szczwany_lis utworzono 13 czerwca 2009 utworzono 13 czerwca 2009 Witam W Menedzerze zadan mam wyswetlony nastepujacy proces: Svchost C:/Windows/system/svchost.exe Dowiedzialem sie ze to jest trojan. Mozecie mi pomoc go usunac?
szczwany_lis komentarz 13 czerwca 2009 Autor komentarz 13 czerwca 2009 Przepraszam ze nie dalem z Combo HijackThis Logfile of Trend Micro HijackThis v2.0.2Scan saved at 15:49:54, on 09-06-13Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Eset\nod32krn.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\UAService7.exeC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Eset\nod32kui.exeD:\HP\HP Software Update\HPWuSchd2.exeC:\Windows\system\svchost.exeC:\Program Files\Nowe Gadu-Gadu\gg.exeC:\Program Files\Nowe Gadu-Gadu\spellchecker_gg.exeD:\HP\Digital Imaging\bin\hpqtra08.exeD:\HP\Digital Imaging\bin\hpqSTE08.exeD:\Nowy folder (3)\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gazeta.pl/R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = ŁączaO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICEO4 - HKLM\..\Run: [HP Software Update] D:\HP\HP Software Update\HPWuSchd2.exeO4 - HKLM\..\Run: [services] C:\Windows\system\svchost.exeO4 - HKCU\..\Run: [Nowe Gadu-Gadu] "C:\Program Files\Nowe Gadu-Gadu\gg.exe"O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\HP\Digital Imaging\bin\hpqtra08.exeO8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO23 - Service: Google Software Updater (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exeO23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exeO23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exeO23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exeO23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe--End of file - 2977 bytes
Gość komentarz 13 czerwca 2009 komentarz 13 czerwca 2009 HJT nie pomoże za wiele. 04 - HKLM\..\Run: [services] C:\Windows\system\svchost.exe Właśnie go widać. Czekamy na log z ComboFixa. .
szczwany_lis komentarz 13 czerwca 2009 Autor komentarz 13 czerwca 2009 Wybacz ze pytam a czy jest mozliwosc usuniecia tego trojana bez uzywania Combofixa?
Gość komentarz 13 czerwca 2009 komentarz 13 czerwca 2009 Oczywiście, że tak. Wklej logi z DDS + OTList 2: http://www.forumpc.pl/index.php?showtopic=104338&hl= .
szczwany_lis komentarz 13 czerwca 2009 Autor komentarz 13 czerwca 2009 (edytowane) mam pobrac dss.pif czy dss.scr? ;P A i jeszcze jedno. czy tego trojana usunie jakis antywirus/antuspyware?
szczwany_lis komentarz 13 czerwca 2009 Autor komentarz 13 czerwca 2009 DDS: UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH ITDDS (Ver_09-05-14.01)Microsoft Windows XP ProfessionalBoot Device: \Device\HarddiskVolume1Install Date: 04-04-30 14:23:10System Uptime: 09-06-13 15:57:04 (1 hours ago)Motherboard: ASUSTeK Computer INC. | | A7N8X2.0Processor: AMD Athlon XP 3000+ | Socket A | 2162/166mhz==== Disk Partitions =========================A: is RemovableC: is FIXED (NTFS) - 37 GiB total, 28,146 GiB free.D: is FIXED (NTFS) - 37 GiB total, 29,508 GiB free.E: is CDROM ()F: is CDROM ()==== Disabled Device Manager Items =============Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}Description: Kontroler multimediówDevice ID: PCI\VEN_1131&DEV_7134&SUBSYS_00001131&REV_01\4&3B1D9AB8&0&3840Manufacturer: Name: Kontroler multimediówPNP Device ID: PCI\VEN_1131&DEV_7134&SUBSYS_00001131&REV_01\4&3B1D9AB8&0&3840Service: ==== System Restore Points ===================RP66: 09-03-06 15:52:12 - Installed HP Product AssistantRP67: 09-03-06 15:53:01 - Usunięto: HP Software UpdateRP68: 09-03-06 15:53:05 - Zainstalowano: HP UpdateRP69: 09-03-08 21:21:49 - Punkt kontrolny systemuRP70: 09-03-18 14:25:50 - Usunięto Google Earth.RP71: 09-03-31 21:19:51 - Punkt kontrolny systemuRP72: 09-04-07 10:36:40 - Software Distribution Service 3.0RP73: 09-04-13 20:55:04 - Punkt kontrolny systemuRP74: 09-04-23 14:56:12 - Punkt kontrolny systemuRP75: 09-05-24 11:08:35 - Punkt kontrolny systemuRP76: 09-05-30 13:19:39 - Punkt kontrolny systemuRP77: 09-06-09 20:57:11 - Punkt kontrolny systemuRP78: 09-06-11 15:34:00 - Punkt kontrolny systemu==== Installed Programs ======================1500TrbAC3Filter (remove only)Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)Adobe Flash Player 10 PluginAdobe Flash Player ActiveXAdobe Reader 8 - PolishAdobe Reader 8.1.2 Security Update 1 (KB403742)Adobe Shockwave Player 11AiO_ScanAiOSoftwareAktualizacja dla systemu Windows XP (KB898461)Aktualizacja dla systemu Windows XP (KB900485)Aktualizacja dla systemu Windows XP (KB908531)Aktualizacja dla systemu Windows XP (KB942763)Aktualizacja dla systemu Windows XP (KB955839)Aktualizacja dla systemu Windows XP (KB967715)Aktualizacja zabezpieczeń dla programu Windows Media Player (KB911564)Aktualizacja zabezpieczeń dla programu Windows Media Player (KB952069)Aktualizacja zabezpieczeń dla programu Windows Media Player 6.4 (KB925398)Aktualizacja zabezpieczeń dla programu Windows Media Player 9 (KB936782)Aktualizacja zabezpieczeń dla systemu Windows XP (KB899587)Aktualizacja zabezpieczeń dla systemu Windows XP (KB899591)Aktualizacja zabezpieczeń dla systemu Windows XP (KB900725)Aktualizacja zabezpieczeń dla systemu Windows XP (KB901017)Aktualizacja zabezpieczeń dla systemu Windows XP (KB902400)Aktualizacja zabezpieczeń dla systemu Windows XP (KB905414)Aktualizacja zabezpieczeń dla systemu Windows XP (KB905749)Aktualizacja zabezpieczeń dla systemu Windows XP (KB908519)Aktualizacja zabezpieczeń dla systemu Windows XP (KB911562)Aktualizacja zabezpieczeń dla systemu Windows XP (KB911927)Aktualizacja zabezpieczeń dla systemu Windows XP (KB913580)Aktualizacja zabezpieczeń dla systemu Windows XP (KB914388)Aktualizacja zabezpieczeń dla systemu Windows XP (KB918439)Aktualizacja zabezpieczeń dla systemu Windows XP (KB920683)Aktualizacja zabezpieczeń dla systemu Windows XP (KB922819)Aktualizacja zabezpieczeń dla systemu Windows XP (KB923191)Aktualizacja zabezpieczeń dla systemu Windows XP (KB924270)Aktualizacja zabezpieczeń dla systemu Windows XP (KB924496)Aktualizacja zabezpieczeń dla systemu Windows XP (KB925902)Aktualizacja zabezpieczeń dla systemu Windows XP (KB926255)Aktualizacja zabezpieczeń dla systemu Windows XP (KB926436)Aktualizacja zabezpieczeń dla systemu Windows XP (KB929123)Aktualizacja zabezpieczeń dla systemu Windows XP (KB930178)Aktualizacja zabezpieczeń dla systemu Windows XP (KB931784)Aktualizacja zabezpieczeń dla systemu Windows XP (KB933729)Aktualizacja zabezpieczeń dla systemu Windows XP (KB935839)Aktualizacja zabezpieczeń dla systemu Windows XP (KB936021)Aktualizacja zabezpieczeń dla systemu Windows XP (KB938464-v2)Aktualizacja zabezpieczeń dla systemu Windows XP (KB941202)Aktualizacja zabezpieczeń dla systemu Windows XP (KB943055)Aktualizacja zabezpieczeń dla systemu Windows XP (KB944338)Aktualizacja zabezpieczeń dla systemu Windows XP (KB944653)Aktualizacja zabezpieczeń dla systemu Windows XP (KB946026)Aktualizacja zabezpieczeń dla systemu Windows XP (KB947864)Aktualizacja zabezpieczeń dla systemu Windows XP (KB950760)Aktualizacja zabezpieczeń dla systemu Windows XP (KB950762)Aktualizacja zabezpieczeń dla systemu Windows XP (KB950974)Aktualizacja zabezpieczeń dla systemu Windows XP (KB951066)Aktualizacja zabezpieczeń dla systemu Windows XP (KB951376-v2)Aktualizacja zabezpieczeń dla systemu Windows XP (KB951698)Aktualizacja zabezpieczeń dla systemu Windows XP (KB951748)Aktualizacja zabezpieczeń dla systemu Windows XP (KB952954)Aktualizacja zabezpieczeń dla systemu Windows XP (KB954600)Aktualizacja zabezpieczeń dla systemu Windows XP (KB955069)Aktualizacja zabezpieczeń dla systemu Windows XP (KB956802)Aktualizacja zabezpieczeń dla systemu Windows XP (KB956803)Aktualizacja zabezpieczeń dla systemu Windows XP (KB956841)Aktualizacja zabezpieczeń dla systemu Windows XP (KB957097)Aktualizacja zabezpieczeń dla systemu Windows XP (KB958215)Aktualizacja zabezpieczeń dla systemu Windows XP (KB958644)Aktualizacja zabezpieczeń dla systemu Windows XP (KB958687)Aktualizacja zabezpieczeń dla systemu Windows XP (KB958690)Aktualizacja zabezpieczeń dla systemu Windows XP (KB960225)Aktualizacja zabezpieczeń dla systemu Windows XP (KB960714)Aktualizacja zabezpieczeń dla systemu Windows XP (KB960715)Aktualizacja zabezpieczeń dla Windows XP (KB923689)Aktualizacja zabezpieczeń dla Windows XP (KB941569)Aktualizator GoogleArchiwizator WinRARAres 2.1.0BufferChmCodeStuff StarterCP_Package_Variety1CP_Package_Variety2CP_Package_Variety3DestinationsDeutsch Translator 2DeviceManagementQFolderDocProcEkspert CDEnglish Translator 3eSupportQFolderFaxffdshow [rev 1376] [2007-07-28]GameDesire-Pool & SnookerHP Image Zone ExpressHP Imaging Device Functions 5.3HP Product AssistantHP PSC & OfficeJet 5.3.BHP Solution Center & Imaging Support Tools 5.3HP UpdateHPProductAssistantIrfanView (remove only)Java 6 Update 5Microsoft Office Professional Edition 2003Microsoft Visual C++ 2005 RedistributableMozilla Firefox (3.0.11)Mp3tag v2.41MSXML 4.0 SP2 (KB954430)Nero 7 Ultra EditionNewCopyNiezbędnik Dyrektora Przedszkola ver 01/2008NOD32 FiXNowe Gadu-GaduNVIDIA DriversNvMixerOjciec chrzestny® GraPoprawka dla systemu Windows XP (KB952287)Poprawka systemu Windows XP - KB885836Poprawka systemu Windows XP - KB886185Poprawka systemu Windows XP - KB890859Poprawka systemu Windows XP - KB891781PowerDVDPowerDVD 6ProductContextReadmeScanScannerCopySolutionCenterSony Ericsson PC SuiteStatusSubEdit-PlayerSystem Antywirusowy NOD32TrayAppUnloadWebRegWinampWindows Installer 3.1 (KB893803)Windows Media Format RuntimeWindows Media Player Firefox PluginYDP Dictionary (English-Polish, Polish-English)==== End Of File =========================== DDS (Ver_09-05-14.01) - NTFSx86 Run by Administrator at 16:32:34,65 on 09-06-13Internet Explorer: 6.0.2900.2180Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1023.699 [GMT 2:00]AV: System antywirusowy NOD32 2.70 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Eset\nod32krn.exeC:\WINDOWS\system32\svchost.exe -k imgsvcC:\WINDOWS\system32\UAService7.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\wscntfy.exeC:\Program Files\Eset\nod32kui.exeD:\HP\HP Software Update\HPWuSchd2.exe"C:\Windows\system\svchost.exe" C:\Program Files\Nowe Gadu-Gadu\gg.exeC:\Program Files\Nowe Gadu-Gadu\spellchecker_gg.exeD:\HP\Digital Imaging\bin\hpqtra08.exeD:\HP\Digital Imaging\bin\hpqSTE08.exeC:\Documents and Settings\Administrator\Pulpit\dds.pif============== Pseudo HJT Report ===============uStart Page = hxxp://www.gazeta.pl/uSearch Page = hxxp://www.google.comuSearch Bar = hxxp://www.google.com/iemDefault_Search_URL = hxxp://www.google.com/ieuInternet Connection Wizard,ShellNext = iexploreuSearchAssistant = hxxp://www.google.com/ieuSearchURL,(Default) = hxxp://www.google.com/search?q=%smSearchAssistant = hxxp://www.google.com/ieBHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dllBHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_05\bin\ssv.dlluRun: [Nowe Gadu-Gadu] "c:\program files\nowe gadu-gadu\gg.exe"mRun: [nod32kui] "c:\program files\eset\nod32kui.exe" /WAITSERVICEmRun: [HP Software Update] d:\hp\hp software update\HPWuSchd2.exemRun: [services] c:\windows\system\svchost.exeStartupFolder: c:\docume~1\alluse~1\menust~1\programy\autost~1\hpdigi~1.lnk - d:\hp\digital imaging\bin\hpqtra08.exemPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)IE: E&ksport do programu Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLLLSP: c:\windows\system32\imon.dllDPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CABDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cabDPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab================= FIREFOX ===================FF - ProfilePath - c:\docume~1\admini~1\daneap~1\mozilla\firefox\profiles\lst6duir.default\FF - prefs.js: browser.startup.homepage - www.onet.plFF - plugin: c:\program files\mozilla firefox\plugins\NPBILLARD8.dllFF - plugin: c:\program files\mozilla firefox\plugins\npganymedenet.dllFF - plugin: c:\program files\mozilla firefox\plugins\NPSNOOKER.dllFF - plugin: c:\program files\mozilla firefox\plugins\npzylomgamesplayer.dllFF - plugin: d:\acrobat reader\reader\browser\nppdf32.dll============= SERVICES / DRIVERS ===============R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2004-4-30 15424]R2 NOD32krn;NOD32 Kernel Service;c:\program files\eset\nod32krn.exe [2004-4-30 552064]=============== Created Last 30 ================2009-06-13 16:32 <DIR> --d-h--- c:\windows\PIF2009-06-12 21:25 462,008 a------- c:\windows\system\svchost.exe==================== Find3M ====================2009-04-07 11:47 106,496 a------- c:\windows\DUMP3095.tmp2009-03-29 11:08 355,486 a------- c:\windows\system32\perfh015.dat2009-03-29 11:08 49,492 a------- c:\windows\system32\perfc015.dat============= FINISH: 16:32:51,12 ===============
szczwany_lis komentarz 13 czerwca 2009 Autor komentarz 13 czerwca 2009 Mozesz dac jakis link do sciagniecia tego OTList 2? bo na tej stronie ktora podales wyskakuje blad 404 gdy chce sciaganac ten program ;p
szczwany_lis komentarz 13 czerwca 2009 Autor komentarz 13 czerwca 2009 (edytowane) OTL logfile created on: 09-06-13 16:51:07 - Run 1OTL by OldTimer - Version 2.1.1.0 Folder = C:\Documents and Settings\Administrator\PulpitWindows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstationInternet Explorer (Version = 6.0.2900.2180)Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yy-MM-dd1023,48 Mb Total Physical Memory | 624,87 Mb Available Physical Memory | 61,05% Memory free2,41 Gb Paging File | 2,15 Gb Available in Paging File | 89,24% Paging File freePaging file location(s): C:\pagefile.sys 1536 3072 [binary data]%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program FilesDrive C: | 37,39 Gb Total Space | 28,28 Gb Free Space | 75,63% Space Free | Partition Type: NTFSDrive D: | 37,17 Gb Total Space | 29,51 Gb Free Space | 79,39% Space Free | Partition Type: NTFSE: Drive not present or media not loadedF: Drive not present or media not loadedG: Drive not present or media not loadedH: Drive not present or media not loadedI: Drive not present or media not loadedComputer Name: TOMEKCurrent User Name: AdministratorLogged in as Administrator.Current Boot Mode: NormalScan Mode: All usersOutput = StandardFile Age = 30 DaysCompany Name Whitelist: On========== Processes (SafeList) ==========PRC - [2004-04-30 15:16:22 | 00,552,064 | ---- | M] (Eset ) -- C:\Program Files\Eset\nod32krn.exePRC - [2005-01-28 13:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exePRC - [2008-10-17 17:37:48 | 00,135,168 | ---- | M] (Sony DADC Austria AG.) -- C:\WINDOWS\system32\UAService7.exePRC - [2004-08-04 00:44:20 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXEPRC - [2004-08-04 00:44:30 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exePRC - [2004-04-30 15:16:22 | 00,949,376 | ---- | M] (Eset ) -- C:\Program Files\Eset\nod32kui.exePRC - [2007-05-08 17:24:20 | 00,054,840 | ---- | M] (Hewlett-Packard) -- D:\HP\HP Software Update\HPWuSchd2.exePRC - [2009-05-31 14:23:20 | 00,462,008 | ---- | M] () -- C:\Windows\system\svchost.exePRC - [2009-04-20 16:56:20 | 09,818,728 | ---- | M] (GG Network S.A.) -- C:\Program Files\Nowe Gadu-Gadu\gg.exePRC - [2009-04-20 16:08:38 | 00,077,824 | ---- | M] () -- C:\Program Files\Nowe Gadu-Gadu\spellchecker_gg.exePRC - [2005-05-11 23:23:26 | 00,282,624 | ---- | M] (Hewlett-Packard Co.) -- D:\HP\Digital Imaging\bin\hpqtra08.exePRC - [2009-06-12 15:58:02 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exePRC - [2005-05-12 00:40:38 | 00,204,800 | ---- | M] (Hewlett-Packard Co.) -- D:\HP\Digital Imaging\bin\hpqSTE08.exePRC - [2009-06-13 16:50:30 | 00,501,760 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Pulpit\OTL.exe========== Win32 Services (SafeList) ==========SRV - File not found -- -- (gusvc [Auto | Stopped])SRV - [2004-08-04 00:44:08 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])SRV - [2005-11-14 01:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])SRV - [2006-09-12 21:55:36 | 00,724,992 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService [On_Demand | Stopped])SRV - [2004-04-30 15:16:22 | 00,552,064 | ---- | M] (Eset ) -- C:\Program Files\Eset\nod32krn.exe -- (NOD32krn [Auto | Running])SRV - [2003-07-28 20:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])SRV - [2007-08-09 09:27:52 | 00,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12 [Auto | Stopped])SRV - [2005-01-28 13:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe -- (UMWdf [Auto | Running])SRV - [2008-10-17 17:37:48 | 00,135,168 | ---- | M] (Sony DADC Austria AG.) -- C:\WINDOWS\system32\UAService7.exe -- (UserAccess7 [Auto | Running])========== Driver Services (SafeList) ==========DRV - [2004-04-30 15:16:23 | 00,512,096 | ---- | M] (Eset ) -- C:\WINDOWS\system32\drivers\amon.sys -- (AMON [Auto | Running])DRV - [2005-06-11 14:28:42 | 00,701,440 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\DRIVERS\ati2mtag.sys -- (ati2mtag [On_Demand | Running])DRV - [2004-04-30 15:09:55 | 00,223,128 | ---- | M] () -- C:\WINDOWS\System32\Drivers\dtscsi.sys -- (dtscsi [On_Demand | Running])DRV - [2005-06-11 14:28:18 | 00,010,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\gameenum.sys -- (gameenum [On_Demand | Running])DRV - [2005-03-08 06:43:25 | 00,051,120 | R--- | M] (HP) -- C:\WINDOWS\system32\DRIVERS\HPZid412.sys -- (HPZid412 [On_Demand | Stopped])DRV - [2005-03-08 06:43:26 | 00,016,496 | R--- | M] (HP) -- C:\WINDOWS\system32\DRIVERS\HPZipr12.sys -- (HPZipr12 [On_Demand | Stopped])DRV - [2005-03-08 06:43:27 | 00,021,744 | R--- | M] (HP) -- C:\WINDOWS\system32\DRIVERS\HPZius12.sys -- (HPZius12 [On_Demand | Stopped])DRV - [2005-06-11 14:28:26 | 00,002,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401 [On_Demand | Running])DRV - [2004-04-30 15:16:22 | 00,015,424 | ---- | M] () -- C:\WINDOWS\system32\drivers\nod32drv.sys -- (nod32drv [system | Running])DRV - [2004-06-03 10:40:46 | 00,079,360 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nvatabus.sys -- (nvatabus [boot | Running])DRV - [2004-05-25 15:58:02 | 00,048,640 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvax.sys -- (nvax [On_Demand | Running])DRV - [2004-01-29 01:45:50 | 00,093,764 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\NVENET.sys -- (NVENET [On_Demand | Running])DRV - [2004-05-25 15:58:04 | 00,396,032 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvapu.sys -- (nvnforce [On_Demand | Running])DRV - [2004-04-02 15:40:00 | 00,021,760 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nv_agp.sys -- (nv_agp [boot | Running])DRV - [2002-09-29 00:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])DRV - [2007-03-08 01:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [boot | Running])DRV - [2006-11-30 15:13:56 | 00,061,536 | R--- | M] (MCCI) -- C:\WINDOWS\system32\DRIVERS\se45bus.sys -- (se45bus [On_Demand | Stopped])DRV - [2006-11-30 15:14:04 | 00,009,360 | R--- | M] (MCCI) -- C:\WINDOWS\system32\DRIVERS\se45mdfl.sys -- (se45mdfl [On_Demand | Stopped])DRV - [2006-11-30 15:14:04 | 00,097,088 | R--- | M] (MCCI) -- C:\WINDOWS\system32\DRIVERS\se45mdm.sys -- (se45mdm [On_Demand | Stopped])DRV - [2006-11-30 15:14:10 | 00,088,624 | R--- | M] (MCCI) -- C:\WINDOWS\system32\DRIVERS\se45mgmt.sys -- (se45mgmt [On_Demand | Stopped])DRV - [2006-11-30 15:14:10 | 00,018,704 | R--- | M] (MCCI) -- C:\WINDOWS\system32\DRIVERS\se45nd5.sys -- (se45nd5 [On_Demand | Stopped])DRV - [2006-11-30 15:14:14 | 00,086,432 | R--- | M] (MCCI) -- C:\WINDOWS\system32\DRIVERS\se45obex.sys -- (se45obex [On_Demand | Stopped])DRV - [2006-11-30 15:14:22 | 00,090,800 | R--- | M] (MCCI) -- C:\WINDOWS\system32\DRIVERS\se45unic.sys -- (se45unic [On_Demand | Stopped])DRV - [2007-11-13 12:25:55 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])DRV - [2008-10-17 17:37:48 | 00,006,432 | ---- | M] (Sony DADC Austria AG.) -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp\sony_ssm.sys -- (sony_ssm.sys [On_Demand | Stopped])DRV - [2004-04-30 15:05:25 | 00,642,560 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [boot | Running])========== Standard Registry (SafeList) ==================== Internet Explorer ==========IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhomeIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ieIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htmIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=homeIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htmIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ieIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ieIE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\S-1-5-21-1292428093-1390067357-682003330-500\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htmIE - HKU\S-1-5-21-1292428093-1390067357-682003330-500\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.comIE - HKU\S-1-5-21-1292428093-1390067357-682003330-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gazeta.pl/IE - HKU\S-1-5-21-1292428093-1390067357-682003330-500\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ieIE - HKU\S-1-5-21-1292428093-1390067357-682003330-500\S-1-5-21-1292428093-1390067357-682003330-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0========== FireFox ==========FF - prefs.js..browser.search.useDBForOrder: trueFF - prefs.js..browser.startup.homepage: "www.onet.pl"FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.0.2FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.3FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.11FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009-06-12 15:58:08 | 00,000,000 | ---D | M]FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009-06-12 15:58:07 | 00,000,000 | ---D | M][2008-06-18 13:12:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\mozilla\Extensions[2008-06-18 13:12:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}[2009-06-13 13:56:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\mozilla\Firefox\Profiles\lst6duir.default\extensions[2009-01-29 22:33:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\mozilla\Firefox\Profiles\lst6duir.default\extensions\{46868735-c3fa-47ce-8ce7-cce51a66aceb}[2009-04-10 20:19:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\mozilla\Firefox\Profiles\lst6duir.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}[2009-04-15 20:19:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\mozilla\Firefox\Profiles\lst6duir.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}[2008-07-21 14:38:31 | 00,002,126 | ---- | M] () -- C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\FireFox\Profiles\lst6duir.default\searchplugins\wyszukiwanie-filmw-wideo-w-youtube.xml[2008-07-28 14:20:55 | 00,006,688 | ---- | M] () -- C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\FireFox\Profiles\lst6duir.default\searchplugins\wyszukiwarka-onetpl.xml[2008-06-18 19:41:32 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions[2009-06-12 15:58:02 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}[2009-06-12 15:58:02 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll[2009-06-12 15:58:02 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll[2006-06-03 18:43:22 | 00,000,896 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml[2008-04-03 19:19:08 | 00,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml[2008-04-16 06:08:20 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml[2007-03-31 19:11:54 | 00,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml[2006-06-03 18:43:22 | 00,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml[2008-03-28 23:36:04 | 00,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml[2007-01-05 13:40:56 | 00,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xmlO1 HOSTS File: (742 bytes) - C:\WINDOWS\System32\drivers\etc\HostsO1 - Hosts: 127.0.0.1 localhostO2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)O4 - HKLM..\Run: [HP Software Update] D:\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)O4 - HKLM..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE (Eset )O4 - HKLM..\Run: [services] C:\Windows\system\svchost.exe ()O4 - HKU\S-1-5-21-1292428093-1390067357-682003330-500..\Run: [Nowe Gadu-Gadu] "C:\Program Files\Nowe Gadu-Gadu\gg.exe" (GG Network S.A.)O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\HP Digital Imaging Monitor.lnk = D:\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O7 - HKU\S-1-5-21-1292428093-1390067357-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 (Microsoft Corporation)O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll (Sun Microsystems, Inc.)O9 - Extra Button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\imon.dll (Eset )O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\imon.dll (Eset )O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\imon.dll (Eset )O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\imon.dll (Eset )O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\imon.dll (Eset )O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\imon.dll (Eset )O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\imon.dll (Eset )O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\imon.dll (Eset )O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\imon.dll (Eset )O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\imon.dll (Eset )O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\imon.dll (Eset )O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\imon.dll (Eset )O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\imon.dll (Eset )O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\imon.dll (Eset )O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\imon.dll (Eset )O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\imon.dll (Eset )O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\imon.dll (Eset )O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\imon.dll (Eset )O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\imon.dll (Eset )O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB (Reg Error: Key error.)O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:HomeO31 - SafeBoot: AlternateShell - cmd.exeO32 - HKLM CDRom: AutoRun - 1O32 - AutoRun File - [2004-04-30 14:21:04 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]O34 - HKLM BootExecute: (autocheck) - File not foundO34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)O34 - HKLM BootExecute: (*) - * [2009-06-13 16:50:25 | 00,000,000 | ---D | M]========== Files/Folders - Created Within 30 Days ==========[4 C:\WINDOWS\*.tmp files][2009-06-13 16:50:08 | 00,501,760 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Pulpit\OTL.exe[2009-06-13 16:32:18 | 00,000,000 | -H-D | C] -- C:\WINDOWS\PIF[2009-06-12 21:25:02 | 00,462,008 | ---- | C] () -- C:\WINDOWS\System\svchost.exe[2009-06-08 19:29:38 | 00,029,696 | ---- | C] () -- C:\Documents and Settings\Administrator\Moje dokumenty\Dodatek do wynagrodzenia jak za pracę nadliczbową.doc[2009-06-05 20:17:40 | 00,092,672 | ---- | C] () -- C:\Documents and Settings\Administrator\Moje dokumenty\REGULAMIN - OSTATNI.doc[2009-05-20 20:30:28 | 00,051,712 | ---- | C] () -- C:\Documents and Settings\Administrator\Moje dokumenty\RZYKŁAD regulamin wynagr.doc[2009-05-18 21:08:46 | 00,108,544 | ---- | C] () -- C:\Documents and Settings\Administrator\Moje dokumenty\PRZYKŁAD regulamin wynagradzania.doc[2009-05-18 20:43:04 | 00,118,072 | ---- | C] () -- C:\Documents and Settings\Administrator\Pulpit\311155[2009-05-18 20:39:18 | 00,118,073 | ---- | C] () -- C:\Documents and Settings\Administrator\Pulpit\311154[2009-05-18 20:37:21 | 00,118,071 | ---- | C] () -- C:\Documents and Settings\Administrator\Pulpit\311153[2009-05-18 19:48:11 | 00,177,664 | ---- | C] () -- C:\Documents and Settings\Administrator\Pulpit\projekt_wzor_regulaminu_wynagradzania_pracownikow_administracji_i_obslugi_szkol.doc[2009-05-16 17:09:32 | 00,038,137 | ---- | C] () -- C:\Documents and Settings\Administrator\Moje dokumenty\przyjaciuelskie.png[2009-05-16 17:08:33 | 00,016,912 | ---- | C] () -- C:\Documents and Settings\Administrator\Moje dokumenty\pakty.png[2009-05-16 17:07:55 | 00,027,057 | ---- | C] () -- C:\Documents and Settings\Administrator\Moje dokumenty\wojny.gif[2009-05-16 17:06:21 | 00,056,776 | ---- | C] () -- C:\Documents and Settings\Administrator\Moje dokumenty\nowe.png[2009-04-05 20:49:29 | 00,000,244 | ---- | C] () -- C:\WINDOWS\CDPLAYER.INI[2009-03-06 16:52:24 | 00,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini[2009-03-06 16:46:26 | 00,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini[2008-05-31 12:10:44 | 00,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI[2008-05-24 21:00:47 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\AVERM.dll[2008-05-24 21:00:46 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\AVEQT.dll[2008-04-30 18:55:50 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll[2008-04-30 18:55:50 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest[2008-04-30 18:33:06 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini[2008-04-30 18:28:53 | 00,021,052 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll[2008-04-30 18:28:52 | 00,015,144 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll[2008-04-30 18:28:52 | 00,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll[2008-04-30 18:28:52 | 00,000,537 | ---- | C] () -- C:\WINDOWS\YdpDict.ini[2004-08-04 00:44:00 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll[2004-04-30 15:16:49 | 00,015,424 | ---- | C] () -- C:\WINDOWS\System32\drivers\nod32drv.sys[2004-04-30 15:15:11 | 00,000,421 | ---- | C] () -- C:\WINDOWS\ODBC.INI[2004-04-30 15:09:55 | 00,223,128 | ---- | C] () -- C:\WINDOWS\System32\drivers\dtscsi.sys[2004-04-30 15:05:25 | 00,642,560 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys[2004-04-30 15:05:25 | 00,096,256 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd9917.sys[2004-04-30 15:00:39 | 00,000,160 | ---- | C] () -- C:\WINDOWS\MyDrivers.ini[2002-09-29 00:00:00 | 00,000,644 | ---- | C] () -- C:\WINDOWS\win.ini[2002-09-29 00:00:00 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini[2001-07-06 15:30:02 | 00,003,234 | ---- | C] () -- C:\WINDOWS\System32\HPTCPMON.INI========== Files - Modified Within 30 Days ==========[1 C:\WINDOWS\System32\*.tmp files][4 C:\WINDOWS\*.tmp files][2009-06-13 16:50:30 | 00,501,760 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Pulpit\OTL.exe[2009-06-13 16:45:00 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job[2009-06-13 16:40:14 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Administrator\Ustawienia lokalne\desktop.ini[2009-06-13 16:40:14 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT[2009-06-13 16:40:13 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat[2009-06-13 16:40:12 | 10,732,70784 | -HS- | M] () -- C:\hiberfil.sys[2009-06-01 15:43:01 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl[2009-05-31 14:23:20 | 00,462,008 | ---- | M] () -- C:\WINDOWS\System\svchost.exe
Gość komentarz 13 czerwca 2009 komentarz 13 czerwca 2009 Gdzie jest Extras.txt z OTList2? Uruchamiasz OTlist 2 i w dolnym jego okienku Custom Scans/Fixes wklejasz ten skrypt: :OTLIO4 - HKLM..\Run: [services] C:\Windows\system\svchost.exe ():FilesC:\WINDOWS\System\svchost.exe:Commands[emptytemp][start explorer][Reboot] Klikasz w Run Fix. W trakcie tego procesu będzie znikał Pulpit, a także dostaniesz prośbę o restartowanie komputera. Po restarcie załączasz dwa logi: ten powstały z powyższego usuwania, oraz nowy z OTListIt wytworzony opcją Run Scan. Dajesz też Extras.txt. .
szczwany_lis komentarz 15 czerwca 2009 Autor komentarz 15 czerwca 2009 Dzieki Ci zbawco! wszystko juz gra
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.