Problem z: uruchamianiem komp., z USB, z Pomocą i Obsługą Techniczną, itd

[hanki]

Witam serdecznie,

Od pewnego czasu mam problem laptopem:

Typ procesora -Mobile DualCore Intel Core 2 Duo T5200, 800 MHz (6 x 133)

Nazwa płyty głównej FUJITSU SIEMENS AMILO Pi 1505

Pamięć fizyczna 1014 MB (DDR2-533 DDR2 SDRAM)

Integrated: Intel 82945GM Graphics Controller 0 [A-3]

Dysk nr 1 - WDC WD1200BEVS-07LAT (111 GB)

Pole Wartość

Service Pack 2

System operacyjny Microsoft Windows XP Media Center Edition

Zasilacz L50II0 FUJITSU SIEMENS

1. Pierwsza rzecz jaka się dzieje to zawieszanie się gdy wcisnę ‘OK.’ po wpisaniu hasła przy starcie systemu, i całkowite zahamowanie jego pracy, jedyny ratunek przytrzymać power i jeszcze raz uruchomić. [Za drugim razem zwykle bez zająknięcia uruchamia się, aczkolwiek zajmuje mu to jakieś 5 minut..] Dzieje się tak zawsze gdy pierwszy raz uruchamiam komputer rano i zdarza się również że zacina się kilka sekund później.

2. Przestały działać wszystkie porty USB, wkładam pendrive'a (mp3 albo kabel USB od aparatu) i jest dźwięk informujący o podłączeniu sprzętu. Właściwie pojawia się ikona na pasku po prawej str przy zegarze, ale w Moim Komputerze ani śladu dysku przenośnego nawet po wielokrotnym odświeżeniu! ( nie mam zaznaczonej opcji oszczędzania energii poprzez wyłączenie USB).

3. W tym samym czasie, także zauważyłam, iż nie mogę otworzyć Pomocy i Obsługi Technicznej, naciskam, a komputer w ogóle nie reaguje.

4. Dziwna wydawać mi się zaczęła również akcja wykonywana przez plik ‘iexplore.exe’ a mianowicie gdy używam przeglądarki Mozilla Firefox po jakimś czasie, nie zawsze, włączają się dźwięki w tle, jakby filmiki czy reklamy. Na pasku ani śladu otwartej innej przeglądarki (mam zainstalowany również IE 6.0.2900.2180- nie używam), jak włączam Menadżer Zadań to w zakładce Aplikacje również nie ma śladu sprawcy a muzyka nadal leci, metodą prób i błędów doszłam do tego, że usuwając plik ‘iexplore.exe’ z zakładki 'Procesy' dźwięk również się wyłącza. Nie mogę dociec jakim prawem i w jaki sposób bez mojej ingerencji IE włącza się samo.

5. Kolejnym problemem są polskie znaki, w filmach i w notatniku, a także w programie Everest itp, nie pojawiają się polskie litery, zamiast nich są szlaczki, potęgi itp.

6.Troszkę wcześniej, kilka tygodni, laptop zaczął dosyć poważnie się przegrzewać i wyłączać, mimo iż ustawiałam go początkowo na ‘podpórkach’ by nie nagrzewał blatu biurka nadal grzał stracznie, potem zmienił mi znajomy jakaś pastę wewnątrz i oznajmił iż to wina zasilacza. Więc zaczęłam go odłączać na czas pracy ale i to nic nie dało. Wariuje głównie w momencie gdy leci film (najszybciej pada jak on-line coś puszczam), jak uruchamiam gry, czy przerabiam zdjęcia. Czasem potrafi się wyłączyć bez uprzedniego ostrzeżenia przez SpeedFan o wysokiej temp. Osiąga czasem wg programu po 85 C.

Mam cichą nadzieje, że ktoś jest w stanie mi pomóc, będę bardzo wdzięczna, nie mam już sił do tego komputera.. i tak dla ścisłości, gdyby jednak ktos zdecydował się mi pomóc prosiłabym o wyrozumiałość gdyż nie posiadam zbyt dużej wiedzy z zakresu informatyki..

[Mateusz J.]

Zaczniemy od sprawdzenia czy nie masz infekcji lub zaśmieconego komputera.

Pokaż log z Hijackthis oraz ComboFix (może być z Trybu Awaryjnego, jeśli Tryb Normalny nie działa).

Strony pomocnicze: http://www.forumpc.pl/index.php?showtopic=11018 http://www.forumpc.pl/index.php?showtopic=11017

[hanki]

Ani w trybie normalnym ani w awaryjnym nie idzie ich otworzyc ;/ naciskam uruchom, okienko znika i tyle.. i skubaniec sie mega nagrzał :/

Edytowane 20 czerwca 2009 przez hanki_make_me_funky

[m.f.d]

skorzystaj z innej niz ie przegladarki.

np opera

w trybie awaryjnym:

start > uruchom > wpisz: msconfig > enter

w zakladce uruchamianie odznacz znane Ci programy a takze podejrzane niewiadomego pochodzenia.

pozostaw jedynie wpisy odpowiedzialne za sterowniki, np dzwieku albo grafiki

otworz menadzer zadan i w zakladce Procesy, zobacz co wykorzystuje procesor (CPU) w 100%

to tak na poczatek. i koniecznie logi z ^^

Edytowane 20 czerwca 2009 przez m.f.d

[hanki]

Korzystam teraz tylko z mozilli bo ona jako jedyna najmniejsze problemy sprawia. Mając Opere nie moglam sie nigdzie zalogowac nie wspominając o ie który notorycznie mi sie ścinał.

biorę się za ten menadżer zadań teraz.

[Mateusz J.]

A czy inne pliki, tzn. nie exe działają?

Np jakieś mp3 da się uruchomić?

[hanki]

m.f.d chyba cos pochrzaniłam, nie jestem pewna- 99-proces bezczynnosci SYSTEM i 1 taskmgr.exe

jesiona- tylko te pliki nie dzialają. z innymi nie mam problemu..

[m.f.d]

ok o to chodzi : )

zobacz teraz co w msconfig slychac, to tak odnoscnie punktu 1.

w starcie moze byc duzo programow ktore musza sie uruchomic i stad zamulka na samym poczatku.

2. wlacz menadzer urzadzen i w kontrolerach uniwersalnej magistrali szeregowej odinstaluj usb.

system zapyta o ponowne uruchomienie komputera wybierz nie, a nastepnie kliknij na gorze ikonke szukaj zmian sprzetu (cos takiego), system powinien automatycznie zaktalizowac sterowniki.

3. nigdy siwetnie nie dzialalo : )

4. czekamy na logi..

5. no idea

6. uruchom speedfan na stale i monitoruj temperature co jakis czas.

menadzer urzadzen i zakladke procesow juz znasz, jesli temperatura zacznie wzrastac, uruchamiasz menadzer zadan i sprawdzasz co 'zrzera' zasoby procesora, klik prawym zamknij proces.

jak zaobserujesz co to bedzie daj znac.

czy osoba wymieniajaca paste zna sie na tym?

Edytowane 20 czerwca 2009 przez m.f.d

[hanki]

1. msconfig włączyła się jeszcze opcja 'ctfmon'

2. zrobiłam ze sterownikami i klapa. Dalej nie działają.Co do wykonania tej czynności, to nie było nic o ponownym uruchomieniu komp. nie zapytał.

3. jak mam zrobić logi? nie moge uruchomić tych 2 ;/

4. będę sprawdzać w speedfanie temp, póki co grzeje się a nic nie prosi się o zakończenie procesu.

5. osobnik ten zna się na tym, przynajmniej tak twierdzi, a ja mu wierze

6. Przypomniała mi się jeszcze jedna rzecz- postaram się to jakoś opisać- jak coś robię na komputerze np mam otwarty notatnik (niech to będzie przykład) to jest na pierwszym planie, a co parę minut np w trakcie pisania czy bezczynności itd coś mnie wywala na dalszy plan, chodzi mi o to że nic nie pojawia się na ekranie ale mój notatnik nie jest 'podświetlony'- rozumiesz?

Edytowane 21 czerwca 2009 przez hanki_make_me_funky

[Mateusz J.]

Spróbuj wykonać log z: http://www.forumpc.pl/index.php?showtopic=72102

[hanki]

AAA! udało sie

info.txt logfile of random's system information tool 1.06 2009-06-21 15:51:24======Uninstall list======-->C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL-->C:\Program Files\PC Tools AntiVirus\unins000.exe /LOG-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL-->C:\WINDOWS\UNRecode.exe /UNINSTALL-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5AAFE9B0-B60B-4B12-B22D-6B15507502E5}\Setup.exe" -l0x9 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{99CDAF0C-AF5D-422F-B469-33048A949994}\setup.exe" -l0x9 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{99CDAF0C-AF5D-422F-B469-33048A949994}\setup.exe" -l0x9  /remove-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9E54F486-CD4A-44A5-B041-16D4E1E56A53}\setup.exe" -l0x9 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9E54F486-CD4A-44A5-B041-16D4E1E56A53}\setup.exe" -l0x9  /remove-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9 -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.infAdobe Acrobat 5.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"Adobe Bridge 1.0-->MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exeAdobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exeAdobe Help Center 1.0-->MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}Adobe Photoshop CS2-->msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}Adobe Reader 7.0.5 - Polish-->MsiExec.exe /I{AC76BA86-7AD7-1045-7B44-A70500000002}Adobe Shockwave Player-->C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.logAdobe Stock Photos 1.0-->MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}ALLPlayer V3.X-->"C:\Program Files\MarBit\ALLPlayer\unins000.exe"Apple Software Update-->MsiExec.exe /I{55FA89BD-21D3-42F7-9249-C94C0094A83C}Archiwizator WinRAR-->C:\Program Files\WinRAR\uninstall.exeAsk Toolbar-->rundll32 C:\PROGRA~1\AskTBar\bar\1.bin\AskTBar.dll,O Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"Creative MuVo V200-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{903EC56F-EA7E-4309-B0E6-9F1AE22FCC08}\SETUP.EXE" -l0x9  /removeCreative System Information-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9  /removeDivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGINGadu-Gadu 7.7-->C:\Program Files\Gadu-Gadu\Setup.exeHigh Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstallHotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall  /qb+ REBOOTPROMPT=""Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"Hotfix for Windows XP (KB935448)-->"C:\WINDOWS\$NtUninstallKB935448$\spuninst\spuninst.exe"Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"Intel? Graphics Media Accelerator Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_27A6 PCI\VEN_8086&DEV_27A2IrfanView (remove only)-->C:\Program Files\IrfanView\iv_uninstall.exeJava SE Runtime Environment 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}Kaspersky Online Scanner-->C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exeK-Lite Codec Pack 3.9.5 (Full)-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"LiveUpdate 2.7 (Symantec Corporation)-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /ULiveUpdate Notice (Symantec Corporation)-->MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}Localization Pack for Microsoft Windows XP Media Center Edition-->MsiExec.exe /I{D9ECBC61-0D76-4EDD-8D46-BB2BB0A02108}Longman Slownik Wspólczesny-->C:\Program Files\Longman\ldsw\Setup.exe /uMacromedia Flash Player 8-->MsiExec.exe /X{5E8A1B08-0FBD-4543-9646-F2C2D0D05750}MCE Software Encoder 1.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7655E113-C306-11D9-A373-0050BAE317E1}\Setup.exe"  -uninstallMediaBar 2.0-->C:\Program Files\iMesh Applications\iMesh MediaBar\Uninstall.exeMetaFrame Presentation Server Web Client for Win32-->RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\wficat.inf,DefaultUninstallMicrosoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"Microsoft .NET Framework 1.1 Polish Language Pack-->MsiExec.exe /X{64CB2553-C109-4132-AA51-1F421B515FD1}Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - PLK-->MsiExec.exe /I{2AFF2951-86B1-3C53-B34D-B440F11E7D0A}Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - PLK-->MsiExec.exe /I{5A0DDC27-88E5-3CAD-BC3D-28FFD05CA6B9}Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}Microsoft .NET Framework 3.5 Language Pack SP1 - plk-->MsiExec.exe /I{9EFDFBA8-9174-3C61-8645-28376C5CA994}Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exeMicrosoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"Microsoft Office 2000 Premium-->MsiExec.exe /I{00000415-78E1-11D2-B60F-006097C998E7}Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729-->MsiExec.exe /X{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}Motorola SM56 Data Fax Modem-->rundll32.exe sm56co.dll,SM56UnInstallerMozilla Firefox (3.0.11)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exeMSVC80_x86-->MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27}MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}Music Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5AFA4872-16B2-419E-ADCA-8E96E739115D}\setup.exe" -l0x9 MuVo Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5AAFE9B0-B60B-4B12-B22D-6B15507502E5}\Setup.exe" -l0x9  /removeMy Global Search Bar-->rundll32 C:\PROGRA~1\MYGLOB~1\bar\1.bin\mgsBar.dll,O Nero 7 Demo-->MsiExec.exe /I{BC85DD5F-1E88-4E38-B77F-0371DFD41045}Nowe Gadu-Gadu-->C:\Program Files\Nowe Gadu-Gadu\Uninstall.exeO2Micro Flash Memory Card Windows Driver V2.04-->c:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{EB1B0104-6A57-446F-B855-FDF49151BE0C} /l1033 Odyssey Client for Fujitsu Siemens Computers-->MsiExec.exe /X{EFE315FB-CCE1-4678-87E1-77BF62D49301}Pakiet jezykowy programu Microsoft .NET Framework 3.5 z dodatkiem SP1 ? PLK-->c:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - plk\setup.exePC Tools AntiVirus 5.0-->"C:\Program Files\PC Tools AntiVirus\unins000.exe"Picasa 3-->"C:\Program Files\Google\Picasa3\Uninstall.exe"PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe"  -uninstallReal Alternative 1.50-->"C:\Program Files\Real Alternative\unins000.exe"Realtek High Definition Audio Driver-->RtlUpd.exe -r -mSecurity Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"Security Update for Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"Security Update for Windows XP (KB944338-v2)-->"C:\WINDOWS\$NtUninstallKB944338-v2$\spuninst\spuninst.exe"Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"Security Update for Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"Security Update for Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"Sony Noise Reduction Plug-In 2.0h-->MsiExec.exe /X{06A1BE8A-4CA4-4A39-B9E4-E815AA8FE05C}SpeedFan (remove only)-->"C:\Program Files\SpeedFan\uninstall.exe"SubEdit-Player-->"C:\Program Files\SubEdit-Player\unins000.exe"Symantec KB-DocID:2003093015493306-->MsiExec.exe /I{08C5815C-2C6E-44f8-8748-0E61BC9AFB68}Total Commander (Remove or Repair)-->c:\totalcmd\tcuninst.exeUpdate for Windows XP (KB904942)-->"C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"Update for Windows XP (KB925720)-->"C:\WINDOWS\$NtUninstallKB925720$\spuninst\spuninst.exe"Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"Update Rollup 2 for Windows XP Media Center Edition 2005-->C:\WINDOWS\$NtUninstallKB900325$\spuninst\spuninst.exeVC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}Winamp (remove only)-->"C:\Program Files\Winamp\UninstWA.exe"Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAllWindows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}Windows Messenger 5.1 MUI Pack-->MsiExec.exe /I{F3CBA4E6-436E-4B51-9651-93830EE38616}Windows Messenger 5.1-->MsiExec.exe /I{9D1C26BD-E792-4159-9D16-07EA222D8EF0}Windows XP Hotfix - KB883667-->C:\WINDOWS\$NtUninstallKB883667$\spuninst\spuninst.exeWindows XP Hotfix - KB885884-->C:\WINDOWS\$NtUninstallKB885884$\spuninst\spuninst.exeXML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"======Security center information======AV: PC Tools AntiVirus 5.0.1.1 (disabled)FW: Norton Internet Worm Protection (disabled)======System event log======Computer Name: MAGDALENAEvent Code: 51Message: Podczas operacji stronicowania wykryto blad urzadzenia \Device\Harddisk0\D.Record Number: 11589Source Name: DiskTime Written: 20090614200548.000000+120Event Type: warningUser: Computer Name: MAGDALENAEvent Code: 51Message: Podczas operacji stronicowania wykryto blad urzadzenia \Device\Harddisk0\D.Record Number: 11588Source Name: DiskTime Written: 20090614200548.000000+120Event Type: warningUser: Computer Name: MAGDALENAEvent Code: 51Message: Podczas operacji stronicowania wykryto blad urzadzenia \Device\Harddisk0\D.Record Number: 11587Source Name: DiskTime Written: 20090614200548.000000+120Event Type: warningUser: Computer Name: MAGDALENAEvent Code: 51Message: Podczas operacji stronicowania wykryto blad urzadzenia \Device\Harddisk0\D.Record Number: 11586Source Name: DiskTime Written: 20090614200548.000000+120Event Type: warningUser: Computer Name: MAGDALENAEvent Code: 4Message: Sterownik wykryl blad wewnetrzny w swoich strukturach danych dla .Record Number: 11584Source Name: sptdTime Written: 20090614200548.000000+120Event Type: errorUser: =====Application event log=====Computer Name: MAGDALENAEvent Code: 1000Message: Aplikacja powodujaca blad wmplayer.exe, wersja 10.0.0.3931, modul powodujacy blad ndparser.ax, wersja 4.2.1.0, adres bledu 0x00003bb6.Record Number: 68Source Name: Application ErrorTime Written: 20081223094423.000000+060Event Type: errorUser: Computer Name: MAGDALENAEvent Code: 4689Message: Srodowisko czasu wykonania wykrylo niespójnosc swego stanu wewnetrznego. Wskazuje to na potencjalna niestabilnosc procesu, która mogla zostac spowodowana przez dzialajace w aplikacji COM+ skladniki uzytkownika, uzywane przez nie skladniki lub inne czynniki. Blad w f:\xpsp3\com\com1x\src\comsvcs\package\cpackage.cpp(1184), hr = 8007041f: InitEventCollector failedRecord Number: 64Source Name: COM+Time Written: 20081220154315.000000+060Event Type: errorUser: Computer Name: MAGDALENAEvent Code: 4689Message: Srodowisko czasu wykonania wykrylo niespójnosc swego stanu wewnetrznego. Wskazuje to na potencjalna niestabilnosc procesu, która mogla zostac spowodowana przez dzialajace w aplikacji COM+ skladniki uzytkownika, uzywane przez nie skladniki lub inne czynniki. Blad w f:\xpsp3\com\com1x\src\comsvcs\package\cpackage.cpp(1184), hr = 8007041f: InitEventCollector failedRecord Number: 38Source Name: COM+Time Written: 20081215154237.000000+060Event Type: errorUser: Computer Name: MAGDALENAEvent Code: 1000Message: Aplikacja powodujaca blad firefox.exe, wersja 1.9.0.3224, modul powodujacy blad firefox.exe, wersja 1.9.0.3224, adres bledu 0x0003004f.Record Number: 21Source Name: Application ErrorTime Written: 20081214145631.000000+060Event Type: errorUser: Computer Name: MAGDALENAEvent Code: 4689Message: Srodowisko czasu wykonania wykrylo niespójnosc swego stanu wewnetrznego. Wskazuje to na potencjalna niestabilnosc procesu, która mogla zostac spowodowana przez dzialajace w aplikacji COM+ skladniki uzytkownika, uzywane przez nie skladniki lub inne czynniki. Blad w f:\xpsp3\com\com1x\src\comsvcs\package\cpackage.cpp(1184), hr = 8007041f: InitEventCollector failedRecord Number: 5Source Name: COM+Time Written: 20081213080642.000000+060Event Type: errorUser: ======Environment variables======"ComSpec"=%SystemRoot%\system32\cmd.exe"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\WBEM;C:\Program Files\Common Files\Adobe\AGL"windir"=%SystemRoot%"FP_NO_HOST_CHECK"=NO"OS"=Windows_NT"PROCESSOR_ARCHITECTURE"=x86"PROCESSOR_LEVEL"=6"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 6, GenuineIntel"PROCESSOR_REVISION"=0f06"NUMBER_OF_PROCESSORS"=2"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH"TEMP"=%SystemRoot%\TEMP"TMP"=%SystemRoot%\TEMP-----------------EOF-----------------

DRUGI:

Logfile of random's system information tool 1.06 (written by random/random)Run by Madzienka at 2009-06-21 15:51:05Microsoft Windows XP Professional Service Pack 2System drive C: has 59 GB (52%) free of 114 GBTotal RAM: 1014 MB (52% free)Logfile of Trend Micro HijackThis v2.0.2Scan saved at 15:51:21, on 2009-06-21Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\odClientService.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exec:\WINDOWS\system32\o2flash.exeC:\Program Files\PC Tools AntiVirus\PCTAVSvc.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exeC:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeC:\WINDOWS\RTHDCPL.EXEC:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exeC:\WINDOWS\system32\dllhost.exeC:\Program Files\Internet Explorer\Iexplore.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Documents and Settings\Madzienka\Desktop\RSIT.exeC:\Program Files\trend micro\Madzienka.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Hacked by GodzillaR3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system\svchost.exeO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocxO2 - BHO: (no name) - {37B85A21-692B-4205-9CAD-2626E4993404} - (no file)O2 - BHO: UrlHelper Class - {474597C5-AB09-49d6-A4D5-2E8D7341384E} - C:\Program Files\iMesh Applications\iMesh MediaBar\iMeshIEHelper.dll (file missing)O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dllO2 - BHO: (no name) - {F10587E9-0E47-4CBE-ABCD-7DD20B862223} - (no file)O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - (no file)O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - (no file)O3 - Toolbar: (no name) - {37B85A29-692B-4205-9CAD-2626E4993404} - (no file)O3 - Toolbar: (no name) - {B7D3E479-CC68-42B5-A338-938ECE35F419} - (no file)O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXEO4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXEO4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dllO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dllO12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dllO15 - Trusted Zone: *.gpsguardian.plO15 - Trusted Zone: *.rikaline-gps.plO16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virussca...can_unicode.cabO16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175/7d/ru...cat-no-eula.cabO16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwa...ash/swflash.cabO23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exeO23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exeO23 - Service: O2Micro Flash Memory (O2Flash) - Unknown owner - c:\WINDOWS\system32\o2flash.exeO23 - Service: Odyssey Client for Fujitsu Siemens Computers (odClientService) - Funk Software, Inc. - C:\Program Files\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\odClientService.exeO23 - Service: PC Tools AntiVirus Engine (PCTAVSvc) - PC Tools Research Pty Ltd - C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exeO23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe--End of file - 6460 bytes======Registry dump======[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-03-02 37808][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{37B85A21-692B-4205-9CAD-2626E4993404}][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{474597C5-AB09-49d6-A4D5-2E8D7341384E}]UrlHelper Class - C:\Program Files\iMesh Applications\iMesh MediaBar\iMeshIEHelper.dll [][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]SSVHelper Class - C:\Program Files\Java\jre1.6.0\bin\ssv.dll [2007-02-07 487424][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F10587E9-0E47-4CBE-ABCD-7DD20B862223}][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FE063DB1-4EC0-403e-8DD8-394C54984B2C}]Ask Toolbar BHO[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]{FE063DB9-4EC0-403e-8DD8-394C54984B2C} -  []{37B85A29-692B-4205-9CAD-2626E4993404}{B7D3E479-CC68-42B5-A338-938ECE35F419}[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]"Symantec PIF AlertEng"=C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2007-03-12 517768]"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-09-06 16262656]"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632][HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2005-10-28 94208]"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-10 15360][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe [2005-10-28 94208][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]C:\WINDOWS\system32\ctfmon.exe [2004-08-10 15360][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]C:\Program Files\DAEMON Tools\daemon.exe [2006-11-12 157592][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DaemonTools_WhenUSave_Installer] [][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]C:\WINDOWS\ehome\ehtray.exe [2005-08-05 64512][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\I downloaded pirated Software from P2P ]Need for Speed Carbon [][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]C:\WINDOWS\system32\hkcmd.exe [2006-03-23 77824][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]C:\WINDOWS\system32\igfxpers.exe [2006-03-23 118784][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]C:\WINDOWS\system32\igfxtray.exe [2006-03-23 94208][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]C:\WINDOWS\system32\dumprep 0 -k [][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechRegisterVideoApplications] [][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]C:\Program Files\Logitech\Video\ManifestEngine.exe boot [][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]C:\Program Files\Logitech\Video\ISStart.exe  [][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray] [][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]C:\WINDOWS\system32\LVCOMSX.EXE [2005-07-19 221184][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] [][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nowe Gadu-Gadu]C:\Program Files\Nowe Gadu-Gadu\gg.exe [2009-02-27 9339496][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OdTray.exe]C:\Program Files\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\OdTray.exe [2005-05-18 1015871][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCTAVApp]C:\Program Files\PC Tools AntiVirus\PCTAV.exe [2008-12-04 1370000][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2005-04-15 45056][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]C:\WINDOWS\sm56hlpr.exe [2006-01-20 544768][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]C:\Program Files\Java\jre1.6.0\bin\jusched.exe [2007-02-07 57344][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2009]C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S [][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [2005-09-24 29696][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]C:\PROGRA~1\MICROS~2\Office10\OSA.EXE -b -l [][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Madzienka^Start Menu^Programs^Startup^Adobe Gamma.lnk]C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [2005-03-16 113664][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]C:\WINDOWS\system32\igfxdev.dll [2006-03-23 139264][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\OdysseyClient]C:\WINDOWS\system32\odyEvent.dll [2007-02-06 106496][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]"authentication packages"=msv1_0nwprovau[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PCTAVSvc][HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]"dontdisplaylastusername"=0"legalnoticecaption"="legalnoticetext"="shutdownwithoutlogon"=1"undockwithoutlogon"=1"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]"NoDriveTypeAutoRun"=255[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]"HonorAutoRunSetting"=[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000""%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019""C:\Program Files\uTorrent\utorrent.exe"="C:\Program Files\uTorrent\utorrent.exe:*:Enabled:?Torrent"[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000""%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8ccff2a4-45e4-11dd-9960-0018de741226}]shell\AutoRun\command - d.cmdshell\explore\command - d.cmdshell\open\command - d.cmd[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8ed3eb1c-cacc-11dd-99e7-00030d509f6a}]shell\AutoRun\command - H:\b.comshell\explore\command - H:\b.comshell\open\command - H:\b.com[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{befa15d8-36db-11dd-9945-00030d509f6a}]shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs======List of files/folders created in the last 1 months======2009-06-21 15:51:06 ----D---- C:\Program Files\trend micro2009-06-21 15:51:05 ----D---- C:\rsit2009-06-20 18:42:53 ----D---- C:\Program Files\Lavalys2009-06-17 18:13:02 ----D---- C:\Program Files\Alwil Software2009-06-16 22:30:36 ----DC---- C:\WINDOWS\system32\DRVSTORE2009-06-16 22:30:32 ----A---- C:\WINDOWS\system32\nmwcdcls.dll2009-06-16 22:30:31 ----SHD---- C:\Config.Msi2009-06-16 22:30:31 ----D---- C:\Program Files\Nokia2009-06-16 22:29:15 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Installations2009-05-30 11:13:58 ----D---- C:\Documents and Settings\Madzienka\Application Data\OD22009-05-25 19:21:54 ----D---- C:\Program Files\Common Files\DivX Shared======List of files/folders modified in the last 1 months======2009-06-21 15:51:06 ----RD---- C:\Program Files2009-06-21 15:48:35 ----D---- C:\Program Files\Mozilla Firefox2009-06-21 15:08:25 ----D---- C:\WINDOWS\Temp2009-06-21 15:08:25 ----D---- C:\WINDOWS\Registration2009-06-21 15:08:24 ----A---- C:\WINDOWS\ModemLog_Motorola SM56 Data Fax Modem.txt2009-06-21 15:08:23 ----D---- C:\Program Files\PC Tools AntiVirus2009-06-21 15:08:03 ----D---- C:\WINDOWS2009-06-21 12:29:37 ----A---- C:\WINDOWS\SchedLgU.Txt2009-06-21 08:33:09 ----D---- C:\Program Files\SpeedFan2009-06-21 08:25:51 ----D---- C:\WINDOWS\system32\CatRoot22009-06-21 08:21:26 ----D---- C:\WINDOWS\system32\NtmsData2009-06-21 08:20:12 ----SH---- C:\boot.ini2009-06-21 08:20:12 ----A---- C:\WINDOWS\win.ini2009-06-21 08:20:12 ----A---- C:\WINDOWS\system.ini2009-06-21 08:08:28 ----AD---- C:\Documents and Settings\All Users\Dane aplikacji\TEMP2009-06-20 23:59:23 ----A---- C:\WINDOWS\ntbtlog.txt2009-06-20 21:26:08 ----SHD---- C:\WINDOWS\Installer2009-06-20 20:37:15 ----D---- C:\WINDOWS\Prefetch2009-06-20 17:31:32 ----D---- C:\instalki2009-06-19 09:50:30 ----D---- C:\WINDOWS\system32\FxsTmp2009-06-17 20:32:32 ----A---- C:\WINDOWS\NeroDigital.ini2009-06-17 19:46:36 ----AD---- C:\WINDOWS\system322009-06-17 19:46:33 ----D---- C:\WINDOWS\system32\drivers2009-06-17 19:42:07 ----D---- C:\WINDOWS\system32\config2009-06-08 20:16:33 ----D---- C:\Documents and Settings\Madzienka\Application Data\Nowe Gadu-Gadu2009-05-25 19:22:04 ----D---- C:\Program Files\DivX2009-05-25 19:21:54 ----D---- C:\Program Files\Common Files======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-10 36096]R1 WS2IFSL;Srodowisko wspomagajace dostawce uslug innych niz IFS - Windows Socket 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-10 12032]R2 AVFilter;AVFilter; C:\WINDOWS\system32\drivers\AVFilter.sys [2008-02-12 21904]R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS Compatible Transport Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2004-08-10 88448]R2 NwlnkNb;NWLink NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2004-08-10 63232]R2 NwlnkSpx;NWLink SPX/SPXII Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2004-08-10 55936]R2 symlcbrd;symlcbrd; \??\C:\WINDOWS\system32\drivers\symlcbrd.sys []R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-10 60800]R3 AVHook;AVHook; C:\WINDOWS\system32\drivers\AVHook.sys [2007-12-06 28568]R3 AVRec;AVRec; C:\WINDOWS\system32\drivers\AVRec.sys [2007-12-06 21912]R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-10 14080]R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2006-03-23 1166972]R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-09-06 4377600]R3 NETw3x32;Sterownik karty Intel? PRO/Wireless 3945ABG dla systemu Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw3x32.sys [2006-09-27 1709696]R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-10 61824]R3 NWRDR;NetWare Rdr; C:\WINDOWS\system32\DRIVERS\nwrdr.sys [2004-08-10 163584]R3 odysseyIM4;Odyssey Network Agent Miniport; C:\WINDOWS\system32\DRIVERS\odysseyIM4.sys [2005-05-18 173056]R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2006-02-27 81408]R3 smserial;smserial; C:\WINDOWS\system32\DRIVERS\smserial.sys [2006-01-20 862340]R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-10 26624]R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-10 57600]R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-10 20480]S1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys []S1 InCDRm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys []S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-04 17024]S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2004-08-10 9600]S3 Lvckap;Logitech Kernel Audio Processing Filter Driver; \??\C:\WINDOWS\system32\drivers\Lvckap.sys []S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\lvusbsta.sys [2005-05-27 22016]S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-10 12160]S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-10 10880]S3 PCANDIS5;PCANDIS5 Protocol Driver; \??\C:\WINDOWS\system32\PCANDIS5.SYS []S3 PID_0928;Logitech QuickCam Express(PID_0928); C:\WINDOWS\system32\DRIVERS\LV561AV.SYS [2005-01-31 211712]S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]S3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2004-08-10 67584]S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-10 11136]S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-10 15360]S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-10 31616]S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-10 26496]S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]S3 ZDCndis5;ZDCndis5 Protocol Driver; \??\C:\WINDOWS\system32\ZDCndis5.SYS []S3 ZDPSp50;ZDPSp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\ZDPSp50.sys []S4 InCDFs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys []======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======R2 ehRecvr;Usluga Odbiornik Media Center; C:\WINDOWS\eHome\ehRecvr.exe [2006-06-29 237568]R2 ehSched;Usluga Planowanie nagrywania; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]R2 LiveUpdate Notice Service;LiveUpdate Notice Service; C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2007-03-12 517768]R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2001-02-23 270336]R2 NWCWorkstation;Client Service for NetWare; C:\WINDOWS\system32\svchost.exe [2004-08-10 14336]R2 O2Flash;O2Micro Flash Memory; c:\WINDOWS\system32\o2flash.exe [2005-01-27 36864]R2 odClientService;Odyssey Client for Fujitsu Siemens Computers; C:\Program Files\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\odClientService.exe [2005-05-18 208896]R2 PCTAVSvc;PC Tools AntiVirus Engine; C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe [2008-12-03 999640]R2 Symantec Core LC;Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [2007-09-19 1174152]S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-10 267776]S2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-06-07 72704]S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-04 136120]S3 IDriverT;InstallDriver Table Manager; c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2004-08-10 14336]S3 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-09-22 38912]S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]-----------------EOF-----------------

Edytowane 21 czerwca 2009 przez hanki_make_me_funky

[Gość]

Pokaż log z OTL + DDS >>> KLIK.

.

[hanki]

DDS (Ver_09-05-14.01) - NTFSx86  Run by Madzienka at 13:49:56,71 on 2009-06-22Internet Explorer: 6.0.2900.2180Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.1014.456 [GMT 2:00]AV: PC Tools AntiVirus 5.0.1.1 *On-access scanning disabled* (Updated)   {832E7172-E406-4bb2-8B19-6D29F2C93A98}FW: Norton Internet Worm Protection *disabled*   {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}============== Running Processes ===============C:\WINDOWS\system32\savedump.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\Program Files\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\odClientService.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Internet Explorer\Iexplore.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exec:\WINDOWS\system32\o2flash.exeC:\Program Files\PC Tools AntiVirus\PCTAVSvc.exeC:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exeC:\WINDOWS\RTHDCPL.EXEC:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exeC:\WINDOWS\system32\svchost.exe -k imgsvcC:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeC:\WINDOWS\system32\dllhost.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\WINDOWS\system32\wuauclt.exeC:\Program Files\Nowe Gadu-Gadu\gg.exeC:\Program Files\Nowe Gadu-Gadu\spellchecker_gg.exeC:\Documents and Settings\Madzienka\Desktop\syf na kompie\dds.pif============== Pseudo HJT Report ===============uStart Page = hxxp://www.google.pl/uWindow Title = Hacked by GodzillauURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system\svchost.exeBHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 5.0\reader\activex\AcroIEHelper.ocxBHO: {37B85A21-692B-4205-9CAD-2626E4993404} - No FileBHO: UrlHelper Class: {474597c5-ab09-49d6-a4d5-2e8d7341384e} - c:\program files\imesh applications\imesh mediabar\iMeshIEHelper.dllBHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0\bin\ssv.dllBHO: {F10587E9-0E47-4CBE-ABCD-7DD20B862223} - No FileBHO: {fe063db1-4ec0-403e-8dd8-394c54984b2c} - Ask Toolbar BHOTB: Ask Toolbar: {fe063db9-4ec0-403e-8dd8-394c54984b2c} - TB: {37B85A29-692B-4205-9CAD-2626E4993404} - No FileTB: {B7D3E479-CC68-42B5-A338-938ECE35F419} - No FileTB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No FileuRun: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exemRun: [symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"mRun: [RTHDCPL] RTHDCPL.EXEmRun: [Alcmtr] ALCMTR.EXEdRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exeIE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200IE: E&ksport do programu Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exeIE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exeIE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\ssv.dllLSP: c:\program files\common files\pc tools\lsp\PCTLsp.dllTrusted Zone: gpsguardian.plTrusted Zone: rikaline-gps.plDPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} - hxxp://www.kaspersky.pl/resources/virusscanner/kavwebscan_unicode.cabDPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} - hxxp://a516.g.akamai.net/f/516/25175/7d/runaware.download.akamai.com/25175/citrix/wficat-no-eula.cabDPF: {68282C51-9459-467B-95BF-3C0E89627E55} - hxxp://www.mks.com.pl/skaner/SkanerOnline.cabDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cabDPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cabNotify: igfxcui - igfxdev.dllNotify: OdysseyClient - odyEvent.dllLSA: Authentication Packages = msv1_0 nwprovau================= FIREFOX ===================FF - ProfilePath - c:\docume~1\madzie~1\applic~1\mozilla\firefox\profiles\u6l8tt0x.default\FF - plugin: c:\program files\google\picasa3\npPicasa3.dllFF - plugin: c:\program files\java\jre1.6.0\bin\npdeploytk.dllFF - plugin: c:\program files\java\jre1.6.0\bin\npjava11.dllFF - plugin: c:\program files\java\jre1.6.0\bin\npjava12.dllFF - plugin: c:\program files\java\jre1.6.0\bin\npjava13.dllFF - plugin: c:\program files\java\jre1.6.0\bin\npjava14.dllFF - plugin: c:\program files\java\jre1.6.0\bin\npjava32.dllFF - plugin: c:\program files\java\jre1.6.0\bin\npjpi160.dllFF - plugin: c:\program files\java\jre1.6.0\bin\npoji610.dllFF - plugin: c:\program files\mozilla firefox\plugins\NPBOARDS.dllFF - plugin: c:\program files\mozilla firefox\plugins\NPMAHJONG.dllFF - plugin: c:\program files\mozilla firefox\plugins\NPMARBLES.dllFF - plugin: c:\program files\mozilla firefox\plugins\NPMyGlSh.dllFF - plugin: c:\program files\mozilla firefox\plugins\NPSUDOKU.dll============= SERVICES / DRIVERS ===============R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2006-2-27 34880]R0 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2006-2-20 29056]R2 AVFilter;AVFilter;c:\windows\system32\drivers\AVFilter.sys [2007-10-15 21904]R2 PCTAVSvc;PC Tools AntiVirus Engine;c:\program files\pc tools antivirus\PCTAVSvc.exe [2007-10-15 999640]R2 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2007-2-6 1174152]R3 AVHook;AVHook;c:\windows\system32\drivers\AVHook.sys [2007-10-15 28568]S2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]S3 ZDCndis5;ZDCndis5 Protocol Driver;\??\c:\windows\system32\zdcndis5.sys --> c:\windows\system32\ZDCndis5.SYS [?]=============== Created Last 30 ================2009-06-22 13:48	<DIR>	--d-h---	c:\windows\PIF2009-06-21 15:51	<DIR>	--d-----	c:\program files\trend micro2009-06-20 18:42	<DIR>	--d-----	c:\program files\Lavalys2009-06-16 22:30	90,624	a-------	c:\windows\system32\nmwcdcls.dll2009-06-16 22:30	<DIR>	--d-----	c:\program files\Nokia2009-05-30 11:13	<DIR>	--d-----	c:\docume~1\madzie~1\applic~1\OD22009-05-25 19:21	<DIR>	--d-----	c:\program files\common files\DivX Shared==================== Find3M  ====================2009-03-24 23:22	28,260	a---h---	c:\windows\system32\mlfcache.dat2007-04-12 11:06	0	ac------	c:\program files\secure32.html2007-04-12 11:06	0	a-------	c:\program files\cqwydcgt.exe2006-07-18 14:41	1,019,094	a--shr--	c:\program files\serial.zip2006-07-18 14:41	1,019,094	a--shr--	c:\program files\serial.tde2006-05-28 17:46	397,306	ac-shr--	c:\program files\wunauclt.zip2006-05-28 17:46	397,306	a--shr--	c:\program files\wunauclt.tbe2006-12-06 13:07	0	ac-shr--	c:\windows\system\_sv_cmd_\U.exe============= FINISH: 13:50:51,12 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH ITDDS (Ver_09-05-14.01)Microsoft Windows XP ProfessionalBoot Device: \Device\HarddiskVolume1Install Date: 2009-03-05 21:20:04System Uptime: 2009-06-22 13:45:11 (0 hours ago)Motherboard: FUJITSU SIEMENS |  | AMILO Pi 1505Processor: Intel® Core2 CPU		 T5200  @ 1.60GHz | U2E1 | 800/mhzProcessor: Intel® Core2 CPU		 T5200  @ 1.60GHz | U2E1 | 800/mhz==== Disk Partitions =========================C: is FIXED (NTFS) - 112 GiB total, 57,699 GiB free.D: is CDROM ()==== Disabled Device Manager Items ================= System Restore Points ===================RP1: 2009-03-05 23:02:02 - Software Distribution Service 3.0RP2: 2009-03-06 08:19:00 - Zainstalowano: Opera 9.64RP3: 2009-03-06 09:00:18 - Software Distribution Service 3.0RP4: 2009-03-06 14:11:47 - Software Distribution Service 3.0RP5: 2009-03-06 20:20:40 - Software Distribution Service 3.0RP6: 2009-03-06 20:23:11 - Installed Windows XP KB915865.RP7: 2009-03-06 20:23:54 - Installed Windows NLSDownlevelMapping.RP8: 2009-03-06 20:24:25 - Installed Windows IDNMitigationAPIs.RP9: 2009-03-06 20:24:56 - Zainstalowany program Windows Internet Explorer 7.RP10: 2009-03-06 20:25:25 - Software Distribution Service 3.0RP11: 2009-03-06 20:53:21 - Software Distribution Service 3.0RP12: 2009-03-06 21:40:47 - Zainstalowane LiveboxRP13: 2009-03-06 21:53:09 - Usuniete LiveboxRP14: 2009-03-06 22:22:16 - Installed LiveboxRP15: 2009-03-08 18:44:02 - Punkt kontrolny systemuRP16: 2009-03-15 07:45:43 - Punkt kontrolny systemuRP17: 2009-03-18 21:14:17 - Punkt kontrolny systemuRP18: 2009-03-20 08:50:39 - Punkt kontrolny systemuRP19: 2009-05-02 14:21:29 - Software Distribution Service 3.0==== Installed Programs ======================Adobe Acrobat 5.0Adobe Bridge 1.0Adobe Common File InstallerAdobe Flash Player 10 PluginAdobe Flash Player ActiveXAdobe Help Center 1.0Adobe Photoshop CS2Adobe Reader 7.0.5 - PolishAdobe Shockwave PlayerAdobe Stock Photos 1.0ALLPlayer V3.XApple Software UpdateArchiwizator WinRARAsk ToolbarAudacity 1.2.6Creative MuVo V200Creative System InformationDivX Web PlayerGadu-Gadu 7.7High Definition Audio Driver Package - KB888111HijackThis 2.0.2Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)Hotfix for Windows XP (KB915865)Hotfix for Windows XP (KB935448)Hotfix for Windows XP (KB952287)Hotfix for Windows XP (KB961118)Intel® Graphics Media Accelerator DriverIrfanView (remove only)Java SE Runtime Environment 6K-Lite Codec Pack 3.9.5 (Full)Kaspersky Online ScannerLiveUpdate 2.7 (Symantec Corporation)LiveUpdate Notice (Symantec Corporation)Localization Pack for Microsoft Windows XP Media Center EditionLongman Slownik WspólczesnyMacromedia Flash Player 8MCE Software Encoder 1.0MediaBar 2.0MetaFrame Presentation Server Web Client for Win32Microsoft .NET Framework 1.1Microsoft .NET Framework 1.1 Hotfix (KB928366)Microsoft .NET Framework 1.1 Polish Language PackMicrosoft .NET Framework 2.0 Service Pack 2Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - PLKMicrosoft .NET Framework 3.0 Service Pack 2Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - PLKMicrosoft .NET Framework 3.5 Language Pack SP1 - plkMicrosoft .NET Framework 3.5 SP1Microsoft Internationalized Domain Names Mitigation APIsMicrosoft National Language Support Downlevel APIsMicrosoft Office 2000 PremiumMicrosoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729Motorola SM56 Data Fax ModemMozilla Firefox (3.0.11)MSVC80_x86MSXML 4.0 SP2 (KB936181)MSXML 4.0 SP2 (KB954430)Music ManagerMuVo DriverMy Global Search BarNero 7 DemoNowe Gadu-GaduO2Micro Flash Memory Card Windows Driver V2.04Odyssey Client for Fujitsu Siemens ComputersPakiet jezykowy programu Microsoft .NET Framework 3.5 z dodatkiem SP1 — PLKPC Tools AntiVirus 5.0Picasa 3PowerDVDReal Alternative 1.50Realtek High Definition Audio DriverSecurity Update for Step By Step Interactive Training (KB898458)Security Update for Windows Internet Explorer 7 (KB938127-v2)Security Update for Windows Internet Explorer 7 (KB938127)Security Update for Windows Internet Explorer 7 (KB956390)Security Update for Windows Internet Explorer 7 (KB961260)Security Update for Windows XP (KB923689)Security Update for Windows XP (KB938464)Security Update for Windows XP (KB941569)Security Update for Windows XP (KB944338-v2)Security Update for Windows XP (KB946648)Security Update for Windows XP (KB950762)Security Update for Windows XP (KB950974)Security Update for Windows XP (KB951066)Security Update for Windows XP (KB951376-v2)Security Update for Windows XP (KB951698)Security Update for Windows XP (KB951748)Security Update for Windows XP (KB952954)Security Update for Windows XP (KB954211)Security Update for Windows XP (KB954600)Security Update for Windows XP (KB955069)Security Update for Windows XP (KB956802)Security Update for Windows XP (KB956803)Security Update for Windows XP (KB956841)Security Update for Windows XP (KB957097)Security Update for Windows XP (KB958215)Security Update for Windows XP (KB958644)Security Update for Windows XP (KB958687)Security Update for Windows XP (KB958690)Security Update for Windows XP (KB960225)Security Update for Windows XP (KB960714)Security Update for Windows XP (KB960715)Software Update for Web FoldersSony Noise Reduction Plug-In 2.0hSpeedFan (remove only)SubEdit-PlayerSymantec KB-DocID:2003093015493306Total Commander (Remove or Repair)Update for Windows XP (KB904942)Update for Windows XP (KB925720)Update for Windows XP (KB955839)Update for Windows XP (KB967715)Update Rollup 2 for Windows XP Media Center Edition 2005VC80CRTRedist - 8.0.50727.762WebFldrs XPWinamp (remove only)Windows Internet Explorer 7Windows Media Format RuntimeWindows Media Player Firefox PluginWindows Messenger 5.1Windows Messenger 5.1 MUI PackWindows XP Hotfix - KB883667Windows XP Hotfix - KB885884XML Paper Specification Shared Components Language Pack 1.0==== End Of File ===========================

[Gość]

W logach nic nie ma.

1. Do Notatnika wklej:

Windows Registry Editor Version 5.00[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2]

Z menu Notatnika >>> Plik >>> Zapisz jako >>> Ustaw rozszerzenie na: "Wszystkie pliki" >>> Zapisz jako FIX.REG>>>

plik uruchom (dwuklik i OK- zgódź się na dodanie do Rejestru).

Zrestartuj komputer.

2. Posprzątaj po DDSi różnych narzędziach >>> OTCleanIt.

3. Przeskanuj obszar mojego komputera http://www.kaspersky.pl/virusscanner.html (uruchom przez IE) Daj raport z niego na forum.

.

[hanki]

1 i 2 punkt zrobiony, dziękuje.

ale co do 3 to nie mogę włączyć żadnego linka w IE :/ wyskakuje mi okienko :

System Windows nie może odnaleźć pliku ''(null)''. Upewnij się że wpisana nazwa jest poprawna i spróbuj ponownie. Aby wyszukać plik, kliknij przycisk Start, a następnie kliknij polecenie Wyszukaj.

po kliknięciu OK włącza sie Firefox i staje :/

_________________________

nie moge nawet po przeinstalowaniu IE otworzyć skanera kasperskiego wiec zdobyłam próbną wersje i nie wiem czy może być ale załączam raport ze skanowania.

Protection----------Total scanned:	4997Detected:	2Untreated:	0Start time:	2009-06-23 22:47:50Duration:	00:20:14Detected--------Status	Object------	------not found: Trojan program Packed.Win32.Tdss.h	File: globalroot\systemroot\system32\UACjxmptcbf.dllnot found: Trojan program Packed.Win32.Tdss.h	File: globalroot\systemroot\system32\UACwuwmecfq.dllEvents------Time	Event----	-----2009-06-22 23:35:15	Kaspersky Anti-Virus is not activated.2009-06-22 23:35:16	A full computer scan has never been performed. You are advised to perform a full scan as soon as possible.2009-06-22 23:35:40	Real-time protection started.2009-06-22 23:35:56	Kaspersky Anti-Virus is not activated.2009-06-22 23:35:56	A full computer scan has never been performed. You are advised to perform a full scan as soon as possible.2009-06-22 23:35:56	Real-time protection started.2009-06-22 23:35:57	Update error: proxy connection error, invalid or inaccessible address.2009-06-22 23:35:57	The threat signatures are obsolete. Your computer is at risk. You are advised to update the signatures immediately.2009-06-22 23:35:58	Update error: proxy connection error, invalid or inaccessible address.2009-06-22 23:35:58	The threat signatures are obsolete. Your computer is at risk. You are advised to update the signatures immediately.2009-06-22 23:44:20	Real-time protection is not running. You are advised to resume protection.2009-06-22 23:45:55	Kaspersky Anti-Virus is not activated.2009-06-22 23:45:56	A full computer scan has never been performed. You are advised to perform a full scan as soon as possible.2009-06-22 23:46:11	Real-time protection started.2009-06-22 23:47:44	Update error: proxy connection error, invalid or inaccessible address.2009-06-22 23:47:44	The threat signatures are obsolete. Your computer is at risk. You are advised to update the signatures immediately.2009-06-23 00:02:33	Please restart your computer to complete the installation of new or updated protection components.2009-06-23 00:02:35	Update completed successfully.2009-06-23 00:03:14	Real-time protection is not running. You are advised to resume protection.2009-06-23 09:33:15	Kaspersky Anti-Virus is not activated.2009-06-23 09:33:16	A full computer scan has never been performed. You are advised to perform a full scan as soon as possible.2009-06-23 09:34:07	Real-time protection started.2009-06-23 09:46:19	Kaspersky Anti-Virus is not activated.2009-06-23 09:46:19	A full computer scan has never been performed. You are advised to perform a full scan as soon as possible.2009-06-23 09:47:17	Real-time protection started.2009-06-23 09:56:50	File globalroot\systemroot\system32\UACjxmptcbf.dll: detected Trojan program 'Packed.Win32.Tdss.h'.2009-06-23 09:56:50	Security threats have been detected. You are advised to neutralize them immediately.2009-06-23 09:56:51	File globalroot\systemroot\system32\UACjxmptcbf.dll: is still infected, object is locked.2009-06-23 09:56:51	File globalroot\systemroot\system32\UACjxmptcbf.dll: detected Trojan program 'Packed.Win32.Tdss.h'.2009-06-23 09:56:51	File globalroot\systemroot\system32\UACjxmptcbf.dll: is still infected, object is locked.2009-06-23 09:58:20	File globalroot\systemroot\system32\UACwuwmecfq.dll: detected Trojan program 'Packed.Win32.Tdss.h'.2009-06-23 09:58:21	File globalroot\systemroot\system32\UACwuwmecfq.dll: is still infected, object is locked.2009-06-23 09:58:21	File globalroot\systemroot\system32\UACwuwmecfq.dll: detected Trojan program 'Packed.Win32.Tdss.h'.2009-06-23 09:58:21	File globalroot\systemroot\system32\UACwuwmecfq.dll: is still infected, object is locked.2009-06-23 10:07:18	Update can not be started because of error: No license2009-06-23 10:27:18	Update can not be started because of error: No license2009-06-23 10:27:55	Kaspersky Anti-Virus is not activated.2009-06-23 10:27:55	A full computer scan has never been performed. You are advised to perform a full scan as soon as possible.2009-06-23 10:27:55	Real-time protection started.2009-06-23 10:29:47	Kaspersky Anti-Virus is not activated.2009-06-23 10:29:47	A full computer scan has never been performed. You are advised to perform a full scan as soon as possible.2009-06-23 10:29:47	Real-time protection started.2009-06-23 10:32:47	File globalroot\systemroot\system32\UACjxmptcbf.dll: detected Trojan program 'Packed.Win32.Tdss.h'.2009-06-23 10:32:47	Security threats have been detected. You are advised to neutralize them immediately.2009-06-23 10:32:47	File globalroot\systemroot\system32\UACjxmptcbf.dll: is still infected, object is locked.2009-06-23 10:33:47	File globalroot\systemroot\system32\UACwuwmecfq.dll: detected Trojan program 'Packed.Win32.Tdss.h'.2009-06-23 10:33:47	File globalroot\systemroot\system32\UACwuwmecfq.dll: is still infected, object is locked.2009-06-23 10:42:42	Update distribution can not be started because of error: No license2009-06-23 10:50:02	Update can not be started because of error: No license2009-06-23 10:59:11	Real-time protection is not running. You are advised to resume protection.2009-06-23 11:57:57	Kaspersky Anti-Virus is not activated.2009-06-23 11:57:57	A full computer scan has never been performed. You are advised to perform a full scan as soon as possible.2009-06-23 11:58:41	Real-time protection started.2009-06-23 12:08:07	Kaspersky Anti-Virus is not activated.2009-06-23 12:08:07	A full computer scan has never been performed. You are advised to perform a full scan as soon as possible.2009-06-23 12:08:26	Real-time protection started.2009-06-23 22:33:33	Kaspersky Anti-Virus is not activated.2009-06-23 22:33:34	A full computer scan has never been performed. You are advised to perform a full scan as soon as possible.2009-06-23 22:34:19	Real-time protection started.2009-06-23 22:37:18	Kaspersky Anti-Virus is not activated.2009-06-23 22:37:18	A full computer scan has never been performed. You are advised to perform a full scan as soon as possible.2009-06-23 22:37:19	Real-time protection started.2009-06-23 22:37:54	Real-time protection is not running. You are advised to resume protection.2009-06-23 22:47:23	A full computer scan has never been performed. You are advised to perform a full scan as soon as possible.2009-06-23 22:47:50	Real-time protection started.2009-06-23 22:51:54	File globalroot\systemroot\system32\UACjxmptcbf.dll: detected Trojan program 'Packed.Win32.Tdss.h'.2009-06-23 22:51:54	Security threats have been detected. You are advised to neutralize them immediately.2009-06-23 22:51:54	File globalroot\systemroot\system32\UACjxmptcbf.dll: is still infected, object is locked.2009-06-23 22:52:54	File globalroot\systemroot\system32\UACwuwmecfq.dll: detected Trojan program 'Packed.Win32.Tdss.h'.2009-06-23 22:52:54	File globalroot\systemroot\system32\UACwuwmecfq.dll: is still infected, object is locked.Reports-------Component	Status	Start	Finish	Size---------	------	-----	------	----Proactive Defense	running	2009-06-23 22:47:50		0 bytesFile Anti-Virus	running	2009-06-23 22:47:50		4.3 KBMail Anti-Virus	running	2009-06-23 22:47:50		0 bytesWeb Anti-Virus	running	2009-06-23 22:47:51		139.0 KBScan	stopped	2009-06-23 22:49:41	2009-06-23 22:50:41	8.3 KBScan critical areas	completed	2009-06-23 22:51:01	2009-06-23 23:05:51	756.6 KBQuarantine----------Status	Object	Size	Added------	------	----	-----Backup------Status	Object	Size------	------	----

Halo halo? Jak usunąć z komputera 'packed.Win32.Tdss.h' jeśli Kaspersky pokazuje, że jest plik zablokowany?

Edytowane 23 czerwca 2009 przez hanki_make_me_funky

[dar55]

nie baw się tylko sformatuj dysk i zainstaluj system

[hanki]

i tu się zaczynają schodki.. raz próbowałam i mi nie wyszło;/ nie da sie w jakiś inny sposób? mam sporo ważnych rzeczy na kompie a pendziora pod USB podłączyć nie mogę a zgranie na płyty zajmie... dużo czasu.. :/

[dar55]

gdzie te dane masz? na C czy D ?

[hanki]

No właśnie na C i to jest JEDYNY dysk jaki mam ;/

[dar55]

dlatego nie lubię lapków

zgraj tylko najwazniejsze dane reszta = format

[hanki]

ehh... tylko to jest kilkdziesiąt tysiecy zdjec i prezentacji ;/ jakieś 60 GB :/ masa;/ dlatego właśnie chciałam go 'wyleczyć', no ale skoro to jedyne wyjście to biorę sie za kopiowanie... Dzięki.

[dar55]

wyjście jest podłaczenie dyski lapka 2,5 pod PC i skopiowanie , ale istnieje sznasa zarażenia PC więc nie ma sensu

[hanki]

Myślałam już nad tym i udało mi się usunąć sporą część, którą jestem w stanie odzyskać od źródeł, więc pozostaje skopiowanie na płytki najważniejszych rzeczy i hmm... format.. ale... hm.. jak go zrobić dobrze ? Na jakieś wskazówki ew. link mogłabym liczyć,prosze?

[dar55]

http://www.forumpc.pl/index.php?showtopic=44815

[hanki]

Ok, dziękuję jutro po egzaminach zacznę szponcić z tym, jakby co to będę pisać