AppData\Local\TempOh2096.html moved successfully.

C:\Users\Maciej\AppData\Local\Tempoh4068.html moved successfully.

C:\Users\Maciej\AppData\Local\TempOi3224.html moved successfully.

C:\Users\Maciej\AppData\Local\Tempoi3400.html moved successfully.

C:\Users\Maciej\AppData\Local\TempoJ1568.html moved successfully.

C:\Users\Maciej\AppData\Local\TempoM1916.html moved successfully.

C:\Users\Maciej\AppData\Local\TempOO1108.html moved successfully.

C:\Users\Maciej\AppData\Local\TempOO2168.html moved successfully.

C:\Users\Maciej\AppData\Local\TempOp1312.html moved successfully.

C:\Users\Maciej\AppData\Local\TempoP3256.html moved successfully.

C:\Users\Maciej\AppData\Local\TempOq1992.html moved successfully.

C:\Users\Maciej\AppData\Local\TempOR3888.html moved successfully.

C:\Users\Maciej\AppData\Local\TempOR4044.html moved successfully.

C:\Users\Maciej\AppData\Local\TempOT1696.html moved successfully.

C:\Users\Maciej\AppData\Local\TempOt1700.html moved successfully.

C:\Users\Maciej\AppData\Local\TempOu3564.html moved successfully.

C:\Users\Maciej\AppData\Local\TempOV1008.html moved successfully.

C:\Users\Maciej\AppData\Local\Tempox1848.html moved successfully.

C:\Users\Maciej\AppData\Local\TempoX1916.html moved successfully.

C:\Users\Maciej\AppData\Local\TempoY1196.html moved successfully.

C:\Users\Maciej\AppData\Local\TempOy1528.html moved successfully.

C:\Users\Maciej\AppData\Local\TempoZ1700.html moved successfully.

C:\Users\Maciej\AppData\Local\TemppA1248.html moved successfully.

C:\Users\Maciej\AppData\Local\TemppC2812.html moved successfully.

C:\Users\Maciej\AppData\Local\TempPE1804.html moved successfully.

C:\Users\Maciej\AppData\Local\TempPf1148.html moved successfully.

C:\Users\Maciej\AppData\Local\Temppf1176.html moved successfully.

C:\Users\Maciej\AppData\Local\TempPf3304.html moved successfully.

C:\Users\Maciej\AppData\Local\TemppG1884.html moved successfully.

C:\Users\Maciej\AppData\Local\TemppH1828.html moved successfully.

C:\Users\Maciej\AppData\Local\TempPI2044.html moved successfully.

C:\Users\Maciej\AppData\Local\TempPJ2924.html moved successfully.

C:\Users\Maciej\AppData\Local\TempPJ3444.html moved successfully.

C:\Users\Maciej\AppData\Local\TempPK1236.html moved successfully.

C:\Users\Maciej\AppData\Local\Temppk1628.html moved successfully.

C:\Users\Maciej\AppData\Local\TempPL3048.html moved successfully.

C:\Users\Maciej\AppData\Local\Temppm1804.html moved successfully.

C:\Users\Maciej\AppData\Local\Temppn1212.html moved successfully.

C:\Users\Maciej\AppData\Local\TemppO1548.html moved successfully.

C:\Users\Maciej\AppData\Local\Temppoh612.html moved successfully.

C:\Users\Maciej\AppData\Local\Temppp1304.html moved successfully.

C:\Users\Maciej\AppData\Local\TempPp1628.html moved successfully.

C:\Users\Maciej\AppData\Local\Temppq2208.html moved successfully.

C:\Users\Maciej\AppData\Local\TemppT3984.html moved successfully.

C:\Users\Maciej\AppData\Local\TempPU1732.html moved successfully.

C:\Users\Maciej\AppData\Local\TemppV3276.html moved successfully.

C:\Users\Maciej\AppData\Local\TemppW1060.html moved successfully.

C:\Users\Maciej\AppData\Local\TempPX3428.html moved successfully.

C:\Users\Maciej\AppData\Local\TempPz1352.html moved successfully.

C:\Users\Maciej\AppData\Local\Temppz2040.html moved successfully.

C:\Users\Maciej\AppData\Local\TemppZ3544.html moved successfully.

C:\Users\Maciej\AppData\Local\TempQB2044.html moved successfully.

C:\Users\Maciej\AppData\Local\Tempqc1048.html moved successfully.

C:\Users\Maciej\AppData\Local\Tempqc1992.html moved successfully.

C:\Users\Maciej\AppData\Local\TempQE1556.html moved successfully.

C:\Users\Maciej\AppData\Local\TempqE3904.html moved successfully.

C:\Users\Maciej\AppData\Local\Tempqg1956.html moved successfully.

C:\Users\Maciej\AppData\Local\TempqH1576.html moved successfully.

C:\Users\Maciej\AppData\Local\TempQi1196.html moved successfully.

C:\Users\Maciej\AppData\Local\TempqJ3124.html moved successfully.

C:\Users\Maciej\AppData\Local\TempqK2308.html moved successfully.

C:\Users\Maciej\AppData\Local\Tempqk3900.html moved successfully.

C:\Users\Maciej\AppData\Local\Tempql3608.html moved successfully.

C:\Users\Maciej\AppData\Local\TempqO1588.html moved successfully.

C:\Users\Maciej\AppData\Local\TempQp1592.html moved successfully.

C:\Users\Maciej\AppData\Local\TempQQ1088.html moved successfully.

C:\Users\Maciej\AppData\Local\TempQr1068.html moved successfully.

C:\Users\Maciej\AppData\Local\TempqTq908.html moved successfully.

C:\Users\Maciej\AppData\Local\TempQv3276.html moved successfully.

C:\Users\Maciej\AppData\Local\TempQv9868.html moved successfully.

C:\Users\Maciej\AppData\Local\TempQw1300.html moved successfully.

C:\Users\Maciej\AppData\Local\TempQX6680.html moved successfully.

C:\Users\Maciej\AppData\Local\TempQy1200.html moved successfully.

C:\Users\Maciej\AppData\Local\TempQy1724.html moved successfully.

C:\Users\Maciej\AppData\Local\TempQZ1088.html moved successfully.

C:\Users\Maciej\AppData\Local\Tempr12872.html moved successfully.

C:\Users\Maciej\AppData\Local\Tempra1888.html moved successfully.

C:\Users\Maciej\AppData\Local\TemprF1200.html moved successfully.

C:\Users\Maciej\AppData\Local\Temprf1652.html moved successfully.

C:\Users\Maciej\AppData\Local\TemprF1960.html moved successfully.

C:\Users\Maciej\AppData\Local\TempRH1616.html moved successfully.

C:\Users\Maciej\AppData\Local\TempRi1572.html moved successfully.

C:\Users\Maciej\AppData\Local\TempRi1716.html moved successfully.

C:\Users\Maciej\AppData\Local\TemprI2168.html moved successfully.

C:\Users\Maciej\AppData\Local\TempRi3184.html moved successfully.

C:\Users\Maciej\AppData\Local\TempRJ1524.html moved successfully.

C:\Users\Maciej\AppData\Local\TempRJ1824.html moved successfully.

C:\Users\Maciej\AppData\Local\TempRk3100.html moved successfully.

C:\Users\Maciej\AppData\Local\TempRk3764.html moved successfully.

C:\Users\Maciej\AppData\Local\Temprl1524.html moved successfully.

C:\Users\Maciej\AppData\Local\Temprl1936.html moved successfully.

C:\Users\Maciej\AppData\Local\TempRM1724.html moved successfully.

C:\Users\Maciej\AppData\Local\TemprM1784.html moved successfully.

C:\Users\Maciej\AppData\Local\TemprM2928.html moved successfully.

C:\Users\Maciej\AppData\Local\TemprM4040.html moved successfully.

C:\Users\Maciej\AppData\Local\TemprO2224.html moved successfully.

C:\Users\Maciej\AppData\Local\TempRO2420.html moved successfully.

C:\Users\Maciej\AppData\Local\TempRo3656.html moved successfully.

C:\Users\Maciej\AppData\Local\TempRQ2796.html moved successfully.

C:\Users\Maciej\AppData\Local\Temprr2552.html moved successfully.

C:\Users\Maciej\AppData\Local\TempRs3940.html moved successfully.

C:\Users\Maciej\AppData\Local\Temprt3032.html moved successfully.

C:\Users\Maciej\AppData\Local\TemprU3120.html moved successfully.

C:\Users\Maciej\AppData\Local\TemprU3996.html moved successfully.

C:\Users\Maciej\AppData\Local\Temprv1580.html moved successfully.

C:\Users\Maciej\AppData\Local\TempRV2040.html moved successfully.

C:\Users\Maciej\AppData\Local\Temprw1528.html moved successfully.

C:\Users\Maciej\AppData\Local\TempRx2748.html moved successfully.

C:\Users\Maciej\AppData\Local\Tempsb1544.html moved successfully.

C:\Users\Maciej\AppData\Local\TempSC1112.html moved successfully.

C:\Users\Maciej\AppData\Local\TempSG3992.html moved successfully.

C:\Users\Maciej\AppData\Local\TempSi1180.html moved successfully.

C:\Users\Maciej\AppData\Local\TempSi2216.html moved successfully.

C:\Users\Maciej\AppData\Local\TempSk1152.html moved successfully.

C:\Users\Maciej\AppData\Local\TempsL1080.html moved successfully.

C:\Users\Maciej\AppData\Local\TempSL1684.html moved successfully.

C:\Users\Maciej\AppData\Local\TempSL4012.html moved successfully.

C:\Users\Maciej\AppData\Local\TempSl4044.html moved successfully.

C:\Users\Maciej\AppData\Local\TempSM3780.html moved successfully.

C:\Users\Maciej\AppData\Local\Tempsp1168.html moved successfully.

C:\Users\Maciej\AppData\Local\TempsP2880.html moved successfully.

C:\Users\Maciej\AppData\Local\Tempsq1720.html moved successfully.

C:\Users\Maciej\AppData\Local\TempSr1564.html moved successfully.

C:\Users\Maciej\AppData\Local\TempsR2016.html moved successfully.

C:\Users\Maciej\AppData\Local\TempsT1156.html moved successfully.

C:\Users\Maciej\AppData\Local\Tempst3008.html moved successfully.

C:\Users\Maciej\AppData\Local\Tempsuv812.html moved successfully.

C:\Users\Maciej\AppData\Local\TempsX2496.html moved successfully.

C:\Users\Maciej\AppData\Local\TempSX2500.html moved successfully.

C:\Users\Maciej\AppData\Local\Tempsz2928.html moved successfully.

C:\Users\Maciej\AppData\Local\TempSz3564.html moved successfully.

C:\Users\Maciej\AppData\Local\TemptA1656.html moved successfully.

C:\Users\Maciej\AppData\Local\Temptb1256.html moved successfully.

C:\Users\Maciej\AppData\Local\Temptb3676.html moved successfully.

C:\Users\Maciej\AppData\Local\TempTC3444.html moved successfully.

C:\Users\Maciej\AppData\Local\Temptd2372.html moved successfully.

C:\Users\Maciej\AppData\Local\TemptD3544.html moved successfully.

C:\Users\Maciej\AppData\Local\TemptH1060.html moved successfully.

C:\Users\Maciej\AppData\Local\Tempth4604.html moved successfully.

C:\Users\Maciej\AppData\Local\TempTJ2020.html moved successfully.

C:\Users\Maciej\AppData\Local\TempTJ3484.html moved successfully.

C:\Users\Maciej\AppData\Local\Temptk3224.html moved successfully.

C:\Users\Maciej\AppData\Local\TemptKl312.html moved successfully.

C:\Users\Maciej\AppData\Local\TempTl1196.html moved successfully.

C:\Users\Maciej\AppData\Local\TempTl2692.html moved successfully.

C:\Users\Maciej\AppData\Local\Temptm2948.html moved successfully.

C:\Users\Maciej\AppData\Local\TempTn2012.html moved successfully.

C:\Users\Maciej\AppData\Local\TemptR1756.html moved successfully.

C:\Users\Maciej\AppData\Local\TempTR1888.html moved successfully.

C:\Users\Maciej\AppData\Local\TemptR3588.html moved successfully.

C:\Users\Maciej\AppData\Local\Tempts3184.html moved successfully.

C:\Users\Maciej\AppData\Local\TemptS3648.html moved successfully.

C:\Users\Maciej\AppData\Local\TempTu2420.html moved successfully.

C:\Users\Maciej\AppData\Local\Temptv1648.html moved successfully.

C:\Users\Maciej\AppData\Local\Temptw1052.html moved successfully.

C:\Users\Maciej\AppData\Local\Temptw2896.html moved successfully.

C:\Users\Maciej\AppData\Local\TempTx3048.html moved successfully.

C:\Users\Maciej\AppData\Local\TempTy1196.html moved successfully.

C:\Users\Maciej\AppData\Local\TemptY2024.html moved successfully.

C:\Users\Maciej\AppData\Local\Tempub1584.html moved successfully.

C:\Users\Maciej\AppData\Local\TempuB2372.html moved successfully.

C:\Users\Maciej\AppData\Local\TempUD3184.html moved successfully.

C:\Users\Maciej\AppData\Local\TempUE2384.html moved successfully.

C:\Users\Maciej\AppData\Local\TempUf1084.html moved successfully.

C:\Users\Maciej\AppData\Local\TempUG1176.html moved successfully.

C:\Users\Maciej\AppData\Local\TempUg1812.html moved successfully.

C:\Users\Maciej\AppData\Local\TempuG4224.html moved successfully.

C:\Users\Maciej\AppData\Local\TempUH1308.html moved successfully.

C:\Users\Maciej\AppData\Local\Tempuh1540.html moved successfully.

C:\Users\Maciej\AppData\Local\TempuH1644.html moved successfully.

C:\Users\Maciej\AppData\Local\TempUj1192.html moved successfully.

C:\Users\Maciej\AppData\Local\Tempuk2016.html moved successfully.

C:\Users\Maciej\AppData\Local\Tempun1656.html moved successfully.

C:\Users\Maciej\AppData\Local\TempUs3832.html moved successfully.

C:\Users\Maciej\AppData\Local\TempUU2024.html moved successfully.

C:\Users\Maciej\AppData\Local\TempUV2016.html moved successfully.

C:\Users\Maciej\AppData\Local\TempUv2924.html moved successfully.

C:\Users\Maciej\AppData\Local\TempUW1156.html moved successfully.

C:\Users\Maciej\AppData\Local\Tempuw1304.html moved successfully.

C:\Users\Maciej\AppData\Local\TempUW1496.html moved successfully.

C:\Users\Maciej\AppData\Local\TempUY1492.html moved successfully.

C:\Users\Maciej\AppData\Local\TempUZ1956.html moved successfully.

C:\Users\Maciej\AppData\Local\TempuZ1980.html moved successfully.

C:\Users\Maciej\AppData\Local\Tempva1148.html moved successfully.

C:\Users\Maciej\AppData\Local\Tempva1600.html moved successfully.

C:\Users\Maciej\AppData\Local\TempvB1260.html moved successfully.

C:\Users\Maciej\AppData\Local\TempVc3304.html moved successfully.

C:\Users\Maciej\AppData\Local\Tempvh3564.html moved successfully.

C:\Users\Maciej\AppData\Local\Tempvi3172.html moved successfully.

C:\Users\Maciej\AppData\Local\Tempvi3428.html moved successfully.

C:\Users\Maciej\AppData\Local\TempVK1256.html moved successfully.

C:\Users\Maciej\AppData\Local\TempvMA812.html moved successfully.

C:\Users\Maciej\AppData\Local\TempvN1236.html moved successfully.

C:\Users\Maciej\AppData\Local\TempvN3032.html moved successfully.

C:\Users\Maciej\AppData\Local\TempvO3388.html moved successfully.

C:\Users\Maciej\AppData\Local\TempVp1076.html moved successfully.

C:\Users\Maciej\AppData\Local\Tempvp1308.html moved successfully.

C:\Users\Maciej\AppData\Local\Tempvq1560.html moved successfully.

C:\Users\Maciej\AppData\Local\TempVq2264.html moved successfully.

C:\Users\Maciej\AppData\Local\TempvS3184.html moved successfully.

C:\Users\Maciej\AppData\Local\TempVV1484.html moved successfully.

C:\Users\Maciej\AppData\Local\TempVX3052.html moved successfully.

C:\Users\Maciej\AppData\Local\Tempvy1648.html moved successfully.

C:\Users\Maciej\AppData\Local\TempVZ1712.html moved successfully.

C:\Users\Maciej\AppData\Local\TempW10232.html moved successfully.

C:\Users\Maciej\AppData\Local\Tempwa1976.html moved successfully.

C:\Users\Maciej\AppData\Local\TempWB1064.html moved successfully.

C:\Users\Maciej\AppData\Local\TempwD3388.html moved successfully.

C:\Users\Maciej\AppData\Local\TempWD4008.html moved successfully.

C:\Users\Maciej\AppData\Local\Tempwe1884.html moved successfully.

C:\Users\Maciej\AppData\Local\TempWE2704.html moved successfully.

C:\Users\Maciej\AppData\Local\TempWe4044.html moved successfully.

C:\Users\Maciej\AppData\Local\TempWF1224.html moved successfully.

C:\Users\Maciej\AppData\Local\TempWf1420.html moved successfully.

C:\Users\Maciej\AppData\Local\TempWg2044.html moved successfully.

C:\Users\Maciej\AppData\Local\TempWi1656.html moved successfully.

C:\Users\Maciej\AppData\Local\TempWj1108.html moved successfully.

C:\Users\Maciej\AppData\Local\TempWj3172.html moved successfully.

C:\Users\Maciej\AppData\Local\TempWn1700.html moved successfully.

C:\Users\Maciej\AppData\Local\Tempwo1168.html moved successfully.

C:\Users\Maciej\AppData\Local\Tempwo1680.html moved successfully.

C:\Users\Maciej\AppData\Local\Tempwo2232.html moved successfully.

C:\Users\Maciej\AppData\Local\TempwQ1568.html moved successfully.

C:\Users\Maciej\AppData\Local\TempWs1668.html moved successfully.

C:\Users\Maciej\AppData\Local\TempWS5012.html moved successfully.

C:\Users\Maciej\AppData\Local\TempWT1544.html moved successfully.

C:\Users\Maciej\AppData\Local\TempWT2036.html moved successfully.

C:\Users\Maciej\AppData\Local\TempWT2044.html moved successfully.

C:\Users\Maciej\AppData\Local\TempwU2044.html moved successfully.

C:\Users\Maciej\AppData\Local\TempwV1780.html moved successfully.

C:\Users\Maciej\AppData\Local\TempWW2552.html moved successfully.

C:\Users\Maciej\AppData\Local\TempWx1168.html moved successfully.

C:\Users\Maciej\AppData\Local\TempXa1780.html moved successfully.

C:\Users\Maciej\AppData\Local\TempxB1524.html moved successfully.

C:\Users\Maciej\AppData\Local\TempXC1160.html moved successfully.

C:\Users\Maciej\AppData\Local\TempXc1564.html moved successfully.

C:\Users\Maciej\AppData\Local\TempXD1632.html moved successfully.

C:\Users\Maciej\AppData\Local\TempxG1592.html moved successfully.

C:\Users\Maciej\AppData\Local\TempXg3124.html moved successfully.

C:\Users\Maciej\AppData\Local\Tempxh1512.html moved successfully.

C:\Users\Maciej\AppData\Local\TempxH1556.html moved successfully.

C:\Users\Maciej\AppData\Local\TempxH2032.html moved successfully.

C:\Users\Maciej\AppData\Local\TempxJ3720.html moved successfully.

C:\Users\Maciej\AppData\Local\TempXK1224.html moved successfully.

C:\Users\Maciej\AppData\Local\TempXK1732.html moved successfully.

C:\Users\Maciej\AppData\Local\TempXL1560.html moved successfully.

C:\Users\Maciej\AppData\Local\TempXL1704.html moved successfully.

C:\Users\Maciej\AppData\Local\TempXl1900.html moved successfully.

C:\Users\Maciej\AppData\Local\Tempxl3092.html moved successfully.

C:\Users\Maciej\AppData\Local\TempxM9372.html moved successfully.

C:\Users\Maciej\AppData\Local\TempXN1196.html moved successfully.

C:\Users\Maciej\AppData\Local\Tempxn2044.html moved successfully.

C:\Users\Maciej\AppData\Local\TempXN3648.html moved successfully.

C:\Users\Maciej\AppData\Local\TempXO1596.html moved successfully.

C:\Users\Maciej\AppData\Local\Tempxp1320.html moved successfully.

C:\Users\Maciej\AppData\Local\Tempxq1304.html moved successfully.

C:\Users\Maciej\AppData\Local\Tempxq1716.html moved successfully.

C:\Users\Maciej\AppData\Local\TempXR1304.html moved successfully.

C:\Users\Maciej\AppData\Local\TempXt1572.html moved successfully.

C:\Users\Maciej\AppData\Local\TempXu1968.html moved successfully.

C:\Users\Maciej\AppData\Local\TempXuy912.html moved successfully.

C:\Users\Maciej\AppData\Local\TempXV1076.html moved successfully.

C:\Users\Maciej\AppData\Local\TempXv2224.html moved successfully.

C:\Users\Maciej\AppData\Local\Tempxw1204.html moved successfully.

C:\Users\Maciej\AppData\Local\TempXw1880.html moved successfully.

C:\Users\Maciej\AppData\Local\TempXY1384.html moved successfully.

C:\Users\Maciej\AppData\Local\TempxY6940.html moved successfully.

C:\Users\Maciej\AppData\Local\TempXZ1856.html moved successfully.

C:\Users\Maciej\AppData\Local\Tempyb1644.html moved successfully.

C:\Users\Maciej\AppData\Local\TempYc2408.html moved successfully.

C:\Users\Maciej\AppData\Local\Tempyd1600.html moved successfully.

C:\Users\Maciej\AppData\Local\TempyD3256.html moved successfully.

C:\Users\Maciej\AppData\Local\Tempye2268.html moved successfully.

C:\Users\Maciej\AppData\Local\TempYG1160.html moved successfully.

C:\Users\Maciej\AppData\Local\TempYG1636.html moved successfully.

C:\Users\Maciej\AppData\Local\TempYJ1096.html moved successfully.

C:\Users\Maciej\AppData\Local\TempYk3124.html moved successfully.

C:\Users\Maciej\AppData\Local\TempyM1164.html moved successfully.

C:\Users\Maciej\AppData\Local\TempYN1224.html moved successfully.

C:\Users\Maciej\AppData\Local\TempyN1860.html moved successfully.

C:\Users\Maciej\AppData\Local\TempYN3676.html moved successfully.

C:\Users\Maciej\AppData\Local\TempYp2796.html moved successfully.

C:\Users\Maciej\AppData\Local\Tempyp4184.html moved successfully.

C:\Users\Maciej\AppData\Local\TempyQ1340.html moved successfully.

C:\Users\Maciej\AppData\Local\TempYr1260.html moved successfully.

C:\Users\Maciej\AppData\Local\TempYr1828.html moved successfully.

C:\Users\Maciej\AppData\Local\TempYT1052.html moved successfully.

C:\Users\Maciej\AppData\Local\TempYT1200.html moved successfully.

C:\Users\Maciej\AppData\Local\TempYv1300.html moved successfully.

C:\Users\Maciej\AppData\Local\TempYV1580.html moved successfully.

C:\Users\Maciej\AppData\Local\Tempyv2044.html moved successfully.

C:\Users\Maciej\AppData\Local\TempyW3832.html moved successfully.

C:\Users\Maciej\AppData\Local\Tempyy2008.html moved successfully.

C:\Users\Maciej\AppData\Local\Tempyz2008.html moved successfully.

C:\Users\Maciej\AppData\Local\TempzC1448.html moved successfully.

C:\Users\Maciej\AppData\Local\Tempzc1684.html moved successfully.

C:\Users\Maciej\AppData\Local\Tempzf1068.html moved successfully.

C:\Users\Maciej\AppData\Local\Tempzh1456.html moved successfully.

C:\Users\Maciej\AppData\Local\TempzH2032.html moved successfully.

C:\Users\Maciej\AppData\Local\TempzI3000.html moved successfully.

C:\Users\Maciej\AppData\Local\TempZj3612.html moved successfully.

C:\Users\Maciej\AppData\Local\TempZJ3832.html moved successfully.

C:\Users\Maciej\AppData\Local\TempZm1196.html moved successfully.

C:\Users\Maciej\AppData\Local\TempZn1152.html moved successfully.

C:\Users\Maciej\AppData\Local\Tempzn1616.html moved successfully.

C:\Users\Maciej\AppData\Local\TempZn1936.html moved successfully.

C:\Users\Maciej\AppData\Local\TempZN3564.html moved successfully.

C:\Users\Maciej\AppData\Local\TempZo1652.html moved successfully.

C:\Users\Maciej\AppData\Local\TempZP1824.html moved successfully.

C:\Users\Maciej\AppData\Local\Tempzq1728.html moved successfully.

C:\Users\Maciej\AppData\Local\Tempzq3472.html moved successfully.

C:\Users\Maciej\AppData\Local\TempZQn928.html moved successfully.

C:\Users\Maciej\AppData\Local\TempzS1216.html moved successfully.

C:\Users\Maciej\AppData\Local\TempZs1552.html moved successfully.

C:\Users\Maciej\AppData\Local\TempzT2384.html moved successfully.

C:\Users\Maciej\AppData\Local\TempZV1956.html moved successfully.

C:\Users\Maciej\AppData\Local\Tempzw1600.html moved successfully.

C:\Users\Maciej\AppData\Local\Tempzw2020.html moved successfully.

C:\Users\Maciej\AppData\Local\Tempzw2036.html moved successfully.

C:\Users\Maciej\AppData\Local\TempZy1220.html moved successfully.

C:\Users\Maciej\AppData\Local\TempZy1540.html moved successfully.

C:\Users\Maciej\AppData\Local\Tempzy2232.html moved successfully.

========== COMMANDS ==========

 

[EMPTYFLASH]

 

User: Administrator

 

User: All Users

 

User: Default

 

User: Default User

 

User: Maciej

->Flash cache emptied: 23239 bytes

 

User: Public

 

Total Flash Files Cleaned = 0,00 mb

 

 

[EMPTYTEMP]

 

User: Administrator

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Maciej

->Temp folder emptied: 5360046962 bytes

->Temporary Internet Files folder emptied: 997473028 bytes

->Java cache emptied: 29409394 bytes

->Apple Safari cache emptied: 112798720 bytes

->Flash cache emptied: 0 bytes

 

User: Public

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 2829824 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 27953544 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 68032 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 6 228,00 mb

 

 

OTL by OldTimer - Version 3.2.17.3 log created on 11112010_182950

 

Files\Folders moved on Reboot...

C:\Program Files (x86)\Hbldvhyredee\Log\Visual folder moved successfully.

C:\Program Files (x86)\Hbldvhyredee\Log\Text folder moved successfully.

C:\Program Files (x86)\Hbldvhyredee\Log\Audio folder moved successfully.

C:\Program Files (x86)\Hbldvhyredee\Log folder moved successfully.

Folder move failed. C:\Program Files (x86)\Hbldvhyredee scheduled to be moved on reboot.

C:\Users\Maciej\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

C:\Users\Maciej\AppData\Local\Temp\~DF1F37FF17E5CD3444.TMP moved successfully.

File move failed. C:\Windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

 

Registry entries deleted on Reboot...

 

 

dzisiaj rano urzyłem USBfix, aby sprawdzić czy nie mam jakiejś infekcji na pendrajwie, niestety chyba pozmieniał mi coś w rejestrach na dyskach, w załączniku logi z operacji

OTL.Txt

Extras.Txt

UsbFix.txt

UsbFix 2.txt

Odnośnik do komentarza

Niestety, ta infekcja jest czynna. W procesach się ładuje to co już niby było usuwane:

 

PRC - [2010-01-13 18:29:53 | 000,094,298 | ---- | M] (Sver) -- c:\Windows\SysWOW64\tuoyqin.exe

PRC - [2006-05-03 01:41:13 | 002,194,748 | ---- | M] (Indexer) -- c:\Program Files (x86)\Hbldvhyredee\tuoyqi.exe

SRV - [2010-01-13 18:29:53 | 000,094,298 | ---- | M] (Sver) [Auto | Running] -- c:\Windows\SysWOW64\tuoyqin.exe -- (tblphymjojafsi)

 

Są także dwa dziwne pliki DLL:

 

[2010-01-25 16:59:35 | 000,131,072 | ---- | C] () -- C:\Windows\SysWow64\msrec-ood.dll

[2009-05-15 18:35:30 | 000,009,849 | ---- | C] () -- C:\Windows\SysWow64\mswen-ooe.dll

[2009-04-10 11:20:07 | 000,131,072 | ---- | C] () -- C:\Windows\SysWow64\msrunrerm.dll

 

Wykonaj kompleksowy skan przez Malwarebytes' Anti-Malware. Zaprezentuj wyniki.

 

Mam jeszcze pytanie, korzystam z dysków zewnętrznych podłączanych przez eSATA, co prawda antywirus nie pokazuje żadnej infekcji na tych dyskach, ale czy nie czai się tam coś przy tego typu wirusie?

 

Wątpię.

 

 

.

Odnośnik do komentarza

Hmm, MBAM nie widzi tego. Ostatnia próba usuwania przez OTL:

 

1. W polu Własne opcje skanowania / skrypt wklej:

 

:Processes
killallprocesses
 
:Files
C:\Program Files (x86)\Hbldvhyredee
C:\Windows\SysWow64\tuoyqin.exe
C:\Windows\SysWow64\mswen-ooe.dll
C:\Windows\SysWow64\msrec-ood.dll
C:\Windows\SysWow64\msrunrerm.dll
 
:Services
tblphymjojafsi

 

Wykonaj skrypt.

 

2. Jak poprzednio: pokazujesz log z usuwania, oraz logi zrobione już po.

 

 

.

Odnośnik do komentarza

zrobiłem jak radzisz, poniżej log z wykonania skryptu i logi po w załącznikach

 

========== PROCESSES ==========

All processes killed

========== FILES ==========

C:\Program Files (x86)\Hbldvhyredee\Log\Visual folder moved successfully.

C:\Program Files (x86)\Hbldvhyredee\Log\Text folder moved successfully.

C:\Program Files (x86)\Hbldvhyredee\Log\Audio folder moved successfully.

C:\Program Files (x86)\Hbldvhyredee\Log folder moved successfully.

Folder move failed. C:\Program Files (x86)\Hbldvhyredee scheduled to be moved on reboot.

C:\Windows\SysWow64\tuoyqin.exe moved successfully.

C:\Windows\SysWow64\mswen-ooe.dll moved successfully.

C:\Windows\SysWow64\msrec-ood.dll moved successfully.

C:\Windows\SysWow64\msrunrerm.dll moved successfully.

========== SERVICES/DRIVERS ==========

Service tblphymjojafsi stopped successfully!

Service\Driver key tblphymjojafsi not found.

 

OTL by OldTimer - Version 3.2.17.3 log created on 11122010_133350

 

Files\Folders moved on Reboot...

C:\Program Files (x86)\Hbldvhyredee\Log\Visual folder moved successfully.

C:\Program Files (x86)\Hbldvhyredee\Log\Text folder moved successfully.

C:\Program Files (x86)\Hbldvhyredee\Log\Audio folder moved successfully.

C:\Program Files (x86)\Hbldvhyredee\Log folder moved successfully.

Folder move failed. C:\Program Files (x86)\Hbldvhyredee scheduled to be moved on reboot.

 

Registry entries deleted on Reboot...

Extras.Txt

OTL.Txt

Odnośnik do komentarza

Ale, hmmm, to nie jest raport ze skanu narzędzia, to jest raport "kondycji systemu".

 

EDIT: coś zamilkłeś. Wyjaśniam dokładniej. Zrobiłeś raport przechodząc do karty "Ręczne leczenie" i klikając w opcję "Pobierz informacje o systemie". Natomiast wyniki skanowania są dostępne w pierwszej karcie "Automatyczne skanowanie" > buttonik Raport > w nowym oknie jest opcja Zapisz (lub można bezpośrednio na wynikach skanowania zaznaczyć wykryte infekcje i z prawokliku w menu kontekstowym wybrać Kopiuj).

Odnośnik do komentarza

przepraszam ale wczoraj byłem na nogach od 3.00, coś nagrzebałem i raport zrobił mi się prawie 200MB i odpadłem w miedzyczasie. Przesyłam raport zrobiony dzisiaj ale jakiś mizerny on jest, przesyłam też to co przysłąli z kasperskiego ale też jakoś niedziała wywala błąd, jeszcze raz przepraszam za zwłokę.

raport 3.txt

log kasperski.txt

Odnośnik do komentarza

1. Nie możemy coś dojść do ładu. Mówiłeś "skanowanie ukończone, program znalazł rotkita" i ja muszę wiedzieć w czym, bo sprawę infekcji mamy nie rozwiązaną (rekonstrukcja usuwanych obiektów). To co pokazujesz w ogóle nie potwierdza tego faktu, nie ma żadnych danych na temat znalezisk skanu automatycznego. Czy ów raport jest ustawiony na widoku w taki sposób, by pokazać właściwe wydarzenia? Dla pewności proszę ustaw filtry w taki sposób:

 

krtraport.png

 

To co jest tu "niepokojące" to spis w tym raporcie, który świadczy, że w ogóle nie odbyło się żadne skanowanie, bo nie ma znacznika "Automatyczne skanowanie". Są tylko odczyty "Ręczne leczenie" + "Pobieranie informacji o systemie" a to:

 

przesyłam też to co przysłąli z kasperskiego ale też jakoś niedziała wywala błąd

 

Nie interesuj się w ogóle kartą "Ręczne leczenie" ani figurującą tam opcją generowania informacji o systemie ani skryptami. Masz tylko i wyłącznie działać w karcie "Automatyczne leczenie".

 

2. Proszę także o skan przy udziale Sophos Anti-Rootkit (częściowa kompatybilność z x64).

 

 

 

 

.

Odnośnik do komentarza

skanowanie kasperskim napewno doszło do końca (Automatyczne skanowanie: zakończono 1 dzień temu (zdarzeń: 8, obiektów: 1267550, czas: 22:33:50)) trwało to prawie 24 godziny, raport z takimi ustawieniami żeby pokazał wszystkie zdarzenia zajmuje 192 748 KB, jeżeli trzeba to go gdzieś wstawię. co do rootkita to wyczytałem to z analizy wyniku systemu: "jest (rootkit w trybie użytkownika),Błąd pobierania informacji o pliku Wiersz poleceń" załanczam screen z tą informacją, przepraszam jeśli źle to zinterpretowałem. Zamieszczam też info po skanowaniu Sophos Anti-Rootkit.

post-1034-0-75054900-1290034414_thumb.jpg

scan Sophos.txt

Odnośnik do komentarza

No tak, teraz rozumiem skąd ten dziwaczny skrypt otrzymany z automatu, błędnie oceniłeś sytuację i sam zaprojektowałeś wadliwy skrypt. Na pałę zaznaczyłeś "jak leci" i chciałeś sobie wywalić w kosmos prawidłowe procesy / sterowniki systemu. Dobrze, że to się nie udało. To wszystko co zamalowane na czerwono to prawidłowe procesy. Zgłoszenie "rootkit" świadczy raczej o tym, że do tych procesów jest wszczepiona pamięć innego obiektu, ale tu nie jest w ogóle podane jaki to obiekt (zresztą dla procesu nadrzędnego jest: "błąd pobierania informacji"). Czyli: niestety nadal nic nie wiadomo. Widzę w raporcie tylko to o czym już wiem, ale usuwanie tego jest nieskuteczne i to wraca. Dla odmiany Sophos nie widzi nic szczególnego, punktuje folder Tymczasowych plików internetowych.

 

 

Spróbuję jeszcze zmienić metodę usuwania, to znaczy wezmę narzędzie działające całkowicie inną techniką niż OTL.

 

1. Uruchom BlitzBlank i w karcie Script wklej:

 

DeleteFolder: 
"C:\Program Files (x86)\Hbldvhyredee"
DeleteFile: 
C:\Windows\SysWow64\tuoyqin.exe
C:\Windows\SysWow64\msrec-ood.dll
C:\Windows\SysWow64\mswen-ooe.dll
C:\Windows\SysWow64\msrunrerm.dll

Klik w Execute Now. Pozatwierdzaj restart komputera.

 

2. Po restarcie systemu, gdy już pomyślnie wejdziesz na Pulpit, wytwórz nowy log z OTL oraz zaprezentuj zawartość loga BlitzBlank. EDIT: Jeszcze nie zawadzi sprawdzenie co powie Kaspersky TDSSKiller (gdyby cokolwiek wykrył, wszystko ustaw na Skip i tylko zaprezentuj log).

 

 

.

Odnośnik do komentarza

Przepraszam za wprowadzenie w błąd, jestem laikiem w tej dziedzinie. Wszystko przeprowadziłem zgodnie z opisem. Poniżej logi z programów:

log z BlitzBlank nie chciał się załadować więc go wkleję:

 

BlitzBlank 1.0.0.32

 

File/Registry Modification Engine native application

MoveDirectoryOnReboot: sourceDirectory = "\??\c:\program files (x86)\hbldvhyredee", destinationDirectory = "(null)", replaceWithDummy = 0

MoveFileOnReboot: sourceFile = "\??\c:\program files (x86)\hbldvhyredee\help.chm", destinationFile = "(null)", replaceWithDummy = 0

MoveDirectoryOnReboot: sourceDirectory = "\??\c:\program files (x86)\hbldvhyredee\Log", destinationDirectory = "(null)", replaceWithDummy = 0

MoveDirectoryOnReboot: sourceDirectory = "\??\c:\program files (x86)\hbldvhyredee\Log\Audio", destinationDirectory = "(null)", replaceWithDummy = 0

MoveDirectoryOnReboot: sourceDirectory = "\??\c:\program files (x86)\hbldvhyredee\Log\Text", destinationDirectory = "(null)", replaceWithDummy = 0

MoveDirectoryOnReboot: sourceDirectory = "\??\c:\program files (x86)\hbldvhyredee\Log\Visual", destinationDirectory = "(null)", replaceWithDummy = 0

MoveFileOnReboot: sourceFile = "\??\c:\program files (x86)\hbldvhyredee\tuoyqi.exe", destinationFile = "(null)", replaceWithDummy = 0

MoveFileOnReboot: sourceFile = "\??\c:\program files (x86)\hbldvhyredee\unins000.dat", destinationFile = "(null)", replaceWithDummy = 0

MoveFileOnReboot: sourceFile = "\??\c:\program files (x86)\hbldvhyredee\unins000.exe", destinationFile = "(null)", replaceWithDummy = 0

MoveFileOnReboot: sourceFile = "\??\c:\windows\syswow64\tuoyqin.exe", destinationFile = "(null)", replaceWithDummy = 0

MoveFileOnReboot: sourceFile = "\??\c:\windows\syswow64\msrec-ood.dll", destinationFile = "(null)", replaceWithDummy = 0

MoveFileOnReboot: sourceFile = "\??\c:\windows\syswow64\mswen-ooe.dll", destinationFile = "(null)", replaceWithDummy = 0

MoveFileOnReboot: sourceFile = "\??\c:\windows\syswow64\msrunrerm.dll", destinationFile = "(null)", replaceWithDummy = 0

Extras.Txt

OTL.Txt

TDSSKiller.2.4.8.0_18.11.2010_07.41.15_log.txt

Odnośnik do komentarza

Czyżby się wreszcie udało? BlitzBlank usunął co zadałam i w OTL nie widzę by cokolwiek wróciło. Uruchom Kaspersky Removal Tool, wejdź do karty "Ręczne leczenie" i wygeneruj sobie do wglądu raport opcją "Pobierz informacje o systemie". Sprawdź w tym pliku HTML czy nadal przy procesach jest oznaczenie "rootkit" / są czerwone. Natomiast zignoruj odczyty "błąd pobierania informacji o pliku". Podaj mi tylko informację czy są zgłoszenia o rootkicie w procesach. Ponadto podsumuj co się dzieje z systemem, czy są jakieś dziwne objawy, czy może już wszystko zdaje się być w porządku?

Odnośnik do komentarza

Raport z Kaspersky Removal Tool identyczny jak poprzedni na czerwono tylko "błąd pobierania informacji o pliku". Co do systemu to długo się ładuje przy starcie (ale to może moja wina muszę zrobić porządek z auto-startem), i zaobserwowałem że czasami jak na coś kliknę na przykład banerek w w Kasperskim "Pobierz informacje o systemie" to brak reakcji jakby nic się nie działo a po powtórnym kliknięciu pojawia się ikonka oczekiwania (wirujące kółeczko) a czasami wyświetla na pasku programu brak odpowiedzi, jak poczekam chwilę do wszystko wraca do normy. To chyba tyle z dziwnych zachowań

Odnośnik do komentarza
Raport z Kaspersky Removal Tool identyczny jak poprzedni na czerwono tylko "błąd pobierania informacji o pliku".

 

"Błąd .." nieistotny. Tu jest edycja 64-bitowa systemu, a z takiej są "zwariowane" odczyty. Np. u mnie procesy natywnie 64-bit mają wszystkie jak leci ów błąd, nie wspominając już o fakcie, że nieproporcjonalnie dużo "zagrożeń". Mnie interesuje czy przestał się pojawiać napis "rootkit trybu użytkownika".

Tak po prawdzie to i ja zaczynam wątpić w miarodajność tego raportu.

 

Co do systemu to długo się ładuje przy starcie (ale to może moja wina muszę zrobić porządek z auto-startem)

 

Możemy od razu to sprawdzić. W programie Autoruns w karcie Logon odptaszkuj te pozycje:

 

O4:[b]64bit:[/b] - HKLM..\Run: [smartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()

O4:[b]64bit:[/b] - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)

O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)

O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)

O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)

O4 - HKLM..\Run: [HPCam_Menu] c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKLM..\Run: [NokiaMServer] C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)

O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)

O4 - HKLM..\Run: [updatePRCShortCut] C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKCU..\Run: [AdobeBridge] File not found

O4 - HKCU..\Run: [Gadu-Gadu 10] C:\Program Files (x86)\Gadu-Gadu 10\gg.exe (GG Network S.A.)

O4 - HKCU..\Run: [iPLA!] C:\Program Files (x86)\ipla\ipla.exe (Redefine Sp z o.o.)

O4 - HKCU..\Run: [NokiaOviSuite2] C:\Program Files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe (Nokia)

O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

O4 - Startup: C:\Users\Maciej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

 

W karcie Services odptaszkuj:

 

SRV - [2010-03-18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)

 

(Przy okazji, proponuję zastąpić ciężarne GG10 lższejszym alternatywnym odpowiednikiem, takim jak WTW czy Miranda, i mają edycje natywnie 64-bit, w przeciwieństwie do GG10. Wszystko opisane w temacie Darmowe komunikatory)

 

Zresetuj system. Podaj wyniki czy nadal jest wolny start. Dla potwierdzenia operacji w Autoruns możesz dodać log z OTL, by było wiadome czy na pewno wyłączyłeś co podane.

 

 

 

.

Edytowane przez picasso
21.12.2010 - Temat zostaje zamknięty z powodu braku odpowiedzi. //picasso
Odnośnik do komentarza
Gość
Ten temat został zamknięty. Brak możliwości dodania odpowiedzi.
  • Ostatnio przeglądający   0 użytkowników

    • Brak zarejestrowanych użytkowników przeglądających tę stronę.
×
×
  • Dodaj nową pozycję...