tttt2 utworzono 19 lipca 2009 utworzono 19 lipca 2009 Witam Mam problem z wirusem, który blokuje mi możliwość otwierania większości programów Wirus zmienil mi tapete na niebieska z napisami zaczynajacymi sie od: "WARNING! YOUR'RE IN DANGER! YOUR COMPUTER IS INFECTED WITH SPYWARE!" Co chwile na pasku w prawym rogu wyskakuje mi komunikat " Warning! Your computer is infected" i od czasu do czasu wyskakuja mi reklamy jakis antywirusow i aby wykupic od niech licencje. Po pewnym czasie wszystko wyłącza się - zostaje tylko tapeta i nie da się nic zrobić Nie mogę włączyć np. Hijackthis, nie działa również ctrl+alt+del Co mogę z tym zrobić? Bardzo proszę o pomoc!
Gość komentarz 19 lipca 2009 komentarz 19 lipca 2009 Wejdź w Tryb Awaryjny z obsługą sieci (F8 przed bootem Windy) i pokaż log z OTL: http://www.forumpc.pl/index.php?showtopic=104338 .
tttt2 komentarz 19 lipca 2009 Autor komentarz 19 lipca 2009 (edytowane) OTL logfile created on: 2009-07-19 21:56:46 - Run 1OTL by OldTimer - Version 3.0.9.2 Folder = D:\Program Files\OTLWindows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstationInternet Explorer (Version = 6.0.2900.5512)Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd1,50 Gb Total Physical Memory | 1,26 Gb Available Physical Memory | 84,31% Memory free2,11 Gb Paging File | 2,04 Gb Available in Paging File | 97,06% Paging File freePaging file location(s): C:\pagefile.sys 768 1536 [binary data]%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program FilesDrive C: | 19,53 Gb Total Space | 3,25 Gb Free Space | 16,63% Space Free | Partition Type: NTFSDrive D: | 129,51 Gb Total Space | 1,68 Gb Free Space | 1,30% Space Free | Partition Type: NTFSUnable to calculate disk information.F: Drive not present or media not loadedG: Drive not present or media not loadedH: Drive not present or media not loadedI: Drive not present or media not loadedComputer Name: TM-5028F8B48DEECurrent User Name: tmLogged in as Administrator.Current Boot Mode: SafeMode with NetworkingScan Mode: All usersCompany Name Whitelist: OnSkip Microsoft Files: OffFile Age = 30 DaysOutput = Standard========== Processes (SafeList) ==========PRC - [2008-04-15 14:00:00 | 01,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXEPRC - [2009-07-19 21:43:20 | 00,513,536 | ---- | M] (OldTimer Tools) -- D:\Program Files\OTL\OTL.exe========== Win32 Services (SafeList) ==========SRV - [2005-09-23 07:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])SRV - [2009-02-05 22:01:25 | 00,018,752 | ---- | M] (ALWIL Software) -- D:\Program Files\Avast\avast\aswUpdSv.exe -- (aswUpdSv [Auto | Stopped])SRV - [2009-02-05 22:08:40 | 00,138,680 | ---- | M] (ALWIL Software) -- D:\Program Files\Avast\avast\ashServ.exe -- (avast! Antivirus [Auto | Stopped])SRV - [2009-02-05 22:08:26 | 00,254,040 | ---- | M] (ALWIL Software) -- D:\Program Files\Avast\avast\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand | Stopped])SRV - [2009-02-05 22:06:04 | 00,352,920 | ---- | M] (ALWIL Software) -- D:\Program Files\Avast\avast\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Stopped])SRV - [2005-09-23 07:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])SRV - [2006-10-20 21:21:24 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])SRV - [2008-04-15 14:00:00 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])SRV - [2006-10-30 03:33:58 | 00,741,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [unknown | Stopped])SRV - [2009-04-12 21:22:19 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Stopped])SRV - [2008-06-09 10:21:58 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Auto | Stopped])SRV - [2008-12-05 16:11:54 | 00,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0 [Auto | Stopped])SRV - [2006-10-30 03:34:02 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])SRV - [2008-10-20 22:18:26 | 00,071,096 | ---- | M] () -- D:\Program Files\CD Burner\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU [Auto | Stopped])SRV - [2006-03-03 21:03:10 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\System32\HPZipm12.exe -- (Pml Driver HPZ12 [unknown | Stopped])SRV - [2006-12-01 11:46:28 | 00,918,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])========== Driver Services (SafeList) ==========DRV - [2009-02-05 22:05:11 | 00,026,944 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4 [system | Stopped])DRV - [2009-02-05 22:07:12 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\DRIVERS\aswFsBlk.sys -- (aswFsBlk [Auto | Stopped])DRV - [2009-02-05 22:08:10 | 00,094,032 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2 [Auto | Stopped])DRV - [2009-02-05 22:06:10 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr [On_Demand | Stopped])DRV - [2009-02-05 22:07:23 | 00,114,768 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP [system | Stopped])DRV - [2009-02-05 22:06:20 | 00,051,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi [system | Running])DRV - [2008-04-14 23:30:58 | 00,701,440 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys -- (ati2mtag [On_Demand | Stopped])DRV - [2008-04-14 02:15:30 | 00,010,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\gameenum.sys -- (gameenum [On_Demand | Stopped])DRV - [2001-08-17 22:02:32 | 00,008,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\hidgame.sys -- (hidgame [On_Demand | Stopped])DRV - [2006-04-13 02:04:39 | 00,049,664 | ---- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZid412.sys -- (HPZid412 [On_Demand | Stopped])DRV - [2006-04-13 02:04:39 | 00,016,496 | ---- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZipr12.sys -- (HPZipr12 [On_Demand | Stopped])DRV - [2006-04-13 02:04:39 | 00,021,568 | ---- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZius12.sys -- (HPZius12 [On_Demand | Stopped])DRV - [2001-08-18 00:00:04 | 00,002,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\msmpu401.sys -- (ms_mpu401 [On_Demand | Stopped])DRV - [2008-04-15 14:00:00 | 00,014,592 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\ndisuio.sys -- (Ndisuio [On_Demand | Stopped])DRV - [2003-08-13 03:45:00 | 00,036,864 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\drivers\nvax.sys -- (nvax [On_Demand | Stopped])DRV - [2003-06-07 00:53:16 | 00,070,656 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\NVENET.sys -- (NVENET [On_Demand | Running])DRV - [2003-08-13 03:45:00 | 00,311,552 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\drivers\nvapu.sys -- (nvnforce [On_Demand | Stopped])DRV - [2003-03-19 09:51:00 | 00,018,688 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nv_agp.sys -- (nv_agp [boot | Running])DRV - [2008-04-15 14:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])DRV - [2008-08-20 19:58:58 | 00,044,944 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [boot | Running])DRV - [2008-04-15 14:00:00 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])DRV - [2004-05-12 10:01:18 | 00,097,408 | ---- | M] (Silicon Image, Inc.) -- C:\WINDOWS\system32\drivers\si3112r.sys -- (si3112r [boot | Running])DRV - [2003-10-15 07:28:16 | 00,010,240 | ---- | M] (Silicon Image, Inc.) -- C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys -- (SiFilter [boot | Running])DRV - [2003-10-15 07:28:16 | 00,010,240 | ---- | M] (Silicon Image, Inc.) -- C:\WINDOWS\system32\drivers\SiWinAcc.sys -- (SiWinAcc [boot | Running])DRV - [2005-10-25 17:25:16 | 00,015,744 | ---- | M] (Windows ? 2000 DDK provider) -- C:\Program Files\Ares\tcpip_patcher.sys -- (tcpip_patcher [On_Demand | Stopped])DRV - [2003-10-23 06:28:00 | 00,174,336 | ---- | M] (Marvell Semiconductor Inc.) -- C:\WINDOWS\System32\DRIVERS\yukonwxp.sys -- (yukonwxp [On_Demand | Running])========== Standard Registry (SafeList) ==================== Internet Explorer ==========IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhomeIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearchIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htmIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearchIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=homeIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htmIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htmIE - URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\S-1-5-21-1409082233-2077806209-1177238915-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htmIE - HKU\S-1-5-21-1409082233-2077806209-1177238915-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearchIE - HKU\S-1-5-21-1409082233-2077806209-1177238915-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/IE - URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)IE - HKU\S-1-5-21-1409082233-2077806209-1177238915-1003\S-1-5-21-1409082233-2077806209-1177238915-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0========== FireFox ==========FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}:6.0.01FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}:6.0.02FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.11FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009-01-04 21:36:43 | 00,000,000 | ---D | M]FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009-07-18 01:38:22 | 00,000,000 | ---D | M]FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009-06-13 12:25:54 | 00,000,000 | ---D | M][2009-04-12 18:32:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\tm\Dane aplikacji\mozilla\Extensions[2009-04-12 18:32:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\tm\Dane aplikacji\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}[2009-07-18 21:34:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\tm\Dane aplikacji\mozilla\Firefox\Profiles\stwaeb4m.default\extensions[2009-04-29 20:19:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\tm\Dane aplikacji\mozilla\Firefox\Profiles\stwaeb4m.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}[2009-04-29 20:19:57 | 00,001,196 | ---- | M] () -- C:\Documents and Settings\tm\Dane aplikacji\Mozilla\FireFox\Profiles\stwaeb4m.default\searchplugins\winamp-search.xml[2009-07-18 21:34:33 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions[2009-06-13 12:25:50 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}[2007-07-04 09:13:07 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}[2007-08-07 13:32:36 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}[2007-10-04 13:00:54 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}[2008-04-04 14:22:33 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}[2008-08-03 21:14:47 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}[2009-01-04 21:36:58 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}[2009-04-12 21:22:36 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}[2009-06-13 12:25:50 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll[2009-06-13 12:25:50 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll[2006-09-03 14:12:48 | 00,049,152 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\np32dsw.dll[2007-03-02 16:10:16 | 00,868,352 | ---- | M] (Ganymede Technologies) -- C:\Program Files\mozilla firefox\plugins\NPCARDS.dll[2009-04-12 21:22:20 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll[2009-04-01 17:12:28 | 00,120,296 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npganymedenet.dll[2007-04-30 01:11:44 | 00,458,752 | ---- | M] (Ganymede Technologies) -- C:\Program Files\mozilla firefox\plugins\NPMAHJONG.dll[2009-06-13 12:25:51 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll[2003-05-15 10:01:48 | 00,133,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll[2008-04-22 05:00:00 | 00,144,984 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll[2006-02-27 13:51:05 | 00,106,496 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll[2006-02-27 13:51:05 | 00,106,496 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll[2006-02-27 13:51:05 | 00,106,496 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll[2006-02-27 13:51:05 | 00,106,496 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll[2006-02-27 13:51:05 | 00,106,496 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll[2006-02-27 13:51:05 | 00,106,496 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll[2006-02-27 13:51:05 | 00,106,496 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll[2008-04-22 05:00:00 | 00,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll[2006-09-04 18:17:27 | 00,638,976 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NPSignPlugin.dll[2006-06-03 18:43:22 | 00,000,896 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml[2008-04-03 19:19:08 | 00,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml[2008-04-16 06:08:20 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml[2007-03-31 19:11:54 | 00,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml[2006-06-03 18:43:22 | 00,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml[2008-03-28 23:36:04 | 00,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml[2007-01-05 13:40:56 | 00,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xmlO1 HOSTS File: (742 bytes) - C:\WINDOWS\System32\drivers\etc\HostsO1 - Hosts: 127.0.0.1 localhostO2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)O3 - HKU\S-1-5-21-1409082233-2077806209-1177238915-1003\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)O4 - HKLM..\Run: [14232184] C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\14232184\14232184.exe ()O4 - HKLM..\Run: [avast!] D:\Program Files\Avast\avast\ashDisp.exe (ALWIL Software)O4 - HKLM..\Run: [KernelFaultCheck] File not foundO4 - HKLM..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe (Ahead Software Gmbh)O4 - HKLM..\Run: [nForce Tray Options] C:\WINDOWS\System32\sstray.exe (NVIDIA Corporation)O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)O4 - HKU\S-1-5-21-1409082233-2077806209-1177238915-1003..\Run: [ares] C:\Program Files\Ares\Ares.exe (Ares Development Group)O4 - HKU\S-1-5-21-1409082233-2077806209-1177238915-1003..\Run: [Gadu-Gadu] C:\Program Files\Gadu-Gadu\gg.exe (Gadu-Gadu S.A.)O4 - HKU\S-1-5-21-1409082233-2077806209-1177238915-1003..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)O4 - HKU\S-1-5-21-1409082233-2077806209-1177238915-1003..\Run: [tm] C:\Documents and Settings\tm\tm.exe (Txpeqyu Kjxnewjhgjr)O4 - HKLM..\RunOnce\Setup: [Registering ActiveScan 2.0 Components] C:\Program Files\Panda Security\ActiveScan 2.0\as2guiie.dll (Panda Security)O4 - HKLM..\RunOnce\Setup: [Registering ActiveScan 2.0 Components.] C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security)O4 - HKLM..\RunOnce\Setup: [Registering ActiveScan 2.0 Components..] C:\Program Files\Panda Security\ActiveScan 2.0\libcomm.dll (Panda Security, S.L.)O4 - HKLM..\RunOnce\Setup: [Registering ActiveScan 2.0 Components...] C:\Program Files\Panda Security\ActiveScan 2.0\as2inst.dll (Panda Security)O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Development Company, L.P.)O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\Autostart\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Development Company, L.P.)O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\Autostart\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)O4 - Startup: C:\Documents and Settings\tm\Menu Start\Programy\Autostart\Dropbox.lnk = D:\Program Files\Dropbox\Dropbox.exe ()O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O7 - HKU\S-1-5-21-1409082233-2077806209-1177238915-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html ()O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class)O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} http://www.mks.com.pl/skaner/SkanerOnline.cab (MksSkanerOnline Class)O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)O16 - DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2_05)O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab (Shockwave Flash Object)O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.3.250O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)O18 - Protocol\Handler\ipp - No CLSID value foundO18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)O18 - Protocol\Handler\msdaipp - No CLSID value foundO18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:HomeO31 - SafeBoot: AlternateShell - cmd.exeO32 - HKLM CDRom: AutoRun - 1O32 - AutoRun File - [2003-08-22 11:39:36 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]O33 - MountPoints2\{0ef54f52-325c-11de-a348-00112fd5fcd2}\Shell - "" = AutorunO34 - HKLM BootExecute: (autocheck) - File not foundO34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)O34 - HKLM BootExecute: (*) - File not found========== Files/Folders - Created Within 30 Days ==========[3 C:\WINDOWS\*.tmp files][2009-07-19 21:53:43 | 00,000,000 | ---D | C] -- C:\WINDOWS\CSC[2009-07-19 19:29:29 | 00,000,000 | ---D | C] -- C:\Program Files\Panda Security[2009-07-19 18:52:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\14232184[2009-07-17 23:34:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\tm\Pulpit\Ania[2009-06-30 21:25:03 | 00,000,622 | ---- | C] () -- C:\Documents and Settings\tm\Menu Start\Programy\Autostart\Dropbox.lnk[2009-06-30 21:22:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\tm\Dane aplikacji\Dropbox[2009-06-23 18:04:31 | 00,008,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidgame.sys[2009-06-23 18:04:31 | 00,008,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidgame.sys[2009-04-18 18:48:27 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini[2009-04-17 23:51:02 | 00,000,392 | ---- | C] () -- C:\WINDOWS\MCT.INI[2009-04-13 17:27:47 | 00,004,767 | ---- | C] () -- C:\WINDOWS\Irremote.ini[2009-04-12 21:17:45 | 00,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll[2009-04-12 20:38:26 | 00,000,427 | ---- | C] () -- C:\WINDOWS\ODBC.INI[2009-04-12 17:33:21 | 00,018,253 | ---- | C] () -- C:\WINDOWS\System32\ssnvfx.ini[2009-04-12 17:29:43 | 00,003,585 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini[2009-04-12 17:29:40 | 00,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS[2008-04-15 14:00:00 | 00,000,658 | ---- | C] () -- C:\WINDOWS\win.ini[2008-04-15 14:00:00 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini[2008-04-14 02:26:00 | 00,014,592 | ---- | C] () -- C:\WINDOWS\System32\drivers\ndisuio.sys[2006-01-04 11:12:04 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll[2001-07-07 03:00:02 | 00,003,234 | ---- | C] () -- C:\WINDOWS\System32\HPTCPMON.INI[1999-01-22 20:46:58 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL========== Files - Modified Within 30 Days ==========[3 C:\WINDOWS\System32\*.tmp files][3 C:\WINDOWS\*.tmp files][2009-07-19 21:53:41 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat[2009-07-19 21:52:56 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT[2009-07-19 21:52:50 | 03,729,930 | -H-- | M] () -- C:\Documents and Settings\tm\Ustawienia lokalne\Dane aplikacji\IconCache.db[2009-07-16 21:48:36 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK[2009-07-15 19:10:48 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl[2009-07-07 17:10:56 | 24,539,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe[2009-06-30 21:25:03 | 00,000,622 | ---- | M] () -- C:\Documents and Settings\tm\Menu Start\Programy\Autostart\Dropbox.lnk[2009-06-24 11:36:39 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini[2009-06-24 11:36:37 | 00,111,616 | ---- | M] () -- C:\Documents and Settings\tm\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini========== LOP Check ==========[2009-04-12 18:57:26 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji[2009-03-31 23:11:41 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Dane aplikacji[2005-04-15 22:14:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\AVG7[2004-09-16 10:15:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\CyberLink[2005-04-19 13:27:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Kazaa Lite[2005-07-25 22:24:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Macrovision[2005-03-26 00:38:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\MSN6[2007-02-16 20:14:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Trymedia[2008-03-18 01:08:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\UltiDev[2007-10-19 23:25:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ZoomBrowser[2009-07-19 18:52:07 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji[2009-07-19 18:52:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\14232184[2009-04-12 17:49:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\ESET[2009-04-13 18:08:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\LightScribe[2009-05-31 15:11:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\TEMP[2003-08-22 12:30:13 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Default User\Dane aplikacji[2009-04-12 18:57:26 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Default User.WINDOWS\Dane aplikacji[2005-04-15 22:14:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Dane aplikacji[2005-04-15 22:14:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Dane aplikacji\AVG7[2009-04-12 17:20:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService.ZARZĄDZANIE NT\Dane aplikacji[2003-08-22 11:43:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji[2009-04-12 17:19:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService.ZARZĄDZANIE NT\Dane aplikacji[2009-07-19 18:50:34 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\tm\Dane aplikacji[2009-05-17 19:02:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\tm\Dane aplikacji\Ahead[2009-05-17 19:12:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\tm\Dane aplikacji\Canneverbe_Limited[2009-07-19 21:09:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\tm\Dane aplikacji\Dropbox[2009-04-12 17:51:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\tm\Dane aplikacji\ESET[2009-04-12 17:37:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\tm\Dane aplikacji\Gadu-Gadu[2009-04-20 01:12:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\tm\Dane aplikacji\GanymedeNet[2008-04-15 14:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini[2009-07-19 21:52:56 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT========== Purity Check ==================== Alternate Data Streams ==========@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\TEMP:63DAEC83< End of report > OTL Extras logfile created on: 2009-07-19 21:56:46 - Run 1OTL by OldTimer - Version 3.0.9.2 Folder = D:\Program Files\OTLWindows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstationInternet Explorer (Version = 6.0.2900.5512)Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd1,50 Gb Total Physical Memory | 1,26 Gb Available Physical Memory | 84,31% Memory free2,11 Gb Paging File | 2,04 Gb Available in Paging File | 97,06% Paging File freePaging file location(s): C:\pagefile.sys 768 1536 [binary data]%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program FilesDrive C: | 19,53 Gb Total Space | 3,25 Gb Free Space | 16,63% Space Free | Partition Type: NTFSDrive D: | 129,51 Gb Total Space | 1,68 Gb Free Space | 1,30% Space Free | Partition Type: NTFSUnable to calculate disk information.F: Drive not present or media not loadedG: Drive not present or media not loadedH: Drive not present or media not loadedI: Drive not present or media not loadedComputer Name: TM-5028F8B48DEECurrent User Name: tmLogged in as Administrator.Current Boot Mode: SafeMode with NetworkingScan Mode: All usersCompany Name Whitelist: OnSkip Microsoft Files: OffFile Age = 30 DaysOutput = Standard========== Extra Registry (SafeList) ==================== File Associations ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>].html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)[HKEY_USERS\S-1-5-21-1409082233-2077806209-1177238915-1003\SOFTWARE\Classes\<extension>].html [@ = htmlfile] -- Reg Error: Key error. File not found========== Security Center Settings ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]"FirstRunDisabled" = 1"AntiVirusDisableNotify" = 0"FirewallDisableNotify" = 0"UpdatesDisableNotify" = 0"AntiVirusOverride" = 0"FirewallOverride" = 0[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]"EnableFirewall" = 1[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]"EnableFirewall" = 1[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]========== Authorized Applications List ==========[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Development Company, L.P.)"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Development Company, L.P.)"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Development Company, L.P.)"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Development Company, L.P.)"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Development Company, L.P.)"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe -- ()"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Development Company, L.P.)"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Development Company, L.P.)"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- (Hewlett-Packard)"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Development Company, L.P.)"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe -- (Hewlett-Packard Development Company, L.P.)"C:\Program Files\Gadu-Gadu\gg.exe" = C:\Program Files\Gadu-Gadu\gg.exe:*:Enabled:Gadu-Gadu - program główny -- (Gadu-Gadu S.A.)"C:\Program Files\Ares\Ares.exe" = C:\Program Files\Ares\Ares.exe:*:Enabled:Ares p2p for windows -- (Ares Development Group)"D:\1Tomek\inne\SopCast\adv\SopAdver.exe" = D:\1Tomek\inne\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver -- (www.sopcast.com)"D:\1Tomek\inne\SopCast\SopCast.exe" = D:\1Tomek\inne\SopCast\SopCast.exe:*:Enabled:SopCast Main Application -- (www.sopcast.com)"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Onet.pl - Skype -- (Skype Technologies S.A.)========== HKEY_LOCAL_MACHINE Uninstall List ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"{00000415-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium"{02627ee5-eaca-4742-a9cc-e687631773e4}" = Nero ShowTime"{086a7d8c-0a38-4c7f-819a-620275550d5c}" = Nero Burning ROM Help"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1"{1c00c7c5-e615-4139-b817-7f4003de68c0}" = Nero PhotoSnap Help"{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool"{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress"{26202940-e594-4ee0-96bf-adc67b4922df}" = Nero 9 Trial"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java 6 Update 13"{2D43FD89-B225-4334-B4AA-0983400BE61B}" = Windows Presentation Foundation Language Pack (PLK)"{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed"{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP"{359cfc0a-beb1-440d-95ba-cf63a86da34f}" = Nero Recode"{363790D2-DA98-41DD-9C9F-69FA36B169DE}" = PanoStandAlone"{368ba326-73ad-4351-84ed-3c0a7a52cc53}" = Nero Rescue Agent"{43e39830-1826-415d-8bae-86845787b54b}" = Nero Vision"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm"{491DD792-AD81-429C-9EB4-86DD3D22E333}" = Windows Communication Foundation"{495998C4-FC8A-4302-82E0-53DE4D7A8F56}" = Windows Communication Foundation Language Pack - PLK"{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml"{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress"{5A438E06-0BB3-4C5F-0085-B14F1F4077E6}" = FIFA 07"{5AF71003-1797-4D93-9F37-4F2125CBF539}" = Microsoft .NET Framework 2.0 Language Pack - PLK"{5d9be3c1-8ba4-4e7e-82fd-9f74fa6815d1}" = Nero Vision"{5e08ecd1-c98e-4711-bf65-8fd736b3f969}" = Nero RescueAgent Help"{60c731fb-c951-41ce-ad41-8e54c8594609}" = Nero Disc Copy Gadget Help"{62ac81f6-bdd3-4110-9d36-3e9eaab40999}" = Nero CoverDesigner"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox"{6994491D-D491-48F1-AE1F-E179C1FFFC2F}" = HP Photosmart Essential"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0"{7148F0A8-6813-11D6-A77B-00B0D0142050}" = Java 2 Runtime Environment, SE v1.4.2_05"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart"{77e33d87-255e-413e-9c8d-eed2a7f9bebf}" = Nero Live Help"{7829db6f-a066-4e40-8912-cb07887c20bb}" = Nero BurnRights"{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}" = Windows Workflow Foundation"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI"{83202942-84b3-4c50-8622-b8c0aa2d2885}" = Nero Express Help"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status"{85243696-5e58-4357-9cf8-3498c609941d}" = NeroLiveGadget Help"{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder"{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}" = DocProc"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload"{98a67610-a3b5-4098-a423-3708040026d3}" = "Nero SoundTrax Help"{996512CF-F35B-48DE-9291-557FA5316967}" = ScannerCopy"{9DE9E293-5D7B-4312-88C2-BDFAEC5310AE}" = Microsoft .NET Framework 3.0"{9e82b934-9a25-445b-b8df-8012808074ac}" = Nero PhotoSnap"{9e9fdde6-2c26-492a-85a0-05646b3f2795}" = NeroLiveGadget"{9FC8D8F8-AF3A-4488-98AF-51C6DEC732F2}" = c3100_Help"{a209525b-3377-43f4-b886-32f6b6e7356f}" = Nero WaveEditor"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder"{AC76BA86-7AD7-1038-7B44-CEA000000001}" = Adobe Reader 6.0.2 CE"{ad6bc5cc-2ef0-49c4-b33d-cdc8b2c4dc80}" = Nero Recode Help"{b1adf008-e898-4fe2-8a1f-690d9a06acaf}" = DolbyFiles"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center"{b78120a0-cf84-4366-a393-4d0a59bc546c}" = Menu Templates - Starter Kit"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation"{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}" = HP Software Update"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter"{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}" = HP Photosmart, Officejet and Deskjet 7.0.A"{c5a7cb6c-e76d-408f-ba0e-85605420fe9d}" = SoundTrax"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver"{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed"{ce96f5a5-584d-4f8f-aa3e-9baed413db72}" = Nero CoverDesigner Help"{d025a639-b9c9-417d-8531-208859000af8}" = NeroBurningROM"{d9dcf92e-72eb-412d-ac71-3b01276e5f8b}" = Nero ShowTime"{DB76863D-D4D9-4AB3-AFDC-26717BA1E11C}" = Windows Workflow Foundation PL Language Pack"{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp"{df6a95f5-adc1-406a-bdc6-2aa7cc0182aa}" = Nero Live"{E1B80DEE-A795-4258-8445-074C06AE3AB8}" = MarketResearch"{e498385e-1c51-459a-b45f-1721e37aa1a0}" = Movie Templates - Starter Kit"{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed"{e8631efb-6b9a-426c-b1ce-e7173ca26bf8}" = Nero WaveEditor Help"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer"{EB8C9964-09AC-48bf-8B98-027609C78251}" = C3100"{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC"{f1861f30-3419-44db-b2a1-c274825698b3}" = Nero Disc Copy Gadget"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA"{f6bdd7c5-89ed-4569-9318-469aa9732572}" = Nero BurnRights"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool"{FD593DE6-C3A0-4722-8E86-9DEEF0A93290}" = Microsoft .NET Framework 3.0 Polish Language Pack"123 DVD Clone_is1" = 123 DVD Clone"ActiveScan 2.0" = Panda ActiveScan 2.0"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin"avast!" = avast! Antivirus"Dropbox" = Dropbox"eMusic Promotion" = 50 FREE MP3s +1 Free Audiobook!"GameDesire-Pool & Snooker" = GameDesire-Pool & Snooker"HP Imaging Device Functions" = HP Imaging Device Functions 7.0"HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0"HPExtendedCapabilities" = HP Customer Participation Program 7.0"HPOCR" = OCR Software by I.R.I.S 7.0"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0"Microsoft .NET Framework 2.0 Language Pack - PLK" = Microsoft .NET Framework 2.0 ? pakiet języka polskiego"Microsoft .NET Framework 3.0" = Microsoft .NET Framework 3.0"Microsoft .NET Framework 3.0 Polish Language Pack" = Pakiet języka polskiego dla systemu Microsoft .NET Framework 3.0"Mozilla Firefox (3.0.11)" = Mozilla Firefox (3.0.11)"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP"Nero - Burning Rom!UninstallKey" = Ahead Nero Burning ROM"Nero8Lite_is1" = Nero 8 Lite"NVIDIA nForce Drivers" = NVIDIA nForce Drivers"SkanerOnline" = Skaner on-line mks_vir"SopCast" = SopCast 3.0.3"SystemSecurity2009" = SystemSecurity2009"Winamp" = Winamp"Winamp Toolbar" = Winamp Toolbar"Windows Media Format Runtime" = Windows Media Format 11 runtime"Windows Media Player" = Windows Media Player 11"WMFDist11" = Windows Media Format 11 runtime"wmp11" = Windows Media Player 11"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0========== Last 10 Event Log Errors ==========[ Application Events ]Error - 2009-06-28 04:32:02 | Computer Name = TM-5028F8B48DEE | Source = Application Error | ID = 1000Description = Aplikacja powodująca błąd ashdisp.exe, wersja 4.8.1335.0, moduł powodujący błąd , wersja 0.0.0.0, adres błędu 0x00000000.Error - 2009-06-28 11:31:49 | Computer Name = TM-5028F8B48DEE | Source = Application Error | ID = 1000Description = Aplikacja powodująca błąd ashdisp.exe, wersja 4.8.1335.0, moduł powodujący błąd unknown, wersja 0.0.0.0, adres błędu 0x7dd08042.Error - 2009-07-05 19:35:37 | Computer Name = TM-5028F8B48DEE | Source = MsiInstaller | ID = 11706Description = Produkt: Microsoft Office 2000 Premium -- Błąd 1706. Nie można znaleźć właściwego źródła dla produktu Microsoft Office 2000 Premium. Program Windows installer nie może kontynuować.Error - 2009-07-05 19:36:29 | Computer Name = TM-5028F8B48DEE | Source = MsiInstaller | ID = 11706Description = Produkt: Microsoft Office 2000 Premium -- Błąd 1706. Nie można znaleźć właściwego źródła dla produktu Microsoft Office 2000 Premium. Program Windows installer nie może kontynuować.Error - 2009-07-05 19:37:00 | Computer Name = TM-5028F8B48DEE | Source = MsiInstaller | ID = 11706Description = Produkt: Microsoft Office 2000 Premium -- Błąd 1706. Nie można znaleźć właściwego źródła dla produktu Microsoft Office 2000 Premium. Program Windows installer nie może kontynuować.Error - 2009-07-05 19:37:17 | Computer Name = TM-5028F8B48DEE | Source = MsiInstaller | ID = 11706Description = Produkt: Microsoft Office 2000 Premium -- Błąd 1706. Nie można znaleźć właściwego źródła dla produktu Microsoft Office 2000 Premium. Program Windows installer nie może kontynuować.Error - 2009-07-05 19:37:48 | Computer Name = TM-5028F8B48DEE | Source = MsiInstaller | ID = 11706Description = Produkt: Microsoft Office 2000 Premium -- Błąd 1706. Nie można znaleźć właściwego źródła dla produktu Microsoft Office 2000 Premium. Program Windows installer nie może kontynuować.Error - 2009-07-05 19:38:34 | Computer Name = TM-5028F8B48DEE | Source = MsiInstaller | ID = 11706Description = Produkt: Microsoft Office 2000 Premium -- Błąd 1706. Nie można znaleźć właściwego źródła dla produktu Microsoft Office 2000 Premium. Program Windows installer nie może kontynuować.Error - 2009-07-05 19:38:54 | Computer Name = TM-5028F8B48DEE | Source = MsiInstaller | ID = 11706Description = Produkt: Microsoft Office 2000 Premium -- Błąd 1706. Nie można znaleźć właściwego źródła dla produktu Microsoft Office 2000 Premium. Program Windows installer nie może kontynuować.Error - 2009-07-19 14:21:47 | Computer Name = TM-5028F8B48DEE | Source = EventSystem | ID = 4614Description = System zdarzeń modelu COM+ wykrył niespójność w stanie wewnętrznym. Potwierdzenie "GetLastError() == 122L" zwróciło błąd w wierszu 162 z d:\comxp_sp3\com\com1x\src\events\shared\sectools.cpp. Skontaktuj się z Pomocą techniczną firmy Microsoft i zgłoś ten błą[ System Events ]Error - 2009-07-19 13:49:32 | Computer Name = TM-5028F8B48DEE | Source = Service Control Manager | ID = 7009Description = Limit czasu (30000 milisekund) podczas oczekiwania na połączenie się z usługą Usługa COM nagrywania dysków CD IMAPI.Error - 2009-07-19 13:49:32 | Computer Name = TM-5028F8B48DEE | Source = Service Control Manager | ID = 7000Description = Nie można uruchomić usługi Usługa COM nagrywania dysków CD IMAPI z powodu następującego błędu: %%1053Error - 2009-07-19 13:49:32 | Computer Name = TM-5028F8B48DEE | Source = Service Control Manager | ID = 7034Description = Usługa Java Quick Starter niespodziewanie zakończyła pracę. Wystąpiło to razy: 1.Error - 2009-07-19 14:20:23 | Computer Name = TM-5028F8B48DEE | Source = Service Control Manager | ID = 7000Description = Nie można uruchomić usługi Protokół We/Wy trybu użytkownika NDIS z powodu następującego błędu: %%2001Error - 2009-07-19 14:20:23 | Computer Name = TM-5028F8B48DEE | Source = Service Control Manager | ID = 7001Description = Usługa Konfiguracja zerowej sieci bezprzewodowej zależy od usługi Protokół We/Wy trybu użytkownika NDIS, której nie można uruchomić z powodu następującego błędu: %%2001Error - 2009-07-19 14:20:23 | Computer Name = TM-5028F8B48DEE | Source = Service Control Manager | ID = 7009Description = Limit czasu (30000 milisekund) podczas oczekiwania na połączenie się z usługą LightScribeService Direct Disc Labeling Service.Error - 2009-07-19 14:20:23 | Computer Name = TM-5028F8B48DEE | Source = Service Control Manager | ID = 7009Description = Limit czasu (30000 milisekund) podczas oczekiwania na połączenie się z usługą Nero BackItUp Scheduler 4.0.Error - 2009-07-19 14:20:23 | Computer Name = TM-5028F8B48DEE | Source = Service Control Manager | ID = 7000Description = Nie można uruchomić usługi Nero BackItUp Scheduler 4.0 z powodu następującego błędu: %%1053Error - 2009-07-19 14:21:45 | Computer Name = TM-5028F8B48DEE | Source = Service Control Manager | ID = 7022Description = Usługa Java Quick Starter zawiesiła się podczas uruchamiania.Error - 2009-07-19 14:21:46 | Computer Name = TM-5028F8B48DEE | Source = Service Control Manager | ID = 7034Description = Usługa Java Quick Starter niespodziewanie zakończyła pracę. Wystąpiło to razy: 1.< End of report >
Gość komentarz 20 lipca 2009 komentarz 20 lipca 2009 Uruchom OTL i w oknie Custom Scans/Fixes wklej następujący skrypt: :OTLPRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)O4 - HKU\S-1-5-21-1409082233-2077806209-1177238915-1003..\Run: [tm] C:\Documents and Settings\tm\tm.exe (Txpeqyu Kjxnewjhgjr)O4 - HKLM..\Run: [14232184] C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\14232184\14232184.exe ()O33 - MountPoints2\{0ef54f52-325c-11de-a348-00112fd5fcd2}\Shell - "" = Autorun:FilesC:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\14232184 C:\Documents and Settings\tm\tm.exe:Commands[emptytemp][start explorer][Reboot] Klikasz w Run Fix i zatwierdzasz restart komputera. Po restarcie - pokazujesz log z czyszczenia. .
Gość komentarz 20 lipca 2009 komentarz 20 lipca 2009 Najprosztrze wyjaśnienie = OTL nie daje rady sobie z tymi trojanami. Daj log z ComboFixa. .
tttt2 komentarz 20 lipca 2009 Autor komentarz 20 lipca 2009 Użyłem ComboFixa Wygenerował się log i jednocześnie znikły wszystkie ikony (pasek narzędzi i ikony na pulpicie). Zrestartowałem i włączył się bez trojana. Pojawiały się 2 komunikaty: System odzyskał sprawność działania po poważnym błędzie … Narzędzie konfiguracji systemu. Narzędzie konfiguracji systemu zostało użyte do zmiany sposobu uruchamiania systemu Windows … (jak to ważne to mogę przepisać w całości) Log ComboFix 09-07-19.04 - tm 2009-07-20 16:49.1.1 - NTFSx86 NETWORKMicrosoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.1535.1285 [GMT 2:00]Uruchomiony z: d:\program files\Cbfx\ComboFix.exeAV: avast! antivirus 4.8.1335 [VPS 090719-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}.((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))).c:\documents and settings\All Users.WINDOWS\Dane aplikacji\14232184c:\documents and settings\All Users.WINDOWS\Dane aplikacji\14232184\14232184c:\documents and settings\All Users.WINDOWS\Dane aplikacji\14232184\14232184.exec:\documents and settings\tm\Dane aplikacji\wiaserva.logc:\documents and settings\tm\Menu Start\Programy\System Securityc:\documents and settings\tm\oashdihasidhasuidhiasdhiashdiuasdhasdc:\documents and settings\tm\tm.exeC:\wmpfirefoxplugin.exe.((((((((((((((((((((((((( Pliki utworzone od 2009-06-20 do 2009-07-20 ))))))))))))))))))))))))))))))).2009-07-20 14:07 . 2008-06-19 15:24 28544 ----a-w- c:\windows\system32\drivers\pavboot.sys2009-07-19 17:29 . 2009-07-19 17:29 -------- d-----w- c:\program files\Panda Security2009-06-30 19:22 . 2009-07-19 19:09 -------- d-----w- c:\documents and settings\tm\Dane aplikacji\Dropbox2009-06-23 16:04 . 2001-08-17 20:02 8576 -c--a-w- c:\windows\system32\dllcache\hidgame.sys2009-06-23 16:04 . 2001-08-17 20:02 8576 ----a-w- c:\windows\system32\drivers\hidgame.sys.(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))).2009-07-19 17:31 . 2006-01-16 19:41 -------- d-----w- c:\program files\SkanerOnline2009-07-13 01:31 . 2009-05-18 16:43 -------- d-----w- c:\documents and settings\tm\Dane aplikacji\Skype2009-06-16 14:40 . 2008-04-15 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll2009-06-16 14:40 . 2008-04-15 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll2009-06-03 19:11 . 2008-04-15 12:00 1294848 ----a-w- c:\windows\system32\quartz.dll2009-05-31 13:11 . 2009-05-17 17:09 -------- d---a-w- c:\documents and settings\All Users.WINDOWS\Dane aplikacji\TEMP2009-05-07 15:34 . 2008-04-15 12:00 347648 ----a-w- c:\windows\system32\localspl.dll2009-04-13 13:18 . 2009-04-13 13:17 2945816 ----a-w- c:\program files\dotnetfx3setup.exe2009-04-12 21:23 . 2009-04-12 21:25 1878888 ----a-w- c:\program files\install_flash_player.exe2009-03-03 21:47 . 2009-03-03 21:47 23335936 ----a-w- c:\program files\ess_trial_nt32_plk.msi2008-07-31 17:09 . 2008-07-31 17:06 25802312 ----a-w- c:\program files\wmp11-windowsxp-x86-PL-PL.exe2008-06-06 21:51 . 2008-06-06 21:48 21696576 ----a-w- c:\program files\AdbeRdr602_pol_full.exe2008-06-06 21:45 . 2008-06-06 21:44 9147357 ----a-w- c:\program files\AdobeReader305-PalmOS.exe2008-06-06 21:39 . 2008-06-06 21:36 21822168 ----a-w- c:\program files\AdbeRdr80_en_US.exe2008-04-26 22:44 . 2008-04-26 22:43 6416491 ----a-w- c:\program files\realalt179beta.exe2008-03-14 21:19 . 2008-03-14 21:19 31675392 ----a-w- c:\program files\odfplugin.msi2008-03-14 21:12 . 2008-03-14 21:12 232 ----a-w- c:\program files\setup.ini2008-03-01 12:59 . 2008-03-01 12:59 33466577 ----a-w- c:\program files\klmcodec159.exe2007-08-25 23:33 . 2007-08-25 23:18 13416432 -c--a-w- c:\program files\Google_Earth_BZXD.exe2006-09-27 09:59 . 2006-09-27 09:53 6678559 -c--a-w- c:\program files\QPrinter.exe2006-06-28 12:24 . 2006-06-28 12:13 10586880 -c--a-w- c:\program files\Onet-SkypeSetup.exe2006-02-21 18:10 . 2006-02-21 18:10 9408712 -c--a-w- c:\program files\Install_MSN_Messenger.EXE2005-11-05 22:57 . 2005-11-05 22:46 12190304 -c--a-w- c:\program files\winamp5111_full_nadabundle_emusic-7plus.exe2005-06-15 21:12 . 2005-06-15 21:09 2995368 -c--a-w- c:\program files\svgview.exe2002-03-11 09:06 . 2002-03-11 09:06 1822520 ----a-w- c:\program files\instmsiw.exe2002-03-11 08:45 . 2002-03-11 08:45 1708856 ----a-w- c:\program files\instmsia.exe1998-10-30 14:28 . 2005-03-26 23:51 51440 -c--a-w- c:\program files\readme.hlp2009-06-13 10:25 . 2008-08-26 22:22 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll.((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))..*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2009-02-19 1262888][HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}][HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1][HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}][HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch][HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]2009-04-01 08:14 1163264 ----a-w- d:\program files\Dropbox\DropboxExt.dll[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]2009-04-01 08:14 1163264 ----a-w- d:\program files\Dropbox\DropboxExt.dll[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]2009-04-01 08:14 1163264 ----a-w- d:\program files\Dropbox\DropboxExt.dll[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-15 15360]"Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2007-07-09 2119104]"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]"ares"="c:\program files\Ares\Ares.exe" [2007-05-04 961024][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-12 148888]"avast!"="d:\progra~1\Avast\avast\ashDisp.exe" [2009-02-05 81000]"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]"MSConfig"="c:\windows\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2008-04-15 171520]"nForce Tray Options"="sstray.exe" - c:\windows\system32\sstray.exe [2003-08-13 73728][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]c:\documents and settings\tm\Menu Start\Programy\Autostart\Dropbox.lnk - d:\program files\Dropbox\Dropbox.exe [2009-4-9 25598505]c:\documents and settings\All Users.WINDOWS\Menu Start\Programy\Autostart\HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]"avast! Web Scanner"=3 (0x3)"avast! Mail Scanner"=3 (0x3)"avast! Antivirus"=2 (0x2)"aswUpdSv"=2 (0x2)[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\system32\\sessmgr.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"="c:\\Program Files\\Gadu-Gadu\\gg.exe"="c:\\Program Files\\Ares\\Ares.exe"="d:\\1Tomek\\inne\\SopCast\\adv\\SopAdver.exe"="d:\\1Tomek\\inne\\SopCast\\SopCast.exe"="c:\\Program Files\\Skype\\Phone\\Skype.exe"=R0 si3112r;Silicon Image SiI 3112 SATARaid Controller;c:\windows\system32\drivers\si3112r.sys [2009-04-12 97408]R0 SiWinAcc;SiWinAcc;c:\windows\system32\drivers\SiWinAcc.sys [2009-04-12 10240]S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-07-20 28544]S1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-05-13 114768]S2 amd64si;amd64si;\??\c:\windows\system32\drivers\amd64si.sys --> c:\windows\system32\drivers\amd64si.sys [?]S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-05-13 20560]S3 tcpip_patcher;tcpip_patcher;c:\program files\Ares\tcpip_patcher.sys [2005-10-25 15744][HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]"c:\program files\Common Files\LightScribe\LSRunOnce.exe".- - - - USUNIĘTO PUSTE WPISY - - - -HKLM-Run-14232184 - c:\documents and settings\All Users.WINDOWS\Dane aplikacji\14232184\14232184.exe.------- Skan uzupełniający -------.uStart Page = hxxp://www.google.pl/IE: &Winamp Search - c:\documents and settings\All Users.WINDOWS\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.htmlFF - ProfilePath - c:\documents and settings\tm\Dane aplikacji\Mozilla\Firefox\Profiles\stwaeb4m.default\FF - plugin: c:\program files\Mozilla Firefox\plugins\NPCARDS.dllFF - plugin: c:\program files\Mozilla Firefox\plugins\npganymedenet.dllFF - plugin: c:\program files\Mozilla Firefox\plugins\NPMAHJONG.dllFF - plugin: c:\program files\Mozilla Firefox\plugins\NPSignPlugin.dll.**************************************************************************catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2009-07-20 16:54Windows 5.1.2600 Dodatek Service Pack 3 NTFSskanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończoneukryte pliki: 0**************************************************************************.Czas ukończenia: 2009-07-20 16:55ComboFix-quarantined-files.txt 2009-07-20 14:55ComboFix2.txt 2009-03-31 21:23Przed: 3 432 882 176 bajtów wolnychPo: 6 189 699 072 bajtów wolnych162 --- E O F --- 2009-07-16 19:48
MarekM25 komentarz 20 lipca 2009 komentarz 20 lipca 2009 Otl nie pokazywało tego: System Security, czyli głównej przyczyny problemów Log z combofixa wygląda dobrze.
Gość komentarz 20 lipca 2009 komentarz 20 lipca 2009 1. Start>>>Uruchom>>>cmd>>>Wklep to: SC DELETE amd64si ENTER. 2. Posprzątaj po ComboFixie i różnych narzędziach >>> OTCleanIt. 3. Użyj programu Malwarebytes. Wciskamy Skanuj, wybieramy dyski do skanowania i Rozpoczynamy skanowanie, na końcu wciskamy Usuń zaznaczone jak będą i Ok. Wrzuć wygenerowany raport po usuwaniu MBAMem. .
tttt2 komentarz 21 lipca 2009 Autor komentarz 21 lipca 2009 Malwarebytes' Anti-Malware 1.39Wersja bazy definicji: 2468Windows 5.1.2600 Dodatek Service Pack 32009-07-21 08:52:24mbam-log-2009-07-21 (08-52-24).txtTyp skanowania: Pełne skanowanie (A:\|C:\|D:\|E:\|)Przeskanowane obiekty: 260094Upłynęło: 2 hour(s), 17 minute(s), 14 second(s)Zainfekowane procesy w pamięci: 0Zainfekowane moduły pamięci: 0Zainfekowane klucze rejestru: 1Zainfekowane wartości rejestru: 1Zainfekowane pliki rejestru: 0Zainfekowane foldery: 0Zainfekowane pliki: 2Zainfekowane procesy w pamięci:(Nie wykryto groźnych plików)Zainfekowane moduły pamięci:(Nie wykryto groźnych plików)Zainfekowane klucze rejestru:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SystemSecurity2009 (Rogue.SystemSecurity) -> Quarantined and deleted successfully.Zainfekowane wartości rejestru:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\14232184 (Rogue.Multiple) -> Quarantined and deleted successfully.Zainfekowane pliki rejestru:(Nie wykryto groźnych plików)Zainfekowane foldery:(Nie wykryto groźnych plików)Zainfekowane pliki:c:\system volume information\_restore{7e432313-672e-4d29-a5fd-92647a773d2c}\RP67\A0021900.exe (Trojan.Agent) -> Quarantined and deleted successfully.d:\1Tomek\inne\SopCast\sopcast-3.0.3-2008-4-30\sopcast-3.0.3-2008-4-30\Setup-SopCast-3.0.3-2008-4-30.exe (Rogue.Installer) -> Quarantined and deleted successfully.
MarekM25 komentarz 21 lipca 2009 komentarz 21 lipca 2009 Jest ok Jeszcze wyłącz i włącz przywracanie systemu. (Mój komputer->PPM->Właściwości->Przywracanie Systemu->Zaznaczasz Wyłącz przywracanie systemu na wszystkich dyskach i potem jak chcesz to możesz włączyć)
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.